1: /*
2: * Copyright (c) 1993-1996, 1998-2005, 2007-2013
3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: *
17: * Sponsored in part by the Defense Advanced Research Projects
18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
20: */
21:
22: #ifndef _SUDO_SUDO_H
23: #define _SUDO_SUDO_H
24:
25: #include <limits.h>
26: #include <pathnames.h>
27: #ifdef HAVE_STDBOOL_H
28: # include <stdbool.h>
29: #else
30: # include "compat/stdbool.h"
31: #endif /* HAVE_STDBOOL_H */
32:
33: #include "missing.h"
34: #include "alloc.h"
35: #include "fatal.h"
36: #include "fileops.h"
37: #include "list.h"
38: #include "sudo_conf.h"
39: #include "sudo_debug.h"
40: #include "gettext.h"
41:
42: #ifdef HAVE_PRIV_SET
43: # include <priv.h>
44: #endif
45:
46: #ifdef __TANDEM
47: # define ROOT_UID 65535
48: #else
49: # define ROOT_UID 0
50: #endif
51:
52: /*
53: * Various modes sudo can be in (based on arguments) in hex
54: */
55: #define MODE_RUN 0x00000001
56: #define MODE_EDIT 0x00000002
57: #define MODE_VALIDATE 0x00000004
58: #define MODE_INVALIDATE 0x00000008
59: #define MODE_KILL 0x00000010
60: #define MODE_VERSION 0x00000020
61: #define MODE_HELP 0x00000040
62: #define MODE_LIST 0x00000080
63: #define MODE_CHECK 0x00000100
64: #define MODE_MASK 0x0000ffff
65:
66: /* Mode flags */
67: /* XXX - prune this */
68: #define MODE_BACKGROUND 0x00010000
69: #define MODE_SHELL 0x00020000
70: #define MODE_LOGIN_SHELL 0x00040000
71: #define MODE_IMPLIED_SHELL 0x00080000
72: #define MODE_RESET_HOME 0x00100000
73: #define MODE_PRESERVE_GROUPS 0x00200000
74: #define MODE_PRESERVE_ENV 0x00400000
75: #define MODE_NONINTERACTIVE 0x00800000
76: #define MODE_LONG_LIST 0x01000000
77:
78: /*
79: * Flags for tgetpass()
80: */
81: #define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */
82: #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
83: #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
84: #define TGP_ASKPASS 0x04 /* read from askpass helper program */
85: #define TGP_MASK 0x08 /* mask user input when reading */
86: #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */
87:
88: struct user_details {
89: pid_t pid;
90: pid_t ppid;
91: pid_t pgid;
92: pid_t tcpgid;
93: pid_t sid;
94: uid_t uid;
95: uid_t euid;
96: uid_t gid;
97: uid_t egid;
98: const char *username;
99: const char *cwd;
100: const char *tty;
101: const char *host;
102: const char *shell;
103: GETGROUPS_T *groups;
104: int ngroups;
105: int ts_cols;
106: int ts_lines;
107: };
108:
109: #define CD_SET_UID 0x0001
110: #define CD_SET_EUID 0x0002
111: #define CD_SET_GID 0x0004
112: #define CD_SET_EGID 0x0008
113: #define CD_PRESERVE_GROUPS 0x0010
114: #define CD_NOEXEC 0x0020
115: #define CD_SET_PRIORITY 0x0040
116: #define CD_SET_UMASK 0x0080
117: #define CD_SET_TIMEOUT 0x0100
118: #define CD_SUDOEDIT 0x0200
119: #define CD_BACKGROUND 0x0400
120: #define CD_RBAC_ENABLED 0x0800
121: #define CD_USE_PTY 0x1000
122: #define CD_SET_UTMP 0x2000
123: #define CD_EXEC_BG 0x4000
124:
125: struct command_details {
126: uid_t uid;
127: uid_t euid;
128: gid_t gid;
129: gid_t egid;
130: mode_t umask;
131: int priority;
132: int timeout;
133: int ngroups;
134: int closefrom;
135: int flags;
136: struct passwd *pw;
137: GETGROUPS_T *groups;
138: const char *command;
139: const char *cwd;
140: const char *login_class;
141: const char *chroot;
142: const char *selinux_role;
143: const char *selinux_type;
144: const char *utmp_user;
145: char **argv;
146: char **envp;
147: #ifdef HAVE_PRIV_SET
148: priv_set_t *privs;
149: priv_set_t *limitprivs;
150: #endif
151: };
152:
153: /* Status passed between parent and child via socketpair */
154: struct command_status {
155: #define CMD_INVALID 0
156: #define CMD_ERRNO 1
157: #define CMD_WSTATUS 2
158: #define CMD_SIGNO 3
159: #define CMD_PID 4
160: int type;
161: int val;
162: };
163:
164: struct timeval;
165:
166: /* For fatal() and fatalx() (XXX - needed?) */
167: void cleanup(int);
168:
169: /* tgetpass.c */
170: char *tgetpass(const char *, int, int);
171: int tty_present(void);
172:
173: /* exec.c */
174: int pipe_nonblock(int fds[2]);
175: int sudo_execute(struct command_details *details, struct command_status *cstat);
176:
177: /* term.c */
178: int term_cbreak(int);
179: int term_copy(int, int);
180: int term_noecho(int);
181: int term_raw(int, int);
182: int term_restore(int, int);
183:
184: /* fmt_string.h */
185: char *fmt_string(const char *var, const char *value);
186:
187: /* atobool.c */
188: bool atobool(const char *str);
189:
190: /* atoid.c */
191: id_t atoid(const char *str, const char *sep, char **endp, const char **errstr);
192:
193: /* parse_args.c */
194: int parse_args(int argc, char **argv, int *nargc, char ***nargv,
195: char ***settingsp, char ***env_addp);
196: extern int tgetpass_flags;
197:
198: /* get_pty.c */
199: int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t uid);
200:
201: /* ttysize.c */
202: void get_ttysize(int *rowp, int *colp);
203:
204: /* sudo.c */
205: bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd);
206: int policy_init_session(struct command_details *details);
207: int run_command(struct command_details *details);
208: int os_init_common(int argc, char *argv[], char *envp[]);
209: extern const char *list_user;
210: extern struct user_details user_details;
211:
212: /* sudo_edit.c */
213: int sudo_edit(struct command_details *details);
214:
215: /* parse_args.c */
216: void usage(int);
217:
218: /* openbsd.c */
219: int os_init_openbsd(int argc, char *argv[], char *envp[]);
220:
221: /* selinux.c */
222: int selinux_restore_tty(void);
223: int selinux_setup(const char *role, const char *type, const char *ttyn,
224: int ttyfd);
225: void selinux_execve(const char *path, char *const argv[], char *const envp[],
226: int noexec);
227:
228: /* solaris.c */
229: void set_project(struct passwd *);
230: int os_init_solaris(int argc, char *argv[], char *envp[]);
231:
232: /* aix.c */
233: void aix_prep_user(char *user, const char *tty);
234: void aix_restoreauthdb(void);
235: void aix_setauthdb(char *user);
236:
237: /* hooks.c */
238: /* XXX - move to sudo_plugin_int.h? */
239: struct sudo_hook;
240: int register_hook(struct sudo_hook *hook);
241: int deregister_hook(struct sudo_hook *hook);
242: int process_hooks_getenv(const char *name, char **val);
243: int process_hooks_setenv(const char *name, const char *value, int overwrite);
244: int process_hooks_putenv(char *string);
245: int process_hooks_unsetenv(const char *name);
246:
247: /* env_hooks.c */
248: char *getenv_unhooked(const char *name);
249:
250: /* interfaces.c */
251: int get_net_ifs(char **addrinfo);
252:
253: /* setgroups.c */
254: int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
255:
256: /* ttyname.c */
257: char *get_process_ttyname(void);
258:
259: /* signal.c */
260: struct sigaction;
261: extern int signal_pipe[2];
262: int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa);
263: void init_signals(void);
264: void restore_signals(void);
265: void save_signals(void);
266:
267: /* gidlist.c */
268: int parse_gid_list(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp);
269:
270: #endif /* _SUDO_SUDO_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>