mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity

Add group plugin that does lookups by name using the system group

Browse Source 
database.
This commit is contained in:
Todd C. Miller 2012-05-08 13:35:52 -04:00
parent 4455139d54
commit 994d2ff69a
6 changed files with 296 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.in
View File

@ -47,7 +47,7 @@ sudoers_mode = @SUDOERS_MODE@
SUBDIRS = compat common @ZLIB_SRC@ plugins/sudoers src include doc SUBDIRS = compat common @ZLIB_SRC@ plugins/sudoers src include doc
SAMPLES = plugins/sample plugins/sample_group SAMPLES = plugins/sample plugins/sample_group plugins/system_group
VERSION = @PACKAGE_VERSION@ VERSION = @PACKAGE_VERSION@
PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_TARNAME = @PACKAGE_TARNAME@

3
configure vendored
View File

@ -20162,7 +20162,7 @@ test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
ac_config_files="$ac_config_files Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers" ac_config_files="$ac_config_files Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
cat >confcache <<\_ACEOF cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure # This file is a shell script that caches the results of configure
@ -21165,6 +21165,7 @@ do
"src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;; "plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;;
"plugins/sample_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample_group/Makefile" ;; "plugins/sample_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample_group/Makefile" ;;
"plugins/system_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/system_group/Makefile" ;;
"plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;; "plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;;
"plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;; "plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;;

2
configure.in
View File

@ -3267,7 +3267,7 @@ dnl
dnl Substitute into the Makefile and man pages dnl Substitute into the Makefile and man pages
dnl dnl
dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h]) dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT AC_OUTPUT
dnl dnl

126
plugins/system_group/Makefile.in Normal file
View File

@ -0,0 +1,126 @@
#
# Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# @configure_input@
#
#### Start of system configuration section. ####
srcdir = @srcdir@
devdir = @devdir@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
incdir = $(top_srcdir)/include
# Compiler & tools to use
CC = @CC@
LIBTOOL = @LIBTOOL@ @LT_STATIC@
# Our install program supports extra flags...
INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
# Libraries
LIBS = $(LIBOBJDIR)/libreplace.la
# C preprocessor flags
CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@
# Usually -O and/or -g
CFLAGS = @CFLAGS@
# Flags to pass to the link stage
LDFLAGS = @LDFLAGS@
LTLDFLAGS = @LTLDFLAGS@
# Where to install things...
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
sysconfdir = @sysconfdir@
libexecdir = @libexecdir@
datarootdir = @datarootdir@
localstatedir = @localstatedir@
plugindir = @PLUGINDIR@
soext = @SOEXT@
# OS dependent defines
DEFS = @OSDEFS@
#### End of system configuration section. ####
SHELL = @SHELL@
OBJS = system_group.lo
LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/
VERSION = @PACKAGE_VERSION@
all: system_group.la
Makefile: $(srcdir)/Makefile.in
(cd $(top_builddir) && ./config.status --file plugins/system_group/Makefile)
.SUFFIXES: .o .c .h .lo
.c.lo:
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $<
system_group.la: $(OBJS)
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LTLDFLAGS) -o $@ $(OBJS) $(LIBS) -module -export-symbols $(srcdir)/system_group.sym -avoid-version -rpath $(plugindir)
pre-install:
install: install-plugin
install-dirs:
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir)
install-binaries:
install-includes:
install-doc:
install-plugin: install-dirs system_group.la
$(INSTALL) -b~ -m 0755 .libs/system_group$(soext) $(DESTDIR)$(plugindir)
uninstall:
-rm -f $(DESTDIR)$(plugindir)/system_group$(soext)
check:
clean:
-$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.*
mostlyclean: clean
distclean: clean
-rm -rf Makefile .libs
clobber: distclean
realclean: distclean
rm -f TAGS tags
cleandir: realclean
# Autogenerated dependencies, do not modify
system_group.lo: $(srcdir)/system_group.c $(top_builddir)/config.h \
$(top_srcdir)/compat/stdbool.h $(incdir)/sudo_plugin.h \
$(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/system_group.c

165
plugins/system_group/system_group.c Normal file
View File

@ -0,0 +1,165 @@
/*
* Copyright (c) 2010, 2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <config.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif /* STDC_HEADERS */
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# include "compat/stdbool.h"
#endif /* HAVE_STDBOOL_H */
#ifdef HAVE_STRING_H
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
# include <memory.h>
# endif
# include <string.h>
#endif /* HAVE_STRING_H */
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#ifdef HAVE_DLOPEN
# include <dlfcn.h>
#else
# include "compat/dlfcn.h"
#endif
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <grp.h>
#include <pwd.h>
#include "sudo_plugin.h"
#include "missing.h"
#ifndef RTLD_DEFAULT
# define RTLD_DEFAULT NULL
#endif
/*
* Sudoers group plugin that does group name-based lookups using the system
* group database functions, similar to how sudo behaved prior to 1.7.3.
* This can be used on systems where lookups by group ID are problematic.
*/
static sudo_printf_t sudo_log;
typedef struct group * (*sysgroup_getgrnam_t)(const char *);
typedef struct group * (*sysgroup_getgrgid_t)(gid_t);
static sysgroup_getgrnam_t sysgroup_getgrnam;
static sysgroup_getgrgid_t sysgroup_getgrgid;
static bool need_setent;
static int
sysgroup_init(int version, sudo_printf_t sudo_printf, char *const argv[])
{
struct stat sb;
void *handle;
sudo_log = sudo_printf;
if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) {
sudo_log(SUDO_CONV_ERROR_MSG,
"sysgroup_group: incompatible major version %d, expected %d\n",
GROUP_API_VERSION_GET_MAJOR(version),
GROUP_API_VERSION_MAJOR);
return -1;
}
/* Share group cache with sudo if possible. */
handle = dlsym(RTLD_DEFAULT, "sudo_getgrnam");
if (handle != NULL) {
sysgroup_getgrnam = (sysgroup_getgrnam_t)handle;
} else {
sysgroup_getgrnam = (sysgroup_getgrnam_t)getgrnam;
need_setent = true;
}
handle = dlsym(RTLD_DEFAULT, "sudo_getgrgid");
if (handle != NULL) {
sysgroup_getgrgid = (sysgroup_getgrgid_t)handle;
} else {
sysgroup_getgrgid = (sysgroup_getgrgid_t)getgrgid;
need_setent = true;
}
if (need_setent)
setgrent();
return true;
}
static void
sysgroup_cleanup(void)
{
if (need_setent)
endgrent();
}
/*
* Returns true if "user" is a member of "group", else false.
*/
static int
sysgroup_query(const char *user, const char *group, const struct passwd *pwd)
{
char **member, *ep = '\0';
struct group *grp;
gid_t gid;
grp = sysgroup_getgrnam(group);
if (grp == NULL && group[0] == '#' && group[1] != '\0') {
long lval = strtol(group + 1, &ep, 10);
if (*ep == '\0') {
if ((lval != LONG_MAX && lval != LONG_MIN) || errno != ERANGE)
grp = sysgroup_getgrgid((gid_t)lval);
}
}
if (grp != NULL) {
for (member = grp->gr_mem; *member != NULL; member++) {
if (strcasecmp(user, *member) == 0) {
gr_delref(grp);
return true;
}
}
gr_delref(grp);
}
return false;
}
struct sudoers_group_plugin group_plugin = {
GROUP_API_VERSION,
sysgroup_init,
sysgroup_cleanup,
sysgroup_query
};

1
plugins/system_group/system_group.sym Normal file
View File

@ -0,0 +1 @@
group_plugin