X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=sudo_nss.c;h=96303202ed5eb61325461def47f7f7141004c1a3;hb=5c8f8bf137761b6776ee46ad1c509ba55eb07401;hp=4dcdf2cb601243832abe5ed0c6f25ba343c259da;hpb=a4d16b7546088ef5bdeadb3a6877bcc1d1530a63;p=debian%2Fsudo

diff --git a/sudo_nss.c b/sudo_nss.c
index 4dcdf2c..9630320 100644
--- a/sudo_nss.c
+++ b/sudo_nss.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -29,11 +29,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -101,7 +100,7 @@ nomatch:
     if (tq_empty(&snl))
 	tq_append(&snl, &sudo_nss_file);
 
-    return(&snl);
+    return &snl;
 }
 
 #else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
@@ -180,7 +179,7 @@ nomatch:
     if (tq_empty(&snl))
 	tq_append(&snl, &sudo_nss_file);
 
-    return(&snl);
+    return &snl;
 }
 
 # else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */
@@ -198,7 +197,7 @@ sudo_read_nss()
 #  endif
     tq_append(&snl, &sudo_nss_file);
 
-    return(&snl);
+    return &snl;
 }
 
 # endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */
@@ -212,18 +211,30 @@ reset_groups(pw)
 {
 #if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
     if (pw != sudo_user.pw) {
-	(void) initgroups(pw->pw_name, pw->pw_gid);
+# ifdef HAVE_SETAUTHDB
+	aix_setauthdb(pw->pw_name);
+# endif
+	if (initgroups(pw->pw_name, pw->pw_gid) == -1)
+	    log_error(USE_ERRNO|MSG_ONLY, "can't reset group vector");
+	efree(user_groups);
+	user_groups = NULL;
 	if ((user_ngroups = getgroups(0, NULL)) > 0) {
-	    user_groups = erealloc3(user_groups, user_ngroups,
-		sizeof(GETGROUPS_T));
+	    user_groups = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
 	    if (getgroups(user_ngroups, user_groups) < 0)
 		log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
-	} else {
-	    user_ngroups = 0;
-	    efree(user_groups);
 	}
+# ifdef HAVE_SETAUTHDB
+	aix_restoreauthdb();
+# endif
     }
-#endif
+#endif /* HAVE_INITGROUPS && HAVE_GETGROUPS */
+}
+
+static int
+output(buf)
+    const char *buf;
+{
+    return fputs(buf, stdout);
 }
 
 /*
@@ -236,42 +247,57 @@ display_privs(snl, pw)
     struct passwd *pw;
 {
     struct sudo_nss *nss;
-    struct lbuf lbuf;
-    int count;
+    struct lbuf defs, privs;
+    int count, olen;
 
     /* Reset group vector so group matching works correctly. */
     reset_groups(pw);
 
-    lbuf_init(&lbuf, NULL, 4, 0);
+    lbuf_init(&defs, output, 4, NULL);
+    lbuf_init(&privs, output, 4, NULL);
 
     /* Display defaults from all sources. */
+    lbuf_append(&defs, "Matching Defaults entries for ", pw->pw_name,
+	" on this host:\n", NULL);
     count = 0;
-    tq_foreach_fwd(snl, nss)
-	count += nss->display_defaults(nss, pw, &lbuf);
-    if (count) {
-	printf("Matching Defaults entries for %s on this host:\n", pw->pw_name);
-	lbuf_print(&lbuf);
-	putchar('\n');
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_defaults(nss, pw, &defs);
     }
+    if (count)
+	lbuf_append(&defs, "\n\n", NULL);
+    else
+	defs.len = 0;
 
     /* Display Runas and Cmnd-specific defaults from all sources. */
+    olen = defs.len;
+    lbuf_append(&defs, "Runas and Command-specific defaults for ", pw->pw_name,
+	":\n", NULL);
     count = 0;
-    tq_foreach_fwd(snl, nss)
-	count += nss->display_bound_defaults(nss, pw, &lbuf);
-    if (count) {
-	printf("Runas and Command-specific defaults for %s:\n", pw->pw_name);
-	lbuf_print(&lbuf);
-	putchar('\n');
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_bound_defaults(nss, pw, &defs);
     }
+    if (count)
+	lbuf_append(&defs, "\n\n", NULL);
+    else
+	defs.len = olen;
 
     /* Display privileges from all sources. */
-    printf("User %s may run the following commands on this host:\n",
-	pw->pw_name);
-    tq_foreach_fwd(snl, nss)
-	(void) nss->display_privs(nss, pw, &lbuf);
-    if (lbuf.len != 0)
-	lbuf_print(&lbuf);		/* print remainder, if any */
-    lbuf_destroy(&lbuf);
+    lbuf_append(&privs, "User ", pw->pw_name,
+	" may run the following commands on this host:\n", NULL);
+    count = 0;
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_privs(nss, pw, &privs);
+    }
+    if (count) {
+	lbuf_print(&defs);
+	lbuf_print(&privs);
+    } else {
+	printf("User %s is not allowed to run sudo on %s.\n", pw->pw_name,
+	    user_shost);
+    }
+
+    lbuf_destroy(&defs);
+    lbuf_destroy(&privs);
 }
 
 /*
@@ -290,7 +316,7 @@ display_cmnd(snl, pw)
 
     tq_foreach_fwd(snl, nss) {
 	if (nss->display_cmnd(nss, pw) == 0)
-	    return(0);
+	    return 0;
     }
-    return(1);
+    return 1;
 }