/* Parse nsswitch.conf for sudoers order. */
snl = sudo_read_nss();
+ /* LDAP or NSS may modify the euid so we need to be root for the open. */
set_perms(PERM_INITIAL);
+ set_perms(PERM_ROOT);
/* Open and parse sudoers, set global defaults */
tq_foreach_fwd(snl, nss) {
/* XXX - collect post-sudoers parse settings into a function */
/*
- * Initialize external group plugin.
+ * Initialize external group plugin, if any.
*/
if (def_group_plugin) {
- switch (group_plugin_load(def_group_plugin)) {
- case -1:
- return -1;
- case FALSE:
+ if (group_plugin_load(def_group_plugin) != TRUE)
def_group_plugin = NULL;
- }
}
/*
/* Close the session we opened in sudoers_policy_init_session(). */
if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT))
- (void)auth_end_session();
+ (void)sudo_auth_end_session(runas_pw);
/* Free remaining references to password and group entries. */
pw_delref(sudo_user.pw);
return -1;
}
- return auth_begin_session(pwd);
+ return sudo_auth_begin_session(pwd);
}
static int
* if necessary. It is assumed that euid is 0 at this point so we
* can read the shadow passwd file if necessary.
*/
- if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) {
- struct passwd pw;
-
- /* Create a fake struct passwd for log_error(). */
- memset(&pw, 0, sizeof(pw));
- pw.pw_uid = getuid();
- pw.pw_name = user_name;
- sudo_user.pw = &pw;
-
+ if ((sudo_user.pw = sudo_getpwuid(user_uid)) == NULL) {
/*
* It is not unusual for users to place "sudo -k" in a .logout
* file which can cause sudo to be run during reboot after the
* YP/NIS/NIS+/LDAP/etc daemon has died.
*/
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
- errorx(1, _("unknown user: %s"), user_name);
- log_error(0, _("unknown user: %s"), user_name);
+ errorx(1, _("unknown uid: %u"), (unsigned int) user_uid);
+
+ /* Need to make a fake struct passwd for the call to log_error(). */
+ sudo_user.pw = sudo_fakepwnamid(user_name, user_uid, user_gid);
+ log_error(0, _("unknown uid: %u"), (unsigned int) user_uid);
/* NOTREACHED */
}