version 1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1996, 1998-2005, 2007-2011 | * Copyright (c) 1996, 1998-2005, 2007-2012 |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 49
|
Line 49
|
#endif /* HAVE_UNISTD_H */ |
#endif /* HAVE_UNISTD_H */ |
#ifdef HAVE_FNMATCH |
#ifdef HAVE_FNMATCH |
# include <fnmatch.h> |
# include <fnmatch.h> |
|
#else |
|
# include "compat/fnmatch.h" |
#endif /* HAVE_FNMATCH */ |
#endif /* HAVE_FNMATCH */ |
#ifdef HAVE_NETGROUP_H |
#ifdef HAVE_NETGROUP_H |
# include <netgroup.h> |
# include <netgroup.h> |
Line 58
|
Line 60
|
#include <netinet/in.h> |
#include <netinet/in.h> |
#include <arpa/inet.h> |
#include <arpa/inet.h> |
#include <netdb.h> |
#include <netdb.h> |
|
#ifdef HAVE_SETLOCALE |
|
# include <locale.h> |
|
#endif |
|
|
#include "tsgetgrpw.h" |
#include "tsgetgrpw.h" |
#include "sudoers.h" |
#include "sudoers.h" |
#include "interfaces.h" |
#include "interfaces.h" |
#include "parse.h" |
#include "parse.h" |
|
#include "sudo_conf.h" |
#include <gram.h> |
#include <gram.h> |
|
|
#ifndef HAVE_FNMATCH |
|
# include "compat/fnmatch.h" |
|
#endif /* HAVE_FNMATCH */ |
|
|
|
/* |
/* |
* Function Prototypes |
* Function Prototypes |
*/ |
*/ |
Line 107 struct interface *interfaces;
|
Line 109 struct interface *interfaces;
|
struct sudo_user sudo_user; |
struct sudo_user sudo_user; |
struct passwd *list_pw; |
struct passwd *list_pw; |
static char *runas_group, *runas_user; |
static char *runas_group, *runas_user; |
extern int parse_error; | extern int errorlineno; |
| extern bool parse_error; |
| extern char *errorfile; |
sudo_printf_t sudo_printf = testsudoers_printf; |
sudo_printf_t sudo_printf = testsudoers_printf; |
|
sudo_conv_t sudo_conv; /* NULL in non-plugin */ |
|
|
/* For getopt(3) */ |
/* For getopt(3) */ |
extern char *optarg; |
extern char *optarg; |
Line 130 main(int argc, char *argv[])
|
Line 135 main(int argc, char *argv[])
|
char *p, *grfile, *pwfile; |
char *p, *grfile, *pwfile; |
char hbuf[MAXHOSTNAMELEN + 1]; |
char hbuf[MAXHOSTNAMELEN + 1]; |
int match, host_match, runas_match, cmnd_match; |
int match, host_match, runas_match, cmnd_match; |
int ch, dflag; | int ch, dflag, exitcode = 0; |
| debug_decl(main, SUDO_DEBUG_MAIN) |
|
|
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
malloc_options = "AFGJPR"; |
malloc_options = "AFGJPR"; |
Line 143 main(int argc, char *argv[])
|
Line 149 main(int argc, char *argv[])
|
setprogname(argc > 0 ? argv[0] : "testsudoers"); |
setprogname(argc > 0 ? argv[0] : "testsudoers"); |
#endif |
#endif |
|
|
|
#ifdef HAVE_SETLOCALE |
|
setlocale(LC_ALL, ""); |
|
#endif |
|
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ |
|
textdomain("sudoers"); |
|
|
|
/* Read sudo.conf. */ |
|
sudo_conf_read(); |
|
|
dflag = 0; |
dflag = 0; |
grfile = pwfile = NULL; |
grfile = pwfile = NULL; |
while ((ch = getopt(argc, argv, "dg:G:h:p:tu:")) != -1) { |
while ((ch = getopt(argc, argv, "dg:G:h:p:tu:")) != -1) { |
Line 187 main(int argc, char *argv[])
|
Line 202 main(int argc, char *argv[])
|
if (argc < 2) { |
if (argc < 2) { |
if (!dflag) |
if (!dflag) |
usage(); |
usage(); |
