int
sudoers_policy_init(void *info, char * const envp[])
{
- volatile int sources = 0;
struct sudo_nss *nss, *nss_next;
+ int sources = 0;
int rval = -1;
debug_decl(sudoers_policy_init, SUDOERS_DEBUG_PLUGIN)
mode_t cmnd_umask = 0777;
struct sudo_nss *nss;
int cmnd_status = -1, oldlocale, validated;
- volatile int rval = true;
+ int rval = -1;
debug_decl(sudoers_policy_main, SUDOERS_DEBUG_PLUGIN)
sudo_warn_set_locale_func(sudoers_warn_setlocale);
NewArgv = reallocarray(NULL, NewArgc + 1, sizeof(char *));
if (NewArgv == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
- rval = -1;
goto done;
}
NewArgv[0] = user_cmnd;
NewArgv = reallocarray(NULL, NewArgc + 2, sizeof(char *));
if (NewArgv == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
- rval = -1;
goto done;
}
memcpy(++NewArgv, argv, argc * sizeof(char *));
if (NewArgv[0] == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
free(NewArgv);
- rval = -1;
goto done;
}
}
/* Find command in path and apply per-command Defaults. */
cmnd_status = set_cmnd();
- if (cmnd_status == NOT_FOUND_ERROR) {
- rval = -1;
+ if (cmnd_status == NOT_FOUND_ERROR)
goto done;
- }
/* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (ISSET(validated, VALIDATE_ERROR)) {
/* The lookup function should have printed an error. */
- rval = -1;
goto done;
} else if (ISSET(validated, VALIDATE_SUCCESS)) {
/* Handle [SUCCESS=return] */
if (safe_cmnd == NULL) {
if ((safe_cmnd = strdup(user_cmnd)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
- rval = -1;
goto done;
}
}
/* If only a group was specified, set runas_pw based on invoking user. */
if (runas_pw == NULL) {
if (!set_runaspw(user_name, false)) {
- rval = -1;
goto done;
}
}
rval = check_user(validated, sudo_mode);
if (rval != true) {
/* Note: log_denial() calls audit for us. */
- if (!ISSET(validated, VALIDATE_SUCCESS))
- log_denial(validated, false);
+ if (!ISSET(validated, VALIDATE_SUCCESS)) {
+ if (!log_denial(validated, false))
+ rval = -1;
+ }
goto done;
}
/* If the user was not allowed to run the command we are done. */
if (!ISSET(validated, VALIDATE_SUCCESS)) {
/* Note: log_failure() calls audit for us. */
- log_failure(validated, cmnd_status);
+ if (!log_failure(validated, cmnd_status))
+ goto done;
goto bad;
}
/* Create Ubuntu-style dot file to indicate sudo was successful. */
if (create_admin_success_flag() == -1)
- goto bad;
+ goto done;
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
iolog_path = expand_iolog_path(prefix, def_iolog_dir,
def_iolog_file, &sudo_user.iolog_file);
if (iolog_path == NULL)
- goto bad;
+ goto done;
sudo_user.iolog_file++;
}
}
if (!log_allowed(validated))
goto bad;
- if (ISSET(sudo_mode, MODE_CHECK))
- rval = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
- else if (ISSET(sudo_mode, MODE_LIST))
- display_privs(snl, list_pw ? list_pw : sudo_user.pw); /* XXX - return val */
+
+ switch (sudo_mode & MODE_MASK) {
+ case MODE_CHECK:
+ rval = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
+ break;
+ case MODE_LIST:
+ rval = display_privs(snl, list_pw ? list_pw : sudo_user.pw);
+ break;
+ case MODE_VALIDATE:
+ /* Nothing to do. */
+ rval = true;
+ break;
+ case MODE_RUN:
+ case MODE_EDIT:
+ /* rval set by sudoers_policy_exec_setup() below. */
+ break;
+ default:
+ /* Should not happen. */
+ sudo_warnx("internal error, unexpected sudo mode 0x%x", sudo_mode);
+ goto done;
+ }
/* Cleanup sudoers sources */
TAILQ_FOREACH(nss, snl, entries) {
/* Insert user-specified environment variables. */
if (!insert_env_vars(sudo_user.env_vars))
- goto bad;
+ goto done;
/* Note: must call audit before uid change. */
if (ISSET(sudo_mode, MODE_EDIT)) {
free(safe_cmnd);
safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argc,
&edit_argv);
- if (safe_cmnd == NULL || audit_success(edit_argc, edit_argv) != 0)
+ if (safe_cmnd == NULL) {
+ if (errno != ENOENT)
+ goto done;
goto bad;
+ }
+ if (audit_success(edit_argc, edit_argv) != 0)
+ goto done;
/* We want to run the editor with the unmodified environment. */
env_swap_old();
} else {
if (audit_success(NewArgc, NewArgv) != 0)
- goto bad;
+ goto done;
}
/* Setup execution environment to pass back to front-end. */
projects / sudo / commitdiff