/*
- * Copyright (c) 1996, 1998-2005, 2007-2008
+ * Copyright (c) 1996, 1998-2005, 2007-2010
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#endif /* STDC_HEADERS */
#ifdef HAVE_STRING_H
# include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-# include <strings.h>
-# endif
#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <arpa/inet.h>
#include <netdb.h>
+#include "tsgetgrpw.h"
#include "sudo.h"
#include "interfaces.h"
#include "parse.h"
# include "emul/fnmatch.h"
#endif /* HAVE_FNMATCH */
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.128 2008/11/19 17:01:20 millert Exp $";
-#endif /* lint */
-
-
/*
* Globals
*/
struct passwd *list_pw;
extern int parse_error;
-/* passwd/group redirection for pwutil.c */
-void (*my_setgrent) __P((void)) = setgrent;
-void (*my_endgrent) __P((void)) = endgrent;
-struct group *(*my_getgrnam) __P((const char *)) = getgrnam;
-struct group *(*my_getgrgid) __P((gid_t)) = getgrgid;
-void (*my_setpwent) __P((void)) = setpwent;
-void (*my_endpwent) __P((void)) = endpwent;
-struct passwd *(*my_getpwnam) __P((const char *)) = getpwnam;
-struct passwd *(*my_getpwuid) __P((uid_t)) = getpwuid;
-
/* For getopt(3) */
extern char *optarg;
extern int optind;
void set_runasgr __P((char *));
void set_runaspw __P((char *));
-extern void ts_setgrfile __P((const char *));
-extern void ts_setgrent __P((void));
-extern void ts_endgrent __P((void));
-extern struct group *ts_getgrent __P((void));
-extern struct group *ts_getgrnam __P((const char *));
-extern struct group *ts_getgrgid __P((gid_t));
-extern void ts_setpwfile __P((const char *));
-extern void ts_setpwent __P((void));
-extern void ts_endpwent __P((void));
-extern struct passwd *ts_getpwent __P((void));
-extern struct passwd *ts_getpwnam __P((const char *));
-extern struct passwd *ts_getpwuid __P((uid_t));
-
int
main(argc, argv)
int argc;
struct userspec *us;
char *p, *grfile, *pwfile, *runas_group, *runas_user;
char hbuf[MAXHOSTNAMELEN + 1];
- int ch, dflag, rval, matched;
+ int match, host_match, runas_match, cmnd_match;
+ int ch, dflag;
#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
malloc_options = "AFGJPR";
NewArgv = argv;
/* Set group/passwd file and init the cache. */
- if (grfile) {
- my_setgrent = ts_setgrent;
- my_endgrent = ts_endgrent;
- my_getgrnam = ts_getgrnam;
- my_getgrgid = ts_getgrgid;
- ts_setgrfile(grfile);
- }
- if (pwfile) {
- my_setpwent = ts_setpwent;
- my_endpwent = ts_endpwent;
- my_getpwnam = ts_getpwnam;
- my_getpwuid = ts_getpwuid;
- ts_setpwfile(pwfile);
- }
+ if (grfile)
+ setgrfile(grfile);
+ if (pwfile)
+ setpwfile(pwfile);
sudo_setpwent();
sudo_setgrent();
if (argc < 2) {
if (!dflag)
usage();
- if ((sudo_user.pw = sudo_getpwnam("nobody")) == NULL)
- errorx(1, "no passwd entry for nobody!");
+ if ((sudo_user.pw = sudo_getpwnam("root")) == NULL)
+ errorx(1, "no passwd entry for root!");
user_cmnd = user_base = "true";
} else {
if ((sudo_user.pw = sudo_getpwnam(*argv)) == NULL)
}
/* Fill in user_args from NewArgv. */
- if (NewArgc > 1) {
+ if (NewArgc > 0) {
char *to, **from;
size_t size, n;
/* Allocate space for data structures in the parser. */
init_parser("sudoers", 0);
- if (yyparse() != 0 || parse_error)
+ if (yyparse() != 0 || parse_error) {
+ parse_error = TRUE;
(void) fputs("Does not parse", stdout);
- else
+ } else {
(void) fputs("Parses OK", stdout);
+ }
if (!update_defaults(SETDEF_ALL))
(void) fputs(" (problem with defaults entries)", stdout);
(void) putchar('\n');
dump_sudoers();
if (argc < 2)
- exit(0);
+ exit(parse_error ? 1 : 0);
}
- /* This loop must match the one in sudoers_lookup() */
+ /* This loop must match the one in sudo_file_lookup() */
printf("\nEntries for user %s:\n", user_name);
- matched = UNSPEC;
+ match = UNSPEC;
tq_foreach_rev(&userspecs, us) {
if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
continue;
putchar('\n');
print_privilege(priv); /* XXX */
putchar('\n');
- if (hostlist_matches(&priv->hostlist) == ALLOW) {
+ host_match = hostlist_matches(&priv->hostlist);
+ if (host_match == ALLOW) {
puts("\thost matched");
tq_foreach_rev(&priv->cmndlist, cs) {
- if (runaslist_matches(&cs->runasuserlist,
- &cs->runasgrouplist) == ALLOW) {
+ runas_match = runaslist_matches(&cs->runasuserlist,
+ &cs->runasgrouplist);
+ if (runas_match == ALLOW) {
puts("\trunas matched");
- rval = cmnd_matches(cs->cmnd);
- if (rval != UNSPEC)
- matched = rval;
- printf("\tcmnd %s\n", rval == ALLOW ? "allowed" :
- rval == DENY ? "denied" : "unmatched");
+ cmnd_match = cmnd_matches(cs->cmnd);
+ if (cmnd_match != UNSPEC)
+ match = cmnd_match;
+ printf("\tcmnd %s\n", match == ALLOW ? "allowed" :
+ match == DENY ? "denied" : "unmatched");
}
}
} else
puts("\thost unmatched");
}
}
- printf("\nCommand %s\n", matched == ALLOW ? "allowed" :
- matched == DENY ? "denied" : "unmatched");
+ printf("\nCommand %s\n", match == ALLOW ? "allowed" :
+ match == DENY ? "denied" : "unmatched");
- exit(0);
+ /*
+ * Exit codes:
+ * 0 - parsed OK and command matched.
+ * 1 - parse error
+ * 2 - command not matched
+ * 3 - command denied
+ */
+ if (parse_error)
+ exit(1);
+ exit(match == ALLOW ? 0 : match + 3);
}
void
sudo_getepw(pw)
const struct passwd *pw;
{
- return (pw->pw_passwd);
+ return pw->pw_passwd;
}
void
}
FILE *
-open_sudoers(path, keepopen)
+open_sudoers(path, isdir, keepopen)
const char *path;
+ int isdir;
int *keepopen;
{
- return(fopen(path, "r"));
+ return fopen(path, "r");
}
void
return;
}
-void
+int
set_perms(perm)
int perm;
{
- return;
+ return 1;
}
void
c = (struct sudo_command *) m->name;
printf("%s%s%s", c->cmnd, c->args ? " " : "",
c->args ? c->args : "");
- } else
+ } else if (m->type == ALL) {
+ fputs("ALL", stdout);
+ } else {
fputs(m->name, stdout);
+ }
}
putchar('\n');
- return(0);
+ return 0;
}
void
tq_foreach_fwd(&p->cmndlist, cs) {
if (cs != tq_first(&p->cmndlist))
fputs(", ", stdout);
- /* XXX - runasgrouplist too */
- if (!tq_empty(&cs->runasuserlist)) {
+ if (!tq_empty(&cs->runasuserlist) || !tq_empty(&cs->runasgrouplist)) {
fputs("(", stdout);
- tq_foreach_fwd(&cs->runasuserlist, m) {
- if (m != tq_first(&cs->runasuserlist))
- fputs(", ", stdout);
- print_member(m);
+ if (!tq_empty(&cs->runasuserlist)) {
+ tq_foreach_fwd(&cs->runasuserlist, m) {
+ if (m != tq_first(&cs->runasuserlist))
+ fputs(", ", stdout);
+ print_member(m);
+ }
+ } else if (tq_empty(&cs->runasgrouplist)) {
+ fputs(def_runas_default, stdout);
+ } else {
+ fputs(sudo_user.pw->pw_name, stdout);
+ }
+ if (!tq_empty(&cs->runasgrouplist)) {
+ fputs(" : ", stdout);
+ tq_foreach_fwd(&cs->runasgrouplist, m) {
+ if (m != tq_first(&cs->runasgrouplist))
+ fputs(", ", stdout);
+ print_member(m);
+ }
}
fputs(") ", stdout);
}