Return to sudoers.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers |
1.1 ! misho 1: /* ! 2: * Copyright (c) 1993-1996, 1998-2005, 2007-2011 ! 3: * Todd C. Miller <Todd.Miller@courtesan.com> ! 4: * ! 5: * Permission to use, copy, modify, and distribute this software for any ! 6: * purpose with or without fee is hereby granted, provided that the above ! 7: * copyright notice and this permission notice appear in all copies. ! 8: * ! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ! 16: * ! 17: * Sponsored in part by the Defense Advanced Research Projects ! 18: * Agency (DARPA) and Air Force Research Laboratory, Air Force ! 19: * Materiel Command, USAF, under agreement number F39502-99-1-0512. ! 20: */ ! 21: ! 22: #ifndef _SUDO_SUDOERS_H ! 23: #define _SUDO_SUDOERS_H ! 24: ! 25: #include <limits.h> ! 26: ! 27: #include <pathnames.h> ! 28: #include "missing.h" ! 29: #include "error.h" ! 30: #include "alloc.h" ! 31: #include "list.h" ! 32: #include "fileops.h" ! 33: #include "defaults.h" ! 34: #include "logging.h" ! 35: #include "sudo_nss.h" ! 36: #include "sudo_plugin.h" ! 37: ! 38: #define DEFAULT_TEXT_DOMAIN "sudoers" ! 39: #include "gettext.h" ! 40: ! 41: /* ! 42: * Password db and supplementary group IDs with associated group names. ! 43: */ ! 44: struct group_list { ! 45: char **groups; ! 46: GETGROUPS_T *gids; ! 47: int ngroups; ! 48: int ngids; ! 49: }; ! 50: ! 51: /* ! 52: * Info pertaining to the invoking user. ! 53: */ ! 54: struct sudo_user { ! 55: struct passwd *pw; ! 56: struct passwd *_runas_pw; ! 57: struct group *_runas_gr; ! 58: struct stat *cmnd_stat; ! 59: char *name; ! 60: char *path; ! 61: char *tty; ! 62: char *ttypath; ! 63: char *host; ! 64: char *shost; ! 65: char *prompt; ! 66: char *cmnd; ! 67: char *cmnd_args; ! 68: char *cmnd_base; ! 69: char *cmnd_safe; ! 70: char *class_name; ! 71: char *krb5_ccname; ! 72: struct group_list *group_list; ! 73: char * const * env_vars; ! 74: #ifdef HAVE_SELINUX ! 75: char *role; ! 76: char *type; ! 77: #endif ! 78: char *cwd; ! 79: char *iolog_file; ! 80: int closefrom; ! 81: int lines; ! 82: int cols; ! 83: uid_t uid; ! 84: uid_t gid; ! 85: }; ! 86: ! 87: /* ! 88: * Return values for sudoers_lookup(), also used as arguments for log_auth() ! 89: * Note: cannot use '0' as a value here. ! 90: */ ! 91: /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */ ! 92: #define VALIDATE_ERROR 0x001 ! 93: #define VALIDATE_OK 0x002 ! 94: #define VALIDATE_NOT_OK 0x004 ! 95: #define FLAG_CHECK_USER 0x010 ! 96: #define FLAG_NO_USER 0x020 ! 97: #define FLAG_NO_HOST 0x040 ! 98: #define FLAG_NO_CHECK 0x080 ! 99: ! 100: /* ! 101: * Pseudo-boolean values ! 102: */ ! 103: #undef TRUE ! 104: #define TRUE 1 ! 105: #undef FALSE ! 106: #define FALSE 0 ! 107: ! 108: /* ! 109: * find_path()/load_cmnd() return values ! 110: */ ! 111: #define FOUND 0 ! 112: #define NOT_FOUND 1 ! 113: #define NOT_FOUND_DOT 2 ! 114: ! 115: /* ! 116: * Various modes sudo can be in (based on arguments) in hex ! 117: */ ! 118: #define MODE_RUN 0x00000001 ! 119: #define MODE_EDIT 0x00000002 ! 120: #define MODE_VALIDATE 0x00000004 ! 121: #define MODE_INVALIDATE 0x00000008 ! 122: #define MODE_KILL 0x00000010 ! 123: #define MODE_VERSION 0x00000020 ! 124: #define MODE_HELP 0x00000040 ! 125: #define MODE_LIST 0x00000080 ! 126: #define MODE_CHECK 0x00000100 ! 127: #define MODE_LISTDEFS 0x00000200 ! 128: #define MODE_MASK 0x0000ffff ! 129: ! 130: /* Mode flags */ ! 131: #define MODE_BACKGROUND 0x00010000 /* XXX - unused */ ! 132: #define MODE_SHELL 0x00020000 ! 133: #define MODE_LOGIN_SHELL 0x00040000 ! 134: #define MODE_IMPLIED_SHELL 0x00080000 ! 135: #define MODE_RESET_HOME 0x00100000 ! 136: #define MODE_PRESERVE_GROUPS 0x00200000 ! 137: #define MODE_PRESERVE_ENV 0x00400000 ! 138: #define MODE_NONINTERACTIVE 0x00800000 ! 139: #define MODE_IGNORE_TICKET 0x01000000 ! 140: ! 141: /* ! 142: * Used with set_perms() ! 143: */ ! 144: #define PERM_INITIAL 0x00 ! 145: #define PERM_ROOT 0x01 ! 146: #define PERM_USER 0x02 ! 147: #define PERM_FULL_USER 0x03 ! 148: #define PERM_SUDOERS 0x04 ! 149: #define PERM_RUNAS 0x05 ! 150: #define PERM_TIMESTAMP 0x06 ! 151: #define PERM_NOEXIT 0x10 /* flag */ ! 152: #define PERM_MASK 0xf0 ! 153: ! 154: /* ! 155: * Shortcuts for sudo_user contents. ! 156: */ ! 157: #define user_name (sudo_user.name) ! 158: #define user_uid (sudo_user.uid) ! 159: #define user_gid (sudo_user.gid) ! 160: #define user_passwd (sudo_user.pw->pw_passwd) ! 161: #define user_uuid (sudo_user.uuid) ! 162: #define user_dir (sudo_user.pw->pw_dir) ! 163: #define user_group_list (sudo_user.group_list) ! 164: #define user_tty (sudo_user.tty) ! 165: #define user_ttypath (sudo_user.ttypath) ! 166: #define user_cwd (sudo_user.cwd) ! 167: #define user_cmnd (sudo_user.cmnd) ! 168: #define user_args (sudo_user.cmnd_args) ! 169: #define user_base (sudo_user.cmnd_base) ! 170: #define user_stat (sudo_user.cmnd_stat) ! 171: #define user_path (sudo_user.path) ! 172: #define user_prompt (sudo_user.prompt) ! 173: #define user_host (sudo_user.host) ! 174: #define user_shost (sudo_user.shost) ! 175: #define user_ccname (sudo_user.krb5_ccname) ! 176: #define safe_cmnd (sudo_user.cmnd_safe) ! 177: #define login_class (sudo_user.class_name) ! 178: #define runas_pw (sudo_user._runas_pw) ! 179: #define runas_gr (sudo_user._runas_gr) ! 180: #define user_role (sudo_user.role) ! 181: #define user_type (sudo_user.type) ! 182: #define user_closefrom (sudo_user.closefrom) ! 183: ! 184: #ifdef __TANDEM ! 185: # define ROOT_UID 65535 ! 186: #else ! 187: # define ROOT_UID 0 ! 188: #endif ! 189: ! 190: /* ! 191: * We used to use the system definition of PASS_MAX or _PASSWD_LEN, ! 192: * but that caused problems with various alternate authentication ! 193: * methods. So, we just define our own and assume that it is >= the ! 194: * system max. ! 195: */ ! 196: #define SUDO_PASS_MAX 256 ! 197: ! 198: struct lbuf; ! 199: struct passwd; ! 200: struct stat; ! 201: struct timeval; ! 202: ! 203: /* ! 204: * Function prototypes ! 205: */ ! 206: #define YY_DECL int yylex(void) ! 207: ! 208: /* goodpath.c */ ! 209: char *sudo_goodpath(const char *, struct stat *); ! 210: ! 211: /* findpath.c */ ! 212: int find_path(char *, char **, struct stat *, char *, int); ! 213: ! 214: /* check.c */ ! 215: int check_user(int, int); ! 216: void remove_timestamp(int); ! 217: int user_is_exempt(void); ! 218: ! 219: /* sudo_auth.c */ ! 220: int verify_user(struct passwd *, char *); ! 221: int sudo_auth_begin_session(struct passwd *); ! 222: int sudo_auth_end_session(struct passwd *); ! 223: int sudo_auth_init(struct passwd *pw); ! 224: int sudo_auth_cleanup(struct passwd *pw); ! 225: ! 226: /* parse.c */ ! 227: int sudo_file_open(struct sudo_nss *); ! 228: int sudo_file_close(struct sudo_nss *); ! 229: int sudo_file_setdefs(struct sudo_nss *); ! 230: int sudo_file_lookup(struct sudo_nss *, int, int); ! 231: int sudo_file_parse(struct sudo_nss *); ! 232: int sudo_file_display_cmnd(struct sudo_nss *, struct passwd *); ! 233: int sudo_file_display_defaults(struct sudo_nss *, struct passwd *, struct lbuf *); ! 234: int sudo_file_display_bound_defaults(struct sudo_nss *, struct passwd *, struct lbuf *); ! 235: int sudo_file_display_privs(struct sudo_nss *, struct passwd *, struct lbuf *); ! 236: ! 237: /* set_perms.c */ ! 238: void rewind_perms(void); ! 239: int set_perms(int); ! 240: void restore_perms(void); ! 241: int pam_prep_user(struct passwd *); ! 242: ! 243: /* gram.y */ ! 244: int yyparse(void); ! 245: ! 246: /* toke.l */ ! 247: YY_DECL; ! 248: ! 249: /* defaults.c */ ! 250: void dump_defaults(void); ! 251: void dump_auth_methods(void); ! 252: ! 253: /* getspwuid.c */ ! 254: char *sudo_getepw(const struct passwd *); ! 255: ! 256: /* zero_bytes.c */ ! 257: void zero_bytes(volatile void *, size_t); ! 258: ! 259: /* sudo_nss.c */ ! 260: void display_privs(struct sudo_nss_list *, struct passwd *); ! 261: int display_cmnd(struct sudo_nss_list *, struct passwd *); ! 262: ! 263: /* pwutil.c */ ! 264: void sudo_setgrent(void); ! 265: void sudo_endgrent(void); ! 266: void sudo_setpwent(void); ! 267: void sudo_endpwent(void); ! 268: void sudo_setspent(void); ! 269: void sudo_endspent(void); ! 270: struct group_list *get_group_list(struct passwd *pw); ! 271: void set_group_list(const char *, GETGROUPS_T *gids, int ngids); ! 272: struct passwd *sudo_getpwnam(const char *); ! 273: struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid); ! 274: struct passwd *sudo_fakepwnam(const char *, gid_t); ! 275: struct passwd *sudo_getpwuid(uid_t); ! 276: struct group *sudo_getgrnam(const char *); ! 277: struct group *sudo_fakegrnam(const char *); ! 278: struct group *sudo_getgrgid(gid_t); ! 279: void grlist_addref(struct group_list *); ! 280: void grlist_delref(struct group_list *); ! 281: void gr_addref(struct group *); ! 282: void gr_delref(struct group *); ! 283: void pw_addref(struct passwd *); ! 284: void pw_delref(struct passwd *); ! 285: int user_in_group(struct passwd *, const char *); ! 286: ! 287: /* timestr.c */ ! 288: char *get_timestr(time_t, int); ! 289: ! 290: /* atobool.c */ ! 291: int atobool(const char *str); ! 292: ! 293: /* boottime.c */ ! 294: int get_boottime(struct timeval *); ! 295: ! 296: /* iolog.c */ ! 297: void io_nextid(char *iolog_dir, char sessid[7]); ! 298: ! 299: /* iolog_path.c */ ! 300: char *expand_iolog_path(const char *prefix, const char *dir, const char *file, ! 301: char **slashp); ! 302: ! 303: /* env.c */ ! 304: char **env_get(void); ! 305: void env_init(char * const envp[]); ! 306: void init_envtables(void); ! 307: void insert_env_vars(char * const envp[]); ! 308: void read_env_file(const char *, int); ! 309: void rebuild_env(void); ! 310: void validate_env_vars(char * const envp[]); ! 311: ! 312: /* fmt_string.c */ ! 313: char *fmt_string(const char *, const char *); ! 314: ! 315: /* sudoers.c */ ! 316: void plugin_cleanup(int); ! 317: void set_fqdn(void); ! 318: FILE *open_sudoers(const char *, int, int *); ! 319: ! 320: /* aix.c */ ! 321: void aix_restoreauthdb(void); ! 322: void aix_setauthdb(char *user); ! 323: ! 324: /* group_plugin.c */ ! 325: int group_plugin_load(char *plugin_info); ! 326: void group_plugin_unload(void); ! 327: int group_plugin_query(const char *user, const char *group, ! 328: const struct passwd *pwd); ! 329: ! 330: /* setgroups.c */ ! 331: int sudo_setgroups(int ngids, const GETGROUPS_T *gids); ! 332: ! 333: #ifndef _SUDO_MAIN ! 334: extern struct sudo_user sudo_user; ! 335: extern struct passwd *list_pw; ! 336: extern const char *sudoers_file; ! 337: extern mode_t sudoers_mode; ! 338: extern uid_t sudoers_uid; ! 339: extern gid_t sudoers_gid; ! 340: extern int long_list; ! 341: extern int sudo_mode; ! 342: extern uid_t timestamp_uid; ! 343: extern sudo_conv_t sudo_conv; ! 344: extern sudo_printf_t sudo_printf; ! 345: #endif ! 346: ! 347: #endif /* _SUDO_SUDOERS_H */