int error, nopass;
enum def_tupple pwcheck;
- /* Become sudoers file owner */
- set_perms(PERM_SUDOERS);
-
/* We opened _PATH_SUDOERS in check_sudoers() so just rewind it. */
rewind(sudoers_fp);
yyin = sudoers_fp;
if (pwflag > 0)
keepall = TRUE;
- /* Need to be root while stat'ing things in the parser. */
- set_perms(PERM_ROOT);
+ /* Need to be runas user while stat'ing things in the parser. */
+ set_perms(PERM_RUNAS);
error = yyparse();
/* Close the sudoers file now that we are done with it. */
(void) fclose(sudoers_fp);
sudoers_fp = NULL;
- if (error || parse_error)
+ if (error || parse_error) {
+ set_perms(PERM_ROOT);
return(VALIDATE_ERROR);
+ }
/*
* The pw options may have changed during sudoers parse so we
top--;
}
if (found) {
+ set_perms(PERM_ROOT);
if (nopass == -1)
nopass = 0;
return(VALIDATE_OK | nopass);
/*
* User was granted access to cmnd on host as user.
*/
+ set_perms(PERM_ROOT);
return(VALIDATE_OK |
(no_passwd == TRUE ? FLAG_NOPASS : 0) |
(no_execve == TRUE ? FLAG_NOEXEC : 0));
/*
* User was explicitly denied access to cmnd on host.
*/
+ set_perms(PERM_ROOT);
return(VALIDATE_NOT_OK |
(no_passwd == TRUE ? FLAG_NOPASS : 0) |
(no_execve == TRUE ? FLAG_NOEXEC : 0));
top--;
}
}
+ set_perms(PERM_ROOT);
/*
* The user was neither explicitly granted nor denied access.
char *path;
char *sudoers_args;
{
- int plen, error;
+ int plen;
static struct stat cst;
struct stat pst;
DIR *dirp;
/* Only need to stat cmnd once since it never changes */
if (cst.st_dev == 0) {
- if ((error = stat(cmnd, &cst))) {
- if (runas_pw->pw_uid != 0) {
- set_perms(PERM_RUNAS);
- error = stat(cmnd, &cst);
- set_perms(PERM_ROOT);
- }
- if (error)
- return(FALSE);
- }
+ if (stat(cmnd, &cst) == -1)
+ return(FALSE);
if ((cmnd_base = strrchr(cmnd, '/')) == NULL)
cmnd_base = cmnd;
else