|
version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2012/10/09 09:29:52
|
|
Line 69
|
Line 69
|
| #include "interfaces.h" |
#include "interfaces.h" |
| #include "parse.h" |
#include "parse.h" |
| #include "sudo_conf.h" |
#include "sudo_conf.h" |
| |
#include "secure_path.h" |
| #include <gram.h> |
#include <gram.h> |
| |
|
| /* |
/* |
|
Line 160 main(int argc, char *argv[])
|
Line 161 main(int argc, char *argv[])
|
| |
|
| dflag = 0; |
dflag = 0; |
| grfile = pwfile = NULL; |
grfile = pwfile = NULL; |
| while ((ch = getopt(argc, argv, "dg:G:h:p:tu:")) != -1) { | while ((ch = getopt(argc, argv, "dg:G:h:P:p:tu:U:")) != -1) { |
| switch (ch) { |
switch (ch) { |
| case 'd': |
case 'd': |
| dflag = 1; |
dflag = 1; |
|
Line 169 main(int argc, char *argv[])
|
Line 170 main(int argc, char *argv[])
|
| user_host = optarg; |
user_host = optarg; |
| break; |
break; |
| case 'G': |
case 'G': |
| grfile = optarg; | sudoers_gid = (gid_t)atoi(optarg); |
| break; |
break; |
| case 'g': |
case 'g': |
| runas_group = optarg; |
runas_group = optarg; |
|
Line 177 main(int argc, char *argv[])
|
Line 178 main(int argc, char *argv[])
|
| case 'p': |
case 'p': |
| pwfile = optarg; |
pwfile = optarg; |
| break; |
break; |
| |
case 'P': |
| |
grfile = optarg; |
| |
break; |
| case 't': |
case 't': |
| trace_print = testsudoers_print; |
trace_print = testsudoers_print; |
| break; |
break; |
| |
case 'U': |
| |
sudoers_uid = (uid_t)atoi(optarg); |
| |
break; |
| case 'u': |
case 'u': |
| runas_user = optarg; |
runas_user = optarg; |
| break; |
break; |
|
Line 243 main(int argc, char *argv[])
|
Line 250 main(int argc, char *argv[])
|
| for (to = user_args, from = argv; *from; from++) { |
for (to = user_args, from = argv; *from; from++) { |
| n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
| if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
| errorx(1, _("internal error, init_vars() overflow")); | errorx(1, _("internal error, %s overflow"), "init_vars()"); |
| to += n; |
to += n; |
| *to++ = ' '; |
*to++ = ' '; |
| } |
} |
|
Line 261 main(int argc, char *argv[])
|
Line 268 main(int argc, char *argv[])
|
| set_interfaces(p); |
set_interfaces(p); |
| |
|
| /* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
| init_parser("sudoers", 0); | init_parser("sudoers", false); |
| |
|
| if (yyparse() != 0 || parse_error) { |
if (yyparse() != 0 || parse_error) { |
| parse_error = true; |
parse_error = true; |
|
Line 317 main(int argc, char *argv[])
|
Line 324 main(int argc, char *argv[])
|
| puts("\thost matched"); |
puts("\thost matched"); |
| tq_foreach_rev(&priv->cmndlist, cs) { |
tq_foreach_rev(&priv->cmndlist, cs) { |
| runas_match = runaslist_matches(&cs->runasuserlist, |
runas_match = runaslist_matches(&cs->runasuserlist, |
| &cs->runasgrouplist); | &cs->runasgrouplist, NULL, NULL); |
| if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
| puts("\trunas matched"); |
puts("\trunas matched"); |
| cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
|
Line 353 set_runaspw(const char *user)
|
Line 360 set_runaspw(const char *user)
|
| debug_decl(main, SUDO_DEBUG_UTIL) |
debug_decl(main, SUDO_DEBUG_UTIL) |
| |
|
| if (runas_pw != NULL) |
if (runas_pw != NULL) |
| pw_delref(runas_pw); | sudo_pw_delref(runas_pw); |
| if (*user == '#') { |
if (*user == '#') { |
| if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) |
| runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
|
Line 371 set_runasgr(const char *group)
|
Line 378 set_runasgr(const char *group)
|
| debug_decl(main, SUDO_DEBUG_UTIL) |
debug_decl(main, SUDO_DEBUG_UTIL) |
| |
|
| if (runas_gr != NULL) |
if (runas_gr != NULL) |
| gr_delref(runas_gr); | sudo_gr_delref(runas_gr); |
| if (*group == '#') { |
if (*group == '#') { |
| if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) |
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) |
| runas_gr = sudo_fakegrnam(group); |
runas_gr = sudo_fakegrnam(group); |
|
Line 414 set_fqdn(void)
|
Line 421 set_fqdn(void)
|
| } |
} |
| |
|
| FILE * |
FILE * |
| open_sudoers(const char *path, bool doedit, bool *keepopen) | open_sudoers(const char *sudoers, bool doedit, bool *keepopen) |
| { |
{ |
| |
struct stat sb; |
| |
FILE *fp = NULL; |
| |
char *sudoers_base; |
| debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
| |
|
| debug_return_ptr(fopen(path, "r")); | sudoers_base = strrchr(sudoers, '/'); |
| | if (sudoers_base != NULL) |
| | sudoers_base++; |
| | |
| | switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { |
| | case SUDO_PATH_SECURE: |
| | fp = fopen(sudoers, "r"); |
| | break; |
| | case SUDO_PATH_MISSING: |
| | warning("unable to stat %s", sudoers_base); |
| | break; |
| | case SUDO_PATH_BAD_TYPE: |
| | warningx("%s is not a regular file", sudoers_base); |
| | break; |
| | case SUDO_PATH_WRONG_OWNER: |
| | warningx("%s should be owned by uid %u", |
| | sudoers_base, (unsigned int) sudoers_uid); |
| | break; |
| | case SUDO_PATH_WORLD_WRITABLE: |
| | warningx("%s is world writable", sudoers_base); |
| | break; |
| | case SUDO_PATH_GROUP_WRITABLE: |
| | warningx("%s should be owned by gid %u", |
| | sudoers_base, (unsigned int) sudoers_gid); |
| | break; |
| | default: |
| | /* NOTREACHED */ |
| | break; |
| | } |
| | |
| | debug_return_ptr(fp); |
| } |
} |
| |
|
| void |
void |
|
Line 596 print_privilege(struct privilege *priv)
|
Line 636 print_privilege(struct privilege *priv)
|
| if (cs->type) |
if (cs->type) |
| printf("TYPE=%s ", cs->type); |
printf("TYPE=%s ", cs->type); |
| #endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
| |
#ifdef HAVE_PRIV_SET |
| |
if (cs->privs) |
| |
printf("PRIVS=%s ", cs->privs); |
| |
if (cs->limitprivs) |
| |
printf("LIMITPRIVS=%s ", cs->limitprivs); |
| |
#endif /* HAVE_PRIV_SET */ |
| if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
| printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
| if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
|
Line 677 static int testsudoers_print(const char *msg)
|
Line 723 static int testsudoers_print(const char *msg)
|
| void |
void |
| usage(void) |
usage(void) |
| { |
{ |
| (void) fprintf(stderr, "usage: %s [-dt] [-G grfile] [-g group] [-h host] [-p pwfile] [-u user] <user> <command> [args]\n", getprogname()); | (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); |
| exit(1); |
exit(1); |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to testsudoers.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers