version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.6, 2014/06/15 16:12:54
|
Line 102 extern int (*trace_print)(const char *msg);
|
Line 102 extern int (*trace_print)(const char *msg);
|
struct sudo_user sudo_user; |
struct sudo_user sudo_user; |
struct passwd *list_pw; |
struct passwd *list_pw; |
static char *runas_group, *runas_user; |
static char *runas_group, *runas_user; |
extern int errorlineno; |
|
extern bool parse_error; |
|
extern char *errorfile; |
|
|
|
/* For getopt(3) */ |
|
extern char *optarg; |
|
extern int optind; |
|
|
|
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
extern char *malloc_options; |
extern char *malloc_options; |
#endif |
#endif |
Line 127 main(int argc, char *argv[])
|
Line 120 main(int argc, char *argv[])
|
struct userspec *us; |
struct userspec *us; |
char *p, *grfile, *pwfile; |
char *p, *grfile, *pwfile; |
char hbuf[HOST_NAME_MAX + 1]; |
char hbuf[HOST_NAME_MAX + 1]; |
|
const char *errstr; |
int match, host_match, runas_match, cmnd_match; |
int match, host_match, runas_match, cmnd_match; |
int ch, dflag, exitcode = 0; |
int ch, dflag, exitcode = 0; |
debug_decl(main, SUDO_DEBUG_MAIN) |
debug_decl(main, SUDO_DEBUG_MAIN) |
Line 138 main(int argc, char *argv[])
|
Line 132 main(int argc, char *argv[])
|
sudoersdebug = 1; |
sudoersdebug = 1; |
#endif |
#endif |
|
|
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) | initprogname(argc > 0 ? argv[0] : "testsudoers"); |
setprogname(argc > 0 ? argv[0] : "testsudoers"); | |
#endif | |
|
|
sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); | sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale); |
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ |
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ |
textdomain("sudoers"); |
textdomain("sudoers"); |
|
|
Line 160 main(int argc, char *argv[])
|
Line 152 main(int argc, char *argv[])
|
user_host = optarg; |
user_host = optarg; |
break; |
break; |
case 'G': |
case 'G': |
sudoers_gid = (gid_t)atoi(optarg); | sudoers_gid = (gid_t)atoid(optarg, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx("group ID %s: %s", optarg, errstr); |
break; |
break; |
case 'g': |
case 'g': |
runas_group = optarg; |
runas_group = optarg; |
Line 175 main(int argc, char *argv[])
|
Line 169 main(int argc, char *argv[])
|
trace_print = testsudoers_print; |
trace_print = testsudoers_print; |
break; |
break; |
case 'U': |
case 'U': |
sudoers_uid = (uid_t)atoi(optarg); | sudoers_uid = (uid_t)atoid(optarg, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx("user ID %s: %s", optarg, errstr); |
break; |
break; |
case 'u': |
case 'u': |
runas_user = optarg; |
runas_user = optarg; |
Line 212 main(int argc, char *argv[])
|
Line 208 main(int argc, char *argv[])
|
argc -= 2; |
argc -= 2; |
} |
} |
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) |
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) |
fatalx(_("unknown user: %s"), user_name); | fatalx(U_("unknown user: %s"), user_name); |
|
|
if (user_host == NULL) { |
if (user_host == NULL) { |
if (gethostname(hbuf, sizeof(hbuf)) != 0) |
if (gethostname(hbuf, sizeof(hbuf)) != 0) |
Line 227 main(int argc, char *argv[])
|
Line 223 main(int argc, char *argv[])
|
} else { |
} else { |
user_shost = user_host; |
user_shost = user_host; |
} |
} |
|
user_runhost = user_host; |
|
user_srunhost = user_shost; |
|
|
/* Fill in user_args from argv. */ |
/* Fill in user_args from argv. */ |
if (argc > 0) { |
if (argc > 0) { |
Line 240 main(int argc, char *argv[])
|
Line 238 main(int argc, char *argv[])
|
for (to = user_args, from = argv; *from; from++) { |
for (to = user_args, from = argv; *from; from++) { |
n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
fatalx(_("internal error, %s overflow"), "init_vars()"); | fatalx(U_("internal error, %s overflow"), "init_vars()"); |
to += n; |
to += n; |
*to++ = ' '; |
*to++ = ' '; |
} |
} |
Line 302 main(int argc, char *argv[])
|
Line 300 main(int argc, char *argv[])
|
/* This loop must match the one in sudo_file_lookup() */ |
/* This loop must match the one in sudo_file_lookup() */ |
printf("\nEntries for user %s:\n", user_name); |
printf("\nEntries for user %s:\n", user_name); |
match = UNSPEC; |
match = UNSPEC; |
tq_foreach_rev(&userspecs, us) { | TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
continue; |
continue; |
tq_foreach_rev(&us->privileges, priv) { | TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { |
putchar('\n'); |
putchar('\n'); |
print_privilege(priv); /* XXX */ | print_privilege(priv); |
putchar('\n'); |
putchar('\n'); |
host_match = hostlist_matches(&priv->hostlist); |
host_match = hostlist_matches(&priv->hostlist); |
if (host_match == ALLOW) { |
if (host_match == ALLOW) { |
puts("\thost matched"); |
puts("\thost matched"); |
tq_foreach_rev(&priv->cmndlist, cs) { | TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { |
runas_match = runaslist_matches(&cs->runasuserlist, | runas_match = runaslist_matches(cs->runasuserlist, |
&cs->runasgrouplist, NULL, NULL); | cs->runasgrouplist, NULL, NULL); |
if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
puts("\trunas matched"); |
puts("\trunas matched"); |
cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
Line 340 main(int argc, char *argv[])
|
Line 338 main(int argc, char *argv[])
|
*/ |
*/ |
exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); |
exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); |
done: |
done: |
|
sudo_endpwent(); |
|
sudo_endgrent(); |
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); |
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); |
exit(exitcode); |
exit(exitcode); |
} |
} |
Line 347 done:
|
Line 347 done:
|
static void |
static void |
set_runaspw(const char *user) |
set_runaspw(const char *user) |
{ |
{ |
debug_decl(main, SUDO_DEBUG_UTIL) | struct passwd *pw = NULL; |
| debug_decl(set_runaspw, SUDO_DEBUG_UTIL) |
|
|
if (runas_pw != NULL) |
|
sudo_pw_delref(runas_pw); |
|
if (*user == '#') { |
if (*user == '#') { |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) | const char *errstr; |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); | uid_t uid = atoid(user + 1, NULL, NULL, &errstr); |
} else { | if (errstr == NULL) { |
if ((runas_pw = sudo_getpwnam(user)) == NULL) | if ((pw = sudo_getpwuid(uid)) == NULL) |
fatalx(_("unknown user: %s"), user); | pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
| } |
} |
} |
| if (pw == NULL) { |
| if ((pw = sudo_getpwnam(user)) == NULL) |
| fatalx(U_("unknown user: %s"), user); |
| } |
| if (runas_pw != NULL) |
| sudo_pw_delref(runas_pw); |
| runas_pw = pw; |
debug_return; |
debug_return; |
} |
} |
|
|
static void |
static void |
set_runasgr(const char *group) |
set_runasgr(const char *group) |
{ |
{ |
debug_decl(main, SUDO_DEBUG_UTIL) | struct group *gr = NULL; |
| debug_decl(set_runasgr, SUDO_DEBUG_UTIL) |
|
|
if (runas_gr != NULL) |
|
sudo_gr_delref(runas_gr); |
|
if (*group == '#') { |
if (*group == '#') { |
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) | const char *errstr; |
runas_gr = sudo_fakegrnam(group); | gid_t gid = atoid(group + 1, NULL, NULL, &errstr); |
} else { | if (errstr == NULL) { |
if ((runas_gr = sudo_getgrnam(group)) == NULL) | if ((gr = sudo_getgrgid(gid)) == NULL) |
fatalx(_("unknown group: %s"), group); | gr = sudo_fakegrnam(group); |
| } |
} |
} |
| if (gr == NULL) { |
| if ((gr = sudo_getgrnam(group)) == NULL) |
| fatalx(U_("unknown group: %s"), group); |
| } |
| if (runas_gr != NULL) |
| sudo_gr_delref(runas_gr); |
| runas_gr = gr; |
debug_return; |
debug_return; |
} |
} |
|
|
Line 488 print_defaults(void)
|
Line 500 print_defaults(void)
|
{ |
{ |
struct defaults *d; |
struct defaults *d; |
struct member *m; |
struct member *m; |
debug_decl(print_member, SUDO_DEBUG_UTIL) | debug_decl(print_defaults, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&defaults, d) { | TAILQ_FOREACH(d, &defaults, entries) { |
(void) fputs("Defaults", stdout); |
(void) fputs("Defaults", stdout); |
switch (d->type) { |
switch (d->type) { |
case DEFAULTS_HOST: |
case DEFAULTS_HOST: |
Line 506 print_defaults(void)
|
Line 518 print_defaults(void)
|
putchar('!'); |
putchar('!'); |
break; |
break; |
} |
} |
tq_foreach_fwd(&d->binding, m) { | TAILQ_FOREACH(m, d->binding, entries) { |
if (m != tq_first(&d->binding)) | if (m != TAILQ_FIRST(d->binding)) |
putchar(','); |
putchar(','); |
print_member(m); |
print_member(m); |
} |
} |
Line 543 print_alias(void *v1, void *v2)
|
Line 555 print_alias(void *v1, void *v2)
|
(void) printf("Runas_Alias\t%s = ", a->name); |
(void) printf("Runas_Alias\t%s = ", a->name); |
break; |
break; |
} |
} |
tq_foreach_fwd(&a->members, m) { | TAILQ_FOREACH(m, &a->members, entries) { |
if (m != tq_first(&a->members)) | if (m != TAILQ_FIRST(&a->members)) |
fputs(", ", stdout); |
fputs(", ", stdout); |
if (m->type == COMMAND) { |
if (m->type == COMMAND) { |
c = (struct sudo_command *) m->name; |
c = (struct sudo_command *) m->name; |
Line 565 print_privilege(struct privilege *priv)
|
Line 577 print_privilege(struct privilege *priv)
|
{ |
{ |
struct cmndspec *cs; |
struct cmndspec *cs; |
struct member *m; |
struct member *m; |
struct privilege *p; |
|
struct cmndtag tags; |
struct cmndtag tags; |
debug_decl(print_privilege, SUDO_DEBUG_UTIL) |
debug_decl(print_privilege, SUDO_DEBUG_UTIL) |
|
|
for (p = priv; p != NULL; p = p->next) { | TAILQ_FOREACH(m, &priv->hostlist, entries) { |
if (p != priv) | if (m != TAILQ_FIRST(&priv->hostlist)) |
fputs(" : ", stdout); | fputs(", ", stdout); |
tq_foreach_fwd(&p->hostlist, m) { | print_member(m); |
if (m != tq_first(&p->hostlist)) | } |
fputs(", ", stdout); | fputs(" = ", stdout); |
print_member(m); | tags.nopasswd = UNSPEC; |
} | tags.noexec = UNSPEC; |
fputs(" = ", stdout); | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
tags.nopasswd = UNSPEC; | if (cs != TAILQ_FIRST(&priv->cmndlist)) |
tags.noexec = UNSPEC; | fputs(", ", stdout); |
tq_foreach_fwd(&p->cmndlist, cs) { | if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) { |
if (cs != tq_first(&p->cmndlist)) | fputs("(", stdout); |
fputs(", ", stdout); | if (cs->runasuserlist != NULL) { |
if (!tq_empty(&cs->runasuserlist) || !tq_empty(&cs->runasgrouplist)) { | TAILQ_FOREACH(m, cs->runasuserlist, entries) { |
fputs("(", stdout); | if (m != TAILQ_FIRST(cs->runasuserlist)) |
if (!tq_empty(&cs->runasuserlist)) { | fputs(", ", stdout); |
tq_foreach_fwd(&cs->runasuserlist, m) { | print_member(m); |
if (m != tq_first(&cs->runasuserlist)) | } |
fputs(", ", stdout); | } else if (cs->runasgrouplist == NULL) { |
print_member(m); | fputs(def_runas_default, stdout); |
} | } else { |
} else if (tq_empty(&cs->runasgrouplist)) { | fputs(sudo_user.pw->pw_name, stdout); |
fputs(def_runas_default, stdout); | } |
} else { | if (cs->runasgrouplist != NULL) { |
fputs(sudo_user.pw->pw_name, stdout); | fputs(" : ", stdout); |
| TAILQ_FOREACH(m, cs->runasgrouplist, entries) { |
| if (m != TAILQ_FIRST(cs->runasgrouplist)) |
| fputs(", ", stdout); |
| print_member(m); |
} |
} |
if (!tq_empty(&cs->runasgrouplist)) { |
|
fputs(" : ", stdout); |
|
tq_foreach_fwd(&cs->runasgrouplist, m) { |
|
if (m != tq_first(&cs->runasgrouplist)) |
|
fputs(", ", stdout); |
|
print_member(m); |
|
} |
|
} |
|
fputs(") ", stdout); |
|
} |
} |
|
fputs(") ", stdout); |
|
} |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
if (cs->role) | if (cs->role) |
printf("ROLE=%s ", cs->role); | printf("ROLE=%s ", cs->role); |
if (cs->type) | if (cs->type) |
printf("TYPE=%s ", cs->type); | printf("TYPE=%s ", cs->type); |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
#ifdef HAVE_PRIV_SET |
#ifdef HAVE_PRIV_SET |
if (cs->privs) | if (cs->privs) |
printf("PRIVS=%s ", cs->privs); | printf("PRIVS=%s ", cs->privs); |
if (cs->limitprivs) | if (cs->limitprivs) |
printf("LIMITPRIVS=%s ", cs->limitprivs); | printf("LIMITPRIVS=%s ", cs->limitprivs); |
#endif /* HAVE_PRIV_SET */ |
#endif /* HAVE_PRIV_SET */ |
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) | if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); | printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) | if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); | printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); |
print_member(cs->cmnd); | print_member(cs->cmnd); |
memcpy(&tags, &cs->tags, sizeof(tags)); | memcpy(&tags, &cs->tags, sizeof(tags)); |
} | |
} |
} |
debug_return; |
debug_return; |
} |
} |
Line 634 print_userspecs(void)
|
Line 641 print_userspecs(void)
|
{ |
{ |
struct member *m; |
struct member *m; |
struct userspec *us; |
struct userspec *us; |
|
struct privilege *priv; |
debug_decl(print_userspecs, SUDO_DEBUG_UTIL) |
debug_decl(print_userspecs, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&userspecs, us) { | TAILQ_FOREACH(us, &userspecs, entries) { |
tq_foreach_fwd(&us->users, m) { | TAILQ_FOREACH(m, &us->users, entries) { |
if (m != tq_first(&us->users)) | if (m != TAILQ_FIRST(&us->users)) |
fputs(", ", stdout); |
fputs(", ", stdout); |
print_member(m); |
print_member(m); |
} |
} |
putchar('\t'); |
putchar('\t'); |
print_privilege(us->privileges.first); /* XXX */ | TAILQ_FOREACH(priv, &us->privileges, entries) { |
| if (priv != TAILQ_FIRST(&us->privileges)) |
| fputs(" : ", stdout); |
| print_privilege(priv); |
| } |
putchar('\n'); |
putchar('\n'); |
} |
} |
debug_return; |
debug_return; |
Line 673 static int testsudoers_print(const char *msg)
|
Line 685 static int testsudoers_print(const char *msg)
|
void |
void |
usage(void) |
usage(void) |
{ |
{ |
(void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-p grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); | (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); |
exit(1); |
exit(1); |
} |
} |