version 1.1.1.2, 2013/10/14 07:56:35
|
version 1.1.1.3, 2014/06/15 16:12:54
|
Line 91 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 91 sudoers_policy_deserialize_info(void *v, char **runas_
|
const char *debug_flags = NULL; |
const char *debug_flags = NULL; |
const char *remhost = NULL; |
const char *remhost = NULL; |
int flags = 0; |
int flags = 0; |
long lval; |
|
char *ep; |
|
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) |
debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) |
|
|
#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) |
#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) |
Line 108 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 106 sudoers_policy_deserialize_info(void *v, char **runas_
|
p = *cur + sizeof("sudoers_uid=") - 1; |
p = *cur + sizeof("sudoers_uid=") - 1; |
sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
sudoers_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
if (errstr != NULL) |
if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _(errstr)); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sudoers_gid=")) { |
if (MATCHES(*cur, "sudoers_gid=")) { |
p = *cur + sizeof("sudoers_gid=") - 1; |
p = *cur + sizeof("sudoers_gid=") - 1; |
sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
sudoers_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
if (errstr != NULL) |
if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _(errstr)); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sudoers_mode=")) { |
if (MATCHES(*cur, "sudoers_mode=")) { |
errno = 0; |
|
p = *cur + sizeof("sudoers_mode=") - 1; |
p = *cur + sizeof("sudoers_mode=") - 1; |
lval = strtol(p, &ep, 8); | sudoers_mode = atomode(p, &errstr); |
if (*p == '\0' || *ep != '\0') | if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _("invalid value")); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) | |
|| (lval > 0777 || lval < 0)) | |
fatalx(_("%s: %s"), *cur, _("value out of range")); | |
sudoers_mode = (mode_t) lval; | |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "ldap_conf=")) { |
if (MATCHES(*cur, "ldap_conf=")) { |
Line 147 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 140 sudoers_policy_deserialize_info(void *v, char **runas_
|
if (MATCHES(*cur, "closefrom=")) { |
if (MATCHES(*cur, "closefrom=")) { |
errno = 0; |
errno = 0; |
p = *cur + sizeof("closefrom=") - 1; |
p = *cur + sizeof("closefrom=") - 1; |
lval = strtol(p, &ep, 10); | user_closefrom = strtonum(p, 4, INT_MAX, &errstr); |
if (*p == '\0' || *ep != '\0') | if (user_closefrom == 0) |
fatalx(_("%s: %s"), *cur, _("invalid value")); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) | |
|| (lval > INT_MAX || lval < 3)) | |
fatalx(_("%s: %s"), *cur, _("value out of range")); | |
user_closefrom = (int) lval; | |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "debug_flags=")) { |
if (MATCHES(*cur, "debug_flags=")) { |
Line 253 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 242 sudoers_policy_deserialize_info(void *v, char **runas_
|
continue; |
continue; |
} |
} |
#endif /* HAVE_BSD_AUTH_H */ |
#endif /* HAVE_BSD_AUTH_H */ |
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) |
|
if (MATCHES(*cur, "progname=")) { |
if (MATCHES(*cur, "progname=")) { |
setprogname(*cur + sizeof("progname=") - 1); | initprogname(*cur + sizeof("progname=") - 1); |
continue; |
continue; |
} |
} |
#endif |
|
if (MATCHES(*cur, "network_addrs=")) { |
if (MATCHES(*cur, "network_addrs=")) { |
interfaces_string = *cur + sizeof("network_addrs=") - 1; |
interfaces_string = *cur + sizeof("network_addrs=") - 1; |
set_interfaces(interfaces_string); |
set_interfaces(interfaces_string); |
Line 267 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 254 sudoers_policy_deserialize_info(void *v, char **runas_
|
if (MATCHES(*cur, "max_groups=")) { |
if (MATCHES(*cur, "max_groups=")) { |
errno = 0; |
errno = 0; |
p = *cur + sizeof("max_groups=") - 1; |
p = *cur + sizeof("max_groups=") - 1; |
lval = strtol(p, &ep, 10); | sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr); |
if (*p == '\0' || *ep != '\0') | if (sudo_user.max_groups == 0) |
fatalx(_("%s: %s"), *cur, _("invalid value")); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) | |
|| (lval > INT_MAX || lval <= 0)) | |
fatalx(_("%s: %s"), *cur, _("value out of range")); | |
sudo_user.max_groups = (int) lval; | |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "remote_host=")) { |
if (MATCHES(*cur, "remote_host=")) { |
Line 291 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 274 sudoers_policy_deserialize_info(void *v, char **runas_
|
p = *cur + sizeof("uid=") - 1; |
p = *cur + sizeof("uid=") - 1; |
user_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
user_uid = (uid_t) atoid(p, NULL, NULL, &errstr); |
if (errstr != NULL) |
if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _(errstr)); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "gid=")) { |
if (MATCHES(*cur, "gid=")) { |
p = *cur + sizeof("gid=") - 1; |
p = *cur + sizeof("gid=") - 1; |
user_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
user_gid = (gid_t) atoid(p, NULL, NULL, &errstr); |
if (errstr != NULL) |
if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _(errstr)); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "groups=")) { |
if (MATCHES(*cur, "groups=")) { |
Line 324 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 307 sudoers_policy_deserialize_info(void *v, char **runas_
|
if (MATCHES(*cur, "lines=")) { |
if (MATCHES(*cur, "lines=")) { |
errno = 0; |
errno = 0; |
p = *cur + sizeof("lines=") - 1; |
p = *cur + sizeof("lines=") - 1; |
lval = strtol(p, &ep, 10); | sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr); |
if (*p == '\0' || *ep != '\0') | if (sudo_user.lines == 0) |
fatalx(_("%s: %s"), *cur, _("invalid value")); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) | |
|| (lval > INT_MAX || lval <= 0)) | |
fatalx(_("%s: %s"), *cur, _("value out of range")); | |
sudo_user.lines = (int) lval; | |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "cols=")) { |
if (MATCHES(*cur, "cols=")) { |
errno = 0; |
errno = 0; |
p = *cur + sizeof("cols=") - 1; |
p = *cur + sizeof("cols=") - 1; |
lval = strtol(p, &ep, 10); | sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr); |
if (*p == '\0' || *ep != '\0') | if (sudo_user.lines == 0) |
fatalx(_("%s: %s"), *cur, _("invalid value")); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) | |
|| (lval > INT_MAX || lval <= 0)) | |
fatalx(_("%s: %s"), *cur, _("value out of range")); | |
sudo_user.cols = (int) lval; | |
continue; |
continue; |
} |
} |
if (MATCHES(*cur, "sid=")) { |
if (MATCHES(*cur, "sid=")) { |
p = *cur + sizeof("sid=") - 1; |
p = *cur + sizeof("sid=") - 1; |
sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr); |
sudo_user.sid = (pid_t) atoid(p, NULL, NULL, &errstr); |
if (errstr != NULL) |
if (errstr != NULL) |
fatalx(_("%s: %s"), *cur, _(errstr)); | fatalx(U_("%s: %s"), *cur, U_(errstr)); |
continue; |
continue; |
} |
} |
} |
} |
Line 357 sudoers_policy_deserialize_info(void *v, char **runas_
|
Line 332 sudoers_policy_deserialize_info(void *v, char **runas_
|
if ((p = strchr(user_runhost, '.'))) |
if ((p = strchr(user_runhost, '.'))) |
user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost)); |
user_srunhost = estrndup(user_runhost, (size_t)(p - user_runhost)); |
if (user_cwd == NULL) |
if (user_cwd == NULL) |
user_cwd = "unknown"; | user_cwd = estrdup("unknown"); |
if (user_tty == NULL) |
if (user_tty == NULL) |
user_tty = "unknown"; /* user_ttypath remains NULL */ | user_tty = estrdup("unknown"); /* user_ttypath remains NULL */ |
|
|
if (groups != NULL && groups[0] != '\0') { |
if (groups != NULL && groups[0] != '\0') { |
/* parse_gid_list() will call fatalx() on error. */ |
/* parse_gid_list() will call fatalx() on error. */ |
Line 463 sudoers_policy_exec_setup(char *argv[], char *envp[],
|
Line 438 sudoers_policy_exec_setup(char *argv[], char *envp[],
|
egid = runas_gr ? (unsigned int)runas_gr->gr_gid : |
egid = runas_gr ? (unsigned int)runas_gr->gr_gid : |
(unsigned int)runas_pw->pw_gid; |
(unsigned int)runas_pw->pw_gid; |
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); |
len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); |
if (len < 0 || len >= glsize - (cp - gid_list)) | if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) |
fatalx(_("internal error, %s overflow"), "runas_groups"); | fatalx(U_("internal error, %s overflow"), "runas_groups"); |
cp += len; |
cp += len; |
for (i = 0; i < grlist->ngids; i++) { |
for (i = 0; i < grlist->ngids; i++) { |
if (grlist->gids[i] != egid) { |
if (grlist->gids[i] != egid) { |
len = snprintf(cp, glsize - (cp - gid_list), ",%u", |
len = snprintf(cp, glsize - (cp - gid_list), ",%u", |
(unsigned int) grlist->gids[i]); |
(unsigned int) grlist->gids[i]); |
if (len < 0 || len >= glsize - (cp - gid_list)) | if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) |
fatalx(_("internal error, %s overflow"), "runas_groups"); | fatalx(U_("internal error, %s overflow"), "runas_groups"); |
cp += len; |
cp += len; |
} |
} |
} |
} |
Line 561 sudoers_policy_close(int exit_status, int error_code)
|
Line 536 sudoers_policy_close(int exit_status, int error_code)
|
/* We do not currently log the exit status. */ |
/* We do not currently log the exit status. */ |
if (error_code) { |
if (error_code) { |
errno = error_code; |
errno = error_code; |
warning(_("unable to execute %s"), safe_cmnd); | warning(U_("unable to execute %s"), safe_cmnd); |
} |
} |
|
|
/* Close the session we opened in sudoers_policy_init_session(). */ |
/* Close the session we opened in sudoers_policy_init_session(). */ |
Line 679 sudoers_policy_list(int argc, char * const argv[], int
|
Line 654 sudoers_policy_list(int argc, char * const argv[], int
|
if (list_user) { |
if (list_user) { |
list_pw = sudo_getpwnam(list_user); |
list_pw = sudo_getpwnam(list_user); |
if (list_pw == NULL) { |
if (list_pw == NULL) { |
warningx(_("unknown user: %s"), list_user); | warningx(U_("unknown user: %s"), list_user); |
debug_return_bool(-1); |
debug_return_bool(-1); |
} |
} |
} |
} |