From 13966481c70bde95680eed0764f82a637a5ebd46 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 3 May 2010 16:53:05 -0400 Subject: [PATCH] Add print_error() function that uses the conversation function to print a variable number of error strings and use it in log_error(). --- plugins/sudoers/logging.c | 35 ++++++++--------- plugins/sudoers/plugin_error.c | 68 ++++++++++++++++++++++++---------- plugins/sudoers/sudoers.h | 3 ++ 3 files changed, 69 insertions(+), 37 deletions(-) diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index e9c6830ef..7eaa9de19 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -275,23 +275,24 @@ log_denial(int status, int inform_user) /* Inform the user if they failed to authenticate. */ if (inform_user) { - if (ISSET(status, FLAG_NO_USER)) - (void) fprintf(stderr, "%s is not in the sudoers file. %s", - user_name, "This incident will be reported.\n"); - else if (ISSET(status, FLAG_NO_HOST)) - (void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s", - user_name, user_shost, "This incident will be reported.\n"); - else if (ISSET(status, FLAG_NO_CHECK)) - (void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n", - user_name, user_shost); - else - (void) fprintf(stderr, - "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n", - user_name, user_cmnd, user_args ? " " : "", - user_args ? user_args : "", - list_pw ? list_pw->pw_name : runas_pw ? - runas_pw->pw_name : user_name, runas_gr ? ":" : "", - runas_gr ? runas_gr->gr_name : "", user_host); + if (ISSET(status, FLAG_NO_USER)) { + print_error(2, user_name, " is not in the sudoers file. " + "This incident will be reported.\n"); + } else if (ISSET(status, FLAG_NO_HOST)) { + print_error(4, user_name, " is not allowed to run sudo on ", + user_shost, ". This incident will be reported.\n"); + } else if (ISSET(status, FLAG_NO_CHECK)) { + print_error(5, "Sorry, user ", user_name, " may not run sudo on ", + user_shost, ".\n"); + } else { + print_error(13, "Sorry, user ", user_name, + " is not allowed to execute '", user_cmnd, + user_args ? " " : "", user_args ? user_args : "", "' ", + list_pw ? list_pw->pw_name : + runas_pw ? runas_pw->pw_name : user_name, + runas_gr ? ":" : "", runas_gr ? runas_gr->gr_name : "", " on ", + user_shost, ".\n"); + } } /* diff --git a/plugins/sudoers/plugin_error.c b/plugins/sudoers/plugin_error.c index d6e5af83b..8730ef904 100644 --- a/plugins/sudoers/plugin_error.c +++ b/plugins/sudoers/plugin_error.c @@ -36,41 +36,44 @@ extern sudo_conv_t sudo_conv; void error(int eval, const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); - cleanup(0); - siglongjmp(error_jmp, eval); + va_list ap; + + va_start(ap, fmt); + _warning(1, fmt, ap); + va_end(ap); + cleanup(0); + siglongjmp(error_jmp, eval); } void errorx(int eval, const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); - cleanup(0); - siglongjmp(error_jmp, eval); + va_list ap; + + va_start(ap, fmt); + _warning(0, fmt, ap); + va_end(ap); + cleanup(0); + siglongjmp(error_jmp, eval); } void warning(const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - _warning(1, fmt, ap); - va_end(ap); + va_list ap; + + va_start(ap, fmt); + _warning(1, fmt, ap); + va_end(ap); } void warningx(const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); - _warning(0, fmt, ap); - va_end(ap); + va_list ap; + va_start(ap, fmt); + _warning(0, fmt, ap); + va_end(ap); } static void @@ -103,3 +106,28 @@ _warning(int use_errno, const char *fmt, va_list ap) memset(&repl, 0, sizeof(repl)); sudo_conv(nmsgs, msg, repl); } + +void +print_error(int nmsgs, ...) +{ + struct sudo_conv_message *msg; + struct sudo_conv_reply *repl; + va_list ap; + int i; + + if (nmsgs <= 0) + return; + + msg = emalloc2(nmsgs, sizeof(*msg)); + repl = emalloc2(nmsgs, sizeof(*repl)); + memset(repl, 0, nmsgs * sizeof(*repl)); + + va_start(ap, nmsgs); + for (i = 0; i < nmsgs; i++) { + msg[i].msg_type = SUDO_CONV_ERROR_MSG; + msg[i].msg = va_arg(ap, char *); + } + va_end(ap); + + sudo_conv(nmsgs, msg, repl); +} diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 6e9b93b57..c2d54ecfc 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -311,6 +311,9 @@ void cleanup(int); void set_fqdn(void); FILE *open_sudoers(const char *, int, int *); +/* plugin_error.c */ +void print_error(int nmsgs, ...); + #ifndef _SUDO_MAIN extern struct sudo_user sudo_user; extern struct passwd *auth_pw, *list_pw; -- 2.40.0