version 1.1, 2013/07/22 00:51:38
|
version 1.1.1.3, 2014/06/15 16:12:54
|
Line 87 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 87 sudoers_policy_deserialize_info(void *v, char **runas_
|
{ |
{ |
struct sudoers_policy_open_info *info = v; |
struct sudoers_policy_open_info *info = v; |
char * const *cur; |
char * const *cur; |
const char *p, *groups = NULL; | const char *p, *errstr, *groups = NULL; |
const char *debug_flags = NULL; |
const char *debug_flags = NULL; |
|
const char *remhost = NULL; |
int flags = 0; |
int flags = 0; |
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) |
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) |
|
|
Line 102 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 103 sudoers_policy_deserialize_info(void *v, char **runas_
|
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sudoers_uid=")) { |
if (MATCHES(*cur, "sudoers_uid=")) { |
sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1); | p = *cur + sizeof("sudoers_uid=") - 1; |
| sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sudoers_gid=")) { |
if (MATCHES(*cur, "sudoers_gid=")) { |
sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1); | p = *cur + sizeof("sudoers_gid=") - 1; |
| sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sudoers_mode=")) { |
if (MATCHES(*cur, "sudoers_mode=")) { |
sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1, | p = *cur + sizeof("sudoers_mode=") - 1; |
NULL, 8); | sudoers_mode = atomode(p, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "ldap_conf=")) { |
if (MATCHES(*cur, "ldap_conf=")) { |
Line 127 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 136 sudoers_policy_deserialize_info(void *v, char **runas_
|
|
|
/* Parse command line settings. */ |
/* Parse command line settings. */ |
user_closefrom = -1; |
user_closefrom = -1; |
sudo_user.max_groups = -1; |
|
for (cur = info->settings; *cur != NULL; cur++) { |
for (cur = info->settings; *cur != NULL; cur++) { |
if (MATCHES(*cur, "closefrom=")) { |
if (MATCHES(*cur, "closefrom=")) { |
user_closefrom = atoi(*cur + sizeof("closefrom=") - 1); | errno = 0; |
| p = *cur + sizeof("closefrom=") - 1; |
| user_closefrom = strtonum(p, 4, INT_MAX, &errstr); |
| if (user_closefrom == 0) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "debug_flags=")) { |
if (MATCHES(*cur, "debug_flags=")) { |
Line 230 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 242 sudoers_policy_deserialize_info(void *v, char **runas_
|
continue; |
continue; |
} |
} |
#endif /* HAVE_BSD_AUTH_H */ |
#endif /* HAVE_BSD_AUTH_H */ |
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) |
|
if (MATCHES(*cur, "progname=")) { |
if (MATCHES(*cur, "progname=")) { |
setprogname(*cur + sizeof("progname=") - 1); | initprogname(*cur + sizeof("progname=") - 1); |
continue; |
continue; |
} |
} |
#endif |
|
if (MATCHES(*cur, "network_addrs=")) { |
if (MATCHES(*cur, "network_addrs=")) { |
interfaces_string = *cur + sizeof("network_addrs=") - 1; |
interfaces_string = *cur + sizeof("network_addrs=") - 1; |
set_interfaces(interfaces_string); |
set_interfaces(interfaces_string); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "max_groups=")) { |
if (MATCHES(*cur, "max_groups=")) { |
sudo_user.max_groups = atoi(*cur + sizeof("max_groups=") - 1); | errno = 0; |
| p = *cur + sizeof("max_groups=") - 1; |
| sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr); |
| if (sudo_user.max_groups == 0) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
|
if (MATCHES(*cur, "remote_host=")) { |
|
remhost = *cur + sizeof("remote_host=") - 1; |
|
continue; |
|
} |
} |
} |
|
|
for (cur = info->user_info; *cur != NULL; cur++) { |
for (cur = info->user_info; *cur != NULL; cur++) { |
Line 253 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 271 sudoers_policy_deserialize_info(void *v, char **runas_
|
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "uid=")) { |
if (MATCHES(*cur, "uid=")) { |
user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1); | p = *cur + sizeof("uid=") - 1; |
| user_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "gid=")) { |
if (MATCHES(*cur, "gid=")) { |
p = *cur + sizeof("gid=") - 1; |
p = *cur + sizeof("gid=") - 1; |
user_gid = (gid_t) atoi(p); | user_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "groups=")) { |
if (MATCHES(*cur, "groups=")) { |
Line 282 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 305 sudoers_policy_deserialize_info(void *v, char **runas_
|
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "lines=")) { |
if (MATCHES(*cur, "lines=")) { |
sudo_user.lines = atoi(*cur + sizeof("lines=") - 1); | errno = 0; |
| p = *cur + sizeof("lines=") - 1; |
| sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr); |
| if (sudo_user.lines == 0) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "cols=")) { |
if (MATCHES(*cur, "cols=")) { |
sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); | errno = 0; |
| p = *cur + sizeof("cols=") - 1; |
| sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr); |
| if (sudo_user.lines == 0) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sid=")) { |
if (MATCHES(*cur, "sid=")) { |
sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); | p = *cur + sizeof("sid=") - 1; |
| sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
} |
} |
|
user_runhost = user_srunhost = estrdup(remhost ? remhost : user_host); |
|
if ((p = strchr(user_runhost, '.'))) |
|
user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost)); |
if (user_cwd == NULL) |
if (user_cwd == NULL) |
user_cwd = "unknown"; | user_cwd = estrdup("unknown"); |
if (user_tty == NULL) |
if (user_tty == NULL) |
user_tty = "unknown"; /* user_ttypath remains NULL */ | user_tty = estrdup("unknown"); /* user_ttypath remains NULL */ |
|
|
if (groups != NULL && groups[0] != '\0') { |
if (groups != NULL && groups[0] != '\0') { |
const char *cp; | /* parse_gid_list() will call fatalx() on error. */ |
GETGROUPS_T *gids; | user_ngids = parse_gid_list(groups, &user_gid, &user_gids); |
int ngids; | |
| |
/* Count number of groups, including passwd gid. */ | |
ngids = 2; | |
for (cp = groups; *cp != '\0'; cp++) { | |
if (*cp == ',') | |
ngids++; | |
} | |
| |
/* The first gid in the list is the passwd group gid. */ | |
gids = emalloc2(ngids, sizeof(GETGROUPS_T)); | |
gids[0] = user_gid; | |
ngids = 1; | |
cp = groups; | |
for (;;) { | |
gids[ngids] = atoi(cp); | |
if (gids[0] != gids[ngids]) | |
ngids++; | |
cp = strchr(cp, ','); | |
if (cp == NULL) | |
break; | |
cp++; /* skip over comma */ | |
} | |
user_gids = gids; | |
user_ngids = ngids; | |
} |
} |
|
|
/* Stash initial umask for later use. */ |
/* Stash initial umask for later use. */ |
Line 426 sudoers_policy_exec_setup(char *argv[], char *envp[],
|
Line 438 sudoers_policy_exec_setup(char *argv[], char *envp[],
|
egid = runas_gr ? (unsigned int)runas_gr->gr_gid : |
egid = runas_gr ? (unsigned int)runas_gr->gr_gid : |
(unsigned int)runas_pw->pw_gid; |
(unsigned int)runas_pw->pw_gid; |
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); |
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); |
if (len < 0 || len >= glsize - (cp - gid_list)) | if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) |
fatalx(_("internal error, %s overflow"), "runas_groups"); | fatalx(U_("internal error, %s overflow"), "runas_groups"); |
cp += len; |
cp += len; |
for (i = 0; i < grlist->ngids; i++) { |
for (i = 0; i < grlist->ngids; i++) { |
if (grlist->gids[i] != egid) { |
if (grlist->gids[i] != egid) { |
len = snprintf(cp, glsize - (cp - gid_list), ",%u", |
len = snprintf(cp, glsize - (cp - gid_list), ",%u", |
(unsigned int) grlist->gids[i]); |
(unsigned int) grlist->gids[i]); |
if (len < 0 || len >= glsize - (cp - gid_list)) | if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) |
fatalx(_("internal error, %s overflow"), "runas_groups"); | fatalx(U_("internal error, %s overflow"), "runas_groups"); |
cp += len; |
cp += len; |
} |
} |
} |
} |
Line 524 sudoers_policy_close(int exit_status, int error_code)
|
Line 536 sudoers_policy_close(int exit_status, int error_code)
|
/* We do not currently log the exit status. */ |
/* We do not currently log the exit status. */ |
if (error_code) { |
if (error_code) { |
errno = error_code; |
errno = error_code; |
warning(_("unable to execute %s"), safe_cmnd); | warning(U_("unable to execute %s"), safe_cmnd); |
} |
} |
|
|
/* Close the session we opened in sudoers_policy_init_session(). */ |
/* Close the session we opened in sudoers_policy_init_session(). */ |
Line 642 sudoers_policy_list(int argc, char * const argv[], int
|
Line 654 sudoers_policy_list(int argc, char * const argv[], int
|
if (list_user) { |
if (list_user) { |
list_pw = sudo_getpwnam(list_user); |
list_pw = sudo_getpwnam(list_user); |
if (list_pw == NULL) { |
if (list_pw == NULL) { |
warningx(_("unknown user: %s"), list_user); | warningx(U_("unknown user: %s"), list_user); |
debug_return_bool(-1); |
debug_return_bool(-1); |
} |
} |
} |
} |