Annotation of embedaddon/sudo/plugins/sudoers/visudo.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1996, 1998-2005, 2007-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: *
! 17: * Sponsored in part by the Defense Advanced Research Projects
! 18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 20: */
! 21:
! 22: /*
! 23: * Lock the sudoers file for safe editing (ala vipw) and check for parse errors.
! 24: */
! 25:
! 26: #define _SUDO_MAIN
! 27:
! 28: #ifdef __TANDEM
! 29: # include <floss.h>
! 30: #endif
! 31:
! 32: #include <config.h>
! 33:
! 34: #include <sys/types.h>
! 35: #include <sys/param.h>
! 36: #include <sys/stat.h>
! 37: #include <sys/socket.h>
! 38: #include <sys/time.h>
! 39: #ifndef __TANDEM
! 40: # include <sys/file.h>
! 41: #endif
! 42: #include <sys/wait.h>
! 43: #include <stdio.h>
! 44: #ifdef STDC_HEADERS
! 45: # include <stdlib.h>
! 46: # include <stddef.h>
! 47: #else
! 48: # ifdef HAVE_STDLIB_H
! 49: # include <stdlib.h>
! 50: # endif
! 51: #endif /* STDC_HEADERS */
! 52: #ifdef HAVE_STRING_H
! 53: # include <string.h>
! 54: #endif /* HAVE_STRING_H */
! 55: #ifdef HAVE_STRINGS_H
! 56: # include <strings.h>
! 57: #endif /* HAVE_STRINGS_H */
! 58: #ifdef HAVE_UNISTD_H
! 59: #include <unistd.h>
! 60: #endif /* HAVE_UNISTD_H */
! 61: #include <stdarg.h>
! 62: #include <ctype.h>
! 63: #include <pwd.h>
! 64: #include <grp.h>
! 65: #include <signal.h>
! 66: #include <errno.h>
! 67: #include <fcntl.h>
! 68: #include <netinet/in.h>
! 69: #include <arpa/inet.h>
! 70: #include <netdb.h>
! 71: #if TIME_WITH_SYS_TIME
! 72: # include <time.h>
! 73: #endif
! 74: #ifdef HAVE_SETLOCALE
! 75: # include <locale.h>
! 76: #endif
! 77:
! 78: #include "sudoers.h"
! 79: #include "interfaces.h"
! 80: #include "parse.h"
! 81: #include "redblack.h"
! 82: #include "gettext.h"
! 83: #include "sudoers_version.h"
! 84: #include <gram.h>
! 85:
! 86: struct sudoersfile {
! 87: struct sudoersfile *prev, *next;
! 88: char *path;
! 89: char *tpath;
! 90: int fd;
! 91: int modified;
! 92: int doedit;
! 93: };
! 94: TQ_DECLARE(sudoersfile)
! 95:
! 96: /*
! 97: * Function prototypes
! 98: */
! 99: static void quit(int);
! 100: static char *get_args(char *);
! 101: static char *get_editor(char **);
! 102: static void get_hostname(void);
! 103: static char whatnow(void);
! 104: static int check_aliases(int, int);
! 105: static int check_syntax(char *, int, int);
! 106: static int edit_sudoers(struct sudoersfile *, char *, char *, int);
! 107: static int install_sudoers(struct sudoersfile *, int);
! 108: static int print_unused(void *, void *);
! 109: static int reparse_sudoers(char *, char *, int, int);
! 110: static int run_command(char *, char **);
! 111: static int visudo_printf(int msg_type, const char *fmt, ...);
! 112: static void setup_signals(void);
! 113: static void help(void) __attribute__((__noreturn__));
! 114: static void usage(int);
! 115:
! 116: void cleanup(int);
! 117:
! 118: extern void yyerror(const char *);
! 119: extern void yyrestart(FILE *);
! 120:
! 121: /*
! 122: * External globals exported by the parser
! 123: */
! 124: extern struct rbtree *aliases;
! 125: extern FILE *yyin;
! 126: extern char *sudoers, *errorfile;
! 127: extern int errorlineno, parse_error;
! 128: /* For getopt(3) */
! 129: extern char *optarg;
! 130: extern int optind;
! 131:
! 132: /*
! 133: * Globals
! 134: */
! 135: struct interface *interfaces;
! 136: struct sudo_user sudo_user;
! 137: struct passwd *list_pw;
! 138: sudo_printf_t sudo_printf = visudo_printf;
! 139: static struct sudoersfile_list sudoerslist;
! 140: static struct rbtree *alias_freelist;
! 141:
! 142: int
! 143: main(int argc, char *argv[])
! 144: {
! 145: struct sudoersfile *sp;
! 146: char *args, *editor, *sudoers_path;
! 147: int ch, checkonly, quiet, strict, oldperms;
! 148: #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
! 149: extern char *malloc_options;
! 150: malloc_options = "AFGJPR";
! 151: #endif
! 152:
! 153: #if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
! 154: setprogname(argc > 0 ? argv[0] : "visudo");
! 155: #endif
! 156:
! 157: #ifdef HAVE_SETLOCALE
! 158: setlocale(LC_ALL, "");
! 159: #endif
! 160: bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */
! 161: textdomain("sudoers");
! 162:
! 163: if (argc < 1)
! 164: usage(1);
! 165:
! 166: /*
! 167: * Arg handling.
! 168: */
! 169: checkonly = oldperms = quiet = strict = FALSE;
! 170: sudoers_path = _PATH_SUDOERS;
! 171: while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) {
! 172: switch (ch) {
! 173: case 'V':
! 174: (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION);
! 175: (void) printf(_("%s grammar version %d\n"), getprogname(), SUDOERS_GRAMMAR_VERSION);
! 176: exit(0);
! 177: case 'c':
! 178: checkonly++; /* check mode */
! 179: break;
! 180: case 'f':
! 181: sudoers_path = optarg; /* sudoers file path */
! 182: oldperms = TRUE;
! 183: break;
! 184: case 'h':
! 185: help();
! 186: break;
! 187: case 's':
! 188: strict++; /* strict mode */
! 189: break;
! 190: case 'q':
! 191: quiet++; /* quiet mode */
! 192: break;
! 193: default:
! 194: usage(1);
! 195: }
! 196: }
! 197: argc -= optind;
! 198: argv += optind;
! 199: if (argc)
! 200: usage(1);
! 201:
! 202: sudo_setpwent();
! 203: sudo_setgrent();
! 204:
! 205: /* Mock up a fake sudo_user struct. */
! 206: user_cmnd = "";
! 207: if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
! 208: errorx(1, _("you do not exist in the %s database"), "passwd");
! 209: get_hostname();
! 210:
! 211: /* Setup defaults data structures. */
! 212: init_defaults();
! 213:
! 214: if (checkonly)
! 215: exit(check_syntax(sudoers_path, quiet, strict));
! 216:
! 217: /*
! 218: * Parse the existing sudoers file(s) in quiet mode to highlight any
! 219: * existing errors and to pull in editor and env_editor conf values.
! 220: */
! 221: if ((yyin = open_sudoers(sudoers_path, TRUE, NULL)) == NULL) {
! 222: error(1, "%s", sudoers_path);
! 223: }
! 224: init_parser(sudoers_path, 0);
! 225: yyparse();
! 226: (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER);
! 227:
! 228: editor = get_editor(&args);
! 229:
! 230: /* Install signal handlers to clean up temp files if we are killed. */
! 231: setup_signals();
! 232:
! 233: /* Edit the sudoers file(s) */
! 234: tq_foreach_fwd(&sudoerslist, sp) {
! 235: if (!sp->doedit)
! 236: continue;
! 237: if (sp != tq_first(&sudoerslist)) {
! 238: printf(_("press return to edit %s: "), sp->path);
! 239: while ((ch = getchar()) != EOF && ch != '\n')
! 240: continue;
! 241: }
! 242: edit_sudoers(sp, editor, args, -1);
! 243: }
! 244:
! 245: /* Check edited files for a parse error and re-edit any that fail. */
! 246: reparse_sudoers(editor, args, strict, quiet);
! 247:
! 248: /* Install the sudoers temp files. */
! 249: tq_foreach_fwd(&sudoerslist, sp) {
! 250: if (!sp->modified)
! 251: (void) unlink(sp->tpath);
! 252: else
! 253: (void) install_sudoers(sp, oldperms);
! 254: }
! 255:
! 256: exit(0);
! 257: }
! 258:
! 259: /*
! 260: * List of editors that support the "+lineno" command line syntax.
! 261: * If an entry starts with '*' the tail end of the string is matched.
! 262: * No other wild cards are supported.
! 263: */
! 264: static char *lineno_editors[] = {
! 265: "ex",
! 266: "nex",
! 267: "vi",
! 268: "nvi",
! 269: "vim",
! 270: "elvis",
! 271: "*macs",
! 272: "mg",
! 273: "vile",
! 274: "jove",
! 275: "pico",
! 276: "nano",
! 277: "ee",
! 278: "joe",
! 279: "zile",
! 280: NULL
! 281: };
! 282:
! 283: /*
! 284: * Edit each sudoers file.
! 285: * Returns TRUE on success, else FALSE.
! 286: */
! 287: static int
! 288: edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
! 289: {
! 290: int tfd; /* sudoers temp file descriptor */
! 291: int modified; /* was the file modified? */
! 292: int ac; /* argument count */
! 293: char **av; /* argument vector for run_command */
! 294: char *cp; /* scratch char pointer */
! 295: char buf[PATH_MAX*2]; /* buffer used for copying files */
! 296: char linestr[64]; /* string version of lineno */
! 297: struct timeval tv, tv1, tv2; /* time before and after edit */
! 298: struct timeval orig_mtim; /* starting mtime of sudoers file */
! 299: off_t orig_size; /* starting size of sudoers file */
! 300: ssize_t nread; /* number of bytes read */
! 301: struct stat sb; /* stat buffer */
! 302:
! 303: if (fstat(sp->fd, &sb) == -1)
! 304: error(1, _("unable to stat %s"), sp->path);
! 305: orig_size = sb.st_size;
! 306: mtim_get(&sb, &orig_mtim);
! 307:
! 308: /* Create the temp file if needed and set timestamp. */
! 309: if (sp->tpath == NULL) {
! 310: easprintf(&sp->tpath, "%s.tmp", sp->path);
! 311: tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600);
! 312: if (tfd < 0)
! 313: error(1, "%s", sp->tpath);
! 314:
! 315: /* Copy sp->path -> sp->tpath and reset the mtime. */
! 316: if (orig_size != 0) {
! 317: (void) lseek(sp->fd, (off_t)0, SEEK_SET);
! 318: while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
! 319: if (write(tfd, buf, nread) != nread)
! 320: error(1, _("write error"));
! 321:
! 322: /* Add missing newline at EOF if needed. */
! 323: if (nread > 0 && buf[nread - 1] != '\n') {
! 324: buf[0] = '\n';
! 325: if (write(tfd, buf, 1) != 1)
! 326: error(1, _("write error"));
! 327: }
! 328: }
! 329: (void) close(tfd);
! 330: }
! 331: (void) touch(-1, sp->tpath, &orig_mtim);
! 332:
! 333: /* Does the editor support +lineno? */
! 334: if (lineno > 0)
! 335: {
! 336: char *editor_base = strrchr(editor, '/');
! 337: if (editor_base != NULL)
! 338: editor_base++;
! 339: else
! 340: editor_base = editor;
! 341: if (*editor_base == 'r')
! 342: editor_base++;
! 343:
! 344: for (av = lineno_editors; (cp = *av) != NULL; av++) {
! 345: /* We only handle a leading '*' wildcard. */
! 346: if (*cp == '*') {
! 347: size_t blen = strlen(editor_base);
! 348: size_t clen = strlen(++cp);
! 349: if (blen >= clen) {
! 350: if (strcmp(cp, editor_base + blen - clen) == 0)
! 351: break;
! 352: }
! 353: } else if (strcmp(cp, editor_base) == 0)
! 354: break;
! 355: }
! 356: /* Disable +lineno if editor doesn't support it. */
! 357: if (cp == NULL)
! 358: lineno = -1;
! 359: }
! 360:
! 361: /* Find the length of the argument vector */
! 362: ac = 3 + (lineno > 0);
! 363: if (args) {
! 364: int wasblank;
! 365:
! 366: ac++;
! 367: for (wasblank = FALSE, cp = args; *cp; cp++) {
! 368: if (isblank((unsigned char) *cp))
! 369: wasblank = TRUE;
! 370: else if (wasblank) {
! 371: wasblank = FALSE;
! 372: ac++;
! 373: }
! 374: }
! 375: }
! 376:
! 377: /* Build up argument vector for the command */
! 378: av = emalloc2(ac, sizeof(char *));
! 379: if ((av[0] = strrchr(editor, '/')) != NULL)
! 380: av[0]++;
! 381: else
! 382: av[0] = editor;
! 383: ac = 1;
! 384: if (lineno > 0) {
! 385: (void) snprintf(linestr, sizeof(linestr), "+%d", lineno);
! 386: av[ac++] = linestr;
! 387: }
! 388: if (args) {
! 389: for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
! 390: av[ac++] = cp;
! 391: }
! 392: av[ac++] = sp->tpath;
! 393: av[ac++] = NULL;
! 394:
! 395: /*
! 396: * Do the edit:
! 397: * We cannot check the editor's exit value against 0 since
! 398: * XPG4 specifies that vi's exit value is a function of the
! 399: * number of errors during editing (?!?!).
! 400: */
! 401: gettimeofday(&tv1, NULL);
! 402: if (run_command(editor, av) != -1) {
! 403: gettimeofday(&tv2, NULL);
! 404: /*
! 405: * Sanity checks.
! 406: */
! 407: if (stat(sp->tpath, &sb) < 0) {
! 408: warningx(_("unable to stat temporary file (%s), %s unchanged"),
! 409: sp->tpath, sp->path);
! 410: return FALSE;
! 411: }
! 412: if (sb.st_size == 0 && orig_size != 0) {
! 413: warningx(_("zero length temporary file (%s), %s unchanged"),
! 414: sp->tpath, sp->path);
! 415: sp->modified = TRUE;
! 416: return FALSE;
! 417: }
! 418: } else {
! 419: warningx(_("editor (%s) failed, %s unchanged"), editor, sp->path);
! 420: return FALSE;
! 421: }
! 422:
! 423: /* Set modified bit if use changed the file. */
! 424: modified = TRUE;
! 425: mtim_get(&sb, &tv);
! 426: if (orig_size == sb.st_size && timevalcmp(&orig_mtim, &tv, ==)) {
! 427: /*
! 428: * If mtime and size match but the user spent no measurable
! 429: * time in the editor we can't tell if the file was changed.
! 430: */
! 431: timevalsub(&tv1, &tv2);
! 432: if (timevalisset(&tv2))
! 433: modified = FALSE;
! 434: }
! 435:
! 436: /*
! 437: * If modified in this edit session, mark as modified.
! 438: */
! 439: if (modified)
! 440: sp->modified = modified;
! 441: else
! 442: warningx(_("%s unchanged"), sp->tpath);
! 443:
! 444: return TRUE;
! 445: }
! 446:
! 447: /*
! 448: * Parse sudoers after editing and re-edit any ones that caused a parse error.
! 449: * Returns TRUE on success, else FALSE.
! 450: */
! 451: static int
! 452: reparse_sudoers(char *editor, char *args, int strict, int quiet)
! 453: {
! 454: struct sudoersfile *sp, *last;
! 455: FILE *fp;
! 456: int ch;
! 457:
! 458: /*
! 459: * Parse the edited sudoers files and do sanity checking
! 460: */
! 461: do {
! 462: sp = tq_first(&sudoerslist);
! 463: last = tq_last(&sudoerslist);
! 464: fp = fopen(sp->tpath, "r+");
! 465: if (fp == NULL)
! 466: errorx(1, _("unable to re-open temporary file (%s), %s unchanged."),
! 467: sp->tpath, sp->path);
! 468:
! 469: /* Clean slate for each parse */
! 470: init_defaults();
! 471: init_parser(sp->path, quiet);
! 472:
! 473: /* Parse the sudoers temp file */
! 474: yyrestart(fp);
! 475: if (yyparse() && !parse_error) {
! 476: warningx(_("unabled to parse temporary file (%s), unknown error"),
! 477: sp->tpath);
! 478: parse_error = TRUE;
! 479: errorfile = sp->path;
! 480: }
! 481: fclose(yyin);
! 482: if (!parse_error) {
! 483: if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) ||
! 484: check_aliases(strict, quiet) != 0) {
! 485: parse_error = TRUE;
! 486: errorfile = sp->path;
! 487: }
! 488: }
! 489:
! 490: /*
! 491: * Got an error, prompt the user for what to do now
! 492: */
! 493: if (parse_error) {
! 494: switch (whatnow()) {
! 495: case 'Q' : parse_error = FALSE; /* ignore parse error */
! 496: break;
! 497: case 'x' : cleanup(0);
! 498: exit(0);
! 499: break;
! 500: }
! 501: }
! 502: if (parse_error) {
! 503: /* Edit file with the parse error */
! 504: tq_foreach_fwd(&sudoerslist, sp) {
! 505: if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
! 506: edit_sudoers(sp, editor, args, errorlineno);
! 507: break;
! 508: }
! 509: }
! 510: if (sp == NULL) {
! 511: errorx(1, _("internal error, unable to find %s in list!"),
! 512: sudoers);
! 513: }
! 514: }
! 515:
! 516: /* If any new #include directives were added, edit them too. */
! 517: for (sp = last->next; sp != NULL; sp = sp->next) {
! 518: printf(_("press return to edit %s: "), sp->path);
! 519: while ((ch = getchar()) != EOF && ch != '\n')
! 520: continue;
! 521: edit_sudoers(sp, editor, args, errorlineno);
! 522: }
! 523: } while (parse_error);
! 524:
! 525: return TRUE;
! 526: }
! 527:
! 528: /*
! 529: * Set the owner and mode on a sudoers temp file and
! 530: * move it into place. Returns TRUE on success, else FALSE.
! 531: */
! 532: static int
! 533: install_sudoers(struct sudoersfile *sp, int oldperms)
! 534: {
! 535: struct stat sb;
! 536:
! 537: /*
! 538: * Change mode and ownership of temp file so when
! 539: * we move it to sp->path things are kosher.
! 540: */
! 541: if (oldperms) {
! 542: /* Use perms of the existing file. */
! 543: if (fstat(sp->fd, &sb) == -1)
! 544: error(1, _("unable to stat %s"), sp->path);
! 545: if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
! 546: warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
! 547: sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid);
! 548: }
! 549: if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
! 550: warning(_("unable to change mode of %s to 0%o"), sp->tpath,
! 551: (unsigned int)(sb.st_mode & 0777));
! 552: }
! 553: } else {
! 554: if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
! 555: warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
! 556: sp->tpath, SUDOERS_UID, SUDOERS_GID);
! 557: return FALSE;
! 558: }
! 559: if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
! 560: warning(_("unable to change mode of %s to 0%o"), sp->tpath,
! 561: SUDOERS_MODE);
! 562: return FALSE;
! 563: }
! 564: }
! 565:
! 566: /*
! 567: * Now that sp->tpath is sane (parses ok) it needs to be
! 568: * rename(2)'d to sp->path. If the rename(2) fails we try using
! 569: * mv(1) in case sp->tpath and sp->path are on different file systems.
! 570: */
! 571: if (rename(sp->tpath, sp->path) == 0) {
! 572: efree(sp->tpath);
! 573: sp->tpath = NULL;
! 574: } else {
! 575: if (errno == EXDEV) {
! 576: char *av[4];
! 577: warningx(_("%s and %s not on the same file system, using mv to rename"),
! 578: sp->tpath, sp->path);
! 579:
! 580: /* Build up argument vector for the command */
! 581: if ((av[0] = strrchr(_PATH_MV, '/')) != NULL)
! 582: av[0]++;
! 583: else
! 584: av[0] = _PATH_MV;
! 585: av[1] = sp->tpath;
! 586: av[2] = sp->path;
! 587: av[3] = NULL;
! 588:
! 589: /* And run it... */
! 590: if (run_command(_PATH_MV, av)) {
! 591: warningx(_("command failed: '%s %s %s', %s unchanged"),
! 592: _PATH_MV, sp->tpath, sp->path, sp->path);
! 593: (void) unlink(sp->tpath);
! 594: efree(sp->tpath);
! 595: sp->tpath = NULL;
! 596: return FALSE;
! 597: }
! 598: efree(sp->tpath);
! 599: sp->tpath = NULL;
! 600: } else {
! 601: warning(_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
! 602: (void) unlink(sp->tpath);
! 603: return FALSE;
! 604: }
! 605: }
! 606: return TRUE;
! 607: }
! 608:
! 609: /* STUB */
! 610: void
! 611: set_fqdn(void)
! 612: {
! 613: return;
! 614: }
! 615:
! 616: /* STUB */
! 617: void
! 618: init_envtables(void)
! 619: {
! 620: return;
! 621: }
! 622:
! 623: /* STUB */
! 624: int
! 625: user_is_exempt(void)
! 626: {
! 627: return FALSE;
! 628: }
! 629:
! 630: /* STUB */
! 631: void
! 632: sudo_setspent(void)
! 633: {
! 634: return;
! 635: }
! 636:
! 637: /* STUB */
! 638: void
! 639: sudo_endspent(void)
! 640: {
! 641: return;
! 642: }
! 643:
! 644: /* STUB */
! 645: int
! 646: group_plugin_query(const char *user, const char *group, const struct passwd *pw)
! 647: {
! 648: return FALSE;
! 649: }
! 650:
! 651: /*
! 652: * Assuming a parse error occurred, prompt the user for what they want
! 653: * to do now. Returns the first letter of their choice.
! 654: */
! 655: static char
! 656: whatnow(void)
! 657: {
! 658: int choice, c;
! 659:
! 660: for (;;) {
! 661: (void) fputs(_("What now? "), stdout);
! 662: choice = getchar();
! 663: for (c = choice; c != '\n' && c != EOF;)
! 664: c = getchar();
! 665:
! 666: switch (choice) {
! 667: case EOF:
! 668: choice = 'x';
! 669: /* FALLTHROUGH */
! 670: case 'e':
! 671: case 'x':
! 672: case 'Q':
! 673: return choice;
! 674: default:
! 675: (void) puts(_("Options are:\n"
! 676: " (e)dit sudoers file again\n"
! 677: " e(x)it without saving changes to sudoers file\n"
! 678: " (Q)uit and save changes to sudoers file (DANGER!)\n"));
! 679: }
! 680: }
! 681: }
! 682:
! 683: /*
! 684: * Install signal handlers for visudo.
! 685: */
! 686: static void
! 687: setup_signals(void)
! 688: {
! 689: sigaction_t sa;
! 690:
! 691: /*
! 692: * Setup signal handlers to cleanup nicely.
! 693: */
! 694: zero_bytes(&sa, sizeof(sa));
! 695: sigemptyset(&sa.sa_mask);
! 696: sa.sa_flags = SA_RESTART;
! 697: sa.sa_handler = quit;
! 698: (void) sigaction(SIGTERM, &sa, NULL);
! 699: (void) sigaction(SIGHUP, &sa, NULL);
! 700: (void) sigaction(SIGINT, &sa, NULL);
! 701: (void) sigaction(SIGQUIT, &sa, NULL);
! 702: }
! 703:
! 704: static int
! 705: run_command(char *path, char **argv)
! 706: {
! 707: int status;
! 708: pid_t pid, rv;
! 709:
! 710: switch (pid = fork()) {
! 711: case -1:
! 712: error(1, _("unable to execute %s"), path);
! 713: break; /* NOTREACHED */
! 714: case 0:
! 715: sudo_endpwent();
! 716: sudo_endgrent();
! 717: closefrom(STDERR_FILENO + 1);
! 718: execv(path, argv);
! 719: warning(_("unable to run %s"), path);
! 720: _exit(127);
! 721: break; /* NOTREACHED */
! 722: }
! 723:
! 724: do {
! 725: rv = waitpid(pid, &status, 0);
! 726: } while (rv == -1 && errno == EINTR);
! 727:
! 728: if (rv == -1 || !WIFEXITED(status))
! 729: return -1;
! 730: return WEXITSTATUS(status);
! 731: }
! 732:
! 733: static int
! 734: check_syntax(char *sudoers_path, int quiet, int strict)
! 735: {
! 736: struct stat sb;
! 737: int error;
! 738:
! 739: if (strcmp(sudoers_path, "-") == 0) {
! 740: yyin = stdin;
! 741: sudoers_path = "stdin";
! 742: } else if ((yyin = fopen(sudoers_path, "r")) == NULL) {
! 743: if (!quiet)
! 744: warning(_("unable to open %s"), sudoers_path);
! 745: exit(1);
! 746: }
! 747: init_parser(sudoers_path, quiet);
! 748: if (yyparse() && !parse_error) {
! 749: if (!quiet)
! 750: warningx(_("failed to parse %s file, unknown error"), sudoers_path);
! 751: parse_error = TRUE;
! 752: errorfile = sudoers_path;
! 753: }
! 754: if (!parse_error && check_aliases(strict, quiet) != 0) {
! 755: parse_error = TRUE;
! 756: errorfile = sudoers_path;
! 757: }
! 758: error = parse_error;
! 759: if (!quiet) {
! 760: if (parse_error) {
! 761: if (errorlineno != -1)
! 762: (void) printf(_("parse error in %s near line %d\n"),
! 763: errorfile, errorlineno);
! 764: else
! 765: (void) printf(_("parse error in %s\n"), errorfile);
! 766: } else {
! 767: (void) printf(_("%s: parsed OK\n"), sudoers_path);
! 768: }
! 769: }
! 770: /* Check mode and owner in strict mode. */
! 771: if (strict && yyin != stdin && fstat(fileno(yyin), &sb) == 0) {
! 772: if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) {
! 773: error = TRUE;
! 774: if (!quiet) {
! 775: fprintf(stderr,
! 776: _("%s: wrong owner (uid, gid) should be (%u, %u)\n"),
! 777: sudoers_path, SUDOERS_UID, SUDOERS_GID);
! 778: }
! 779: }
! 780: if ((sb.st_mode & 07777) != SUDOERS_MODE) {
! 781: error = TRUE;
! 782: if (!quiet) {
! 783: fprintf(stderr, _("%s: bad permissions, should be mode 0%o\n"),
! 784: sudoers_path, SUDOERS_MODE);
! 785: }
! 786: }
! 787: }
! 788:
! 789: return error;
! 790: }
! 791:
! 792: /*
! 793: * Used to open (and lock) the initial sudoers file and to also open
! 794: * any subsequent files #included via a callback from the parser.
! 795: */
! 796: FILE *
! 797: open_sudoers(const char *path, int doedit, int *keepopen)
! 798: {
! 799: struct sudoersfile *entry;
! 800: FILE *fp;
! 801:
! 802: /* Check for existing entry */
! 803: tq_foreach_fwd(&sudoerslist, entry) {
! 804: if (strcmp(path, entry->path) == 0)
! 805: break;
! 806: }
! 807: if (entry == NULL) {
! 808: entry = emalloc(sizeof(*entry));
! 809: entry->path = estrdup(path);
! 810: entry->modified = 0;
! 811: entry->prev = entry;
! 812: entry->next = NULL;
! 813: entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE);
! 814: entry->tpath = NULL;
! 815: entry->doedit = doedit;
! 816: if (entry->fd == -1) {
! 817: warning("%s", entry->path);
! 818: efree(entry);
! 819: return NULL;
! 820: }
! 821: if (!lock_file(entry->fd, SUDO_TLOCK))
! 822: errorx(1, _("%s busy, try again later"), entry->path);
! 823: if ((fp = fdopen(entry->fd, "r")) == NULL)
! 824: error(1, "%s", entry->path);
! 825: tq_append(&sudoerslist, entry);
! 826: } else {
! 827: /* Already exists, open .tmp version if there is one. */
! 828: if (entry->tpath != NULL) {
! 829: if ((fp = fopen(entry->tpath, "r")) == NULL)
! 830: error(1, "%s", entry->tpath);
! 831: } else {
! 832: if ((fp = fdopen(entry->fd, "r")) == NULL)
! 833: error(1, "%s", entry->path);
! 834: rewind(fp);
! 835: }
! 836: }
! 837: if (keepopen != NULL)
! 838: *keepopen = TRUE;
! 839: return fp;
! 840: }
! 841:
! 842: static char *
! 843: get_editor(char **args)
! 844: {
! 845: char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
! 846:
! 847: /*
! 848: * Check VISUAL and EDITOR environment variables to see which editor
! 849: * the user wants to use (we may not end up using it though).
! 850: * If the path is not fully-qualified, make it so and check that
! 851: * the specified executable actually exists.
! 852: */
! 853: UserEditorArgs = NULL;
! 854: if ((UserEditor = getenv("VISUAL")) == NULL || *UserEditor == '\0')
! 855: UserEditor = getenv("EDITOR");
! 856: if (UserEditor && *UserEditor == '\0')
! 857: UserEditor = NULL;
! 858: else if (UserEditor) {
! 859: UserEditorArgs = get_args(UserEditor);
! 860: if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
! 861: UserEditor = Editor;
! 862: } else {
! 863: if (def_env_editor) {
! 864: /* If we are honoring $EDITOR this is a fatal error. */
! 865: errorx(1, _("specified editor (%s) doesn't exist"), UserEditor);
! 866: } else {
! 867: /* Otherwise, just ignore $EDITOR. */
! 868: UserEditor = NULL;
! 869: }
! 870: }
! 871: }
! 872:
! 873: /*
! 874: * See if we can use the user's choice of editors either because
! 875: * we allow any $EDITOR or because $EDITOR is in the allowable list.
! 876: */
! 877: Editor = EditorArgs = EditorPath = NULL;
! 878: if (def_env_editor && UserEditor) {
! 879: Editor = UserEditor;
! 880: EditorArgs = UserEditorArgs;
! 881: } else if (UserEditor) {
! 882: struct stat editor_sb;
! 883: struct stat user_editor_sb;
! 884: char *base, *userbase;
! 885:
! 886: if (stat(UserEditor, &user_editor_sb) != 0) {
! 887: /* Should never happen since we already checked above. */
! 888: error(1, _("unable to stat editor (%s)"), UserEditor);
! 889: }
! 890: EditorPath = estrdup(def_editor);
! 891: Editor = strtok(EditorPath, ":");
! 892: do {
! 893: EditorArgs = get_args(Editor);
! 894: /*
! 895: * Both Editor and UserEditor should be fully qualified but
! 896: * check anyway...
! 897: */
! 898: if ((base = strrchr(Editor, '/')) == NULL)
! 899: continue;
! 900: if ((userbase = strrchr(UserEditor, '/')) == NULL) {
! 901: Editor = NULL;
! 902: break;
! 903: }
! 904: base++, userbase++;
! 905:
! 906: /*
! 907: * We compare the basenames first and then use stat to match
! 908: * for sure.
! 909: */
! 910: if (strcmp(base, userbase) == 0) {
! 911: if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
! 912: && (editor_sb.st_mode & 0000111) &&
! 913: editor_sb.st_dev == user_editor_sb.st_dev &&
! 914: editor_sb.st_ino == user_editor_sb.st_ino)
! 915: break;
! 916: }
! 917: } while ((Editor = strtok(NULL, ":")));
! 918: }
! 919:
! 920: /*
! 921: * Can't use $EDITOR, try each element of def_editor until we
! 922: * find one that exists, is regular, and is executable.
! 923: */
! 924: if (Editor == NULL || *Editor == '\0') {
! 925: efree(EditorPath);
! 926: EditorPath = estrdup(def_editor);
! 927: Editor = strtok(EditorPath, ":");
! 928: do {
! 929: EditorArgs = get_args(Editor);
! 930: if (sudo_goodpath(Editor, NULL))
! 931: break;
! 932: } while ((Editor = strtok(NULL, ":")));
! 933:
! 934: /* Bleah, none of the editors existed! */
! 935: if (Editor == NULL || *Editor == '\0')
! 936: errorx(1, _("no editor found (editor path = %s)"), def_editor);
! 937: }
! 938: *args = EditorArgs;
! 939: return Editor;
! 940: }
! 941:
! 942: /*
! 943: * Split out any command line arguments and return them.
! 944: */
! 945: static char *
! 946: get_args(char *cmnd)
! 947: {
! 948: char *args;
! 949:
! 950: args = cmnd;
! 951: while (*args && !isblank((unsigned char) *args))
! 952: args++;
! 953: if (*args) {
! 954: *args++ = '\0';
! 955: while (*args && isblank((unsigned char) *args))
! 956: args++;
! 957: }
! 958: return *args ? args : NULL;
! 959: }
! 960:
! 961: /*
! 962: * Look up the hostname and set user_host and user_shost.
! 963: */
! 964: static void
! 965: get_hostname(void)
! 966: {
! 967: char *p, thost[MAXHOSTNAMELEN + 1];
! 968:
! 969: if (gethostname(thost, sizeof(thost)) != 0) {
! 970: user_host = user_shost = "localhost";
! 971: return;
! 972: }
! 973: thost[sizeof(thost) - 1] = '\0';
! 974: user_host = estrdup(thost);
! 975:
! 976: if ((p = strchr(user_host, '.'))) {
! 977: *p = '\0';
! 978: user_shost = estrdup(user_host);
! 979: *p = '.';
! 980: } else {
! 981: user_shost = user_host;
! 982: }
! 983: }
! 984:
! 985: static int
! 986: alias_remove_recursive(char *name, int type, int strict, int quiet)
! 987: {
! 988: struct member *m;
! 989: struct alias *a;
! 990: int error = 0;
! 991:
! 992: if ((a = alias_find(name, type)) != NULL) {
! 993: tq_foreach_fwd(&a->members, m) {
! 994: if (m->type == ALIAS) {
! 995: if (!alias_remove_recursive(m->name, type, strict, quiet))
! 996: error = 1;
! 997: }
! 998: }
! 999: }
! 1000: alias_seqno++;
! 1001: a = alias_remove(name, type);
! 1002: if (a)
! 1003: rbinsert(alias_freelist, a);
! 1004: return error;
! 1005: }
! 1006:
! 1007: static int
! 1008: check_alias(char *name, int type, int strict, int quiet)
! 1009: {
! 1010: struct member *m;
! 1011: struct alias *a;
! 1012: int error = 0;
! 1013:
! 1014: if ((a = alias_find(name, type)) != NULL) {
! 1015: /* check alias contents */
! 1016: tq_foreach_fwd(&a->members, m) {
! 1017: if (m->type == ALIAS)
! 1018: error += check_alias(m->name, type, strict, quiet);
! 1019: }
! 1020: } else {
! 1021: if (!quiet) {
! 1022: char *fmt;
! 1023: if (errno == ELOOP) {
! 1024: fmt = strict ?
! 1025: _("Error: cycle in %s_Alias `%s'") :
! 1026: _("Warning: cycle in %s_Alias `%s'");
! 1027: } else {
! 1028: fmt = strict ?
! 1029: _("Error: %s_Alias `%s' referenced but not defined") :
! 1030: _("Warning: %s_Alias `%s' referenced but not defined");
! 1031: }
! 1032: warningx(fmt,
! 1033: type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
! 1034: type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
! 1035: "Unknown", name);
! 1036: }
! 1037: error++;
! 1038: }
! 1039:
! 1040: return error;
! 1041: }
! 1042:
! 1043: /*
! 1044: * Iterate through the sudoers datastructures looking for undefined
! 1045: * aliases or unused aliases.
! 1046: */
! 1047: static int
! 1048: check_aliases(int strict, int quiet)
! 1049: {
! 1050: struct cmndspec *cs;
! 1051: struct member *m, *binding;
! 1052: struct privilege *priv;
! 1053: struct userspec *us;
! 1054: struct defaults *d;
! 1055: int atype, error = 0;
! 1056:
! 1057: alias_freelist = rbcreate(alias_compare);
! 1058:
! 1059: /* Forward check. */
! 1060: tq_foreach_fwd(&userspecs, us) {
! 1061: tq_foreach_fwd(&us->users, m) {
! 1062: if (m->type == ALIAS) {
! 1063: alias_seqno++;
! 1064: error += check_alias(m->name, USERALIAS, strict, quiet);
! 1065: }
! 1066: }
! 1067: tq_foreach_fwd(&us->privileges, priv) {
! 1068: tq_foreach_fwd(&priv->hostlist, m) {
! 1069: if (m->type == ALIAS) {
! 1070: alias_seqno++;
! 1071: error += check_alias(m->name, HOSTALIAS, strict, quiet);
! 1072: }
! 1073: }
! 1074: tq_foreach_fwd(&priv->cmndlist, cs) {
! 1075: tq_foreach_fwd(&cs->runasuserlist, m) {
! 1076: if (m->type == ALIAS) {
! 1077: alias_seqno++;
! 1078: error += check_alias(m->name, RUNASALIAS, strict, quiet);
! 1079: }
! 1080: }
! 1081: if ((m = cs->cmnd)->type == ALIAS) {
! 1082: alias_seqno++;
! 1083: error += check_alias(m->name, CMNDALIAS, strict, quiet);
! 1084: }
! 1085: }
! 1086: }
! 1087: }
! 1088:
! 1089: /* Reverse check (destructive) */
! 1090: tq_foreach_fwd(&userspecs, us) {
! 1091: tq_foreach_fwd(&us->users, m) {
! 1092: if (m->type == ALIAS) {
! 1093: alias_seqno++;
! 1094: if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet))
! 1095: error++;
! 1096: }
! 1097: }
! 1098: tq_foreach_fwd(&us->privileges, priv) {
! 1099: tq_foreach_fwd(&priv->hostlist, m) {
! 1100: if (m->type == ALIAS) {
! 1101: alias_seqno++;
! 1102: if (!alias_remove_recursive(m->name, HOSTALIAS, strict,
! 1103: quiet))
! 1104: error++;
! 1105: }
! 1106: }
! 1107: tq_foreach_fwd(&priv->cmndlist, cs) {
! 1108: tq_foreach_fwd(&cs->runasuserlist, m) {
! 1109: if (m->type == ALIAS) {
! 1110: alias_seqno++;
! 1111: if (!alias_remove_recursive(m->name, RUNASALIAS,
! 1112: strict, quiet))
! 1113: error++;
! 1114: }
! 1115: }
! 1116: if ((m = cs->cmnd)->type == ALIAS) {
! 1117: alias_seqno++;
! 1118: if (!alias_remove_recursive(m->name, CMNDALIAS, strict,
! 1119: quiet))
! 1120: error++;
! 1121: }
! 1122: }
! 1123: }
! 1124: }
! 1125: tq_foreach_fwd(&defaults, d) {
! 1126: switch (d->type) {
! 1127: case DEFAULTS_HOST:
! 1128: atype = HOSTALIAS;
! 1129: break;
! 1130: case DEFAULTS_USER:
! 1131: atype = USERALIAS;
! 1132: break;
! 1133: case DEFAULTS_RUNAS:
! 1134: atype = RUNASALIAS;
! 1135: break;
! 1136: case DEFAULTS_CMND:
! 1137: atype = CMNDALIAS;
! 1138: break;
! 1139: default:
! 1140: continue; /* not an alias */
! 1141: }
! 1142: tq_foreach_fwd(&d->binding, binding) {
! 1143: for (m = binding; m != NULL; m = m->next) {
! 1144: if (m->type == ALIAS) {
! 1145: alias_seqno++;
! 1146: if (!alias_remove_recursive(m->name, atype, strict, quiet))
! 1147: error++;
! 1148: }
! 1149: }
! 1150: }
! 1151: }
! 1152: rbdestroy(alias_freelist, alias_free);
! 1153:
! 1154: /* If all aliases were referenced we will have an empty tree. */
! 1155: if (!no_aliases() && !quiet)
! 1156: alias_apply(print_unused, strict ? "Error" : "Warning");
! 1157:
! 1158: return strict ? error : 0;
! 1159: }
! 1160:
! 1161: static int
! 1162: print_unused(void *v1, void *v2)
! 1163: {
! 1164: struct alias *a = (struct alias *)v1;
! 1165: char *prefix = (char *)v2;
! 1166:
! 1167: warningx(_("%s: unused %s_Alias %s"), prefix,
! 1168: a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" :
! 1169: a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" :
! 1170: "Unknown", a->name);
! 1171: return 0;
! 1172: }
! 1173:
! 1174: /*
! 1175: * Unlink any sudoers temp files that remain.
! 1176: */
! 1177: void
! 1178: cleanup(int gotsignal)
! 1179: {
! 1180: struct sudoersfile *sp;
! 1181:
! 1182: tq_foreach_fwd(&sudoerslist, sp) {
! 1183: if (sp->tpath != NULL)
! 1184: (void) unlink(sp->tpath);
! 1185: }
! 1186: if (!gotsignal) {
! 1187: sudo_endpwent();
! 1188: sudo_endgrent();
! 1189: }
! 1190: }
! 1191:
! 1192: /*
! 1193: * Unlink sudoers temp files (if any) and exit.
! 1194: */
! 1195: static void
! 1196: quit(int signo)
! 1197: {
! 1198: const char *signame, *myname;
! 1199:
! 1200: cleanup(signo);
! 1201: #define emsg " exiting due to signal: "
! 1202: myname = getprogname();
! 1203: signame = strsignal(signo);
! 1204: if (write(STDERR_FILENO, myname, strlen(myname)) == -1 ||
! 1205: write(STDERR_FILENO, emsg, sizeof(emsg) - 1) == -1 ||
! 1206: write(STDERR_FILENO, signame, strlen(signame)) == -1 ||
! 1207: write(STDERR_FILENO, "\n", 1) == -1)
! 1208: /* shut up glibc */;
! 1209: _exit(signo);
! 1210: }
! 1211:
! 1212: static void
! 1213: usage(int fatal)
! 1214: {
! 1215: (void) fprintf(fatal ? stderr : stdout,
! 1216: "usage: %s [-chqsV] [-f sudoers]\n", getprogname());
! 1217: if (fatal)
! 1218: exit(1);
! 1219: }
! 1220:
! 1221: static void
! 1222: help(void)
! 1223: {
! 1224: (void) printf(_("%s - safely edit the sudoers file\n\n"), getprogname());
! 1225: usage(0);
! 1226: (void) puts(_("\nOptions:\n"
! 1227: " -c check-only mode\n"
! 1228: " -f sudoers specify sudoers file location\n"
! 1229: " -h display help message and exit\n"
! 1230: " -q less verbose (quiet) syntax error messages\n"
! 1231: " -s strict syntax checking\n"
! 1232: " -V display version information and exit"));
! 1233: exit(0);
! 1234: }
! 1235:
! 1236: static int
! 1237: visudo_printf(int msg_type, const char *fmt, ...)
! 1238: {
! 1239: va_list ap;
! 1240: FILE *fp;
! 1241:
! 1242: switch (msg_type) {
! 1243: case SUDO_CONV_INFO_MSG:
! 1244: fp = stdout;
! 1245: break;
! 1246: case SUDO_CONV_ERROR_MSG:
! 1247: fp = stderr;
! 1248: break;
! 1249: default:
! 1250: errno = EINVAL;
! 1251: return -1;
! 1252: }
! 1253:
! 1254: va_start(ap, fmt);
! 1255: vfprintf(fp, fmt, ap);
! 1256: va_end(ap);
! 1257:
! 1258: return 0;
! 1259: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>