# include <time.h>
#endif
#include <ctype.h>
+#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <grp.h>
struct sudo_ldap_handle {
LDAP *ld;
struct ldap_result *result;
- char *username;
+ const char *username;
struct group_list *grlist;
};
}
}
- sudo_efree(ldap_conf.host);
- ldap_conf.host = sudo_estrdup(hostbuf);
- debug_return_bool(true);
+ free(ldap_conf.host);
+ if ((ldap_conf.host = strdup(hostbuf)) == NULL)
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(ldap_conf.host != NULL);
overflow:
sudo_warnx(U_("internal error, %s overflow"), __func__);
hostbuf[0] = '\0';
STAILQ_FOREACH(entry, uri_list, entries) {
- buf = sudo_estrdup(entry->val);
+ buf = strdup(entry->val);
+ if (buf == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ goto done;
+ }
for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) {
if (strncasecmp(uri, "ldap://", 7) == 0) {
nldap++;
sudo_warnx(U_("starttls not supported when using ldaps"));
ldap_conf.ssl_mode = SUDO_LDAP_SSL;
}
- sudo_efree(buf);
+ free(buf);
}
buf = NULL;
/* Store parsed URI(s) in host for ldap_create() or ldap_init(). */
- sudo_efree(ldap_conf.host);
- ldap_conf.host = sudo_estrdup(hostbuf);
+ free(ldap_conf.host);
+ if ((ldap_conf.host = strdup(hostbuf)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ goto done;
+ }
rc = LDAP_SUCCESS;
done:
- sudo_efree(buf);
+ free(buf);
debug_return_int(rc);
overflow:
{
struct ldap_config_str *uri;
size_t len = 0;
- char *buf, *cp;
+ char *buf = NULL;
debug_decl(sudo_ldap_join_uri, SUDOERS_DEBUG_LDAP)
STAILQ_FOREACH(uri, uri_list, entries) {
}
len += strlen(uri->val) + 1;
}
- buf = cp = sudo_emalloc(len);
- buf[0] = '\0';
- STAILQ_FOREACH(uri, uri_list, entries) {
- cp += strlcpy(cp, uri->val, len - (cp - buf));
- *cp++ = ' ';
+ if (len == 0 || (buf = malloc(len)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ } else {
+ char *cp = buf;
+
+ STAILQ_FOREACH(uri, uri_list, entries) {
+ cp += strlcpy(cp, uri->val, len - (cp - buf));
+ *cp++ = ' ';
+ }
+ cp[-1] = '\0';
}
- cp[-1] = '\0';
debug_return_str(buf);
}
#endif /* HAVE_LDAP_INITIALIZE */
{
char *ep, *cp = *cmnd;
int digest_type = SUDO_DIGEST_INVALID;
- debug_decl(sudo_ldap_check_command, SUDOERS_DEBUG_LDAP)
+ debug_decl(sudo_ldap_extract_digest, SUDOERS_DEBUG_LDAP)
/*
* Check for and extract a digest prefix, e.g.
ep++;
if (*ep != '\0') {
digest->digest_type = digest_type;
- digest->digest_str = sudo_estrndup(cp, (size_t)(ep - cp));
+ digest->digest_str = strndup(cp, (size_t)(ep - cp));
+ if (digest->digest_str == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_ptr(NULL);
+ }
cp = ep + 1;
while (isblank((unsigned char)*cp))
cp++;
/* check for !command */
if (*val == '!') {
foundbang = true;
- allowed_cmnd = sudo_estrdup(1 + val); /* !command */
+ allowed_cmnd = val + 1; /* !command */
} else {
foundbang = false;
- allowed_cmnd = sudo_estrdup(val); /* command */
+ allowed_cmnd = val; /* command */
}
/* split optional args away from command */
*/
ret = foundbang ? false : true;
}
+ if (allowed_args != NULL)
+ allowed_args[-1] = ' '; /* restore val */
+
DPRINTF2("ldap sudoCommand '%s' ... %s",
val, ret == true ? "MATCH!" : "not");
- sudo_efree(allowed_cmnd); /* cleanup */
if (allowed_digest != NULL)
- sudo_efree(allowed_digest->digest_str);
+ free(allowed_digest->digest_str);
}
ldap_value_free_len(bv); /* more cleanup */
* Read sudoOption and modify the defaults as we go. This is used once
* from the cn=defaults entry and also once when a final sudoRole is matched.
*/
-static void
+static bool
sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
{
struct berval **bv, **p;
char op, *var, *val;
+ bool rc = false;
debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP)
- if (entry == NULL)
- debug_return;
-
bv = ldap_get_values_len(ld, entry, "sudoOption");
if (bv == NULL)
- debug_return;
+ debug_return_bool(true);
/* walk through options */
for (p = bv; *p != NULL; p++) {
- var = sudo_estrdup((*p)->bv_val);
+ if ((var = strdup((*p)->bv_val)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ goto done;
+ }
DPRINTF2("ldap sudoOption: '%s'", var);
/* check for equals sign past first char */
/* case var Boolean True */
set_default(var, NULL, true);
}
- sudo_efree(var);
+ free(var);
}
+ rc = true;
+done:
ldap_value_free_len(bv);
- debug_return;
+ debug_return_bool(rc);
}
/*
* If either the sudoNotAfter or sudoNotBefore attributes are missing,
* no time restriction shall be imposed.
*/
-static int
+static bool
sudo_ldap_timefilter(char *buffer, size_t buffersize)
{
struct tm *tp;
time_t now;
char timebuffer[sizeof("20120727121554.0Z")];
- int bytes = 0;
+ int len = -1;
debug_decl(sudo_ldap_timefilter, SUDOERS_DEBUG_LDAP)
/* Make sure we have a formatted timestamp for __now__. */
}
/* Build filter. */
- bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
+ len = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
timebuffer, timebuffer);
- if (bytes <= 0 || (size_t)bytes >= buffersize) {
- sudo_warn(U_("unable to build time filter"));
- bytes = 0;
+ if (len <= 0 || (size_t)len >= buffersize) {
+ sudo_warnx(U_("internal error, %s overflow"), __func__);
+ len = -1;
}
done:
- debug_return_int(bytes);
+ debug_return_bool(len != -1);
}
/*
static char *
sudo_ldap_build_default_filter(void)
{
- char *filt;
+ char *filt = NULL;
debug_decl(sudo_ldap_build_default_filter, SUDOERS_DEBUG_LDAP)
if (ldap_conf.search_filter)
- sudo_easprintf(&filt, "(&%s(cn=defaults))", ldap_conf.search_filter);
+ (void)asprintf(&filt, "(&%s(cn=defaults))", ldap_conf.search_filter);
else
- filt = sudo_estrdup("cn=defaults");
+ filt = strdup("cn=defaults");
debug_return_str(filt);
}
sudo_netgroup_lookup_nested(LDAP *ld, char *base, struct timeval *timeout,
struct ldap_netgroup_list *netgroups, struct ldap_netgroup *start)
{
- struct ldap_netgroup *ng, *old_tail;
LDAPMessage *entry, *result;
size_t filt_len;
char *filt;
DPRINTF1("Checking for nested netgroups from netgroup_base '%s'", base);
do {
+ struct ldap_netgroup *ng, *old_tail;
+
+ result = NULL;
old_tail = STAILQ_LAST(netgroups, ldap_netgroup, entries);
filt_len = strlen(ldap_conf.netgroup_search_filter) + 7;
for (ng = start; ng != NULL; ng = STAILQ_NEXT(ng, entries)) {
filt_len += sudo_ldap_value_len(ng->name) + 20;
}
- filt = sudo_emalloc(filt_len);
+ if ((filt = malloc(filt_len)) == NULL)
+ goto oom;
CHECK_STRLCPY(filt, "(&", filt_len);
CHECK_STRLCAT(filt, ldap_conf.netgroup_search_filter, filt_len);
CHECK_STRLCAT(filt, "(|", filt_len);
}
CHECK_STRLCAT(filt, "))", filt_len);
DPRINTF1("ldap netgroup search filter: '%s'", filt);
- result = NULL;
rc = ldap_search_ext_s(ld, base, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, timeout, 0, &result);
+ free(filt);
if (rc == LDAP_SUCCESS) {
LDAP_FOREACH(entry, ld, result) {
struct berval **bv;
break;
}
if (ng == NULL) {
- ng = sudo_emalloc(sizeof(*ng));
- ng->name = sudo_estrdup((*bv)->bv_val);
+ ng = malloc(sizeof(*ng));
+ if (ng == NULL ||
+ (ng->name = strdup((*bv)->bv_val)) == NULL) {
+ free(ng);
+ ldap_value_free_len(bv);
+ goto oom;
+ }
STAILQ_INSERT_TAIL(netgroups, ng, entries);
DPRINTF1("Found new netgroup %s for %s", ng->name, base);
}
}
if (result)
ldap_msgfree(result);
- sudo_efree(filt);
/* Check for nested netgroups in what we added. */
start = old_tail ? STAILQ_NEXT(old_tail, entries) : STAILQ_FIRST(netgroups);
} while (start != NULL);
debug_return_bool(true);
+oom:
+ sudo_warnx(U_("unable to allocate memory"));
+ if (result)
+ ldap_msgfree(result);
+ debug_return_bool(false);
overflow:
+ free(filt);
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_bool(false);
}
struct ldap_config_str *base;
struct ldap_netgroup *ng, *old_tail;
struct timeval tv, *tvp = NULL;
- LDAPMessage *entry, *result;
+ LDAPMessage *entry, *result = NULL;
const char *domain;
size_t filt_len;
char *filt;
filt_len += 3 * sudo_ldap_value_len(domain);
}
filt_len += 7 + strlen(ldap_conf.netgroup_search_filter);
- filt = sudo_emalloc(filt_len);
+ if ((filt = malloc(filt_len)) == NULL)
+ goto oom;
CHECK_STRLCPY(filt, "(&", filt_len);
CHECK_STRLCAT(filt, ldap_conf.netgroup_search_filter, filt_len);
CHECK_STRLCAT(filt, "(|(nisNetgroupTriple=\\28,", filt_len);
filt_len += sudo_ldap_value_len(user_host);
}
filt_len += 7 + strlen(ldap_conf.netgroup_search_filter);
- filt = sudo_emalloc(filt_len);
+ if ((filt = malloc(filt_len)) == NULL)
+ goto oom;
CHECK_STRLCPY(filt, "(&", filt_len);
CHECK_STRLCAT(filt, ldap_conf.netgroup_search_filter, filt_len);
CHECK_STRLCAT(filt, "(|(nisNetgroupTriple=\\28,", filt_len);
}
CHECK_STRLCAT(filt, ",*\\29)))", filt_len);
}
+ /* XXX - refactor duplicated code */
DPRINTF1("ldap netgroup search filter: '%s'", filt);
result = NULL;
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result);
+ free(filt);
if (rc != LDAP_SUCCESS) {
DPRINTF1("ldap netgroup search failed: %s", ldap_err2string(rc));
if (result)
ldap_msgfree(result);
- sudo_efree(filt);
continue;
}
- sudo_efree(filt);
old_tail = STAILQ_LAST(netgroups, ldap_netgroup, entries);
LDAP_FOREACH(entry, ld, result) {
break;
}
if (ng == NULL) {
- ng = sudo_emalloc(sizeof(*ng));
- ng->name = sudo_estrdup((*bv)->bv_val);
+ ng = malloc(sizeof(*ng));
+ if (ng == NULL ||
+ (ng->name = strdup((*bv)->bv_val)) == NULL) {
+ free(ng);
+ ldap_value_free_len(bv);
+ goto oom;
+ }
STAILQ_INSERT_TAIL(netgroups, ng, entries);
DPRINTF1("Found new netgroup %s for %s", ng->name,
base->val);
}
}
debug_return_bool(true);
+oom:
+ sudo_warnx(U_("unable to allocate memory"));
+ ldap_msgfree(result);
+ debug_return_bool(false);
overflow:
+ free(filt);
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_bool(false);
}
} else {
/* sudo_netgroup_lookup() failed, clean up. */
STAILQ_FOREACH_SAFE(ng, &netgroups, entries, nextng) {
- sudo_efree(ng->name);
- sudo_efree(ng);
+ free(ng->name);
+ free(ng);
}
STAILQ_INIT(&netgroups);
}
/* If timed, add space for time limits. */
if (ldap_conf.timed)
sz += TIMEFILTER_LENGTH;
- buf = sudo_emalloc(sz);
+ if ((buf = malloc(sz)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_str(NULL);
+ }
*buf = '\0';
/*
CHECK_STRLCAT(buf, "(sudoUser=+", sz);
CHECK_LDAP_VCAT(buf, ng->name, sz);
CHECK_STRLCAT(buf, ")", sz);
- sudo_efree(ng->name);
- sudo_efree(ng);
+ free(ng->name);
+ free(ng);
}
/* Add ALL to list and end the global OR. */
/* Add the time restriction, or simply end the global OR. */
if (ldap_conf.timed) {
CHECK_STRLCAT(buf, ")", sz); /* closes the global OR */
- sudo_ldap_timefilter(timebuffer, sizeof(timebuffer));
+ if (!sudo_ldap_timefilter(timebuffer, sizeof(timebuffer))) {
+ free(buf);
+ debug_return_str(NULL);
+ }
CHECK_STRLCAT(buf, timebuffer, sz);
} else if (ldap_conf.search_filter) {
CHECK_STRLCAT(buf, ")", sz); /* closes the global OR */
debug_return_str(buf);
overflow:
+ free(buf);
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_str(NULL);
}
static char *
sudo_ldap_build_pass2(void)
{
- char *filt, timebuffer[TIMEFILTER_LENGTH + 1];
+ char *filt = NULL, timebuffer[TIMEFILTER_LENGTH + 1];
bool query_netgroups = def_use_netgroups;
debug_decl(sudo_ldap_build_pass2, SUDOERS_DEBUG_LDAP)
query_netgroups = false;
/* Short circuit if no netgroups and no non-Unix groups. */
- if (!query_netgroups && !def_group_plugin)
+ if (!query_netgroups && !def_group_plugin) {
+ errno = ENOENT;
debug_return_str(NULL);
+ }
- if (ldap_conf.timed)
- sudo_ldap_timefilter(timebuffer, sizeof(timebuffer));
+ if (ldap_conf.timed) {
+ if (!sudo_ldap_timefilter(timebuffer, sizeof(timebuffer)))
+ debug_return_str(NULL);
+ }
/*
* Match all sudoUsers beginning with '+' or '%:'.
* those get ANDed in to the expression.
*/
if (query_netgroups && def_group_plugin) {
- sudo_easprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s",
+ (void)asprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s",
(ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "",
ldap_conf.search_filter ? ldap_conf.search_filter : "",
ldap_conf.timed ? timebuffer : "",
(ldap_conf.timed || ldap_conf.search_filter) ? ")" : "");
} else {
- sudo_easprintf(&filt, "%s%s(sudoUser=*)(sudoUser=%s*)%s%s",
+ (void)asprintf(&filt, "%s%s(sudoUser=*)(sudoUser=%s*)%s%s",
(ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "",
ldap_conf.search_filter ? ldap_conf.search_filter : "",
query_netgroups ? "+" : "%:",
ldap_conf.timed ? timebuffer : "",
(ldap_conf.timed || ldap_conf.search_filter) ? ")" : "");
}
+ if (filt == NULL)
+ sudo_warnx(U_("unable to allocate memory"));
debug_return_str(filt);
}
*/
secret += sizeof("base64:") - 1;
reslen = ((strlen(secret) + 3) / 4 * 3);
- result = sudo_emalloc(reslen + 1);
- len = base64_decode(secret, result, reslen);
- if (len == (size_t)-1) {
- free(result);
- result = NULL;
+ result = malloc(reslen + 1);
+ if (result == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
} else {
- result[len] = '\0';
+ len = base64_decode(secret, result, reslen);
+ if (len == (size_t)-1) {
+ free(result);
+ result = NULL;
+ } else {
+ result[len] = '\0';
+ }
}
}
debug_return_str((char *)result);
char buf[LINE_MAX];
debug_decl(sudo_ldap_read_secret, SUDOERS_DEBUG_LDAP)
+ /* XXX - getline */
if ((fp = fopen(path_ldap_secret, "r")) != NULL) {
if (fgets(buf, sizeof(buf), fp) != NULL) {
buf[strcspn(buf, "\n")] = '\0';
/* copy to bindpw and binddn */
- sudo_efree(ldap_conf.bindpw);
+ free(ldap_conf.bindpw);
ldap_conf.bindpw = sudo_ldap_decode_secret(buf);
- if (ldap_conf.bindpw == NULL)
- ldap_conf.bindpw = sudo_estrdup(buf);
- sudo_efree(ldap_conf.binddn);
+ if (ldap_conf.bindpw == NULL) {
+ if ((ldap_conf.bindpw = strdup(buf)) == NULL)
+ sudo_warnx(U_("unable to allocate memory"));
+ }
+ free(ldap_conf.binddn);
ldap_conf.binddn = ldap_conf.rootbinddn;
ldap_conf.rootbinddn = NULL;
}
}
break;
case CONF_STR:
- sudo_efree(*(char **)(cur->valp));
- *(char **)(cur->valp) = *value ? sudo_estrdup(value) : NULL;
- break;
+ {
+ char *cp = NULL;
+
+ free(*(char **)(cur->valp));
+ if (*value && (cp = strdup(value)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
+ *(char **)(cur->valp) = cp;
+ break;
+ }
case CONF_LIST_STR:
{
struct ldap_config_str_list *head;
if (len > 0) {
head = (struct ldap_config_str_list *)cur->valp;
- str = sudo_emalloc(sizeof(*str) + len);
+ if ((str = malloc(sizeof(*str) + len)) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
memcpy(str->val, value, len + 1);
STAILQ_INSERT_TAIL(head, str, entries);
}
ldap_conf.use_sasl = -1;
ldap_conf.rootuse_sasl = -1;
ldap_conf.deref = -1;
- ldap_conf.search_filter = sudo_estrdup(DEFAULT_SEARCH_FILTER);
- ldap_conf.netgroup_search_filter = sudo_estrdup(DEFAULT_NETGROUP_SEARCH_FILTER);
+ ldap_conf.search_filter = strdup(DEFAULT_SEARCH_FILTER);
+ ldap_conf.netgroup_search_filter = strdup(DEFAULT_NETGROUP_SEARCH_FILTER);
