/*
- * Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
while (perm_stack_depth > 1)
restore_perms();
- grlist_delref(perm_stack[0].grlist);
+ sudo_grlist_delref(perm_stack[0].grlist);
debug_return;
}
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
/* Stash initial state */
#ifdef HAVE_GETRESUID
if (getresuid(&state->ruid, &state->euid, &state->suid)) {
- strlcpy(errbuf, "PERM_INITIAL: getresuid", sizeof(errbuf));
+ errstr = "PERM_INITIAL: getresuid";
goto bad;
}
if (getresgid(&state->rgid, &state->egid, &state->sgid)) {
- strlcpy(errbuf, "PERM_INITIAL: getresgid", sizeof(errbuf));
+ errstr = "PERM_INITIAL: getresgid";
goto bad;
}
#else
state->sgid = state->egid; /* in case we are setgid */
#endif
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: "
"ruid: %d, euid: %d, suid: %d, rgid: %d, egid: %d, sgid: %d",
__func__, (int)state->ruid, (int)state->euid, (int)state->suid,
goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
break;
case PERM_USER:
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid,
(int)state->ruid, (int)state->euid, (int)state->suid);
if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
case PERM_SUDOERS:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
/* assumes euid == ROOT_UID, ruid == user */
state->rgid = ostate->rgid;
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
* we use a non-zero uid in order to avoid NFS lossage.
* Using uid 1 is a bit bogus but should work on all OS's.
*/
- if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
state->euid = 1;
else
state->euid = sudoers_uid;
case PERM_TIMESTAMP:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
state->rgid = ostate->rgid;
state->egid = ostate->egid;
state->sgid = ostate->sgid;
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
goto bad;
}
}
- grlist_delref(state->grlist);
+ sudo_grlist_delref(state->grlist);
debug_return;
bad:
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
state->egid = getgidx(ID_EFFECTIVE);
state->sgid = getgidx(ID_SAVED);
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: "
"ruid: %d, euid: %d, suid: %d, rgid: %d, egid: %d, sgid: %d",
__func__, (unsigned int)state->ruid, (unsigned int)state->euid,
goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
break;
case PERM_USER:
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid,
(int)state->ruid, (int)state->euid, (int)state->suid);
if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
case PERM_SUDOERS:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
/* assume euid == ROOT_UID, ruid == user */
state->rgid = ostate->rgid;
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
* we use a non-zero uid in order to avoid NFS lossage.
* Using uid 1 is a bit bogus but should work on all OS's.
*/
- if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
state->euid = 1;
else
state->euid = sudoers_uid;
case PERM_TIMESTAMP:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
state->rgid = ostate->rgid;
state->egid = ostate->egid;
state->sgid = ostate->sgid;
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
goto bad;
}
}
- grlist_delref(state->grlist);
+ sudo_grlist_delref(state->grlist);
debug_return;
bad:
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
state->rgid = getgid();
state->egid = getegid();
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: "
"ruid: %d, euid: %d, rgid: %d, egid: %d", __func__,
(int)state->ruid, (int)state->euid,
}
}
state->rgid = ostate->rgid;
- state->egid = ostate->rgid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, (int)state->rgid, (int)state->egid);
+ if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
+ snprintf(errbuf, sizeof(errbuf),
+ "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid));
+ goto bad;
+ }
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
break;
case PERM_USER:
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid,
(int)ostate->euid, (int)state->ruid, (int)state->euid);
if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
case PERM_SUDOERS:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
/* assume euid == ROOT_UID, ruid == user */
state->rgid = ostate->rgid;
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
* we use a non-zero uid in order to avoid NFS lossage.
* Using uid 1 is a bit bogus but should work on all OS's.
*/
- if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
state->euid = 1;
else
state->euid = sudoers_uid;
case PERM_TIMESTAMP:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
state->rgid = ostate->rgid;
state->egid = ostate->egid;
state->ruid = ROOT_UID;
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
if (OID(euid) == ROOT_UID) {
/* setuid() may not set the saved ID unless the euid is ROOT_UID */
if (ID(euid) != ROOT_UID)
- (void)setreuid(-1, ROOT_UID);
+ ignore_result(setreuid(-1, ROOT_UID));
if (setuid(ROOT_UID)) {
warning("setuid() [%d, %d] -> %d)", (int)state->ruid,
(int)state->euid, ROOT_UID);
goto bad;
}
}
- grlist_delref(state->grlist);
+ sudo_grlist_delref(state->grlist);
debug_return;
bad:
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
state->rgid = getgid();
state->egid = getegid();
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: "
"ruid: %d, euid: %d, rgid: %d, egid: %d", __func__,
(int)state->ruid, (int)state->euid,
state->ruid = ROOT_UID;
state->euid = ROOT_UID;
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, ROOT_GID, ROOT_GID);
+ if (GID_CHANGED && setegid(ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
break;
case PERM_USER:
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
goto bad;
}
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setegid(state->egid)) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid,
(int)ostate->euid, (int)state->ruid, (int)state->euid);
if (seteuid(state->euid)) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
case PERM_SUDOERS:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
/* assume euid == ROOT_UID, ruid == user */
state->rgid = ostate->rgid;
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setegid(sudoers_gid)) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
* we use a non-zero uid in order to avoid NFS lossage.
* Using uid 1 is a bit bogus but should work on all OS's.
*/
- if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+ if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
state->euid = 1;
else
state->euid = sudoers_uid;
case PERM_TIMESTAMP:
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
state->rgid = ostate->rgid;
state->egid = ostate->egid;
state->ruid = ROOT_UID;
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
warning("seteuid(%d)", ostate->euid);
goto bad;
}
- grlist_delref(state->grlist);
+ sudo_grlist_delref(state->grlist);
debug_return;
bad:
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
state->ruid = geteuid() == ROOT_UID ? ROOT_UID : getuid();
state->rgid = getgid();
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_INITIAL: "
"ruid: %d, rgid: %d", __func__, (int)state->ruid, (int)state->rgid);
break;
case PERM_ROOT:
state->ruid = ROOT_UID;
- state->rgid = ostate->rgid;
+ state->rgid = ROOT_GID;
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
if (setuid(ROOT_UID)) {
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID);
goto bad;
}
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
+ if (setgid(ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
break;
case PERM_FULL_USER:
state->rgid = user_gid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: "
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
(void) setgid(user_gid);
state->grlist = user_group_list;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
state->ruid = user_uid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: "
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
if (setuid(user_uid)) {
snprintf(errbuf, sizeof(errbuf),
state->ruid = ostate->ruid;
state->rgid = ostate->rgid;
state->grlist = ostate->grlist;
- grlist_addref(state->grlist);
+ sudo_grlist_addref(state->grlist);
break;
}
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
goto bad;
}
}
- grlist_delref(state->grlist);
+ sudo_grlist_delref(state->grlist);
if (OID(ruid) != -1 && setuid(ostate->ruid)) {
warning("setuid(%d)", (int)ostate->ruid);
goto bad;
debug_decl(runas_setgroups, SUDO_DEBUG_PERMS)
if (def_preserve_groups) {
- grlist_addref(user_group_list);
+ sudo_grlist_addref(user_group_list);
debug_return_ptr(user_group_list);
}
#ifdef HAVE_SETAUTHDB
aix_setauthdb(pw->pw_name);
#endif
- grlist = get_group_list(pw);
+ grlist = sudo_get_grlist(pw);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0)
- log_fatal(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector"));
+ log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector"));
debug_return_ptr(grlist);
}
#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
projects / debian / sudo / blobdiff