version 1.1, 2012/02/21 16:23:02
|
version 1.1.1.6, 2014/06/15 16:12:54
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1996, 1998-2005, 2007-2011 | * Copyright (c) 1996, 1998-2005, 2007-2013 |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 25
|
Line 25
|
|
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/param.h> |
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/stat.h> |
#include <sys/stat.h> |
#include <sys/socket.h> |
#include <sys/socket.h> |
Line 49
|
Line 48
|
#endif /* HAVE_UNISTD_H */ |
#endif /* HAVE_UNISTD_H */ |
#ifdef HAVE_FNMATCH |
#ifdef HAVE_FNMATCH |
# include <fnmatch.h> |
# include <fnmatch.h> |
|
#else |
|
# include "compat/fnmatch.h" |
#endif /* HAVE_FNMATCH */ |
#endif /* HAVE_FNMATCH */ |
#ifdef HAVE_NETGROUP_H |
#ifdef HAVE_NETGROUP_H |
# include <netgroup.h> |
# include <netgroup.h> |
Line 57
|
Line 58
|
#include <errno.h> |
#include <errno.h> |
#include <netinet/in.h> |
#include <netinet/in.h> |
#include <arpa/inet.h> |
#include <arpa/inet.h> |
#include <netdb.h> |
|
|
|
#include "tsgetgrpw.h" |
#include "tsgetgrpw.h" |
#include "sudoers.h" |
#include "sudoers.h" |
#include "interfaces.h" |
#include "interfaces.h" |
#include "parse.h" |
#include "parse.h" |
|
#include "sudo_conf.h" |
|
#include "secure_path.h" |
#include <gram.h> |
#include <gram.h> |
|
|
#ifndef HAVE_FNMATCH |
|
# include "compat/fnmatch.h" |
|
#endif /* HAVE_FNMATCH */ |
|
|
|
/* |
/* |
* Function Prototypes |
* Function Prototypes |
*/ |
*/ |
Line 78 void print_defaults(void);
|
Line 76 void print_defaults(void);
|
void print_privilege(struct privilege *); |
void print_privilege(struct privilege *); |
void print_userspecs(void); |
void print_userspecs(void); |
void usage(void) __attribute__((__noreturn__)); |
void usage(void) __attribute__((__noreturn__)); |
void cleanup(int); |
|
static void set_runaspw(const char *); |
static void set_runaspw(const char *); |
static void set_runasgr(const char *); |
static void set_runasgr(const char *); |
static int cb_runas_default(const char *); |
static int cb_runas_default(const char *); |
static int testsudoers_printf(int msg_type, const char *fmt, ...); |
|
static int testsudoers_print(const char *msg); |
static int testsudoers_print(const char *msg); |
|
|
extern void setgrfile(const char *); |
extern void setgrfile(const char *); |
Line 103 extern int (*trace_print)(const char *msg);
|
Line 99 extern int (*trace_print)(const char *msg);
|
/* |
/* |
* Globals |
* Globals |
*/ |
*/ |
struct interface *interfaces; |
|
struct sudo_user sudo_user; |
struct sudo_user sudo_user; |
struct passwd *list_pw; |
struct passwd *list_pw; |
static char *runas_group, *runas_user; |
static char *runas_group, *runas_user; |
extern int parse_error; |
|
sudo_printf_t sudo_printf = testsudoers_printf; |
|
|
|
/* For getopt(3) */ |
|
extern char *optarg; |
|
extern int optind; |
|
|
|
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
extern char *malloc_options; |
extern char *malloc_options; |
#endif |
#endif |
#ifdef YYDEBUG |
#ifdef YYDEBUG |
extern int yydebug; | extern int sudoersdebug; |
#endif |
#endif |
|
|
|
__dso_public int main(int argc, char *argv[]); |
|
|
int |
int |
main(int argc, char *argv[]) |
main(int argc, char *argv[]) |
{ |
{ |
Line 128 main(int argc, char *argv[])
|
Line 119 main(int argc, char *argv[])
|
struct privilege *priv; |
struct privilege *priv; |
struct userspec *us; |
struct userspec *us; |
char *p, *grfile, *pwfile; |
char *p, *grfile, *pwfile; |
char hbuf[MAXHOSTNAMELEN + 1]; | char hbuf[HOST_NAME_MAX + 1]; |
| const char *errstr; |
int match, host_match, runas_match, cmnd_match; |
int match, host_match, runas_match, cmnd_match; |
int ch, dflag; | int ch, dflag, exitcode = 0; |
| debug_decl(main, SUDO_DEBUG_MAIN) |
|
|
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
malloc_options = "AFGJPR"; |
malloc_options = "AFGJPR"; |
#endif |
#endif |
#ifdef YYDEBUG |
#ifdef YYDEBUG |
yydebug = 1; | sudoersdebug = 1; |
#endif |
#endif |
|
|
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) | initprogname(argc > 0 ? argv[0] : "testsudoers"); |
setprogname(argc > 0 ? argv[0] : "testsudoers"); | |
#endif | |
|
|
|
sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale); |
|
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ |
|
textdomain("sudoers"); |
|
|
|
/* Read sudo.conf. */ |
|
sudo_conf_read(NULL); |
|
|
dflag = 0; |
dflag = 0; |
grfile = pwfile = NULL; |
grfile = pwfile = NULL; |
while ((ch = getopt(argc, argv, "dg:G:h:p:tu:")) != -1) { | while ((ch = getopt(argc, argv, "dg:G:h:P:p:tu:U:")) != -1) { |
switch (ch) { |
switch (ch) { |
case 'd': |
case 'd': |
dflag = 1; |
dflag = 1; |
Line 154 main(int argc, char *argv[])
|
Line 152 main(int argc, char *argv[])
|
user_host = optarg; |
user_host = optarg; |
break; |
break; |
case 'G': |
case 'G': |
grfile = optarg; | sudoers_gid = (gid_t)atoid(optarg, NULL, NULL, &errstr); |
| if (errstr != NULL) |
| fatalx("group ID %s: %s", optarg, errstr); |
break; |
break; |
case 'g': |
case 'g': |
runas_group = optarg; |
runas_group = optarg; |
Line 162 main(int argc, char *argv[])
|
Line 162 main(int argc, char *argv[])
|
case 'p': |
case 'p': |
pwfile = optarg; |
pwfile = optarg; |
break; |
break; |
|
case 'P': |
|
grfile = optarg; |
|
break; |
case 't': |
case 't': |
trace_print = testsudoers_print; |
trace_print = testsudoers_print; |
break; |
break; |
|
case 'U': |
|
sudoers_uid = (uid_t)atoid(optarg, NULL, NULL, &errstr); |
|
if (errstr != NULL) |
|
fatalx("user ID %s: %s", optarg, errstr); |
|
break; |
case 'u': |
case 'u': |
runas_user = optarg; |
runas_user = optarg; |
break; |
break; |
Line 187 main(int argc, char *argv[])
|
Line 195 main(int argc, char *argv[])
|
if (argc < 2) { |
if (argc < 2) { |
if (!dflag) |
if (!dflag) |
usage(); |
usage(); |
user_name = "root"; | user_name = argc ? *argv++ : "root"; |
user_cmnd = user_base = "true"; |
user_cmnd = user_base = "true"; |
|
argc = 0; |
} else { |
} else { |
user_name = *argv; | user_name = *argv++; |
user_cmnd = *++argv; | user_cmnd = *argv++; |
if ((p = strrchr(user_cmnd, '/')) != NULL) |
if ((p = strrchr(user_cmnd, '/')) != NULL) |
user_base = p + 1; |
user_base = p + 1; |
else |
else |
Line 199 main(int argc, char *argv[])
|
Line 208 main(int argc, char *argv[])
|
argc -= 2; |
argc -= 2; |
} |
} |
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) |
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) |
errorx(1, _("unknown user: %s"), user_name); | fatalx(U_("unknown user: %s"), user_name); |
|
|
if (user_host == NULL) { |
if (user_host == NULL) { |
if (gethostname(hbuf, sizeof(hbuf)) != 0) |
if (gethostname(hbuf, sizeof(hbuf)) != 0) |
error(1, "gethostname"); | fatal("gethostname"); |
hbuf[sizeof(hbuf) - 1] = '\0'; |
hbuf[sizeof(hbuf) - 1] = '\0'; |
user_host = hbuf; |
user_host = hbuf; |
} |
} |
Line 214 main(int argc, char *argv[])
|
Line 223 main(int argc, char *argv[])
|
} else { |
} else { |
user_shost = user_host; |
user_shost = user_host; |
} |
} |
|
user_runhost = user_host; |
|
user_srunhost = user_shost; |
|
|
/* Fill in user_args from argv. */ |
/* Fill in user_args from argv. */ |
if (argc > 0) { |
if (argc > 0) { |
char *to, **from; |
char *to, **from; |
size_t size, n; |
size_t size, n; |
|
|
for (size = 0, from = argv + 1; *from; from++) | for (size = 0, from = argv; *from; from++) |
size += strlen(*from) + 1; |
size += strlen(*from) + 1; |
|
|
user_args = (char *) emalloc(size); |
user_args = (char *) emalloc(size); |
for (to = user_args, from = argv + 1; *from; from++) { | for (to = user_args, from = argv; *from; from++) { |
n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
errorx(1, _("internal error, init_vars() overflow")); | fatalx(U_("internal error, %s overflow"), "init_vars()"); |
to += n; |
to += n; |
*to++ = ' '; |
*to++ = ' '; |
} |
} |
Line 245 main(int argc, char *argv[])
|
Line 256 main(int argc, char *argv[])
|
set_interfaces(p); |
set_interfaces(p); |
|
|
/* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
init_parser("sudoers", 0); | init_parser("sudoers", false); |
|
|
if (yyparse() != 0 || parse_error) { | if (sudoersparse() != 0 || parse_error) { |
parse_error = TRUE; | parse_error = true; |
(void) fputs("Does not parse", stdout); | if (errorlineno != -1) |
| (void) printf("Parse error in %s near line %d", |
| errorfile, errorlineno); |
| else |
| (void) printf("Parse error in %s", errorfile); |
} else { |
} else { |
(void) fputs("Parses OK", stdout); |
(void) fputs("Parses OK", stdout); |
} |
} |
Line 258 main(int argc, char *argv[])
|
Line 273 main(int argc, char *argv[])
|
(void) fputs(" (problem with defaults entries)", stdout); |
(void) fputs(" (problem with defaults entries)", stdout); |
puts("."); |
puts("."); |
|
|
if (def_group_plugin && group_plugin_load(def_group_plugin) != TRUE) | if (def_group_plugin && group_plugin_load(def_group_plugin) != true) |
def_group_plugin = NULL; |
def_group_plugin = NULL; |
|
|
/* |
/* |
Line 276 main(int argc, char *argv[])
|
Line 291 main(int argc, char *argv[])
|
if (dflag) { |
if (dflag) { |
(void) putchar('\n'); |
(void) putchar('\n'); |
dump_sudoers(); |
dump_sudoers(); |
if (argc < 2) | if (argc < 2) { |
exit(parse_error ? 1 : 0); | exitcode = parse_error ? 1 : 0; |
| goto done; |
| } |
} |
} |
|
|
/* This loop must match the one in sudo_file_lookup() */ |
/* This loop must match the one in sudo_file_lookup() */ |
printf("\nEntries for user %s:\n", user_name); |
printf("\nEntries for user %s:\n", user_name); |
match = UNSPEC; |
match = UNSPEC; |
tq_foreach_rev(&userspecs, us) { | TAILQ_FOREACH_REVERSE(us, &userspecs, userspec_list, entries) { |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) |
continue; |
continue; |
tq_foreach_rev(&us->privileges, priv) { | TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { |
putchar('\n'); |
putchar('\n'); |
print_privilege(priv); /* XXX */ | print_privilege(priv); |
putchar('\n'); |
putchar('\n'); |
host_match = hostlist_matches(&priv->hostlist); |
host_match = hostlist_matches(&priv->hostlist); |
if (host_match == ALLOW) { |
if (host_match == ALLOW) { |
puts("\thost matched"); |
puts("\thost matched"); |
tq_foreach_rev(&priv->cmndlist, cs) { | TAILQ_FOREACH_REVERSE(cs, &priv->cmndlist, cmndspec_list, entries) { |
runas_match = runaslist_matches(&cs->runasuserlist, | runas_match = runaslist_matches(cs->runasuserlist, |
&cs->runasgrouplist); | cs->runasgrouplist, NULL, NULL); |
if (runas_match == ALLOW) { |
if (runas_match == ALLOW) { |
puts("\trunas matched"); |
puts("\trunas matched"); |
cmnd_match = cmnd_matches(cs->cmnd); |
cmnd_match = cmnd_matches(cs->cmnd); |
Line 319 main(int argc, char *argv[])
|
Line 336 main(int argc, char *argv[])
|
* 2 - command not matched |
* 2 - command not matched |
* 3 - command denied |
* 3 - command denied |
*/ |
*/ |
if (parse_error) | exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); |
exit(1); | done: |
exit(match == ALLOW ? 0 : match + 3); | sudo_endpwent(); |
| sudo_endgrent(); |
| sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); |
| exit(exitcode); |
} |
} |
|
|
static void |
static void |
set_runaspw(const char *user) |
set_runaspw(const char *user) |
{ |
{ |
if (runas_pw != NULL) | struct passwd *pw = NULL; |
pw_delref(runas_pw); | debug_decl(set_runaspw, SUDO_DEBUG_UTIL) |
| |
if (*user == '#') { |
if (*user == '#') { |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) | const char *errstr; |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); | uid_t uid = atoid(user + 1, NULL, NULL, &errstr); |
} else { | if (errstr == NULL) { |
if ((runas_pw = sudo_getpwnam(user)) == NULL) | if ((pw = sudo_getpwuid(uid)) == NULL) |
errorx(1, _("unknown user: %s"), user); | pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
| } |
} |
} |
|
if (pw == NULL) { |
|
if ((pw = sudo_getpwnam(user)) == NULL) |
|
fatalx(U_("unknown user: %s"), user); |
|
} |
|
if (runas_pw != NULL) |
|
sudo_pw_delref(runas_pw); |
|
runas_pw = pw; |
|
debug_return; |
} |
} |
|
|
static void |
static void |
set_runasgr(const char *group) |
set_runasgr(const char *group) |
{ |
{ |
if (runas_gr != NULL) | struct group *gr = NULL; |
gr_delref(runas_gr); | debug_decl(set_runasgr, SUDO_DEBUG_UTIL) |
| |
if (*group == '#') { |
if (*group == '#') { |
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) | const char *errstr; |
runas_gr = sudo_fakegrnam(group); | gid_t gid = atoid(group + 1, NULL, NULL, &errstr); |
} else { | if (errstr == NULL) { |
if ((runas_gr = sudo_getgrnam(group)) == NULL) | if ((gr = sudo_getgrgid(gid)) == NULL) |
errorx(1, _("unknown group: %s"), group); | gr = sudo_fakegrnam(group); |
| } |
} |
} |
|
if (gr == NULL) { |
|
if ((gr = sudo_getgrnam(group)) == NULL) |
|
fatalx(U_("unknown group: %s"), group); |
|
} |
|
if (runas_gr != NULL) |
|
sudo_gr_delref(runas_gr); |
|
runas_gr = gr; |
|
debug_return; |
} |
} |
|
|
/* |
/* |
Line 361 cb_runas_default(const char *user)
|
Line 401 cb_runas_default(const char *user)
|
/* Only reset runaspw if user didn't specify one. */ |
/* Only reset runaspw if user didn't specify one. */ |
if (!runas_user && !runas_group) |
if (!runas_user && !runas_group) |
set_runaspw(user); |
set_runaspw(user); |
return TRUE; | return true; |
} |
} |
|
|
void |
void |
Line 376 sudo_endspent(void)
|
Line 416 sudo_endspent(void)
|
return; |
return; |
} |
} |
|
|
void |
|
set_fqdn(void) |
|
{ |
|
return; |
|
} |
|
|
|
FILE * |
FILE * |
open_sudoers(const char *path, int isdir, int *keepopen) | open_sudoers(const char *sudoers, bool doedit, bool *keepopen) |
{ |
{ |
return fopen(path, "r"); | struct stat sb; |
| FILE *fp = NULL; |
| char *sudoers_base; |
| debug_decl(open_sudoers, SUDO_DEBUG_UTIL) |
| |
| sudoers_base = strrchr(sudoers, '/'); |
| if (sudoers_base != NULL) |
| sudoers_base++; |
| |
| switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { |
| case SUDO_PATH_SECURE: |
| fp = fopen(sudoers, "r"); |
| break; |
| case SUDO_PATH_MISSING: |
| warning("unable to stat %s", sudoers_base); |
| break; |
| case SUDO_PATH_BAD_TYPE: |
| warningx("%s is not a regular file", sudoers_base); |
| break; |
| case SUDO_PATH_WRONG_OWNER: |
| warningx("%s should be owned by uid %u", |
| sudoers_base, (unsigned int) sudoers_uid); |
| break; |
| case SUDO_PATH_WORLD_WRITABLE: |
| warningx("%s is world writable", sudoers_base); |
| break; |
| case SUDO_PATH_GROUP_WRITABLE: |
| warningx("%s should be owned by gid %u", |
| sudoers_base, (unsigned int) sudoers_gid); |
| break; |
| default: |
| /* NOTREACHED */ |
| break; |
| } |
| |
| debug_return_ptr(fp); |
} |
} |
|
|
void |
void |
Line 406 restore_perms(void)
|
Line 475 restore_perms(void)
|
} |
} |
|
|
void |
void |
cleanup(int gotsignal) |
|
{ |
|
if (!gotsignal) { |
|
sudo_endpwent(); |
|
sudo_endgrent(); |
|
} |
|
} |
|
|
|
void |
|
print_member(struct member *m) |
print_member(struct member *m) |
{ |
{ |
struct sudo_command *c; |
struct sudo_command *c; |
|
debug_decl(print_member, SUDO_DEBUG_UTIL) |
|
|
if (m->negated) |
if (m->negated) |
putchar('!'); |
putchar('!'); |
Line 430 print_member(struct member *m)
|
Line 491 print_member(struct member *m)
|
printf("%s%s%s", c->cmnd, c->args ? " " : "", |
printf("%s%s%s", c->cmnd, c->args ? " " : "", |
c->args ? c->args : ""); |
c->args ? c->args : ""); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
void |
void |
Line 437 print_defaults(void)
|
Line 500 print_defaults(void)
|
{ |
{ |
struct defaults *d; |
struct defaults *d; |
struct member *m; |
struct member *m; |
|
debug_decl(print_defaults, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&defaults, d) { | TAILQ_FOREACH(d, &defaults, entries) { |
(void) fputs("Defaults", stdout); |
(void) fputs("Defaults", stdout); |
switch (d->type) { |
switch (d->type) { |
case DEFAULTS_HOST: |
case DEFAULTS_HOST: |
Line 454 print_defaults(void)
|
Line 518 print_defaults(void)
|
putchar('!'); |
putchar('!'); |
break; |
break; |
} |
} |
tq_foreach_fwd(&d->binding, m) { | TAILQ_FOREACH(m, d->binding, entries) { |
if (m != tq_first(&d->binding)) | if (m != TAILQ_FIRST(d->binding)) |
putchar(','); |
putchar(','); |
print_member(m); |
print_member(m); |
} |
} |
printf("\t%s%s", d->op == FALSE ? "!" : "", d->var); | printf("\t%s%s", d->op == false ? "!" : "", d->var); |
if (d->val != NULL) { |
if (d->val != NULL) { |
printf("%c%s", d->op == TRUE ? '=' : d->op, d->val); | printf("%c%s", d->op == true ? '=' : d->op, d->val); |
} |
} |
putchar('\n'); |
putchar('\n'); |
} |
} |
|
|
|
debug_return; |
} |
} |
|
|
int |
int |
Line 473 print_alias(void *v1, void *v2)
|
Line 539 print_alias(void *v1, void *v2)
|
struct alias *a = (struct alias *)v1; |
struct alias *a = (struct alias *)v1; |
struct member *m; |
struct member *m; |
struct sudo_command *c; |
struct sudo_command *c; |
|
debug_decl(print_alias, SUDO_DEBUG_UTIL) |
|
|
switch (a->type) { |
switch (a->type) { |
case HOSTALIAS: |
case HOSTALIAS: |
Line 488 print_alias(void *v1, void *v2)
|
Line 555 print_alias(void *v1, void *v2)
|
(void) printf("Runas_Alias\t%s = ", a->name); |
(void) printf("Runas_Alias\t%s = ", a->name); |
break; |
break; |
} |
} |
tq_foreach_fwd(&a->members, m) { | TAILQ_FOREACH(m, &a->members, entries) { |
if (m != tq_first(&a->members)) | if (m != TAILQ_FIRST(&a->members)) |
fputs(", ", stdout); |
fputs(", ", stdout); |
if (m->type == COMMAND) { |
if (m->type == COMMAND) { |
c = (struct sudo_command *) m->name; |
c = (struct sudo_command *) m->name; |
Line 502 print_alias(void *v1, void *v2)
|
Line 569 print_alias(void *v1, void *v2)
|
} |
} |
} |
} |
putchar('\n'); |
putchar('\n'); |
return 0; | debug_return_int(0); |
} |
} |
|
|
void |
void |
Line 510 print_privilege(struct privilege *priv)
|
Line 577 print_privilege(struct privilege *priv)
|
{ |
{ |
struct cmndspec *cs; |
struct cmndspec *cs; |
struct member *m; |
struct member *m; |
struct privilege *p; |
|
struct cmndtag tags; |
struct cmndtag tags; |
|
debug_decl(print_privilege, SUDO_DEBUG_UTIL) |
|
|
for (p = priv; p != NULL; p = p->next) { | TAILQ_FOREACH(m, &priv->hostlist, entries) { |
if (p != priv) | if (m != TAILQ_FIRST(&priv->hostlist)) |
fputs(" : ", stdout); | fputs(", ", stdout); |
tq_foreach_fwd(&p->hostlist, m) { | print_member(m); |
if (m != tq_first(&p->hostlist)) | } |
fputs(", ", stdout); | fputs(" = ", stdout); |
print_member(m); | tags.nopasswd = UNSPEC; |
} | tags.noexec = UNSPEC; |
fputs(" = ", stdout); | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
tags.nopasswd = tags.noexec = UNSPEC; | if (cs != TAILQ_FIRST(&priv->cmndlist)) |
tq_foreach_fwd(&p->cmndlist, cs) { | fputs(", ", stdout); |
if (cs != tq_first(&p->cmndlist)) | if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) { |
fputs(", ", stdout); | fputs("(", stdout); |
if (!tq_empty(&cs->runasuserlist) || !tq_empty(&cs->runasgrouplist)) { | if (cs->runasuserlist != NULL) { |
fputs("(", stdout); | TAILQ_FOREACH(m, cs->runasuserlist, entries) { |
if (!tq_empty(&cs->runasuserlist)) { | if (m != TAILQ_FIRST(cs->runasuserlist)) |
tq_foreach_fwd(&cs->runasuserlist, m) { | fputs(", ", stdout); |
if (m != tq_first(&cs->runasuserlist)) | print_member(m); |
fputs(", ", stdout); | } |
print_member(m); | } else if (cs->runasgrouplist == NULL) { |
} | fputs(def_runas_default, stdout); |
} else if (tq_empty(&cs->runasgrouplist)) { | } else { |
fputs(def_runas_default, stdout); | fputs(sudo_user.pw->pw_name, stdout); |
} else { | } |
fputs(sudo_user.pw->pw_name, stdout); | if (cs->runasgrouplist != NULL) { |
| fputs(" : ", stdout); |
| TAILQ_FOREACH(m, cs->runasgrouplist, entries) { |
| if (m != TAILQ_FIRST(cs->runasgrouplist)) |
| fputs(", ", stdout); |
| print_member(m); |
} |
} |
if (!tq_empty(&cs->runasgrouplist)) { |
|
fputs(" : ", stdout); |
|
tq_foreach_fwd(&cs->runasgrouplist, m) { |
|
if (m != tq_first(&cs->runasgrouplist)) |
|
fputs(", ", stdout); |
|
print_member(m); |
|
} |
|
} |
|
fputs(") ", stdout); |
|
} |
} |
|
fputs(") ", stdout); |
|
} |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
if (cs->role) | if (cs->role) |
printf("ROLE=%s ", cs->role); | printf("ROLE=%s ", cs->role); |
if (cs->type) | if (cs->type) |
printf("TYPE=%s ", cs->type); | printf("TYPE=%s ", cs->type); |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) | #ifdef HAVE_PRIV_SET |
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); | if (cs->privs) |
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) | printf("PRIVS=%s ", cs->privs); |
printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); | if (cs->limitprivs) |
print_member(cs->cmnd); | printf("LIMITPRIVS=%s ", cs->limitprivs); |
memcpy(&tags, &cs->tags, sizeof(tags)); | #endif /* HAVE_PRIV_SET */ |
} | if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd) |
| printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); |
| if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec) |
| printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); |
| print_member(cs->cmnd); |
| memcpy(&tags, &cs->tags, sizeof(tags)); |
} |
} |
|
debug_return; |
} |
} |
|
|
void |
void |
Line 570 print_userspecs(void)
|
Line 641 print_userspecs(void)
|
{ |
{ |
struct member *m; |
struct member *m; |
struct userspec *us; |
struct userspec *us; |
|
struct privilege *priv; |
|
debug_decl(print_userspecs, SUDO_DEBUG_UTIL) |
|
|
tq_foreach_fwd(&userspecs, us) { | TAILQ_FOREACH(us, &userspecs, entries) { |
tq_foreach_fwd(&us->users, m) { | TAILQ_FOREACH(m, &us->users, entries) { |
if (m != tq_first(&us->users)) | if (m != TAILQ_FIRST(&us->users)) |
fputs(", ", stdout); |
fputs(", ", stdout); |
print_member(m); |
print_member(m); |
} |
} |
putchar('\t'); |
putchar('\t'); |
print_privilege(us->privileges.first); /* XXX */ | TAILQ_FOREACH(priv, &us->privileges, entries) { |
| if (priv != TAILQ_FIRST(&us->privileges)) |
| fputs(" : ", stdout); |
| print_privilege(priv); |
| } |
putchar('\n'); |
putchar('\n'); |
} |
} |
|
debug_return; |
} |
} |
|
|
static int |
|
testsudoers_printf(int msg_type, const char *fmt, ...) |
|
{ |
|
va_list ap; |
|
FILE *fp; |
|
|
|
switch (msg_type) { |
|
case SUDO_CONV_INFO_MSG: |
|
fp = stdout; |
|
break; |
|
case SUDO_CONV_ERROR_MSG: |
|
fp = stderr; |
|
break; |
|
default: |
|
errno = EINVAL; |
|
return -1; |
|
} |
|
|
|
va_start(ap, fmt); |
|
vfprintf(fp, fmt, ap); |
|
va_end(ap); |
|
|
|
return 0; |
|
} |
|
|
|
void |
void |
dump_sudoers(void) |
dump_sudoers(void) |
{ |
{ |
|
debug_decl(dump_sudoers, SUDO_DEBUG_UTIL) |
|
|
print_defaults(); |
print_defaults(); |
|
|
putchar('\n'); |
putchar('\n'); |
Line 618 dump_sudoers(void)
|
Line 673 dump_sudoers(void)
|
|
|
putchar('\n'); |
putchar('\n'); |
print_userspecs(); |
print_userspecs(); |
|
|
|
debug_return; |
} |
} |
|
|
static int testsudoers_print(const char *msg) |
static int testsudoers_print(const char *msg) |
Line 628 static int testsudoers_print(const char *msg)
|
Line 685 static int testsudoers_print(const char *msg)
|
void |
void |
usage(void) |
usage(void) |
{ |
{ |
(void) fprintf(stderr, "usage: %s [-dt] [-G grfile] [-g group] [-h host] [-p pwfile] [-u user] <user> <command> [args]\n", getprogname()); | (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] <user> <command> [args]\n", getprogname()); |
exit(1); |
exit(1); |
} |
} |