version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.5, 2013/10/14 07:56:35
|
Line 147 sudoers_policy_init(void *info, char * const envp[])
|
Line 147 sudoers_policy_init(void *info, char * const envp[])
|
snl = sudo_read_nss(); |
snl = sudo_read_nss(); |
|
|
/* LDAP or NSS may modify the euid so we need to be root for the open. */ |
/* LDAP or NSS may modify the euid so we need to be root for the open. */ |
set_perms(PERM_INITIAL); |
|
set_perms(PERM_ROOT); |
set_perms(PERM_ROOT); |
|
|
/* Open and parse sudoers, set global defaults */ |
/* Open and parse sudoers, set global defaults */ |
Line 228 sudoers_policy_main(int argc, char * const argv[], int
|
Line 227 sudoers_policy_main(int argc, char * const argv[], int
|
goto bad; |
goto bad; |
} |
} |
|
|
/* Check for -C overriding def_closefrom. */ |
|
if (user_closefrom >= 0 && user_closefrom != def_closefrom) { |
|
if (!def_closefrom_override) { |
|
warningx(_("you are not permitted to use the -C option")); |
|
goto bad; |
|
} |
|
def_closefrom = user_closefrom; |
|
} |
|
|
|
set_perms(PERM_INITIAL); |
set_perms(PERM_INITIAL); |
|
|
/* Environment variables specified on the command line. */ |
/* Environment variables specified on the command line. */ |
Line 266 sudoers_policy_main(int argc, char * const argv[], int
|
Line 256 sudoers_policy_main(int argc, char * const argv[], int
|
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) |
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) |
def_preserve_groups = true; |
def_preserve_groups = true; |
|
|
/* Find command in path */ | /* Find command in path and apply per-command Defaults. */ |
cmnd_status = set_cmnd(); |
cmnd_status = set_cmnd(); |
|
|
|
/* Check for -C overriding def_closefrom. */ |
|
if (user_closefrom >= 0 && user_closefrom != def_closefrom) { |
|
if (!def_closefrom_override) { |
|
warningx(_("you are not permitted to use the -C option")); |
|
goto bad; |
|
} |
|
def_closefrom = user_closefrom; |
|
} |
|
|
/* |
/* |
* Check sudoers sources, using the locale specified in sudoers. |
* Check sudoers sources, using the locale specified in sudoers. |
*/ |
*/ |
Line 523 static void
|
Line 522 static void
|
init_vars(char * const envp[]) |
init_vars(char * const envp[]) |
{ |
{ |
char * const * ep; |
char * const * ep; |
|
bool unknown_user = false; |
debug_decl(init_vars, SUDO_DEBUG_PLUGIN) |
debug_decl(init_vars, SUDO_DEBUG_PLUGIN) |
|
|
sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale); |
sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale); |
Line 563 init_vars(char * const envp[])
|
Line 563 init_vars(char * const envp[])
|
|
|
/* Need to make a fake struct passwd for the call to log_fatal(). */ |
/* Need to make a fake struct passwd for the call to log_fatal(). */ |
sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); |
sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); |
log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid); | unknown_user = true; |
/* NOTREACHED */ | |
} |
} |
} |
} |
|
|
/* |
/* |
* Get group list. | * Get group list and store initialize permissions. |
*/ |
*/ |
if (user_group_list == NULL) |
if (user_group_list == NULL) |
user_group_list = sudo_get_grlist(sudo_user.pw); |
user_group_list = sudo_get_grlist(sudo_user.pw); |
|
set_perms(PERM_INITIAL); |
|
|
/* Set runas callback. */ |
/* Set runas callback. */ |
sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; |
sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; |
Line 584 init_vars(char * const envp[])
|
Line 584 init_vars(char * const envp[])
|
sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid; |
sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid; |
|
|
/* It is now safe to use log_fatal() and set_perms() */ |
/* It is now safe to use log_fatal() and set_perms() */ |
|
if (unknown_user) |
|
log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid); |
debug_return; |
debug_return; |
} |
} |
|
|
Line 807 set_fqdn(void)
|
Line 809 set_fqdn(void)
|
char *p; |
char *p; |
debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) |
debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) |
|
|
zero_bytes(&hint, sizeof(hint)); | memset(&hint, 0, sizeof(hint)); |
hint.ai_family = PF_UNSPEC; |
hint.ai_family = PF_UNSPEC; |
hint.ai_flags = AI_FQDN; |
hint.ai_flags = AI_FQDN; |
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { |
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { |