mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Make a password/group cache collision a warning rather than fatal.

Browse Source 
This should not be possible in practice and we can safely return
the new (potentially duplicate) item as it will be freed by the
caller.  Make sudo_set_grlist() return an error on failure instead
of calling fatalx().
This commit is contained in:
Todd C. Miller
2014-03-26 16:44:29 -06:00
parent db54815996
commit 2d1484fe84
2 changed files with 36 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
plugins/sudoers/pwutil.c
View File

@@ -144,9 +144,12 @@ sudo_getpwuid(uid_t uid)
item->k.uid = uid; item->k.uid = uid;
/* item->d.pw = NULL; */ /* item->d.pw = NULL; */
} }
if (rbinsert(pwcache_byuid, item) != NULL) if (rbinsert(pwcache_byuid, item) != NULL) {
fatalx(U_("unable to cache uid %u, already exists"), /* should not happen */
warningx(U_("unable to cache uid %u, already exists"),
(unsigned int) uid); (unsigned int) uid);
item->refcnt = 0;
}
#ifdef HAVE_SETAUTHDB #ifdef HAVE_SETAUTHDB
aix_restoreauthdb(); aix_restoreauthdb();
#endif #endif
@@ -186,8 +189,11 @@ sudo_getpwnam(const char *name)
memcpy(item->k.name, name, len); memcpy(item->k.name, name, len);
/* item->d.pw = NULL; */ /* item->d.pw = NULL; */
} }
if (rbinsert(pwcache_byname, item) != NULL) if (rbinsert(pwcache_byname, item) != NULL) {
fatalx(U_("unable to cache user %s, already exists"), name); /* should not happen */
warningx(U_("unable to cache user %s, already exists"), name);
item->refcnt = 0;
}
#ifdef HAVE_SETAUTHDB #ifdef HAVE_SETAUTHDB
aix_restoreauthdb(); aix_restoreauthdb();
#endif #endif
@@ -389,9 +395,12 @@ sudo_getgrgid(gid_t gid)
item->k.gid = gid; item->k.gid = gid;
/* item->d.gr = NULL; */ /* item->d.gr = NULL; */
} }
if (rbinsert(grcache_bygid, item) != NULL) if (rbinsert(grcache_bygid, item) != NULL) {
fatalx(U_("unable to cache gid %u, already exists"), /* should not happen */
warningx(U_("unable to cache gid %u, already exists"),
(unsigned int) gid); (unsigned int) gid);
item->refcnt = 0;
}
done: done:
item->refcnt++; item->refcnt++;
debug_return_ptr(item->d.gr); debug_return_ptr(item->d.gr);
@@ -425,8 +434,11 @@ sudo_getgrnam(const char *name)
memcpy(item->k.name, name, len); memcpy(item->k.name, name, len);
/* item->d.gr = NULL; */ /* item->d.gr = NULL; */
} }
if (rbinsert(grcache_byname, item) != NULL) if (rbinsert(grcache_byname, item) != NULL) {
fatalx(U_("unable to cache group %s, already exists"), name); /* should not happen */
warningx(U_("unable to cache group %s, already exists"), name);
item->refcnt = 0;
}
done: done:
item->refcnt++; item->refcnt++;
debug_return_ptr(item->d.gr); debug_return_ptr(item->d.gr);
@@ -588,15 +600,18 @@ sudo_get_grlist(const struct passwd *pw)
memcpy(item->k.name, pw->pw_name, len); memcpy(item->k.name, pw->pw_name, len);
/* item->d.grlist = NULL; */ /* item->d.grlist = NULL; */
} }
if (rbinsert(grlist_cache, item) != NULL) if (rbinsert(grlist_cache, item) != NULL) {
fatalx(U_("unable to cache group list for %s, already exists"), /* should not happen */
warningx(U_("unable to cache group list for %s, already exists"),
pw->pw_name); pw->pw_name);
item->refcnt = 0;
}
done: done:
item->refcnt++; item->refcnt++;
debug_return_ptr(item->d.grlist); debug_return_ptr(item->d.grlist);
} }
void int
sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids) sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids)
{ {
struct cache_item key, *item; struct cache_item key, *item;
@@ -608,13 +623,17 @@ sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids)
*/ */
key.k.name = pw->pw_name; key.k.name = pw->pw_name;
if ((node = rbfind(grlist_cache, &key)) == NULL) { if ((node = rbfind(grlist_cache, &key)) == NULL) {
if ((item = sudo_make_grlist_item(pw, groups, gids)) == NULL) if ((item = sudo_make_grlist_item(pw, groups, gids)) == NULL) {
fatalx(U_("unable to parse groups for %s"), pw->pw_name); warningx(U_("unable to parse groups for %s"), pw->pw_name);
if (rbinsert(grlist_cache, item) != NULL) debug_return_int(-1);
fatalx(U_("unable to cache group list for %s, already exists"), }
if (rbinsert(grlist_cache, item) != NULL) {
warningx(U_("unable to cache group list for %s, already exists"),
pw->pw_name); pw->pw_name);
sudo_grlist_delref_item(item);
}
} }
debug_return; debug_return_int(0);
} }
bool bool

3
plugins/sudoers/sudoers.h
View File

@@ -316,8 +316,7 @@ void sudo_grlist_addref(struct group_list *);
void sudo_grlist_delref(struct group_list *); void sudo_grlist_delref(struct group_list *);
void sudo_pw_addref(struct passwd *); void sudo_pw_addref(struct passwd *);
void sudo_pw_delref(struct passwd *); void sudo_pw_delref(struct passwd *);
void sudo_set_grlist(struct passwd *pw, char * const *groups, int sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids);
char * const *gids);
void sudo_setgrent(void); void sudo_setgrent(void);
void sudo_setpwent(void); void sudo_setpwent(void);
void sudo_setspent(void); void sudo_setspent(void);