|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.5, 2013/10/14 07:56:35
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 1993-1996, 1998-2005, 2007-2011 | * Copyright (c) 1993-1996, 1998-2005, 2007-2013 |
| * Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
|
Line 19
|
Line 19
|
| * Materiel Command, USAF, under agreement number F39502-99-1-0512. |
* Materiel Command, USAF, under agreement number F39502-99-1-0512. |
| */ |
*/ |
| |
|
| #ifndef _SUDO_SUDOERS_H | #ifndef _SUDOERS_SUDOERS_H |
| #define _SUDO_SUDOERS_H | #define _SUDOERS_SUDOERS_H |
| |
|
| #include <limits.h> |
#include <limits.h> |
| |
#ifdef HAVE_STDBOOL_H |
| |
# include <stdbool.h> |
| |
#else |
| |
# include "compat/stdbool.h" |
| |
#endif /* HAVE_STDBOOL_H */ |
| |
|
| #include <pathnames.h> |
#include <pathnames.h> |
| #include "missing.h" |
#include "missing.h" |
| #include "error.h" | #include "fatal.h" |
| #include "alloc.h" |
#include "alloc.h" |
| #include "list.h" |
#include "list.h" |
| #include "fileops.h" |
#include "fileops.h" |
|
Line 34
|
Line 39
|
| #include "logging.h" |
#include "logging.h" |
| #include "sudo_nss.h" |
#include "sudo_nss.h" |
| #include "sudo_plugin.h" |
#include "sudo_plugin.h" |
| |
#include "sudo_debug.h" |
| |
|
| #define DEFAULT_TEXT_DOMAIN "sudoers" |
#define DEFAULT_TEXT_DOMAIN "sudoers" |
| #include "gettext.h" |
#include "gettext.h" |
|
Line 62 struct sudo_user {
|
Line 68 struct sudo_user {
|
| char *ttypath; |
char *ttypath; |
| char *host; |
char *host; |
| char *shost; |
char *shost; |
| |
char *runhost; |
| |
char *srunhost; |
| char *prompt; |
char *prompt; |
| char *cmnd; |
char *cmnd; |
| char *cmnd_args; |
char *cmnd_args; |
|
Line 75 struct sudo_user {
|
Line 83 struct sudo_user {
|
| char *role; |
char *role; |
| char *type; |
char *type; |
| #endif |
#endif |
| char *cwd; | #ifdef HAVE_PRIV_SET |
| | char *privs; |
| | char *limitprivs; |
| | #endif |
| | const char *cwd; |
| char *iolog_file; |
char *iolog_file; |
| |
GETGROUPS_T *gids; |
| |
int ngids; |
| int closefrom; |
int closefrom; |
| int lines; |
int lines; |
| int cols; |
int cols; |
| |
int flags; |
| |
int max_groups; |
| |
mode_t umask; |
| uid_t uid; |
uid_t uid; |
| uid_t gid; |
uid_t gid; |
| |
pid_t sid; |
| }; |
}; |
| |
|
| /* |
/* |
| |
* sudo_user flag values |
| |
*/ |
| |
#define RUNAS_USER_SPECIFIED 0x01 |
| |
#define RUNAS_GROUP_SPECIFIED 0x02 |
| |
|
| |
/* |
| * Return values for sudoers_lookup(), also used as arguments for log_auth() |
* Return values for sudoers_lookup(), also used as arguments for log_auth() |
| * Note: cannot use '0' as a value here. |
* Note: cannot use '0' as a value here. |
| */ |
*/ |
|
Line 96 struct sudo_user {
|
Line 120 struct sudo_user {
|
| #define FLAG_NO_USER 0x020 |
#define FLAG_NO_USER 0x020 |
| #define FLAG_NO_HOST 0x040 |
#define FLAG_NO_HOST 0x040 |
| #define FLAG_NO_CHECK 0x080 |
#define FLAG_NO_CHECK 0x080 |
| |
#define FLAG_NON_INTERACTIVE 0x100 |
| |
#define FLAG_BAD_PASSWORD 0x200 |
| |
#define FLAG_AUTH_ERROR 0x400 |
| |
|
| /* |
/* |
| * Pseudo-boolean values |
|
| */ |
|
| #undef TRUE |
|
| #define TRUE 1 |
|
| #undef FALSE |
|
| #define FALSE 0 |
|
| |
|
| /* |
|
| * find_path()/load_cmnd() return values |
* find_path()/load_cmnd() return values |
| */ |
*/ |
| #define FOUND 0 |
#define FOUND 0 |
|
Line 157 struct sudo_user {
|
Line 176 struct sudo_user {
|
| #define user_name (sudo_user.name) |
#define user_name (sudo_user.name) |
| #define user_uid (sudo_user.uid) |
#define user_uid (sudo_user.uid) |
| #define user_gid (sudo_user.gid) |
#define user_gid (sudo_user.gid) |
| |
#define user_sid (sudo_user.sid) |
| |
#define user_umask (sudo_user.umask) |
| #define user_passwd (sudo_user.pw->pw_passwd) |
#define user_passwd (sudo_user.pw->pw_passwd) |
| #define user_uuid (sudo_user.uuid) |
|
| #define user_dir (sudo_user.pw->pw_dir) |
#define user_dir (sudo_user.pw->pw_dir) |
| |
#define user_gids (sudo_user.gids) |
| |
#define user_ngids (sudo_user.ngids) |
| #define user_group_list (sudo_user.group_list) |
#define user_group_list (sudo_user.group_list) |
| #define user_tty (sudo_user.tty) |
#define user_tty (sudo_user.tty) |
| #define user_ttypath (sudo_user.ttypath) |
#define user_ttypath (sudo_user.ttypath) |
|
Line 172 struct sudo_user {
|
Line 194 struct sudo_user {
|
| #define user_prompt (sudo_user.prompt) |
#define user_prompt (sudo_user.prompt) |
| #define user_host (sudo_user.host) |
#define user_host (sudo_user.host) |
| #define user_shost (sudo_user.shost) |
#define user_shost (sudo_user.shost) |
| |
#define user_runhost (sudo_user.runhost) |
| |
#define user_srunhost (sudo_user.srunhost) |
| #define user_ccname (sudo_user.krb5_ccname) |
#define user_ccname (sudo_user.krb5_ccname) |
| #define safe_cmnd (sudo_user.cmnd_safe) |
#define safe_cmnd (sudo_user.cmnd_safe) |
| #define login_class (sudo_user.class_name) |
#define login_class (sudo_user.class_name) |
|
Line 180 struct sudo_user {
|
Line 204 struct sudo_user {
|
| #define user_role (sudo_user.role) |
#define user_role (sudo_user.role) |
| #define user_type (sudo_user.type) |
#define user_type (sudo_user.type) |
| #define user_closefrom (sudo_user.closefrom) |
#define user_closefrom (sudo_user.closefrom) |
| |
#define runas_privs (sudo_user.privs) |
| |
#define runas_limitprivs (sudo_user.limitprivs) |
| |
|
| #ifdef __TANDEM |
#ifdef __TANDEM |
| # define ROOT_UID 65535 | # define ROOT_UID 65535 |
| #else |
#else |
| # define ROOT_UID 0 | # define ROOT_UID 0 |
| #endif |
#endif |
| |
#define ROOT_GID 0 |
| |
|
| /* |
|
| * We used to use the system definition of PASS_MAX or _PASSWD_LEN, |
|
| * but that caused problems with various alternate authentication |
|
| * methods. So, we just define our own and assume that it is >= the |
|
| * system max. |
|
| */ |
|
| #define SUDO_PASS_MAX 256 |
|
| |
|
| struct lbuf; |
struct lbuf; |
| struct passwd; |
struct passwd; |
| struct stat; |
struct stat; |
|
Line 203 struct timeval;
|
Line 222 struct timeval;
|
| /* |
/* |
| * Function prototypes |
* Function prototypes |
| */ |
*/ |
| #define YY_DECL int yylex(void) | #define YY_DECL int sudoerslex(void) |
| |
|
| /* goodpath.c */ |
/* goodpath.c */ |
| char *sudo_goodpath(const char *, struct stat *); | bool sudo_goodpath(const char *, struct stat *); |
| |
|
| /* findpath.c */ |
/* findpath.c */ |
| int find_path(char *, char **, struct stat *, char *, int); |
int find_path(char *, char **, struct stat *, char *, int); |
| |
|
| /* check.c */ |
/* check.c */ |
| int check_user(int, int); | int check_user(int validate, int mode); |
| void remove_timestamp(int); | bool user_is_exempt(void); |
| int user_is_exempt(void); | |
| |
|
| |
/* prompt.c */ |
| |
char *expand_prompt(const char *old_prompt, const char *user, const char *host); |
| |
|
| |
/* timestamp.c */ |
| |
void remove_timestamp(bool); |
| |
bool set_lectured(void); |
| |
|
| /* sudo_auth.c */ |
/* sudo_auth.c */ |
| int verify_user(struct passwd *, char *); | bool sudo_auth_needs_end_session(void); |
| int sudo_auth_begin_session(struct passwd *); | int verify_user(struct passwd *pw, char *prompt, int validated); |
| int sudo_auth_end_session(struct passwd *); | int sudo_auth_begin_session(struct passwd *pw, char **user_env[]); |
| | int sudo_auth_end_session(struct passwd *pw); |
| int sudo_auth_init(struct passwd *pw); |
int sudo_auth_init(struct passwd *pw); |
| int sudo_auth_cleanup(struct passwd *pw); |
int sudo_auth_cleanup(struct passwd *pw); |
| |
|
|
Line 241 void restore_perms(void);
|
Line 267 void restore_perms(void);
|
| int pam_prep_user(struct passwd *); |
int pam_prep_user(struct passwd *); |
| |
|
| /* gram.y */ |
/* gram.y */ |
| int yyparse(void); | int sudoersparse(void); |
| |
|
| /* toke.l */ |
/* toke.l */ |
| YY_DECL; |
YY_DECL; |
| |
extern const char *sudoers_file; |
| |
extern mode_t sudoers_mode; |
| |
extern uid_t sudoers_uid; |
| |
extern gid_t sudoers_gid; |
| |
|
| /* defaults.c */ |
/* defaults.c */ |
| void dump_defaults(void); |
void dump_defaults(void); |
|
Line 253 void dump_auth_methods(void);
|
Line 283 void dump_auth_methods(void);
|
| /* getspwuid.c */ |
/* getspwuid.c */ |
| char *sudo_getepw(const struct passwd *); |
char *sudo_getepw(const struct passwd *); |
| |
|
| /* zero_bytes.c */ |
|
| void zero_bytes(volatile void *, size_t); |
|
| |
|
| /* sudo_nss.c */ |
/* sudo_nss.c */ |
| void display_privs(struct sudo_nss_list *, struct passwd *); |
void display_privs(struct sudo_nss_list *, struct passwd *); |
| int display_cmnd(struct sudo_nss_list *, struct passwd *); | bool display_cmnd(struct sudo_nss_list *, struct passwd *); |
| |
|
| /* pwutil.c */ |
/* pwutil.c */ |
| void sudo_setgrent(void); | __dso_public struct group *sudo_getgrgid(gid_t); |
| | __dso_public struct group *sudo_getgrnam(const char *); |
| | __dso_public void sudo_gr_addref(struct group *); |
| | __dso_public void sudo_gr_delref(struct group *); |
| | bool user_in_group(struct passwd *, const char *); |
| | struct group *sudo_fakegrnam(const char *); |
| | struct group_list *sudo_get_grlist(struct passwd *pw); |
| | struct passwd *sudo_fakepwnam(const char *, gid_t); |
| | struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell); |
| | struct passwd *sudo_getpwnam(const char *); |
| | struct passwd *sudo_getpwuid(uid_t); |
| void sudo_endgrent(void); |
void sudo_endgrent(void); |
| void sudo_setpwent(void); |
|
| void sudo_endpwent(void); |
void sudo_endpwent(void); |
| void sudo_setspent(void); |
|
| void sudo_endspent(void); |
void sudo_endspent(void); |
| struct group_list *get_group_list(struct passwd *pw); | void sudo_grlist_addref(struct group_list *); |
| void set_group_list(const char *, GETGROUPS_T *gids, int ngids); | void sudo_grlist_delref(struct group_list *); |
| struct passwd *sudo_getpwnam(const char *); | void sudo_pw_addref(struct passwd *); |
| struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid); | void sudo_pw_delref(struct passwd *); |
| struct passwd *sudo_fakepwnam(const char *, gid_t); | void sudo_set_grlist(struct passwd *pw, char * const *groups, |
| struct passwd *sudo_getpwuid(uid_t); | char * const *gids); |
| struct group *sudo_getgrnam(const char *); | void sudo_setgrent(void); |
| struct group *sudo_fakegrnam(const char *); | void sudo_setpwent(void); |
| struct group *sudo_getgrgid(gid_t); | void sudo_setspent(void); |
| void grlist_addref(struct group_list *); | |
| void grlist_delref(struct group_list *); | |
| void gr_addref(struct group *); | |
| void gr_delref(struct group *); | |
| void pw_addref(struct passwd *); | |
| void pw_delref(struct passwd *); | |
| int user_in_group(struct passwd *, const char *); | |
| |
|
| /* timestr.c */ |
/* timestr.c */ |
| char *get_timestr(time_t, int); |
char *get_timestr(time_t, int); |
|
Line 290 char *get_timestr(time_t, int);
|
Line 318 char *get_timestr(time_t, int);
|
| /* atobool.c */ |
/* atobool.c */ |
| int atobool(const char *str); |
int atobool(const char *str); |
| |
|
| |
/* atoid.c */ |
| |
int atoid(const char *str, const char *sep, char **endp, const char **errstr); |
| |
|
| /* boottime.c */ |
/* boottime.c */ |
| int get_boottime(struct timeval *); |
int get_boottime(struct timeval *); |
| |
|
| /* iolog.c */ |
/* iolog.c */ |
| void io_nextid(char *iolog_dir, char sessid[7]); | int io_set_max_sessid(const char *sessid); |
| | void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); |
| |
|
| /* iolog_path.c */ |
/* iolog_path.c */ |
| char *expand_iolog_path(const char *prefix, const char *dir, const char *file, |
char *expand_iolog_path(const char *prefix, const char *dir, const char *file, |
|
Line 302 char *expand_iolog_path(const char *prefix, const char
|
Line 334 char *expand_iolog_path(const char *prefix, const char
|
| |
|
| /* env.c */ |
/* env.c */ |
| char **env_get(void); |
char **env_get(void); |
| |
void env_merge(char * const envp[]); |
| void env_init(char * const envp[]); |
void env_init(char * const envp[]); |
| void init_envtables(void); |
void init_envtables(void); |
| void insert_env_vars(char * const envp[]); |
void insert_env_vars(char * const envp[]); |
| void read_env_file(const char *, int); |
void read_env_file(const char *, int); |
| void rebuild_env(void); |
void rebuild_env(void); |
| void validate_env_vars(char * const envp[]); |
void validate_env_vars(char * const envp[]); |
| |
int sudo_setenv(const char *var, const char *val, int overwrite); |
| |
int sudo_unsetenv(const char *var); |
| |
char *sudo_getenv(const char *name); |
| |
int sudoers_hook_getenv(const char *name, char **value, void *closure); |
| |
int sudoers_hook_putenv(char *string, void *closure); |
| |
int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure); |
| |
int sudoers_hook_unsetenv(const char *name, void *closure); |
| |
|
| /* fmt_string.c */ |
/* fmt_string.c */ |
| char *fmt_string(const char *, const char *); |
char *fmt_string(const char *, const char *); |
| |
|
| /* sudoers.c */ |
/* sudoers.c */ |
| void plugin_cleanup(int); | FILE *open_sudoers(const char *, bool, bool *); |
| void set_fqdn(void); | int sudoers_policy_init(void *info, char * const envp[]); |
| FILE *open_sudoers(const char *, int, int *); | int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure); |
| | void sudoers_cleanup(void); |
| |
|
| |
/* policy.c */ |
| |
int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); |
| |
int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); |
| |
extern const char *path_ldap_conf; |
| |
extern const char *path_ldap_secret; |
| |
|
| /* aix.c */ |
/* aix.c */ |
| void aix_restoreauthdb(void); |
void aix_restoreauthdb(void); |
| void aix_setauthdb(char *user); |
void aix_setauthdb(char *user); |
|
Line 330 int group_plugin_query(const char *user, const char *g
|
Line 377 int group_plugin_query(const char *user, const char *g
|
| /* setgroups.c */ |
/* setgroups.c */ |
| int sudo_setgroups(int ngids, const GETGROUPS_T *gids); |
int sudo_setgroups(int ngids, const GETGROUPS_T *gids); |
| |
|
| |
/* gidlist.c */ |
| |
int parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp); |
| |
|
| #ifndef _SUDO_MAIN |
#ifndef _SUDO_MAIN |
| extern struct sudo_user sudo_user; |
extern struct sudo_user sudo_user; |
| extern struct passwd *list_pw; |
extern struct passwd *list_pw; |
| extern const char *sudoers_file; |
|
| extern mode_t sudoers_mode; |
|
| extern uid_t sudoers_uid; |
|
| extern gid_t sudoers_gid; |
|
| extern int long_list; |
extern int long_list; |
| extern int sudo_mode; |
extern int sudo_mode; |
| extern uid_t timestamp_uid; |
extern uid_t timestamp_uid; |
| extern sudo_conv_t sudo_conv; |
extern sudo_conv_t sudo_conv; |
| extern sudo_printf_t sudo_printf; |
|
| #endif |
#endif |
| |
|
| #endif /* _SUDO_SUDOERS_H */ | #endif /* _SUDOERS_SUDOERS_H */ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers