|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
|
Line 30
|
Line 30
|
| # include <stdlib.h> |
# include <stdlib.h> |
| # endif |
# endif |
| #endif /* STDC_HEADERS */ |
#endif /* STDC_HEADERS */ |
| |
#ifdef HAVE_STDBOOL_H |
| |
# include <stdbool.h> |
| |
#else |
| |
# include "compat/stdbool.h" |
| |
#endif /* HAVE_STDBOOL_H */ |
| #ifdef HAVE_STRING_H |
#ifdef HAVE_STRING_H |
| # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
| # include <memory.h> |
# include <memory.h> |
|
Line 65
|
Line 70
|
| # define ROOT_UID 0 |
# define ROOT_UID 0 |
| #endif |
#endif |
| |
|
| #undef TRUE |
|
| #define TRUE 1 |
|
| #undef FALSE |
|
| #define FALSE 0 |
|
| #undef ERROR |
|
| #define ERROR -1 |
|
| |
|
| static struct plugin_state { |
static struct plugin_state { |
| char **envp; |
char **envp; |
| char * const *settings; |
char * const *settings; |
|
Line 82 static sudo_printf_t sudo_log;
|
Line 80 static sudo_printf_t sudo_log;
|
| static FILE *input, *output; |
static FILE *input, *output; |
| static uid_t runas_uid = ROOT_UID; |
static uid_t runas_uid = ROOT_UID; |
| static gid_t runas_gid = -1; |
static gid_t runas_gid = -1; |
| static int use_sudoedit = FALSE; | static int use_sudoedit = false; |
| |
|
| /* |
/* |
| * Allocate storage for a name=value string and return it. |
* Allocate storage for a name=value string and return it. |
|
Line 113 fmt_string(const char *var, const char *val)
|
Line 111 fmt_string(const char *var, const char *val)
|
| static int |
static int |
| policy_open(unsigned int version, sudo_conv_t conversation, |
policy_open(unsigned int version, sudo_conv_t conversation, |
| sudo_printf_t sudo_printf, char * const settings[], |
sudo_printf_t sudo_printf, char * const settings[], |
| char * const user_info[], char * const user_env[]) | char * const user_info[], char * const user_env[], char * const args[]) |
| { |
{ |
| char * const *ui; |
char * const *ui; |
| struct passwd *pw; |
struct passwd *pw; |
|
Line 130 policy_open(unsigned int version, sudo_conv_t conversa
|
Line 128 policy_open(unsigned int version, sudo_conv_t conversa
|
| sudo_log(SUDO_CONV_ERROR_MSG, |
sudo_log(SUDO_CONV_ERROR_MSG, |
| "the sample plugin requires API version %d.x\n", |
"the sample plugin requires API version %d.x\n", |
| SUDO_API_VERSION_MAJOR); |
SUDO_API_VERSION_MAJOR); |
| return ERROR; | return -1; |
| } |
} |
| |
|
| /* Only allow commands to be run as root. */ |
/* Only allow commands to be run as root. */ |
|
Line 149 policy_open(unsigned int version, sudo_conv_t conversa
|
Line 147 policy_open(unsigned int version, sudo_conv_t conversa
|
| /* Check to see if sudo was called as sudoedit or with -e flag. */ |
/* Check to see if sudo was called as sudoedit or with -e flag. */ |
| if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { |
if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { |
| if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) |
if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) |
| use_sudoedit = TRUE; | use_sudoedit = true; |
| } |
} |
| /* This plugin doesn't support running sudo with no arguments. */ |
/* This plugin doesn't support running sudo with no arguments. */ |
| if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { |
if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { |
|
Line 229 check_passwd(void)
|
Line 227 check_passwd(void)
|
| sudo_conv(1, &msg, &repl); |
sudo_conv(1, &msg, &repl); |
| if (repl.reply == NULL) { |
if (repl.reply == NULL) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); |
| return FALSE; | return false; |
| } |
} |
| if (strcmp(repl.reply, "test") != 0) { |
if (strcmp(repl.reply, "test") != 0) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); |
| return FALSE; | return false; |
| } |
} |
| return TRUE; | return true; |
| } |
} |
| |
|
| static char ** |
static char ** |
|
Line 341 policy_check(int argc, char * const argv[],
|
Line 339 policy_check(int argc, char * const argv[],
|
| |
|
| if (!argc || argv[0] == NULL) { |
if (!argc || argv[0] == NULL) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); |
| return FALSE; | return false; |
| } |
} |
| |
|
| if (!check_passwd()) |
if (!check_passwd()) |
| return FALSE; | return false; |
| |
|
| command = find_in_path(argv[0], plugin_state.envp); |
command = find_in_path(argv[0], plugin_state.envp); |
| if (command == NULL) { |
if (command == NULL) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); |
sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); |
| return FALSE; | return false; |
| } |
} |
| |
|
| /* If "sudo vi" is run, auto-convert to sudoedit. */ |
/* If "sudo vi" is run, auto-convert to sudoedit. */ |
| if (strcmp(command, _PATH_VI) == 0) |
if (strcmp(command, _PATH_VI) == 0) |
| use_sudoedit = TRUE; | use_sudoedit = true; |
| |
|
| if (use_sudoedit) { |
if (use_sudoedit) { |
| /* Rebuild argv using editor */ |
/* Rebuild argv using editor */ |
| command = find_editor(argc - 1, argv + 1, argv_out); |
command = find_editor(argc - 1, argv + 1, argv_out); |
| if (command == NULL) { |
if (command == NULL) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); |
| return ERROR; | return -1; |
| } |
} |
| use_sudoedit = TRUE; | use_sudoedit = true; |
| } else { |
} else { |
| /* No changes needd to argv */ |
/* No changes needd to argv */ |
| *argv_out = (char **)argv; |
*argv_out = (char **)argv; |
|
Line 377 policy_check(int argc, char * const argv[],
|
Line 375 policy_check(int argc, char * const argv[],
|
| *command_info_out = build_command_info(command); |
*command_info_out = build_command_info(command); |
| if (*command_info_out == NULL) { |
if (*command_info_out == NULL) { |
| sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); |
| return ERROR; | return -1; |
| } |
} |
| |
|
| return TRUE; | return true; |
| } |
} |
| |
|
| static int |
static int |
|
Line 390 policy_list(int argc, char * const argv[], int verbose
|
Line 388 policy_list(int argc, char * const argv[], int verbose
|
| * List user's capabilities. |
* List user's capabilities. |
| */ |
*/ |
| sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); |
sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); |
| return TRUE; | return true; |
| } |
} |
| |
|
| static int |
static int |
| policy_version(int verbose) |
policy_version(int verbose) |
| { |
{ |
| sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION); |
sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION); |
| return TRUE; | return true; |
| } |
} |
| |
|
| static void |
static void |
|
Line 424 static int
|
Line 422 static int
|
| io_open(unsigned int version, sudo_conv_t conversation, |
io_open(unsigned int version, sudo_conv_t conversation, |
| sudo_printf_t sudo_printf, char * const settings[], |
sudo_printf_t sudo_printf, char * const settings[], |
| char * const user_info[], char * const command_info[], |
char * const user_info[], char * const command_info[], |
| int argc, char * const argv[], char * const user_env[]) | int argc, char * const argv[], char * const user_env[], char * const args[]) |
| { |
{ |
| int fd; |
int fd; |
| char path[PATH_MAX]; |
char path[PATH_MAX]; |
|
Line 439 io_open(unsigned int version, sudo_conv_t conversation
|
Line 437 io_open(unsigned int version, sudo_conv_t conversation
|
| (unsigned int)getpid()); |
(unsigned int)getpid()); |
| fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
| if (fd == -1) |
if (fd == -1) |
| return FALSE; | return false; |
| output = fdopen(fd, "w"); |
output = fdopen(fd, "w"); |
| |
|
| snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", |
snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", |
| (unsigned int)getpid()); |
(unsigned int)getpid()); |
| fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
| if (fd == -1) |
if (fd == -1) |
| return FALSE; | return false; |
| input = fdopen(fd, "w"); |
input = fdopen(fd, "w"); |
| |
|
| return TRUE; | return true; |
| } |
} |
| |
|
| static void |
static void |
|
Line 464 io_version(int verbose)
|
Line 462 io_version(int verbose)
|
| { |
{ |
| sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", |
sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", |
| PACKAGE_VERSION); |
PACKAGE_VERSION); |
| return TRUE; | return true; |
| } |
} |
| |
|
| static int |
static int |
| io_log_input(const char *buf, unsigned int len) |
io_log_input(const char *buf, unsigned int len) |
| { |
{ |
| fwrite(buf, len, 1, input); | ignore_result(fwrite(buf, len, 1, input)); |
| return TRUE; | return true; |
| } |
} |
| |
|
| static int |
static int |
| io_log_output(const char *buf, unsigned int len) |
io_log_output(const char *buf, unsigned int len) |
| { |
{ |
| fwrite(buf, len, 1, output); | ignore_result(fwrite(buf, len, 1, output)); |
| return TRUE; | return true; |
| } |
} |
| |
|
| struct policy_plugin sample_policy = { |
struct policy_plugin sample_policy = { |
|
Line 490 struct policy_plugin sample_policy = {
|
Line 488 struct policy_plugin sample_policy = {
|
| policy_check, |
policy_check, |
| policy_list, |
policy_list, |
| NULL, /* validate */ |
NULL, /* validate */ |
| NULL /* invalidate */ | NULL, /* invalidate */ |
| | NULL, /* init_session */ |
| | NULL, /* register_hooks */ |
| | NULL /* deregister_hooks */ |
| }; |
}; |
| |
|
| /* |
/* |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sample_plugin.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sample