From: Todd C. Miller Date: Sat, 5 Jan 2008 21:25:28 +0000 (+0000) Subject: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. X-Git-Tag: SUDO_1_7_0~253 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb01648878015787cb5d51f03a0c5d0cd4ca8cc4;p=sudo Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. This should make it possible to build an LDAP-only sudo binary. --- diff --git a/parse.c b/parse.c index bcaf00420..5a50773f1 100644 --- a/parse.c +++ b/parse.c @@ -302,49 +302,6 @@ sudo_file_lookup(nss, validated, pwflag) #define TAG_CHANGED(t) \ (cs->tags.t != UNSPEC && cs->tags.t != IMPLIED && cs->tags.t != tags.t) -/* Reset user_groups based on passwd entry. */ -static void -reset_groups(pw) - struct passwd *pw; -{ -#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS) - if (pw != sudo_user.pw) { - (void) initgroups(pw->pw_name, pw->pw_gid); - if ((user_ngroups = getgroups(0, NULL)) > 0) { - user_groups = erealloc3(user_groups, user_ngroups, - sizeof(GETGROUPS_T)); - if (getgroups(user_ngroups, user_groups) < 0) - log_error(USE_ERRNO|MSG_ONLY, "can't get group vector"); - } else { - user_ngroups = 0; - efree(user_groups); - } - } -#endif -} - -/* - * Print out privileges for the specified user. - * XXX - move out of parse.c - */ -void -display_privs(snl, pw) - struct sudo_nss_list *snl; - struct passwd *pw; -{ - struct sudo_nss *nss; - - /* Reset group vector so group matching works correctly. */ - reset_groups(pw); - - /* Display privileges from all sources. */ - tq_foreach_fwd(snl, nss) { - if (nss != tq_first(snl)) - putchar('\n'); - nss->display_privs(nss, pw); - } -} - void sudo_file_display_privs(nss, pw) struct sudo_nss *nss; @@ -550,28 +507,6 @@ display_bound_defaults(dtype) putchar('\n'); } -/* - * Check user_cmnd against sudoers and print the matching entry if the - * command is allowed. - * XXX - move out of parse.c - */ -int -display_cmnd(snl, pw) - struct sudo_nss_list *snl; - struct passwd *pw; -{ - struct sudo_nss *nss; - - /* Reset group vector so group matching works correctly. */ - reset_groups(pw); - - tq_foreach_fwd(snl, nss) { - if (nss->display_cmnd(nss, pw) == 0) - return(0); - } - return(1); -} - int sudo_file_display_cmnd(nss, pw) struct sudo_nss *nss; diff --git a/sudo_nss.c b/sudo_nss.c index f556647cb..88cd31d8f 100644 --- a/sudo_nss.c +++ b/sudo_nss.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007 Todd C. Miller + * Copyright (c) 2007-2008 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,6 +34,11 @@ # include # endif #endif /* HAVE_STRING_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include +#include #include "sudo.h" @@ -120,3 +125,66 @@ sudo_read_nss() } #endif /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ + +/* Reset user_groups based on passwd entry. */ +static void +reset_groups(pw) + struct passwd *pw; +{ +#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS) + if (pw != sudo_user.pw) { + (void) initgroups(pw->pw_name, pw->pw_gid); + if ((user_ngroups = getgroups(0, NULL)) > 0) { + user_groups = erealloc3(user_groups, user_ngroups, + sizeof(GETGROUPS_T)); + if (getgroups(user_ngroups, user_groups) < 0) + log_error(USE_ERRNO|MSG_ONLY, "can't get group vector"); + } else { + user_ngroups = 0; + efree(user_groups); + } + } +#endif +} + +/* + * Print out privileges for the specified user. + */ +void +display_privs(snl, pw) + struct sudo_nss_list *snl; + struct passwd *pw; +{ + struct sudo_nss *nss; + + /* Reset group vector so group matching works correctly. */ + reset_groups(pw); + + /* Display privileges from all sources. */ + tq_foreach_fwd(snl, nss) { + if (nss != tq_first(snl)) + putchar('\n'); + nss->display_privs(nss, pw); + } +} + +/* + * Check user_cmnd against sudoers and print the matching entry if the + * command is allowed. + */ +int +display_cmnd(snl, pw) + struct sudo_nss_list *snl; + struct passwd *pw; +{ + struct sudo_nss *nss; + + /* Reset group vector so group matching works correctly. */ + reset_groups(pw); + + tq_foreach_fwd(snl, nss) { + if (nss->display_cmnd(nss, pw) == 0) + return(0); + } + return(1); +}