version 1.33, 2008/07/31 16:44:03 |
version 1.34, 2008/11/14 11:58:08 |
|
|
/* |
/* |
* Copyright (c) 1993-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 1993-1996, 1998-2008 Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
|
|
#ifdef HAVE_UNISTD_H |
#ifdef HAVE_UNISTD_H |
# include <unistd.h> |
# include <unistd.h> |
#endif /* HAVE_UNISTD_H */ |
#endif /* HAVE_UNISTD_H */ |
#ifdef HAVE_ERR_H |
|
# include <err.h> |
|
#else |
|
# include "emul/err.h" |
|
#endif /* HAVE_ERR_H */ |
|
#include <pwd.h> |
#include <pwd.h> |
#include <errno.h> |
#include <errno.h> |
#include <fcntl.h> |
#include <fcntl.h> |
|
|
#endif |
#endif |
|
|
#include "sudo.h" |
#include "sudo.h" |
|
#include "sudo_usage.h" |
|
#include "lbuf.h" |
#include "interfaces.h" |
#include "interfaces.h" |
#include "version.h" |
#include "version.h" |
|
|
#ifndef lint |
#ifndef lint |
__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.43 2008/07/02 10:28:43 millert Exp $"; |
__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.499 2008/11/11 18:28:08 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
/* |
/* |
* Prototypes |
* Prototypes |
*/ |
*/ |
static int init_vars __P((int, char **)); |
static void init_vars __P((int, char **)); |
|
static int set_cmnd __P((int)); |
static int parse_args __P((int, char **)); |
static int parse_args __P((int, char **)); |
static void check_sudoers __P((void)); |
|
static void initial_setup __P((void)); |
static void initial_setup __P((void)); |
static void set_loginclass __P((struct passwd *)); |
static void set_loginclass __P((struct passwd *)); |
static void set_project __P((struct passwd *)); |
static void set_project __P((struct passwd *)); |
|
static void set_runasgr __P((char *)); |
|
static void set_runaspw __P((char *)); |
|
static void show_version __P((void)); |
static void usage __P((int)) |
static void usage __P((int)) |
__attribute__((__noreturn__)); |
__attribute__((__noreturn__)); |
static void usage_excl __P((int)) |
static void usage_excl __P((int)) |
__attribute__((__noreturn__)); |
__attribute__((__noreturn__)); |
static void usage_excl __P((int)); |
|
static struct passwd *get_authpw __P((void)); |
static struct passwd *get_authpw __P((void)); |
extern int sudo_edit __P((int, char **, char **)); |
extern int sudo_edit __P((int, char **, char **)); |
extern void list_matches __P((void)); |
extern void rebuild_env __P((int, int)); |
extern char **rebuild_env __P((char **, int, int)); |
void validate_env_vars __P((struct list_member *)); |
extern void validate_env_vars __P((struct list_member *)); |
void insert_env_vars __P((struct list_member *)); |
extern char **insert_env_vars __P((char **, struct list_member *)); |
|
extern struct passwd *sudo_getpwnam __P((const char *)); |
|
extern struct passwd *sudo_getpwuid __P((uid_t)); |
|
extern struct passwd *sudo_pwdup __P((const struct passwd *)); |
|
|
|
/* |
/* |
* Globals |
* Globals |
|
|
int Argc, NewArgc; |
int Argc, NewArgc; |
char **Argv, **NewArgv; |
char **Argv, **NewArgv; |
char *prev_user; |
char *prev_user; |
|
static int user_closefrom = -1; |
struct sudo_user sudo_user; |
struct sudo_user sudo_user; |
struct passwd *auth_pw; |
struct passwd *auth_pw, *list_pw; |
FILE *sudoers_fp; |
|
struct interface *interfaces; |
struct interface *interfaces; |
int num_interfaces; |
int num_interfaces; |
int tgetpass_flags; |
int tgetpass_flags; |
|
int long_list; |
uid_t timestamp_uid; |
uid_t timestamp_uid; |
extern int errorlineno; |
extern int errorlineno; |
|
extern int parse_error; |
|
extern char *errorfile; |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
static struct rlimit corelimit; |
static struct rlimit corelimit; |
#endif /* RLIMIT_CORE && !SUDO_DEVEL */ |
#endif /* RLIMIT_CORE && !SUDO_DEVEL */ |
|
|
char *login_style; |
char *login_style; |
#endif /* HAVE_BSD_AUTH_H */ |
#endif /* HAVE_BSD_AUTH_H */ |
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; |
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; |
|
static char *runas_user; |
|
static char *runas_group; |
|
static struct sudo_nss_list *snl; |
|
|
|
/* For getopt(3) */ |
|
extern char *optarg; |
|
extern int optind; |
|
|
int |
int |
main(argc, argv, envp) |
main(argc, argv, envp) |
|
|
char **argv; |
char **argv; |
char **envp; |
char **envp; |
{ |
{ |
int validated; |
int sources = 0, validated; |
int fd; |
int fd, cmnd_status, sudo_mode, pwflag, rc = 0; |
int cmnd_status; |
|
int sudo_mode; |
|
int pwflag; |
|
sigaction_t sa; |
sigaction_t sa; |
extern int printmatches; |
#if defined(SUDO_DEVEL) && defined(__OpenBSD__) |
extern char **environ; |
extern char *malloc_options; |
|
malloc_options = "AFGJPR"; |
|
#endif |
|
struct sudo_nss *nss; |
|
|
#ifdef HAVE_SETLOCALE |
#ifdef HAVE_SETLOCALE |
setlocale(LC_ALL, ""); |
setlocale(LC_ALL, ""); |
|
|
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
|
|
if (geteuid() != 0) |
if (geteuid() != 0) |
errx(1, "must be setuid root"); |
errorx(1, "must be setuid root"); |
|
|
/* |
/* |
* Signal setup: |
* Signal setup: |
|
|
* us at some point and avoid the logging. |
* us at some point and avoid the logging. |
* Install handler to wait for children when they exit. |
* Install handler to wait for children when they exit. |
*/ |
*/ |
|
zero_bytes(&sa, sizeof(sa)); |
sigemptyset(&sa.sa_mask); |
sigemptyset(&sa.sa_mask); |
sa.sa_flags = SA_RESTART; |
sa.sa_flags = SA_RESTART; |
sa.sa_handler = SIG_IGN; |
sa.sa_handler = SIG_IGN; |
|
|
(void) sigaction(SIGTSTP, &sa, &saved_sa_tstp); |
(void) sigaction(SIGTSTP, &sa, &saved_sa_tstp); |
|
|
/* |
/* |
* Turn off core dumps and close open files. |
* Turn off core dumps and make sure fds 0-2 are open. |
*/ |
*/ |
initial_setup(); |
initial_setup(); |
setpwent(); |
sudo_setpwent(); |
|
sudo_setgrent(); |
|
|
/* Parse our arguments. */ |
/* Parse our arguments. */ |
sudo_mode = parse_args(Argc, Argv); |
sudo_mode = parse_args(Argc, Argv); |
|
|
else |
else |
switch (sudo_mode) { |
switch (sudo_mode) { |
case MODE_VERSION: |
case MODE_VERSION: |
(void) printf("Sudo version %s\n", version); |
show_version(); |
if (getuid() == 0) { |
|
putchar('\n'); |
|
(void) printf("Sudoers path: %s\n", _PATH_SUDOERS); |
|
dump_auth_methods(); |
|
dump_defaults(); |
|
dump_interfaces(); |
|
} |
|
exit(0); |
|
break; |
break; |
case MODE_HELP: |
case MODE_HELP: |
usage(0); |
usage(0); |
|
|
case MODE_LIST: |
case MODE_LIST: |
user_cmnd = "list"; |
user_cmnd = "list"; |
pwflag = I_LISTPW; |
pwflag = I_LISTPW; |
printmatches = 1; |
|
break; |
break; |
|
case MODE_CHECK: |
|
pwflag = I_LISTPW; |
|
break; |
} |
} |
|
|
/* Must have a command to run... */ |
/* Must have a command to run... */ |
if (user_cmnd == NULL && NewArgc == 0) |
if (user_cmnd == NULL && NewArgc == 0) |
usage(1); |
usage(1); |
|
|
cmnd_status = init_vars(sudo_mode, environ); |
init_vars(sudo_mode, envp); /* XXX - move this later? */ |
|
|
#ifdef HAVE_LDAP |
/* Parse nsswitch.conf for sudoers order. */ |
validated = sudo_ldap_check(pwflag); |
snl = sudo_read_nss(); |
|
|
/* Skip reading /etc/sudoers if LDAP told us to */ |
/* Open and parse sudoers, set global defaults */ |
if (!def_ignore_local_sudoers) { |
tq_foreach_fwd(snl, nss) { |
int v; |
if (nss->open(nss) == 0 && nss->parse(nss) == 0) { |
|
sources++; |
|
nss->setdefs(nss); |
|
} |
|
} |
|
if (sources == 0) |
|
log_error(0, "no valid sudoers sources found, quitting"); |
|
|
check_sudoers(); /* check mode/owner on _PATH_SUDOERS */ |
/* XXX - collect post-sudoers parse settings into a function */ |
|
|
/* Local sudoers file overrides LDAP if we have a match. */ |
/* |
v = sudoers_lookup(pwflag); |
* Set runas passwd/group entries based on command line or sudoers. |
if (validated == VALIDATE_ERROR || ISSET(v, VALIDATE_OK)) |
* Note that if runas_group was specified without runas_user we |
validated = v; |
* defer setting runas_pw so the match routines know to ignore it. |
|
*/ |
|
if (runas_group != NULL) { |
|
set_runasgr(runas_group); |
|
if (runas_user != NULL) |
|
set_runaspw(runas_user); |
|
} else |
|
set_runaspw(runas_user ? runas_user : def_runas_default); |
|
|
|
if (!update_defaults(SETDEF_RUNAS)) |
|
log_error(NO_STDERR|NO_EXIT, "problem with defaults entries"); |
|
|
|
/* Set login class if applicable. */ |
|
set_loginclass(sudo_user.pw); |
|
|
|
/* Update initial shell now that runas is set. */ |
|
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) |
|
NewArgv[0] = runas_pw->pw_shell; |
|
|
|
/* This goes after sudoers is parsed since it may have timestamp options. */ |
|
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { |
|
remove_timestamp((sudo_mode == MODE_KILL)); |
|
cleanup(0); |
|
exit(0); |
} |
} |
#else |
|
check_sudoers(); /* check mode/owner on _PATH_SUDOERS */ |
|
|
|
/* Validate the user but don't search for pseudo-commands. */ |
/* Is root even allowed to run sudo? */ |
validated = sudoers_lookup(pwflag); |
if (user_uid == 0 && !def_root_sudo) { |
|
(void) fprintf(stderr, |
|
"Sorry, %s has been configured to not allow root to run it.\n", |
|
getprogname()); |
|
exit(1); |
|
} |
|
|
|
/* Check for -C overriding def_closefrom. */ |
