diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c index 6c6821b6d..400d592ba 100644 --- a/plugins/sudoers/audit.c +++ b/plugins/sudoers/audit.c @@ -355,7 +355,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type, ret = false; if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) - uuid_str = sudo_user.uuid_str; + uuid_str = user_ctx.uuid_str; audit_to_eventlog(&evlog, command_info, run_argv, run_envp, uuid_str); if (!log_allowed(&evlog) && !def_ignore_logfile_errors) diff --git a/plugins/sudoers/callbacks.c b/plugins/sudoers/callbacks.c index 3894f814d..727701d89 100644 --- a/plugins/sudoers/callbacks.c +++ b/plugins/sudoers/callbacks.c @@ -409,7 +409,7 @@ cb_intercept_type(const char *file, int line, int column, /* Set explicitly in sudoers. */ if (sd_un->tuple == dso) { /* Reset intercept_allow_setid default value. */ - if (!ISSET(sudo_user.flags, USER_INTERCEPT_SETID)) + if (!ISSET(user_ctx.flags, USER_INTERCEPT_SETID)) def_intercept_allow_setid = false; } } @@ -426,7 +426,7 @@ cb_intercept_allow_setid(const char *file, int line, int column, /* Operator will be -1 if set by front-end. */ if (op != -1) { /* Set explicitly in sudoers. */ - SET(sudo_user.flags, USER_INTERCEPT_SETID); + SET(user_ctx.flags, USER_INTERCEPT_SETID); } debug_return_bool(true); diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index be0cd7f75..50785f758 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -197,7 +197,7 @@ check_user(unsigned int validated, unsigned int mode) goto done; } if (user_uid == 0 || (user_uid == runas_pw->pw_uid && - (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))) { + (!runas_gr || user_in_group(user_ctx.pw, runas_gr->gr_name)))) { #ifdef HAVE_SELINUX if (user_role == NULL && user_type == NULL) #endif @@ -327,7 +327,7 @@ user_is_exempt(void) debug_decl(user_is_exempt, SUDOERS_DEBUG_AUTH); if (def_exempt_group) { - if (user_in_group(sudo_user.pw, def_exempt_group)) + if (user_in_group(user_ctx.pw, def_exempt_group)) ret = true; } debug_return_bool(ret); @@ -336,7 +336,7 @@ user_is_exempt(void) /* * Get passwd entry for the user we are going to authenticate as. * By default, this is the user invoking sudo. In the most common - * case, this matches sudo_user.pw or runas_pw. + * case, this matches user_ctx.pw or runas_pw. */ static struct passwd * get_authpw(unsigned int mode) @@ -346,8 +346,8 @@ get_authpw(unsigned int mode) if (ISSET(mode, (MODE_CHECK|MODE_LIST))) { /* In list mode we always prompt for the user's password. */ - sudo_pw_addref(sudo_user.pw); - pw = sudo_user.pw; + sudo_pw_addref(user_ctx.pw); + pw = user_ctx.pw; } else { if (def_rootpw) { if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) { @@ -368,8 +368,8 @@ get_authpw(unsigned int mode) pw = runas_pw; } } else { - sudo_pw_addref(sudo_user.pw); - pw = sudo_user.pw; + sudo_pw_addref(user_ctx.pw); + pw = user_ctx.pw; } } diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 7b41c0a68..8dd278212 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -61,7 +61,7 @@ * Globals */ struct cvtsudoers_filter *filters; -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; static FILE *logfp; static const char short_opts[] = "b:c:d:ef:hi:I:l:m:Mo:O:pP:s:V"; diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 28c1ab04a..03b2d2b82 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -706,7 +706,7 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree, case DEFAULTS: debug_return_bool(true); case DEFAULTS_USER: - if (userlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW) + if (userlist_matches(parse_tree, user_ctx.pw, &d->binding->members) == ALLOW) debug_return_bool(true); break; case DEFAULTS_RUNAS: @@ -714,7 +714,7 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree, debug_return_bool(true); break; case DEFAULTS_HOST: - if (hostlist_matches(parse_tree, sudo_user.pw, &d->binding->members) == ALLOW) + if (hostlist_matches(parse_tree, user_ctx.pw, &d->binding->members) == ALLOW) debug_return_bool(true); break; case DEFAULTS_CMND: diff --git a/plugins/sudoers/display.c b/plugins/sudoers/display.c index 48ba0b8c1..5e8ec765f 100644 --- a/plugins/sudoers/display.c +++ b/plugins/sudoers/display.c @@ -459,7 +459,7 @@ display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose) struct stat sb; debug_decl(display_privs, SUDOERS_DEBUG_PARSER); - cols = sudo_user.cols; + cols = user_ctx.cols; if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) cols = 0; sudo_lbuf_init(&def_buf, output, 4, NULL, cols); diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 649983d8c..c6442020a 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -156,7 +156,7 @@ log_server_reject(struct eventlog *evlog, const char *message) debug_return_bool(false); /* Open connection to log server, send hello and reject messages. */ - client_closure = log_server_open(&details, &sudo_user.submit_time, + client_closure = log_server_open(&details, &user_ctx.submit_time, false, SEND_REJECT, message); if (client_closure != NULL) { client_closure_free(client_closure); @@ -256,7 +256,7 @@ log_reject(const char *message, bool logit, bool mailit) debug_decl(log_reject, SUDOERS_DEBUG_LOGGING); if (!ISSET(sudo_mode, MODE_POLICY_INTERCEPTED)) - uuid_str = sudo_user.uuid_str; + uuid_str = user_ctx.uuid_str; if (mailit) { SET(evl_flags, EVLOG_MAIL); @@ -604,7 +604,7 @@ log_exit_status(int status) ret = false; goto done; } - sudo_timespecsub(&run_time, &sudo_user.submit_time, &run_time); + sudo_timespecsub(&run_time, &user_ctx.submit_time, &run_time); if (WIFEXITED(status)) { exit_value = WEXITSTATUS(status); @@ -625,7 +625,7 @@ log_exit_status(int status) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); sudoers_to_eventlog(&evlog, saved_cmnd, saved_argv, env_get(), - sudo_user.uuid_str); + user_ctx.uuid_str); if (def_mail_always) { SET(evl_flags, EVLOG_MAIL); if (!def_log_exit_status) @@ -728,7 +728,7 @@ vlog_warning(unsigned int flags, int errnum, const char * restrict fmt, SET(evl_flags, EVLOG_MAIL_ONLY); } sudoers_to_eventlog(&evlog, safe_cmnd, NewArgv, env_get(), - sudo_user.uuid_str); + user_ctx.uuid_str); if (!eventlog_alert(&evlog, evl_flags, &now, message, errstr)) ret = false; if (!log_server_alert(&evlog, &now, message, errstr)) @@ -843,7 +843,7 @@ mail_parse_errors(void) goto done; } sudoers_to_eventlog(&evlog, safe_cmnd, NewArgv, env_get(), - sudo_user.uuid_str); + user_ctx.uuid_str); /* Convert parse_error_list to a string vector. */ n = 0; @@ -955,12 +955,12 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd, debug_decl(sudoers_to_eventlog, SUDOERS_DEBUG_LOGGING); /* We rely on the reference held by the group cache. */ - if ((grp = sudo_getgrgid(sudo_user.pw->pw_gid)) != NULL) + if ((grp = sudo_getgrgid(user_ctx.pw->pw_gid)) != NULL) sudo_gr_delref(grp); memset(evlog, 0, sizeof(*evlog)); - evlog->iolog_file = sudo_user.iolog_file; - evlog->iolog_path = sudo_user.iolog_path; + evlog->iolog_file = user_ctx.iolog_file; + evlog->iolog_path = user_ctx.iolog_path; evlog->command = cmnd ? (char *)cmnd : (argv ? argv[0] : NULL); evlog->cwd = user_cwd; if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) { @@ -973,19 +973,19 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd, } else { evlog->runcwd = user_cwd; } - evlog->rungroup = runas_gr ? runas_gr->gr_name : sudo_user.runas_group; - evlog->source = sudo_user.source; + evlog->rungroup = runas_gr ? runas_gr->gr_name : user_ctx.runas_group; + evlog->source = user_ctx.source; evlog->submithost = user_host; evlog->submituser = user_name; if (grp != NULL) evlog->submitgroup = grp->gr_name; evlog->ttyname = user_ttypath; evlog->argv = (char **)argv; - evlog->env_add = (char **)sudo_user.env_vars; + evlog->env_add = (char **)user_ctx.env_vars; evlog->envp = (char **)envp; - evlog->submit_time = sudo_user.submit_time; - evlog->lines = sudo_user.lines; - evlog->columns = sudo_user.cols; + evlog->submit_time = user_ctx.submit_time; + evlog->lines = user_ctx.lines; + evlog->columns = user_ctx.cols; if (runas_pw != NULL) { evlog->rungid = runas_pw->pw_gid; evlog->runuid = runas_pw->pw_uid; @@ -993,7 +993,7 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd, } else { evlog->rungid = (gid_t)-1; evlog->runuid = (uid_t)-1; - evlog->runuser = sudo_user.runas_user; + evlog->runuser = user_ctx.runas_user; } if (uuid_str == NULL) { unsigned char uuid[16]; @@ -1009,7 +1009,7 @@ sudoers_to_eventlog(struct eventlog *evlog, const char *cmnd, if (sudo_gettime_real(&now) == -1) { sudo_warn("%s", U_("unable to get time of day")); } else { - sudo_timespecsub(&now, &sudo_user.submit_time, &evlog->iolog_offset); + sudo_timespecsub(&now, &user_ctx.submit_time, &evlog->iolog_offset); } } diff --git a/plugins/sudoers/lookup.c b/plugins/sudoers/lookup.c index 895d4ed47..737566aed 100644 --- a/plugins/sudoers/lookup.c +++ b/plugins/sudoers/lookup.c @@ -291,13 +291,13 @@ sudoers_lookup_check(struct sudo_nss *nss, struct passwd *pw, if (cmnd_match != UNSPEC) { /* * If user is running command as themselves, - * set runas_pw = sudo_user.pw. + * set runas_pw = user_ctx.pw. * XXX - hack, want more general solution */ if (matching_user && matching_user->type == MYSELF) { sudo_pw_delref(runas_pw); - sudo_pw_addref(sudo_user.pw); - runas_pw = sudo_user.pw; + sudo_pw_addref(user_ctx.pw); + runas_pw = user_ctx.pw; } *matching_cs = cs; *defs = &priv->defaults; diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index c4ecae31f..2eeb1d93c 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -135,7 +135,7 @@ runas_getgroups(void) } /* Only use results from a group db query, not the front end. */ - pw = runas_pw ? runas_pw : sudo_user.pw; + pw = runas_pw ? runas_pw : user_ctx.pw; debug_return_ptr(sudo_get_gidlist(pw, ENTRY_TYPE_QUERIED)); } @@ -193,8 +193,8 @@ runas_userlist_matches(const struct sudoers_parse_tree *parse_tree, * was specified on the command line without a user _or_ * the user specified their own name on the command line. */ - if ((!ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) && - ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) || + if ((!ISSET(user_ctx.flags, RUNAS_USER_SPECIFIED) && + ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) || strcmp(user_name, runas_pw->pw_name) == 0) user_matched = !m->negated; break; @@ -303,7 +303,7 @@ runaslist_matches(const struct sudoers_parse_tree *parse_tree, } user_matched = runas_userlist_matches(parse_tree, user_list, matching_user); - if (ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) { + if (ISSET(user_ctx.flags, RUNAS_GROUP_SPECIFIED)) { group_matched = runas_grouplist_matches(parse_tree, group_list, matching_group); } diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 8ffabc91e..423dc17a4 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -91,7 +91,7 @@ parse_bool(const char *line, int varlen, unsigned int *flags, unsigned int fval) /* * Deserialize args, settings and user_info arrays. - * Fills in struct sudo_user and other common sudoers state. + * Fills in struct sudoers_user_context and other common sudoers state. */ unsigned int sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) @@ -119,7 +119,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) } \ } while (0) - if (sudo_gettime_real(&sudo_user.submit_time) == -1) { + if (sudo_gettime_real(&user_ctx.submit_time) == -1) { sudo_warn("%s", U_("unable to get time of day")); goto bad; } @@ -183,7 +183,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) sudoers_conf.sudoers_path = path_sudoers; /* Parse command line settings. */ - sudo_user.flags = 0; + user_ctx.flags = 0; user_closefrom = -1; sudoedit_nfiles = 0; sudo_mode = 0; @@ -218,14 +218,14 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) } if (MATCHES(*cur, "runas_user=")) { CHECK(*cur, "runas_user="); - sudo_user.runas_user = *cur + sizeof("runas_user=") - 1; - SET(sudo_user.flags, RUNAS_USER_SPECIFIED); + user_ctx.runas_user = *cur + sizeof("runas_user=") - 1; + SET(user_ctx.flags, RUNAS_USER_SPECIFIED); continue; } if (MATCHES(*cur, "runas_group=")) { CHECK(*cur, "runas_group="); - sudo_user.runas_group = *cur + sizeof("runas_group=") - 1; - SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + user_ctx.runas_group = *cur + sizeof("runas_group=") - 1; + SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED); continue; } if (MATCHES(*cur, "prompt=")) { @@ -303,13 +303,13 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) continue; } if (MATCHES(*cur, "intercept_ptrace=")) { - if (parse_bool(*cur, sizeof("intercept_ptrace") - 1, &sudo_user.flags, + if (parse_bool(*cur, sizeof("intercept_ptrace") - 1, &user_ctx.flags, HAVE_INTERCEPT_PTRACE) == -1) goto bad; continue; } if (MATCHES(*cur, "intercept_setid=")) { - if (parse_bool(*cur, sizeof("intercept_setid") - 1, &sudo_user.flags, + if (parse_bool(*cur, sizeof("intercept_setid") - 1, &user_ctx.flags, CAN_INTERCEPT_SETID) == -1) goto bad; continue; @@ -361,8 +361,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "max_groups=")) { errno = 0; p = *cur + sizeof("max_groups=") - 1; - sudo_user.max_groups = (int)sudo_strtonum(p, 1, 1024, &errstr); - if (sudo_user.max_groups == 0) { + user_ctx.max_groups = (int)sudo_strtonum(p, 1, 1024, &errstr); + if (user_ctx.max_groups == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } @@ -473,8 +473,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "lines=")) { errno = 0; p = *cur + sizeof("lines=") - 1; - sudo_user.lines = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); - if (sudo_user.lines == 0) { + user_ctx.lines = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); + if (user_ctx.lines == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } @@ -483,8 +483,8 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) if (MATCHES(*cur, "cols=")) { errno = 0; p = *cur + sizeof("cols=") - 1; - sudo_user.cols = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); - if (sudo_user.cols == 0) { + user_ctx.cols = (int)sudo_strtonum(p, 1, INT_MAX, &errstr); + if (user_ctx.cols == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } @@ -510,7 +510,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) } if (MATCHES(*cur, "umask=")) { p = *cur + sizeof("umask=") - 1; - sudo_user.umask = sudo_strtomode(p, &errstr); + user_ctx.umask = sudo_strtomode(p, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; @@ -581,7 +581,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) /* Create a UUID to store in the event log. */ sudo_uuid_create(uuid); - if (sudo_uuid_to_string(uuid, sudo_user.uuid_str, sizeof(sudo_user.uuid_str)) == NULL) { + if (sudo_uuid_to_string(uuid, user_ctx.uuid_str, sizeof(user_ctx.uuid_str)) == NULL) { sudo_warnx("%s", U_("unable to generate UUID")); goto bad; } @@ -590,11 +590,11 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) * Set intercept defaults based on flags set above. * We pass -1 as the operator to indicate it is set by the front end. */ - if (ISSET(sudo_user.flags, HAVE_INTERCEPT_PTRACE)) { + if (ISSET(user_ctx.flags, HAVE_INTERCEPT_PTRACE)) { if (!append_default("intercept_type", "trace", -1, NULL, defaults)) goto oom; } - if (ISSET(sudo_user.flags, CAN_INTERCEPT_SETID)) { + if (ISSET(user_ctx.flags, CAN_INTERCEPT_SETID)) { if (!append_default("intercept_allow_setid", NULL, -1, NULL, defaults)) goto oom; } @@ -1002,8 +1002,8 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], if ((command_info[info_len++] = sudo_new_key_val("rlimit_stack", def_rlimit_stack)) == NULL) goto oom; } - if (sudo_user.source != NULL) { - command_info[info_len] = sudo_new_key_val("source", sudo_user.source); + if (user_ctx.source != NULL) { + command_info[info_len] = sudo_new_key_val("source", user_ctx.source); if (command_info[info_len++] == NULL) goto oom; } @@ -1139,7 +1139,7 @@ sudoers_policy_close(int exit_status, int error_code) /* Free stashed copy of the environment. */ (void)env_init(NULL); - /* Free sudoers sources, sudo_user and passwd/group caches. */ + /* Free sudoers sources, user_ctx and passwd/group caches. */ sudoers_cleanup(); /* command_info was freed by the g/c code. */ diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c index a940ebcf6..4c361b429 100644 --- a/plugins/sudoers/pwutil_impl.c +++ b/plugins/sudoers/pwutil_impl.c @@ -264,7 +264,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, * Ignore supplied gids if the entry type says we must query the group db. */ if (type != ENTRY_TYPE_QUERIED && (gidstrs != NULL || - (pw == sudo_user.pw && sudo_user.gids != NULL))) { + (pw == user_ctx.pw && user_ctx.gids != NULL))) { if (gidstrs != NULL) { /* Use supplied gids list (string format). */ ngids = 1; @@ -290,7 +290,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, gids[ngids++] = gid; } } else { - /* Adopt sudo_user.gids. */ + /* Adopt user_ctx.gids. */ gids = user_gids; ngids = user_ngids; user_gids = NULL; @@ -299,8 +299,8 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, type = ENTRY_TYPE_FRONTEND; } else { type = ENTRY_TYPE_QUERIED; - if (sudo_user.max_groups > 0) { - ngids = sudo_user.max_groups; + if (user_ctx.max_groups > 0) { + ngids = user_ctx.max_groups; gids = reallocarray(NULL, (size_t)ngids, sizeof(GETGROUPS_T)); if (gids == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, @@ -309,7 +309,7 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs, } /* Clamp to max_groups if insufficient space for all groups. */ if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) - ngids = sudo_user.max_groups; + ngids = user_ctx.max_groups; } else { gids = NULL; if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) { diff --git a/plugins/sudoers/regress/exptilde/check_exptilde.c b/plugins/sudoers/regress/exptilde/check_exptilde.c index 10d8ca5d4..f3fc78f2e 100644 --- a/plugins/sudoers/regress/exptilde/check_exptilde.c +++ b/plugins/sudoers/regress/exptilde/check_exptilde.c @@ -31,7 +31,7 @@ #include -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct test_data { const char *input; diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c index c77542d2b..70a5d2127 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -49,7 +49,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); static const char *orig_cmnd; /* Required to link with parser. */ -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; sudo_conv_t sudo_conv = fuzz_conversation; sudo_printf_t sudo_printf = fuzz_printf; @@ -326,10 +326,10 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) /* Invoking user. */ user_name = (char *)ud->user; - if (sudo_user.pw != NULL) - sudo_pw_delref(sudo_user.pw); - sudo_user.pw = sudo_getpwnam(user_name); - if (sudo_user.pw == NULL) { + if (user_ctx.pw != NULL) + sudo_pw_delref(user_ctx.pw); + user_ctx.pw = sudo_getpwnam(user_name); + if (user_ctx.pw == NULL) { sudo_warnx_nodebug("unknown user %s", user_name); continue; } @@ -338,16 +338,16 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (runas_pw != NULL) sudo_pw_delref(runas_pw); if (ud->runuser != NULL) { - sudo_user.runas_user = (char *)ud->runuser; - SET(sudo_user.flags, RUNAS_USER_SPECIFIED); - runas_pw = sudo_getpwnam(sudo_user.runas_user); + user_ctx.runas_user = (char *)ud->runuser; + SET(user_ctx.flags, RUNAS_USER_SPECIFIED); + runas_pw = sudo_getpwnam(user_ctx.runas_user); } else { - sudo_user.runas_user = NULL; - CLR(sudo_user.flags, RUNAS_USER_SPECIFIED); + user_ctx.runas_user = NULL; + CLR(user_ctx.flags, RUNAS_USER_SPECIFIED); runas_pw = sudo_getpwnam("root"); } if (runas_pw == NULL) { - sudo_warnx_nodebug("unknown run user %s", sudo_user.runas_user); + sudo_warnx_nodebug("unknown run user %s", user_ctx.runas_user); continue; } @@ -355,32 +355,32 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (runas_gr != NULL) sudo_gr_delref(runas_gr); if (ud->rungroup != NULL) { - sudo_user.runas_group = (char *)ud->rungroup; - SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); - runas_gr = sudo_getgrnam(sudo_user.runas_group); + user_ctx.runas_group = (char *)ud->rungroup; + SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED); + runas_gr = sudo_getgrnam(user_ctx.runas_group); if (runas_gr == NULL) { sudo_warnx_nodebug("unknown run group %s", - sudo_user.runas_group); + user_ctx.runas_group); continue; } } else { - sudo_user.runas_group = NULL; - CLR(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + user_ctx.runas_group = NULL; + CLR(user_ctx.flags, RUNAS_GROUP_SPECIFIED); runas_gr = NULL; } update_defaults(&parse_tree, NULL, SETDEF_ALL, false); - sudoers_lookup(&snl, sudo_user.pw, now, NULL, NULL, &cmnd_status, + sudoers_lookup(&snl, user_ctx.pw, now, NULL, NULL, &cmnd_status, false); /* Match again as a pseudo-command (list, validate, etc). */ - sudoers_lookup(&snl, sudo_user.pw, now, NULL, NULL, &cmnd_status, + sudoers_lookup(&snl, user_ctx.pw, now, NULL, NULL, &cmnd_status, true); /* Display privileges. */ - display_privs(&snl, sudo_user.pw, false); - display_privs(&snl, sudo_user.pw, true); + display_privs(&snl, user_ctx.pw, false); + display_privs(&snl, user_ctx.pw, true); } /* Expand tildes in runcwd and runchroot. */ @@ -403,8 +403,8 @@ done: fclose(fp); free_parse_tree(&parse_tree); reset_parser(); - if (sudo_user.pw != NULL) - sudo_pw_delref(sudo_user.pw); + if (user_ctx.pw != NULL) + sudo_pw_delref(user_ctx.pw); if (runas_pw != NULL) sudo_pw_delref(runas_pw); if (runas_gr != NULL) @@ -414,7 +414,7 @@ done: free(user_cmnd); free(safe_cmnd); free(list_cmnd); - memset(&sudo_user, 0, sizeof(sudo_user)); + memset(&user_ctx, 0, sizeof(user_ctx)); sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); sudoers_debug_deregister(); fflush(stdout); diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c index a83453959..0b49fd7c7 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c @@ -32,7 +32,7 @@ static int fuzz_printf(int msg_type, const char * restrict fmt, ...); int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); /* Required to link with parser. */ -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; sudo_printf_t sudo_printf = fuzz_printf; diff --git a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c index d90ae76ec..d856286a1 100644 --- a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c +++ b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c @@ -36,7 +36,7 @@ extern struct io_plugin sudoers_io; -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; sudo_printf_t sudo_printf; sudo_conv_t sudo_conv; @@ -385,15 +385,15 @@ main(int argc, char *argv[], char *envp[]) if ((tpw = getpwnam("root")) == NULL) sudo_fatalx("unable to look up uid 0 or root"); } - sudo_user._runas_pw = pw_dup(tpw); + user_ctx._runas_pw = pw_dup(tpw); /* Set invoking user. */ if ((tpw = getpwuid(geteuid())) == NULL) sudo_fatalx("unable to look up invoking user's uid"); - sudo_user.pw = pw_dup(tpw); + user_ctx.pw = pw_dup(tpw); /* Set iolog uid/gid to invoking user. */ - iolog_set_owner(sudo_user.pw->pw_uid, sudo_user.pw->pw_gid); + iolog_set_owner(user_ctx.pw->pw_uid, user_ctx.pw->pw_gid); test_endpoints(&tests, &errors, iolog_dir, envp); diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index e7cd0d613..9f4cd1871 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -754,8 +754,8 @@ sudo_sss_getdefs(const struct sudo_nss *nss) sudo_debug_printf(SUDO_DEBUG_DIAG, "Looking for cn=defaults"); /* NOTE: these are global defaults, user-ID and name are not used. */ - rc = handle->fn_send_recv_defaults(sudo_user.pw->pw_uid, - sudo_user.pw->pw_name, &sss_error, &handle->domainname, &sss_result); + rc = handle->fn_send_recv_defaults(user_ctx.pw->pw_uid, + user_ctx.pw->pw_name, &sss_error, &handle->domainname, &sss_result); switch (rc) { case 0: break; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 9f3c6935e..5ec4a85ca 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -79,7 +79,7 @@ static bool tty_present(void); /* * Globals */ -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; unsigned int sudo_mode; @@ -268,7 +268,7 @@ sudoers_init(void *info, sudoers_logger_t logger, char * const envp[]) } /* Set login class if applicable (after sudoers is parsed). */ - if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw)) + if (set_loginclass(runas_pw ? runas_pw : user_ctx.pw)) ret = true; cleanup: @@ -287,7 +287,7 @@ cleanup: /* * Expand I/O log dir and file into a full path. * Returns the full I/O log path prefixed with "iolog_path=". - * Sets sudo_user.iolog_file as a side effect. + * Sets user_ctx.iolog_file as a side effect. */ static char * format_iolog_path(void) @@ -316,8 +316,8 @@ format_iolog_path(void) } /* Stash pointer to the I/O log for the event log. */ - sudo_user.iolog_path = iolog_path + sizeof("iolog_path=") - 1; - sudo_user.iolog_file = sudo_user.iolog_path + 1 + strlen(dir); + user_ctx.iolog_path = iolog_path + sizeof("iolog_path=") - 1; + user_ctx.iolog_file = user_ctx.iolog_path + 1 + strlen(dir); done: debug_return_str(iolog_path); @@ -389,7 +389,7 @@ sudoers_check_common(int pwflag) */ time(&now); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); - validated = sudoers_lookup(snl, sudo_user.pw, now, cb_lookup, &match_info, + validated = sudoers_lookup(snl, user_ctx.pw, now, cb_lookup, &match_info, &cmnd_status, pwflag); sudoers_setlocale(oldlocale, NULL); if (ISSET(validated, VALIDATE_ERROR)) { @@ -398,15 +398,15 @@ sudoers_check_common(int pwflag) } if (match_info.us != NULL && match_info.us->file != NULL) { - free(sudo_user.source); + free(user_ctx.source); if (match_info.us->line != 0) { - if (asprintf(&sudo_user.source, "%s:%d:%d", match_info.us->file, + if (asprintf(&user_ctx.source, "%s:%d:%d", match_info.us->file, match_info.us->line, match_info.us->column) == -1) - sudo_user.source = NULL; + user_ctx.source = NULL; } else { - sudo_user.source = strdup(match_info.us->file); + user_ctx.source = strdup(match_info.us->file); } - if (sudo_user.source == NULL) { + if (user_ctx.source == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } @@ -515,16 +515,16 @@ sudoers_check_common(int pwflag) goto done; } - /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ + /* If run as root with SUDO_USER set, set user_ctx.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) { if (user_uid == 0 && strcmp(prev_user, "root") != 0) { struct passwd *pw; if ((pw = sudo_getpwnam(prev_user)) != NULL) { - if (sudo_user.pw != NULL) - sudo_pw_delref(sudo_user.pw); - sudo_user.pw = pw; + if (user_ctx.pw != NULL) + sudo_pw_delref(user_ctx.pw); + user_ctx.pw = pw; } } } @@ -584,7 +584,7 @@ sudoers_check_common(int pwflag) U_("sorry, you are not allowed to preserve the environment")); goto bad; } else { - if (!validate_env_vars(sudo_user.env_vars)) + if (!validate_env_vars(user_ctx.env_vars)) goto bad; } } @@ -643,7 +643,7 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[], /* Environment variables specified on the command line. */ if (env_add != NULL && env_add[0] != NULL) - sudo_user.env_vars = env_add; + user_ctx.env_vars = env_add; /* * Make a local copy of argc/argv, with special handling for the @@ -754,7 +754,7 @@ sudoers_check_cmnd(int argc, char * const argv[], char *env_add[], } /* Insert user-specified environment variables. */ - if (!insert_env_vars(sudo_user.env_vars)) { + if (!insert_env_vars(user_ctx.env_vars)) { sudo_warnx("%s", U_("error setting user-specified environment variables")); goto error; @@ -943,9 +943,9 @@ sudoers_list(int argc, char * const argv[], const char *list_user, bool verbose) goto done; if (ISSET(sudo_mode, MODE_CHECK)) - ret = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw, verbose); + ret = display_cmnd(snl, list_pw ? list_pw : user_ctx.pw, verbose); else - ret = display_privs(snl, list_pw ? list_pw : sudo_user.pw, verbose); + ret = display_privs(snl, list_pw ? list_pw : user_ctx.pw, verbose); done: mail_parse_errors(); @@ -970,7 +970,7 @@ done: } /* - * Initialize timezone and fill in sudo_user struct. + * Initialize timezone and fill in user_ctx. */ static bool init_vars(char * const envp[]) @@ -1015,8 +1015,8 @@ init_vars(char * const envp[]) * Get a local copy of the user's passwd struct and group list if we * don't already have them. */ - if (sudo_user.pw == NULL) { - if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) { + if (user_ctx.pw == NULL) { + if ((user_ctx.pw = sudo_getpwnam(user_name)) == NULL) { /* * It is not unusual for users to place "sudo -k" in a .logout * file which can cause sudo to be run during reboot after the @@ -1028,12 +1028,12 @@ init_vars(char * const envp[]) } /* Need to make a fake struct passwd for the call to log_warningx(). */ - sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); + user_ctx.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL); unknown_user = true; } } if (user_gid_list == NULL) - user_gid_list = sudo_get_gidlist(sudo_user.pw, ENTRY_TYPE_ANY); + user_gid_list = sudo_get_gidlist(user_ctx.pw, ENTRY_TYPE_ANY); /* Store initialize permissions so we can restore them later. */ if (!set_perms(PERM_INITIAL)) @@ -1053,15 +1053,15 @@ init_vars(char * const envp[]) * Note that if runas_group was specified without runas_user we * run the command as the invoking user. */ - if (sudo_user.runas_group != NULL) { - if (!set_runasgr(sudo_user.runas_group, false)) + if (user_ctx.runas_group != NULL) { + if (!set_runasgr(user_ctx.runas_group, false)) debug_return_bool(false); - if (!set_runaspw(sudo_user.runas_user ? - sudo_user.runas_user : user_name, false)) + if (!set_runaspw(user_ctx.runas_user ? + user_ctx.runas_user : user_name, false)) debug_return_bool(false); } else { - if (!set_runaspw(sudo_user.runas_user ? - sudo_user.runas_user : def_runas_default, false)) + if (!set_runaspw(user_ctx.runas_user ? + user_ctx.runas_user : def_runas_default, false)) debug_return_bool(false); } @@ -1483,7 +1483,7 @@ cb_runas_default(const char *file, int line, int column, debug_decl(cb_runas_default, SUDOERS_DEBUG_PLUGIN); /* Only reset runaspw if user didn't specify one. */ - if (sudo_user.runas_user == NULL && sudo_user.runas_group == NULL) + if (user_ctx.runas_user == NULL && user_ctx.runas_group == NULL) debug_return_bool(set_runaspw(sd_un->str, true)); debug_return_bool(true); } @@ -1515,7 +1515,7 @@ sudoers_cleanup(void) need_reinit = false; if (def_group_plugin) group_plugin_unload(); - sudo_user_free(); + sudoers_user_ctx_free(); sudo_freepwcache(); sudo_freegrcache(); canon_path_free_cache(); @@ -1552,16 +1552,16 @@ tty_present(void) } /* - * Free memory allocated for struct sudo_user. + * Free memory allocated for struct sudoers_user_context. */ void -sudo_user_free(void) +sudoers_user_ctx_free(void) { - debug_decl(sudo_user_free, SUDOERS_DEBUG_PLUGIN); + debug_decl(sudoers_user_ctx_free, SUDOERS_DEBUG_PLUGIN); /* Free remaining references to password and group entries. */ - if (sudo_user.pw != NULL) - sudo_pw_delref(sudo_user.pw); + if (user_ctx.pw != NULL) + sudo_pw_delref(user_ctx.pw); if (runas_pw != NULL) sudo_pw_delref(runas_pw); if (runas_gr != NULL) @@ -1569,7 +1569,7 @@ sudo_user_free(void) if (user_gid_list != NULL) sudo_gidlist_delref(user_gid_list); - /* Free dynamic contents of sudo_user. */ + /* Free dynamic contents of user_ctx. */ free(user_cwd); free(user_name); free(user_gids); @@ -1589,7 +1589,7 @@ sudo_user_free(void) free(list_cmnd); free(safe_cmnd); free(saved_cmnd); - free(sudo_user.source); + free(user_ctx.source); free(user_stat); #ifdef HAVE_SELINUX free(user_role); @@ -1602,7 +1602,7 @@ sudo_user_free(void) free(runas_privs); free(runas_limitprivs); #endif - memset(&sudo_user, 0, sizeof(sudo_user)); + memset(&user_ctx, 0, sizeof(user_ctx)); debug_return; } diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index b8dbec888..8e4891fcd 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -79,7 +79,7 @@ struct group_list { * Info pertaining to the invoking user. * XXX - can we embed struct eventlog here or use it instead? */ -struct sudo_user { +struct sudoers_user_context { struct timespec submit_time; struct passwd *pw; struct passwd *_runas_pw; @@ -149,7 +149,7 @@ struct sudo_user { #define ENTRY_TYPE_FRONTEND 0x02 /* - * sudo_user flag values + * user_ctx.flag values */ #define RUNAS_USER_SPECIFIED 0x01U #define RUNAS_GROUP_SPECIFIED 0x02U @@ -224,50 +224,50 @@ struct sudo_user { #define PERM_IOLOG 0x07 /* - * Shortcuts for sudo_user contents. + * Shortcuts for user_ctx contents. */ -#define user_name (sudo_user.name) -#define user_uid (sudo_user.uid) -#define user_gid (sudo_user.gid) -#define user_sid (sudo_user.sid) -#define user_tcpgid (sudo_user.tcpgid) -#define user_umask (sudo_user.umask) -#define user_passwd (sudo_user.pw->pw_passwd) -#define user_dir (sudo_user.pw->pw_dir) -#define user_gids (sudo_user.gids) -#define user_ngids (sudo_user.ngids) -#define user_gid_list (sudo_user.gid_list) -#define user_tty (sudo_user.tty) -#define user_ttypath (sudo_user.ttypath) -#define user_cwd (sudo_user.cwd) -#define user_cmnd (sudo_user.cmnd) -#define user_cmnd_dir (sudo_user.cmnd_dir) -#define user_args (sudo_user.cmnd_args) -#define user_base (sudo_user.cmnd_base) -#define user_stat (sudo_user.cmnd_stat) -#define user_path (sudo_user.path) -#define user_prompt (sudo_user.prompt) -#define user_host (sudo_user.host) -#define user_shost (sudo_user.shost) -#define user_runhost (sudo_user.runhost) -#define user_srunhost (sudo_user.srunhost) -#define user_ccname (sudo_user.krb5_ccname) -#define list_cmnd (sudo_user.cmnd_list) -#define safe_cmnd (sudo_user.cmnd_safe) -#define saved_cmnd (sudo_user.cmnd_saved) -#define cmnd_fd (sudo_user.execfd) -#define login_class (sudo_user.class_name) -#define runas_pw (sudo_user._runas_pw) -#define runas_gr (sudo_user._runas_gr) -#define user_role (sudo_user.role) -#define user_type (sudo_user.type) -#define user_apparmor_profile (sudo_user.apparmor_profile) -#define user_closefrom (sudo_user.closefrom) -#define runas_privs (sudo_user.privs) -#define runas_limitprivs (sudo_user.limitprivs) -#define user_timeout (sudo_user.timeout) -#define user_runchroot (sudo_user.runchroot) -#define user_runcwd (sudo_user.runcwd) +#define user_name (user_ctx.name) +#define user_uid (user_ctx.uid) +#define user_gid (user_ctx.gid) +#define user_sid (user_ctx.sid) +#define user_tcpgid (user_ctx.tcpgid) +#define user_umask (user_ctx.umask) +#define user_passwd (user_ctx.pw->pw_passwd) +#define user_dir (user_ctx.pw->pw_dir) +#define user_gids (user_ctx.gids) +#define user_ngids (user_ctx.ngids) +#define user_gid_list (user_ctx.gid_list) +#define user_tty (user_ctx.tty) +#define user_ttypath (user_ctx.ttypath) +#define user_cwd (user_ctx.cwd) +#define user_cmnd (user_ctx.cmnd) +#define user_cmnd_dir (user_ctx.cmnd_dir) +#define user_args (user_ctx.cmnd_args) +#define user_base (user_ctx.cmnd_base) +#define user_stat (user_ctx.cmnd_stat) +#define user_path (user_ctx.path) +#define user_prompt (user_ctx.prompt) +#define user_host (user_ctx.host) +#define user_shost (user_ctx.shost) +#define user_runhost (user_ctx.runhost) +#define user_srunhost (user_ctx.srunhost) +#define user_ccname (user_ctx.krb5_ccname) +#define list_cmnd (user_ctx.cmnd_list) +#define safe_cmnd (user_ctx.cmnd_safe) +#define saved_cmnd (user_ctx.cmnd_saved) +#define cmnd_fd (user_ctx.execfd) +#define login_class (user_ctx.class_name) +#define runas_pw (user_ctx._runas_pw) +#define runas_gr (user_ctx._runas_gr) +#define user_role (user_ctx.role) +#define user_type (user_ctx.type) +#define user_apparmor_profile (user_ctx.apparmor_profile) +#define user_closefrom (user_ctx.closefrom) +#define runas_privs (user_ctx.privs) +#define runas_limitprivs (user_ctx.limitprivs) +#define user_timeout (user_ctx.timeout) +#define user_runchroot (user_ctx.runchroot) +#define user_runcwd (user_ctx.runcwd) /* Default sudoers uid/gid/mode if not set by the Makefile. */ #ifndef SUDOERS_UID @@ -421,8 +421,8 @@ int sudoers_list(int argc, char *const argv[], const char *list_user, bool verbo int sudoers_validate_user(void); void sudoers_cleanup(void); bool sudoers_override_umask(void); -void sudo_user_free(void); -extern struct sudo_user sudo_user; +void sudoers_user_ctx_free(void); +extern struct sudoers_user_context user_ctx; extern struct passwd *list_pw; extern unsigned int sudo_mode; extern int sudoedit_nfiles; diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 72cd8f195..6688791d9 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -79,7 +79,7 @@ static int testsudoers_query(const struct sudo_nss *nss, struct passwd *pw); /* * Globals */ -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; static const char *orig_cmnd; static char *runas_group, *runas_user; @@ -149,7 +149,7 @@ main(int argc, char *argv[]) break; case 'g': runas_group = optarg; - SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + SET(user_ctx.flags, RUNAS_GROUP_SPECIFIED); break; case 'h': user_host = optarg; @@ -206,7 +206,7 @@ main(int argc, char *argv[]) break; case 'u': runas_user = optarg; - SET(sudo_user.flags, RUNAS_USER_SPECIFIED); + SET(user_ctx.flags, RUNAS_USER_SPECIFIED); break; case 'v': if (sudo_mode != MODE_RUN) { @@ -267,10 +267,10 @@ main(int argc, char *argv[]) strlcpy(cwdbuf, "/", sizeof(cwdbuf)); user_cwd = cwdbuf; - if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) + if ((user_ctx.pw = sudo_getpwnam(user_name)) == NULL) sudo_fatalx(U_("unknown user %s"), user_name); - user_uid = sudo_user.pw->pw_uid; - user_gid = sudo_user.pw->pw_gid; + user_uid = user_ctx.pw->pw_uid; + user_gid = user_ctx.pw->pw_gid; if (user_host == NULL) { if ((user_host = sudo_gethostname()) == NULL) @@ -380,7 +380,7 @@ main(int argc, char *argv[]) testsudoers_nss.parse_tree = &parsed_policy; printf("\nEntries for user %s:\n", user_name); - validated = sudoers_lookup(&snl, sudo_user.pw, now, cb_lookup, NULL, + validated = sudoers_lookup(&snl, user_ctx.pw, now, cb_lookup, NULL, &status, pwflag); /* Validate user-specified chroot or cwd (if any) and runas user shell. */ diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index d6537e10e..541bc0d05 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -1163,8 +1163,8 @@ create_admin_success_flag(void) debug_return_int(true); /* Check whether the user is in the sudo or admin group. */ - if (!user_in_group(sudo_user.pw, "sudo") && - !user_in_group(sudo_user.pw, "admin")) + if (!user_in_group(user_ctx.pw, "sudo") && + !user_in_group(user_ctx.pw, "admin")) debug_return_int(true); /* Build path to flag file. */ diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 9fbc9576e..b58bbcc5e 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -108,7 +108,7 @@ extern void get_hostname(void); /* * Globals */ -struct sudo_user sudo_user; +struct sudoers_user_context user_ctx; struct passwd *list_pw; static const char *path_sudoers = _PATH_SUDOERS; static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist); @@ -258,17 +258,17 @@ main(int argc, char *argv[]) export_sudoers(path_sudoers, export_path); } - /* Mock up a fake sudo_user struct. */ + /* Mock up a fake struct sudoers_user_context. */ user_cmnd = user_base = strdup("true"); if (user_cmnd == NULL) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); if (geteuid() == 0) { const char *user = getenv("SUDO_USER"); if (user != NULL && *user != '\0') - sudo_user.pw = sudo_getpwnam(user); + user_ctx.pw = sudo_getpwnam(user); } - if (sudo_user.pw == NULL) { - if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) + if (user_ctx.pw == NULL) { + if ((user_ctx.pw = sudo_getpwuid(getuid())) == NULL) sudo_fatalx(U_("you do not exist in the %s database"), "passwd"); } get_hostname();