From: Todd C. Miller Date: Mon, 26 Apr 2010 21:14:11 +0000 (-0400) Subject: Re-enable environment files and setting environment variables on the X-Git-Tag: SUDO_1_8_0~696 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b041c91cafaed5600627d7e4e5a07dbbb839d897;p=sudo Re-enable environment files and setting environment variables on the command line. --- diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index c4ebb56eb..6e646410d 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -725,16 +725,16 @@ rebuild_env(int sudo_mode, int noexec) } void -insert_env_vars(struct list_member *env_vars) +insert_env_vars(char * const envp[]) { - struct list_member *cur; + char * const *ep; - if (env_vars == NULL) + if (envp == NULL) return; /* Add user-specified environment variables. */ - for (cur = env_vars; cur != NULL; cur = cur->next) - putenv(cur->value); + for (ep = envp; *ep != NULL; ep++) + sudo_putenv(*ep, TRUE, TRUE); } /* @@ -743,31 +743,32 @@ insert_env_vars(struct list_member *env_vars) * Calls log_error() if any specified variables are not allowed. */ void -validate_env_vars(struct list_member *env_vars) +validate_env_vars(char * const env_vars[]) { - struct list_member *var; + char * const *ep; char *eq, *bad = NULL; size_t len, blen = 0, bsize = 0; int okvar; - for (var = env_vars; var != NULL; var = var->next) { + /* Add user-specified environment variables. */ + for (ep = env_vars; *ep != NULL; ep++) { if (def_secure_path && !user_is_exempt() && - strncmp(var->value, "PATH=", 5) == 0) { + strncmp(*ep, "PATH=", 5) == 0) { okvar = FALSE; } else if (def_env_reset) { - okvar = matches_env_check(var->value); + okvar = matches_env_check(*ep); if (okvar == -1) - okvar = matches_env_keep(var->value); + okvar = matches_env_keep(*ep); } else { - okvar = matches_env_delete(var->value) == FALSE; + okvar = matches_env_delete(*ep) == FALSE; if (okvar == FALSE) - okvar = matches_env_check(var->value) != FALSE; + okvar = matches_env_check(*ep) != FALSE; } if (okvar == FALSE) { /* Not allowed, add to error string, allocating as needed. */ - if ((eq = strchr(var->value, '=')) != NULL) + if ((eq = strchr(*ep, '=')) != NULL) *eq = '\0'; - len = strlen(var->value) + 2; + len = strlen(*ep) + 2; if (blen + len >= bsize) { do { bsize += 1024; @@ -775,7 +776,7 @@ validate_env_vars(struct list_member *env_vars) bad = erealloc(bad, bsize); bad[blen] = '\0'; } - strlcat(bad, var->value, bsize); + strlcat(bad, *ep, bsize); strlcat(bad, ", ", bsize); blen += len; if (eq != NULL) diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 7bc03a078..e9c6830ef 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -630,13 +630,14 @@ new_logline(const char *message, int serrno) len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid); if (sudo_user.env_vars != NULL) { size_t evlen = 0; - struct list_member *cur; - for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next) - evlen += strlen(cur->value) + 1; + char * const *ep; + + for (ep = sudo_user.env_vars; *ep != NULL; ep++) + evlen += strlen(*ep) + 1; evstr = emalloc(evlen); evstr[0] = '\0'; - for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next) { - strlcat(evstr, cur->value, evlen); + for (ep = sudo_user.env_vars; *ep != NULL; ep++) { + strlcat(evstr, *ep, evlen); strlcat(evstr, " ", evlen); /* NOTE: last one will fail */ } len += sizeof(LL_ENV_STR) + 2 + evlen; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index f054625d9..5def08d97 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -122,10 +122,6 @@ static int sudoers_policy_version(int verbose); static struct passwd *get_authpw(void); static int deserialize_info(char * const settings[], char * const user_info[]); -extern int sudo_edit(int, char **, char **); -void validate_env_vars(struct list_member *); -void insert_env_vars(struct list_member *); - /* XXX */ extern int runas_ngroups; extern GETGROUPS_T *runas_groups; @@ -460,7 +456,7 @@ sudoers_policy_main(int argc, char * const argv[], char *env_add[], warningx("sorry, you are not allowed to preserve the environment"); goto done; } else - validate_env_vars(sudo_user.env_vars); + validate_env_vars(env_add); } log_allowed(validated); @@ -506,20 +502,16 @@ sudoers_policy_main(int argc, char * const argv[], char *env_add[], #if defined(__linux__) || defined(_AIX) /* Insert system-wide environment variables. */ - /* XXX */ read_env_file(_PATH_ENVIRONMENT, TRUE); #endif } /* Insert system-wide environment variables. */ -#if 0 /* XXX - add back */ - if (def_env_file) { + if (def_env_file) read_env_file(def_env_file, FALSE); - } /* Insert user-specified environment variables. */ - insert_env_vars(sudo_user.env_vars); -#endif + insert_env_vars(env_add); /* Restore signal handlers before we exec. */ (void) sigaction(SIGINT, &saved_sa_int, NULL); diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 17eb81ada..6e9b93b57 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -68,7 +68,7 @@ struct sudo_user { int lines; int cols; GETGROUPS_T *groups; - struct list_member *env_vars; + char * const * env_vars; #ifdef HAVE_SELINUX char *role; char *type; @@ -298,8 +298,10 @@ int sudoers_io_log_output(const char *buf, unsigned int len); char **env_get(void); int env_init(char * const envp[]); void init_envtables(void); +void insert_env_vars(char * const envp[]); void read_env_file(const char *, int); void rebuild_env(int, int); +void validate_env_vars(char * const envp[]); /* fmt_string.c */ char *fmt_string(const char *, const char *);