embedaddon/sudo/plugins/sudoers/sudo_nss.c - diff

Return to sudo_nss.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers

Diff for /embedaddon/sudo/plugins/sudoers/sudo_nss.c between versions 1.1.1.1 and 1.1.1.3

version 1.1.1.1, 2012/02/21 16:23:02	version 1.1.1.3, 2012/10/09 09:29:52
Line 18	Line 18

#include <sys/types.h>	#include <sys/types.h>
#include <sys/param.h>	#include <sys/param.h>
	#include <sys/stat.h>

#include <stdio.h>	#include <stdio.h>
#ifdef STDC_HEADERS	#ifdef STDC_HEADERS
# include <stdlib.h>	# include <stdlib.h>
Line 47 extern struct sudo_nss sudo_nss_file;	Line 49 extern struct sudo_nss sudo_nss_file;
#ifdef HAVE_LDAP	#ifdef HAVE_LDAP
extern struct sudo_nss sudo_nss_ldap;	extern struct sudo_nss sudo_nss_ldap;
#endif	#endif
	#ifdef HAVE_SSSD
	extern struct sudo_nss sudo_nss_sss;
	#endif

#if defined(HAVE_LDAP) && defined(_PATH_NSSWITCH_CONF)	#if (defined(HAVE_LDAP) \|\| defined(HAVE_SSSD)) && defined(_PATH_NSSWITCH_CONF)
/*	/*
* Read in /etc/nsswitch.conf	* Read in /etc/nsswitch.conf
* Returns a tail queue of matches.	* Returns a tail queue of matches.
Line 58 sudo_read_nss(void)	Line 63 sudo_read_nss(void)
{	{
FILE *fp;	FILE *fp;
char *cp;	char *cp;
int saw_files = FALSE;	#ifdef HAVE_SSSD
int saw_ldap = FALSE;	bool saw_sss = false;
int got_match = FALSE;	#endif
	bool saw_files = false;
	bool saw_ldap = false;
	bool got_match = false;
static struct sudo_nss_list snl;	static struct sudo_nss_list snl;
	debug_decl(sudo_read_nss, SUDO_DEBUG_NSS)

if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL)	if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL)
goto nomatch;	goto nomatch;
Line 79 sudo_read_nss(void)	Line 88 sudo_read_nss(void)
for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) {	for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) {
if (strcasecmp(cp, "files") == 0 && !saw_files) {	if (strcasecmp(cp, "files") == 0 && !saw_files) {
tq_append(&snl, &sudo_nss_file);	tq_append(&snl, &sudo_nss_file);
got_match = TRUE;	got_match = true;
} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) {	} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) {
tq_append(&snl, &sudo_nss_ldap);	tq_append(&snl, &sudo_nss_ldap);
got_match = TRUE;	got_match = true;
	#ifdef HAVE_SSSD
	} else if (strcasecmp(cp, "sss") == 0 && !saw_sss) {
	tq_append(&snl, &sudo_nss_sss);
	got_match = true;
	#endif
} else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) {	} else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) {
/* NOTFOUND affects the most recent entry */	/* NOTFOUND affects the most recent entry */
tq_last(&snl)->ret_if_notfound = TRUE;	tq_last(&snl)->ret_if_notfound = true;
got_match = FALSE;	got_match = false;
	} else if (strcasecmp(cp, "[SUCCESS=return]") == 0 && got_match) {
	/* SUCCESS affects the most recent entry */
	tq_last(&snl)->ret_if_found = true;
	got_match = false;
} else	} else
got_match = FALSE;	got_match = false;
}	}
/* Only parse the first "sudoers:" line */	/* Only parse the first "sudoers:" line */
break;	break;
Line 100 nomatch:	Line 118 nomatch:
if (tq_empty(&snl))	if (tq_empty(&snl))
tq_append(&snl, &sudo_nss_file);	tq_append(&snl, &sudo_nss_file);

return &snl;	debug_return_ptr(&snl);
}	}

#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */	#else /* (HAVE_LDAP \|\| HAVE_SSSD) && _PATH_NSSWITCH_CONF */

