mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-31 22:35:10 +00:00
Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context.
This commit is contained in:
Todd C. Miller
@@ -193,8 +193,8 @@ runas_userlist_matches(const struct sudoers_parse_tree *parse_tree,
|
||||
* was specified on the command line without a user _or_
|
||||
* the user specified their own name on the command line.
|
||||
*/
|
||||
if ((!ISSET(user_ctx.flags, RUNAS_USER_SPECIFIED) &&
|
||||
ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) ||
|
||||
if ((!ISSET(runas_ctx.flags, RUNAS_USER_SPECIFIED) &&
|
||||
ISSET(runas_ctx.flags, RUNAS_GROUP_SPECIFIED)) ||
|
||||
strcmp(user_ctx.name, runas_ctx.pw->pw_name) == 0)
|
||||
user_matched = !m->negated;
|
||||
break;
|
||||
@@ -303,7 +303,7 @@ runaslist_matches(const struct sudoers_parse_tree *parse_tree,
|
||||
}
|
||||
|
||||
user_matched = runas_userlist_matches(parse_tree, user_list, matching_user);
|
||||
if (ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) {
|
||||
if (ISSET(runas_ctx.flags, RUNAS_GROUP_SPECIFIED)) {
|
||||
group_matched = runas_grouplist_matches(parse_tree, group_list,
|
||||
matching_group);
|
||||
}
|
||||
|
||||
@@ -220,13 +220,13 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
|
||||
if (MATCHES(*cur, "runas_user=")) {
|
||||
CHECK(*cur, "runas_user=");
|
||||
runas_ctx.user = *cur + sizeof("runas_user=") - 1;
|
||||
SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
continue;
|
||||
}
|
||||
if (MATCHES(*cur, "runas_group=")) {
|
||||
CHECK(*cur, "runas_group=");
|
||||
runas_ctx.group = *cur + sizeof("runas_group=") - 1;
|
||||
SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
continue;
|
||||
}
|
||||
if (MATCHES(*cur, "prompt=")) {
|
||||
|
||||
@@ -340,11 +340,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
sudo_pw_delref(runas_ctx.pw);
|
||||
if (ud->runuser != NULL) {
|
||||
runas_ctx.user = (char *)ud->runuser;
|
||||
SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
runas_ctx.pw = sudo_getpwnam(runas_ctx.user);
|
||||
} else {
|
||||
runas_ctx.user = NULL;
|
||||
CLR(user_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
CLR(runas_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
runas_ctx.pw = sudo_getpwnam("root");
|
||||
}
|
||||
if (runas_ctx.pw == NULL) {
|
||||
@@ -357,7 +357,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
sudo_gr_delref(runas_ctx.gr);
|
||||
if (ud->rungroup != NULL) {
|
||||
runas_ctx.group = (char *)ud->rungroup;
|
||||
SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
runas_ctx.gr = sudo_getgrnam(runas_ctx.group);
|
||||
if (runas_ctx.gr == NULL) {
|
||||
sudo_warnx_nodebug("unknown run group %s",
|
||||
@@ -366,7 +366,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
}
|
||||
} else {
|
||||
runas_ctx.group = NULL;
|
||||
CLR(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
CLR(runas_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
runas_ctx.gr = NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -104,11 +104,11 @@ struct sudoers_user_context {
|
||||
char *iolog_file;
|
||||
char *iolog_path;
|
||||
GETGROUPS_T *gids;
|
||||
unsigned int flags;
|
||||
int ngids;
|
||||
int closefrom;
|
||||
int lines;
|
||||
int cols;
|
||||
unsigned int flags;
|
||||
int max_groups;
|
||||
int timeout;
|
||||
mode_t umask;
|
||||
@@ -120,6 +120,8 @@ struct sudoers_user_context {
|
||||
};
|
||||
|
||||
struct sudoers_runas_context {
|
||||
unsigned int flags;
|
||||
int execfd;
|
||||
struct passwd *pw;
|
||||
struct group *gr;
|
||||
struct passwd *list_pw;
|
||||
@@ -142,7 +144,6 @@ struct sudoers_runas_context {
|
||||
char *privs;
|
||||
char *limitprivs;
|
||||
#endif
|
||||
int execfd;
|
||||
};
|
||||
|
||||
/*
|
||||
@@ -155,11 +156,15 @@ struct sudoers_runas_context {
|
||||
/*
|
||||
* user_ctx.flag values
|
||||
*/
|
||||
#define CAN_INTERCEPT_SETID 0x01U
|
||||
#define HAVE_INTERCEPT_PTRACE 0x02U
|
||||
#define USER_INTERCEPT_SETID 0x04U
|
||||
|
||||
/*
|
||||
* runas_ctx.flag values
|
||||
*/
|
||||
#define RUNAS_USER_SPECIFIED 0x01U
|
||||
#define RUNAS_GROUP_SPECIFIED 0x02U
|
||||
#define CAN_INTERCEPT_SETID 0x04U
|
||||
#define HAVE_INTERCEPT_PTRACE 0x08U
|
||||
#define USER_INTERCEPT_SETID 0x10U
|
||||
|
||||
/*
|
||||
* Return values for sudoers_lookup(), also used as arguments for log_auth()
|
||||
|
||||
@@ -149,7 +149,7 @@ main(int argc, char *argv[])
|
||||
break;
|
||||
case 'g':
|
||||
runas_group = optarg;
|
||||
SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_GROUP_SPECIFIED);
|
||||
break;
|
||||
case 'h':
|
||||
user_ctx.host = optarg;
|
||||
@@ -206,7 +206,7 @@ main(int argc, char *argv[])
|
||||
break;
|
||||
case 'u':
|
||||
runas_user = optarg;
|
||||
SET(user_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
SET(runas_ctx.flags, RUNAS_USER_SPECIFIED);
|
||||
break;
|
||||
case 'v':
|
||||
if (sudo_mode != MODE_RUN) {
|
||||
|
||||
Reference in New Issue
Block a user