version 1.10.2.1, 2002/01/18 16:14:46 |
version 1.11, 2002/01/03 03:49:16 |
|
|
/* |
/* |
* Copyright (c) 1993-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 1993-1996,1998-2001 Todd C. Miller <Todd.Miller@courtesan.com> |
* All rights reserved. |
* All rights reserved. |
* |
* |
* Redistribution and use in source and binary forms, with or without |
* Redistribution and use in source and binary forms, with or without |
|
|
#include "version.h" |
#include "version.h" |
|
|
#ifndef lint |
#ifndef lint |
static const char rcsid[] = "$Sudo: sudo.c,v 1.318 2002/01/15 23:43:59 millert Exp $"; |
static const char rcsid[] = "$Sudo: sudo.c,v 1.311 2001/12/15 00:45:13 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
/* |
/* |
|
|
int cmnd_status; |
int cmnd_status; |
int sudo_mode; |
int sudo_mode; |
int pwflag; |
int pwflag; |
char **new_environ; |
|
sigaction_t sa; |
sigaction_t sa; |
extern int printmatches; |
extern int printmatches; |
extern char **environ; |
extern char **environ; |
|
|
validated = sudoers_lookup(pwflag); |
validated = sudoers_lookup(pwflag); |
|
|
/* |
/* |
* If we have POSIX saved uids and the stay_setuid flag was not set, |
|
* set the real, effective and saved uids to 0 and use set_perms_fallback() |
|
* instead of set_perms_posix(). |
|
*/ |
|
#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
|
if (!def_flag(I_STAY_SETUID) && set_perms == set_perms_posix) { |
|
if (setuid(0)) { |
|
perror("setuid(0)"); |
|
exit(1); |
|
} |
|
set_perms = set_perms_fallback; |
|
} |
|
#endif |
|
|
|
/* |
|
* Look up runas user passwd struct. If we are given a uid then |
* Look up runas user passwd struct. If we are given a uid then |
* there may be no corresponding passwd(5) entry (which is OK). |
* there may be no corresponding passwd(5) entry (which is OK). |
*/ |
*/ |
|
|
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas); |
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas); |
} |
} |
|
|
|
/* Customize environment and get rid of any nasty bits. */ |
|
environ = rebuild_env(sudo_mode, envp); |
|
|
/* This goes after the sudoers parse since we honor sudoers options. */ |
/* This goes after the sudoers parse since we honor sudoers options. */ |
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { |
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { |
remove_timestamp((sudo_mode == MODE_KILL)); |
remove_timestamp((sudo_mode == MODE_KILL)); |
|
|
if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS)) |
if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS)) |
usage(1); |
usage(1); |
|
|
/* May need to set $HOME to target user if we are running a command. */ |
/* May need to set $HOME to target user. */ |
if ((sudo_mode & MODE_RUN) && (def_flag(I_ALWAYS_SET_HOME) || |
if (def_flag(I_ALWAYS_SET_HOME) || |
((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME)))) |
((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))) |
sudo_mode |= MODE_RESET_HOME; |
sudo_mode |= MODE_RESET_HOME; |
|
|
/* Bail if a tty is required and we don't have one. */ |
/* Bail if a tty is required and we don't have one. */ |
|
|
if (!(validated & FLAG_NOPASS)) |
if (!(validated & FLAG_NOPASS)) |
check_user(); |
check_user(); |
|
|
/* Build up custom environment that avoids any nasty bits. */ |
|
new_environ = rebuild_env(sudo_mode, envp); |
|
|
|
if (validated & VALIDATE_OK) { |
if (validated & VALIDATE_OK) { |
/* Finally tell the user if the command did not exist. */ |
/* Finally tell the user if the command did not exist. */ |
if (cmnd_status == NOT_FOUND_DOT) { |
if (cmnd_status == NOT_FOUND_DOT) { |
|
|
/* Become specified user or root. */ |
/* Become specified user or root. */ |
set_perms(PERM_RUNAS, sudo_mode); |
set_perms(PERM_RUNAS, sudo_mode); |
|
|
/* Install the new environment. */ |
|
environ = new_environ; |
|
|
|
#ifndef PROFILING |
#ifndef PROFILING |
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
exit(0); |
exit(0); |
|
|
log_error(0, "uid %ld does not exist in the passwd file!", |
log_error(0, "uid %ld does not exist in the passwd file!", |
(long) pw.pw_uid); |
(long) pw.pw_uid); |
} |
} |
if (user_shell == NULL || *user_shell == '\0') |
user_shell = sudo_user.pw->pw_shell; |
user_shell = sudo_user.pw->pw_shell; |
|
|
|
/* It is now safe to use log_error() and set_perms() */ |
/* It is now safe to use log_error() and set_perms() */ |
|
|
|
|
(void) sigaction(SIGCHLD, &sa, NULL); |
(void) sigaction(SIGCHLD, &sa, NULL); |
|
|
/* Set set_perms pointer to the correct function */ |
/* Set set_perms pointer to the correct function */ |
#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
#if defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
if (sysconf(_SC_SAVED_IDS) == 1 && sysconf(_SC_VERSION) >= 199009) |
if (sysconf(_SC_SAVED_IDS) == 1 && sysconf(_SC_VERSION) >= 199009) |
set_perms = set_perms_posix; |
set_perms = set_perms_posix; |
else |
else |
|
|
struct hostent *hp; |
struct hostent *hp; |
char *p; |
char *p; |
|
|
if (!(hp = gethostbyname(user_host))) { |
if (def_flag(I_FQDN)) { |
log_error(MSG_ONLY|NO_EXIT, |
if (!(hp = gethostbyname(user_host))) { |
"unable to lookup %s via gethostbyname()", user_host); |
log_error(MSG_ONLY|NO_EXIT, |
} else { |
"unable to lookup %s via gethostbyname()", user_host); |
if (user_shost != user_host) |
} else { |
free(user_shost); |
free(user_host); |
free(user_host); |
user_host = estrdup(hp->h_name); |
user_host = estrdup(hp->h_name); |
} |
} |
} |
|
if (user_shost != user_host) |
|
free(user_shost); |
if ((p = strchr(user_host, '.'))) { |
if ((p = strchr(user_host, '.'))) { |
*p = '\0'; |
*p = '\0'; |
user_shost = estrdup(user_host); |
user_shost = estrdup(user_host); |