|
version 1.1.1.3, 2012/10/09 09:29:52
|
version 1.1.1.4, 2013/07/22 10:46:12
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
|
Line 21
|
Line 21
|
| #include <config.h> |
#include <config.h> |
| |
|
| #include <sys/types.h> |
#include <sys/types.h> |
| #include <sys/param.h> |
|
| #include <sys/stat.h> |
#include <sys/stat.h> |
| #include <stdio.h> |
#include <stdio.h> |
| #ifdef STDC_HEADERS |
#ifdef STDC_HEADERS |
|
Line 112 set_perms(int perm)
|
Line 111 set_perms(int perm)
|
| { |
{ |
| struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
| char errbuf[1024]; |
char errbuf[1024]; |
| |
const char *errstr = errbuf; |
| int noexit; |
int noexit; |
| debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
| |
|
|
Line 119 set_perms(int perm)
|
Line 119 set_perms(int perm)
|
| CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
| |
|
| if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
| strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 127 set_perms(int perm)
|
Line 127 set_perms(int perm)
|
| state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
| if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
| if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
| strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 139 set_perms(int perm)
|
Line 139 set_perms(int perm)
|
| /* Stash initial state */ |
/* Stash initial state */ |
| #ifdef HAVE_GETRESUID |
#ifdef HAVE_GETRESUID |
| if (getresuid(&state->ruid, &state->euid, &state->suid)) { |
if (getresuid(&state->ruid, &state->euid, &state->suid)) { |
| strlcpy(errbuf, "PERM_INITIAL: getresuid", sizeof(errbuf)); | errstr = "PERM_INITIAL: getresuid"; |
| goto bad; |
goto bad; |
| |
|
| } |
} |
| if (getresgid(&state->rgid, &state->egid, &state->sgid)) { |
if (getresgid(&state->rgid, &state->egid, &state->sgid)) { |
| strlcpy(errbuf, "PERM_INITIAL: getresgid", sizeof(errbuf)); | errstr = "PERM_INITIAL: getresgid"; |
| goto bad; |
goto bad; |
| } |
} |
| #else |
#else |
|
Line 179 set_perms(int perm)
|
Line 179 set_perms(int perm)
|
| goto bad; |
goto bad; |
| } |
} |
| state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
| state->egid = ostate->egid; | state->egid = ROOT_GID; |
| state->sgid = ostate->sgid; |
state->sgid = ostate->sgid; |
| |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| |
"[%d, %d, %d] -> [%d, %d, %d]", __func__, |
| |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
| |
errstr = N_("unable to change to root gid"); |
| |
goto bad; |
| |
} |
| state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| break; |
break; |
|
Line 202 set_perms(int perm)
|
Line 210 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 239 set_perms(int perm)
|
Line 247 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 267 set_perms(int perm)
|
Line 275 set_perms(int perm)
|
| (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| (int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
| strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
| goto bad; |
goto bad; |
| } |
} |
| state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
|
Line 279 set_perms(int perm)
|
Line 287 set_perms(int perm)
|
| (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
| (int)state->ruid, (int)state->euid, (int)state->suid); |
(int)state->ruid, (int)state->euid, (int)state->suid); |
| if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { |
if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) { |
| strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
| goto bad; |
goto bad; |
| } |
} |
| break; |
break; |
|
Line 297 set_perms(int perm)
|
Line 305 set_perms(int perm)
|
| (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| (int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) { |
| strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
| goto bad; |
goto bad; |
| } |
} |
| |
|
|
Line 349 set_perms(int perm)
|
Line 357 set_perms(int perm)
|
| perm_stack_depth++; |
perm_stack_depth++; |
| debug_return_bool(1); |
debug_return_bool(1); |
| bad: |
bad: |
| warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
| errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
| if (noexit) |
if (noexit) |
| debug_return_bool(0); |
debug_return_bool(0); |
|
Line 426 set_perms(int perm)
|
Line 434 set_perms(int perm)
|
| { |
{ |
| struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
| char errbuf[1024]; |
char errbuf[1024]; |
| |
const char *errstr = errbuf; |
| int noexit; |
int noexit; |
| debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
| |
|
|
Line 433 set_perms(int perm)
|
Line 442 set_perms(int perm)
|
| CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
| |
|
| if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
| strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 441 set_perms(int perm)
|
Line 450 set_perms(int perm)
|
| state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
| if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
| if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
| strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 481 set_perms(int perm)
|
Line 490 set_perms(int perm)
|
| goto bad; |
goto bad; |
| } |
} |
| state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
| state->egid = ostate->egid; | state->egid = ROOT_GID; |
| state->sgid = ostate->sgid; |
state->sgid = ostate->sgid; |
| |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| |
"[%d, %d, %d] -> [%d, %d, %d]", __func__, |
| |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) { |
| |
errstr = N_("unable to change to root gid"); |
| |
goto bad; |
| |
} |
| state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| break; |
break; |
|
Line 504 set_perms(int perm)
|
Line 521 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 549 set_perms(int perm)
|
Line 566 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 577 set_perms(int perm)
|
Line 594 set_perms(int perm)
|
| (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| (int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) { |
| strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
| goto bad; |
goto bad; |
| } |
} |
| state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
|
Line 589 set_perms(int perm)
|
Line 606 set_perms(int perm)
|
| (int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid, |
| (int)state->ruid, (int)state->euid, (int)state->suid); |
(int)state->ruid, (int)state->euid, (int)state->suid); |
| if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { |
if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) { |
| strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
| goto bad; |
goto bad; |
| } |
} |
| break; |
break; |
|
Line 607 set_perms(int perm)
|
Line 624 set_perms(int perm)
|
| (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid, |
| (int)state->rgid, (int)state->egid, (int)state->sgid); |
(int)state->rgid, (int)state->egid, (int)state->sgid); |
| if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { |
if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) { |
| strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
| goto bad; |
goto bad; |
| } |
} |
| |
|
|
Line 677 set_perms(int perm)
|
Line 694 set_perms(int perm)
|
| perm_stack_depth++; |
perm_stack_depth++; |
| debug_return_bool(1); |
debug_return_bool(1); |
| bad: |
bad: |
| warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
| errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
| if (noexit) |
if (noexit) |
| debug_return_bool(0); |
debug_return_bool(0); |
|
Line 818 set_perms(int perm)
|
Line 835 set_perms(int perm)
|
| { |
{ |
| struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
| char errbuf[1024]; |
char errbuf[1024]; |
| |
const char *errstr = errbuf; |
| int noexit; |
int noexit; |
| debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
| |
|
|
Line 825 set_perms(int perm)
|
Line 843 set_perms(int perm)
|
| CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
| |
|
| if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
| strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 833 set_perms(int perm)
|
Line 851 set_perms(int perm)
|
| state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
| if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
| if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
| strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 879 set_perms(int perm)
|
Line 897 set_perms(int perm)
|
| } |
} |
| } |
} |
| state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
| state->egid = ostate->rgid; | state->egid = ROOT_GID; |
| | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| | "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| | (int)ostate->egid, (int)state->rgid, (int)state->egid); |
| | if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
| | snprintf(errbuf, sizeof(errbuf), |
| | "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid)); |
| | goto bad; |
| | } |
| state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| break; |
break; |
|
Line 899 set_perms(int perm)
|
Line 925 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 931 set_perms(int perm)
|
Line 957 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 954 set_perms(int perm)
|
Line 980 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
| if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
| strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
| goto bad; |
goto bad; |
| } |
} |
| state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
|
Line 964 set_perms(int perm)
|
Line 990 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
| (int)ostate->euid, (int)state->ruid, (int)state->euid); |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
| if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { |
if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) { |
| strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
| goto bad; |
goto bad; |
| } |
} |
| break; |
break; |
|
Line 980 set_perms(int perm)
|
Line 1006 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
| if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) { |
| strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
| goto bad; |
goto bad; |
| } |
} |
| |
|
|
Line 1025 set_perms(int perm)
|
Line 1051 set_perms(int perm)
|
| perm_stack_depth++; |
perm_stack_depth++; |
| debug_return_bool(1); |
debug_return_bool(1); |
| bad: |
bad: |
| warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
| errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
| if (noexit) |
if (noexit) |
| debug_return_bool(0); |
debug_return_bool(0); |
|
Line 1059 restore_perms(void)
|
Line 1085 restore_perms(void)
|
| if (OID(euid) == ROOT_UID) { |
if (OID(euid) == ROOT_UID) { |
| /* setuid() may not set the saved ID unless the euid is ROOT_UID */ |
/* setuid() may not set the saved ID unless the euid is ROOT_UID */ |
| if (ID(euid) != ROOT_UID) |
if (ID(euid) != ROOT_UID) |
| (void)setreuid(-1, ROOT_UID); | ignore_result(setreuid(-1, ROOT_UID)); |
| if (setuid(ROOT_UID)) { |
if (setuid(ROOT_UID)) { |
| warning("setuid() [%d, %d] -> %d)", (int)state->ruid, |
warning("setuid() [%d, %d] -> %d)", (int)state->ruid, |
| (int)state->euid, ROOT_UID); |
(int)state->euid, ROOT_UID); |
|
Line 1104 set_perms(int perm)
|
Line 1130 set_perms(int perm)
|
| { |
{ |
| struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
| char errbuf[1024]; |
char errbuf[1024]; |
| |
const char *errstr = errbuf; |
| int noexit; |
int noexit; |
| debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
| |
|
|
Line 1111 set_perms(int perm)
|
Line 1138 set_perms(int perm)
|
| CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
| |
|
| if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
| strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 1119 set_perms(int perm)
|
Line 1146 set_perms(int perm)
|
| state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
| if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
| if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
| strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 1165 set_perms(int perm)
|
Line 1192 set_perms(int perm)
|
| state->ruid = ROOT_UID; |
state->ruid = ROOT_UID; |
| state->euid = ROOT_UID; |
state->euid = ROOT_UID; |
| state->rgid = ostate->rgid; |
state->rgid = ostate->rgid; |
| state->egid = ostate->egid; | state->egid = ROOT_GID; |
| | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| | "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| | (int)ostate->egid, ROOT_GID, ROOT_GID); |
| | if (GID_CHANGED && setegid(ROOT_GID)) { |
| | errstr = N_("unable to change to root gid"); |
| | goto bad; |
| | } |
| state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| break; |
break; |
|
Line 1185 set_perms(int perm)
|
Line 1219 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 1217 set_perms(int perm)
|
Line 1251 set_perms(int perm)
|
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
|
Line 1240 set_perms(int perm)
|
Line 1274 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
| if (GID_CHANGED && setegid(state->egid)) { |
if (GID_CHANGED && setegid(state->egid)) { |
| strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf)); | errstr = N_("unable to change to runas gid"); |
| goto bad; |
goto bad; |
| } |
} |
| state->grlist = runas_setgroups(); |
state->grlist = runas_setgroups(); |
|
Line 1250 set_perms(int perm)
|
Line 1284 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid, |
| (int)ostate->euid, (int)state->ruid, (int)state->euid); |
(int)ostate->euid, (int)state->ruid, (int)state->euid); |
| if (seteuid(state->euid)) { |
if (seteuid(state->euid)) { |
| strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf)); | errstr = N_("unable to change to runas uid"); |
| goto bad; |
goto bad; |
| } |
} |
| break; |
break; |
|
Line 1266 set_perms(int perm)
|
Line 1300 set_perms(int perm)
|
| "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid, |
| (int)ostate->egid, (int)state->rgid, (int)state->egid); |
(int)ostate->egid, (int)state->rgid, (int)state->egid); |
| if (GID_CHANGED && setegid(sudoers_gid)) { |
if (GID_CHANGED && setegid(sudoers_gid)) { |
| strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf)); | errstr = N_("unable to change to sudoers gid"); |
| goto bad; |
goto bad; |
| } |
} |
| |
|
|
Line 1311 set_perms(int perm)
|
Line 1345 set_perms(int perm)
|
| perm_stack_depth++; |
perm_stack_depth++; |
| debug_return_bool(1); |
debug_return_bool(1); |
| bad: |
bad: |
| warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
| errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
| if (noexit) |
if (noexit) |
| debug_return_bool(0); |
debug_return_bool(0); |
|
Line 1386 set_perms(int perm)
|
Line 1420 set_perms(int perm)
|
| { |
{ |
| struct perm_state *state, *ostate = NULL; |
struct perm_state *state, *ostate = NULL; |
| char errbuf[1024]; |
char errbuf[1024]; |
| |
const char *errstr = errbuf; |
| int noexit; |
int noexit; |
| debug_decl(set_perms, SUDO_DEBUG_PERMS) |
debug_decl(set_perms, SUDO_DEBUG_PERMS) |
| |
|
|
Line 1393 set_perms(int perm)
|
Line 1428 set_perms(int perm)
|
| CLR(perm, PERM_MASK); |
CLR(perm, PERM_MASK); |
| |
|
| if (perm_stack_depth == PERM_STACK_MAX) { |
if (perm_stack_depth == PERM_STACK_MAX) { |
| strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf)); | errstr = N_("perm stack overflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 1401 set_perms(int perm)
|
Line 1436 set_perms(int perm)
|
| state = &perm_stack[perm_stack_depth]; |
state = &perm_stack[perm_stack_depth]; |
| if (perm != PERM_INITIAL) { |
if (perm != PERM_INITIAL) { |
| if (perm_stack_depth == 0) { |
if (perm_stack_depth == 0) { |
| strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf)); | errstr = N_("perm stack underflow"); |
| errno = EINVAL; |
errno = EINVAL; |
| goto bad; |
goto bad; |
| } |
} |
|
Line 1421 set_perms(int perm)
|
Line 1456 set_perms(int perm)
|
| |
|
| case PERM_ROOT: |
case PERM_ROOT: |
| state->ruid = ROOT_UID; |
state->ruid = ROOT_UID; |
| state->rgid = ostate->rgid; | state->rgid = ROOT_GID; |
| state->grlist = ostate->grlist; |
state->grlist = ostate->grlist; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " |
|
Line 1430 set_perms(int perm)
|
Line 1465 set_perms(int perm)
|
| snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); |
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID); |
| goto bad; |
goto bad; |
| } |
} |
| |
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " |
| |
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
| |
if (setgid(ROOT_GID)) { |
| |
errstr = N_("unable to change to root gid"); |
| |
goto bad; |
| |
} |
| break; |
break; |
| |
|
| case PERM_FULL_USER: |
case PERM_FULL_USER: |
| state->rgid = user_gid; |
state->rgid = user_gid; |
| sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: " | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: " |
| "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid); |
| (void) setgid(user_gid); |
(void) setgid(user_gid); |
| state->grlist = user_group_list; |
state->grlist = user_group_list; |
| sudo_grlist_addref(state->grlist); |
sudo_grlist_addref(state->grlist); |
| if (state->grlist != ostate->grlist) { |
if (state->grlist != ostate->grlist) { |
| if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) { |
| strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf)); | errstr = "PERM_FULL_USER: setgroups"; |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
| state->ruid = user_uid; |
state->ruid = user_uid; |
| sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: " | sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: " |
| "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); |
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid); |
| if (setuid(user_uid)) { |
if (setuid(user_uid)) { |
| snprintf(errbuf, sizeof(errbuf), |
snprintf(errbuf, sizeof(errbuf), |
|
Line 1470 set_perms(int perm)
|
Line 1511 set_perms(int perm)
|
| perm_stack_depth++; |
perm_stack_depth++; |
| debug_return_bool(1); |
debug_return_bool(1); |
| bad: |
bad: |
| warningx("%s: %s", errbuf, | warningx("%s: %s", _(errstr), |
| errno == EAGAIN ? _("too many processes") : strerror(errno)); |
errno == EAGAIN ? _("too many processes") : strerror(errno)); |
| if (noexit) |
if (noexit) |
| debug_return_bool(0); |
debug_return_bool(0); |
|
Line 1539 runas_setgroups(void)
|
Line 1580 runas_setgroups(void)
|
| aix_restoreauthdb(); |
aix_restoreauthdb(); |
| #endif |
#endif |
| if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) |
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) |
| log_fatal(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector")); | log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector")); |
| debug_return_ptr(grlist); |
debug_return_ptr(grlist); |
| } |
} |
| #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ |
#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to set_perms.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers