int indent;
int len;
int size;
- int cols;
+ short cols;
+ short error;
};
typedef int (*sudo_lbuf_output_t)(const char *);
__dso_public bool sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...) __printflike(2, 3);
__dso_public bool sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char *fmt, ...) __printflike(3, 4);
__dso_public void sudo_lbuf_print_v1(struct sudo_lbuf *lbuf);
+__dso_public bool sudo_lbuf_error_v1(struct sudo_lbuf *lbuf);
+__dso_public void sudo_lbuf_clearerr_v1(struct sudo_lbuf *lbuf);
#define sudo_lbuf_init(_a, _b, _c, _d, _e) sudo_lbuf_init_v1((_a), (_b), (_c), (_d), (_e))
#define sudo_lbuf_destroy(_a) sudo_lbuf_destroy_v1((_a))
#define sudo_lbuf_append sudo_lbuf_append_v1
#define sudo_lbuf_append_quoted sudo_lbuf_append_quoted_v1
#define sudo_lbuf_print(_a) sudo_lbuf_print_v1((_a))
+#define sudo_lbuf_error(_a) sudo_lbuf_error_v1((_a))
+#define sudo_lbuf_clearerr(_a) sudo_lbuf_clearerr_v1((_a))
#endif /* SUDO_LBUF_H */
lbuf->continuation = continuation;
lbuf->indent = indent;
lbuf->cols = cols;
+ lbuf->error = 0;
lbuf->len = 0;
lbuf->size = 0;
lbuf->buf = NULL;
do {
new_size += 256;
} while (lbuf->len + extra + 1 >= new_size);
- if ((new_buf = realloc(lbuf->buf, new_size)) == NULL)
+ if ((new_buf = realloc(lbuf->buf, new_size)) == NULL) {
+ lbuf->error = 1;
return false;
+ }
lbuf->buf = new_buf;
lbuf->size = new_size;
}
va_list ap;
debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL)
+ if (sudo_lbuf_error(lbuf))
+ debug_return_bool(false);
+
va_start(ap, fmt);
while (*fmt != '\0') {
if (fmt[0] == '%' && fmt[1] == 's') {
char *s;
debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL)
+ if (sudo_lbuf_error(lbuf))
+ debug_return_bool(false);
+
va_start(ap, fmt);
while (*fmt != '\0') {
if (fmt[0] == '%' && fmt[1] == 's') {
debug_return_bool(ret);
}
+/* XXX - check output function return value */
static void
sudo_lbuf_println(struct sudo_lbuf *lbuf, char *line, int len)
{
/*
* Print the buffer with word wrap based on the tty width.
* The lbuf is reset on return.
+ * XXX - check output function return value
*/
void
sudo_lbuf_print_v1(struct sudo_lbuf *lbuf)
done:
lbuf->len = 0; /* reset the buffer for re-use. */
+ lbuf->error = 0;
debug_return;
}
+
+bool
+sudo_lbuf_error_v1(struct sudo_lbuf *lbuf)
+{
+ if (lbuf != NULL && lbuf->error != 0)
+ return true;
+ return false;
+}
+
+void
+sudo_lbuf_clearerr_v1(struct sudo_lbuf *lbuf)
+{
+ if (lbuf != NULL)
+ lbuf->error = 0;
+}
sudo_gettime_real_v1
sudo_lbuf_append_quoted_v1
sudo_lbuf_append_v1
+sudo_lbuf_clearerr_v1
sudo_lbuf_destroy_v1
+sudo_lbuf_error_v1
sudo_lbuf_init_v1
sudo_lbuf_print_v1
sudo_lock_file_v1
filt = sudo_ldap_build_default_filter();
if (filt == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ count = -1;
goto done;
}
STAILQ_FOREACH(base, &ldap_conf.base, entries) {
}
free(filt);
done:
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(count);
}
}
done:
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(count);
}
#define TAG_CHANGED(t) \
(TAG_SET(cs->tags.t) && cs->tags.t != tags->t)
-static void
+static bool
sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags,
struct sudo_lbuf *lbuf)
{
sudo_lbuf_append(lbuf, "TYPE=%s ", cs->type);
#endif /* HAVE_SELINUX */
if (TAG_CHANGED(setenv)) {
- sudo_lbuf_append(lbuf, cs->tags.setenv ? "SETENV: " : "NOSETENV: ");
tags->setenv = cs->tags.setenv;
+ sudo_lbuf_append(lbuf, tags->setenv ? "SETENV: " : "NOSETENV: ");
}
if (TAG_CHANGED(noexec)) {
- sudo_lbuf_append(lbuf, cs->tags.noexec ? "NOEXEC: " : "EXEC: ");
tags->noexec = cs->tags.noexec;
+ sudo_lbuf_append(lbuf, tags->noexec ? "NOEXEC: " : "EXEC: ");
}
if (TAG_CHANGED(nopasswd)) {
- sudo_lbuf_append(lbuf, cs->tags.nopasswd ? "NOPASSWD: " : "PASSWD: ");
tags->nopasswd = cs->tags.nopasswd;
+ sudo_lbuf_append(lbuf, tags->nopasswd ? "NOPASSWD: " : "PASSWD: ");
}
if (TAG_CHANGED(log_input)) {
- sudo_lbuf_append(lbuf, cs->tags.log_input ? "LOG_INPUT: " : "NOLOG_INPUT: ");
tags->log_input = cs->tags.log_input;
+ sudo_lbuf_append(lbuf, tags->log_input ? "LOG_INPUT: " : "NOLOG_INPUT: ");
}
if (TAG_CHANGED(log_output)) {
- sudo_lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " : "NOLOG_OUTPUT: ");
tags->log_output = cs->tags.log_output;
+ sudo_lbuf_append(lbuf, tags->log_output ? "LOG_OUTPUT: " : "NOLOG_OUTPUT: ");
}
if (TAG_CHANGED(send_mail)) {
- sudo_lbuf_append(lbuf, cs->tags.send_mail ? "MAIL: " : "NOMAIL: ");
tags->send_mail = cs->tags.send_mail;
+ sudo_lbuf_append(lbuf, tags->send_mail ? "MAIL: " : "NOMAIL: ");
}
print_member(lbuf, cs->cmnd, CMNDALIAS);
- debug_return;
+ debug_return_bool(!sudo_lbuf_error(lbuf));
}
#define RUNAS_CHANGED(cs1, cs2) \
}
}
sudo_lbuf_append(lbuf, ") ");
- tags.noexec = UNSPEC;
- tags.setenv = UNSPEC;
- tags.nopasswd = UNSPEC;
tags.log_input = UNSPEC;
tags.log_output = UNSPEC;
+ tags.noexec = UNSPEC;
+ tags.nopasswd = UNSPEC;
+ tags.send_mail = UNSPEC;
+ tags.setenv = UNSPEC;
} else if (cs != TAILQ_FIRST(&priv->cmndlist)) {
sudo_lbuf_append(lbuf, ", ");
}
else
nfound += sudo_file_display_priv_short(pw, us, lbuf);
}
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
done:
debug_return_int(nfound);
}
prefix = ", ";
nfound++;
}
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
done:
debug_return_int(nfound);
}
nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf);
nfound += display_bound_defaults(DEFAULTS_CMND, lbuf);
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(nfound);
}
sudo_lbuf_append(lbuf, "%s%s", d->op == false ? "!" : "", d->var);
}
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(nfound);
}
}
matched:
if (match != NULL && !match->negated) {
- sudo_printf(SUDO_CONV_INFO_MSG, "%s%s%s\n",
+ const int len = sudo_printf(SUDO_CONV_INFO_MSG, "%s%s%s\n",
safe_cmnd, user_args ? " " : "", user_args ? user_args : "");
- rval = 0;
+ rval = len == -1 ? -1 : 0;
}
done:
debug_return_int(rval);
handle->fn_free_result(sss_result);
done:
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(count);
}
if (sss_result != NULL)
handle->fn_free_result(sss_result);
+ if (sudo_lbuf_error(lbuf))
+ debug_return_int(-1);
debug_return_int(count);
}
pw->pw_name, user_srunhost);
count = 0;
TAILQ_FOREACH(nss, snl, entries) {
- count += nss->display_defaults(nss, pw, &defs);
+ const int n = nss->display_defaults(nss, pw, &defs);
+ if (n == -1)
+ goto bad;
+ count += n;
}
- if (count)
+ if (count) {
sudo_lbuf_append(&defs, "\n\n");
- else
+ } else {
+ /* Undo Defaults header. */
defs.len = 0;
+ }
/* Display Runas and Cmnd-specific defaults from all sources. */
olen = defs.len;
pw->pw_name);
count = 0;
TAILQ_FOREACH(nss, snl, entries) {
- count += nss->display_bound_defaults(nss, pw, &defs);
+ const int n = nss->display_bound_defaults(nss, pw, &defs);
+ if (n == -1)
+ goto bad;
+ count += n;
}
- if (count)
+ if (count) {
sudo_lbuf_append(&defs, "\n\n");
- else
+ } else {
+ /* Undo Defaults header. */
defs.len = olen;
+ }
/* Display privileges from all sources. */
sudo_lbuf_append(&privs,
pw->pw_name, user_srunhost);
count = 0;
TAILQ_FOREACH(nss, snl, entries) {
- count += nss->display_privs(nss, pw, &privs);
+ const int n = nss->display_privs(nss, pw, &privs);
+ if (n == -1)
+ goto bad;
+ count += n;
}
if (count == 0) {
defs.len = 0;
privs.len = 0;
- sudo_lbuf_append(&privs, _("User %s is not allowed to run sudo on %s.\n"),
+ sudo_lbuf_append(&privs,
+ _("User %s is not allowed to run sudo on %s.\n"),
pw->pw_name, user_shost);
}
+ if (sudo_lbuf_error(&defs) || sudo_lbuf_error(&privs))
+ goto bad;
+
sudo_lbuf_print(&defs);
sudo_lbuf_print(&privs);
sudo_lbuf_destroy(&privs);
debug_return_int(count > 0);
+bad:
+ sudo_lbuf_destroy(&defs);
+ sudo_lbuf_destroy(&privs);
+
+ debug_return_int(-1);
}
/*
debug_decl(display_cmnd, SUDOERS_DEBUG_NSS)
/* XXX - display_cmnd return value is backwards */
+ /* XXX - doesn't handle commands allowed by one backend denied by another. */
TAILQ_FOREACH(nss, snl, entries) {
- if (nss->display_cmnd(nss, pw) == 0)
- debug_return_int(true);
+ switch (nss->display_cmnd(nss, pw)) {
+ case 0:
+ debug_return_int(true);
+ case -1:
+ debug_return_int(-1);
+ }
}
debug_return_int(false);
}
projects / sudo / commitdiff