version 1.1.1.3, 2012/10/09 09:29:52
|
version 1.1.1.4, 2013/07/22 10:46:12
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
Line 21
|
Line 21
|
#include <config.h> |
#include <config.h> |
|
|
#include <sys/types.h> |
#include <sys/types.h> |
#include <sys/param.h> |
|
#include <sys/stat.h> |
#include <sys/stat.h> |
#include <stdio.h> |
#include <stdio.h> |
#ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
Line 112 set_perms(int perm)
|
Line 111 set_perms(int perm)
|
{ |
{ |
struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
char errbuf[1024]; |
char errbuf[1024]; |
|
const char *errstr = errbuf; |
int noexit; |
int noexit; |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
|
|
Line 119 set_perms(int perm)
|
Line 119 set_perms(int perm)
|
CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
|
|
if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 127 set_perms(int perm)
|
Line 127 set_perms(int perm)
|
state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 139 set_perms(int perm)
|
Line 139 set_perms(int perm)
|
/* Stash initial state */ |
/* Stash initial state */ |
#ifdef HAVE_GETRESUID |
#ifdef HAVE_GETRESUID |
if (getresuid(&state->ruid, &state->euid, &state->suid)) { |
if (getresuid(&state->ruid, &state->euid, &state->suid)) { |
strlcpy(errbuf, "PERM_INITIAL: getresuid", sizeof(errbuf)); | errstr = "PERM_INITIAL: getresuid"; |
goto bad; |
goto bad; |
|
|
} |
} |
if (getresgid(&state->rgid, &state->egid, &state->sgid)) { |
if (getresgid(&state->rgid, &state->egid, &state->sgid)) { |
strlcpy(errbuf, "PERM_INITIAL: getresgid", sizeof(errbuf)); | errstr = "PERM_INITIAL: getresgid"; |
goto bad; |
goto bad; |
} |
} |
#else |
#else |
Line 179 set_perms(int perm)
|
Line 179 set_perms(int perm)
|
goto bad; |
goto bad; |
} |
} |
state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
state->egid = ostate->egid; | state->egid = ROOT_GID; |
state->sgid = ostate->sgid; |
state->sgid = ostate->sgid; |
|
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
|
"[%d, %d, %d] -> [%d, %d, %d]", __func__, |
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
|
(int)state->rgid, (int)state->egid, (int)state->sgid); |
|
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
|
errstr = N_("unable to change to root gid"); |
|
goto bad; |
|
} |
state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
break; |
break; |
Line 202 set_perms(int perm)
|
Line 210 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 239 set_perms(int perm)
|
Line 247 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 267 set_perms(int perm)
|
Line 275 set_perms(int perm)
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
goto bad; |
goto bad; |
} |
} |
state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
Line 279 set_perms(int perm)
|
Line 287 set_perms(int perm)
|
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)state->ruid, (int)state->euid, (int)state->suid); |
(int)state->ruid, (int)state->euid, (int)state->suid); |
if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { |
if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { |
strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
goto bad; |
goto bad; |
} |
} |
break; |
break; |
Line 297 set_perms(int perm)
|
Line 305 set_perms(int perm)
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
goto bad; |
goto bad; |
} |
} |
|
|
Line 349 set_perms(int perm)
|
Line 357 set_perms(int perm)
|
perm_stack_depth++; |
perm_stack_depth++; |
debug_return_bool(1); |
debug_return_bool(1); |
bad: |
bad: |
warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
if (noexit) |
if (noexit) |
debug_return_bool(0); |
debug_return_bool(0); |
Line 426 set_perms(int perm)
|
Line 434 set_perms(int perm)
|
{ |
{ |
struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
char errbuf[1024]; |
char errbuf[1024]; |
|
const char *errstr = errbuf; |
int noexit; |
int noexit; |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
|
|
Line 433 set_perms(int perm)
|
Line 442 set_perms(int perm)
|
CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
|
|
if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 441 set_perms(int perm)
|
Line 450 set_perms(int perm)
|
state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 481 set_perms(int perm)
|
Line 490 set_perms(int perm)
|
goto bad; |
goto bad; |
} |
} |
state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
state->egid = ostate->egid; | state->egid = ROOT_GID; |
state->sgid = ostate->sgid; |
state->sgid = ostate->sgid; |
|
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
|
"[%d, %d, %d] -> [%d, %d, %d]", __func__, |
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
|
(int)state->rgid, (int)state->egid, (int)state->sgid); |
|
if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) { |
|
errstr = N_("unable to change to root gid"); |
|
goto bad; |
|
} |
state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
break; |
break; |
Line 504 set_perms(int perm)
|
Line 521 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 549 set_perms(int perm)
|
Line 566 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 577 set_perms(int perm)
|
Line 594 set_perms(int perm)
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { |
strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
goto bad; |
goto bad; |
} |
} |
state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
Line 589 set_perms(int perm)
|
Line 606 set_perms(int perm)
|
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)state->ruid, (int)state->euid, (int)state->suid); |
(int)state->ruid, (int)state->euid, (int)state->suid); |
if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { |
if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { |
strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
goto bad; |
goto bad; |
} |
} |
break; |
break; |
Line 607 set_perms(int perm)
|
Line 624 set_perms(int perm)
|
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { |
strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
goto bad; |
goto bad; |
} |
} |
|
|
Line 677 set_perms(int perm)
|
Line 694 set_perms(int perm)
|
perm_stack_depth++; |
perm_stack_depth++; |
debug_return_bool(1); |
debug_return_bool(1); |
bad: |
bad: |
warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
if (noexit) |
if (noexit) |
debug_return_bool(0); |
debug_return_bool(0); |
Line 818 set_perms(int perm)
|
Line 835 set_perms(int perm)
|
{ |
{ |
struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
char errbuf[1024]; |
char errbuf[1024]; |
|
const char *errstr = errbuf; |
int noexit; |
int noexit; |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
|
|
Line 825 set_perms(int perm)
|
Line 843 set_perms(int perm)
|
CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
|
|
if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 833 set_perms(int perm)
|
Line 851 set_perms(int perm)
|
state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 879 set_perms(int perm)
|
Line 897 set_perms(int perm)
|
} |
} |
} |
} |
state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
state->egid = ostate->rgid; | state->egid = ROOT_GID; |
| sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, (int)state->rgid, (int)state->egid); |
| if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
| snprintf(errbuf, sizeof(errbuf), |
| "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid)); |
| goto bad; |
| } |
state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
break; |
break; |
Line 899 set_perms(int perm)
|
Line 925 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 931 set_perms(int perm)
|
Line 957 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 954 set_perms(int perm)
|
Line 980 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
goto bad; |
goto bad; |
} |
} |
state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
Line 964 set_perms(int perm)
|
Line 990 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { |
if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { |
strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
goto bad; |
goto bad; |
} |
} |
break; |
break; |
Line 980 set_perms(int perm)
|
Line 1006 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
goto bad; |
goto bad; |
} |
} |
|
|
Line 1025 set_perms(int perm)
|
Line 1051 set_perms(int perm)
|
perm_stack_depth++; |
perm_stack_depth++; |
debug_return_bool(1); |
debug_return_bool(1); |
bad: |
bad: |
warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
if (noexit) |
if (noexit) |
debug_return_bool(0); |
debug_return_bool(0); |
Line 1059 restore_perms(void)
|
Line 1085 restore_perms(void)
|
if (OID(euid) == ROOT_UID) { |
if (OID(euid) == ROOT_UID) { |
/* setuid() may not set the saved ID unless the euid is ROOT_UID */ |
/* setuid() may not set the saved ID unless the euid is ROOT_UID */ |
if (ID(euid) != ROOT_UID) |
if (ID(euid) != ROOT_UID) |
(void)setreuid(-1, ROOT_UID); | ignore_result(setreuid(-1, ROOT_UID)); |
if (setuid(ROOT_UID)) { |
if (setuid(ROOT_UID)) { |
warning("setuid() [%d, %d] -> %d)", (int)state->ruid, |
warning("setuid() [%d, %d] -> %d)", (int)state->ruid, |
(int)state->euid, ROOT_UID); |
(int)state->euid, ROOT_UID); |
Line 1104 set_perms(int perm)
|
Line 1130 set_perms(int perm)
|
{ |
{ |
struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
char errbuf[1024]; |
char errbuf[1024]; |
|
const char *errstr = errbuf; |
int noexit; |
int noexit; |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
|
|
Line 1111 set_perms(int perm)
|
Line 1138 set_perms(int perm)
|
CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
|
|
if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 1119 set_perms(int perm)
|
Line 1146 set_perms(int perm)
|
state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 1165 set_perms(int perm)
|
Line 1192 set_perms(int perm)
|
state->ruid = ROOT_UID; |
state->ruid = ROOT_UID; |
state->euid = ROOT_UID; |
state->euid = ROOT_UID; |
state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
state->egid = ostate->egid; | state->egid = ROOT_GID; |
| sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, ROOT_GID, ROOT_GID); |
| if (GID_CHANGED && setegid(ROOT_GID)) { |
| errstr = N_("unable to change to root gid"); |
| goto bad; |
| } |
state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
break; |
break; |
Line 1185 set_perms(int perm)
|
Line 1219 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 1217 set_perms(int perm)
|
Line 1251 set_perms(int perm)
|
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
Line 1240 set_perms(int perm)
|
Line 1274 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
if (GID_CHANGED && setegid(state->egid)) { |
if (GID_CHANGED && setegid(state->egid)) { |
strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
goto bad; |
goto bad; |
} |
} |
state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
Line 1250 set_perms(int perm)
|
Line 1284 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
if (seteuid(state->euid)) { |
if (seteuid(state->euid)) { |
strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
goto bad; |
goto bad; |
} |
} |
break; |
break; |
Line 1266 set_perms(int perm)
|
Line 1300 set_perms(int perm)
|
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
if (GID_CHANGED && setegid(sudoers_gid)) { |
if (GID_CHANGED && setegid(sudoers_gid)) { |
strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
goto bad; |
goto bad; |
} |
} |
|
|
Line 1311 set_perms(int perm)
|
Line 1345 set_perms(int perm)
|
perm_stack_depth++; |
perm_stack_depth++; |
debug_return_bool(1); |
debug_return_bool(1); |
bad: |
bad: |
warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
if (noexit) |
if (noexit) |
debug_return_bool(0); |
debug_return_bool(0); |
Line 1386 set_perms(int perm)
|
Line 1420 set_perms(int perm)
|
{ |
{ |
struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
char errbuf[1024]; |
char errbuf[1024]; |
|
const char *errstr = errbuf; |
int noexit; |
int noexit; |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
|
|
Line 1393 set_perms(int perm)
|
Line 1428 set_perms(int perm)
|
CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
|
|
if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 1401 set_perms(int perm)
|
Line 1436 set_perms(int perm)
|
state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
errno = EINVAL; |
errno = EINVAL; |
goto bad; |
goto bad; |
} |
} |
Line 1421 set_perms(int perm)
|
Line 1456 set_perms(int perm)
|
|
|
case PERM_ROOT: |
case PERM_ROOT: |
state->ruid = ROOT_UID; |
state->ruid = ROOT_UID; |
state->rgid = ostate->rgid; | state->rgid = ROOT_GID; |
state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " |
Line 1430 set_perms(int perm)
|
Line 1465 set_perms(int perm)
|
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); |
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); |
goto bad; |
goto bad; |
} |
} |
|
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
|
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
|
if (setgid(ROOT_GID)) { |
|
errstr = N_("unable to change to root gid"); |
|
goto bad; |
|
} |
break; |
break; |
|
|
case PERM_FULL_USER: |
case PERM_FULL_USER: |
state->rgid = user_gid; |
state->rgid = user_gid; |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " |
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
(void) setgid(user_gid); |
(void) setgid(user_gid); |
state->grlist = user_group_list; |
state->grlist = user_group_list; |
sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
goto bad; |
goto bad; |
} |
} |
} |
} |
state->ruid = user_uid; |
state->ruid = user_uid; |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " |
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); |
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); |
if (setuid(user_uid)) { |
if (setuid(user_uid)) { |
snprintf(errbuf, sizeof(errbuf), |
snprintf(errbuf, sizeof(errbuf), |
Line 1470 set_perms(int perm)
|
Line 1511 set_perms(int perm)
|
perm_stack_depth++; |
perm_stack_depth++; |
debug_return_bool(1); |
debug_return_bool(1); |
bad: |
bad: |
warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
if (noexit) |
if (noexit) |
debug_return_bool(0); |
debug_return_bool(0); |
Line 1539 runas_setgroups(void)
|
Line 1580 runas_setgroups(void)
|
aix_restoreauthdb(); |
aix_restoreauthdb(); |
#endif |
#endif |
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) |
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) |
log_fatal(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector")); | log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector")); |
debug_return_ptr(grlist); |
debug_return_ptr(grlist); |
} |
} |
#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ |
#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ |