1
by Thom May
Import upstream version 1.6.7p5 |
1 |
/*
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
2 |
* Copyright (c) 1993-1996, 1998-2005, 2007-2010
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
3 |
* Todd C. Miller <Todd.Miller@courtesan.com>
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
4 |
*
|
5 |
* Permission to use, copy, modify, and distribute this software for any
|
|
6 |
* purpose with or without fee is hereby granted, provided that the above
|
|
7 |
* copyright notice and this permission notice appear in all copies.
|
|
8 |
*
|
|
9 |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
10 |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
11 |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
12 |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
13 |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
14 |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
15 |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
16 |
*
|
17 |
* Sponsored in part by the Defense Advanced Research Projects
|
|
18 |
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
|
19 |
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
|
20 |
*/
|
|
21 |
||
22 |
#ifndef _SUDO_SUDO_H
|
|
23 |
#define _SUDO_SUDO_H
|
|
24 |
||
25 |
#include <pathnames.h> |
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
26 |
#include <limits.h> |
1
by Thom May
Import upstream version 1.6.7p5 |
27 |
#include "compat.h" |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
28 |
#include "alloc.h" |
1
by Thom May
Import upstream version 1.6.7p5 |
29 |
#include "defaults.h" |
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
30 |
#include "error.h" |
31 |
#include "list.h" |
|
1
by Thom May
Import upstream version 1.6.7p5 |
32 |
#include "logging.h" |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
33 |
#include "missing.h" |
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
34 |
#include "sudo_nss.h" |
1
by Thom May
Import upstream version 1.6.7p5 |
35 |
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
36 |
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
|
37 |
# include <membership.h>
|
|
38 |
#endif
|
|
39 |
||
1
by Thom May
Import upstream version 1.6.7p5 |
40 |
/*
|
41 |
* Info pertaining to the invoking user.
|
|
42 |
*/
|
|
43 |
struct sudo_user { |
|
44 |
struct passwd *pw; |
|
45 |
struct passwd *_runas_pw; |
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
46 |
struct group *_runas_gr; |
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
47 |
struct stat *cmnd_stat; |
1
by Thom May
Import upstream version 1.6.7p5 |
48 |
char *path; |
49 |
char *shell; |
|
50 |
char *tty; |
|
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
51 |
char *ttypath; |
1
by Thom May
Import upstream version 1.6.7p5 |
52 |
char *host; |
53 |
char *shost; |
|
54 |
char *prompt; |
|
55 |
char *cmnd; |
|
56 |
char *cmnd_args; |
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
57 |
char *cmnd_base; |
58 |
char *cmnd_safe; |
|
1
by Thom May
Import upstream version 1.6.7p5 |
59 |
char *class_name; |
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
60 |
char *krb5_ccname; |
61 |
char *display; |
|
62 |
char *askpass; |
|
63 |
int ngroups; |
|
1.2.2
by Martin Pitt
Import upstream version 1.6.9p9 |
64 |
GETGROUPS_T *groups; |
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
65 |
struct list_member *env_vars; |
1.2.5
by Martin Pitt
Import upstream version 1.6.9p15 |
66 |
#ifdef HAVE_SELINUX
|
67 |
char *role; |
|
68 |
char *type; |
|
69 |
#endif
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
70 |
char cwd[PATH_MAX]; |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
71 |
char sessid[7]; |
72 |
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
|
|
73 |
uuid_t uuid; |
|
74 |
#endif
|
|
75 |
};
|
|
76 |
||
77 |
/* Status passed between parent and child via socketpair */
|
|
78 |
struct command_status { |
|
79 |
#define CMD_INVALID 0
|
|
80 |
#define CMD_ERRNO 1
|
|
81 |
#define CMD_WSTATUS 2
|
|
82 |
#define CMD_SIGNO 3
|
|
83 |
int type; |
|
84 |
int val; |
|
1
by Thom May
Import upstream version 1.6.7p5 |
85 |
};
|
86 |
||
87 |
/*
|
|
88 |
* Return values for sudoers_lookup(), also used as arguments for log_auth()
|
|
89 |
* Note: cannot use '0' as a value here.
|
|
90 |
*/
|
|
91 |
/* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
|
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
92 |
#define VALIDATE_ERROR 0x001
|
93 |
#define VALIDATE_OK 0x002
|
|
94 |
#define VALIDATE_NOT_OK 0x004
|
|
95 |
#define FLAG_CHECK_USER 0x010
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
96 |
#define FLAG_NO_USER 0x020
|
97 |
#define FLAG_NO_HOST 0x040
|
|
98 |
#define FLAG_NO_CHECK 0x080
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
99 |
|
100 |
/*
|
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
101 |
* Pseudo-boolean values
|
1
by Thom May
Import upstream version 1.6.7p5 |
102 |
*/
|
103 |
#undef TRUE
|
|
104 |
#define TRUE 1
|
|
105 |
#undef FALSE
|
|
106 |
#define FALSE 0
|
|
107 |
||
108 |
/*
|
|
109 |
* find_path()/load_cmnd() return values
|
|
110 |
*/
|
|
111 |
#define FOUND 1
|
|
112 |
#define NOT_FOUND 0
|
|
113 |
#define NOT_FOUND_DOT -1
|
|
114 |
||
115 |
/*
|
|
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
116 |
* Various modes sudo can be in (based on arguments) in hex
|
1
by Thom May
Import upstream version 1.6.7p5 |
117 |
*/
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
118 |
#define MODE_RUN 0x00000001
|
119 |
#define MODE_EDIT 0x00000002
|
|
120 |
#define MODE_VALIDATE 0x00000004
|
|
121 |
#define MODE_INVALIDATE 0x00000008
|
|
122 |
#define MODE_KILL 0x00000010
|
|
123 |
#define MODE_VERSION 0x00000020
|
|
124 |
#define MODE_HELP 0x00000040
|
|
125 |
#define MODE_LIST 0x00000080
|
|
126 |
#define MODE_CHECK 0x00000100
|
|
127 |
#define MODE_LISTDEFS 0x00000200
|
|
128 |
#define MODE_MASK 0x0000ffff
|
|
129 |
||
130 |
/* Mode flags */
|
|
131 |
#define MODE_BACKGROUND 0x00010000
|
|
132 |
#define MODE_SHELL 0x00020000
|
|
133 |
#define MODE_LOGIN_SHELL 0x00040000
|
|
134 |
#define MODE_IMPLIED_SHELL 0x00080000
|
|
135 |
#define MODE_RESET_HOME 0x00100000
|
|
136 |
#define MODE_PRESERVE_GROUPS 0x00200000
|
|
137 |
#define MODE_PRESERVE_ENV 0x00400000
|
|
138 |
#define MODE_NONINTERACTIVE 0x00800000
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
139 |
|
140 |
/*
|
|
141 |
* Used with set_perms()
|
|
142 |
*/
|
|
143 |
#define PERM_ROOT 0x00
|
|
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
144 |
#define PERM_USER 0x01
|
145 |
#define PERM_FULL_USER 0x02
|
|
146 |
#define PERM_SUDOERS 0x03
|
|
147 |
#define PERM_RUNAS 0x04
|
|
148 |
#define PERM_FULL_RUNAS 0x05
|
|
149 |
#define PERM_TIMESTAMP 0x06
|
|
1.2.8
by Bdale Garbee
Import upstream version 1.7.2 |
150 |
#define PERM_NOEXIT 0x10 /* flag */ |
151 |
#define PERM_MASK 0xf0
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
152 |
|
153 |
/*
|
|
154 |
* Shortcuts for sudo_user contents.
|
|
155 |
*/
|
|
156 |
#define user_name (sudo_user.pw->pw_name)
|
|
157 |
#define user_passwd (sudo_user.pw->pw_passwd)
|
|
158 |
#define user_uid (sudo_user.pw->pw_uid)
|
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
159 |
#define user_uuid (sudo_user.uuid)
|
1
by Thom May
Import upstream version 1.6.7p5 |
160 |
#define user_gid (sudo_user.pw->pw_gid)
|
161 |
#define user_dir (sudo_user.pw->pw_dir)
|
|
162 |
#define user_shell (sudo_user.shell)
|
|
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
163 |
#define user_ngroups (sudo_user.ngroups)
|
164 |
#define user_groups (sudo_user.groups)
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
165 |
#define user_tty (sudo_user.tty)
|
1.2.1
by Martin Pitt
Import upstream version 1.6.9p6 |
166 |
#define user_ttypath (sudo_user.ttypath)
|
1
by Thom May
Import upstream version 1.6.7p5 |
167 |
#define user_cwd (sudo_user.cwd)
|
168 |
#define user_cmnd (sudo_user.cmnd)
|
|
169 |
#define user_args (sudo_user.cmnd_args)
|
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
170 |
#define user_base (sudo_user.cmnd_base)
|
171 |
#define user_stat (sudo_user.cmnd_stat)
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
172 |
#define user_path (sudo_user.path)
|
173 |
#define user_prompt (sudo_user.prompt)
|
|
174 |
#define user_host (sudo_user.host)
|
|
175 |
#define user_shost (sudo_user.shost)
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
176 |
#define user_ccname (sudo_user.krb5_ccname)
|
177 |
#define user_display (sudo_user.display)
|
|
178 |
#define user_askpass (sudo_user.askpass)
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
179 |
#define safe_cmnd (sudo_user.cmnd_safe)
|
180 |
#define login_class (sudo_user.class_name)
|
|
181 |
#define runas_pw (sudo_user._runas_pw)
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
182 |
#define runas_gr (sudo_user._runas_gr)
|
1.2.5
by Martin Pitt
Import upstream version 1.6.9p15 |
183 |
#define user_role (sudo_user.role)
|
184 |
#define user_type (sudo_user.type)
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
185 |
|
186 |
/*
|
|
187 |
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
|
|
188 |
* but that caused problems with various alternate authentication
|
|
189 |
* methods. So, we just define our own and assume that it is >= the
|
|
190 |
* system max.
|
|
191 |
*/
|
|
192 |
#define SUDO_PASS_MAX 256
|
|
193 |
||
194 |
/*
|
|
195 |
* Flags for lock_file()
|
|
196 |
*/
|
|
197 |
#define SUDO_LOCK 1 /* lock a file */ |
|
198 |
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */ |
|
199 |
#define SUDO_UNLOCK 4 /* unlock a file */ |
|
200 |
||
201 |
/*
|
|
202 |
* Flags for tgetpass()
|
|
203 |
*/
|
|
204 |
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ |
|
205 |
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ |
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
206 |
#define TGP_ASKPASS 0x04 /* read from askpass helper program */ |
1
by Thom May
Import upstream version 1.6.7p5 |
207 |
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
208 |
struct lbuf; |
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
209 |
struct passwd; |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
210 |
struct stat; |
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
211 |
struct timeval; |
212 |
||
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
213 |
/* aix.c */
|
214 |
void aix_prep_user __P((char *, char *)); |
|
215 |
void aix_setauthdb __P((char *user)); |
|
216 |
void aix_restoreauthdb __P((void)); |
|
217 |
||
218 |
/* boottime.c */
|
|
219 |
int get_boottime __P((struct timeval *)); |
|
220 |
||
221 |
/* check.c */
|
|
222 |
int user_is_exempt __P((void)); |
|
223 |
void check_user __P((int, int)); |
|
224 |
void remove_timestamp __P((int)); |
|
225 |
||
226 |
/* env.c */
|
|
227 |
char **env_get __P((void)); |
|
228 |
void env_init __P((int lazy)); |
|
229 |
void init_envtables __P((void)); |
|
230 |
void insert_env_vars __P((struct list_member *)); |
|
231 |
void read_env_file __P((const char *, int)); |
|
232 |
void rebuild_env __P((int)); |
|
233 |
void validate_env_vars __P((struct list_member *)); |
|
234 |
||
235 |
/* exec.c */
|
|
236 |
int sudo_execve __P((const char *path, char *argv[], char *envp[], uid_t uid, |
|
237 |
struct command_status *cstat, int dowait, int bgmode)); |
|
238 |
||
239 |
/* fileops.c */
|
|
240 |
char *sudo_parseln __P((FILE *)); |
|
241 |
int lock_file __P((int, int)); |
|
242 |
int touch __P((int, char *, struct timeval *)); |
|
243 |
||
244 |
/* find_path.c */
|
|
245 |
int find_path __P((char *, char **, struct stat *, char *, int)); |
|
246 |
||
247 |
/* getspwuid.c */
|
|
248 |
char *sudo_getepw __P((const struct passwd *)); |
|
249 |
||
250 |
/* gettime.c */
|
|
251 |
int gettime __P((struct timeval *)); |
|
252 |
||
253 |
/* goodpath.c */
|
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
254 |
char *sudo_goodpath __P((const char *, struct stat *)); |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
255 |
|
256 |
/* gram.y */
|
|
257 |
int yyparse __P((void)); |
|
258 |
||
259 |
/* iolog.c */
|
|
260 |
int io_log_open __P((void)); |
|
261 |
int log_stderr __P((const char *buf, unsigned int len)); |
|
262 |
int log_stdin __P((const char *buf, unsigned int len)); |
|
263 |
int log_stdout __P((const char *buf, unsigned int len)); |
|
264 |
int log_ttyin __P((const char *buf, unsigned int len)); |
|
265 |
int log_ttyout __P((const char *buf, unsigned int len)); |
|
266 |
void io_log_close __P((void)); |
|
267 |
void io_nextid __P((void)); |
|
268 |
||
269 |
/* pam.c */
|
|
270 |
int pam_begin_session __P((struct passwd *)); |
|
271 |
int pam_end_session __P((void)); |
|
272 |
||
273 |
/* parse.c */
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
274 |
int sudo_file_open __P((struct sudo_nss *)); |
275 |
int sudo_file_close __P((struct sudo_nss *)); |
|
276 |
int sudo_file_setdefs __P((struct sudo_nss *)); |
|
277 |
int sudo_file_lookup __P((struct sudo_nss *, int, int)); |
|
278 |
int sudo_file_parse __P((struct sudo_nss *)); |
|
279 |
int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *)); |
|
280 |
int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
281 |
int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
282 |
int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
283 |
|
284 |
/* parse_args.c */
|
|
285 |
int parse_args __P((int, char **)); |
|
286 |
||
287 |
/* get_pty.c */
|
|
288 |
int get_pty __P((int *master, int *slave, char *name, size_t namesz, uid_t uid)); |
|
289 |
||
290 |
/* pwutil.c */
|
|
291 |
int user_in_group __P((struct passwd *, const char *)); |
|
292 |
struct group *sudo_fakegrnam __P((const char *)); |
|
293 |
struct group *sudo_getgrgid __P((gid_t)); |
|
294 |
struct group *sudo_getgrnam __P((const char *)); |
|
295 |
struct passwd *sudo_fakepwnam __P((const char *, gid_t)); |
|
296 |
struct passwd *sudo_getpwnam __P((const char *)); |
|
297 |
struct passwd *sudo_getpwuid __P((uid_t)); |
|
298 |
void sudo_endgrent __P((void)); |
|
299 |
void sudo_endpwent __P((void)); |
|
300 |
void sudo_endspent __P((void)); |
|
301 |
void sudo_setgrent __P((void)); |
|
302 |
void sudo_setpwent __P((void)); |
|
303 |
void sudo_setspent __P((void)); |
|
304 |
||
305 |
/* selinux.c */
|
|
306 |
int selinux_restore_tty __P((void)); |
|
307 |
int selinux_setup __P((const char *role, const char *type, const char *ttyn, |
|
308 |
int ttyfd)); |
|
309 |
void selinux_execve __P((const char *path, char *argv[], char *envp[])); |
|
310 |
||
311 |
/* set_perms.c */
|
|
1.2.8
by Bdale Garbee
Import upstream version 1.7.2 |
312 |
int set_perms __P((int)); |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
313 |
|
314 |
/* sudo.c */
|
|
315 |
FILE *open_sudoers __P((const char *, int, int *)); |
|
316 |
int exec_setup __P((int, const char *, int)); |
|
317 |
void cleanup __P((int)); |
|
318 |
void set_fqdn __P((void)); |
|
319 |
||
320 |
/* sudo_auth.c */
|
|
321 |
void verify_user __P((struct passwd *, char *)); |
|
1
by Thom May
Import upstream version 1.6.7p5 |
322 |
void pass_warn __P((FILE *)); |
323 |
void dump_auth_methods __P((void)); |
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
324 |
|
325 |
/* sudo_nss.c */
|
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
326 |
void display_privs __P((struct sudo_nss_list *, struct passwd *)); |
327 |
int display_cmnd __P((struct sudo_nss_list *, struct passwd *)); |
|
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
328 |
|
329 |
/* term.c */
|
|
330 |
int term_cbreak __P((int)); |
|
331 |
int term_copy __P((int, int)); |
|
332 |
int term_noecho __P((int)); |
|
333 |
int term_raw __P((int, int)); |
|
334 |
int term_restore __P((int, int)); |
|
335 |
||
336 |
/* tgetpass.c */
|
|
337 |
char *tgetpass __P((const char *, int, int)); |
|
338 |
int tty_present __P((void)); |
|
339 |
||
340 |
/* timestr.c */
|
|
341 |
char *get_timestr __P((time_t, int)); |
|
342 |
||
343 |
/* toke.l */
|
|
344 |
#define YY_DECL int yylex __P((void))
|
|
1
by Thom May
Import upstream version 1.6.7p5 |
345 |
YY_DECL; |
346 |
||
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
347 |
/* zero_bytes.c */
|
348 |
void zero_bytes __P((volatile void *, size_t)); |
|
349 |
||
1
by Thom May
Import upstream version 1.6.7p5 |
350 |
/* Only provide extern declarations outside of sudo.c. */
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
351 |
#ifndef _SUDO_MAIN
|
1
by Thom May
Import upstream version 1.6.7p5 |
352 |
extern struct sudo_user sudo_user; |
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
353 |
extern struct passwd *auth_pw, *list_pw; |
1
by Thom May
Import upstream version 1.6.7p5 |
354 |
|
355 |
extern int tgetpass_flags; |
|
1.2.7
by Bdale Garbee
Import upstream version 1.7.0 |
356 |
extern int long_list; |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
357 |
extern int sudo_mode; |
1
by Thom May
Import upstream version 1.6.7p5 |
358 |
extern uid_t timestamp_uid; |
1.4.5
by Bdale Garbee
Import upstream version 1.7.4p4 |
359 |
/* XXX - conflicts with the one in visudo */
|
360 |
int run_command __P((const char *path, char *argv[], char *envp[], uid_t uid, int dowait)); |
|
1
by Thom May
Import upstream version 1.6.7p5 |
361 |
#endif
|
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
362 |
#ifndef errno
|
1
by Thom May
Import upstream version 1.6.7p5 |
363 |
extern int errno; |
1.1.1
by Thom May
Import upstream version 1.6.8p5 |
364 |
#endif
|
1
by Thom May
Import upstream version 1.6.7p5 |
365 |
|
366 |
#endif /* _SUDO_SUDO_H */ |