[BACK]Return to sudoers.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers / sudoers.h
Revision 1.1.1.6 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Sun Jun 15 16:12:54 2014 UTC (10 years, 3 months ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_10p3_0, v1_8_10p3, HEAD
sudo v 1.8.10p3

    1: /*
    2:  * Copyright (c) 1993-1996, 1998-2005, 2007-2014
    3:  *	Todd C. Miller <Todd.Miller@courtesan.com>
    4:  *
    5:  * Permission to use, copy, modify, and distribute this software for any
    6:  * purpose with or without fee is hereby granted, provided that the above
    7:  * copyright notice and this permission notice appear in all copies.
    8:  *
    9:  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   10:  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   11:  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   12:  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   13:  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   14:  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   15:  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   16:  *
   17:  * Sponsored in part by the Defense Advanced Research Projects
   18:  * Agency (DARPA) and Air Force Research Laboratory, Air Force
   19:  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
   20:  */
   21: 
   22: #ifndef _SUDOERS_SUDOERS_H
   23: #define _SUDOERS_SUDOERS_H
   24: 
   25: #include <limits.h>
   26: #ifdef HAVE_STDBOOL_H
   27: # include <stdbool.h>
   28: #else
   29: # include "compat/stdbool.h"
   30: #endif /* HAVE_STDBOOL_H */
   31: 
   32: #define DEFAULT_TEXT_DOMAIN	"sudoers"
   33: #include "gettext.h"		/* must be included before missing.h */
   34: 
   35: #include <pathnames.h>
   36: #include "missing.h"
   37: #include "fatal.h"
   38: #include "alloc.h"
   39: #include "queue.h"
   40: #include "fileops.h"
   41: #include "defaults.h"
   42: #include "logging.h"
   43: #include "sudo_nss.h"
   44: #include "sudo_plugin.h"
   45: #include "sudo_debug.h"
   46: #include "sudo_util.h"
   47: 
   48: /*
   49:  * Password db and supplementary group IDs with associated group names.
   50:  */
   51: struct group_list {
   52:     char **groups;
   53:     GETGROUPS_T *gids;
   54:     int ngroups;
   55:     int ngids;
   56: };
   57: 
   58: /*
   59:  * Info pertaining to the invoking user.
   60:  */
   61: struct sudo_user {
   62:     struct passwd *pw;
   63:     struct passwd *_runas_pw;
   64:     struct group *_runas_gr;
   65:     struct stat *cmnd_stat;
   66:     char *name;
   67:     char *path;
   68:     char *tty;
   69:     char *ttypath;
   70:     char *host;
   71:     char *shost;
   72:     char *runhost;
   73:     char *srunhost;
   74:     char *prompt;
   75:     char *cmnd;
   76:     char *cmnd_args;
   77:     char *cmnd_base;
   78:     char *cmnd_safe;
   79:     char *class_name;
   80:     char *krb5_ccname;
   81:     struct group_list *group_list;
   82:     char * const * env_vars;
   83: #ifdef HAVE_SELINUX
   84:     char *role;
   85:     char *type;
   86: #endif
   87: #ifdef HAVE_PRIV_SET
   88:     char *privs;
   89:     char *limitprivs;
   90: #endif
   91:     const char *cwd;
   92:     char *iolog_file;
   93:     GETGROUPS_T *gids;
   94:     int   ngids;
   95:     int   closefrom;
   96:     int   lines;
   97:     int   cols;
   98:     int   flags;
   99:     int   max_groups;
  100:     mode_t umask;
  101:     uid_t uid;
  102:     uid_t gid;
  103:     pid_t sid;
  104: };
  105: 
  106: /*
  107:  * sudo_user flag values
  108:  */
  109: #define RUNAS_USER_SPECIFIED	0x01
  110: #define RUNAS_GROUP_SPECIFIED	0x02
  111: 
  112: /*
  113:  * Return values for sudoers_lookup(), also used as arguments for log_auth()
  114:  * Note: cannot use '0' as a value here.
  115:  */
  116: /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
  117: #define VALIDATE_ERROR          0x001
  118: #define VALIDATE_OK		0x002
  119: #define VALIDATE_NOT_OK		0x004
  120: #define FLAG_CHECK_USER		0x010
  121: #define FLAG_NO_USER		0x020
  122: #define FLAG_NO_HOST		0x040
  123: #define FLAG_NO_CHECK		0x080
  124: #define FLAG_NON_INTERACTIVE	0x100
  125: #define FLAG_BAD_PASSWORD	0x200
  126: #define FLAG_AUTH_ERROR		0x400
  127: 
  128: /*
  129:  * find_path()/load_cmnd() return values
  130:  */
  131: #define FOUND                   0
  132: #define NOT_FOUND               1
  133: #define NOT_FOUND_DOT		2
  134: 
  135: /*
  136:  * Various modes sudo can be in (based on arguments) in hex
  137:  */
  138: #define MODE_RUN		0x00000001
  139: #define MODE_EDIT		0x00000002
  140: #define MODE_VALIDATE		0x00000004
  141: #define MODE_INVALIDATE		0x00000008
  142: #define MODE_KILL		0x00000010
  143: #define MODE_VERSION		0x00000020
  144: #define MODE_HELP		0x00000040
  145: #define MODE_LIST		0x00000080
  146: #define MODE_CHECK		0x00000100
  147: #define MODE_LISTDEFS		0x00000200
  148: #define MODE_MASK		0x0000ffff
  149: 
  150: /* Mode flags */
  151: #define MODE_BACKGROUND		0x00010000 /* XXX - unused */
  152: #define MODE_SHELL		0x00020000
  153: #define MODE_LOGIN_SHELL	0x00040000
  154: #define MODE_IMPLIED_SHELL	0x00080000
  155: #define MODE_RESET_HOME		0x00100000
  156: #define MODE_PRESERVE_GROUPS	0x00200000
  157: #define MODE_PRESERVE_ENV	0x00400000
  158: #define MODE_NONINTERACTIVE	0x00800000
  159: #define MODE_IGNORE_TICKET	0x01000000
  160: 
  161: /*
  162:  * Used with set_perms()
  163:  */
  164: #define PERM_INITIAL             0x00
  165: #define PERM_ROOT                0x01
  166: #define PERM_USER                0x02
  167: #define PERM_FULL_USER           0x03
  168: #define PERM_SUDOERS             0x04
  169: #define PERM_RUNAS               0x05
  170: #define PERM_TIMESTAMP           0x06
  171: #define PERM_NOEXIT              0x10 /* flag */
  172: #define PERM_MASK                0xf0
  173: 
  174: /*
  175:  * Shortcuts for sudo_user contents.
  176:  */
  177: #define user_name		(sudo_user.name)
  178: #define user_uid		(sudo_user.uid)
  179: #define user_gid		(sudo_user.gid)
  180: #define user_sid		(sudo_user.sid)
  181: #define user_umask		(sudo_user.umask)
  182: #define user_passwd		(sudo_user.pw->pw_passwd)
  183: #define user_dir		(sudo_user.pw->pw_dir)
  184: #define user_gids		(sudo_user.gids)
  185: #define user_ngids		(sudo_user.ngids)
  186: #define user_group_list		(sudo_user.group_list)
  187: #define user_tty		(sudo_user.tty)
  188: #define user_ttypath		(sudo_user.ttypath)
  189: #define user_cwd		(sudo_user.cwd)
  190: #define user_cmnd		(sudo_user.cmnd)
  191: #define user_args		(sudo_user.cmnd_args)
  192: #define user_base		(sudo_user.cmnd_base)
  193: #define user_stat		(sudo_user.cmnd_stat)
  194: #define user_path		(sudo_user.path)
  195: #define user_prompt		(sudo_user.prompt)
  196: #define user_host		(sudo_user.host)
  197: #define user_shost		(sudo_user.shost)
  198: #define user_runhost		(sudo_user.runhost)
  199: #define user_srunhost		(sudo_user.srunhost)
  200: #define user_ccname		(sudo_user.krb5_ccname)
  201: #define safe_cmnd		(sudo_user.cmnd_safe)
  202: #define login_class		(sudo_user.class_name)
  203: #define runas_pw		(sudo_user._runas_pw)
  204: #define runas_gr		(sudo_user._runas_gr)
  205: #define user_role		(sudo_user.role)
  206: #define user_type		(sudo_user.type)
  207: #define user_closefrom		(sudo_user.closefrom)
  208: #define	runas_privs		(sudo_user.privs)
  209: #define	runas_limitprivs	(sudo_user.limitprivs)
  210: 
  211: #ifdef __TANDEM
  212: # define ROOT_UID	65535
  213: #else
  214: # define ROOT_UID	0
  215: #endif
  216: #define ROOT_GID	0
  217: 
  218: struct lbuf;
  219: struct passwd;
  220: struct stat;
  221: struct timeval;
  222: 
  223: /*
  224:  * Function prototypes
  225:  */
  226: #define YY_DECL int sudoerslex(void)
  227: 
  228: /* goodpath.c */
  229: bool sudo_goodpath(const char *, struct stat *);
  230: 
  231: /* findpath.c */
  232: int find_path(char *, char **, struct stat *, char *, int);
  233: 
  234: /* check.c */
  235: int check_user(int validate, int mode);
  236: bool user_is_exempt(void);
  237: 
  238: /* prompt.c */
  239: char *expand_prompt(const char *old_prompt, const char *auth_user);
  240: 
  241: /* timestamp.c */
  242: void remove_timestamp(bool);
  243: bool set_lectured(void);
  244: 
  245: /* sudo_auth.c */
  246: bool sudo_auth_needs_end_session(void);
  247: int verify_user(struct passwd *pw, char *prompt, int validated);
  248: int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
  249: int sudo_auth_end_session(struct passwd *pw);
  250: int sudo_auth_init(struct passwd *pw);
  251: int sudo_auth_cleanup(struct passwd *pw);
  252: 
  253: /* parse.c */
  254: int sudo_file_open(struct sudo_nss *);
  255: int sudo_file_close(struct sudo_nss *);
  256: int sudo_file_setdefs(struct sudo_nss *);
  257: int sudo_file_lookup(struct sudo_nss *, int, int);
  258: int sudo_file_parse(struct sudo_nss *);
  259: int sudo_file_display_cmnd(struct sudo_nss *, struct passwd *);
  260: int sudo_file_display_defaults(struct sudo_nss *, struct passwd *, struct lbuf *);
  261: int sudo_file_display_bound_defaults(struct sudo_nss *, struct passwd *, struct lbuf *);
  262: int sudo_file_display_privs(struct sudo_nss *, struct passwd *, struct lbuf *);
  263: 
  264: /* set_perms.c */
  265: void rewind_perms(void);
  266: int set_perms(int);
  267: void restore_perms(void);
  268: int pam_prep_user(struct passwd *);
  269: 
  270: /* gram.y */
  271: int sudoersparse(void);
  272: extern char *login_style;
  273: extern const char *errorfile;
  274: extern int errorlineno;
  275: extern bool parse_error;
  276: extern bool sudoers_warnings;
  277: 
  278: /* toke.l */
  279: YY_DECL;
  280: extern FILE *sudoersin;
  281: extern const char *sudoers_file;
  282: extern char *sudoers;
  283: extern mode_t sudoers_mode;
  284: extern uid_t sudoers_uid;
  285: extern gid_t sudoers_gid;
  286: extern int sudolineno;
  287: extern int last_token;
  288: 
  289: /* defaults.c */
  290: void dump_defaults(void);
  291: void dump_auth_methods(void);
  292: 
  293: /* getspwuid.c */
  294: char *sudo_getepw(const struct passwd *);
  295: 
  296: /* sudo_nss.c */
  297: void display_privs(struct sudo_nss_list *, struct passwd *);
  298: bool display_cmnd(struct sudo_nss_list *, struct passwd *);
  299: 
  300: /* pwutil.c */
  301: __dso_public struct group *sudo_getgrgid(gid_t);
  302: __dso_public struct group *sudo_getgrnam(const char *);
  303: __dso_public void sudo_gr_addref(struct group *);
  304: __dso_public void sudo_gr_delref(struct group *);
  305: bool user_in_group(const struct passwd *, const char *);
  306: struct group *sudo_fakegrnam(const char *);
  307: struct group_list *sudo_get_grlist(const struct passwd *pw);
  308: struct passwd *sudo_fakepwnam(const char *, gid_t);
  309: struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell);
  310: struct passwd *sudo_getpwnam(const char *);
  311: struct passwd *sudo_getpwuid(uid_t);
  312: void sudo_endgrent(void);
  313: void sudo_endpwent(void);
  314: void sudo_endspent(void);
  315: void sudo_grlist_addref(struct group_list *);
  316: void sudo_grlist_delref(struct group_list *);
  317: void sudo_pw_addref(struct passwd *);
  318: void sudo_pw_delref(struct passwd *);
  319: void sudo_set_grlist(struct passwd *pw, char * const *groups,
  320:     char * const *gids);
  321: void sudo_setgrent(void);
  322: void sudo_setpwent(void);
  323: void sudo_setspent(void);
  324: 
  325: /* timestr.c */
  326: char *get_timestr(time_t, int);
  327: 
  328: /* boottime.c */
  329: bool get_boottime(struct timeval *);
  330: 
  331: /* iolog.c */
  332: int io_set_max_sessid(const char *sessid);
  333: void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]);
  334: 
  335: /* iolog_path.c */
  336: char *expand_iolog_path(const char *prefix, const char *dir, const char *file,
  337:     char **slashp);
  338: 
  339: /* env.c */
  340: char **env_get(void);
  341: void env_merge(char * const envp[]);
  342: void env_init(char * const envp[]);
  343: void init_envtables(void);
  344: void insert_env_vars(char * const envp[]);
  345: void read_env_file(const char *, int);
  346: void rebuild_env(void);
  347: void validate_env_vars(char * const envp[]);
  348: int sudo_setenv(const char *var, const char *val, int overwrite);
  349: int sudo_unsetenv(const char *var);
  350: char *sudo_getenv(const char *name);
  351: int sudoers_hook_getenv(const char *name, char **value, void *closure);
  352: int sudoers_hook_putenv(char *string, void *closure);
  353: int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure);
  354: int sudoers_hook_unsetenv(const char *name, void *closure);
  355: 
  356: /* sudoers.c */
  357: FILE *open_sudoers(const char *, bool, bool *);
  358: int sudoers_policy_init(void *info, char * const envp[]);
  359: int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure);
  360: void sudoers_cleanup(void);
  361: 
  362: /* policy.c */
  363: int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group);
  364: int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v);
  365: extern const char *path_ldap_conf;
  366: extern const char *path_ldap_secret;
  367: 
  368: /* group_plugin.c */
  369: int group_plugin_load(char *plugin_info);
  370: void group_plugin_unload(void);
  371: int group_plugin_query(const char *user, const char *group,
  372:     const struct passwd *pwd);
  373: 
  374: #ifndef _SUDO_MAIN
  375: extern struct sudo_user sudo_user;
  376: extern struct passwd *list_pw;
  377: extern int long_list;
  378: extern int sudo_mode;
  379: extern uid_t timestamp_uid;
  380: extern sudo_conv_t sudo_conv;
  381: #endif
  382: 
  383: #endif /* _SUDOERS_SUDOERS_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>