|
version 1.1.1.3, 2013/07/22 10:46:11
|
version 1.1.1.5, 2014/06/15 16:12:54
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
|
Line 45
|
Line 45
|
| #include <errno.h> |
#include <errno.h> |
| #include <limits.h> |
#include <limits.h> |
| |
|
| |
#define DEFAULT_TEXT_DOMAIN "sudo" |
| |
#include "gettext.h" /* must be included before missing.h */ |
| |
|
| #define SUDO_ERROR_WRAP 0 |
#define SUDO_ERROR_WRAP 0 |
| |
|
| #include "missing.h" |
#include "missing.h" |
| #include "alloc.h" |
#include "alloc.h" |
| #include "error.h" | #include "fatal.h" |
| #include "fileops.h" |
#include "fileops.h" |
| #include "pathnames.h" |
#include "pathnames.h" |
| #include "sudo_plugin.h" |
#include "sudo_plugin.h" |
| #include "sudo_conf.h" |
#include "sudo_conf.h" |
| #include "sudo_debug.h" |
#include "sudo_debug.h" |
| |
#include "sudo_util.h" |
| #include "secure_path.h" |
#include "secure_path.h" |
| |
|
| #define DEFAULT_TEXT_DOMAIN "sudo" |
|
| #include "gettext.h" |
|
| |
|
| #ifdef __TANDEM |
#ifdef __TANDEM |
| # define ROOT_UID 65535 |
# define ROOT_UID 65535 |
| #else |
#else |
| # define ROOT_UID 0 |
# define ROOT_UID 0 |
| #endif |
#endif |
| |
|
| extern bool atobool(const char *str); /* atobool.c */ |
|
| |
|
| struct sudo_conf_table { |
struct sudo_conf_table { |
| const char *name; |
const char *name; |
| unsigned int namelen; |
unsigned int namelen; |
|
Line 87 static void set_variable(const char *entry, const char
|
Line 86 static void set_variable(const char *entry, const char
|
| static void set_var_disable_coredump(const char *entry, const char *conf_file); |
static void set_var_disable_coredump(const char *entry, const char *conf_file); |
| static void set_var_group_source(const char *entry, const char *conf_file); |
static void set_var_group_source(const char *entry, const char *conf_file); |
| static void set_var_max_groups(const char *entry, const char *conf_file); |
static void set_var_max_groups(const char *entry, const char *conf_file); |
| |
static void set_var_probe_interfaces(const char *entry, const char *conf_file); |
| |
|
| static unsigned int conf_lineno; |
static unsigned int conf_lineno; |
| |
|
|
Line 102 static struct sudo_conf_table sudo_conf_table_vars[] =
|
Line 102 static struct sudo_conf_table sudo_conf_table_vars[] =
|
| { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, |
{ "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, |
| { "group_source", sizeof("group_source") - 1, set_var_group_source }, |
{ "group_source", sizeof("group_source") - 1, set_var_group_source }, |
| { "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, |
{ "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, |
| |
{ "probe_interfaces", sizeof("probe_interfaces") - 1, set_var_probe_interfaces }, |
| { NULL } |
{ NULL } |
| }; |
}; |
| |
|
| static struct sudo_conf_data { |
static struct sudo_conf_data { |
| bool disable_coredump; |
bool disable_coredump; |
| |
bool probe_interfaces; |
| int group_source; |
int group_source; |
| int max_groups; |
int max_groups; |
| const char *debug_flags; |
const char *debug_flags; |
| struct sudo_conf_paths paths[4]; |
|
| struct plugin_info_list plugins; |
struct plugin_info_list plugins; |
| |
struct sudo_conf_paths paths[5]; |
| } sudo_conf_data = { |
} sudo_conf_data = { |
| true, |
true, |
| |
true, |
| GROUP_SOURCE_ADAPTIVE, |
GROUP_SOURCE_ADAPTIVE, |
| -1, |
-1, |
| NULL, |
NULL, |
| |
TAILQ_HEAD_INITIALIZER(sudo_conf_data.plugins), |
| { |
{ |
| #define SUDO_CONF_ASKPASS_IDX 0 |
#define SUDO_CONF_ASKPASS_IDX 0 |
| { "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS }, |
{ "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS }, |
|
Line 126 static struct sudo_conf_data {
|
Line 130 static struct sudo_conf_data {
|
| #define SUDO_CONF_NOEXEC_IDX 2 |
#define SUDO_CONF_NOEXEC_IDX 2 |
| { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, |
{ "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, |
| #endif |
#endif |
| |
#ifdef _PATH_SUDO_PLUGIN_DIR |
| |
#define SUDO_CONF_PLUGIN_IDX 3 |
| |
{ "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR }, |
| |
#endif |
| { NULL } |
{ NULL } |
| } |
} |
| }; |
}; |
|
Line 169 set_var_group_source(const char *entry, const char *co
|
Line 177 set_var_group_source(const char *entry, const char *co
|
| } else if (strcasecmp(entry, "dynamic") == 0) { |
} else if (strcasecmp(entry, "dynamic") == 0) { |
| sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC; |
sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC; |
| } else { |
} else { |
| warningx(_("unsupported group source `%s' in %s, line %d"), entry, | warningx(U_("unsupported group source `%s' in %s, line %d"), entry, |
| conf_file, conf_lineno); |
conf_file, conf_lineno); |
| } |
} |
| } |
} |
|
Line 177 set_var_group_source(const char *entry, const char *co
|
Line 185 set_var_group_source(const char *entry, const char *co
|
| static void |
static void |
| set_var_max_groups(const char *entry, const char *conf_file) |
set_var_max_groups(const char *entry, const char *conf_file) |
| { |
{ |
| long lval; | int max_groups; |
| char *ep; | |
| |
|
| lval = strtol(entry, &ep, 10); | max_groups = strtonum(entry, 1, INT_MAX, NULL); |
| if (*entry == '\0' || *ep != '\0' || lval < 0 || lval > INT_MAX || | if (max_groups > 0) { |
| (errno == ERANGE && lval == LONG_MAX)) { | sudo_conf_data.max_groups = max_groups; |
| warningx(_("invalid max groups `%s' in %s, line %d"), entry, | |
| conf_file, conf_lineno); | |
| } else { |
} else { |
| sudo_conf_data.max_groups = (int)lval; | warningx(U_("invalid max groups `%s' in %s, line %d"), entry, |
| | conf_file, conf_lineno); |
| } |
} |
| } |
} |
| |
|
| |
static void |
| |
set_var_probe_interfaces(const char *entry, const char *conf_file) |
| |
{ |
| |
int val = atobool(entry); |
| |
|
| |
if (val != -1) |
| |
sudo_conf_data.probe_interfaces = val; |
| |
} |
| |
|
| /* |
/* |
| * "Debug progname debug_file debug_flags" |
* "Debug progname debug_file debug_flags" |
| */ |
*/ |
|
Line 298 set_plugin(const char *entry, const char *conf_file)
|
Line 313 set_plugin(const char *entry, const char *conf_file)
|
| info->symbol_name = estrndup(name, namelen); |
info->symbol_name = estrndup(name, namelen); |
| info->path = estrndup(path, pathlen); |
info->path = estrndup(path, pathlen); |
| info->options = options; |
info->options = options; |
| info->prev = info; |
|
| /* info->next = NULL; */ |
|
| info->lineno = conf_lineno; |
info->lineno = conf_lineno; |
| tq_append(&sudo_conf_data.plugins, info); | TAILQ_INSERT_TAIL(&sudo_conf_data.plugins, info, entries); |
| } |
} |
| |
|
| const char * |
const char * |
|
Line 324 sudo_conf_noexec_path(void)
|
Line 337 sudo_conf_noexec_path(void)
|
| } |
} |
| #endif |
#endif |
| |
|
| |
#ifdef _PATH_SUDO_PLUGIN_DIR |
| const char * |
const char * |
| |
sudo_conf_plugin_dir_path(void) |
| |
{ |
| |
return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval; |
| |
} |
| |
#endif |
| |
|
| |
const char * |
| sudo_conf_debug_flags(void) |
sudo_conf_debug_flags(void) |
| { |
{ |
| return sudo_conf_data.debug_flags; |
return sudo_conf_data.debug_flags; |
|
Line 354 sudo_conf_disable_coredump(void)
|
Line 375 sudo_conf_disable_coredump(void)
|
| return sudo_conf_data.disable_coredump; |
return sudo_conf_data.disable_coredump; |
| } |
} |
| |
|
| |
bool |
| |
sudo_conf_probe_interfaces(void) |
| |
{ |
| |
return sudo_conf_data.probe_interfaces; |
| |
} |
| |
|
| /* |
/* |
| * Reads in /etc/sudo.conf and populates sudo_conf_data. |
* Reads in /etc/sudo.conf and populates sudo_conf_data. |
| */ |
*/ |
|
Line 379 sudo_conf_read(const char *conf_file)
|
Line 406 sudo_conf_read(const char *conf_file)
|
| case SUDO_PATH_MISSING: |
case SUDO_PATH_MISSING: |
| /* Root should always be able to read sudo.conf. */ |
/* Root should always be able to read sudo.conf. */ |
| if (errno != ENOENT && geteuid() == ROOT_UID) |
if (errno != ENOENT && geteuid() == ROOT_UID) |
| warning(_("unable to stat %s"), conf_file); | warning(U_("unable to stat %s"), conf_file); |
| goto done; |
goto done; |
| case SUDO_PATH_BAD_TYPE: |
case SUDO_PATH_BAD_TYPE: |
| warningx(_("%s is not a regular file"), conf_file); | warningx(U_("%s is not a regular file"), conf_file); |
| goto done; |
goto done; |
| case SUDO_PATH_WRONG_OWNER: |
case SUDO_PATH_WRONG_OWNER: |
| warningx(_("%s is owned by uid %u, should be %u"), | warningx(U_("%s is owned by uid %u, should be %u"), |
| conf_file, (unsigned int) sb.st_uid, ROOT_UID); |
conf_file, (unsigned int) sb.st_uid, ROOT_UID); |
| goto done; |
goto done; |
| case SUDO_PATH_WORLD_WRITABLE: |
case SUDO_PATH_WORLD_WRITABLE: |
| warningx(_("%s is world writable"), conf_file); | warningx(U_("%s is world writable"), conf_file); |
| goto done; |
goto done; |
| case SUDO_PATH_GROUP_WRITABLE: |
case SUDO_PATH_GROUP_WRITABLE: |
| warningx(_("%s is group writable"), conf_file); | warningx(U_("%s is group writable"), conf_file); |
| goto done; |
goto done; |
| default: |
default: |
| /* NOTREACHED */ |
/* NOTREACHED */ |
|
Line 402 sudo_conf_read(const char *conf_file)
|
Line 429 sudo_conf_read(const char *conf_file)
|
| |
|
| if ((fp = fopen(conf_file, "r")) == NULL) { |
if ((fp = fopen(conf_file, "r")) == NULL) { |
| if (errno != ENOENT && geteuid() == ROOT_UID) |
if (errno != ENOENT && geteuid() == ROOT_UID) |
| warning(_("unable to open %s"), conf_file); | warning(U_("unable to open %s"), conf_file); |
| goto done; |
goto done; |
| } |
} |
| |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo_conf.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / common