mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity

Instead of checking the domain name explicitly for "(none)", just

Browse Source 
check for illegal characters.
This commit is contained in:
Todd C. Miller 2013-04-01 13:56:42 -04:00
parent 328994740e
commit e23ebd53c3
2 changed files with 35 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -81,6 +81,10 @@ What's new in Sudo 1.8.7?
* Dutch translation for sudo and sudoers from translationproject.org. * Dutch translation for sudo and sudoers from translationproject.org.
* The sudoers plugin will now ignore invalid domain names when
checking netgroup membership. Some Linux systems use the string
"(none)" for the NIS-style domain name instead of an empty string.
What's new in Sudo 1.8.6p7? What's new in Sudo 1.8.6p7?
* A time stamp file with the date set to the epoch by "sudo -k" * A time stamp file with the date set to the epoch by "sudo -k"

41
plugins/sudoers/match.c
View File

@ -764,6 +764,34 @@ done:
debug_return_bool(matched); debug_return_bool(matched);
} }
#ifdef HAVE_INNETGR
/*
* Get NIS-style domain name and return a malloc()ed copy or NULL if none.
*/
static char *
sudo_getdomainname(void)
{
#ifdef HAVE_GETDOMAINNAME
char *buf, *cp, *domain = NULL;
buf = emalloc(HOST_NAME_MAX + 1);
if (getdomainname(buf, HOST_NAME_MAX + 1) == 0 && *buf != '\0') {
domain = buf;
for (cp = buf; *cp != '\0'; cp++) {
/* Check for illegal characters, Linux may use "(none)". */
if (*cp == '(' || *cp == ')' || *cp == ',' || *cp == ' ') {
domain = NULL;
break;
}
}
}
if (domain == NULL)
efree(buf);
#endif /* HAVE_GETDOMAINNAME */
return domain;
}
#endif /* HAVE_INNETGR */
/* /*
* Returns true if "host" and "user" belong to the netgroup "netgr", * Returns true if "host" and "user" belong to the netgroup "netgr",
* else return false. Either of "host", "shost" or "user" may be NULL * else return false. Either of "host", "shost" or "user" may be NULL
@ -774,30 +802,23 @@ done:
bool bool
netgr_matches(char *netgr, char *lhost, char *shost, char *user) netgr_matches(char *netgr, char *lhost, char *shost, char *user)
{ {
#ifdef HAVE_INNETGR
static char *domain; static char *domain;
#ifdef HAVE_GETDOMAINNAME
static int initialized; static int initialized;
#endif #endif
debug_decl(netgr_matches, SUDO_DEBUG_MATCH) debug_decl(netgr_matches, SUDO_DEBUG_MATCH)
#ifdef HAVE_INNETGR
/* make sure we have a valid netgroup, sudo style */ /* make sure we have a valid netgroup, sudo style */
if (*netgr++ != '+') if (*netgr++ != '+')
debug_return_bool(false); debug_return_bool(false);
#ifdef HAVE_GETDOMAINNAME
/* get the domain name (if any) */ /* get the domain name (if any) */
if (!initialized) { if (!initialized) {
domain = (char *) emalloc(HOST_NAME_MAX + 1); domain = sudo_getdomainname();
if (getdomainname(domain, HOST_NAME_MAX + 1) == -1 || *domain == '\0' ||
strcmp(domain, "(none)") == 0) {
efree(domain);
domain = NULL;
}
initialized = 1; initialized = 1;
} }
#endif /* HAVE_GETDOMAINNAME */
#ifdef HAVE_INNETGR
if (innetgr(netgr, lhost, user, domain)) if (innetgr(netgr, lhost, user, domain))
debug_return_bool(true); debug_return_bool(true);
else if (lhost != shost && innetgr(netgr, shost, user, domain)) else if (lhost != shost && innetgr(netgr, shost, user, domain))