--- embedaddon/sudo/plugins/sudoers/sudo_nss.c 2012/10/09 09:29:52 1.1.1.3 +++ embedaddon/sudo/plugins/sudoers/sudo_nss.c 2014/06/15 16:12:54 1.1.1.6 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011 Todd C. Miller + * Copyright (c) 2007-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,6 @@ #include #include -#include #include #include @@ -62,48 +61,51 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp; + char *cp, *line = NULL; + size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; - static struct sudo_nss_list snl; + static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; - while ((cp = sudo_parseln(fp)) != NULL) { + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ - if (*cp == '\0') + if (*line == '\0') continue; /* Look for a line starting with "sudoers:" */ - if (strncasecmp(cp, "sudoers:", 8) != 0) + if (strncasecmp(line, "sudoers:", 8) != 0) continue; /* Parse line */ - for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { + for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) { if (strcasecmp(cp, "files") == 0 && !saw_files) { - tq_append(&snl, &sudo_nss_file); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); got_match = true; +#ifdef HAVE_LDAP } else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) { - tq_append(&snl, &sudo_nss_ldap); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); got_match = true; +#endif #ifdef HAVE_SSSD } else if (strcasecmp(cp, "sss") == 0 && !saw_sss) { - tq_append(&snl, &sudo_nss_sss); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); got_match = true; #endif } else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) { /* NOTFOUND affects the most recent entry */ - tq_last(&snl)->ret_if_notfound = true; + TAILQ_LAST(&snl, sudo_nss_list)->ret_if_notfound = true; got_match = false; } else if (strcasecmp(cp, "[SUCCESS=return]") == 0 && got_match) { /* SUCCESS affects the most recent entry */ - tq_last(&snl)->ret_if_found = true; + TAILQ_LAST(&snl, sudo_nss_list)->ret_if_found = true; got_match = false; } else got_match = false; @@ -111,12 +113,13 @@ sudo_read_nss(void) /* Only parse the first "sudoers:" line */ break; } + free(line); fclose(fp); nomatch: /* Default to files only if no matches */ - if (tq_empty(&snl)) - tq_append(&snl, &sudo_nss_file); + if (TAILQ_EMPTY(&snl)) + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } @@ -133,22 +136,23 @@ struct sudo_nss_list * sudo_read_nss(void) { FILE *fp; - char *cp, *ep; + char *cp, *ep, *line = NULL; + size_t linesize = 0; #ifdef HAVE_SSSD bool saw_sss = false; #endif bool saw_files = false; bool saw_ldap = false; bool got_match = false; - static struct sudo_nss_list snl; + static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; - while ((cp = sudo_parseln(fp)) != NULL) { + while (sudo_parseln(&line, &linesize, NULL, fp) != -1) { /* Skip blank or comment lines */ - if (*cp == '\0') + if (*(cp = line) == '\0') continue; /* Look for a line starting with "sudoers = " */ @@ -168,18 +172,20 @@ sudo_read_nss(void) if (!saw_files && strncasecmp(cp, "files", 5) == 0 && (isspace((unsigned char)cp[5]) || cp[5] == '\0')) { - tq_append(&snl, &sudo_nss_file); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); got_match = true; ep = &cp[5]; +#ifdef HAVE_LDAP } else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 && (isspace((unsigned char)cp[4]) || cp[4] == '\0')) { - tq_append(&snl, &sudo_nss_ldap); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); got_match = true; ep = &cp[4]; +#endif #ifdef HAVE_SSSD } else if (!saw_sss && strncasecmp(cp, "sss", 3) == 0 && (isspace((unsigned char)cp[3]) || cp[3] == '\0')) { - tq_append(&snl, &sudo_nss_sss); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); got_match = true; ep = &cp[3]; #endif @@ -194,7 +200,7 @@ sudo_read_nss(void) cp++; if (strncasecmp(cp, "auth", 4) == 0 && (isspace((unsigned char)cp[4]) || cp[4] == '\0')) { - tq_last(&snl)->ret_if_found = true; + TAILQ_LAST(&snl, sudo_nss_list)->ret_if_found = true; } } } @@ -205,8 +211,8 @@ sudo_read_nss(void) nomatch: /* Default to files only if no matches */ - if (tq_empty(&snl)) - tq_append(&snl, &sudo_nss_file); + if (TAILQ_EMPTY(&snl)) + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } @@ -219,16 +225,16 @@ nomatch: struct sudo_nss_list * sudo_read_nss(void) { - static struct sudo_nss_list snl; + static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) # ifdef HAVE_SSSD - tq_append(&snl, &sudo_nss_sss); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); # endif # ifdef HAVE_LDAP - tq_append(&snl, &sudo_nss_ldap); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_ldap, entries); # endif - tq_append(&snl, &sudo_nss_file); + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); debug_return_ptr(&snl); } @@ -256,7 +262,7 @@ output(const char *buf) /* * Print out privileges for the specified user. - * We only get here if the user is allowed to run something on this host. + * We only get here if the user is allowed to run something. */ void display_privs(struct sudo_nss_list *snl, struct passwd *pw) @@ -271,13 +277,13 @@ display_privs(struct sudo_nss_list *snl, struct passwd if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) cols = 0; lbuf_init(&defs, output, 4, NULL, cols); - lbuf_init(&privs, output, 4, NULL, cols); + lbuf_init(&privs, output, 8, NULL, cols); /* Display defaults from all sources. */ - lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"), - pw->pw_name); + lbuf_append(&defs, _("Matching Defaults entries for %s on %s:\n"), + pw->pw_name, user_srunhost); count = 0; - tq_foreach_fwd(snl, nss) { + TAILQ_FOREACH(nss, snl, entries) { count += nss->display_defaults(nss, pw, &defs); } if (count) @@ -290,7 +296,7 @@ display_privs(struct sudo_nss_list *snl, struct passwd lbuf_append(&defs, _("Runas and Command-specific defaults for %s:\n"), pw->pw_name); count = 0; - tq_foreach_fwd(snl, nss) { + TAILQ_FOREACH(nss, snl, entries) { count += nss->display_bound_defaults(nss, pw, &defs); } if (count) @@ -300,10 +306,10 @@ display_privs(struct sudo_nss_list *snl, struct passwd /* Display privileges from all sources. */ lbuf_append(&privs, - _("User %s may run the following commands on this host:\n"), - pw->pw_name); + _("User %s may run the following commands on %s:\n"), + pw->pw_name, user_srunhost); count = 0; - tq_foreach_fwd(snl, nss) { + TAILQ_FOREACH(nss, snl, entries) { count += nss->display_privs(nss, pw, &privs); } if (count == 0) { @@ -332,7 +338,7 @@ display_cmnd(struct sudo_nss_list *snl, struct passwd struct sudo_nss *nss; debug_decl(display_cmnd, SUDO_DEBUG_NSS) - tq_foreach_fwd(snl, nss) { + TAILQ_FOREACH(nss, snl, entries) { if (nss->display_cmnd(nss, pw) == 0) debug_return_bool(true); }