Add struct sudoers_runas_context and move runas-specific bits into it.

plugins/sudoers/check.c

@@ -197,17 +197,17 @@ check_user(unsigned int validated, unsigned int mode)
 	ret = true;
 	goto done;
     }
-    if (user_ctx.uid == 0 || (user_ctx.uid == user_ctx.runas_pw->pw_uid &&
-	(user_ctx.runas_gr == NULL ||
-	user_in_group(user_ctx.pw, user_ctx.runas_gr->gr_name)))) {
+    if (user_ctx.uid == 0 || (user_ctx.uid == runas_ctx.pw->pw_uid &&
+	(runas_ctx.gr == NULL ||
+	user_in_group(user_ctx.pw, runas_ctx.gr->gr_name)))) {
 #ifdef HAVE_SELINUX
-	if (user_ctx.role == NULL && user_ctx.type == NULL)
+	if (runas_ctx.role == NULL && runas_ctx.type == NULL)
 #endif
 #ifdef HAVE_APPARMOR
-	if (user_ctx.apparmor_profile == NULL)
+	if (runas_ctx.apparmor_profile == NULL)
 #endif
 #ifdef HAVE_PRIV_SET
-	if (user_ctx.privs == NULL && user_ctx.limitprivs == NULL)
+	if (runas_ctx.privs == NULL && runas_ctx.limitprivs == NULL)
 #endif
 	{
 	    sudo_debug_printf(SUDO_DEBUG_INFO,
@@ -338,7 +338,7 @@ user_is_exempt(void)
 /*
  * Get passwd entry for the user we are going to authenticate as.
  * By default, this is the user invoking sudo.  In the most common
- * case, this matches user_ctx.pw or user_ctx.runas_pw.
+ * case, this matches user_ctx.pw or runas_ctx.pw.
  */
 static struct passwd *
 get_authpw(unsigned int mode)
@@ -361,13 +361,13 @@ get_authpw(unsigned int mode)
 		    N_("unknown user %s"), def_runas_default);
 	    }
 	} else if (def_targetpw) {
-	    if (user_ctx.runas_pw->pw_name == NULL) {
+	    if (runas_ctx.pw->pw_name == NULL) {
 		/* This should never be NULL as we fake up the passwd struct */
 		log_warningx(SLOG_RAW_MSG, N_("unknown uid %u"),
-		    (unsigned int) user_ctx.runas_pw->pw_uid);
+		    (unsigned int) runas_ctx.pw->pw_uid);
 	    } else {
-		sudo_pw_addref(user_ctx.runas_pw);
-		pw = user_ctx.runas_pw;
+		sudo_pw_addref(runas_ctx.pw);
+		pw = runas_ctx.pw;
 	    }
 	} else {
 	    sudo_pw_addref(user_ctx.pw);