From 0cddfc36841e55ea350dc3c47b6e97ad9935940b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 19 Nov 2004 20:03:33 +0000 Subject: [PATCH] Change an occurence of user_matches() -> runas_matches() missed previously runas_matches(), host_matches() and cmnd_matches() only really need to pass in a list of members. user_matches() still needs to pass in a passwd struct because of "sudo -l" --- defaults.c | 5 ++--- match.c | 27 ++++++++++++--------------- parse.c | 12 ++++++------ parse.h | 6 +++--- testsudoers.c | 6 +++--- 5 files changed, 26 insertions(+), 30 deletions(-) diff --git a/defaults.c b/defaults.c index 65472191c..6d2bb3aa8 100644 --- a/defaults.c +++ b/defaults.c @@ -513,12 +513,12 @@ update_defaults() return(FALSE); break; case DEFAULTS_RUNAS: - if (user_matches(runas_pw, def->binding) && + if (runas_matches(def->binding) && !set_default(def->var, def->val, def->op)) return(FALSE); break; case DEFAULTS_HOST: - if (host_matches(user_shost, user_host, def->binding) && + if (host_matches(def->binding) && !set_default(def->var, def->val, def->op)) return(FALSE); break; @@ -527,7 +527,6 @@ update_defaults() return(TRUE); } - static int store_int(val, def, op) char *val; diff --git a/match.c b/match.c index bf1f6f7e2..0c32cfe5a 100644 --- a/match.c +++ b/match.c @@ -146,8 +146,7 @@ user_matches(pw, list) * Returns ALLOW, DENY or UNSPEC. */ int -runas_matches(pw, list) - struct passwd *pw; +runas_matches(list) struct member *list; { struct member *m; @@ -155,7 +154,7 @@ runas_matches(pw, list) int rval, matched = UNSPEC; if (list == NULL) - return(userpw_matches(def_runas_default, pw->pw_name, pw)); + return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); for (m = list; m != NULL; m = m->next) { switch (m->type) { @@ -163,23 +162,23 @@ runas_matches(pw, list) matched = !m->negated; break; case NETGROUP: - if (netgr_matches(m->name, NULL, NULL, pw->pw_name)) + if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) matched = !m->negated; break; case USERGROUP: - if (usergr_matches(m->name, pw->pw_name, pw)) + if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) matched = !m->negated; break; case ALIAS: if ((a = find_alias(m->name, RUNASALIAS)) != NULL) { - rval = runas_matches(pw, a->first_member); + rval = runas_matches(a->first_member); if (rval != UNSPEC) matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: - if (userpw_matches(m->name, pw->pw_name, pw)) + if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) matched = !m->negated; break; } @@ -192,8 +191,7 @@ runas_matches(pw, list) * Returns ALLOW, DENY or UNSPEC. */ int -host_matches(shost, lhost, list) - char *shost, *lhost; +host_matches(list) struct member *list; { struct member *m; @@ -206,7 +204,7 @@ host_matches(shost, lhost, list) matched = !m->negated; break; case NETGROUP: - if (netgr_matches(m->name, lhost, shost, NULL)) + if (netgr_matches(m->name, user_host, user_shost, NULL)) matched = !m->negated; break; case NTWKADDR: @@ -215,14 +213,14 @@ host_matches(shost, lhost, list) break; case ALIAS: if ((a = find_alias(m->name, HOSTALIAS)) != NULL) { - rval = host_matches(shost, lhost, a->first_member); + rval = host_matches(a->first_member); if (rval != UNSPEC) matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: - if (hostname_matches(shost, lhost, m->name)) + if (hostname_matches(user_shost, user_host, m->name)) matched = !m->negated; break; } @@ -235,8 +233,7 @@ host_matches(shost, lhost, list) * Returns ALLOW, DENY or UNSPEC. */ int -cmnd_matches(cmnd, args, list) - char *cmnd, *args; +cmnd_matches(list) struct member *list; { struct sudo_command *c; @@ -251,7 +248,7 @@ cmnd_matches(cmnd, args, list) break; case ALIAS: if ((a = find_alias(m->name, CMNDALIAS)) != NULL) { - rval = cmnd_matches(cmnd, args, a->first_member); + rval = cmnd_matches(a->first_member); if (rval != UNSPEC) matched = m->negated ? !rval : rval; } diff --git a/parse.c b/parse.c index ca17f7973..0a0e38d35 100644 --- a/parse.c +++ b/parse.c @@ -121,12 +121,12 @@ sudoers_lookup(pwflag) for (us = userspecs; us != NULL; us = us->next) { if (user_matches(sudo_user.pw, us->user) == TRUE) { priv = us->privileges; - if (host_matches(user_shost, user_host, priv->hostlist) == TRUE) { + if (host_matches(priv->hostlist) == TRUE) { for (cs = priv->cmndlist; cs != NULL; cs = cs->next) { /* Only check the command when listing another user. */ if (user_uid == 0 || list_pw == NULL || user_uid == list_pw->pw_uid || - cmnd_matches(user_cmnd, user_args, cs->cmnd) == TRUE) + cmnd_matches(cs->cmnd) == TRUE) matched = TRUE; if ((pwcheck == any && nopass != TRUE) || (pwcheck == all && nopass == TRUE)) @@ -155,11 +155,11 @@ sudoers_lookup(pwflag) if (user_matches(sudo_user.pw, us->user) == TRUE) { CLR(validated, FLAG_NO_USER); priv = us->privileges; - if (host_matches(user_shost, user_host, priv->hostlist) == TRUE) { + if (host_matches(priv->hostlist) == TRUE) { CLR(validated, FLAG_NO_HOST); for (cs = priv->cmndlist; cs != NULL; cs = cs->next) { - if (runas_matches(runas_pw, cs->runaslist) == TRUE) { - rval = cmnd_matches(user_cmnd, user_args, cs->cmnd); + if (runas_matches(cs->runaslist) == TRUE) { + rval = cmnd_matches(cs->cmnd); if (rval != UNSPEC) { matched = rval; tags = &cs->tags; @@ -205,7 +205,7 @@ display_privs(pw) for (us = userspecs; us != NULL; us = us->next) { if (user_matches(pw, us->user) != TRUE || - host_matches(user_shost, user_host, us->privileges->hostlist) != TRUE) + host_matches(us->privileges->hostlist) != TRUE) continue; priv = us->privileges; diff --git a/parse.h b/parse.h index abf1231c3..55f9fe781 100644 --- a/parse.h +++ b/parse.h @@ -158,13 +158,13 @@ struct defaults { char *alias_add __P((char *, int, struct member *)); int addr_matches __P((char *)); int alias_remove __P((char *, int)); -int cmnd_matches __P((char *, char *, struct member *)); +int cmnd_matches __P((struct member *)); int command_matches __P((char *, char *)); -int host_matches __P((char *, char *, struct member *)); +int host_matches __P((struct member *)); int hostname_matches __P((char *, char *, char *)); int netgr_matches __P((char *, char *, char *, char *)); int no_aliases __P((void)); -int runas_matches __P((struct passwd *, struct member *)); +int runas_matches __P((struct member *)); int user_matches __P((struct passwd *, struct member *)); int usergr_matches __P((char *, char *, struct passwd *)); int userpw_matches __P((char *, char *, struct passwd *)); diff --git a/testsudoers.c b/testsudoers.c index dbb717e89..ecf514e0f 100644 --- a/testsudoers.c +++ b/testsudoers.c @@ -224,12 +224,12 @@ main(argc, argv) putchar('\n'); print_privilege(priv); putchar('\n'); - if (host_matches(user_shost, user_host, priv->hostlist) == TRUE) { + if (host_matches(priv->hostlist) == TRUE) { puts("\thost matched"); for (cs = priv->cmndlist; cs != NULL; cs = cs->next) { - if (runas_matches(runas_pw, cs->runaslist) == TRUE) { + if (runas_matches(cs->runaslist) == TRUE) { puts("\trunas matched"); - rval = cmnd_matches(user_cmnd, user_args, cs->cmnd); + rval = cmnd_matches(cs->cmnd); if (rval != UNSPEC) matched = rval; printf("\tcommand %s\n", rval == ALLOW ? "allowed" : -- 2.50.1