--- embedaddon/sudo/plugins/sudoers/sudoers.h	2012/05/29 12:26:49	1.1.1.2
+++ embedaddon/sudo/plugins/sudoers/sudoers.h	2013/10/14 07:56:35	1.1.1.5
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2011
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2013
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -19,8 +19,8 @@
  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 
-#ifndef _SUDO_SUDOERS_H
-#define _SUDO_SUDOERS_H
+#ifndef _SUDOERS_SUDOERS_H
+#define _SUDOERS_SUDOERS_H
 
 #include <limits.h>
 #ifdef HAVE_STDBOOL_H
@@ -31,7 +31,7 @@
 
 #include <pathnames.h>
 #include "missing.h"
-#include "error.h"
+#include "fatal.h"
 #include "alloc.h"
 #include "list.h"
 #include "fileops.h"
@@ -68,6 +68,8 @@ struct sudo_user {
     char *ttypath;
     char *host;
     char *shost;
+    char *runhost;
+    char *srunhost;
     char *prompt;
     char *cmnd;
     char *cmnd_args;
@@ -81,16 +83,32 @@ struct sudo_user {
     char *role;
     char *type;
 #endif
-    char *cwd;
+#ifdef HAVE_PRIV_SET
+    char *privs;
+    char *limitprivs;
+#endif
+    const char *cwd;
     char *iolog_file;
+    GETGROUPS_T *gids;
+    int   ngids;
     int   closefrom;
     int   lines;
     int   cols;
+    int   flags;
+    int   max_groups;
+    mode_t umask;
     uid_t uid;
     uid_t gid;
+    pid_t sid;
 };
 
 /*
+ * sudo_user flag values
+ */
+#define RUNAS_USER_SPECIFIED	0x01
+#define RUNAS_GROUP_SPECIFIED	0x02
+
+/*
  * Return values for sudoers_lookup(), also used as arguments for log_auth()
  * Note: cannot use '0' as a value here.
  */
@@ -102,6 +120,9 @@ struct sudo_user {
 #define FLAG_NO_USER		0x020
 #define FLAG_NO_HOST		0x040
 #define FLAG_NO_CHECK		0x080
+#define FLAG_NON_INTERACTIVE	0x100
+#define FLAG_BAD_PASSWORD	0x200
+#define FLAG_AUTH_ERROR		0x400
 
 /*
  * find_path()/load_cmnd() return values
@@ -155,9 +176,12 @@ struct sudo_user {
 #define user_name		(sudo_user.name)
 #define user_uid		(sudo_user.uid)
 #define user_gid		(sudo_user.gid)
+#define user_sid		(sudo_user.sid)
+#define user_umask		(sudo_user.umask)
 #define user_passwd		(sudo_user.pw->pw_passwd)
-#define user_uuid		(sudo_user.uuid)
 #define user_dir		(sudo_user.pw->pw_dir)
+#define user_gids		(sudo_user.gids)
+#define user_ngids		(sudo_user.ngids)
 #define user_group_list		(sudo_user.group_list)
 #define user_tty		(sudo_user.tty)
 #define user_ttypath		(sudo_user.ttypath)
@@ -170,6 +194,8 @@ struct sudo_user {
 #define user_prompt		(sudo_user.prompt)
 #define user_host		(sudo_user.host)
 #define user_shost		(sudo_user.shost)
+#define user_runhost		(sudo_user.runhost)
+#define user_srunhost		(sudo_user.srunhost)
 #define user_ccname		(sudo_user.krb5_ccname)
 #define safe_cmnd		(sudo_user.cmnd_safe)
 #define login_class		(sudo_user.class_name)
@@ -178,21 +204,16 @@ struct sudo_user {
 #define user_role		(sudo_user.role)
 #define user_type		(sudo_user.type)
 #define user_closefrom		(sudo_user.closefrom)
+#define	runas_privs		(sudo_user.privs)
+#define	runas_limitprivs	(sudo_user.limitprivs)
 
 #ifdef __TANDEM
-# define ROOT_UID       65535
+# define ROOT_UID	65535
 #else
-# define ROOT_UID       0
+# define ROOT_UID	0
 #endif
+#define ROOT_GID	0
 
-/*
- * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
- * but that caused problems with various alternate authentication
- * methods.  So, we just define our own and assume that it is >= the
- * system max.
- */
-#define SUDO_PASS_MAX	256
-
 struct lbuf;
 struct passwd;
 struct stat;
@@ -201,7 +222,7 @@ struct timeval;
 /*
  * Function prototypes
  */
-#define YY_DECL int yylex(void)
+#define YY_DECL int sudoerslex(void)
 
 /* goodpath.c */
 bool sudo_goodpath(const char *, struct stat *);
@@ -210,12 +231,19 @@ bool sudo_goodpath(const char *, struct stat *);
 int find_path(char *, char **, struct stat *, char *, int);
 
 /* check.c */
-int check_user(int, int);
-void remove_timestamp(bool);
+int check_user(int validate, int mode);
 bool user_is_exempt(void);
 
+/* prompt.c */
+char *expand_prompt(const char *old_prompt, const char *user, const char *host);
+
+/* timestamp.c */
+void remove_timestamp(bool);
+bool set_lectured(void);
+
 /* sudo_auth.c */
-int verify_user(struct passwd *pw, char *prompt);
+bool sudo_auth_needs_end_session(void);
+int verify_user(struct passwd *pw, char *prompt, int validated);
 int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
 int sudo_auth_end_session(struct passwd *pw);
 int sudo_auth_init(struct passwd *pw);
@@ -239,7 +267,7 @@ void restore_perms(void);
 int pam_prep_user(struct passwd *);
 
 /* gram.y */
-int yyparse(void);
+int sudoersparse(void);
 
 /* toke.l */
 YY_DECL;
@@ -255,36 +283,34 @@ void dump_auth_methods(void);
 /* getspwuid.c */
 char *sudo_getepw(const struct passwd *);
 
-/* zero_bytes.c */
-void zero_bytes(volatile void *, size_t);
-
 /* sudo_nss.c */
 void display_privs(struct sudo_nss_list *, struct passwd *);
 bool display_cmnd(struct sudo_nss_list *, struct passwd *);
 
 /* pwutil.c */
-void sudo_setgrent(void);
+__dso_public struct group *sudo_getgrgid(gid_t);
+__dso_public struct group *sudo_getgrnam(const char *);
+__dso_public void sudo_gr_addref(struct group *);
+__dso_public void sudo_gr_delref(struct group *);
+bool user_in_group(struct passwd *, const char *);
+struct group *sudo_fakegrnam(const char *);
+struct group_list *sudo_get_grlist(struct passwd *pw);
+struct passwd *sudo_fakepwnam(const char *, gid_t);
+struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell);
+struct passwd *sudo_getpwnam(const char *);
+struct passwd *sudo_getpwuid(uid_t);
 void sudo_endgrent(void);
-void sudo_setpwent(void);
 void sudo_endpwent(void);
-void sudo_setspent(void);
 void sudo_endspent(void);
-struct group_list *get_group_list(struct passwd *pw);
-void set_group_list(const char *, GETGROUPS_T *gids, int ngids);
-struct passwd *sudo_getpwnam(const char *);
-struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid);
-struct passwd *sudo_fakepwnam(const char *, gid_t);
-struct passwd *sudo_getpwuid(uid_t);
-struct group *sudo_getgrnam(const char *);
-struct group *sudo_fakegrnam(const char *);
-struct group *sudo_getgrgid(gid_t);
-void grlist_addref(struct group_list *);
-void grlist_delref(struct group_list *);
-void gr_addref(struct group *);
-void gr_delref(struct group *);
-void pw_addref(struct passwd *);
-void pw_delref(struct passwd *);
-bool user_in_group(struct passwd *, const char *);
+void sudo_grlist_addref(struct group_list *);
+void sudo_grlist_delref(struct group_list *);
+void sudo_pw_addref(struct passwd *);
+void sudo_pw_delref(struct passwd *);
+void sudo_set_grlist(struct passwd *pw, char * const *groups,
+    char * const *gids);
+void sudo_setgrent(void);
+void sudo_setpwent(void);
+void sudo_setspent(void);
 
 /* timestr.c */
 char *get_timestr(time_t, int);
@@ -292,11 +318,15 @@ char *get_timestr(time_t, int);
 /* atobool.c */
 int atobool(const char *str);
 
+/* atoid.c */
+int atoid(const char *str, const char *sep, char **endp, const char **errstr);
+
 /* boottime.c */
 int get_boottime(struct timeval *);
 
 /* iolog.c */
-void io_nextid(char *iolog_dir, char sessid[7]);
+int io_set_max_sessid(const char *sessid);
+void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]);
 
 /* iolog_path.c */
 char *expand_iolog_path(const char *prefix, const char *dir, const char *file,
@@ -304,7 +334,7 @@ char *expand_iolog_path(const char *prefix, const char
 
 /* env.c */
 char **env_get(void);
-void env_merge(char * const envp[], bool overwrite);
+void env_merge(char * const envp[]);
 void env_init(char * const envp[]);
 void init_envtables(void);
 void insert_env_vars(char * const envp[]);
@@ -323,10 +353,17 @@ int sudoers_hook_unsetenv(const char *name, void *clos
 char *fmt_string(const char *, const char *);
 
 /* sudoers.c */
-void plugin_cleanup(int);
-void set_fqdn(void);
 FILE *open_sudoers(const char *, bool, bool *);
+int sudoers_policy_init(void *info, char * const envp[]);
+int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure);
+void sudoers_cleanup(void);
 
+/* policy.c */
+int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group);
+int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v);
+extern const char *path_ldap_conf;
+extern const char *path_ldap_secret;
+
 /* aix.c */
 void aix_restoreauthdb(void);
 void aix_setauthdb(char *user);
@@ -340,6 +377,9 @@ int group_plugin_query(const char *user, const char *g
 /* setgroups.c */
 int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
 
+/* gidlist.c */
+int parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp);
+
 #ifndef _SUDO_MAIN
 extern struct sudo_user sudo_user;
 extern struct passwd *list_pw;
@@ -347,7 +387,6 @@ extern int long_list;
 extern int sudo_mode;
 extern uid_t timestamp_uid;
 extern sudo_conv_t sudo_conv;
-extern sudo_printf_t sudo_printf;
 #endif
 
-#endif /* _SUDO_SUDOERS_H */
+#endif /* _SUDOERS_SUDOERS_H */