version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.2, 2012/05/29 12:26:49
|
Line 30
|
Line 30
|
# include <stdlib.h> |
# include <stdlib.h> |
# endif |
# endif |
#endif /* STDC_HEADERS */ |
#endif /* STDC_HEADERS */ |
|
#ifdef HAVE_STDBOOL_H |
|
# include <stdbool.h> |
|
#else |
|
# include "compat/stdbool.h" |
|
#endif /* HAVE_STDBOOL_H */ |
#ifdef HAVE_STRING_H |
#ifdef HAVE_STRING_H |
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) |
# include <memory.h> |
# include <memory.h> |
Line 65
|
Line 70
|
# define ROOT_UID 0 |
# define ROOT_UID 0 |
#endif |
#endif |
|
|
#undef TRUE |
|
#define TRUE 1 |
|
#undef FALSE |
|
#define FALSE 0 |
|
#undef ERROR |
|
#define ERROR -1 |
|
|
|
static struct plugin_state { |
static struct plugin_state { |
char **envp; |
char **envp; |
char * const *settings; |
char * const *settings; |
Line 82 static sudo_printf_t sudo_log;
|
Line 80 static sudo_printf_t sudo_log;
|
static FILE *input, *output; |
static FILE *input, *output; |
static uid_t runas_uid = ROOT_UID; |
static uid_t runas_uid = ROOT_UID; |
static gid_t runas_gid = -1; |
static gid_t runas_gid = -1; |
static int use_sudoedit = FALSE; | static int use_sudoedit = false; |
|
|
/* |
/* |
* Allocate storage for a name=value string and return it. |
* Allocate storage for a name=value string and return it. |
Line 113 fmt_string(const char *var, const char *val)
|
Line 111 fmt_string(const char *var, const char *val)
|
static int |
static int |
policy_open(unsigned int version, sudo_conv_t conversation, |
policy_open(unsigned int version, sudo_conv_t conversation, |
sudo_printf_t sudo_printf, char * const settings[], |
sudo_printf_t sudo_printf, char * const settings[], |
char * const user_info[], char * const user_env[]) | char * const user_info[], char * const user_env[], char * const args[]) |
{ |
{ |
char * const *ui; |
char * const *ui; |
struct passwd *pw; |
struct passwd *pw; |
Line 130 policy_open(unsigned int version, sudo_conv_t conversa
|
Line 128 policy_open(unsigned int version, sudo_conv_t conversa
|
sudo_log(SUDO_CONV_ERROR_MSG, |
sudo_log(SUDO_CONV_ERROR_MSG, |
"the sample plugin requires API version %d.x\n", |
"the sample plugin requires API version %d.x\n", |
SUDO_API_VERSION_MAJOR); |
SUDO_API_VERSION_MAJOR); |
return ERROR; | return -1; |
} |
} |
|
|
/* Only allow commands to be run as root. */ |
/* Only allow commands to be run as root. */ |
Line 149 policy_open(unsigned int version, sudo_conv_t conversa
|
Line 147 policy_open(unsigned int version, sudo_conv_t conversa
|
/* Check to see if sudo was called as sudoedit or with -e flag. */ |
/* Check to see if sudo was called as sudoedit or with -e flag. */ |
if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { |
if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { |
if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) |
if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) |
use_sudoedit = TRUE; | use_sudoedit = true; |
} |
} |
/* This plugin doesn't support running sudo with no arguments. */ |
/* This plugin doesn't support running sudo with no arguments. */ |
if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { |
if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { |
Line 229 check_passwd(void)
|
Line 227 check_passwd(void)
|
sudo_conv(1, &msg, &repl); |
sudo_conv(1, &msg, &repl); |
if (repl.reply == NULL) { |
if (repl.reply == NULL) { |
sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); |
return FALSE; | return false; |
} |
} |
if (strcmp(repl.reply, "test") != 0) { |
if (strcmp(repl.reply, "test") != 0) { |
sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); |
return FALSE; | return false; |
} |
} |
return TRUE; | return true; |
} |
} |
|
|
static char ** |
static char ** |
Line 341 policy_check(int argc, char * const argv[],
|
Line 339 policy_check(int argc, char * const argv[],
|
|
|
if (!argc || argv[0] == NULL) { |
if (!argc || argv[0] == NULL) { |
sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); |
return FALSE; | return false; |
} |
} |
|
|
if (!check_passwd()) |
if (!check_passwd()) |
return FALSE; | return false; |
|
|
command = find_in_path(argv[0], plugin_state.envp); |
command = find_in_path(argv[0], plugin_state.envp); |
if (command == NULL) { |
if (command == NULL) { |
sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); |
sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); |
return FALSE; | return false; |
} |
} |
|
|
/* If "sudo vi" is run, auto-convert to sudoedit. */ |
/* If "sudo vi" is run, auto-convert to sudoedit. */ |
if (strcmp(command, _PATH_VI) == 0) |
if (strcmp(command, _PATH_VI) == 0) |
use_sudoedit = TRUE; | use_sudoedit = true; |
|
|
if (use_sudoedit) { |
if (use_sudoedit) { |
/* Rebuild argv using editor */ |
/* Rebuild argv using editor */ |
command = find_editor(argc - 1, argv + 1, argv_out); |
command = find_editor(argc - 1, argv + 1, argv_out); |
if (command == NULL) { |
if (command == NULL) { |
sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); |
return ERROR; | return -1; |
} |
} |
use_sudoedit = TRUE; | use_sudoedit = true; |
} else { |
} else { |
/* No changes needd to argv */ |
/* No changes needd to argv */ |
*argv_out = (char **)argv; |
*argv_out = (char **)argv; |
Line 377 policy_check(int argc, char * const argv[],
|
Line 375 policy_check(int argc, char * const argv[],
|
*command_info_out = build_command_info(command); |
*command_info_out = build_command_info(command); |
if (*command_info_out == NULL) { |
if (*command_info_out == NULL) { |
sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); |
sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); |
return ERROR; | return -1; |
} |
} |
|
|
return TRUE; | return true; |
} |
} |
|
|
static int |
static int |
Line 390 policy_list(int argc, char * const argv[], int verbose
|
Line 388 policy_list(int argc, char * const argv[], int verbose
|
* List user's capabilities. |
* List user's capabilities. |
*/ |
*/ |
sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); |
sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); |
return TRUE; | return true; |
} |
} |
|
|
static int |
static int |
policy_version(int verbose) |
policy_version(int verbose) |
{ |
{ |
sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION); |
sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION); |
return TRUE; | return true; |
} |
} |
|
|
static void |
static void |
Line 424 static int
|
Line 422 static int
|
io_open(unsigned int version, sudo_conv_t conversation, |
io_open(unsigned int version, sudo_conv_t conversation, |
sudo_printf_t sudo_printf, char * const settings[], |
sudo_printf_t sudo_printf, char * const settings[], |
char * const user_info[], char * const command_info[], |
char * const user_info[], char * const command_info[], |
int argc, char * const argv[], char * const user_env[]) | int argc, char * const argv[], char * const user_env[], char * const args[]) |
{ |
{ |
int fd; |
int fd; |
char path[PATH_MAX]; |
char path[PATH_MAX]; |
Line 439 io_open(unsigned int version, sudo_conv_t conversation
|
Line 437 io_open(unsigned int version, sudo_conv_t conversation
|
(unsigned int)getpid()); |
(unsigned int)getpid()); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
if (fd == -1) |
if (fd == -1) |
return FALSE; | return false; |
output = fdopen(fd, "w"); |
output = fdopen(fd, "w"); |
|
|
snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", |
snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", |
(unsigned int)getpid()); |
(unsigned int)getpid()); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); |
if (fd == -1) |
if (fd == -1) |
return FALSE; | return false; |
input = fdopen(fd, "w"); |
input = fdopen(fd, "w"); |
|
|
return TRUE; | return true; |
} |
} |
|
|
static void |
static void |
Line 464 io_version(int verbose)
|
Line 462 io_version(int verbose)
|
{ |
{ |
sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", |
sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", |
PACKAGE_VERSION); |
PACKAGE_VERSION); |
return TRUE; | return true; |
} |
} |
|
|
static int |
static int |
io_log_input(const char *buf, unsigned int len) |
io_log_input(const char *buf, unsigned int len) |
{ |
{ |
fwrite(buf, len, 1, input); | ignore_result(fwrite(buf, len, 1, input)); |
return TRUE; | return true; |
} |
} |
|
|
static int |
static int |
io_log_output(const char *buf, unsigned int len) |
io_log_output(const char *buf, unsigned int len) |
{ |
{ |
fwrite(buf, len, 1, output); | ignore_result(fwrite(buf, len, 1, output)); |
return TRUE; | return true; |
} |
} |
|
|
struct policy_plugin sample_policy = { |
struct policy_plugin sample_policy = { |
Line 490 struct policy_plugin sample_policy = {
|
Line 488 struct policy_plugin sample_policy = {
|
policy_check, |
policy_check, |
policy_list, |
policy_list, |
NULL, /* validate */ |
NULL, /* validate */ |
NULL /* invalidate */ | NULL, /* invalidate */ |
| NULL, /* init_session */ |
| NULL, /* register_hooks */ |
| NULL /* deregister_hooks */ |
}; |
}; |
|
|
/* |
/* |