version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.4, 2013/07/22 10:46:12
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 1993-1996, 1998-2005, 2007-2011 | * Copyright (c) 1993-1996, 1998-2005, 2007-2013 |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 19
|
Line 19
|
* Materiel Command, USAF, under agreement number F39502-99-1-0512. |
* Materiel Command, USAF, under agreement number F39502-99-1-0512. |
*/ |
*/ |
|
|
#ifndef _SUDO_SUDOERS_H | #ifndef _SUDOERS_SUDOERS_H |
#define _SUDO_SUDOERS_H | #define _SUDOERS_SUDOERS_H |
|
|
#include <limits.h> |
#include <limits.h> |
#ifdef HAVE_STDBOOL_H |
#ifdef HAVE_STDBOOL_H |
Line 81 struct sudo_user {
|
Line 81 struct sudo_user {
|
char *role; |
char *role; |
char *type; |
char *type; |
#endif |
#endif |
char *cwd; | #ifdef HAVE_PRIV_SET |
| char *privs; |
| char *limitprivs; |
| #endif |
| const char *cwd; |
char *iolog_file; |
char *iolog_file; |
|
GETGROUPS_T *gids; |
|
int ngids; |
int closefrom; |
int closefrom; |
int lines; |
int lines; |
int cols; |
int cols; |
|
int flags; |
|
int max_groups; |
|
mode_t umask; |
uid_t uid; |
uid_t uid; |
uid_t gid; |
uid_t gid; |
|
pid_t sid; |
}; |
}; |
|
|
/* |
/* |
|
* sudo_user flag values |
|
*/ |
|
#define RUNAS_USER_SPECIFIED 0x01 |
|
#define RUNAS_GROUP_SPECIFIED 0x02 |
|
|
|
/* |
* Return values for sudoers_lookup(), also used as arguments for log_auth() |
* Return values for sudoers_lookup(), also used as arguments for log_auth() |
* Note: cannot use '0' as a value here. |
* Note: cannot use '0' as a value here. |
*/ |
*/ |
Line 102 struct sudo_user {
|
Line 118 struct sudo_user {
|
#define FLAG_NO_USER 0x020 |
#define FLAG_NO_USER 0x020 |
#define FLAG_NO_HOST 0x040 |
#define FLAG_NO_HOST 0x040 |
#define FLAG_NO_CHECK 0x080 |
#define FLAG_NO_CHECK 0x080 |
|
#define FLAG_NON_INTERACTIVE 0x100 |
|
#define FLAG_BAD_PASSWORD 0x200 |
|
#define FLAG_AUTH_ERROR 0x400 |
|
|
/* |
/* |
* find_path()/load_cmnd() return values |
* find_path()/load_cmnd() return values |
Line 155 struct sudo_user {
|
Line 174 struct sudo_user {
|
#define user_name (sudo_user.name) |
#define user_name (sudo_user.name) |
#define user_uid (sudo_user.uid) |
#define user_uid (sudo_user.uid) |
#define user_gid (sudo_user.gid) |
#define user_gid (sudo_user.gid) |
|
#define user_sid (sudo_user.sid) |
|
#define user_umask (sudo_user.umask) |
#define user_passwd (sudo_user.pw->pw_passwd) |
#define user_passwd (sudo_user.pw->pw_passwd) |
#define user_uuid (sudo_user.uuid) |
|
#define user_dir (sudo_user.pw->pw_dir) |
#define user_dir (sudo_user.pw->pw_dir) |
|
#define user_gids (sudo_user.gids) |
|
#define user_ngids (sudo_user.ngids) |
#define user_group_list (sudo_user.group_list) |
#define user_group_list (sudo_user.group_list) |
#define user_tty (sudo_user.tty) |
#define user_tty (sudo_user.tty) |
#define user_ttypath (sudo_user.ttypath) |
#define user_ttypath (sudo_user.ttypath) |
Line 178 struct sudo_user {
|
Line 200 struct sudo_user {
|
#define user_role (sudo_user.role) |
#define user_role (sudo_user.role) |
#define user_type (sudo_user.type) |
#define user_type (sudo_user.type) |
#define user_closefrom (sudo_user.closefrom) |
#define user_closefrom (sudo_user.closefrom) |
|
#define runas_privs (sudo_user.privs) |
|
#define runas_limitprivs (sudo_user.limitprivs) |
|
|
#ifdef __TANDEM |
#ifdef __TANDEM |
# define ROOT_UID 65535 | # define ROOT_UID 65535 |
#else |
#else |
# define ROOT_UID 0 | # define ROOT_UID 0 |
#endif |
#endif |
|
#define ROOT_GID 0 |
|
|
/* |
/* |
* We used to use the system definition of PASS_MAX or _PASSWD_LEN, |
* We used to use the system definition of PASS_MAX or _PASSWD_LEN, |
Line 201 struct timeval;
|
Line 226 struct timeval;
|
/* |
/* |
* Function prototypes |
* Function prototypes |
*/ |
*/ |
#define YY_DECL int yylex(void) | #define YY_DECL int sudoerslex(void) |
|
|
/* goodpath.c */ |
/* goodpath.c */ |
bool sudo_goodpath(const char *, struct stat *); |
bool sudo_goodpath(const char *, struct stat *); |
Line 210 bool sudo_goodpath(const char *, struct stat *);
|
Line 235 bool sudo_goodpath(const char *, struct stat *);
|
int find_path(char *, char **, struct stat *, char *, int); |
int find_path(char *, char **, struct stat *, char *, int); |
|
|
/* check.c */ |
/* check.c */ |
int check_user(int, int); | int check_user(int validate, int mode); |
void remove_timestamp(bool); | |
bool user_is_exempt(void); |
bool user_is_exempt(void); |
|
|
|
/* prompt.c */ |
|
char *expand_prompt(const char *old_prompt, const char *user, const char *host); |
|
|
|
/* timestamp.c */ |
|
void remove_timestamp(bool); |
|
bool set_lectured(void); |
|
|
/* sudo_auth.c */ |
/* sudo_auth.c */ |
int verify_user(struct passwd *pw, char *prompt); | bool sudo_auth_needs_end_session(void); |
| int verify_user(struct passwd *pw, char *prompt, int validated); |
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); |
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); |
int sudo_auth_end_session(struct passwd *pw); |
int sudo_auth_end_session(struct passwd *pw); |
int sudo_auth_init(struct passwd *pw); |
int sudo_auth_init(struct passwd *pw); |
Line 239 void restore_perms(void);
|
Line 271 void restore_perms(void);
|
int pam_prep_user(struct passwd *); |
int pam_prep_user(struct passwd *); |
|
|
/* gram.y */ |
/* gram.y */ |
int yyparse(void); | int sudoersparse(void); |
|
|
/* toke.l */ |
/* toke.l */ |
YY_DECL; |
YY_DECL; |
Line 263 void display_privs(struct sudo_nss_list *, struct pass
|
Line 295 void display_privs(struct sudo_nss_list *, struct pass
|
bool display_cmnd(struct sudo_nss_list *, struct passwd *); |
bool display_cmnd(struct sudo_nss_list *, struct passwd *); |
|
|
/* pwutil.c */ |
/* pwutil.c */ |
void sudo_setgrent(void); | __dso_public struct group *sudo_getgrgid(gid_t); |
| __dso_public struct group *sudo_getgrnam(const char *); |
| __dso_public void sudo_gr_addref(struct group *); |
| __dso_public void sudo_gr_delref(struct group *); |
| bool user_in_group(struct passwd *, const char *); |
| struct group *sudo_fakegrnam(const char *); |
| struct group_list *sudo_get_grlist(struct passwd *pw); |
| struct passwd *sudo_fakepwnam(const char *, gid_t); |
| struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell); |
| struct passwd *sudo_getpwnam(const char *); |
| struct passwd *sudo_getpwuid(uid_t); |
void sudo_endgrent(void); |
void sudo_endgrent(void); |
void sudo_setpwent(void); |
|
void sudo_endpwent(void); |
void sudo_endpwent(void); |
void sudo_setspent(void); |
|
void sudo_endspent(void); |
void sudo_endspent(void); |
struct group_list *get_group_list(struct passwd *pw); | void sudo_grlist_addref(struct group_list *); |
void set_group_list(const char *, GETGROUPS_T *gids, int ngids); | void sudo_grlist_delref(struct group_list *); |
struct passwd *sudo_getpwnam(const char *); | void sudo_pw_addref(struct passwd *); |
struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid); | void sudo_pw_delref(struct passwd *); |
struct passwd *sudo_fakepwnam(const char *, gid_t); | void sudo_set_grlist(struct passwd *pw, char * const *groups, |
struct passwd *sudo_getpwuid(uid_t); | char * const *gids); |
struct group *sudo_getgrnam(const char *); | void sudo_setgrent(void); |
struct group *sudo_fakegrnam(const char *); | void sudo_setpwent(void); |
struct group *sudo_getgrgid(gid_t); | void sudo_setspent(void); |
void grlist_addref(struct group_list *); | |
void grlist_delref(struct group_list *); | |
void gr_addref(struct group *); | |
void gr_delref(struct group *); | |
void pw_addref(struct passwd *); | |
void pw_delref(struct passwd *); | |
bool user_in_group(struct passwd *, const char *); | |
|
|
/* timestr.c */ |
/* timestr.c */ |
char *get_timestr(time_t, int); |
char *get_timestr(time_t, int); |
Line 296 int atobool(const char *str);
|
Line 329 int atobool(const char *str);
|
int get_boottime(struct timeval *); |
int get_boottime(struct timeval *); |
|
|
/* iolog.c */ |
/* iolog.c */ |
void io_nextid(char *iolog_dir, char sessid[7]); | int io_set_max_sessid(const char *sessid); |
| void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); |
|
|
/* iolog_path.c */ |
/* iolog_path.c */ |
char *expand_iolog_path(const char *prefix, const char *dir, const char *file, |
char *expand_iolog_path(const char *prefix, const char *dir, const char *file, |
Line 323 int sudoers_hook_unsetenv(const char *name, void *clos
|
Line 357 int sudoers_hook_unsetenv(const char *name, void *clos
|
char *fmt_string(const char *, const char *); |
char *fmt_string(const char *, const char *); |
|
|
/* sudoers.c */ |
/* sudoers.c */ |
void plugin_cleanup(int); |
|
void set_fqdn(void); |
|
FILE *open_sudoers(const char *, bool, bool *); |
FILE *open_sudoers(const char *, bool, bool *); |
|
int sudoers_policy_init(void *info, char * const envp[]); |
|
int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure); |
|
void sudoers_cleanup(void); |
|
|
|
/* policy.c */ |
|
int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); |
|
int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); |
|
extern const char *path_ldap_conf; |
|
extern const char *path_ldap_secret; |
|
|
/* aix.c */ |
/* aix.c */ |
void aix_restoreauthdb(void); |
void aix_restoreauthdb(void); |
void aix_setauthdb(char *user); |
void aix_setauthdb(char *user); |
Line 347 extern int long_list;
|
Line 388 extern int long_list;
|
extern int sudo_mode; |
extern int sudo_mode; |
extern uid_t timestamp_uid; |
extern uid_t timestamp_uid; |
extern sudo_conv_t sudo_conv; |
extern sudo_conv_t sudo_conv; |
extern sudo_printf_t sudo_printf; |
|
#endif |
#endif |
|
|
#endif /* _SUDO_SUDOERS_H */ | #endif /* _SUDOERS_SUDOERS_H */ |