the passwd file, set runas_user to the name, not the uid.
When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
}
}
+/*
+ * Returns TRUE if the user/uid from sudoers matches the specified user/uid,
+ * else returns FALSE.
+ */
+int
+userpw_matches(sudoers_user, user, pw)
+ char *sudoers_user;
+ char *user;
+ struct passwd *pw;
+{
+ if (pw != NULL && *sudoers_user == '#') {
+ uid_t uid = atoi(sudoers_user + 1);
+ if (uid == pw->pw_uid)
+ return(1);
+ }
+ return(strcmp(sudoers_user, user) == 0);
+}
+
/*
* Returns TRUE if the given user belongs to the named group,
* else returns FALSE.
+ * XXX - reduce the number of passwd/group lookups
*/
int
-usergr_matches(group, user)
+usergr_matches(group, user, pw)
char *group;
char *user;
+ struct passwd *pw;
{
struct group *grp;
- struct passwd *pw;
gid_t pw_gid;
char **cur;
if (*group++ != '%')
return(FALSE);
- /* look up user's primary gid in the passwd file (XXX - reduce lookups) */
- if ((pw = getpwnam(user)) == NULL)
+ /* look up user's primary gid in the passwd file */
+ if (pw == NULL && (pw = getpwnam(user)) == NULL)
return(FALSE);
pw_gid = pw->pw_gid;
int command_matches __P((char *, char *, char *, char *));
int hostname_matches __P((char *, char *, char *));
int netgr_matches __P((char *, char *, char *, char *));
-int usergr_matches __P((char *, char *));
+int userpw_matches __P((char *, char *, struct passwd *));
+int usergr_matches __P((char *, char *, struct passwd *));
#endif /* _SUDO_PARSE_H */
* If this is the first entry in a command list
* then check against default runas user.
*/
- if (runas_matches == -1)
- runas_matches = (strcmp(*user_runas,
- def_runas_default) == 0);
+ if (runas_matches == -1) {
+ runas_matches =
+ userpw_matches(def_runas_default,
+ *user_runas, runas_pw);
+ }
}
| RUNAS runaslist {
runas_matches = ($2 == TRUE ? TRUE : FALSE);
user_matches == TRUE)
append_runas($1, ", ");
}
- if (strcmp($1, *user_runas) == 0)
+ if (userpw_matches($1, *user_runas, runas_pw))
$$ = TRUE;
else
$$ = -1;
user_matches == TRUE)
append_runas($1, ", ");
}
- if (usergr_matches($1, *user_runas))
+ if (usergr_matches($1, *user_runas, runas_pw))
$$ = TRUE;
else
$$ = -1;
;
user : WORD {
- if (strcmp($1, user_name) == 0)
+ if (userpw_matches($1, user_name, sudo_user.pw))
$$ = TRUE;
else
$$ = -1;
free($1);
}
| USERGROUP {
- if (usergr_matches($1, user_name))
+ if (usergr_matches($1, user_name, sudo_user.pw))
$$ = TRUE;
else
$$ = -1;
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
set_runaspw(*user_runas); /* may call log_error() */
+ if (*user_runas[0] == '#' && runas_pw->pw_name && runas_pw->pw_name[0])
+ *user_runas = estrdup(runas_pw->pw_name);
/*
* Get current working directory. Try as user, fall back to root.
}
int
-usergr_matches(group, user)
+userpw_matches(sudoers_user, user, pw)
+ char *sudoers_user;
+ char *user;
+ struct passwd *pw;
+{
+ if (pw != NULL && *sudoers_user == '#') {
+ uid_t uid = atoi(sudoers_user + 1);
+ if (uid == pw->pw_uid)
+ return(1);
+ }
+ return(strcmp(sudoers_user, user) == 0);
+}
+
+int
+usergr_matches(group, user, pw)
char *group;
char *user;
+ struct passwd *pw;
{
struct group *grp;
char **cur;
int addr_matches __P((char *));
int hostname_matches __P((char *, char *, char *));
int netgr_matches __P((char *, char *, char *, char *));
-int usergr_matches __P((char *, char *));
+int usergr_matches __P((char *, char *, struct passwd *));
+int userpw_matches __P((char *, char *, struct passwd *));
void init_parser __P((void));
void yyrestart __P((FILE *));
}
int
-usergr_matches(g, u)
+usergr_matches(g, u, pw)
char *g, *u;
+ struct passwd *pw;
+{
+ return(TRUE);
+}
+
+int
+userpw_matches(s, u, pw)
+ char *s, *u;
+ struct passwd *pw;
{
return(TRUE);
}
projects / sudo / commitdiff