# if defined(HAVE_LDAP) && defined(_PATH_NETSVC_CONF)	# if (defined(HAVE_LDAP) \|\| defined(HAVE_SSSD)) && defined(_PATH_NETSVC_CONF)

/*	/*
* Read in /etc/netsvc.conf (like nsswitch.conf on AIX)	* Read in /etc/netsvc.conf (like nsswitch.conf on AIX)
Line 116 sudo_read_nss(void)	Line 134 sudo_read_nss(void)
{	{
FILE *fp;	FILE *fp;
char cp, ep;	char cp, ep;
int saw_files = FALSE;	#ifdef HAVE_SSSD
int saw_ldap = FALSE;	bool saw_sss = false;
int got_match = FALSE;	#endif
	bool saw_files = false;
	bool saw_ldap = false;
	bool got_match = false;
static struct sudo_nss_list snl;	static struct sudo_nss_list snl;
	debug_decl(sudo_read_nss, SUDO_DEBUG_NSS)

if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL)	if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL)
goto nomatch;	goto nomatch;
Line 147 sudo_read_nss(void)	Line 169 sudo_read_nss(void)
if (!saw_files && strncasecmp(cp, "files", 5) == 0 &&	if (!saw_files && strncasecmp(cp, "files", 5) == 0 &&
(isspace((unsigned char)cp[5]) \|\| cp[5] == '\0')) {	(isspace((unsigned char)cp[5]) \|\| cp[5] == '\0')) {
tq_append(&snl, &sudo_nss_file);	tq_append(&snl, &sudo_nss_file);
got_match = TRUE;	got_match = true;
ep = &cp[5];	ep = &cp[5];
} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 &&	} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 &&
(isspace((unsigned char)cp[4]) \|\| cp[4] == '\0')) {	(isspace((unsigned char)cp[4]) \|\| cp[4] == '\0')) {
tq_append(&snl, &sudo_nss_ldap);	tq_append(&snl, &sudo_nss_ldap);
got_match = TRUE;	got_match = true;
ep = &cp[4];	ep = &cp[4];
	#ifdef HAVE_SSSD
	} else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 &&
	(isspace((unsigned char)cp[3]) \|\| cp[3] == '\0')) {
	tq_append(&snl, &sudo_nss_sss);
	got_match = true;
	ep = &cp[3];
	#endif
} else {	} else {
got_match = FALSE;	got_match = false;
}	}

/* check for = auth qualifier */	/* check for = auth qualifier */
Line 165 sudo_read_nss(void)	Line 194 sudo_read_nss(void)
cp++;	cp++;
if (strncasecmp(cp, "auth", 4) == 0 &&	if (strncasecmp(cp, "auth", 4) == 0 &&
(isspace((unsigned char)cp[4]) \|\| cp[4] == '\0')) {	(isspace((unsigned char)cp[4]) \|\| cp[4] == '\0')) {
tq_last(&snl)->ret_if_found = TRUE;	tq_last(&snl)->ret_if_found = true;
}	}
}	}
}	}
Line 179 nomatch:	Line 208 nomatch:
if (tq_empty(&snl))	if (tq_empty(&snl))
tq_append(&snl, &sudo_nss_file);	tq_append(&snl, &sudo_nss_file);

return &snl;	debug_return_ptr(&snl);
}	}

# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */	# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */
Line 191 struct sudo_nss_list *	Line 220 struct sudo_nss_list *
sudo_read_nss(void)	sudo_read_nss(void)
{	{
static struct sudo_nss_list snl;	static struct sudo_nss_list snl;
	debug_decl(sudo_read_nss, SUDO_DEBUG_NSS)

	# ifdef HAVE_SSSD
	tq_append(&snl, &sudo_nss_sss);
	# endif
# ifdef HAVE_LDAP	# ifdef HAVE_LDAP
tq_append(&snl, &sudo_nss_ldap);	tq_append(&snl, &sudo_nss_ldap);
# endif	# endif
tq_append(&snl, &sudo_nss_file);	tq_append(&snl, &sudo_nss_file);

return &snl;	debug_return_ptr(&snl);
}	}

# endif /* !HAVE_LDAP \|\| !_PATH_NETSVC_CONF */	# endif /* !HAVE_LDAP \|\| !_PATH_NETSVC_CONF */
Line 209 output(const char *buf)	Line 242 output(const char *buf)
{	{
struct sudo_conv_message msg;	struct sudo_conv_message msg;
struct sudo_conv_reply repl;	struct sudo_conv_reply repl;
	debug_decl(output, SUDO_DEBUG_NSS)

/* Call conversation function */	/* Call conversation function */
memset(&msg, 0, sizeof(msg));	memset(&msg, 0, sizeof(msg));
Line 216 output(const char *buf)	Line 250 output(const char *buf)
msg.msg = buf;	msg.msg = buf;
memset(&repl, 0, sizeof(repl));	memset(&repl, 0, sizeof(repl));
if (sudo_conv(1, &msg, &repl) == -1)	if (sudo_conv(1, &msg, &repl) == -1)
return 0;	debug_return_int(0);
return (int)strlen(buf);	debug_return_int(strlen(buf));
}	}

/*	/*
Line 229 display_privs(struct sudo_nss_list *snl, struct passwd	Line 263 display_privs(struct sudo_nss_list *snl, struct passwd
{	{
struct sudo_nss *nss;	struct sudo_nss *nss;
struct lbuf defs, privs;	struct lbuf defs, privs;
int count, olen;	struct stat sb;
	int cols, count, olen;
	debug_decl(display_privs, SUDO_DEBUG_NSS)

lbuf_init(&defs, output, 4, NULL, sudo_user.cols);	cols = sudo_user.cols;
lbuf_init(&privs, output, 4, NULL, sudo_user.cols);	if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode))
	cols = 0;
	lbuf_init(&defs, output, 4, NULL, cols);
	lbuf_init(&privs, output, 4, NULL, cols);

/* Display defaults from all sources. */	/* Display defaults from all sources. */
lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"),	lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"),
Line 267 display_privs(struct sudo_nss_list *snl, struct passwd	Line 306 display_privs(struct sudo_nss_list *snl, struct passwd
tq_foreach_fwd(snl, nss) {	tq_foreach_fwd(snl, nss) {
count += nss->display_privs(nss, pw, &privs);	count += nss->display_privs(nss, pw, &privs);
}	}
if (count) {	if (count == 0) {
lbuf_print(&defs);	defs.len = 0;
lbuf_print(&privs);	privs.len = 0;
} else {	lbuf_append(&privs, _("User %s is not allowed to run sudo on %s.\n"),
printf(_("User %s is not allowed to run sudo on %s.\n"), pw->pw_name,	pw->pw_name, user_shost);
user_shost);
}	}
	lbuf_print(&defs);
	lbuf_print(&privs);

lbuf_destroy(&defs);	lbuf_destroy(&defs);
lbuf_destroy(&privs);	lbuf_destroy(&privs);

	debug_return;
}	}

/*	/*
* Check user_cmnd against sudoers and print the matching entry if the	* Check user_cmnd against sudoers and print the matching entry if the
* command is allowed.	* command is allowed.
* Returns TRUE if the command is allowed, else FALSE.	* Returns true if the command is allowed, else false.
*/	*/
int	bool
display_cmnd(struct sudo_nss_list snl, struct passwd pw)	display_cmnd(struct sudo_nss_list snl, struct passwd pw)
{	{
struct sudo_nss *nss;	struct sudo_nss *nss;
	debug_decl(display_cmnd, SUDO_DEBUG_NSS)

tq_foreach_fwd(snl, nss) {	tq_foreach_fwd(snl, nss) {
if (nss->display_cmnd(nss, pw) == 0)	if (nss->display_cmnd(nss, pw) == 0)
return TRUE;	debug_return_bool(true);
}	}
return FALSE;	debug_return_bool(false);
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.3