}
static int
-sudoers_policy_check(int argc, char * const argv[], char *env_add[],
- char **command_infop[], char **argv_out[], char **user_env_out[])
+sudoers_policy_main(int argc, char * const argv[], char *env_add[],
+ char **command_infop[], char **argv_out[], char **user_env_out[])
{
static char *command_info[32]; /* XXX */
struct sudo_nss *nss;
char **old_environ = environ;
- int cmnd_status, fd, validated, pwflag = 0;
+ int cmnd_status = -1, fd, validated, pwflag = 0;
int info_len = 0;
int rval = FALSE;
+ /* refactor so list can use it too */
+
/* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) {
warningx("sudoers specifies that root is not allowed to sudo");
}
if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_error() */
+ /* error recovery via error(), errorx() or log_error() */
return -1;
}
/* Set environ to contents of user_env. */
env_init(user_env);
- /* XXX*/
- SET(sudo_mode, MODE_RUN);
-
#ifdef USING_NONUNIX_GROUPS
sudo_nonunix_groupcheck_init(); /* initialise nonunix groups impl */
#endif /* USING_NONUNIX_GROUPS */
}
log_allowed(validated);
+ if (ISSET(sudo_mode, MODE_CHECK))
+ rval = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
+ else if (ISSET(sudo_mode, MODE_LIST))
+ display_privs(snl, list_pw ? list_pw : sudo_user.pw); /* XXX - return val */
/* Cleanup sudoers sources */
tq_foreach_fwd(snl, nss) {
nss->close(nss);
}
+ if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
+ goto done;
+
/*
* Set umask based on sudoers.
* If user's umask is more restrictive, OR in those bits too
sudo_endpwent();
sudo_endgrent();
- /* XXX - handle ENOMEM */
command_info[info_len++] = fmt_string("command", safe_cmnd);
if (def_stay_setuid) {
easprintf(&command_info[info_len++], "runas_uid=%u", user_uid);
/* Must audit before uid change. */
//audit_success(NewArgv); /* XXX */
- /* XXX - set argv_out and env_out */
*command_infop = command_info;
*argv_out = NewArgv;
return rval;
}
+static int
+sudoers_policy_check(int argc, char * const argv[], char *env_add[],
+ char **command_infop[], char **argv_out[], char **user_env_out[])
+{
+ SET(sudo_mode, MODE_RUN);
+
+ return sudoers_policy_main(argc, argv, env_add, command_infop,
+ argv_out, user_env_out);
+}
+
+static int
+sudoers_policy_list(int argc, char * const argv[], int verbose,
+ const char *list_user)
+{
+ user_cmnd = "list";
+ if (argc)
+ SET(sudo_mode, MODE_CHECK);
+ else
+ SET(sudo_mode, MODE_LIST);
+ if (verbose)
+ long_list = 1;
+ if (list_user) {
+ list_pw = sudo_getpwnam(list_user);
+ warningx("unknown user: %s", optarg);
+ return -1;
+ }
+
+ return sudoers_policy_main(argc, argv, NULL, NULL, NULL, NULL);
+}
+
/*
* Initialize timezone, set umask, fill in ``sudo_user'' struct and
* load the ``interfaces'' array.
sudoers_policy_close,
sudoers_policy_version,
sudoers_policy_check,
-#ifdef notyet
sudoers_policy_list,
+#ifdef notyet
sudoers_policy_validate,
sudoers_policy_invalidate
#endif
projects / sudo / commitdiff