--- embedaddon/sudo/plugins/sudoers/sudoers.h	2012/02/21 16:23:02	1.1.1.1
+++ embedaddon/sudo/plugins/sudoers/sudoers.h	2014/06/15 16:12:54	1.1.1.6
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2011
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2014
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -19,25 +19,32 @@
  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 
-#ifndef _SUDO_SUDOERS_H
-#define _SUDO_SUDOERS_H
+#ifndef _SUDOERS_SUDOERS_H
+#define _SUDOERS_SUDOERS_H
 
 #include <limits.h>
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
 
+#define DEFAULT_TEXT_DOMAIN	"sudoers"
+#include "gettext.h"		/* must be included before missing.h */
+
 #include <pathnames.h>
 #include "missing.h"
-#include "error.h"
+#include "fatal.h"
 #include "alloc.h"
-#include "list.h"
+#include "queue.h"
 #include "fileops.h"
 #include "defaults.h"
 #include "logging.h"
 #include "sudo_nss.h"
 #include "sudo_plugin.h"
+#include "sudo_debug.h"
+#include "sudo_util.h"
 
-#define DEFAULT_TEXT_DOMAIN	"sudoers"
-#include "gettext.h"
-
 /*
  * Password db and supplementary group IDs with associated group names.
  */
@@ -62,6 +69,8 @@ struct sudo_user {
     char *ttypath;
     char *host;
     char *shost;
+    char *runhost;
+    char *srunhost;
     char *prompt;
     char *cmnd;
     char *cmnd_args;
@@ -75,16 +84,32 @@ struct sudo_user {
     char *role;
     char *type;
 #endif
-    char *cwd;
+#ifdef HAVE_PRIV_SET
+    char *privs;
+    char *limitprivs;
+#endif
+    const char *cwd;
     char *iolog_file;
+    GETGROUPS_T *gids;
+    int   ngids;
     int   closefrom;
     int   lines;
     int   cols;
+    int   flags;
+    int   max_groups;
+    mode_t umask;
     uid_t uid;
     uid_t gid;
+    pid_t sid;
 };
 
 /*
+ * sudo_user flag values
+ */
+#define RUNAS_USER_SPECIFIED	0x01
+#define RUNAS_GROUP_SPECIFIED	0x02
+
+/*
  * Return values for sudoers_lookup(), also used as arguments for log_auth()
  * Note: cannot use '0' as a value here.
  */
@@ -96,16 +121,11 @@ struct sudo_user {
 #define FLAG_NO_USER		0x020
 #define FLAG_NO_HOST		0x040
 #define FLAG_NO_CHECK		0x080
+#define FLAG_NON_INTERACTIVE	0x100
+#define FLAG_BAD_PASSWORD	0x200
+#define FLAG_AUTH_ERROR		0x400
 
 /*
- * Pseudo-boolean values
- */
-#undef TRUE
-#define TRUE                     1
-#undef FALSE
-#define FALSE                    0
-
-/*
  * find_path()/load_cmnd() return values
  */
 #define FOUND                   0
@@ -157,9 +177,12 @@ struct sudo_user {
 #define user_name		(sudo_user.name)
 #define user_uid		(sudo_user.uid)
 #define user_gid		(sudo_user.gid)
+#define user_sid		(sudo_user.sid)
+#define user_umask		(sudo_user.umask)
 #define user_passwd		(sudo_user.pw->pw_passwd)
-#define user_uuid		(sudo_user.uuid)
 #define user_dir		(sudo_user.pw->pw_dir)
+#define user_gids		(sudo_user.gids)
+#define user_ngids		(sudo_user.ngids)
 #define user_group_list		(sudo_user.group_list)
 #define user_tty		(sudo_user.tty)
 #define user_ttypath		(sudo_user.ttypath)
@@ -172,6 +195,8 @@ struct sudo_user {
 #define user_prompt		(sudo_user.prompt)
 #define user_host		(sudo_user.host)
 #define user_shost		(sudo_user.shost)
+#define user_runhost		(sudo_user.runhost)
+#define user_srunhost		(sudo_user.srunhost)
 #define user_ccname		(sudo_user.krb5_ccname)
 #define safe_cmnd		(sudo_user.cmnd_safe)
 #define login_class		(sudo_user.class_name)
@@ -180,21 +205,16 @@ struct sudo_user {
 #define user_role		(sudo_user.role)
 #define user_type		(sudo_user.type)
 #define user_closefrom		(sudo_user.closefrom)
+#define	runas_privs		(sudo_user.privs)
+#define	runas_limitprivs	(sudo_user.limitprivs)
 
 #ifdef __TANDEM
-# define ROOT_UID       65535
+# define ROOT_UID	65535
 #else
-# define ROOT_UID       0
+# define ROOT_UID	0
 #endif
+#define ROOT_GID	0
 
-/*
- * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
- * but that caused problems with various alternate authentication
- * methods.  So, we just define our own and assume that it is >= the
- * system max.
- */
-#define SUDO_PASS_MAX	256
-
 struct lbuf;
 struct passwd;
 struct stat;
@@ -203,23 +223,30 @@ struct timeval;
 /*
  * Function prototypes
  */
-#define YY_DECL int yylex(void)
+#define YY_DECL int sudoerslex(void)
 
 /* goodpath.c */
-char *sudo_goodpath(const char *, struct stat *);
+bool sudo_goodpath(const char *, struct stat *);
 
 /* findpath.c */
 int find_path(char *, char **, struct stat *, char *, int);
 
 /* check.c */
-int check_user(int, int);
-void remove_timestamp(int);
-int user_is_exempt(void);
+int check_user(int validate, int mode);
+bool user_is_exempt(void);
 
+/* prompt.c */
+char *expand_prompt(const char *old_prompt, const char *auth_user);
+
+/* timestamp.c */
+void remove_timestamp(bool);
+bool set_lectured(void);
+
 /* sudo_auth.c */
-int verify_user(struct passwd *, char *);
-int sudo_auth_begin_session(struct passwd *);
-int sudo_auth_end_session(struct passwd *);
+bool sudo_auth_needs_end_session(void);
+int verify_user(struct passwd *pw, char *prompt, int validated);
+int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
+int sudo_auth_end_session(struct passwd *pw);
 int sudo_auth_init(struct passwd *pw);
 int sudo_auth_cleanup(struct passwd *pw);
 
@@ -241,10 +268,23 @@ void restore_perms(void);
 int pam_prep_user(struct passwd *);
 
 /* gram.y */
-int yyparse(void);
+int sudoersparse(void);
+extern char *login_style;
+extern const char *errorfile;
+extern int errorlineno;
+extern bool parse_error;
+extern bool sudoers_warnings;
 
 /* toke.l */
 YY_DECL;
+extern FILE *sudoersin;
+extern const char *sudoers_file;
+extern char *sudoers;
+extern mode_t sudoers_mode;
+extern uid_t sudoers_uid;
+extern gid_t sudoers_gid;
+extern int sudolineno;
+extern int last_token;
 
 /* defaults.c */
 void dump_defaults(void);
@@ -253,48 +293,44 @@ void dump_auth_methods(void);
 /* getspwuid.c */
 char *sudo_getepw(const struct passwd *);
 
-/* zero_bytes.c */
-void zero_bytes(volatile void *, size_t);
-
 /* sudo_nss.c */
 void display_privs(struct sudo_nss_list *, struct passwd *);
-int display_cmnd(struct sudo_nss_list *, struct passwd *);
+bool display_cmnd(struct sudo_nss_list *, struct passwd *);
 
 /* pwutil.c */
-void sudo_setgrent(void);
+__dso_public struct group *sudo_getgrgid(gid_t);
+__dso_public struct group *sudo_getgrnam(const char *);
+__dso_public void sudo_gr_addref(struct group *);
+__dso_public void sudo_gr_delref(struct group *);
+bool user_in_group(const struct passwd *, const char *);
+struct group *sudo_fakegrnam(const char *);
+struct group_list *sudo_get_grlist(const struct passwd *pw);
+struct passwd *sudo_fakepwnam(const char *, gid_t);
+struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell);
+struct passwd *sudo_getpwnam(const char *);
+struct passwd *sudo_getpwuid(uid_t);
 void sudo_endgrent(void);
-void sudo_setpwent(void);
 void sudo_endpwent(void);
-void sudo_setspent(void);
 void sudo_endspent(void);
-struct group_list *get_group_list(struct passwd *pw);
-void set_group_list(const char *, GETGROUPS_T *gids, int ngids);
-struct passwd *sudo_getpwnam(const char *);
-struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid);
-struct passwd *sudo_fakepwnam(const char *, gid_t);
-struct passwd *sudo_getpwuid(uid_t);
-struct group *sudo_getgrnam(const char *);
-struct group *sudo_fakegrnam(const char *);
-struct group *sudo_getgrgid(gid_t);
-void grlist_addref(struct group_list *);
-void grlist_delref(struct group_list *);
-void gr_addref(struct group *);
-void gr_delref(struct group *);
-void pw_addref(struct passwd *);
-void pw_delref(struct passwd *);
-int user_in_group(struct passwd *, const char *);
+void sudo_grlist_addref(struct group_list *);
+void sudo_grlist_delref(struct group_list *);
+void sudo_pw_addref(struct passwd *);
+void sudo_pw_delref(struct passwd *);
+void sudo_set_grlist(struct passwd *pw, char * const *groups,
+    char * const *gids);
+void sudo_setgrent(void);
+void sudo_setpwent(void);
+void sudo_setspent(void);
 
 /* timestr.c */
 char *get_timestr(time_t, int);
 
-/* atobool.c */
-int atobool(const char *str);
-
 /* boottime.c */
-int get_boottime(struct timeval *);
+bool get_boottime(struct timeval *);
 
 /* iolog.c */
-void io_nextid(char *iolog_dir, char sessid[7]);
+int io_set_max_sessid(const char *sessid);
+void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]);
 
 /* iolog_path.c */
 char *expand_iolog_path(const char *prefix, const char *dir, const char *file,
@@ -302,24 +338,32 @@ char *expand_iolog_path(const char *prefix, const char
 
 /* env.c */
 char **env_get(void);
+void env_merge(char * const envp[]);
 void env_init(char * const envp[]);
 void init_envtables(void);
 void insert_env_vars(char * const envp[]);
 void read_env_file(const char *, int);
 void rebuild_env(void);
 void validate_env_vars(char * const envp[]);
+int sudo_setenv(const char *var, const char *val, int overwrite);
+int sudo_unsetenv(const char *var);
+char *sudo_getenv(const char *name);
+int sudoers_hook_getenv(const char *name, char **value, void *closure);
+int sudoers_hook_putenv(char *string, void *closure);
+int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure);
+int sudoers_hook_unsetenv(const char *name, void *closure);
 
-/* fmt_string.c */
-char *fmt_string(const char *, const char *);
-
 /* sudoers.c */
-void plugin_cleanup(int);
-void set_fqdn(void);
-FILE *open_sudoers(const char *, int, int *);
+FILE *open_sudoers(const char *, bool, bool *);
+int sudoers_policy_init(void *info, char * const envp[]);
+int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure);
+void sudoers_cleanup(void);
 
-/* aix.c */
-void aix_restoreauthdb(void);
-void aix_setauthdb(char *user);
+/* policy.c */
+int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group);
+int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v);
+extern const char *path_ldap_conf;
+extern const char *path_ldap_secret;
 
 /* group_plugin.c */
 int group_plugin_load(char *plugin_info);
@@ -327,21 +371,13 @@ void group_plugin_unload(void);
 int group_plugin_query(const char *user, const char *group,
     const struct passwd *pwd);
 
-/* setgroups.c */
-int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
-
 #ifndef _SUDO_MAIN
 extern struct sudo_user sudo_user;
 extern struct passwd *list_pw;
-extern const char *sudoers_file;
-extern mode_t sudoers_mode;
-extern uid_t sudoers_uid;
-extern gid_t sudoers_gid;
 extern int long_list;
 extern int sudo_mode;
 extern uid_t timestamp_uid;
 extern sudo_conv_t sudo_conv;
-extern sudo_printf_t sudo_printf;
 #endif
 
-#endif /* _SUDO_SUDOERS_H */
+#endif /* _SUDOERS_SUDOERS_H */