From 034b2f3bdd88525d9abee115089a1813ad7f8dee Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sun, 10 Sep 2023 16:38:53 -0600
Subject: [PATCH] Add testsudoers_setshellfile() and use it in testsudoers.

---
 Makefile.in                   |  5 ++++-
 lib/util/getusershell.c       | 16 +++++++++++++++-
 plugins/sudoers/Makefile.in   | 32 ++++++++++++++++++++++++--------
 plugins/sudoers/pwutil_impl.c |  6 +++---
 plugins/sudoers/tsgetgrpw.h   |  5 +++++
 5 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index f0c33a648..3caa66750 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -212,7 +212,10 @@ uninstall-nls:
 siglist.c signame.c:
 	cd lib/util && exec $(MAKE) $@
 
-depend: siglist.c signame.c
+tsgetusershell.c:
+	cd plugins/sudoers && exec $(MAKE) $@
+
+depend: siglist.c signame.c tsgetusershell.c
 	$(scriptdir)/mkdep.pl \
 	    --srcdir=$(abs_top_srcdir) --builddir=$(abs_top_builddir) \
 	    lib/util/Makefile.in lib/zlib/Makefile.in \
diff --git a/lib/util/getusershell.c b/lib/util/getusershell.c
index e38b091d3..56661d012 100644
--- a/lib/util/getusershell.c
+++ b/lib/util/getusershell.c
@@ -31,6 +31,11 @@
 #include "sudo_debug.h"
 #include "sudo_util.h"
 
+#ifdef TESTSUDOERS
+# include "tsgetgrpw.h"
+#endif
+
+static const char *shellfile = "/etc/shell";
 static char **allowed_shells, * const *current_shell;
 static const char *default_shells[] = {
     "/bin/sh",
@@ -53,7 +58,7 @@ read_shells(void)
     FILE *fp;
     debug_decl(read_shells, SUDO_DEBUG_UTIL);
 
-    if ((fp = fopen("/etc/shells", "r")) == NULL)
+    if ((fp = fopen(shellfile, "r")) == NULL)
 	goto bad;
 
     free(allowed_shells);
@@ -129,3 +134,12 @@ sudo_getusershell(void)
 
     debug_return_str(*current_shell++);
 }
+
+#ifdef TESTSUDOERS
+void
+testsudoers_setshellfile(const char *file)
+{
+    testsudoers_endusershell();
+    shellfile = file;
+}
+#endif /* TESTSUDOERS */
diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index e36f413dc..694bb8024 100644
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -201,11 +201,12 @@ VISUDO_OBJS = check_aliases.o editor.lo find_path.lo gc.lo goodpath.lo \
 
 VISUDO_IOBJS = sudo_printf.i visudo.i
 
-CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o cvtsudoers_csv.o \
-		  cvtsudoers_ldif.o cvtsudoers_merge.o cvtsudoers_pwutil.o \
-		  fmtsudoers.lo fmtsudoers_cvt.lo locale.lo parse_ldif.o \
-		  sethost.lo stubs.o sudo_printf.o sudoers_ctx_free.lo \
-		  ldap_util.lo testsudoers_pwutil.o tsgetgrpw.o
+CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_csv.o \
+                  cvtsudoers_json.o cvtsudoers_ldif.o cvtsudoers_merge.o \
+                  cvtsudoers_pwutil.o fmtsudoers.lo fmtsudoers_cvt.lo \
+                  ldap_util.lo locale.lo parse_ldif.o sethost.lo \
+                  stubs.o sudo_printf.o sudoers_ctx_free.lo \
+                  testsudoers_pwutil.o tsgetgrpw.o tsgetusershell.o
 
 CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_csv.i cvtsudoers_json.i \
 		   cvtsudoers_ldif.i cvtsudoers_merge.i cvtsudoers_pwutil.i
@@ -217,7 +218,7 @@ REPLAY_IOBJS = $(REPLAY_OBJS:.o=.i)
 TEST_OBJS = check_util.lo fmtsudoers.lo fmtsudoers_cvt.lo group_plugin.lo \
 	    interfaces.lo ldap_util.lo locale.lo lookup.lo net_ifs.o \
 	    parse_ldif.o sethost.lo sudo_printf.o sudoers_ctx_free.lo \
-	    testsudoers.o testsudoers_pwutil.o tsgetgrpw.o
+	    testsudoers.o testsudoers_pwutil.o tsgetgrpw.o tsgetusershell.o
 
 IOBJS = $(LIBPARSESUDOERS_IOBJS) $(SUDOERS_IOBJS) $(VISUDO_IOBJS) \
 	$(CVTSUDOERS_IOBJS) $(REPLAY_IOBJS)
@@ -333,7 +334,7 @@ $(shlib_opt): $(shlib_exp)
 .y.c:
 	@true
 
-depend:
+depend: tsgetusershell.c
 	$(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \
 	    --builddir=$(abs_top_builddir) plugins/sudoers/Makefile.in
 	cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile
@@ -544,6 +545,9 @@ $(devdir)/def_data.c $(devdir)/def_data.h: $(srcdir)/def_data.in
 	    echo "$$cmd"; eval $$cmd; \
 	fi
 
+tsgetusershell.c: $(top_srcdir)/lib/util/getusershell.c
+	$(SED) -e 's/^sudo_/testsudoers_/' -e '/config.h/a#define TESTSUDOERS' $(top_srcdir)/lib/util/getusershell.c > $@
+
 sudoers: $(srcdir)/sudoers.in
 	cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@
 
@@ -695,7 +699,7 @@ clean:
 mostlyclean: clean
 
 distclean: clean
-	-rm -rf Makefile sudoers sudoers.lo regress/harness \
+	-rm -rf Makefile sudoers sudoers.lo tsgetusershell.c regress/harness \
 	    .libs $(shlib_map) $(shlib_opt)
 	@if [ -n "$(DEVEL)" -a "$(devdir)" != "$(srcdir)" ]; then \
 	    cmd='rm -rf $(GENERATED)'; \
@@ -3354,6 +3358,18 @@ tsgetgrpw.i: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 tsgetgrpw.plog: tsgetgrpw.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tsgetgrpw.c --i-file $< --output-file $@
+tsgetusershell.o: tsgetusershell.c $(incdir)/compat/stdbool.h \
+                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                  $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) tsgetusershell.c
+tsgetusershell.i: tsgetusershell.c $(incdir)/compat/stdbool.h \
+                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                  $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h
+	$(CC) -E -o $@ $(CPPFLAGS) $<
+tsgetusershell.plog: tsgetusershell.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file tsgetusershell.c --i-file $< --output-file $@
 unesc_str.lo: $(srcdir)/unesc_str.c $(devdir)/def_data.h \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c
index ebdd1b800..e195335bf 100644
--- a/plugins/sudoers/pwutil_impl.c
+++ b/plugins/sudoers/pwutil_impl.c
@@ -462,12 +462,12 @@ PREFIX(valid_shell)(const char *shell)
     sudo_debug_printf(SUDO_DEBUG_INFO,
 	"%s: checking /etc/shells for %s", __func__, shell);
 
-    setusershell();
-    while ((entry = getusershell()) != NULL) {
+    CALL(setusershell)();
+    while ((entry = CALL(getusershell)()) != NULL) {
 	if (strcmp(entry, shell) == 0)
 	    debug_return_bool(true);
     }
-    endusershell();
+    CALL(endusershell)();
 
     debug_return_bool(false);
 }
diff --git a/plugins/sudoers/tsgetgrpw.h b/plugins/sudoers/tsgetgrpw.h
index 0a649670b..88a232dcf 100644
--- a/plugins/sudoers/tsgetgrpw.h
+++ b/plugins/sudoers/tsgetgrpw.h
@@ -43,5 +43,10 @@ struct passwd *testsudoers_getpwent(void);
 struct passwd *testsudoers_getpwnam(const char *);
 struct passwd *testsudoers_getpwuid(uid_t);
 
+char *testsudoers_getusershell(void);
+void testsudoers_setusershell(void);
+void testsudoers_endusershell(void);
+void testsudoers_setshellfile(const char *file);
+
 int testsudoers_getgrouplist2(const char *name, GETGROUPS_T basegid,
     GETGROUPS_T **groupsp, int *ngroupsp);