From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 1 Oct 2010 17:52:42 +0000 (-0400)
Subject: Move set_project() from sudoers module into sudo proper.
X-Git-Tag: SUDO_1_8_0~217
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6b4fe798d5b2ffb71c9fc95813dd4f7a3adb3154;p=sudo

Move set_project() from sudoers module into sudo proper.
---

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 38b5973f8..c3ee6b4f8 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -80,10 +80,6 @@
 #  define LOGIN_DEFROOTCLASS	"daemon"
 # endif
 #endif
-#ifdef HAVE_PROJECT_H
-# include <project.h>
-# include <sys/task.h>
-#endif
 #ifdef HAVE_SELINUX
 # include <selinux/selinux.h>
 #endif
@@ -104,7 +100,6 @@
 static void init_vars(char * const *);
 static int set_cmnd(int);
 static void set_loginclass(struct passwd *);
-static void set_project(struct passwd *);
 static void set_runasgr(char *);
 static void set_runaspw(char *);
 static int sudoers_policy_version(int verbose);
@@ -789,9 +784,6 @@ set_cmnd(int sudo_mode)
     int rval;
     char *path = user_path;
 
-    /* Set project if applicable. */
-    set_project(runas_pw);
-
     /* Resolve the path and return. */
     rval = FOUND;
     user_stat = emalloc(sizeof(struct stat));
@@ -971,70 +963,6 @@ set_loginclass(struct passwd *pw)
 }
 #endif /* HAVE_LOGIN_CAP_H */
 
-#ifdef HAVE_PROJECT_H
-static void
-set_project(struct passwd *pw)
-{
-    int errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
-    int errval;
-    struct project proj;
-    struct project *resultp = '\0';
-    char buf[1024];
-
-    /*
-     * Collect the default project for the user and settaskid
-     */
-    setprojent();
-    if (resultp = getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf))) {
-	errval = setproject(resultp->pj_name, pw->pw_name, TASK_NORMAL);
-	if (errval != 0) {
-	    switch(errval) {
-	    case SETPROJ_ERR_TASK:
-		if (errno == EAGAIN)
-		    log_error(errflags, "resource control limit has been reached");
-		else if (errno == ESRCH)
-		    log_error(errflags, "user \"%s\" is not a member of "
-			"project \"%s\"", pw->pw_name, resultp->pj_name);
-		else if (errno == EACCES)
-		    log_error(errflags, "the invoking task is final");
-		else
-		    log_error(errflags, "could not join project \"%s\"",
-			resultp->pj_name);
-		break;
-	    case SETPROJ_ERR_POOL:
-		if (errno == EACCES)
-		    log_error(errflags, "no resource pool accepting "
-			    "default bindings exists for project \"%s\"",
-			    resultp->pj_name);
-		else if (errno == ESRCH)
-		    log_error(errflags, "specified resource pool does "
-			    "not exist for project \"%s\"", resultp->pj_name);
-		else
-		    log_error(errflags, "could not bind to default "
-			    "resource pool for project \"%s\"", resultp->pj_name);
-		break;
-	    default:
-		if (errval <= 0) {
-		    log_error(errflags, "setproject failed for project \"%s\"",
-			resultp->pj_name);
-		} else {
-		    log_error(errflags, "warning, resource control assignment "
-			"failed for project \"%s\"", resultp->pj_name);
-		}
-	    }
-	}
-    } else {
-	log_error(errflags, "getdefaultproj() error: %s", strerror(errno));
-    }
-    endprojent();
-}
-#else
-static void
-set_project(struct passwd *pw)
-{
-}
-#endif /* HAVE_PROJECT_H */
-
 /*
  * Look up the fully qualified domain name and set user_host and user_shost.
  */
diff --git a/src/sudo.c b/src/sudo.c
index aff798130..3d45e3f2a 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -66,6 +66,10 @@
 #ifdef HAVE_LOGIN_CAP_H
 # include <login_cap.h>
 #endif
+#ifdef HAVE_PROJECT_H
+# include <project.h>
+# include <sys/task.h>
+#endif
 #ifdef HAVE_SELINUX
 # include <selinux/selinux.h>
 #endif
@@ -637,6 +641,68 @@ disable_coredumps(void)
 #endif /* RLIMIT_CORE && !SUDO_DEVEL */
 }
 
+#ifdef HAVE_PROJECT_H
+static void
+set_project(struct passwd *pw)
+{
+    struct project proj;
+    char buf[PROJECT_BUFSZ];
+    int errval;
+
+    /*
+     * Collect the default project for the user and settaskid
+     */
+    setprojent();
+    if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
+	errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
+	switch(errval) {
+	case 0:
+	    break;
+	case SETPROJ_ERR_TASK:
+	    switch (errno) {
+	    case EAGAIN:
+		warningx("resource control limit has been reached");
+		break;
+	    case ESRCH:
+		warningx("user \"%s\" is not a member of project \"%s\"",
+		    pw->pw_name, proj.pj_name);
+		break;
+	    case EACCES:
+		warningx("the invoking task is final");
+		break;
+	    default:
+		warningx("could not join project \"%s\"", proj.pj_name);
+	    }
+	case SETPROJ_ERR_POOL:
+	    switch (errno) {
+	    case EACCES:
+		warningx("no resource pool accepting default bindings "
+		    "exists for project \"%s\"", proj.pj_name);
+		break;
+	    case ESRCH:
+		warningx("specified resource pool does not exist for "
+		    "project \"%s\"", proj.pj_name);
+		break;
+	    default:
+		warningx("could not bind to default resource pool for "
+		    "project \"%s\"", proj.pj_name);
+	    }
+	    break;
+	default:
+	    if (errval <= 0) {
+		warningx("setproject failed for project \"%s\"", proj.pj_name);
+	    } else {
+		warningx("warning, resource control assignment failed for "
+		    "project \"%s\"", proj.pj_name);
+	    }
+	}
+    } else {
+	warning("getdefaultproj");
+    }
+    endprojent();
+}
+#endif /* HAVE_PROJECT_H */
+
 /*
  * Setup the execution environment immediately prior to the call to execve()
  * Returns TRUE on success and FALSE on failure.
@@ -671,6 +737,9 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
 #endif
 
     if (pw != NULL) {
+#ifdef HAVE_PROJECT_H
+	set_project(pw);
+#endif
 #ifdef HAVE_GETUSERATTR
 	aix_prep_user(pw->pw_name, ptyname ? ptyname : user_details.tty);
 #endif