version 1.1.1.3, 2012/10/09 09:29:52
|
version 1.1.1.5, 2013/10/14 07:56:35
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2007-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
Line 17
|
Line 17
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <sys/stat.h> |
#include <sys/stat.h> |
|
|
#include <stdio.h> |
#include <stdio.h> |
Line 62 struct sudo_nss_list *
|
Line 61 struct sudo_nss_list *
|
sudo_read_nss(void) |
sudo_read_nss(void) |
{ |
{ |
FILE *fp; |
FILE *fp; |
char *cp; | char *cp, *line = NULL; |
| size_t linesize = 0; |
#ifdef HAVE_SSSD |
#ifdef HAVE_SSSD |
bool saw_sss = false; |
bool saw_sss = false; |
#endif |
#endif |
Line 75 sudo_read_nss(void)
|
Line 75 sudo_read_nss(void)
|
if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) |
if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) |
goto nomatch; |
goto nomatch; |
|
|
while ((cp = sudo_parseln(fp)) != NULL) { | while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { |
/* Skip blank or comment lines */ |
/* Skip blank or comment lines */ |
if (*cp == '\0') | if (*line == '\0') |
continue; |
continue; |
|
|
/* Look for a line starting with "sudoers:" */ |
/* Look for a line starting with "sudoers:" */ |
if (strncasecmp(cp, "sudoers:", 8) != 0) | if (strncasecmp(line, "sudoers:", 8) != 0) |
continue; |
continue; |
|
|
/* Parse line */ |
/* Parse line */ |
for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { | for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { |
if (strcasecmp(cp, "files") == 0 && !saw_files) { |
if (strcasecmp(cp, "files") == 0 && !saw_files) { |
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
got_match = true; |
got_match = true; |
|
#ifdef HAVE_LDAP |
} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { |
} else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { |
tq_append(&snl, &sudo_nss_ldap); |
tq_append(&snl, &sudo_nss_ldap); |
got_match = true; |
got_match = true; |
|
#endif |
#ifdef HAVE_SSSD |
#ifdef HAVE_SSSD |
} else if (strcasecmp(cp, "sss") == 0 && !saw_sss) { |
} else if (strcasecmp(cp, "sss") == 0 && !saw_sss) { |
tq_append(&snl, &sudo_nss_sss); |
tq_append(&snl, &sudo_nss_sss); |
Line 111 sudo_read_nss(void)
|
Line 113 sudo_read_nss(void)
|
/* Only parse the first "sudoers:" line */ |
/* Only parse the first "sudoers:" line */ |
break; |
break; |
} |
} |
|
free(line); |
fclose(fp); |
fclose(fp); |
|
|
nomatch: |
nomatch: |
Line 133 struct sudo_nss_list *
|
Line 136 struct sudo_nss_list *
|
sudo_read_nss(void) |
sudo_read_nss(void) |
{ |
{ |
FILE *fp; |
FILE *fp; |
char *cp, *ep; | char *cp, *ep, *line = NULL; |
| ssize_t linesize = 0; |
#ifdef HAVE_SSSD |
#ifdef HAVE_SSSD |
bool saw_sss = false; |
bool saw_sss = false; |
#endif |
#endif |
Line 146 sudo_read_nss(void)
|
Line 150 sudo_read_nss(void)
|
if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) |
if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) |
goto nomatch; |
goto nomatch; |
|
|
while ((cp = sudo_parseln(fp)) != NULL) { | while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { |
/* Skip blank or comment lines */ |
/* Skip blank or comment lines */ |
if (*cp == '\0') | if (*(cp = line) == '\0') |
continue; |
continue; |
|
|
/* Look for a line starting with "sudoers = " */ |
/* Look for a line starting with "sudoers = " */ |
Line 171 sudo_read_nss(void)
|
Line 175 sudo_read_nss(void)
|
tq_append(&snl, &sudo_nss_file); |
tq_append(&snl, &sudo_nss_file); |
got_match = true; |
got_match = true; |
ep = &cp[5]; |
ep = &cp[5]; |
|
#ifdef HAVE_LDAP |
} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && |
} else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
(isspace((unsigned char)cp[4]) || cp[4] == '\0')) { |
tq_append(&snl, &sudo_nss_ldap); |
tq_append(&snl, &sudo_nss_ldap); |
got_match = true; |
got_match = true; |
ep = &cp[4]; |
ep = &cp[4]; |
|
#endif |
#ifdef HAVE_SSSD |
#ifdef HAVE_SSSD |
} else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 && |
} else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 && |
(isspace((unsigned char)cp[3]) || cp[3] == '\0')) { |
(isspace((unsigned char)cp[3]) || cp[3] == '\0')) { |
Line 256 output(const char *buf)
|
Line 262 output(const char *buf)
|
|
|
/* |
/* |
* Print out privileges for the specified user. |
* Print out privileges for the specified user. |
* We only get here if the user is allowed to run something on this host. | * We only get here if the user is allowed to run something. |
*/ |
*/ |
void |
void |
display_privs(struct sudo_nss_list *snl, struct passwd *pw) |
display_privs(struct sudo_nss_list *snl, struct passwd *pw) |
Line 271 display_privs(struct sudo_nss_list *snl, struct passwd
|
Line 277 display_privs(struct sudo_nss_list *snl, struct passwd
|
if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) |
if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) |
cols = 0; |
cols = 0; |
lbuf_init(&defs, output, 4, NULL, cols); |
lbuf_init(&defs, output, 4, NULL, cols); |
lbuf_init(&privs, output, 4, NULL, cols); | lbuf_init(&privs, output, 8, NULL, cols); |
|
|
/* Display defaults from all sources. */ |
/* Display defaults from all sources. */ |
lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"), | lbuf_append(&defs, _("Matching Defaults entries for %s on %s:\n"), |
pw->pw_name); | pw->pw_name, user_srunhost); |
count = 0; |
count = 0; |
tq_foreach_fwd(snl, nss) { |
tq_foreach_fwd(snl, nss) { |
count += nss->display_defaults(nss, pw, &defs); |
count += nss->display_defaults(nss, pw, &defs); |
Line 300 display_privs(struct sudo_nss_list *snl, struct passwd
|
Line 306 display_privs(struct sudo_nss_list *snl, struct passwd
|
|
|
/* Display privileges from all sources. */ |
/* Display privileges from all sources. */ |
lbuf_append(&privs, |
lbuf_append(&privs, |
_("User %s may run the following commands on this host:\n"), | _("User %s may run the following commands on %s:\n"), |
pw->pw_name); | pw->pw_name, user_srunhost); |
count = 0; |
count = 0; |
tq_foreach_fwd(snl, nss) { |
tq_foreach_fwd(snl, nss) { |
count += nss->display_privs(nss, pw, &privs); |
count += nss->display_privs(nss, pw, &privs); |