user_name = "root"; | user_name = argc ? *argv++ : "root"; |
user_cmnd = user_base = "true"; |
user_cmnd = user_base = "true"; |
|
argc = 0; |
} else { |
} else { |
user_name = *argv; | user_name = *argv++; |
user_cmnd = *++argv; | user_cmnd = *argv++; |
if ((p = strrchr(user_cmnd, '/')) != NULL) |
if ((p = strrchr(user_cmnd, '/')) != NULL) |
user_base = p + 1; |
user_base = p + 1; |
else |
else |
Line 220 main(int argc, char *argv[])
|
Line 236 main(int argc, char *argv[])
|
char *to, **from; |
char *to, **from; |
size_t size, n; |
size_t size, n; |
|
|
for (size = 0, from = argv + 1; *from; from++) | for (size = 0, from = argv; *from; from++) |
size += strlen(*from) + 1; |
size += strlen(*from) + 1; |
|
|
user_args = (char *) emalloc(size); |
user_args = (char *) emalloc(size); |
for (to = user_args, from = argv + 1; *from; from++) { | for (to = user_args, from = argv; *from; from++) { |
n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
errorx(1, _("internal error, init_vars() overflow")); |
errorx(1, _("internal error, init_vars() overflow")); |
Line 248 main(int argc, char *argv[])
|
Line 264 main(int argc, char *argv[])
|
init_parser("sudoers", 0); |
init_parser("sudoers", 0); |
|
|
if (yyparse() != 0 || parse_error) { |
if (yyparse() != 0 || parse_error) { |
parse_error = TRUE; | parse_error = true; |
(void) fputs("Does not parse", stdout); | if (errorlineno != -1) |
| (void) printf("Parse error in %s near line %d", |
| errorfile, errorlineno); |
| else |
| (void) printf("Parse error in %s", errorfile); |
} else { |
} else { |
(void) fputs("Parses OK", stdout); |
(void) fputs("Parses OK", stdout); |
} |
} |
Line 258 main(int argc, char *argv[])
|
Line 278 main(int argc, char *argv[])
|
(void) fputs(" (problem with defaults entries)", stdout); |
(void) fputs(" (problem with defaults entries)", stdout); |
puts("."); |
puts("."); |
|
|
if (def_group_plugin && group_plugin_load(def_group_plugin) != TRUE) | if (def_group_plugin && group_plugin_load(def_group_plugin) != true) |
def_group_plugin = NULL; |
def_group_plugin = NULL; |
|
|
/* |
/* |
Line 276 main(int argc, char *argv[])
|
Line 296 main(int argc, char *argv[])
|
if (dflag) { |
if (dflag) { |
(void) putchar('\n'); |
(void) putchar('\n'); |
dump_sudoers(); |
dump_sudoers(); |
if (argc < 2) | if (argc < 2) { |
exit(parse_error ? 1 : 0); | exitcode = parse_error ? 1 : 0; |
| goto done; |
| } |
} |
} |
|
|
/* This loop must match the one in sudo_file_lookup() */ |
/* This loop must match the one in sudo_file_lookup() */ |
Line 319 main(int argc, char *argv[])
|
Line 341 main(int argc, char *argv[])
|
* 2 - command not matched |
* 2 - command not matched |
* 3 - command denied |
* 3 - command denied |
*/ |
*/ |
if (parse_error) | exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); |
exit(1); | done: |
exit(match == ALLOW ? 0 : match + 3); | sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); |
| exit(exitcode); |
} |
} |
|
|
static void |
static void |
set_runaspw(const char *user) |
set_runaspw(const char *user) |
{ |
{ |
|
debug_decl(main, SUDO_DEBUG_UTIL) |
|
|
if (runas_pw != NULL) |
if (runas_pw != NULL) |
pw_delref(runas_pw); |
pw_delref(runas_pw); |
if (*user == '#') { |
if (*user == '#') { |
Line 336 set_runaspw(const char *user)
|
Line 361 set_runaspw(const char *user)
|
if ((runas_pw = sudo_getpwnam(user)) == NULL) |
if ((runas_pw = sudo_getpwnam(user)) == NULL) |
errorx(1, _("unknown user: %s"), user); |
errorx(1, _("unknown user: %s"), user); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
static void |
static void |
set_runasgr(const char *group) |
set_runasgr(const char *group) |
{ |
{ |
|
debug_decl(main, SUDO_DEBUG_UTIL) |
|
|
if (runas_gr != NULL) |
if (runas_gr != NULL) |
gr_delref(runas_gr); |
gr_delref(runas_gr); |
if (*group == '#') { |
if (*group == '#') { |
Line 350 set_runasgr(const char *group)
|
Line 379 set_runasgr(const char *group)
|
if ((runas_gr = sudo_getgrnam(group)) == NULL) |
if ((runas_gr = sudo_getgrnam(group)) == NULL) |
errorx(1, _("unknown group: %s"), group); |
errorx(1, _("unknown group: %s"), group); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
/* |
/* |
Line 361 cb_runas_default(const char *user)
|
Line 392 cb_runas_default(const char *user)
|
/* Only reset runaspw if user didn't specify one. */ |
/* Only reset runaspw if user didn't specify one. */ |
if (!runas_user && !runas_group) |
if (!runas_user && !runas_group) |
set_runaspw(user); |
set_runaspw(user); |
return TRUE; | return true; |
} |
} |
|
|
void |
void |
Line 383 set_fqdn(void)
|
Line 414 set_fqdn(void)
|
} |
} |
|
|
FILE * |
FILE * |
open_sudoers(const char *path, int isdir, int *keepopen) | open_sudoers(const char *path, bool doedit, bool *keepopen) |
{ |
{ |
return fopen(path, "r"); | debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
| |
| debug_return_ptr(fopen(path, "r")); |
} |
} |
|
|
void |
void |
Line 418 void
|
Line 451 void
|
print_member(struct member *m) |
print_member(struct member *m) |
{ |
{ |
struct sudo_command *c; |
struct sudo_command *c; |
|
debug_decl(print_member, SUDO_DEBUG_UTIL) |
|
|
if (m->negated) |
if (m->negated) |
putchar('!'); |
putchar('!'); |
Line 430 print_member(struct member *m)
|
Line 464 print_member(struct member *m)
|
printf("%s%s%s", c->cmnd, c->args ? " " : "", |
printf("%s%s%s", c->cmnd, c->args ? " " : "", |
c->args ? c->args : ""); |
c->args ? c->args : ""); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
void |
void |
Line 437 print_defaults(void)
|
Line 473 print_defaults(void)
|
{ |
{ |
struct defaults *d; |
struct defaults *d; |
struct member *m; |
struct member *m; |
|
debug_decl(print_member, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&defaults, d) { |
tq_foreach_fwd(&defaults, d) { |
(void) fputs("Defaults", stdout); |
(void) fputs("Defaults", stdout); |
Line 459 print_defaults(void)
|
Line 496 print_defaults(void)
|
putchar(','); |
putchar(','); |
print_member(m); |
print_member(m); |
} |
} |
printf("\t%s%s", d->op == FALSE ? "!" : "", d->var); | printf("\t%s%s", d->op == false ? "!" : "", d->var); |
if (d->val != NULL) { |
if (d->val != NULL) { |
printf("%c%s", d->op == TRUE ? '=' : d->op, d->val); | printf("%c%s", d->op == true ? '=' : d->op, d->val); |
} |
} |
putchar('\n'); |
putchar('\n'); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
