From: Todd C. Miller Date: Fri, 26 Jun 2015 16:33:28 +0000 (-0600) Subject: display_privs() and display_cmnd() may need to return -1 on error. X-Git-Tag: SUDO_1_8_14^2~47 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=27514134640608655d57e4d85f05d8524571f1b6;p=sudo display_privs() and display_cmnd() may need to return -1 on error. --- diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index fe2804071..3b4baf836 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -583,6 +583,9 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, debug_return_int(nfound); } +/* + * Returns the number of matching privileges or -1 on error. + */ int sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, struct sudo_lbuf *lbuf) @@ -738,6 +741,9 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf) debug_return_int(nfound); } +/* + * Returns 0 if the command is allowed, 1 if not or -1 on error. + */ int sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) { diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c index 55a55a61a..8cef62574 100644 --- a/plugins/sudoers/sudo_nss.c +++ b/plugins/sudoers/sudo_nss.c @@ -270,9 +270,10 @@ output(const char *buf) /* * Print out privileges for the specified user. - * We only get here if the user is allowed to run something. + * Returns true if the user is allowed to run commands, false if not + * or -1 on error. */ -bool +int display_privs(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; @@ -332,23 +333,24 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw) sudo_lbuf_destroy(&defs); sudo_lbuf_destroy(&privs); - debug_return_bool(true); /* XXX */ + debug_return_int(count > 0); } /* * Check user_cmnd against sudoers and print the matching entry if the * command is allowed. - * Returns true if the command is allowed, else false. + * Returns true if the command is allowed, false if not or -1 on error. */ -bool +int display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; debug_decl(display_cmnd, SUDOERS_DEBUG_NSS) + /* XXX - display_cmnd return value is backwards */ TAILQ_FOREACH(nss, snl, entries) { if (nss->display_cmnd(nss, pw) == 0) - debug_return_bool(true); + debug_return_int(true); } - debug_return_bool(false); + debug_return_int(false); } diff --git a/plugins/sudoers/sudo_nss.h b/plugins/sudoers/sudo_nss.h index b67a6c9ca..c88ccc6b7 100644 --- a/plugins/sudoers/sudo_nss.h +++ b/plugins/sudoers/sudo_nss.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2011, 2013 Todd C. Miller + * Copyright (c) 2007-2011, 2013-2015 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 45585ab50..3100cd3f2 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -282,8 +282,8 @@ void dump_auth_methods(void); char *sudo_getepw(const struct passwd *); /* sudo_nss.c */ -bool display_privs(struct sudo_nss_list *, struct passwd *); -bool display_cmnd(struct sudo_nss_list *, struct passwd *); +int display_privs(struct sudo_nss_list *, struct passwd *); +int display_cmnd(struct sudo_nss_list *, struct passwd *); /* pwutil.c */ __dso_public struct group *sudo_getgrgid(gid_t);