Annotation of embedaddon/sudo/src/sudo_edit.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (c) 2004-2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: #include <config.h>
18:
19: #include <sys/types.h>
20: #include <sys/param.h>
21: #include <sys/stat.h>
22: #include <sys/time.h>
23: #include <sys/wait.h>
24: #include <sys/socket.h>
25: #include <stdio.h>
26: #ifdef STDC_HEADERS
27: # include <stdlib.h>
28: # include <stddef.h>
29: #else
30: # ifdef HAVE_STDLIB_H
31: # include <stdlib.h>
32: # endif
33: #endif /* STDC_HEADERS */
34: #ifdef HAVE_STRING_H
35: # include <string.h>
36: #endif /* HAVE_STRING_H */
37: #ifdef HAVE_STRINGS_H
38: # include <strings.h>
39: #endif /* HAVE_STRINGS_H */
40: #ifdef HAVE_UNISTD_H
41: # include <unistd.h>
42: #endif /* HAVE_UNISTD_H */
43: #include <ctype.h>
44: #include <grp.h>
45: #include <pwd.h>
46: #include <signal.h>
47: #include <errno.h>
48: #include <fcntl.h>
49: #if TIME_WITH_SYS_TIME
50: # include <time.h>
51: #endif
52:
53: #include "sudo.h"
54:
1.1.1.2 ! misho 55: #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID)
! 56:
1.1 misho 57: static void
58: switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups)
59: {
60: int serrno = errno;
1.1.1.2 ! misho 61: debug_decl(switch_user, SUDO_DEBUG_EDIT)
1.1 misho 62:
63: /* When restoring root, change euid first; otherwise change it last. */
64: if (euid == ROOT_UID) {
65: if (seteuid(ROOT_UID) != 0)
66: error(1, "seteuid(ROOT_UID)");
67: }
68: if (setegid(egid) != 0)
69: error(1, "setegid(%d)", (int)egid);
70: if (ngroups != -1) {
71: if (sudo_setgroups(ngroups, groups) != 0)
72: error(1, "setgroups");
73: }
74: if (euid != ROOT_UID) {
75: if (seteuid(euid) != 0)
76: error(1, "seteuid(%d)", (int)euid);
77: }
78: errno = serrno;
1.1.1.2 ! misho 79:
! 80: debug_return;
1.1 misho 81: }
82:
83: /*
84: * Wrapper to allow users to edit privileged files with their own uid.
85: */
86: int
87: sudo_edit(struct command_details *command_details)
88: {
89: struct command_details editor_details;
90: ssize_t nread, nwritten;
91: const char *tmpdir;
92: char *cp, *suff, **nargv, **ap, **files = NULL;
93: char buf[BUFSIZ];
94: int rc, i, j, ac, ofd, tfd, nargc, rval, tmplen;
95: int editor_argc = 0, nfiles = 0;
96: struct stat sb;
97: struct timeval tv, tv1, tv2;
98: struct tempfile {
99: char *tfile;
100: char *ofile;
101: struct timeval omtim;
102: off_t osize;
1.1.1.2 ! misho 103: } *tf = NULL;
! 104: debug_decl(sudo_edit, SUDO_DEBUG_EDIT)
1.1 misho 105:
106: /*
107: * Set real, effective and saved uids to root.
108: * We will change the euid as needed below.
109: */
110: if (setuid(ROOT_UID) != 0) {
111: warning(_("unable to change uid to root (%u)"), ROOT_UID);
1.1.1.2 ! misho 112: goto cleanup;
1.1 misho 113: }
114:
115: /*
116: * Find our temporary directory, one of /var/tmp, /usr/tmp, or /tmp
117: */
118: if (stat(_PATH_VARTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
119: tmpdir = _PATH_VARTMP;
120: #ifdef _PATH_USRTMP
121: else if (stat(_PATH_USRTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
122: tmpdir = _PATH_USRTMP;
123: #endif
124: else
125: tmpdir = _PATH_TMP;
126: tmplen = strlen(tmpdir);
127: while (tmplen > 0 && tmpdir[tmplen - 1] == '/')
128: tmplen--;
129:
130: /*
131: * The user's editor must be separated from the files to be
132: * edited by a "--" option.
133: */
134: for (ap = command_details->argv; *ap != NULL; ap++) {
135: if (files)
136: nfiles++;
137: else if (strcmp(*ap, "--") == 0)
138: files = ap + 1;
139: else
140: editor_argc++;
141: }
142: if (nfiles == 0) {
143: warningx(_("plugin error: missing file list for sudoedit"));
1.1.1.2 ! misho 144: goto cleanup;
1.1 misho 145: }
146:
147: /*
148: * For each file specified by the user, make a temporary version
149: * and copy the contents of the original to it.
150: */
151: tf = emalloc2(nfiles, sizeof(*tf));
152: zero_bytes(tf, nfiles * sizeof(*tf));
153: for (i = 0, j = 0; i < nfiles; i++) {
154: rc = -1;
155: switch_user(command_details->euid, command_details->egid,
156: command_details->ngroups, command_details->groups);
157: if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) {
158: if (ofd == -1) {
159: zero_bytes(&sb, sizeof(sb)); /* new file */
160: rc = 0;
161: } else {
162: rc = fstat(ofd, &sb);
163: }
164: }
165: switch_user(ROOT_UID, user_details.egid,
166: user_details.ngroups, user_details.groups);
167: if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) {
168: if (rc)
169: warning("%s", files[i]);
170: else
171: warningx(_("%s: not a regular file"), files[i]);
172: if (ofd != -1)
173: close(ofd);
174: continue;
175: }
176: tf[j].ofile = files[i];
177: tf[j].osize = sb.st_size;
178: mtim_get(&sb, &tf[j].omtim);
179: if ((cp = strrchr(tf[j].ofile, '/')) != NULL)
180: cp++;
181: else
182: cp = tf[j].ofile;
183: suff = strrchr(cp, '.');
184: if (suff != NULL) {
185: easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir,
186: (int)(size_t)(suff - cp), cp, suff);
187: } else {
188: easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp);
189: }
190: if (seteuid(user_details.uid) != 0)
191: error(1, "seteuid(%d)", (int)user_details.uid);
192: tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0);
193: if (seteuid(ROOT_UID) != 0)
194: error(1, "seteuid(ROOT_UID)");
195: if (tfd == -1) {
196: warning("mkstemps");
197: goto cleanup;
198: }
199: if (ofd != -1) {
200: while ((nread = read(ofd, buf, sizeof(buf))) != 0) {
201: if ((nwritten = write(tfd, buf, nread)) != nread) {
202: if (nwritten == -1)
203: warning("%s", tf[j].tfile);
204: else
205: warningx(_("%s: short write"), tf[j].tfile);
206: goto cleanup;
207: }
208: }
209: close(ofd);
210: }
211: /*
212: * We always update the stashed mtime because the time
213: * resolution of the filesystem the temporary file is on may
214: * not match that of the filesystem where the file to be edited
215: * resides. It is OK if touch() fails since we only use the info
216: * to determine whether or not a file has been modified.
217: */
218: (void) touch(tfd, NULL, &tf[j].omtim);
219: rc = fstat(tfd, &sb);
220: if (!rc)
221: mtim_get(&sb, &tf[j].omtim);
222: close(tfd);
223: j++;
224: }
225: if ((nfiles = j) == 0)
1.1.1.2 ! misho 226: goto cleanup; /* no files readable, you lose */
1.1 misho 227:
228: /*
229: * Allocate space for the new argument vector and fill it in.
230: * We concatenate the editor with its args and the file list
231: * to create a new argv.
232: */
233: nargc = editor_argc + nfiles;
234: nargv = (char **) emalloc2(nargc + 1, sizeof(char *));
235: for (ac = 0; ac < editor_argc; ac++)
236: nargv[ac] = command_details->argv[ac];
237: for (i = 0; i < nfiles && ac < nargc; )
238: nargv[ac++] = tf[i++].tfile;
239: nargv[ac] = NULL;
240:
241: /*
242: * Run the editor with the invoking user's creds,
243: * keeping track of the time spent in the editor.
244: */
245: gettimeofday(&tv1, NULL);
246: memcpy(&editor_details, command_details, sizeof(editor_details));
247: editor_details.uid = user_details.uid;
248: editor_details.euid = user_details.uid;
249: editor_details.gid = user_details.gid;
250: editor_details.egid = user_details.gid;
251: editor_details.ngroups = user_details.ngroups;
252: editor_details.groups = user_details.groups;
253: editor_details.argv = nargv;
254: rval = run_command(&editor_details);
255: gettimeofday(&tv2, NULL);
256:
257: /* Copy contents of temp files to real ones */
258: for (i = 0; i < nfiles; i++) {
259: rc = -1;
260: if (seteuid(user_details.uid) != 0)
261: error(1, "seteuid(%d)", (int)user_details.uid);
262: if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) {
263: rc = fstat(tfd, &sb);
264: }
265: if (seteuid(ROOT_UID) != 0)
266: error(1, "seteuid(ROOT_UID)");
267: if (rc || !S_ISREG(sb.st_mode)) {
268: if (rc)
269: warning("%s", tf[i].tfile);
270: else
271: warningx(_("%s: not a regular file"), tf[i].tfile);
272: warningx(_("%s left unmodified"), tf[i].ofile);
273: if (tfd != -1)
274: close(tfd);
275: continue;
276: }
277: mtim_get(&sb, &tv);
278: if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) {
279: /*
280: * If mtime and size match but the user spent no measurable
281: * time in the editor we can't tell if the file was changed.
282: */
283: timevalsub(&tv1, &tv2);
284: if (timevalisset(&tv2)) {
285: warningx(_("%s unchanged"), tf[i].ofile);
286: unlink(tf[i].tfile);
287: close(tfd);
288: continue;
289: }
290: }
291: switch_user(command_details->euid, command_details->egid,
292: command_details->ngroups, command_details->groups);
293: ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644);
294: switch_user(ROOT_UID, user_details.egid,
295: user_details.ngroups, user_details.groups);
296: if (ofd == -1) {
297: warning(_("unable to write to %s"), tf[i].ofile);
298: warningx(_("contents of edit session left in %s"), tf[i].tfile);
299: close(tfd);
300: continue;
301: }
302: while ((nread = read(tfd, buf, sizeof(buf))) > 0) {
303: if ((nwritten = write(ofd, buf, nread)) != nread) {
304: if (nwritten == -1)
305: warning("%s", tf[i].ofile);
306: else
307: warningx(_("%s: short write"), tf[i].ofile);
308: break;
309: }
310: }
311: if (nread == 0) {
312: /* success, got EOF */
313: unlink(tf[i].tfile);
314: } else if (nread < 0) {
315: warning(_("unable to read temporary file"));
316: warningx(_("contents of edit session left in %s"), tf[i].tfile);
317: } else {
318: warning(_("unable to write to %s"), tf[i].ofile);
319: warningx(_("contents of edit session left in %s"), tf[i].tfile);
320: }
321: close(ofd);
322: }
1.1.1.2 ! misho 323: debug_return_int(rval);
1.1 misho 324:
325: cleanup:
326: /* Clean up temp files and return. */
1.1.1.2 ! misho 327: if (tf != NULL) {
! 328: for (i = 0; i < nfiles; i++) {
! 329: if (tf[i].tfile != NULL)
! 330: unlink(tf[i].tfile);
! 331: }
1.1 misho 332: }
1.1.1.2 ! misho 333: debug_return_int(1);
1.1 misho 334: }
335:
336: #else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
337:
338: /*
339: * Must have the ability to change the effective uid to use sudoedit.
340: */
341: int
342: sudo_edit(struct command_details *command_details)
343: {
1.1.1.2 ! misho 344: debug_decl(sudo_edit, SUDO_DEBUG_EDIT)
! 345: debug_return_int(1);
1.1 misho 346: }
347:
348: #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo_edit.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src