From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 17 Jan 2004 18:49:59 +0000 (+0000)
Subject: Fix a bug when set_runaspw() is used as a callback.  We don't want to
X-Git-Tag: SUDO_1_6_8~231
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=03f5f4087cc737de2ff1148242f70d71259e0270;p=sudo

Fix a bug when set_runaspw() is used as a callback.  We don't want to
reset the contents of runas_pw if the user specified a user via the -u flag.

Avoid unnecessary passwd lookups in set_authpw().  In most cases we already
have the info in runas_pw.
---

diff --git a/sudo.c b/sudo.c
index a397f2814..51c66a636 100644
--- a/sudo.c
+++ b/sudo.c
@@ -956,8 +956,11 @@ int
 set_runaspw(user)
     char *user;
 {
-    if (runas_pw != NULL)
+    if (runas_pw != NULL) {
+	if (user_runas != &def_runas_default)
+	    return(TRUE);		/* don't override -u option */
 	free(runas_pw);
+    }
     if (*user == '#') {
 	runas_pw = sudo_getpwuid(atoi(user + 1));
 	if (runas_pw == NULL) {
@@ -975,7 +978,8 @@ set_runaspw(user)
 
 /*
  * Get passwd entry for the user we are going to authenticate as.
- * By default, this is the user invoking sudo...
+ * By default, this is the user invoking sudo.  In the most common
+ * case, this matches sudo_user.pw or runas_pw.
  */
 static struct passwd *
 get_authpw()
@@ -983,23 +987,19 @@ get_authpw()
     struct passwd *pw;
 
     if (def_rootpw) {
-	if ((pw = sudo_getpwuid(0)) == NULL)
+	if (runas_pw->pw_uid == 0)
+	    pw = runas_pw;
+	else if ((pw = sudo_getpwuid(0)) == NULL)
 	    log_error(0, "uid 0 does not exist in the passwd file!");
     } else if (def_runaspw) {
-	if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
+	if (strcmp(def_runas_default, *user_runas) == 0)
+	    pw = runas_pw;
+	else if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
 	    log_error(0, "user %s does not exist in the passwd file!",
 		def_runas_default);
-    } else if (def_targetpw) {
-	if (**user_runas == '#') {
-	    if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL)
-		log_error(0, "uid %s does not exist in the passwd file!",
-		    user_runas);
-	} else {
-	    if ((pw = sudo_getpwnam(*user_runas)) == NULL)
-		log_error(0, "user %s does not exist in the passwd file!",
-		    user_runas);
-	}
-    } else
+    } else if (def_targetpw)
+	pw = runas_pw;
+    else
 	pw = sudo_user.pw;
 
     return(pw);