version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 58 sudo_read_nss(void)
|
Line 58 sudo_read_nss(void)
|
{ |
{ |
FILE *fp; |
FILE *fp; |
char *cp; |
char *cp; |
int saw_files = FALSE; | bool saw_files = false; |
int saw_ldap = FALSE; | bool saw_ldap = false; |
int got_match = FALSE; | bool got_match = false; |
static struct sudo_nss_list snl; |
static struct sudo_nss_list snl; |
|
debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) |
|
|
if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) |
if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) |
goto nomatch; |
goto nomatch; |
Line 79 sudo_read_nss(void)
|
Line 80 sudo_read_nss(void)
|
for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { |
for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { |
if (strcasecmp(cp, "files") == 0 && !saw_files) { |
if (strcasecmp(cp, "files") == 0 && !saw_files) { |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
got_match = TRUE; | got_match = true; |
} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { |
} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { |
tq_append(&snl, &sudo_nss_ldap); |
tq_append(&snl, &sudo_nss_ldap); |
got_match = TRUE; | got_match = true; |
} else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) { |
} else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) { |
/* NOTFOUND affects the most recent entry */ |
/* NOTFOUND affects the most recent entry */ |
tq_last(&snl)->ret_if_notfound = TRUE; | tq_last(&snl)->ret_if_notfound = true; |
got_match = FALSE; | got_match = false; |
} else |
} else |
got_match = FALSE; | got_match = false; |
} |
} |
/* Only parse the first "sudoers:" line */ |
/* Only parse the first "sudoers:" line */ |
break; |
break; |
Line 100 nomatch:
|
Line 101 nomatch:
|
if (tq_empty(&snl)) |
if (tq_empty(&snl)) |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
|
|
return &snl; | debug_return_ptr(&snl); |
} |
} |
|
|
#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ |
#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ |
Line 116 sudo_read_nss(void)
|
Line 117 sudo_read_nss(void)
|
{ |
{ |
FILE *fp; |
FILE *fp; |
char *cp, *ep; |
char *cp, *ep; |
int saw_files = FALSE; | bool saw_files = false; |
int saw_ldap = FALSE; | bool saw_ldap = false; |
int got_match = FALSE; | bool got_match = false; |
static struct sudo_nss_list snl; |
static struct sudo_nss_list snl; |
|
debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) |
|
|
if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) |
if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) |
goto nomatch; |
goto nomatch; |
Line 147 sudo_read_nss(void)
|
Line 149 sudo_read_nss(void)
|
if (!saw_files && strncasecmp(cp, "files", 5) == 0 && |
if (!saw_files && strncasecmp(cp, "files", 5) == 0 && |
(isspace((unsigned char)cp[5]) || cp[5] == '\0')) { |
(isspace((unsigned char)cp[5]) || cp[5] == '\0')) { |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
got_match = TRUE; | got_match = true; |
ep = &cp[5]; |
ep = &cp[5]; |
} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && |
} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
tq_append(&snl, &sudo_nss_ldap); |
tq_append(&snl, &sudo_nss_ldap); |
got_match = TRUE; | got_match = true; |
ep = &cp[4]; |
ep = &cp[4]; |
} else { |
} else { |
got_match = FALSE; | got_match = false; |
} |
} |
|
|
/* check for = auth qualifier */ |
/* check for = auth qualifier */ |
Line 165 sudo_read_nss(void)
|
Line 167 sudo_read_nss(void)
|
cp++; |
cp++; |
if (strncasecmp(cp, "auth", 4) == 0 && |
if (strncasecmp(cp, "auth", 4) == 0 && |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
tq_last(&snl)->ret_if_found = TRUE; | tq_last(&snl)->ret_if_found = true; |
} |
} |
} |
} |
} |
} |
Line 179 nomatch:
|
Line 181 nomatch:
|
if (tq_empty(&snl)) |
if (tq_empty(&snl)) |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
|
|
return &snl; | debug_return_ptr(&snl); |
} |
} |
|
|
# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */ |
# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */ |
Line 191 struct sudo_nss_list *
|
Line 193 struct sudo_nss_list *
|
sudo_read_nss(void) |
sudo_read_nss(void) |
{ |
{ |
static struct sudo_nss_list snl; |
static struct sudo_nss_list snl; |
|
debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) |
|
|
# ifdef HAVE_LDAP |
# ifdef HAVE_LDAP |
tq_append(&snl, &sudo_nss_ldap); |
tq_append(&snl, &sudo_nss_ldap); |
# endif |
# endif |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
|
|
return &snl; | debug_return_ptr(&snl); |
} |
} |
|
|
# endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */ |
# endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */ |
Line 209 output(const char *buf)
|
Line 212 output(const char *buf)
|
{ |
{ |
struct sudo_conv_message msg; |
struct sudo_conv_message msg; |
struct sudo_conv_reply repl; |
struct sudo_conv_reply repl; |
|
debug_decl(output, SUDO_DEBUG_NSS) |
|
|
/* Call conversation function */ |
/* Call conversation function */ |
memset(&msg, 0, sizeof(msg)); |
memset(&msg, 0, sizeof(msg)); |
Line 216 output(const char *buf)
|
Line 220 output(const char *buf)
|
msg.msg = buf; |
msg.msg = buf; |
memset(&repl, 0, sizeof(repl)); |
memset(&repl, 0, sizeof(repl)); |
if (sudo_conv(1, &msg, &repl) == -1) |
if (sudo_conv(1, &msg, &repl) == -1) |
return 0; | debug_return_int(0); |
return (int)strlen(buf); | debug_return_int(strlen(buf)); |
} |
} |
|
|
/* |
/* |
Line 230 display_privs(struct sudo_nss_list *snl, struct passwd
|
Line 234 display_privs(struct sudo_nss_list *snl, struct passwd
|
struct sudo_nss *nss; |
struct sudo_nss *nss; |
struct lbuf defs, privs; |
struct lbuf defs, privs; |
int count, olen; |
int count, olen; |
|
debug_decl(display_privs, SUDO_DEBUG_NSS) |
|
|
lbuf_init(&defs, output, 4, NULL, sudo_user.cols); |
lbuf_init(&defs, output, 4, NULL, sudo_user.cols); |
lbuf_init(&privs, output, 4, NULL, sudo_user.cols); |
lbuf_init(&privs, output, 4, NULL, sudo_user.cols); |
Line 277 display_privs(struct sudo_nss_list *snl, struct passwd
|
Line 282 display_privs(struct sudo_nss_list *snl, struct passwd
|
|
|
lbuf_destroy(&defs); |
lbuf_destroy(&defs); |
lbuf_destroy(&privs); |
lbuf_destroy(&privs); |
|
|
|
debug_return; |
} |
} |
|
|
/* |
/* |
* Check user_cmnd against sudoers and print the matching entry if the |
* Check user_cmnd against sudoers and print the matching entry if the |
* command is allowed. |
* command is allowed. |
* Returns TRUE if the command is allowed, else FALSE. | * Returns true if the command is allowed, else false. |
*/ |
*/ |
int | bool |
display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) |
display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) |
{ |
{ |
struct sudo_nss *nss; |
struct sudo_nss *nss; |
|
debug_decl(display_cmnd, SUDO_DEBUG_NSS) |
|
|
tq_foreach_fwd(snl, nss) { |
tq_foreach_fwd(snl, nss) { |
if (nss->display_cmnd(nss, pw) == 0) |
if (nss->display_cmnd(nss, pw) == 0) |
return TRUE; | debug_return_bool(true); |
} |
} |
return FALSE; | debug_return_bool(false); |
} |
} |