From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 26 Jun 2015 16:33:28 +0000 (-0600)
Subject: display_privs() and display_cmnd() may need to return -1 on error.
X-Git-Tag: SUDO_1_8_14^2~47
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27514134640608655d57e4d85f05d8524571f1b6;p=sudo

display_privs() and display_cmnd() may need to return -1 on error.
---

diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c
index fe2804071..3b4baf836 100644
--- a/plugins/sudoers/parse.c
+++ b/plugins/sudoers/parse.c
@@ -583,6 +583,9 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
     debug_return_int(nfound);
 }
 
+/*
+ * Returns the number of matching privileges or -1 on error.
+ */
 int
 sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw,
     struct sudo_lbuf *lbuf)
@@ -738,6 +741,9 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf)
     debug_return_int(nfound);
 }
 
+/*
+ * Returns 0 if the command is allowed, 1 if not or -1 on error.
+ */
 int
 sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 {
diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c
index 55a55a61a..8cef62574 100644
--- a/plugins/sudoers/sudo_nss.c
+++ b/plugins/sudoers/sudo_nss.c
@@ -270,9 +270,10 @@ output(const char *buf)
 
 /*
  * Print out privileges for the specified user.
- * We only get here if the user is allowed to run something.
+ * Returns true if the user is allowed to run commands, false if not
+ * or -1 on error.
  */
-bool
+int
 display_privs(struct sudo_nss_list *snl, struct passwd *pw)
 {
     struct sudo_nss *nss;
@@ -332,23 +333,24 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw)
     sudo_lbuf_destroy(&defs);
     sudo_lbuf_destroy(&privs);
 
-    debug_return_bool(true);	/* XXX */
+    debug_return_int(count > 0);
 }
 
 /*
  * Check user_cmnd against sudoers and print the matching entry if the
  * command is allowed.
- * Returns true if the command is allowed, else false.
+ * Returns true if the command is allowed, false if not or -1 on error.
  */
-bool
+int
 display_cmnd(struct sudo_nss_list *snl, struct passwd *pw)
 {
     struct sudo_nss *nss;
     debug_decl(display_cmnd, SUDOERS_DEBUG_NSS)
 
+    /* XXX - display_cmnd return value is backwards */
     TAILQ_FOREACH(nss, snl, entries) {
 	if (nss->display_cmnd(nss, pw) == 0)
-	    debug_return_bool(true);
+	    debug_return_int(true);
     }
-    debug_return_bool(false);
+    debug_return_int(false);
 }
diff --git a/plugins/sudoers/sudo_nss.h b/plugins/sudoers/sudo_nss.h
index b67a6c9ca..c88ccc6b7 100644
--- a/plugins/sudoers/sudo_nss.h
+++ b/plugins/sudoers/sudo_nss.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2011, 2013-2015 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 45585ab50..3100cd3f2 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -282,8 +282,8 @@ void dump_auth_methods(void);
 char *sudo_getepw(const struct passwd *);
 
 /* sudo_nss.c */
-bool display_privs(struct sudo_nss_list *, struct passwd *);
-bool display_cmnd(struct sudo_nss_list *, struct passwd *);
+int display_privs(struct sudo_nss_list *, struct passwd *);
+int display_cmnd(struct sudo_nss_list *, struct passwd *);
 
 /* pwutil.c */
 __dso_public struct group *sudo_getgrgid(gid_t);