embedaddon/sudo/plugins/sudoers/policy.c - diff

Return to policy.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers

Diff for /embedaddon/sudo/plugins/sudoers/policy.c between versions 1.1.1.1 and 1.1.1.3

version 1.1.1.1, 2013/07/22 10:46:12	version 1.1.1.3, 2014/06/15 16:12:54
Line 87 sudoers_policy_deserialize_info(void v, char *runas_	Line 87 sudoers_policy_deserialize_info(void v, char *runas_
{	{
struct sudoers_policy_open_info *info = v;	struct sudoers_policy_open_info *info = v;
char * const *cur;	char * const *cur;
const char p, groups = NULL;	const char p, errstr, *groups = NULL;
const char *debug_flags = NULL;	const char *debug_flags = NULL;
	const char *remhost = NULL;
int flags = 0;	int flags = 0;
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN)	debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN)

Line 102 sudoers_policy_deserialize_info(void v, char *runas_	Line 103 sudoers_policy_deserialize_info(void v, char *runas_
continue;	continue;
}	}
if (MATCHES(*cur, "sudoers_uid=")) {	if (MATCHES(*cur, "sudoers_uid=")) {
sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1);	p = *cur + sizeof("sudoers_uid=") - 1;
	sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "sudoers_gid=")) {	if (MATCHES(*cur, "sudoers_gid=")) {
sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1);	p = *cur + sizeof("sudoers_gid=") - 1;
	sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "sudoers_mode=")) {	if (MATCHES(*cur, "sudoers_mode=")) {
sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1,	p = *cur + sizeof("sudoers_mode=") - 1;
NULL, 8);	sudoers_mode = atomode(p, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "ldap_conf=")) {	if (MATCHES(*cur, "ldap_conf=")) {
Line 127 sudoers_policy_deserialize_info(void v, char *runas_	Line 136 sudoers_policy_deserialize_info(void v, char *runas_

/* Parse command line settings. */	/* Parse command line settings. */
user_closefrom = -1;	user_closefrom = -1;
sudo_user.max_groups = -1;
for (cur = info->settings; *cur != NULL; cur++) {	for (cur = info->settings; *cur != NULL; cur++) {
if (MATCHES(*cur, "closefrom=")) {	if (MATCHES(*cur, "closefrom=")) {
user_closefrom = atoi(*cur + sizeof("closefrom=") - 1);	errno = 0;
	p = *cur + sizeof("closefrom=") - 1;
	user_closefrom = strtonum(p, 4, INT_MAX, &errstr);
	if (user_closefrom == 0)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "debug_flags=")) {	if (MATCHES(*cur, "debug_flags=")) {
Line 230 sudoers_policy_deserialize_info(void v, char *runas_	Line 242 sudoers_policy_deserialize_info(void v, char *runas_
continue;	continue;
}	}
#endif /* HAVE_BSD_AUTH_H */	#endif /* HAVE_BSD_AUTH_H */
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
if (MATCHES(*cur, "progname=")) {	if (MATCHES(*cur, "progname=")) {
setprogname(*cur + sizeof("progname=") - 1);	initprogname(*cur + sizeof("progname=") - 1);
continue;	continue;
}	}
#endif
if (MATCHES(*cur, "network_addrs=")) {	if (MATCHES(*cur, "network_addrs=")) {
interfaces_string = *cur + sizeof("network_addrs=") - 1;	interfaces_string = *cur + sizeof("network_addrs=") - 1;
set_interfaces(interfaces_string);	set_interfaces(interfaces_string);
continue;	continue;
}	}
if (MATCHES(*cur, "max_groups=")) {	if (MATCHES(*cur, "max_groups=")) {
sudo_user.max_groups = atoi(*cur + sizeof("max_groups=") - 1);	errno = 0;
	p = *cur + sizeof("max_groups=") - 1;
	sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr);
	if (sudo_user.max_groups == 0)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
	if (MATCHES(*cur, "remote_host=")) {
	remhost = *cur + sizeof("remote_host=") - 1;
	continue;
	}
}	}

for (cur = info->user_info; *cur != NULL; cur++) {	for (cur = info->user_info; *cur != NULL; cur++) {
Line 253 sudoers_policy_deserialize_info(void v, char *runas_	Line 271 sudoers_policy_deserialize_info(void v, char *runas_
continue;	continue;
}	}
if (MATCHES(*cur, "uid=")) {	if (MATCHES(*cur, "uid=")) {
user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1);	p = *cur + sizeof("uid=") - 1;
	user_uid = (uid_t) atoid(p, NULL, NULL, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "gid=")) {	if (MATCHES(*cur, "gid=")) {
p = *cur + sizeof("gid=") - 1;	p = *cur + sizeof("gid=") - 1;
user_gid = (gid_t) atoi(p);	user_gid = (gid_t) atoid(p, NULL, NULL, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "groups=")) {	if (MATCHES(*cur, "groups=")) {
Line 282 sudoers_policy_deserialize_info(void v, char *runas_	Line 305 sudoers_policy_deserialize_info(void v, char *runas_
continue;	continue;
}	}
if (MATCHES(*cur, "lines=")) {	if (MATCHES(*cur, "lines=")) {
sudo_user.lines = atoi(*cur + sizeof("lines=") - 1);	errno = 0;
	p = *cur + sizeof("lines=") - 1;
	sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr);
	if (sudo_user.lines == 0)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "cols=")) {	if (MATCHES(*cur, "cols=")) {
sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);	errno = 0;
	p = *cur + sizeof("cols=") - 1;
	sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr);
	if (sudo_user.lines == 0)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
if (MATCHES(*cur, "sid=")) {	if (MATCHES(*cur, "sid=")) {
sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);	p = *cur + sizeof("sid=") - 1;
	sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr);
	if (errstr != NULL)
	fatalx(U_("%s: %s"), *cur, U_(errstr));
continue;	continue;
}	}
}	}
	user_runhost = user_srunhost = estrdup(remhost ? remhost : user_host);
	if ((p = strchr(user_runhost, '.')))
	user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost));
if (user_cwd == NULL)	if (user_cwd == NULL)
user_cwd = "unknown";	user_cwd = estrdup("unknown");
if (user_tty == NULL)	if (user_tty == NULL)
user_tty = "unknown"; /* user_ttypath remains NULL */	user_tty = estrdup("unknown"); /* user_ttypath remains NULL */

if (groups != NULL && groups[0] != '\0') {	if (groups != NULL && groups[0] != '\0') {
const char *cp;	/* parse_gid_list() will call fatalx() on error. */
GETGROUPS_T *gids;	user_ngids = parse_gid_list(groups, &user_gid, &user_gids);
int ngids;

/* Count number of groups, including passwd gid. */
ngids = 2;
for (cp = groups; *cp != '\0'; cp++) {
if (*cp == ',')
ngids++;
}

/* The first gid in the list is the passwd group gid. */
gids = emalloc2(ngids, sizeof(GETGROUPS_T));
gids[0] = user_gid;
ngids = 1;
cp = groups;
for (;;) {
gids[ngids] = atoi(cp);
if (gids[0] != gids[ngids])
ngids++;
cp = strchr(cp, ',');
if (cp == NULL)
break;
cp++; /* skip over comma */
}
user_gids = gids;
user_ngids = ngids;
}	}

/* Stash initial umask for later use. */	/* Stash initial umask for later use. */
Line 426 sudoers_policy_exec_setup(char argv[], char envp[],	Line 438 sudoers_policy_exec_setup(char argv[], char envp[],
egid = runas_gr ? (unsigned int)runas_gr->gr_gid :	egid = runas_gr ? (unsigned int)runas_gr->gr_gid :
(unsigned int)runas_pw->pw_gid;	(unsigned int)runas_pw->pw_gid;
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid);	len = snprintf(cp, glsize - (cp - gid_list), "%u", egid);
if (len < 0 \|\| len >= glsize - (cp - gid_list))	if (len < 0 \|\| (size_t)len >= glsize - (cp - gid_list))
fatalx(_("internal error, %s overflow"), "runas_groups");	fatalx(U_("internal error, %s overflow"), "runas_groups");
cp += len;	cp += len;
for (i = 0; i < grlist->ngids; i++) {	for (i = 0; i < grlist->ngids; i++) {
if (grlist->gids[i] != egid) {	if (grlist->gids[i] != egid) {
len = snprintf(cp, glsize - (cp - gid_list), ",%u",	len = snprintf(cp, glsize - (cp - gid_list), ",%u",
(unsigned int) grlist->gids[i]);	(unsigned int) grlist->gids[i]);
if (len < 0 \|\| len >= glsize - (cp - gid_list))	if (len < 0 \|\| (size_t)len >= glsize - (cp - gid_list))
fatalx(_("internal error, %s overflow"), "runas_groups");	fatalx(U_("internal error, %s overflow"), "runas_groups");
cp += len;	cp += len;
}	}
}	}
Line 524 sudoers_policy_close(int exit_status, int error_code)	Line 536 sudoers_policy_close(int exit_status, int error_code)
/* We do not currently log the exit status. */	/* We do not currently log the exit status. */
if (error_code) {	if (error_code) {
errno = error_code;	errno = error_code;
warning(_("unable to execute %s"), safe_cmnd);	warning(U_("unable to execute %s"), safe_cmnd);
}	}

/* Close the session we opened in sudoers_policy_init_session(). */	/* Close the session we opened in sudoers_policy_init_session(). */
Line 642 sudoers_policy_list(int argc, char * const argv[], int	Line 654 sudoers_policy_list(int argc, char * const argv[], int
if (list_user) {	if (list_user) {
list_pw = sudo_getpwnam(list_user);	list_pw = sudo_getpwnam(list_user);
if (list_pw == NULL) {	if (list_pw == NULL) {
warningx(_("unknown user: %s"), list_user);	warningx(U_("unknown user: %s"), list_user);
debug_return_bool(-1);	debug_return_bool(-1);
}	}
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.3