int |
int |
Line 473 print_alias(void *v1, void *v2)
|
Line 512 print_alias(void *v1, void *v2)
|
struct alias *a = (struct alias *)v1; |
struct alias *a = (struct alias *)v1; |
struct member *m; |
struct member *m; |
struct sudo_command *c; |
struct sudo_command *c; |
|
debug_decl(print_alias, SUDO_DEBUG_UTIL) |
|
|
switch (a->type) { |
switch (a->type) { |
case HOSTALIAS: |
case HOSTALIAS: |
Line 502 print_alias(void *v1, void *v2)
|
Line 542 print_alias(void *v1, void *v2)
|
} |
} |
} |
} |
putchar('\n'); |
putchar('\n'); |
return 0; | debug_return_int(0); |
} |
} |
|
|
void |
void |
Line 512 print_privilege(struct privilege *priv)
|
Line 552 print_privilege(struct privilege *priv)
|
struct member *m; |
struct member *m; |
struct privilege *p; |
struct privilege *p; |
struct cmndtag tags; |
struct cmndtag tags; |
|
debug_decl(print_privilege, SUDO_DEBUG_UTIL) |
|
|
for (p = priv; p != NULL; p = p->next) { |
for (p = priv; p != NULL; p = p->next) { |
if (p != priv) |
if (p != priv) |
Line 563 print_privilege(struct privilege *priv)
|
Line 604 print_privilege(struct privilege *priv)
|
memcpy(&tags, &cs->tags, sizeof(tags)); |
memcpy(&tags, &cs->tags, sizeof(tags)); |
} |
} |
} |
} |
|
debug_return; |
} |
} |
|
|
void |
void |
Line 570 print_userspecs(void)
|
Line 612 print_userspecs(void)
|
{ |
{ |
struct member *m; |
struct member *m; |
struct userspec *us; |
struct userspec *us; |
|
debug_decl(print_userspecs, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&userspecs, us) { |
tq_foreach_fwd(&userspecs, us) { |
tq_foreach_fwd(&us->users, m) { |
tq_foreach_fwd(&us->users, m) { |
Line 581 print_userspecs(void)
|
Line 624 print_userspecs(void)
|
print_privilege(us->privileges.first); /* XXX */ |
print_privilege(us->privileges.first); /* XXX */ |
putchar('\n'); |
putchar('\n'); |
} |
} |
|
debug_return; |
} |
} |
|
|
static int |
static int |
Line 588 testsudoers_printf(int msg_type, const char *fmt, ...)
|
Line 632 testsudoers_printf(int msg_type, const char *fmt, ...)
|
{ |
{ |
va_list ap; |
va_list ap; |
FILE *fp; |
FILE *fp; |
|
debug_decl(testsudoers_printf, SUDO_DEBUG_UTIL) |
|
|
switch (msg_type) { |
switch (msg_type) { |
case SUDO_CONV_INFO_MSG: |
case SUDO_CONV_INFO_MSG: |
Line 598 testsudoers_printf(int msg_type, const char *fmt, ...)
|
Line 643 testsudoers_printf(int msg_type, const char *fmt, ...)
|
break; |
break; |
default: |
default: |
errno = EINVAL; |
errno = EINVAL; |
return -1; | debug_return_int(-1); |
} |
} |
|
|
va_start(ap, fmt); |
va_start(ap, fmt); |
vfprintf(fp, fmt, ap); |
vfprintf(fp, fmt, ap); |
va_end(ap); |
va_end(ap); |
|
|
return 0; | debug_return_int(0); |
} |
} |
|
|
void |
void |
dump_sudoers(void) |
dump_sudoers(void) |
{ |
{ |
|
debug_decl(dump_sudoers, SUDO_DEBUG_UTIL) |
|
|
print_defaults(); |
print_defaults(); |
|
|
putchar('\n'); |
putchar('\n'); |
Line 618 dump_sudoers(void)
|
Line 665 dump_sudoers(void)
|
|
|
putchar('\n'); |
putchar('\n'); |
print_userspecs(); |
print_userspecs(); |
|
|
|
debug_return; |
} |
} |
|
|
static int testsudoers_print(const char *msg) |
static int testsudoers_print(const char *msg) |