From e8eec34022bae3e391cfd7ea8ccfda414b2815ab Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 15 Mar 2010 18:13:58 -0400 Subject: [PATCH] Wire up policy_list --- plugins/sudoers/sudoers.c | 54 +++++++++++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 10 deletions(-) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index dd5cb7580..69f466cd5 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -327,16 +327,18 @@ sudoers_policy_close(int exit_status, int error) } static int -sudoers_policy_check(int argc, char * const argv[], char *env_add[], - char **command_infop[], char **argv_out[], char **user_env_out[]) +sudoers_policy_main(int argc, char * const argv[], char *env_add[], + char **command_infop[], char **argv_out[], char **user_env_out[]) { static char *command_info[32]; /* XXX */ struct sudo_nss *nss; char **old_environ = environ; - int cmnd_status, fd, validated, pwflag = 0; + int cmnd_status = -1, fd, validated, pwflag = 0; int info_len = 0; int rval = FALSE; + /* refactor so list can use it too */ + /* Is root even allowed to run sudo? */ if (user_uid == 0 && !def_root_sudo) { warningx("sudoers specifies that root is not allowed to sudo"); @@ -344,7 +346,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], } if (sigsetjmp(error_jmp, 1)) { - /* called via error(), errorx() or log_error() */ + /* error recovery via error(), errorx() or log_error() */ return -1; } @@ -357,9 +359,6 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], /* Set environ to contents of user_env. */ env_init(user_env); - /* XXX*/ - SET(sudo_mode, MODE_RUN); - #ifdef USING_NONUNIX_GROUPS sudo_nonunix_groupcheck_init(); /* initialise nonunix groups impl */ #endif /* USING_NONUNIX_GROUPS */ @@ -507,12 +506,19 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], } log_allowed(validated); + if (ISSET(sudo_mode, MODE_CHECK)) + rval = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw); + else if (ISSET(sudo_mode, MODE_LIST)) + display_privs(snl, list_pw ? list_pw : sudo_user.pw); /* XXX - return val */ /* Cleanup sudoers sources */ tq_foreach_fwd(snl, nss) { nss->close(nss); } + if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST))) + goto done; + /* * Set umask based on sudoers. * If user's umask is more restrictive, OR in those bits too @@ -566,7 +572,6 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], sudo_endpwent(); sudo_endgrent(); - /* XXX - handle ENOMEM */ command_info[info_len++] = fmt_string("command", safe_cmnd); if (def_stay_setuid) { easprintf(&command_info[info_len++], "runas_uid=%u", user_uid); @@ -581,7 +586,6 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], /* Must audit before uid change. */ //audit_success(NewArgv); /* XXX */ - /* XXX - set argv_out and env_out */ *command_infop = command_info; *argv_out = NewArgv; @@ -595,6 +599,36 @@ done: return rval; } +static int +sudoers_policy_check(int argc, char * const argv[], char *env_add[], + char **command_infop[], char **argv_out[], char **user_env_out[]) +{ + SET(sudo_mode, MODE_RUN); + + return sudoers_policy_main(argc, argv, env_add, command_infop, + argv_out, user_env_out); +} + +static int +sudoers_policy_list(int argc, char * const argv[], int verbose, + const char *list_user) +{ + user_cmnd = "list"; + if (argc) + SET(sudo_mode, MODE_CHECK); + else + SET(sudo_mode, MODE_LIST); + if (verbose) + long_list = 1; + if (list_user) { + list_pw = sudo_getpwnam(list_user); + warningx("unknown user: %s", optarg); + return -1; + } + + return sudoers_policy_main(argc, argv, NULL, NULL, NULL, NULL); +} + /* * Initialize timezone, set umask, fill in ``sudo_user'' struct and * load the ``interfaces'' array. @@ -1289,8 +1323,8 @@ struct policy_plugin sudoers_policy = { sudoers_policy_close, sudoers_policy_version, sudoers_policy_check, -#ifdef notyet sudoers_policy_list, +#ifdef notyet sudoers_policy_validate, sudoers_policy_invalidate #endif -- 2.50.1