2
* Copyright (c) 1999-2005, 2007-2011
3
* Todd C. Miller <Todd.Miller@courtesan.com>
5
* Permission to use, copy, modify, and distribute this software for any
6
* purpose with or without fee is hereby granted, provided that the above
7
* copyright notice and this permission notice appear in all copies.
9
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
* Sponsored in part by the Defense Advanced Research Projects
18
* Agency (DARPA) and Air Force Research Laboratory, Air Force
19
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
24
#include <sys/types.h>
25
#include <sys/param.h>
34
#endif /* STDC_HEADERS */
37
#endif /* HAVE_STRING_H */
40
#endif /* HAVE_STRINGS_H */
43
#endif /* HAVE_UNISTD_H */
52
* For converting between syslog numbers and strings.
59
#ifdef LOG_NFACILITIES
60
static struct strmap facilities[] = {
62
{ "authpriv", LOG_AUTHPRIV },
65
{ "daemon", LOG_DAEMON },
67
{ "local0", LOG_LOCAL0 },
68
{ "local1", LOG_LOCAL1 },
69
{ "local2", LOG_LOCAL2 },
70
{ "local3", LOG_LOCAL3 },
71
{ "local4", LOG_LOCAL4 },
72
{ "local5", LOG_LOCAL5 },
73
{ "local6", LOG_LOCAL6 },
74
{ "local7", LOG_LOCAL7 },
77
#endif /* LOG_NFACILITIES */
79
static struct strmap priorities[] = {
80
{ "alert", LOG_ALERT },
82
{ "debug", LOG_DEBUG },
83
{ "emerg", LOG_EMERG },
86
{ "notice", LOG_NOTICE },
87
{ "warning", LOG_WARNING },
94
static int store_int(char *, struct sudo_defs_types *, int);
95
static int store_list(char *, struct sudo_defs_types *, int);
96
static int store_mode(char *, struct sudo_defs_types *, int);
97
static int store_str(char *, struct sudo_defs_types *, int);
98
static int store_syslogfac(char *, struct sudo_defs_types *, int);
99
static int store_syslogpri(char *, struct sudo_defs_types *, int);
100
static int store_tuple(char *, struct sudo_defs_types *, int);
101
static int store_uint(char *, struct sudo_defs_types *, int);
102
static int store_float(char *, struct sudo_defs_types *, int);
103
static void list_op(char *, size_t, struct sudo_defs_types *, enum list_ops);
104
static const char *logfac2str(int);
105
static const char *logpri2str(int);
108
* Table describing compile-time and run-time options.
110
#include <def_data.c>
113
* Print version and configure info.
118
struct sudo_defs_types *cur;
119
struct list_member *item;
120
struct def_values *def;
123
for (cur = sudo_defs_table; cur->name; cur++) {
126
switch (cur->type & T_MASK) {
129
sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", desc);
132
if (cur->sd_un.str) {
133
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.str);
134
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
138
if (cur->sd_un.ival) {
139
sudo_printf(SUDO_CONV_INFO_MSG, desc,
140
logfac2str(cur->sd_un.ival));
141
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
145
if (cur->sd_un.ival) {
146
sudo_printf(SUDO_CONV_INFO_MSG, desc,
147
logpri2str(cur->sd_un.ival));
148
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
153
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.ival);
154
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
157
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval);
158
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
161
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode);
162
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
165
if (cur->sd_un.list) {
166
sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", desc);
167
for (item = cur->sd_un.list; item; item = item->next) {
168
sudo_printf(SUDO_CONV_INFO_MSG,
169
"\t%s\n", item->value);
174
for (def = cur->values; def->sval; def++) {
175
if (cur->sd_un.ival == def->ival) {
176
sudo_printf(SUDO_CONV_INFO_MSG, desc, def->sval);
180
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
188
* Sets/clears an entry in the defaults structure
189
* If a variable that takes a value is used in a boolean
190
* context with op == 0, disable that variable.
191
* Eg. you may want to turn off logging to a file for some hosts.
192
* This is only meaningful for variables that are *optional*.
195
set_default(char *var, char *val, int op)
197
struct sudo_defs_types *cur;
200
for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
201
if (strcmp(var, cur->name) == 0)
205
warningx(_("unknown defaults entry `%s'"), var);
209
switch (cur->type & T_MASK) {
211
if (!store_syslogfac(val, cur, op)) {
213
warningx(_("value `%s' is invalid for option `%s'"),
216
warningx(_("no value specified for `%s'"), var);
221
if (!store_syslogpri(val, cur, op)) {
223
warningx(_("value `%s' is invalid for option `%s'"),
226
warningx(_("no value specified for `%s'"), var);
232
/* Check for bogus boolean usage or lack of a value. */
233
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
234
warningx(_("no value specified for `%s'"), var);
238
if (ISSET(cur->type, T_PATH) && val && *val != '/') {
239
warningx(_("values for `%s' must start with a '/'"), var);
242
if (!store_str(val, cur, op)) {
243
warningx(_("value `%s' is invalid for option `%s'"), val, var);
249
/* Check for bogus boolean usage or lack of a value. */
250
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
251
warningx(_("no value specified for `%s'"), var);
255
if (!store_int(val, cur, op)) {
256
warningx(_("value `%s' is invalid for option `%s'"), val, var);
262
/* Check for bogus boolean usage or lack of a value. */
263
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
264
warningx(_("no value specified for `%s'"), var);
268
if (!store_uint(val, cur, op)) {
269
warningx(_("value `%s' is invalid for option `%s'"), val, var);
275
/* Check for bogus boolean usage or lack of a value. */
276
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
277
warningx(_("no value specified for `%s'"), var);
281
if (!store_float(val, cur, op)) {
282
warningx(_("value `%s' is invalid for option `%s'"), val, var);
288
/* Check for bogus boolean usage or lack of a value. */
289
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
290
warningx(_("no value specified for `%s'"), var);
294
if (!store_mode(val, cur, op)) {
295
warningx(_("value `%s' is invalid for option `%s'"), val, var);
301
warningx(_("option `%s' does not take a value"), var);
304
cur->sd_un.flag = op;
308
/* Check for bogus boolean usage or lack of a value. */
309
if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
310
warningx(_("no value specified for `%s'"), var);
314
if (!store_list(val, cur, op)) {
315
warningx(_("value `%s' is invalid for option `%s'"), val, var);
320
if (!val && !ISSET(cur->type, T_BOOL)) {
321
warningx(_("no value specified for `%s'"), var);
324
if (!store_tuple(val, cur, op)) {
325
warningx(_("value `%s' is invalid for option `%s'"), val, var);
335
* Set default options to compiled-in values.
336
* Any of these may be overridden at runtime by a "Defaults" file.
341
static int firsttime = 1;
342
struct sudo_defs_types *def;
344
/* Clear any old settings. */
346
for (def = sudo_defs_table; def->name; def++) {
347
switch (def->type & T_MASK) {
349
efree(def->sd_un.str);
350
def->sd_un.str = NULL;
353
list_op(NULL, 0, def, freeall);
356
zero_bytes(&def->sd_un, sizeof(def->sd_un));
360
/* First initialize the flags. */
361
#ifdef LONG_OTP_PROMPT
362
def_long_otp_prompt = TRUE;
364
#ifdef IGNORE_DOT_PATH
365
def_ignore_dot = TRUE;
367
#ifdef ALWAYS_SEND_MAIL
368
def_mail_always = TRUE;
370
#ifdef SEND_MAIL_WHEN_NO_USER
371
def_mail_no_user = TRUE;
373
#ifdef SEND_MAIL_WHEN_NO_HOST
374
def_mail_no_host = TRUE;
376
#ifdef SEND_MAIL_WHEN_NOT_OK
377
def_mail_no_perms = TRUE;
379
#ifndef NO_TTY_TICKETS
380
def_tty_tickets = TRUE;
385
#ifndef NO_AUTHENTICATION
386
def_authenticate = TRUE;
389
def_root_sudo = TRUE;
394
#ifdef SHELL_IF_NO_ARGS
395
def_shell_noargs = TRUE;
397
#ifdef SHELL_SETS_HOME
400
#ifndef DONT_LEAK_PATH_INFO
401
def_path_info = TRUE;
410
def_env_editor = TRUE;
412
#ifdef UMASK_OVERRIDE
413
def_umask_override = TRUE;
415
def_iolog_file = estrdup("%{seq}");
416
def_iolog_dir = estrdup(_PATH_SUDO_IO_LOGDIR);
417
def_sudoers_locale = estrdup("C");
418
def_env_reset = ENV_RESET;
419
def_set_logname = TRUE;
420
def_closefrom = STDERR_FILENO + 1;
422
/* Syslog options need special care since they both strings and ints */
423
#if (LOGGING & SLOG_SYSLOG)
424
(void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
425
(void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
427
(void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
431
/* Password flags also have a string and integer component. */
432
(void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
433
(void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
435
/* Then initialize the int-like things. */
437
def_umask = SUDO_UMASK;
441
def_loglinelen = MAXLOGFILELEN;
442
def_timestamp_timeout = TIMEOUT;
443
def_passwd_timeout = PASSWORD_TIMEOUT;
444
def_passwd_tries = TRIES_FOR_PASSWORD;
446
def_compress_io = TRUE;
449
/* Now do the strings */
450
def_mailto = estrdup(MAILTO);
451
def_mailsub = estrdup(_(MAILSUBJECT));
452
def_badpass_message = estrdup(_(INCORRECT_PASSWORD));
453
def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
454
def_passprompt = estrdup(_(PASSPROMPT));
455
def_runas_default = estrdup(RUNAS_DEFAULT);
456
#ifdef _PATH_SUDO_SENDMAIL
457
def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
458
def_mailerflags = estrdup("-t");
460
#if (LOGGING & SLOG_FILE)
461
def_logfile = estrdup(_PATH_SUDO_LOGFILE);
464
def_exempt_group = estrdup(EXEMPTGROUP);
467
def_secure_path = estrdup(SECURE_PATH);
469
def_editor = estrdup(EDITOR);
472
/* Finally do the lists (currently just environment tables). */
479
* Update the defaults based on what was set by sudoers.
480
* Pass in an OR'd list of which default types to update.
483
update_defaults(int what)
485
struct defaults *def;
488
tq_foreach_fwd(&defaults, def) {
491
if (ISSET(what, SETDEF_GENERIC) &&
492
!set_default(def->var, def->val, def->op))
496
if (ISSET(what, SETDEF_USER) &&
497
userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
498
!set_default(def->var, def->val, def->op))
502
if (ISSET(what, SETDEF_RUNAS) &&
503
runaslist_matches(&def->binding, NULL) == ALLOW &&
504
!set_default(def->var, def->val, def->op))
508
if (ISSET(what, SETDEF_HOST) &&
509
hostlist_matches(&def->binding) == ALLOW &&
510
!set_default(def->var, def->val, def->op))
514
if (ISSET(what, SETDEF_CMND) &&
515
cmndlist_matches(&def->binding) == ALLOW &&
516
!set_default(def->var, def->val, def->op))
525
store_int(char *val, struct sudo_defs_types *def, int op)
533
l = strtol(val, &endp, 10);
536
/* XXX - should check against INT_MAX */
537
def->sd_un.ival = (int)l;
540
return def->callback(val);
545
store_uint(char *val, struct sudo_defs_types *def, int op)
553
l = strtol(val, &endp, 10);
554
if (*endp != '\0' || l < 0)
556
/* XXX - should check against INT_MAX */
557
def->sd_un.ival = (unsigned int)l;
560
return def->callback(val);
565
store_float(char *val, struct sudo_defs_types *def, int op)
571
def->sd_un.fval = 0.0;
573
d = strtod(val, &endp);
576
/* XXX - should check against HUGE_VAL */
580
return def->callback(val);
585
store_tuple(char *val, struct sudo_defs_types *def, int op)
587
struct def_values *v;
590
* Since enums are really just ints we store the value as an ival.
591
* In the future, there may be multiple enums for different tuple
592
* types we want to avoid and special knowledge of the tuple type.
593
* This does assume that the first entry in the tuple enum will
594
* be the equivalent to a boolean "false".
597
def->sd_un.ival = (op == FALSE) ? 0 : 1;
599
for (v = def->values; v->sval != NULL; v++) {
600
if (strcmp(v->sval, val) == 0) {
601
def->sd_un.ival = v->ival;
609
return def->callback(val);
614
store_str(char *val, struct sudo_defs_types *def, int op)
617
efree(def->sd_un.str);
619
def->sd_un.str = NULL;
621
def->sd_un.str = estrdup(val);
623
return def->callback(val);
628
store_list(char *str, struct sudo_defs_types *def, int op)
632
/* Remove all old members. */
633
if (op == FALSE || op == TRUE)
634
list_op(NULL, 0, def, freeall);
636
/* Split str into multiple space-separated words and act on each one. */
640
/* Remove leading blanks, if nothing but blanks we are done. */
641
for (start = end; isblank((unsigned char)*start); start++)
646
/* Find end position and perform operation. */
647
for (end = start; *end && !isblank((unsigned char)*end); end++)
649
list_op(start, end - start, def, op == '-' ? delete : add);
650
} while (*end++ != '\0');
656
store_syslogfac(char *val, struct sudo_defs_types *def, int op)
661
def->sd_un.ival = FALSE;
664
#ifdef LOG_NFACILITIES
667
for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
669
if (fac->name == NULL)
670
return FALSE; /* not found */
672
def->sd_un.ival = fac->num;
674
def->sd_un.ival = -1;
675
#endif /* LOG_NFACILITIES */
682
#ifdef LOG_NFACILITIES
685
for (fac = facilities; fac->name && fac->num != n; fac++)
690
#endif /* LOG_NFACILITIES */
694
store_syslogpri(char *val, struct sudo_defs_types *def, int op)
698
if (op == FALSE || !val)
701
for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
703
if (pri->name == NULL)
704
return FALSE; /* not found */
706
def->sd_un.ival = pri->num;
715
for (pri = priorities; pri->name && pri->num != n; pri++)
721
store_mode(char *val, struct sudo_defs_types *def, int op)
727
def->sd_un.mode = (mode_t)0777;
729
l = strtol(val, &endp, 8);
730
if (*endp != '\0' || l < 0 || l > 0777)
732
def->sd_un.mode = (mode_t)l;
735
return def->callback(val);
740
list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op)
742
struct list_member *cur, *prev, *tmp;
745
for (cur = def->sd_un.list; cur; ) {
751
def->sd_un.list = NULL;
755
for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
756
if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
759
return; /* already exists */
763
prev->next = cur->next;
765
def->sd_un.list = cur->next;
772
/* Add new node to the head of the list. */
774
cur = emalloc(sizeof(struct list_member));
775
cur->value = emalloc(len + 1);
776
(void) memcpy(cur->value, val, len);
777
cur->value[len] = '\0';
778
cur->next = def->sd_un.list;
779
def->sd_un.list = cur;