1: /*
2: * Copyright (c) 1993-1996, 1998-2005, 2007-2012
3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: *
17: * Sponsored in part by the Defense Advanced Research Projects
18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
20: *
21: * $Sudo: sudo.h,v 1.290 2009/12/12 16:12:26 millert Exp $
22: */
23:
24: #ifndef _SUDO_SUDO_H
25: #define _SUDO_SUDO_H
26:
27: #include <limits.h>
28: #include <pathnames.h>
29: #ifdef HAVE_STDBOOL_H
30: # include <stdbool.h>
31: #else
32: # include "compat/stdbool.h"
33: #endif /* HAVE_STDBOOL_H */
34:
35: #include "missing.h"
36: #include "alloc.h"
37: #include "error.h"
38: #include "fileops.h"
39: #include "list.h"
40: #include "sudo_conf.h"
41: #include "sudo_debug.h"
42: #include "gettext.h"
43:
44: #ifdef __TANDEM
45: # define ROOT_UID 65535
46: #else
47: # define ROOT_UID 0
48: #endif
49:
50: /*
51: * Various modes sudo can be in (based on arguments) in hex
52: */
53: #define MODE_RUN 0x00000001
54: #define MODE_EDIT 0x00000002
55: #define MODE_VALIDATE 0x00000004
56: #define MODE_INVALIDATE 0x00000008
57: #define MODE_KILL 0x00000010
58: #define MODE_VERSION 0x00000020
59: #define MODE_HELP 0x00000040
60: #define MODE_LIST 0x00000080
61: #define MODE_CHECK 0x00000100
62: #define MODE_MASK 0x0000ffff
63:
64: /* Mode flags */
65: /* XXX - prune this */
66: #define MODE_BACKGROUND 0x00010000
67: #define MODE_SHELL 0x00020000
68: #define MODE_LOGIN_SHELL 0x00040000
69: #define MODE_IMPLIED_SHELL 0x00080000
70: #define MODE_RESET_HOME 0x00100000
71: #define MODE_PRESERVE_GROUPS 0x00200000
72: #define MODE_PRESERVE_ENV 0x00400000
73: #define MODE_NONINTERACTIVE 0x00800000
74: #define MODE_LONG_LIST 0x01000000
75:
76: /*
77: * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
78: * but that caused problems with various alternate authentication
79: * methods. So, we just define our own and assume that it is >= the
80: * system max.
81: */
82: #define SUDO_PASS_MAX 256
83:
84: /*
85: * Flags for tgetpass()
86: */
87: #define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */
88: #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
89: #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
90: #define TGP_ASKPASS 0x04 /* read from askpass helper program */
91: #define TGP_MASK 0x08 /* mask user input when reading */
92: #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */
93:
94: struct user_details {
95: pid_t pid;
96: pid_t ppid;
97: pid_t pgid;
98: pid_t tcpgid;
99: pid_t sid;
100: uid_t uid;
101: uid_t euid;
102: uid_t gid;
103: uid_t egid;
104: const char *username;
105: const char *cwd;
106: const char *tty;
107: const char *host;
108: const char *shell;
109: GETGROUPS_T *groups;
110: int ngroups;
111: int ts_cols;
112: int ts_lines;
113: };
114:
115: #define CD_SET_UID 0x0001
116: #define CD_SET_EUID 0x0002
117: #define CD_SET_GID 0x0004
118: #define CD_SET_EGID 0x0008
119: #define CD_PRESERVE_GROUPS 0x0010
120: #define CD_NOEXEC 0x0020
121: #define CD_SET_PRIORITY 0x0040
122: #define CD_SET_UMASK 0x0080
123: #define CD_SET_TIMEOUT 0x0100
124: #define CD_SUDOEDIT 0x0200
125: #define CD_BACKGROUND 0x0400
126: #define CD_RBAC_ENABLED 0x0800
127: #define CD_USE_PTY 0x1000
128: #define CD_SET_UTMP 0x2000
129:
130: struct command_details {
131: uid_t uid;
132: uid_t euid;
133: gid_t gid;
134: gid_t egid;
135: mode_t umask;
136: int priority;
137: int timeout;
138: int ngroups;
139: int closefrom;
140: int flags;
141: struct passwd *pw;
142: GETGROUPS_T *groups;
143: const char *command;
144: const char *cwd;
145: const char *login_class;
146: const char *chroot;
147: const char *selinux_role;
148: const char *selinux_type;
149: const char *utmp_user;
150: char **argv;
151: char **envp;
152: };
153:
154: /* Status passed between parent and child via socketpair */
155: struct command_status {
156: #define CMD_INVALID 0
157: #define CMD_ERRNO 1
158: #define CMD_WSTATUS 2
159: #define CMD_SIGNO 3
160: int type;
161: int val;
162: };
163:
164: struct timeval;
165:
166: /* For error() and errorx() (XXX - needed?) */
167: void cleanup(int);
168:
169: /* tgetpass.c */
170: char *tgetpass(const char *, int, int);
171: int tty_present(void);
172:
173: /* zero_bytes.c */
174: void zero_bytes(volatile void *, size_t);
175:
176: /* exec.c */
177: int sudo_execute(struct command_details *details, struct command_status *cstat);
178: void save_signals(void);
179: void restore_signals(void);
180:
181: /* term.c */
182: int term_cbreak(int);
183: int term_copy(int, int);
184: int term_noecho(int);
185: int term_raw(int, int);
186: int term_restore(int, int);
187:
188: /* fmt_string.h */
189: char *fmt_string(const char *var, const char *value);
190:
191: /* atobool.c */
192: bool atobool(const char *str);
193:
194: /* parse_args.c */
195: int parse_args(int argc, char **argv, int *nargc, char ***nargv,
196: char ***settingsp, char ***env_addp);
197: extern int tgetpass_flags;
198:
199: /* get_pty.c */
200: int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t uid);
201:
202: /* ttysize.c */
203: void get_ttysize(int *rowp, int *colp);
204:
205: /* sudo.c */
206: bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd);
207: int policy_init_session(struct command_details *details);
208: int run_command(struct command_details *details);
209: extern const char *list_user, *runas_user, *runas_group;
210: extern struct user_details user_details;
211:
212: /* sudo_edit.c */
213: int sudo_edit(struct command_details *details);
214:
215: /* parse_args.c */
216: void usage(int);
217:
218: /* selinux.c */
219: int selinux_restore_tty(void);
220: int selinux_setup(const char *role, const char *type, const char *ttyn,
221: int ttyfd);
222: void selinux_execve(const char *path, char *const argv[], char *const envp[],
223: int noexec);
224:
225: /* aix.c */
226: void aix_prep_user(char *user, const char *tty);
227: void aix_restoreauthdb(void);
228: void aix_setauthdb(char *user);
229:
230: /* hooks.c */
231: /* XXX - move to sudo_plugin_int.h? */
232: struct sudo_hook;
233: int register_hook(struct sudo_hook *hook);
234: int deregister_hook(struct sudo_hook *hook);
235: int process_hooks_getenv(const char *name, char **val);
236: int process_hooks_setenv(const char *name, const char *value, int overwrite);
237: int process_hooks_putenv(char *string);
238: int process_hooks_unsetenv(const char *name);
239:
240: /* interfaces.c */
241: int get_net_ifs(char **addrinfo);
242:
243: /* setgroups.c */
244: int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
245:
246: /* ttyname.c */
247: char *get_process_ttyname(void);
248:
249: #endif /* _SUDO_SUDO_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src