embedaddon/sudo/plugins/sample/sample_plugin.c - diff

Return to sample_plugin.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sample

Diff for /embedaddon/sudo/plugins/sample/sample_plugin.c between versions 1.1.1.1 and 1.1.1.5

version 1.1.1.1, 2012/02/21 16:23:02	version 1.1.1.5, 2014/06/15 16:12:54
Line 1	Line 1
/*	/*
* Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>	* Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*	*
* Permission to use, copy, modify, and distribute this software for any	* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above	* purpose with or without fee is hereby granted, provided that the above
Line 17	Line 17
#include <config.h>	#include <config.h>

#include <sys/types.h>	#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>	#include <sys/stat.h>
#include <sys/wait.h>	#include <sys/wait.h>

Line 30	Line 29
# include <stdlib.h>	# include <stdlib.h>
# endif	# endif
#endif /* STDC_HEADERS */	#endif /* STDC_HEADERS */
	#ifdef HAVE_STDBOOL_H
	# include <stdbool.h>
	#else
	# include "compat/stdbool.h"
	#endif /* HAVE_STDBOOL_H */
#ifdef HAVE_STRING_H	#ifdef HAVE_STRING_H
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)	# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
# include <memory.h>	# include <memory.h>
Line 51	Line 55

#include <pathnames.h>	#include <pathnames.h>
#include "sudo_plugin.h"	#include "sudo_plugin.h"
	#include "sudo_util.h"
#include "missing.h"	#include "missing.h"

/*	/*
Line 65	Line 70
# define ROOT_UID 0	# define ROOT_UID 0
#endif	#endif

#undef TRUE
#define TRUE 1
#undef FALSE
#define FALSE 0
#undef ERROR
#define ERROR -1

static struct plugin_state {	static struct plugin_state {
char **envp;	char **envp;
char * const *settings;	char * const *settings;
Line 82 static sudo_printf_t sudo_log;	Line 80 static sudo_printf_t sudo_log;
static FILE input, output;	static FILE input, output;
static uid_t runas_uid = ROOT_UID;	static uid_t runas_uid = ROOT_UID;
static gid_t runas_gid = -1;	static gid_t runas_gid = -1;
static int use_sudoedit = FALSE;	static int use_sudoedit = false;

/*	/*
* Allocate storage for a name=value string and return it.	* Allocate storage for a name=value string and return it.
Line 113 fmt_string(const char var, const char val)	Line 111 fmt_string(const char var, const char val)
static int	static int
policy_open(unsigned int version, sudo_conv_t conversation,	policy_open(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],	sudo_printf_t sudo_printf, char * const settings[],
char * const user_info[], char * const user_env[])	char * const user_info[], char * const user_env[], char * const args[])
{	{
char * const *ui;	char * const *ui;
struct passwd *pw;	struct passwd *pw;
Line 130 policy_open(unsigned int version, sudo_conv_t conversa	Line 128 policy_open(unsigned int version, sudo_conv_t conversa
sudo_log(SUDO_CONV_ERROR_MSG,	sudo_log(SUDO_CONV_ERROR_MSG,
"the sample plugin requires API version %d.x\n",	"the sample plugin requires API version %d.x\n",
SUDO_API_VERSION_MAJOR);	SUDO_API_VERSION_MAJOR);
return ERROR;	return -1;
}	}

/* Only allow commands to be run as root. */	/* Only allow commands to be run as root. */
Line 141 policy_open(unsigned int version, sudo_conv_t conversa	Line 139 policy_open(unsigned int version, sudo_conv_t conversa
if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {	if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {
runas_group = *ui + sizeof("runas_group=") - 1;	runas_group = *ui + sizeof("runas_group=") - 1;
}	}
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {	if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {
setprogname(*ui + sizeof("progname=") - 1);	initprogname(*ui + sizeof("progname=") - 1);
}	}
#endif
/* Check to see if sudo was called as sudoedit or with -e flag. */	/* Check to see if sudo was called as sudoedit or with -e flag. */
if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {	if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {
if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)	if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)
use_sudoedit = TRUE;	use_sudoedit = true;
}	}
/* This plugin doesn't support running sudo with no arguments. */	/* This plugin doesn't support running sudo with no arguments. */
if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {	if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {
Line 229 check_passwd(void)	Line 225 check_passwd(void)
sudo_conv(1, &msg, &repl);	sudo_conv(1, &msg, &repl);
if (repl.reply == NULL) {	if (repl.reply == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n");	sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n");
return FALSE;	return false;
}	}
if (strcmp(repl.reply, "test") != 0) {	if (strcmp(repl.reply, "test") != 0) {
sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n");	sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n");
return FALSE;	return false;
}	}
return TRUE;	return true;
}	}

static char **	static char **
build_command_info(char *command)	build_command_info(const char *command)
{	{
static char **command_info;	static char **command_info;
int i = 0;	int i = 0;
Line 308 find_editor(int nfiles, char * const files[], char **a	Line 304 find_editor(int nfiles, char * const files[], char **a
cp = strtok(editor, " \t");	cp = strtok(editor, " \t");
if (cp == NULL \|\|	if (cp == NULL \|\|
(editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {	(editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
	free(editor);
return NULL;	return NULL;
}	}
	if (editor_path != editor)
	free(editor);
nargv = (char *) malloc((nargc + 1 + nfiles + 1) sizeof(char *));	nargv = (char *) malloc((nargc + 1 + nfiles + 1) sizeof(char *));
if (nargv == NULL) {	if (nargv == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");	sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
	free(editor_path);
return NULL;	return NULL;
}	}
for (ac = 0; cp != NULL && ac < nargc; ac++) {	for (ac = 0; cp != NULL && ac < nargc; ac++) {
Line 341 policy_check(int argc, char * const argv[],	Line 341 policy_check(int argc, char * const argv[],

if (!argc \|\| argv[0] == NULL) {	if (!argc \|\| argv[0] == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");	sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");
return FALSE;	return false;
}	}

if (!check_passwd())	if (!check_passwd())
return FALSE;	return false;

command = find_in_path(argv[0], plugin_state.envp);	command = find_in_path(argv[0], plugin_state.envp);
if (command == NULL) {	if (command == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);	sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);
return FALSE;	return false;
}	}

/* If "sudo vi" is run, auto-convert to sudoedit. */	/* If "sudo vi" is run, auto-convert to sudoedit. */
if (strcmp(command, _PATH_VI) == 0)	if (strcmp(command, _PATH_VI) == 0)
use_sudoedit = TRUE;	use_sudoedit = true;

if (use_sudoedit) {	if (use_sudoedit) {
/* Rebuild argv using editor */	/* Rebuild argv using editor */
	free(command);
command = find_editor(argc - 1, argv + 1, argv_out);	command = find_editor(argc - 1, argv + 1, argv_out);
if (command == NULL) {	if (command == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");	sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");
return ERROR;	return -1;
}	}
use_sudoedit = TRUE;	use_sudoedit = true;
} else {	} else {
/* No changes needd to argv */	/* No changes needd to argv */
argv_out = (char *)argv;	argv_out = (char *)argv;
Line 375 policy_check(int argc, char * const argv[],	Line 376 policy_check(int argc, char * const argv[],

/* Setup command info. */	/* Setup command info. */
*command_info_out = build_command_info(command);	*command_info_out = build_command_info(command);
	free(command);
if (*command_info_out == NULL) {	if (*command_info_out == NULL) {
sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");	sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");
return ERROR;	return -1;
}	}

return TRUE;	return true;
}	}

static int	static int
Line 390 policy_list(int argc, char * const argv[], int verbose	Line 392 policy_list(int argc, char * const argv[], int verbose
* List user's capabilities.	* List user's capabilities.
*/	*/
sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n");	sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n");
return TRUE;	return true;
}	}

static int	static int
policy_version(int verbose)	policy_version(int verbose)
{	{
sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION);	sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION);
return TRUE;	return true;
}	}

static void	static void
Line 424 static int	Line 426 static int
io_open(unsigned int version, sudo_conv_t conversation,	io_open(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],	sudo_printf_t sudo_printf, char * const settings[],
char * const user_info[], char * const command_info[],	char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[])	int argc, char * const argv[], char * const user_env[], char * const args[])
{	{
int fd;	int fd;
char path[PATH_MAX];	char path[PATH_MAX];
Line 439 io_open(unsigned int version, sudo_conv_t conversation	Line 441 io_open(unsigned int version, sudo_conv_t conversation
(unsigned int)getpid());	(unsigned int)getpid());
fd = open(path, O_WRONLY\|O_CREAT\|O_EXCL, 0644);	fd = open(path, O_WRONLY\|O_CREAT\|O_EXCL, 0644);
if (fd == -1)	if (fd == -1)
return FALSE;	return false;
output = fdopen(fd, "w");	output = fdopen(fd, "w");

snprintf(path, sizeof(path), "/var/tmp/sample-%u.input",	snprintf(path, sizeof(path), "/var/tmp/sample-%u.input",
(unsigned int)getpid());	(unsigned int)getpid());
fd = open(path, O_WRONLY\|O_CREAT\|O_EXCL, 0644);	fd = open(path, O_WRONLY\|O_CREAT\|O_EXCL, 0644);
if (fd == -1)	if (fd == -1)
return FALSE;	return false;
input = fdopen(fd, "w");	input = fdopen(fd, "w");

return TRUE;	return true;
}	}

static void	static void
Line 464 io_version(int verbose)	Line 466 io_version(int verbose)
{	{
sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n",	sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n",
PACKAGE_VERSION);	PACKAGE_VERSION);
return TRUE;	return true;
}	}

static int	static int
io_log_input(const char *buf, unsigned int len)	io_log_input(const char *buf, unsigned int len)
{	{
fwrite(buf, len, 1, input);	ignore_result(fwrite(buf, len, 1, input));
return TRUE;	return true;
}	}

static int	static int
io_log_output(const char *buf, unsigned int len)	io_log_output(const char *buf, unsigned int len)
{	{
fwrite(buf, len, 1, output);	ignore_result(fwrite(buf, len, 1, output));
return TRUE;	return true;
}	}

struct policy_plugin sample_policy = {	struct policy_plugin sample_policy = {
Line 490 struct policy_plugin sample_policy = {	Line 492 struct policy_plugin sample_policy = {
policy_check,	policy_check,
policy_list,	policy_list,
NULL, /* validate */	NULL, /* validate */
NULL /* invalidate */	NULL, /* invalidate */
	NULL, /* init_session */
	NULL, /* register_hooks */
	NULL /* deregister_hooks */
};	};

/*	/*
* Note: This plugin does not differentiate between tty and pipe I/O.	* Note: This plugin does not differentiate between tty and pipe I/O.
* It all gets logged to the same file.	* It all gets logged to the same file.
*/	*/
struct io_plugin sample_io = {	__dso_public struct io_plugin sample_io = {
SUDO_IO_PLUGIN,	SUDO_IO_PLUGIN,
SUDO_API_VERSION,	SUDO_API_VERSION,
io_open,	io_open,

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.5