STAILQ_INIT(&ldap_conf.uri);
STAILQ_INIT(&ldap_conf.base);
STAILQ_INIT(&ldap_conf.netgroup_base);
+ if (ldap_conf.search_filter == NULL || ldap_conf.netgroup_search_filter == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
+
if ((fp = fopen(path_ldap_conf, "r")) == NULL)
debug_return_bool(false);
free(line);
fclose(fp);
- if (!ldap_conf.host)
- ldap_conf.host = sudo_estrdup("localhost");
+ if (!ldap_conf.host) {
+ ldap_conf.host = strdup("localhost");
+ if (ldap_conf.host == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
+ }
DPRINTF1("LDAP Config Summary");
DPRINTF1("===================");
debug_return_bool(false);
while ((uri = STAILQ_FIRST(&ldap_conf.uri)) != NULL) {
STAILQ_REMOVE_HEAD(&ldap_conf.uri, entries);
- sudo_efree(uri);
+ free(uri);
}
ldap_conf.port = LDAP_PORT;
}
if (ldap_conf.search_filter && ldap_conf.search_filter[0] != '(') {
size_t len = strlen(ldap_conf.search_filter);
cp = ldap_conf.search_filter;
- ldap_conf.search_filter = sudo_emalloc(len + 3);
+ ldap_conf.search_filter = malloc(len + 3);
+ if (ldap_conf.search_filter == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
ldap_conf.search_filter[0] = '(';
memcpy(ldap_conf.search_filter + 1, cp, len);
ldap_conf.search_filter[len + 1] = ')';
ldap_conf.search_filter[len + 2] = '\0';
- sudo_efree(cp);
+ free(cp);
}
} else if (ldap_conf.bindpw) {
cp = sudo_ldap_decode_secret(ldap_conf.bindpw);
if (cp != NULL) {
- sudo_efree(ldap_conf.bindpw);
+ free(ldap_conf.bindpw);
ldap_conf.bindpw = cp;
}
}
if (ldap_conf.tls_keypw) {
cp = sudo_ldap_decode_secret(ldap_conf.tls_keypw);
if (cp != NULL) {
- sudo_efree(ldap_conf.tls_keypw);
+ free(ldap_conf.tls_keypw);
ldap_conf.tls_keypw = cp;
}
}
ld = handle->ld;
filt = sudo_ldap_build_default_filter();
+ if (filt == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ goto done;
+ }
STAILQ_FOREACH(base, &ldap_conf.base, entries) {
if (ldap_conf.timeout > 0) {
tv.tv_sec = ldap_conf.timeout;
if (result)
ldap_msgfree(result);
}
- sudo_efree(filt);
+ free(filt);
done:
debug_return_int(count);
}
DPRINTF1("ldap search for command list");
lres = sudo_ldap_result_get(nss, pw);
+ if (lres == NULL)
+ goto done;
/* Display all matching entries. */
for (i = 0; i < lres->nentries; i++) {
*/
DPRINTF1("ldap search for command list");
lres = sudo_ldap_result_get(nss, pw);
+ if (lres == NULL)
+ goto done;
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
if (sudo_ldap_check_command(ld, entry, NULL) &&
struct ldap_result *result;
debug_decl(sudo_ldap_result_alloc, SUDOERS_DEBUG_LDAP)
- result = sudo_ecalloc(1, sizeof(*result));
+ result = calloc(1, sizeof(*result));
STAILQ_INIT(&result->searches);
debug_return_ptr(result);
if (lres != NULL) {
if (lres->nentries) {
- sudo_efree(lres->entries);
+ free(lres->entries);
lres->entries = NULL;
}
while ((s = STAILQ_FIRST(&lres->searches)) != NULL) {
STAILQ_REMOVE_HEAD(&lres->searches, entries);
ldap_msgfree(s->searchresult);
- sudo_efree(s);
+ free(s);
}
- sudo_efree(lres);
+ free(lres);
}
debug_return;
}
debug_decl(sudo_ldap_result_add_search, SUDOERS_DEBUG_LDAP)
/* Create new entry and add it to the end of the chain. */
- news = sudo_ecalloc(1, sizeof(*news));
- news->ldap = ldap;
- news->searchresult = searchresult;
- STAILQ_INSERT_TAIL(&lres->searches, news, entries);
+ news = calloc(1, sizeof(*news));
+ if (news != NULL) {
+ news->ldap = ldap;
+ news->searchresult = searchresult;
+ STAILQ_INSERT_TAIL(&lres->searches, news, entries);
+ }
debug_return_ptr(news);
}
goto done;
DPRINTF2("ldap_initialize(ld, %s)", buf);
rc = ldap_initialize(&ld, buf);
- sudo_efree(buf);
+ free(buf);
} else
#endif
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
goto done;
/* Create a handle container. */
- handle = sudo_ecalloc(1, sizeof(struct sudo_ldap_handle));
+ handle = calloc(1, sizeof(struct sudo_ldap_handle));
+ if (handle == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ rc = -1;
+ goto done;
+ }
handle->ld = ld;
/* handle->result = NULL; */
/* handle->username = NULL; */
struct sudo_ldap_handle *handle = nss->handle;
struct timeval tv, *tvp = NULL;
LDAP *ld;
- LDAPMessage *entry, *result;
+ LDAPMessage *entry, *result = NULL;
char *filt;
int rc;
debug_decl(sudo_ldap_setdefs, SUDOERS_DEBUG_LDAP)
ld = handle->ld;
filt = sudo_ldap_build_default_filter();
+ if (filt == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_int(-1);
+ }
DPRINTF1("Looking for cn=defaults: %s", filt);
STAILQ_FOREACH(base, &ldap_conf.base, entries) {
tv.tv_usec = 0;
tvp = &tv;
}
- result = NULL;
+ if (result != NULL) {
+ ldap_msgfree(result);
+ result = NULL;
+ }
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
filt, NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
DPRINTF1("found:%s", ldap_get_dn(ld, entry));
- sudo_ldap_parse_options(ld, entry);
+ if (!sudo_ldap_parse_options(ld, entry)) {
+ rc = -1;
+ goto done;
+ }
} else {
DPRINTF1("no default options found in %s", base->val);
}
- if (result)
- ldap_msgfree(result);
}
- sudo_efree(filt);
+ rc = 0;
- debug_return_int(0);
+done:
+ if (result != NULL)
+ ldap_msgfree(result);
+ free(filt);
+
+ debug_return_int(rc);
}
/*
/* Fetch list of sudoRole entries that match user and host. */
lres = sudo_ldap_result_get(nss, sudo_user.pw);
+ if (lres == NULL)
+ debug_return_int(ret);
/*
* The following queries are only determine whether or not a
/* Apply entry-specific options. */
if (setenv_implied)
def_setenv = true;
- sudo_ldap_parse_options(ld, entry);
+ if (sudo_ldap_parse_options(ld, entry)) {
#ifdef HAVE_SELINUX
- /* Set role and type if not specified on command line. */
- if (user_role == NULL)
- user_role = def_role;
- if (user_type == NULL)
- user_type = def_type;
+ /* Set role and type if not specified on command line. */
+ if (user_role == NULL)
+ user_role = def_role;
+ if (user_type == NULL)
+ user_type = def_type;
#endif /* HAVE_SELINUX */
- SET(ret, VALIDATE_SUCCESS);
- CLR(ret, VALIDATE_FAILURE);
+ SET(ret, VALIDATE_SUCCESS);
+ CLR(ret, VALIDATE_FAILURE);
+ } else {
+ SET(ret, VALIDATE_ERROR);
+ }
} else {
SET(ret, VALIDATE_FAILURE);
CLR(ret, VALIDATE_SUCCESS);
* of 100 entries to save on allocation time.
*/
if (++lres->nentries > lres->allocated_entries) {
- lres->allocated_entries += ALLOCATION_INCREMENT;
- lres->entries = sudo_ereallocarray(lres->entries, lres->allocated_entries,
- sizeof(lres->entries[0]));
+ int allocated_entries = lres->allocated_entries + ALLOCATION_INCREMENT;
+ struct ldap_entry_wrapper *entries = reallocarray(lres->entries,
+ allocated_entries, sizeof(lres->entries[0]));
+ if (entries == NULL)
+ debug_return_ptr(NULL);
+ lres->allocated_entries = allocated_entries;
+ lres->entries = entries;
}
/* Fill in the new entry and return it. */
if (handle->result != NULL) {
DPRINTF1("removing reusable search result");
sudo_ldap_result_free(handle->result);
- if (handle->username) {
- sudo_efree(handle->username);
- handle->username = NULL;
- }
+ handle->username = NULL;
handle->grlist = NULL;
handle->result = NULL;
}
* an ldap_result object. The results are then sorted by sudoOrder.
*/
lres = sudo_ldap_result_alloc();
+ if (lres == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_ptr(NULL);
+ }
for (pass = 0; pass < 2; pass++) {
filt = pass ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(ld, pw);
if (filt != NULL) {
/* Add the seach result to list of search results. */
DPRINTF1("adding search result");
- sudo_ldap_result_add_search(lres, ld, result);
+ if (sudo_ldap_result_add_search(lres, ld, result) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ free(filt);
+ sudo_ldap_result_free(lres);
+ debug_return_ptr(NULL);
+ }
LDAP_FOREACH(entry, ld, result) {
if ((!pass ||
sudo_ldap_check_non_unix_group(ld, entry, pw)) &&
sudo_ldap_check_host(ld, entry)) {
lres->host_matches = true;
- sudo_ldap_result_add_entry(lres, entry);
+ if (sudo_ldap_result_add_entry(lres, entry) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ free(filt);
+ sudo_ldap_result_free(lres);
+ debug_return_ptr(NULL);
+ }
}
}
DPRINTF1("result now has %d entries", lres->nentries);
}
- sudo_efree(filt);
+ free(filt);
+ } else if (errno != ENOENT) {
+ /* Out of memory? */
+ sudo_ldap_result_free(lres);
+ debug_return_ptr(NULL);
}
}
ldap_entry_compare);
/* Store everything in the sudo_nss handle. */
+ /* XXX - store pw and take a reference to it. */
handle->result = lres;
- handle->username = sudo_estrdup(pw->pw_name);
+ handle->username = pw->pw_name;
handle->grlist = user_group_list;
debug_return_ptr(lres);
}
/* Free the handle container. */
- sudo_efree(nss->handle);
+ free(nss->handle);
nss->handle = NULL;
}
debug_return_int(0);
static struct ldap_result *
sudo_ldap_result_from_search(LDAP *ldap, LDAPMessage *searchresult)
{
+ struct ldap_search_result *last;
+ struct ldap_result *result;
+ LDAPMessage *entry;
+
/*
* An ldap_result is built from several search results, which are
* organized in a list. The head of the list is maintained in the
* ldap_result structure, together with the wrappers that point
* to individual entries, this has to be initialized first.
*/
- struct ldap_result *result = sudo_ldap_result_alloc();
+ result = sudo_ldap_result_alloc();
+ if (result == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ debug_return_ptr(NULL);
+ }
/*
* Build a new list node for the search result, this creates the
* list node.
*/
- struct ldap_search_result *last = sudo_ldap_result_add_search(result,
- ldap, searchresult);
+ last = sudo_ldap_result_add_search(result, ldap, searchresult);
/*
* Now add each entry in the search result to the array of of entries
* in the ldap_result object.
*/
- LDAPMessage *entry;
LDAP_FOREACH(entry, last->ldap, last->searchresult) {
- sudo_ldap_result_add_entry(result, entry);
+ if (sudo_ldap_result_add_entry(result, entry) == NULL) {
+ sudo_warnx(U_("unable to allocate memory"));
+ sudo_ldap_result_free(result);
+ result = NULL;
+ break;
+ }
}
- DPRINTF1("sudo_ldap_result_from_search: %d entries found", result->nentries);
+ DPRINTF1("sudo_ldap_result_from_search: %d entries found",
+ result ? result->nentries : -1);
return result;
}
#endif