display_privs() and display_cmnd() may need to return -1 on error.

diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c
index fe2804071ce373aa5bb37a5cc66d62a6d757e7b5..3b4baf836c5370a0029d7ca606a3f45c79334fb2 100644 (file)
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -583,6 +583,9 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
     debug_return_int(nfound);
 }
 
+/*
+ * Returns the number of matching privileges or -1 on error.
+ */
 int
 sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw,
     struct sudo_lbuf *lbuf)
@@ -738,6 +741,9 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf)
     debug_return_int(nfound);
 }
 
+/*
+ * Returns 0 if the command is allowed, 1 if not or -1 on error.
+ */
 int
 sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 {

diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c
index 55a55a61a0da6c1d65dcdc735f1b4917eaf8cc70..8cef62574cc8d584fa3581a7b23a1387bf51f6b4 100644 (file)
--- a/plugins/sudoers/sudo_nss.c
+++ b/plugins/sudoers/sudo_nss.c
@@ -270,9 +270,10 @@ output(const char *buf)
 
 /*
  * Print out privileges for the specified user.
- * We only get here if the user is allowed to run something.
+ * Returns true if the user is allowed to run commands, false if not
+ * or -1 on error.
  */
-bool
+int
 display_privs(struct sudo_nss_list *snl, struct passwd *pw)
 {
     struct sudo_nss *nss;
@@ -332,23 +333,24 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
     sudo_lbuf_destroy(&defs);
     sudo_lbuf_destroy(&privs);
 
-    debug_return_bool(true);   /* XXX */
+    debug_return_int(count > 0);
 }
 
 /*
  * Check user_cmnd against sudoers and print the matching entry if the
  * command is allowed.
- * Returns true if the command is allowed, else false.
+ * Returns true if the command is allowed, false if not or -1 on error.
  */
-bool
+int
 display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
 {
     struct sudo_nss *nss;
     debug_decl(display_cmnd, SUDOERS_DEBUG_NSS)
 
+    /* XXX - display_cmnd return value is backwards */
     TAILQ_FOREACH(nss, snl, entries) {
        if (nss->display_cmnd(nss, pw) == 0)
-           debug_return_bool(true);
+           debug_return_int(true);
     }
-    debug_return_bool(false);
+    debug_return_int(false);
 }

diff --git a/plugins/sudoers/sudo_nss.h b/plugins/sudoers/sudo_nss.h
index b67a6c9ca563688014b54211a082b0b8129f6062..c88ccc6b7c12284a9b22b95d3939cde0f5016ef7 100644 (file)
--- a/plugins/sudoers/sudo_nss.h
+++ b/plugins/sudoers/sudo_nss.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2011, 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above

diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 45585ab502d07106b93139daada5c6219046a240..3100cd3f2a275f5b0e7f82612b4b44af90d12b2f 100644 (file)
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -282,8 +282,8 @@ void dump_auth_methods(void);
 char *sudo_getepw(const struct passwd *);
 
 /* sudo_nss.c */
-bool display_privs(struct sudo_nss_list *, struct passwd *);
-bool display_cmnd(struct sudo_nss_list *, struct passwd *);
+int display_privs(struct sudo_nss_list *, struct passwd *);
+int display_cmnd(struct sudo_nss_list *, struct passwd *);
 
 /* pwutil.c */
 __dso_public struct group *sudo_getgrgid(gid_t);