version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 96 sudo_file_close(struct sudo_nss *nss)
|
Line 96 sudo_file_close(struct sudo_nss *nss)
|
debug_decl(sudo_file_close, SUDO_DEBUG_NSS) |
debug_decl(sudo_file_close, SUDO_DEBUG_NSS) |
|
|
/* Free parser data structures and close sudoers file. */ |
/* Free parser data structures and close sudoers file. */ |
init_parser(NULL, 0); | init_parser(NULL, false); |
if (nss->handle != NULL) { |
if (nss->handle != NULL) { |
fclose(nss->handle); |
fclose(nss->handle); |
nss->handle = NULL; |
nss->handle = NULL; |
Line 116 sudo_file_parse(struct sudo_nss *nss)
|
Line 116 sudo_file_parse(struct sudo_nss *nss)
|
if (nss->handle == NULL) |
if (nss->handle == NULL) |
debug_return_int(-1); |
debug_return_int(-1); |
|
|
init_parser(sudoers_file, 0); | init_parser(sudoers_file, false); |
yyin = nss->handle; |
yyin = nss->handle; |
if (yyparse() != 0 || parse_error) { |
if (yyparse() != 0 || parse_error) { |
if (errorlineno != -1) { |
if (errorlineno != -1) { |
Line 158 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
Line 158 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
struct cmndtag *tags = NULL; |
struct cmndtag *tags = NULL; |
struct privilege *priv; |
struct privilege *priv; |
struct userspec *us; |
struct userspec *us; |
|
struct member *matching_user; |
debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS) |
debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS) |
|
|
if (nss->handle == NULL) |
if (nss->handle == NULL) |
Line 225 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
Line 226 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
else |
else |
continue; |
continue; |
tq_foreach_rev(&priv->cmndlist, cs) { |
tq_foreach_rev(&priv->cmndlist, cs) { |
|
matching_user = NULL; |
runas_match = runaslist_matches(&cs->runasuserlist, |
runas_match = runaslist_matches(&cs->runasuserlist, |
&cs->runasgrouplist); | &cs->runasgrouplist, &matching_user, NULL); |
if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
if (cmnd_match != UNSPEC) { |
if (cmnd_match != UNSPEC) { |
Line 239 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
Line 241 sudo_file_lookup(struct sudo_nss *nss, int validated,
|
if (user_type == NULL) |
if (user_type == NULL) |
user_type = cs->type ? estrdup(cs->type) : def_type; |
user_type = cs->type ? estrdup(cs->type) : def_type; |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
|
#ifdef HAVE_PRIV_SET |
|
/* Set Solaris privilege sets */ |
|
if (runas_privs == NULL) |
|
runas_privs = cs->privs ? estrdup(cs->privs) : def_privs; |
|
if (runas_limitprivs == NULL) |
|
runas_limitprivs = cs->limitprivs ? estrdup(cs->limitprivs) : def_limitprivs; |
|
#endif /* HAVE_PRIV_SET */ |
|
/* |
|
* If user is running command as himself, |
|
* set runas_pw = sudo_user.pw. |
|
* XXX - hack, want more general solution |
|
*/ |
|
if (matching_user && matching_user->type == MYSELF) { |
|
sudo_pw_delref(runas_pw); |
|
sudo_pw_addref(sudo_user.pw); |
|
runas_pw = sudo_user.pw; |
|
} |
goto matched2; |
goto matched2; |
} |
} |
} |
} |
Line 281 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
|
Line 300 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
|
struct member *m; |
struct member *m; |
debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) |
debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) |
|
|
|
#ifdef HAVE_PRIV_SET |
|
if (cs->privs) |
|
lbuf_append(lbuf, "PRIVS=\"%s\" ", cs->privs); |
|
if (cs->limitprivs) |
|
lbuf_append(lbuf, "LIMITPRIVS=\"%s\" ", cs->limitprivs); |
|
#endif /* HAVE_PRIV_SET */ |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
if (cs->role) |
if (cs->role) |
lbuf_append(lbuf, "ROLE=%s ", cs->role); |
lbuf_append(lbuf, "ROLE=%s ", cs->role); |
Line 600 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
|
Line 625 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
|
continue; |
continue; |
tq_foreach_rev(&priv->cmndlist, cs) { |
tq_foreach_rev(&priv->cmndlist, cs) { |
runas_match = runaslist_matches(&cs->runasuserlist, |
runas_match = runaslist_matches(&cs->runasuserlist, |
&cs->runasgrouplist); | &cs->runasgrouplist, NULL, NULL); |
if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
if (cmnd_match != UNSPEC) { |
if (cmnd_match != UNSPEC) { |
Line 636 _print_member(struct lbuf *lbuf, char *name, int type,
|
Line 661 _print_member(struct lbuf *lbuf, char *name, int type,
|
switch (type) { |
switch (type) { |
case ALL: |
case ALL: |
lbuf_append(lbuf, "%sALL", negated ? "!" : ""); |
lbuf_append(lbuf, "%sALL", negated ? "!" : ""); |
|
break; |
|
case MYSELF: |
|
lbuf_append(lbuf, "%s%s", negated ? "!" : "", user_name); |
break; |
break; |
case COMMAND: |
case COMMAND: |
c = (struct sudo_command *) name; |
c = (struct sudo_command *) name; |