From 2fdb4db339032e6016e37a1efe28414eab2fd633 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 9 Sep 2023 14:48:25 -0600
Subject: [PATCH] Wrap valid_shell and add to sudo_pwutil_set_backend().

This will make it possible to support a different getusershell()
implementation for testsudoers in the future.
---
 plugins/sudoers/cvtsudoers.c         | 5 +++--
 plugins/sudoers/pwutil.c             | 6 +++++-
 plugins/sudoers/pwutil.h             | 2 +-
 plugins/sudoers/pwutil_impl.c        | 3 +--
 plugins/sudoers/sudoers.h            | 3 ++-
 plugins/sudoers/testsudoers.c        | 2 +-
 plugins/sudoers/testsudoers_pwutil.h | 6 ++++++
 7 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index c4b4707f2..93700ed82 100644
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -343,7 +343,7 @@ main(int argc, char *argv[])
     /* Set pwutil backend to use the filter data. */
     if (conf->filter != NULL && !match_local) {
 	sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem,
-	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item);
+	    cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item, NULL);
     } else {
 	if (grfile != NULL)
 	    testsudoers_setgrfile(grfile);
@@ -353,7 +353,8 @@ main(int argc, char *argv[])
 	    pwfile ? testsudoers_make_pwitem : NULL,
 	    grfile ? testsudoers_make_gritem : NULL,
 	    grfile ? testsudoers_make_gidlist_item : NULL,
-	    grfile ? testsudoers_make_grlist_item : NULL);
+	    grfile ? testsudoers_make_grlist_item : NULL,
+	    NULL);
     }
 
     /* We may need the hostname to resolve %h escapes in include files. */
diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c
index 6a220fc0f..015cd0d7a 100644
--- a/plugins/sudoers/pwutil.c
+++ b/plugins/sudoers/pwutil.c
@@ -67,6 +67,7 @@ static sudo_make_pwitem_t make_pwitem = sudo_make_pwitem;
 static sudo_make_gritem_t make_gritem = sudo_make_gritem;
 static sudo_make_gidlist_item_t make_gidlist_item = sudo_make_gidlist_item;
 static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
+static sudo_valid_shell_t valid_shell = sudo_valid_shell;
 
 #define cmp_grnam	cmp_pwnam
 
@@ -88,7 +89,8 @@ static sudo_make_grlist_item_t make_grlist_item = sudo_make_grlist_item;
  */
 void
 sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
-    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item)
+    sudo_make_gidlist_item_t gidlist_item, sudo_make_grlist_item_t grlist_item,
+    sudo_valid_shell_t check_shell)
 {
     debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS);
 
@@ -100,6 +102,8 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
 	make_gidlist_item = gidlist_item;
     if (grlist_item != NULL)
 	make_grlist_item = grlist_item;
+    if (check_shell != NULL)
+	valid_shell = check_shell;
 
     debug_return;
 }
diff --git a/plugins/sudoers/pwutil.h b/plugins/sudoers/pwutil.h
index c91714961..ac80580ed 100644
--- a/plugins/sudoers/pwutil.h
+++ b/plugins/sudoers/pwutil.h
@@ -73,6 +73,6 @@ struct cache_item *sudo_make_gritem(gid_t gid, const char *group);
 struct cache_item *sudo_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *sudo_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *sudo_make_pwitem(uid_t uid, const char *user);
-bool valid_shell(const char *shell);
+bool sudo_valid_shell(const char *shell);
 
 #endif /* SUDOERS_PWUTIL_H */
diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c
index 87c9a78cd..ebdd1b800 100644
--- a/plugins/sudoers/pwutil_impl.c
+++ b/plugins/sudoers/pwutil_impl.c
@@ -454,7 +454,7 @@ again:
  * Returns true if the specified shell is allowed by /etc/shells, else false.
  */
 bool
-valid_shell(const char *shell)
+PREFIX(valid_shell)(const char *shell)
 {
     const char *entry;
     debug_decl(valid_shell, SUDOERS_DEBUG_NSS);
@@ -471,4 +471,3 @@ valid_shell(const char *shell)
 
     debug_return_bool(false);
 }
-
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 7deb34001..8a53593b1 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -344,6 +344,7 @@ typedef struct cache_item * (*sudo_make_pwitem_t)(uid_t uid, const char *user);
 typedef struct cache_item * (*sudo_make_gritem_t)(gid_t gid, const char *group);
 typedef struct cache_item * (*sudo_make_gidlist_item_t)(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 typedef struct cache_item * (*sudo_make_grlist_item_t)(const struct passwd *pw, char * const *groups);
+typedef bool (*sudo_valid_shell_t)(const char *shell);
 sudo_dso_public struct group *sudo_getgrgid(gid_t);
 sudo_dso_public struct group *sudo_getgrnam(const char *);
 sudo_dso_public void sudo_gr_addref(struct group *);
@@ -370,7 +371,7 @@ int  sudo_set_gidlist(struct passwd *pw, int ngids, GETGROUPS_T *gids, char * co
 int  sudo_set_grlist(struct passwd *pw, char * const *groups);
 int  sudo_pwutil_get_max_groups(void);
 void sudo_pwutil_set_max_groups(int);
-void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t);
+void sudo_pwutil_set_backend(sudo_make_pwitem_t, sudo_make_gritem_t, sudo_make_gidlist_item_t, sudo_make_grlist_item_t, sudo_valid_shell_t);
 void sudo_setspent(void);
 bool user_shell_valid(const struct passwd *pw);
 
diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c
index 8ae25b6c3..4a8d4ee09 100644
--- a/plugins/sudoers/testsudoers.c
+++ b/plugins/sudoers/testsudoers.c
@@ -235,7 +235,7 @@ main(int argc, char *argv[])
 	/* Use custom passwd/group backend. */
 	sudo_pwutil_set_backend(testsudoers_make_pwitem,
 	    testsudoers_make_gritem, testsudoers_make_gidlist_item,
-	    testsudoers_make_grlist_item);
+	    testsudoers_make_grlist_item, testsudoers_valid_shell);
     }
 
     if (argc < 2) {
diff --git a/plugins/sudoers/testsudoers_pwutil.h b/plugins/sudoers/testsudoers_pwutil.h
index 11d9d975b..b87d7a6f6 100644
--- a/plugins/sudoers/testsudoers_pwutil.h
+++ b/plugins/sudoers/testsudoers_pwutil.h
@@ -21,6 +21,11 @@
 
 #include <config.h>
 
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
 #include <grp.h>
 #include <pwd.h>
 
@@ -28,5 +33,6 @@ struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
 struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
 struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, int ngids, GETGROUPS_T *gids, char * const *gidstrs, unsigned int type);
 struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
+bool testsudoers_valid_shell(const char *shell);
 
 #endif /* TESTSUDOERS_PWUTIL_H */