version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 69
|
Line 69
|
#include "interfaces.h" |
#include "interfaces.h" |
#include "parse.h" |
#include "parse.h" |
#include "sudo_conf.h" |
#include "sudo_conf.h" |
|
#include "secure_path.h" |
#include <gram.h> |
#include <gram.h> |
|
|
/* |
/* |
Line 160 main(int argc, char *argv[])
|
Line 161 main(int argc, char *argv[])
|
|
|
dflag = 0; |
dflag = 0; |
grfile = pwfile = NULL; |
grfile = pwfile = NULL; |
while ((ch = getopt(argc, argv, "dg:G:h:p:tu:")) != -1) { | while ((ch = getopt(argc, argv, "dg:G:h:P:p:tu:U:")) != -1) { |
switch (ch) { |
switch (ch) { |
case 'd': |
case 'd': |
dflag = 1; |
dflag = 1; |
Line 169 main(int argc, char *argv[])
|
Line 170 main(int argc, char *argv[])
|
user_host = optarg; |
user_host = optarg; |
break; |
break; |
case 'G': |
case 'G': |
grfile = optarg; | sudoers_gid = (gid_t)atoi(optarg); |
break; |
break; |
case 'g': |
case 'g': |
runas_group = optarg; |
runas_group = optarg; |
Line 177 main(int argc, char *argv[])
|
Line 178 main(int argc, char *argv[])
|
case 'p': |
case 'p': |
pwfile = optarg; |
pwfile = optarg; |
break; |
break; |
|
case 'P': |
|
grfile = optarg; |
|
break; |
case 't': |
case 't': |
trace_print = testsudoers_print; |
trace_print = testsudoers_print; |
break; |
break; |
|
case 'U': |
|
sudoers_uid = (uid_t)atoi(optarg); |
|
break; |
case 'u': |
case 'u': |
runas_user = optarg; |
runas_user = optarg; |
break; |
break; |
Line 243 main(int argc, char *argv[])
|
Line 250 main(int argc, char *argv[])
|
for (to = user_args, from = argv; *from; from++) { |
for (to = user_args, from = argv; *from; from++) { |
n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
errorx(1, _("internal error, init_vars() overflow")); | errorx(1, _("internal error, %s overflow"), "init_vars()"); |
to += n; |
to += n; |
*to++ = ' '; |
*to++ = ' '; |
} |
} |
Line 261 main(int argc, char *argv[])
|
Line 268 main(int argc, char *argv[])
|
set_interfaces(p); |
set_interfaces(p); |
|
|
/* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
init_parser("sudoers", 0); | init_parser("sudoers", false); |
|
|
if (yyparse() != 0 || parse_error) { |
if (yyparse() != 0 || parse_error) { |
parse_error = true; |
parse_error = true; |
Line 317 main(int argc, char *argv[])
|
Line 324 main(int argc, char *argv[])
|
puts("\thost matched"); |
puts("\thost matched"); |
tq_foreach_rev(&priv->cmndlist, cs) { |
tq_foreach_rev(&priv->cmndlist, cs) { |
runas_match = runaslist_matches(&cs->runasuserlist, |
runas_match = runaslist_matches(&cs->runasuserlist, |
&cs->runasgrouplist); | &cs->runasgrouplist, NULL, NULL); |
if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
puts("\trunas matched"); |
puts("\trunas matched"); |
cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
Line 353 set_runaspw(const char *user)
|
Line 360 set_runaspw(const char *user)
|
debug_decl(main, SUDO_DEBUG_UTIL) |
debug_decl(main, SUDO_DEBUG_UTIL) |
|
|
if (runas_pw != NULL) |
if (runas_pw != NULL) |
pw_delref(runas_pw); | sudo_pw_delref(runas_pw); |
if (*user == '#') { |
if (*user == '#') { |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
Line 371 set_runasgr(const char *group)
|
Line 378 set_runasgr(const char *group)
|
debug_decl(main, SUDO_DEBUG_UTIL) |
debug_decl(main, SUDO_DEBUG_UTIL) |
|
|
if (runas_gr != NULL) |
if (runas_gr != NULL) |
gr_delref(runas_gr); | sudo_gr_delref(runas_gr); |
if (*group == '#') { |
if (*group == '#') { |
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) |
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) |
runas_gr = sudo_fakegrnam(group); |
runas_gr = sudo_fakegrnam(group); |
Line 414 set_fqdn(void)
|
Line 421 set_fqdn(void)
|
} |
} |
|
|
FILE * |
FILE * |
open_sudoers(const char *path, bool doedit, bool *keepopen) | open_sudoers(const char *sudoers, bool doedit, bool *keepopen) |
{ |
{ |
|
struct stat sb; |
|
FILE *fp = NULL; |
|
char *sudoers_base; |
debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
|
|
debug_return_ptr(fopen(path, "r")); | sudoers_base = strrchr(sudoers, '/'); |
| if (sudoers_base != NULL) |
| sudoers_base++; |
| |
| switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { |
| case SUDO_PATH_SECURE: |
| fp = fopen(sudoers, "r"); |
| break; |
| case SUDO_PATH_MISSING: |
| warning("unable to stat %s", sudoers_base); |
| break; |
| case SUDO_PATH_BAD_TYPE: |
| warningx("%s is not a regular file", sudoers_base); |
| break; |
| case SUDO_PATH_WRONG_OWNER: |
| warningx("%s should be owned by uid %u", |
| sudoers_base, (unsigned int) sudoers_uid); |
| break; |
| case SUDO_PATH_WORLD_WRITABLE: |
| warningx("%s is world writable", sudoers_base); |
| break; |
| case SUDO_PATH_GROUP_WRITABLE: |
| warningx("%s should be owned by gid %u", |
| sudoers_base, (unsigned int) sudoers_gid); |
| break; |
| default: |
| /* NOTREACHED */ |
| break; |
| } |
| |
| debug_return_ptr(fp); |
} |
} |
|
|
void |
void |
Line 596 print_privilege(struct privilege *priv)
|
Line 636 print_privilege(struct privilege *priv)
|
if (cs->type) |
if (cs->type) |
printf("TYPE=%s ", cs->type); |
printf("TYPE=%s ", cs->type); |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
|
#ifdef HAVE_PRIV_SET |
|
if (cs->privs) |
|
printf("PRIVS=%s ", cs->privs); |
|
if (cs->limitprivs) |
|
printf("LIMITPRIVS=%s ", cs->limitprivs); |
|
#endif /* HAVE_PRIV_SET */ |
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
Line 677 static int testsudoers_print(const char *msg)
|
Line 723 static int testsudoers_print(const char *msg)
|
void |
void |
usage(void) |
usage(void) |
{ |
{ |
(void) fprintf(stderr, "usage: %s [-dt] [-G grfile] [-g group] [-h host] [-p pwfile] [-u user] <user> <command> [args]\n", getprogname()); | (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); |
exit(1); |
exit(1); |
} |
} |