2
* Copyright (c) 1993-1996, 1998-2005, 2007-2011
3
* Todd C. Miller <Todd.Miller@courtesan.com>
5
* Permission to use, copy, modify, and distribute this software for any
6
* purpose with or without fee is hereby granted, provided that the above
7
* copyright notice and this permission notice appear in all copies.
9
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
* Sponsored in part by the Defense Advanced Research Projects
18
* Agency (DARPA) and Air Force Research Laboratory, Air Force
19
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
22
#ifndef _SUDO_SUDOERS_H
23
#define _SUDO_SUDOERS_H
27
#include <pathnames.h>
36
#include "sudo_plugin.h"
38
#define DEFAULT_TEXT_DOMAIN "sudoers"
42
* Password db and supplementary group IDs with associated group names.
52
* Info pertaining to the invoking user.
56
struct passwd *_runas_pw;
57
struct group *_runas_gr;
58
struct stat *cmnd_stat;
72
struct group_list *group_list;
73
char * const * env_vars;
88
* Return values for sudoers_lookup(), also used as arguments for log_auth()
89
* Note: cannot use '0' as a value here.
91
/* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
92
#define VALIDATE_ERROR 0x001
93
#define VALIDATE_OK 0x002
94
#define VALIDATE_NOT_OK 0x004
95
#define FLAG_CHECK_USER 0x010
96
#define FLAG_NO_USER 0x020
97
#define FLAG_NO_HOST 0x040
98
#define FLAG_NO_CHECK 0x080
101
* Pseudo-boolean values
109
* find_path()/load_cmnd() return values
113
#define NOT_FOUND_DOT 2
116
* Various modes sudo can be in (based on arguments) in hex
118
#define MODE_RUN 0x00000001
119
#define MODE_EDIT 0x00000002
120
#define MODE_VALIDATE 0x00000004
121
#define MODE_INVALIDATE 0x00000008
122
#define MODE_KILL 0x00000010
123
#define MODE_VERSION 0x00000020
124
#define MODE_HELP 0x00000040
125
#define MODE_LIST 0x00000080
126
#define MODE_CHECK 0x00000100
127
#define MODE_LISTDEFS 0x00000200
128
#define MODE_MASK 0x0000ffff
131
#define MODE_BACKGROUND 0x00010000 /* XXX - unused */
132
#define MODE_SHELL 0x00020000
133
#define MODE_LOGIN_SHELL 0x00040000
134
#define MODE_IMPLIED_SHELL 0x00080000
135
#define MODE_RESET_HOME 0x00100000
136
#define MODE_PRESERVE_GROUPS 0x00200000
137
#define MODE_PRESERVE_ENV 0x00400000
138
#define MODE_NONINTERACTIVE 0x00800000
139
#define MODE_IGNORE_TICKET 0x01000000
142
* Used with set_perms()
144
#define PERM_INITIAL 0x00
145
#define PERM_ROOT 0x01
146
#define PERM_USER 0x02
147
#define PERM_FULL_USER 0x03
148
#define PERM_SUDOERS 0x04
149
#define PERM_RUNAS 0x05
150
#define PERM_TIMESTAMP 0x06
151
#define PERM_NOEXIT 0x10 /* flag */
152
#define PERM_MASK 0xf0
155
* Shortcuts for sudo_user contents.
157
#define user_name (sudo_user.name)
158
#define user_uid (sudo_user.uid)
159
#define user_gid (sudo_user.gid)
160
#define user_passwd (sudo_user.pw->pw_passwd)
161
#define user_uuid (sudo_user.uuid)
162
#define user_dir (sudo_user.pw->pw_dir)
163
#define user_group_list (sudo_user.group_list)
164
#define user_tty (sudo_user.tty)
165
#define user_ttypath (sudo_user.ttypath)
166
#define user_cwd (sudo_user.cwd)
167
#define user_cmnd (sudo_user.cmnd)
168
#define user_args (sudo_user.cmnd_args)
169
#define user_base (sudo_user.cmnd_base)
170
#define user_stat (sudo_user.cmnd_stat)
171
#define user_path (sudo_user.path)
172
#define user_prompt (sudo_user.prompt)
173
#define user_host (sudo_user.host)
174
#define user_shost (sudo_user.shost)
175
#define user_ccname (sudo_user.krb5_ccname)
176
#define safe_cmnd (sudo_user.cmnd_safe)
177
#define login_class (sudo_user.class_name)
178
#define runas_pw (sudo_user._runas_pw)
179
#define runas_gr (sudo_user._runas_gr)
180
#define user_role (sudo_user.role)
181
#define user_type (sudo_user.type)
182
#define user_closefrom (sudo_user.closefrom)
185
# define ROOT_UID 65535
191
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
192
* but that caused problems with various alternate authentication
193
* methods. So, we just define our own and assume that it is >= the
196
#define SUDO_PASS_MAX 256
204
* Function prototypes
206
#define YY_DECL int yylex(void)
209
char *sudo_goodpath(const char *, struct stat *);
212
int find_path(char *, char **, struct stat *, char *, int);
215
int check_user(int, int);
216
void remove_timestamp(int);
217
int user_is_exempt(void);
220
int verify_user(struct passwd *, char *);
221
int sudo_auth_begin_session(struct passwd *);
222
int sudo_auth_end_session(struct passwd *);
223
int sudo_auth_init(struct passwd *pw);
224
int sudo_auth_cleanup(struct passwd *pw);
227
int sudo_file_open(struct sudo_nss *);
228
int sudo_file_close(struct sudo_nss *);
229
int sudo_file_setdefs(struct sudo_nss *);
230
int sudo_file_lookup(struct sudo_nss *, int, int);
231
int sudo_file_parse(struct sudo_nss *);
232
int sudo_file_display_cmnd(struct sudo_nss *, struct passwd *);
233
int sudo_file_display_defaults(struct sudo_nss *, struct passwd *, struct lbuf *);
234
int sudo_file_display_bound_defaults(struct sudo_nss *, struct passwd *, struct lbuf *);
235
int sudo_file_display_privs(struct sudo_nss *, struct passwd *, struct lbuf *);
238
void rewind_perms(void);
240
void restore_perms(void);
241
int pam_prep_user(struct passwd *);
250
void dump_defaults(void);
251
void dump_auth_methods(void);
254
char *sudo_getepw(const struct passwd *);
257
void zero_bytes(volatile void *, size_t);
260
void display_privs(struct sudo_nss_list *, struct passwd *);
261
int display_cmnd(struct sudo_nss_list *, struct passwd *);
264
void sudo_setgrent(void);
265
void sudo_endgrent(void);
266
void sudo_setpwent(void);
267
void sudo_endpwent(void);
268
void sudo_setspent(void);
269
void sudo_endspent(void);
270
struct group_list *get_group_list(struct passwd *pw);
271
void set_group_list(const char *, GETGROUPS_T *gids, int ngids);
272
struct passwd *sudo_getpwnam(const char *);
273
struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid);
274
struct passwd *sudo_fakepwnam(const char *, gid_t);
275
struct passwd *sudo_getpwuid(uid_t);
276
struct group *sudo_getgrnam(const char *);
277
struct group *sudo_fakegrnam(const char *);
278
struct group *sudo_getgrgid(gid_t);
279
void grlist_addref(struct group_list *);
280
void grlist_delref(struct group_list *);
281
void gr_addref(struct group *);
282
void gr_delref(struct group *);
283
void pw_addref(struct passwd *);
284
void pw_delref(struct passwd *);
285
int user_in_group(struct passwd *, const char *);
288
char *get_timestr(time_t, int);
291
int atobool(const char *str);
294
int get_boottime(struct timeval *);
297
void io_nextid(char *iolog_dir, char sessid[7]);
300
char *expand_iolog_path(const char *prefix, const char *dir, const char *file,
304
char **env_get(void);
305
void env_init(char * const envp[]);
306
void init_envtables(void);
307
void insert_env_vars(char * const envp[]);
308
void read_env_file(const char *, int);
309
void rebuild_env(void);
310
void validate_env_vars(char * const envp[]);
313
char *fmt_string(const char *, const char *);
316
void plugin_cleanup(int);
318
FILE *open_sudoers(const char *, int, int *);
321
void aix_restoreauthdb(void);
322
void aix_setauthdb(char *user);
325
int group_plugin_load(char *plugin_info);
326
void group_plugin_unload(void);
327
int group_plugin_query(const char *user, const char *group,
328
const struct passwd *pwd);
331
int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
334
extern struct sudo_user sudo_user;
335
extern struct passwd *list_pw;
336
extern const char *sudoers_file;
337
extern mode_t sudoers_mode;
338
extern uid_t sudoers_uid;
339
extern gid_t sudoers_gid;
340
extern int long_list;
341
extern int sudo_mode;
342
extern uid_t timestamp_uid;
343
extern sudo_conv_t sudo_conv;
344
extern sudo_printf_t sudo_printf;
347
#endif /* _SUDO_SUDOERS_H */