|
if (user_closefrom >= 0 && user_closefrom != def_closefrom) { |
|
if (!def_closefrom_override) |
|
errorx(1, "you are not permitted to use the -C option"); |
|
else |
|
def_closefrom = user_closefrom; |
|
} |
|
|
|
cmnd_status = set_cmnd(sudo_mode); |
|
|
|
#ifdef HAVE_SETLOCALE |
|
if (!setlocale(LC_ALL, def_sudoers_locale)) { |
|
warningx("unable to set locale to \"%s\", using \"C\"", |
|
def_sudoers_locale); |
|
setlocale(LC_ALL, "C"); |
|
} |
#endif |
#endif |
|
|
|
validated = FLAG_NO_USER | FLAG_NO_HOST; |
|
tq_foreach_fwd(snl, nss) { |
|
validated = nss->lookup(nss, validated, pwflag); |
|
|
|
/* Handle [NOTFOUND=return] */ |
|
if (!ISSET(validated, VALIDATE_OK) && nss->ret_notfound) |
|
break; |
|
} |
if (safe_cmnd == NULL) |
if (safe_cmnd == NULL) |
safe_cmnd = estrdup(user_cmnd); |
safe_cmnd = estrdup(user_cmnd); |
|
|
|
#ifdef HAVE_SETLOCALE |
|
setlocale(LC_ALL, ""); |
|
#endif |
|
|
|
/* If only a group was specified, set runas_pw based on invoking user. */ |
|
if (runas_pw == NULL) |
|
set_runaspw(user_name); |
|
|
/* |
/* |
* Look up the timestamp dir owner if one is specified. |
* Look up the timestamp dir owner if one is specified. |
*/ |
*/ |
|
|
struct passwd *pw; |
struct passwd *pw; |
|
|
if (*def_timestampowner == '#') |
if (*def_timestampowner == '#') |
pw = getpwuid(atoi(def_timestampowner + 1)); |
pw = sudo_getpwuid(atoi(def_timestampowner + 1)); |
else |
else |
pw = getpwnam(def_timestampowner); |
pw = sudo_getpwnam(def_timestampowner); |
if (!pw) |
if (!pw) |
log_error(0, "timestamp owner (%s): No such user", |
log_error(0, "timestamp owner (%s): No such user", |
def_timestampowner); |
def_timestampowner); |
timestamp_uid = pw->pw_uid; |
timestamp_uid = pw->pw_uid; |
} |
} |
|
|
/* This goes after the sudoers parse since we honor sudoers options. */ |
|
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { |
|
remove_timestamp((sudo_mode == MODE_KILL)); |
|
exit(0); |
|
} |
|
|
|
if (ISSET(validated, VALIDATE_ERROR)) |
|
log_error(0, "parse error in %s near line %d", _PATH_SUDOERS, |
|
errorlineno); |
|
|
|
/* Is root even allowed to run sudo? */ |
|
if (user_uid == 0 && !def_root_sudo) { |
|
(void) fprintf(stderr, |
|
"Sorry, %s has been configured to not allow root to run it.\n", |
|
getprogname()); |
|
exit(1); |
|
} |
|
|
|
/* If given the -P option, set the "preserve_groups" flag. */ |
/* If given the -P option, set the "preserve_groups" flag. */ |
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) |
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS)) |
def_preserve_groups = TRUE; |
def_preserve_groups = TRUE; |
|
|
(void) close(fd); |
(void) close(fd); |
} |
} |
|
|
/* User may have overriden environment resetting via the -E flag. */ |
/* Use askpass value from sudoers unless user specified their own. */ |
if (ISSET(sudo_mode, MODE_PRESERVE_ENV) && ISSET(validated, FLAG_SETENV)) |
if (def_askpass && !user_askpass) |
|
user_askpass = def_askpass; |
|
|
|
/* User may have overridden environment resetting via the -E flag. */ |
|
if (ISSET(sudo_mode, MODE_PRESERVE_ENV) && def_setenv) |
def_env_reset = FALSE; |
def_env_reset = FALSE; |
|
|
/* Build a new environment that avoids any nasty bits. */ |
/* Build a new environment that avoids any nasty bits. */ |
environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC)); |
rebuild_env(sudo_mode, def_noexec); |
|
|
/* Fill in passwd struct based on user we are authenticating as. */ |
/* Fill in passwd struct based on user we are authenticating as. */ |
auth_pw = get_authpw(); |
auth_pw = get_authpw(); |
|
|
/* Require a password if sudoers says so. */ |
/* Require a password if sudoers says so. */ |
if (!ISSET(validated, FLAG_NOPASS)) |
if (def_authenticate) |
check_user(validated); |
check_user(validated, !ISSET(sudo_mode, MODE_NONINTERACTIVE)); |
|
|
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ |
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ |
if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) { |
/* XXX - causes confusion when root is not listed in sudoers */ |
|
if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) { |
|
if (user_uid == 0 && strcmp(prev_user, "root") != 0) { |
struct passwd *pw; |
struct passwd *pw; |
|
|
if ((pw = sudo_getpwnam(prev_user)) != NULL) { |
if ((pw = sudo_getpwnam(prev_user)) != NULL) |
efree(sudo_user.pw); |
|
sudo_user.pw = pw; |
sudo_user.pw = pw; |
} |
} |
} |
} |
|
|
if (ISSET(validated, VALIDATE_OK)) { |
if (ISSET(validated, VALIDATE_OK)) { |
/* Finally tell the user if the command did not exist. */ |
/* Finally tell the user if the command did not exist. */ |
if (cmnd_status == NOT_FOUND_DOT) { |
if (cmnd_status == NOT_FOUND_DOT) |
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); |
errorx(1, "ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); |
exit(1); |
else if (cmnd_status == NOT_FOUND) |
} else if (cmnd_status == NOT_FOUND) { |
errorx(1, "%s: command not found", user_cmnd); |
warnx("%s: command not found", user_cmnd); |
|
exit(1); |
|
} |
|
|
|
/* If user specified env vars make sure sudoers allows it. */ |
/* If user specified env vars make sure sudoers allows it. */ |
if (ISSET(sudo_mode, MODE_RUN) && !ISSET(validated, FLAG_SETENV)) { |
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { |
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) |
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) |
log_error(NO_MAIL, |
log_error(NO_MAIL, |
"sorry, you are not allowed to preserve the environment"); |
"sorry, you are not allowed to preserve the environment"); |
|
|
validate_env_vars(sudo_user.env_vars); |
validate_env_vars(sudo_user.env_vars); |
} |
} |
|
|
log_auth(validated, 1); |
log_allowed(validated); |
if (sudo_mode == MODE_VALIDATE) |
if (sudo_mode == MODE_CHECK) |
exit(0); |
rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw); |
else if (sudo_mode == MODE_LIST) { |
else if (sudo_mode == MODE_LIST) |
list_matches(); |
display_privs(snl, list_pw ? list_pw : sudo_user.pw); |
#ifdef HAVE_LDAP |
|
sudo_ldap_list_matches(); |
|
#endif |
|
exit(0); |
|
} |
|
|
|
/* Override user's umask if configured to do so. */ |
/* Cleanup sudoers sources */ |
if (def_umask != 0777) |
tq_foreach_fwd(snl, nss) |
(void) umask(def_umask); |
nss->close(nss); |
|
|
|
/* Deferred exit due to sudo_ldap_close() */ |
|
if (sudo_mode == MODE_VALIDATE || sudo_mode == MODE_CHECK || |
|
sudo_mode == MODE_LIST) |
|
exit(rc); |
|
|
|
/* |
|
* Override user's umask if configured to do so. |
|
* If user's umask is more restrictive, OR in those bits too. |
|
*/ |
|
if (def_umask != 0777) { |
|
mode_t mask = umask(def_umask); |
|
mask |= def_umask; |
|
if (mask != def_umask) |
|
umask(mask); |
|
} |
|
|
/* Restore coredumpsize resource limit. */ |
/* Restore coredumpsize resource limit. */ |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
(void) setrlimit(RLIMIT_CORE, &corelimit); |
(void) setrlimit(RLIMIT_CORE, &corelimit); |
|
|
if (ISSET(sudo_mode, MODE_RUN)) |
if (ISSET(sudo_mode, MODE_RUN)) |
set_perms(PERM_FULL_RUNAS); |
set_perms(PERM_FULL_RUNAS); |
|
|
/* Close the password and group files */ |
|
endpwent(); |
|
endgrent(); |
|
|
|
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { |
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { |
char *p; |
char *p; |
|
|
|
|
|
|
/* Change to target user's homedir. */ |
/* Change to target user's homedir. */ |
if (chdir(runas_pw->pw_dir) == -1) |
if (chdir(runas_pw->pw_dir) == -1) |
warn("unable to change directory to %s", runas_pw->pw_dir); |
warning("unable to change directory to %s", runas_pw->pw_dir); |
|
|
|
#if defined(__linux__) || defined(_AIX) |
|
/* Insert system-wide environment variables. */ |
|
read_env_file(_PATH_ENVIRONMENT, TRUE); |
|
#endif |
} |
} |
|
|
if (ISSET(sudo_mode, MODE_EDIT)) |
if (ISSET(sudo_mode, MODE_EDIT)) |
exit(sudo_edit(NewArgc, NewArgv, envp)); |
exit(sudo_edit(NewArgc, NewArgv, envp)); |
|
|
|
/* Insert system-wide environment variables. */ |
|
if (def_env_file) |
|
read_env_file(def_env_file, FALSE); |
|
|
/* Insert user-specified environment variables. */ |
/* Insert user-specified environment variables. */ |
environ = insert_env_vars(environ, sudo_user.env_vars); |
insert_env_vars(sudo_user.env_vars); |
|
|
/* Restore signal handlers before we exec. */ |
/* Restore signal handlers before we exec. */ |
(void) sigaction(SIGINT, &saved_sa_int, NULL); |
(void) sigaction(SIGINT, &saved_sa_int, NULL); |
(void) sigaction(SIGQUIT, &saved_sa_quit, NULL); |
(void) sigaction(SIGQUIT, &saved_sa_quit, NULL); |
(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL); |
(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL); |
|
|
|
/* Close the password and group files and free up memory. */ |
|
sudo_endpwent(); |
|
sudo_endgrent(); |
|
|
|
closefrom(def_closefrom + 1); |
|
|
#ifndef PROFILING |
#ifndef PROFILING |
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) |
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) |
exit(0); |
exit(0); |
else { |
else { |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
if (is_selinux_enabled() > 0 && user_role != NULL) |
if (is_selinux_enabled() > 0 && user_role != NULL) |
selinux_exec(user_role, user_type, NewArgv, environ, |
selinux_exec(user_role, user_type, NewArgv, |
ISSET(sudo_mode, MODE_LOGIN_SHELL)); |
ISSET(sudo_mode, MODE_LOGIN_SHELL)); |
#endif |
#endif |
execve(safe_cmnd, NewArgv, environ); |
execv(safe_cmnd, NewArgv); |
} |
} |
#else |
#else |
exit(0); |
exit(0); |
#endif /* PROFILING */ |
#endif /* PROFILING */ |
/* |
/* |
* If we got here then the exec() failed... |
* If we got here then execve() failed... |
*/ |
*/ |
if (errno == ENOEXEC) { |
if (errno == ENOEXEC) { |
NewArgv--; /* at least one extra slot... */ |
NewArgv--; /* at least one extra slot... */ |
NewArgv[0] = "sh"; |
NewArgv[0] = "sh"; |
NewArgv[1] = safe_cmnd; |
NewArgv[1] = safe_cmnd; |
execve(_PATH_BSHELL, NewArgv, environ); |
execv(_PATH_BSHELL, NewArgv); |
} |
} warning("unable to execute %s", safe_cmnd); |
warn("unable to execute %s", safe_cmnd); |
|
exit(127); |
exit(127); |
} else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { |
} else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) { |
log_auth(validated, 1); |
log_denial(validated, 1); |
exit(1); |
exit(1); |
} else if (ISSET(validated, VALIDATE_NOT_OK)) { |
} else { |
if (def_path_info) { |
if (def_path_info) { |
/* |
/* |
* We'd like to not leak path info at all here, but that can |
* We'd like to not leak path info at all here, but that can |
|
|
* is just "no foo in path" since the user can trivially set |
* is just "no foo in path" since the user can trivially set |
* their path to just contain a single dir. |
* their path to just contain a single dir. |
*/ |
*/ |
log_auth(validated, |
log_denial(validated, |
!(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND)); |
!(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND)); |
if (cmnd_status == NOT_FOUND) |
if (cmnd_status == NOT_FOUND) |
warnx("%s: command not found", user_cmnd); |
warningx("%s: command not found", user_cmnd); |
else if (cmnd_status == NOT_FOUND_DOT) |
else if (cmnd_status == NOT_FOUND_DOT) |
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); |
warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); |
} else { |
} else { |
/* Just tell the user they are not allowed to run foo. */ |
/* Just tell the user they are not allowed to run foo. */ |
log_auth(validated, 1); |
log_denial(validated, 1); |
} |
} |
exit(1); |
exit(1); |
} else { |
|
/* should never get here */ |
|
log_auth(validated, 1); |
|
exit(1); |
|
} |
} |
exit(0); /* not reached */ |
exit(0); /* not reached */ |
} |
} |
|
|
* Initialize timezone, set umask, fill in ``sudo_user'' struct and |
* Initialize timezone, set umask, fill in ``sudo_user'' struct and |
* load the ``interfaces'' array. |
* load the ``interfaces'' array. |
*/ |
*/ |
static int |
static void |
init_vars(sudo_mode, envp) |
init_vars(sudo_mode, envp) |
int sudo_mode; |
int sudo_mode; |
char **envp; |
char **envp; |
{ |
{ |
char *p, **ep, thost[MAXHOSTNAMELEN]; |
char *p, **ep, thost[MAXHOSTNAMELEN + 1]; |
int nohostname, rval; |
int nohostname; |
|
|
/* Sanity check command from user. */ |
/* Sanity check command from user. */ |
if (user_cmnd == NULL && strlen(NewArgv[0]) >= PATH_MAX) |
if (user_cmnd == NULL && strlen(NewArgv[0]) >= PATH_MAX) |
errx(1, "%s: File name too long", NewArgv[0]); |
errorx(1, "%s: File name too long", NewArgv[0]); |
|
|
#ifdef HAVE_TZSET |
#ifdef HAVE_TZSET |
(void) tzset(); /* set the timezone if applicable */ |
(void) tzset(); /* set the timezone if applicable */ |
|
|
if (nohostname) |
if (nohostname) |
user_host = user_shost = "localhost"; |
user_host = user_shost = "localhost"; |
else { |
else { |
|
thost[sizeof(thost) - 1] = '\0'; |
user_host = estrdup(thost); |
user_host = estrdup(thost); |
if (def_fqdn) { |
if (def_fqdn) { |
/* Defer call to set_fqdn() until log_error() is safe. */ |
/* Defer call to set_fqdn() until log_error() is safe. */ |
|
|
user_tty = "unknown"; |
user_tty = "unknown"; |
|
|
for (ep = envp; *ep; ep++) { |
for (ep = envp; *ep; ep++) { |
|
/* XXX - don't fill in if empty string */ |
switch (**ep) { |
switch (**ep) { |
|
case 'D': |
|
if (strncmp("DISPLAY=", *ep, 8) == 0) |
|
user_display = *ep + 8; |
|
break; |
|
case 'K': |
|
if (strncmp("KRB5CCNAME=", *ep, 11) == 0) |
|
user_ccname = *ep + 11; |
|
break; |
case 'P': |
case 'P': |
if (strncmp("PATH=", *ep, 5) == 0) |
if (strncmp("PATH=", *ep, 5) == 0) |
user_path = *ep + 5; |
user_path = *ep + 5; |
|
|
user_prompt = *ep + 12; |
user_prompt = *ep + 12; |
else if (strncmp("SUDO_USER=", *ep, 10) == 0) |
else if (strncmp("SUDO_USER=", *ep, 10) == 0) |
prev_user = *ep + 10; |
prev_user = *ep + 10; |
|
else if (strncmp("SUDO_ASKPASS=", *ep, 13) == 0) |
|
user_askpass = *ep + 13; |
break; |
break; |
|
|
} |
} |
} |
} |
|
|
|
|
* be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. |
* be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. |
*/ |
*/ |
if (sudo_mode & (MODE_INVALIDATE|MODE_KILL)) |
if (sudo_mode & (MODE_INVALIDATE|MODE_KILL)) |
errx(1, "uid %s does not exist in the passwd file!", pw_name); |
errorx(1, "unknown uid: %s", pw_name); |
log_error(0, "uid %s does not exist in the passwd file!", pw_name); |
log_error(0, "unknown uid: %s", pw_name); |
} |
} |
if (user_shell == NULL || *user_shell == '\0') |
if (user_shell == NULL || *user_shell == '\0') |
user_shell = sudo_user.pw->pw_shell; |
user_shell = estrdup(sudo_user.pw->pw_shell); |
|
|
/* It is now safe to use log_error() and set_perms() */ |
/* It is now safe to use log_error() and set_perms() */ |
|
|
|
|
if (nohostname) |
if (nohostname) |
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); |
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); |
|
|
set_runaspw(*user_runas); /* may call log_error() */ |
|
if (*user_runas[0] == '#') { |
|
if (runas_pw->pw_name != *user_runas && runas_pw->pw_name[0]) |
|
*user_runas = estrdup(runas_pw->pw_name); |
|
} |
|
|
|
/* |
/* |
* Get current working directory. Try as user, fall back to root. |
* Get current working directory. Try as user, fall back to root. |
*/ |
*/ |
|
|
if (!getcwd(user_cwd, sizeof(user_cwd))) { |
if (!getcwd(user_cwd, sizeof(user_cwd))) { |
set_perms(PERM_ROOT); |
set_perms(PERM_ROOT); |
if (!getcwd(user_cwd, sizeof(user_cwd))) { |
if (!getcwd(user_cwd, sizeof(user_cwd))) { |
warnx("cannot get working directory"); |
warningx("cannot get working directory"); |
(void) strlcpy(user_cwd, "unknown", sizeof(user_cwd)); |
(void) strlcpy(user_cwd, "unknown", sizeof(user_cwd)); |
} |
} |
} else |
} else |
|
|
* If we were given the '-e', '-i' or '-s' options we need to redo |
* If we were given the '-e', '-i' or '-s' options we need to redo |
* NewArgv and NewArgc. |
* NewArgv and NewArgc. |
*/ |
*/ |
if ((sudo_mode & (MODE_SHELL | MODE_EDIT))) { |
if (ISSET(sudo_mode, MODE_EDIT)) { |
char **dst, **src = NewArgv; |
NewArgv--; |
|
NewArgc++; |
|
NewArgv[0] = "sudoedit"; |
|
} else if (ISSET(sudo_mode, MODE_SHELL)) { |
|
char **av; |
|
|
/* Allocate an extra slot for execve() failure (ENOEXEC). */ |
/* Allocate an extra slot for execve() failure (ENOEXEC). */ |
NewArgv = (char **) emalloc2((++NewArgc + 2), sizeof(char *)); |
av = (char **) emalloc2(5, sizeof(char *)); |
NewArgv++; |
av++; |
if (ISSET(sudo_mode, MODE_EDIT)) |
|
NewArgv[0] = "sudoedit"; |
|
else if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) |
|
NewArgv[0] = runas_pw->pw_shell; |
|
else if (user_shell && *user_shell) |
|
NewArgv[0] = user_shell; |
|
else |
|
errx(1, "unable to determine shell"); |
|
|
|
/* copy the args from NewArgv */ |
av[0] = user_shell; /* may be updated later */ |
for (dst = NewArgv + 1; (*dst = *src) != NULL; ++src, ++dst) |
if (NewArgc > 0) { |
continue; |
size_t size; |
|
char *cmnd, *src, *dst, *end; |
|
size = (size_t) (NewArgv[NewArgc - 1] - NewArgv[0]) + |
|
strlen(NewArgv[NewArgc - 1]) + 1; |
|
cmnd = emalloc(size); |
|
src = NewArgv[0]; |
|
dst = cmnd; |
|
for (end = src + size - 1; src < end; src++, dst++) |
|
*dst = *src == 0 ? ' ' : *src; |
|
*dst = '\0'; |
|
av[1] = "-c"; |
|
av[2] = cmnd; |
|
NewArgc = 2; |
|
} |
|
av[++NewArgc] = NULL; |
|
NewArgv = av; |
} |
} |
|
} |
|
|
/* Set login class if applicable. */ |
/* |
set_loginclass(sudo_user.pw); |
* Fill in user_cmnd, user_args, user_base and user_stat variables |
|
* and apply any command-specific defaults entries. |
|
*/ |
|
static int |
|
set_cmnd(sudo_mode) |
|
int sudo_mode; |
|
{ |
|
int rval; |
|
|
/* Set project if applicable. */ |
/* Set project if applicable. */ |
set_project(runas_pw); |
set_project(runas_pw); |
|
|
/* Resolve the path and return. */ |
/* Resolve the path and return. */ |
rval = FOUND; |
rval = FOUND; |
user_stat = emalloc(sizeof(struct stat)); |
user_stat = emalloc(sizeof(struct stat)); |
if (sudo_mode & (MODE_RUN | MODE_EDIT)) { |
if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { |
if (ISSET(sudo_mode, MODE_RUN)) { |
if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { |
/* XXX - default_runas may be modified during parsing of sudoers */ |
|
set_perms(PERM_RUNAS); |
set_perms(PERM_RUNAS); |
rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); |
rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); |
set_perms(PERM_ROOT); |
set_perms(PERM_ROOT); |
|
|
size_t size, n; |
size_t size, n; |
|
|
/* If we didn't realloc NewArgv it is contiguous so just count. */ |
/* If we didn't realloc NewArgv it is contiguous so just count. */ |
if (!(sudo_mode & (MODE_SHELL | MODE_EDIT))) { |
if (!ISSET(sudo_mode, MODE_SHELL)) { |
size = (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) + |
size = (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) + |
strlen(NewArgv[NewArgc-1]) + 1; |
strlen(NewArgv[NewArgc-1]) + 1; |
} else { |
} else { |
|
|
for (to = user_args, from = NewArgv + 1; *from; from++) { |
for (to = user_args, from = NewArgv + 1; *from; from++) { |
n = strlcpy(to, *from, size - (to - user_args)); |
n = strlcpy(to, *from, size - (to - user_args)); |
if (n >= size - (to - user_args)) |
if (n >= size - (to - user_args)) |
errx(1, "internal error, init_vars() overflow"); |
errorx(1, "internal error, init_vars() overflow"); |
to += n; |
to += n; |
*to++ = ' '; |
*to++ = ' '; |
} |
} |
|
|
else |
else |
user_base = user_cmnd; |
user_base = user_cmnd; |
|
|
|
if (!update_defaults(SETDEF_CMND)) |
|
log_error(NO_STDERR|NO_EXIT, "problem with defaults entries"); |
|
|
return(rval); |
return(rval); |
} |
} |
|
|
/* |
/* |
* Command line argument parsing, can't use getopt(3). |
* Command line argument parsing. |
|
* Sets NewArgc and NewArgv which corresponds to the argc/argv we'll use |
|
* for the command to be run (if we are running one). |
*/ |
*/ |
static int |
static int |
parse_args(argc, argv) |
parse_args(argc, argv) |
int argc; |
int argc; |
char **argv; |
char **argv; |
{ |
{ |
int rval = MODE_RUN; /* what mode is sudo to be run in? */ |
int mode = 0; /* what mode is sudo to be run in? */ |
int excl = 0; /* exclusive arg, no others allowed */ |
int flags = 0; /* mode flags */ |
|
int ch; |
|
|
NewArgv = argv + 1; |
|
NewArgc = argc - 1; |
|
|
|
/* First, check to see if we were invoked as "sudoedit". */ |
/* First, check to see if we were invoked as "sudoedit". */ |
if (strcmp(getprogname(), "sudoedit") == 0) { |
if (strcmp(getprogname(), "sudoedit") == 0) |
rval = MODE_EDIT; |
mode = MODE_EDIT; |
excl = 'e'; |
|
} else |
|
rval = MODE_RUN; |
|
|
|
while (NewArgc > 0) { |
/* Returns true if the last option string was "--" */ |
if (NewArgv[0][0] == '-') { |
#define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \ |
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') { |
argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0') |
warnx("please use single character options"); |
|
usage(1); |
|
} |
|
|
|
switch (NewArgv[0][1]) { |
/* Returns true if next option is an environment variable */ |
case 'p': |
#define is_envar (optind < argc && argv[optind][0] != '/' && \ |
/* Must have an associated prompt. */ |
strchr(argv[optind], '=') != NULL) |
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
user_prompt = NewArgv[1]; |
for (;;) { |
def_passprompt_override = TRUE; |
/* |
|
* We disable arg permutation for GNU getopt(). |
NewArgc--; |
* Some trickiness is required to allow environment variables |
NewArgv++; |
* to be interspersed with command line options. |
|
*/ |
|
if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlnPp:r:Sst:U:u:Vv")) != -1) { |
|
switch (ch) { |
|
case 'A': |
|
SET(tgetpass_flags, TGP_ASKPASS); |
break; |
break; |
case 'u': |
|
/* Must have an associated runas user. */ |
|
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
user_runas = &NewArgv[1]; |
|
|
|
NewArgc--; |
|
NewArgv++; |
|
break; |
|
#ifdef HAVE_BSD_AUTH_H |
#ifdef HAVE_BSD_AUTH_H |
case 'a': |
case 'a': |
/* Must have an associated authentication style. */ |
login_style = optarg; |
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
login_style = NewArgv[1]; |
|
|
|
NewArgc--; |
|
NewArgv++; |
|
break; |
break; |
#endif |
#endif |
|
case 'b': |
|
SET(flags, MODE_BACKGROUND); |
|
break; |
|
case 'C': |
|
if ((user_closefrom = atoi(optarg)) < 3) { |
|
warningx("the argument to -C must be at least 3"); |
|
usage(1); |
|
} |
|
break; |
#ifdef HAVE_LOGIN_CAP_H |
#ifdef HAVE_LOGIN_CAP_H |
case 'c': |
case 'c': |
/* Must have an associated login class. */ |
login_class = optarg; |
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
login_class = NewArgv[1]; |
|
def_use_loginclass = TRUE; |
def_use_loginclass = TRUE; |
|
|
NewArgc--; |
|
NewArgv++; |
|
break; |
break; |
#endif |
#endif |
case 'b': |
case 'E': |
SET(rval, MODE_BACKGROUND); |
SET(flags, MODE_PRESERVE_ENV); |
break; |
break; |
case 'e': |
case 'e': |
rval = MODE_EDIT; |
if (mode && mode != MODE_EDIT) |
if (excl && excl != 'e') |
|
usage_excl(1); |
usage_excl(1); |
excl = 'e'; |
mode = MODE_EDIT; |
break; |
break; |
case 'v': |
case 'g': |
rval = MODE_VALIDATE; |
runas_group = optarg; |
if (excl && excl != 'v') |
break; |
|
case 'H': |
|
SET(flags, MODE_RESET_HOME); |
|
break; |
|
case 'h': |
|
if (mode && mode != MODE_HELP) |
usage_excl(1); |
usage_excl(1); |
excl = 'v'; |
mode = MODE_HELP; |
break; |
break; |
case 'i': |
case 'i': |
SET(rval, (MODE_LOGIN_SHELL | MODE_SHELL)); |
SET(flags, MODE_LOGIN_SHELL); |
def_env_reset = TRUE; |
def_env_reset = TRUE; |
if (excl && excl != 'i') |
|
usage_excl(1); |
|
excl = 'i'; |
|
break; |
break; |
case 'k': |
case 'k': |
rval = MODE_INVALIDATE; |
if (mode && mode != MODE_INVALIDATE) |
if (excl && excl != 'k') |
|
usage_excl(1); |
usage_excl(1); |
excl = 'k'; |
mode = MODE_INVALIDATE; |
break; |
break; |
case 'K': |
case 'K': |
rval = MODE_KILL; |
if (mode && mode != MODE_KILL) |
if (excl && excl != 'K') |
|
usage_excl(1); |
usage_excl(1); |
excl = 'K'; |
mode = MODE_KILL; |
break; |
break; |
case 'L': |
case 'L': |
rval = MODE_LISTDEFS; |
if (mode && mode != MODE_LISTDEFS) |
if (excl && excl != 'L') |
|
usage_excl(1); |
usage_excl(1); |
excl = 'L'; |
mode = MODE_LISTDEFS; |
break; |
break; |
case 'l': |
case 'l': |
rval = MODE_LIST; |
if (mode) { |
if (excl && excl != 'l') |
if (mode == MODE_LIST) |
usage_excl(1); |
long_list = 1; |
excl = 'l'; |
else |
|
usage_excl(1); |
|
} |
|
mode = MODE_LIST; |
break; |
break; |
case 'V': |
case 'n': |
rval = MODE_VERSION; |
SET(flags, MODE_NONINTERACTIVE); |
if (excl && excl != 'V') |
|
usage_excl(1); |
|
excl = 'V'; |
|
break; |
break; |
case 'h': |
case 'P': |
rval = MODE_HELP; |
SET(flags, MODE_PRESERVE_GROUPS); |
if (excl && excl != 'h') |
|
usage_excl(1); |
|
excl = 'h'; |
|
break; |
break; |
case 's': |
case 'p': |
SET(rval, MODE_SHELL); |
user_prompt = optarg; |
if (excl && excl != 's') |
def_passprompt_override = TRUE; |
usage_excl(1); |
|
excl = 's'; |
|
break; |
break; |
case 'H': |
#ifdef HAVE_SELINUX |
SET(rval, MODE_RESET_HOME); |
case 'r': |
|
user_role = optarg; |
break; |
break; |
case 'P': |
case 't': |
SET(rval, MODE_PRESERVE_GROUPS); |
user_type = optarg; |
break; |
break; |
|
#endif |
case 'S': |
case 'S': |
SET(tgetpass_flags, TGP_STDIN); |
SET(tgetpass_flags, TGP_STDIN); |
break; |
break; |
case 'E': |
case 's': |
SET(rval, MODE_PRESERVE_ENV); |
SET(flags, MODE_SHELL); |
break; |
break; |
#ifdef HAVE_SELINUX |
case 'U': |
case 'r': |
if ((list_pw = sudo_getpwnam(optarg)) == NULL) |
/* Must have an associated SELinux role. */ |
errorx(1, "unknown user: %s", optarg); |
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
user_role = NewArgv[1]; |
|
|
|
NewArgc--; |
|
NewArgv++; |
|
break; |
break; |
case 't': |
case 'u': |
/* Must have an associated SELinux type. */ |
runas_user = optarg; |
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
user_type = NewArgv[1]; |
|
|
|
NewArgc--; |
|
NewArgv++; |
|
break; |
break; |
#endif |
case 'v': |
case '-': |
if (mode && mode != MODE_VALIDATE) |
NewArgc--; |
usage_excl(1); |
NewArgv++; |
mode = MODE_VALIDATE; |
goto args_done; |
break; |
case '\0': |
case 'V': |
warnx("'-' requires an argument"); |
if (mode && mode != MODE_VERSION) |
usage(1); |
usage_excl(1); |
|
mode = MODE_VERSION; |
|
break; |
default: |
default: |
warnx("illegal option `%s'", NewArgv[0]); |
|
usage(1); |
usage(1); |
} |
} |
} else if (NewArgv[0][0] != '/' && strchr(NewArgv[0], '=') != NULL) { |
} else if (!got_end_of_args && is_envar) { |
/* Could be an environment variable. */ |
|
struct list_member *ev; |
struct list_member *ev; |
|
|
|
/* Store environment variable. */ |
ev = emalloc(sizeof(*ev)); |
ev = emalloc(sizeof(*ev)); |
ev->value = NewArgv[0]; |
ev->value = argv[optind]; |
ev->next = sudo_user.env_vars; |
ev->next = sudo_user.env_vars; |
sudo_user.env_vars = ev; |
sudo_user.env_vars = ev; |
|
|
|
/* Crank optind and resume getopt. */ |
|
optind++; |
} else { |
} else { |
/* Not an arg */ |
/* Not an option or an environment variable -- we're done. */ |
break; |
break; |
} |
} |
NewArgc--; |
|
NewArgv++; |
|
} |
} |
args_done: |
|
|
|
if (ISSET(rval, MODE_EDIT) && |
NewArgc = argc - optind; |
(ISSET(rval, MODE_PRESERVE_ENV) || sudo_user.env_vars != NULL)) { |
NewArgv = argv + optind; |
if (ISSET(rval, MODE_PRESERVE_ENV)) |
|
warnx("the `-E' option is not valid in edit mode"); |
if (!mode) |
|
mode = MODE_RUN; |
|
|
|
if (NewArgc > 0 && mode == MODE_LIST) |
|
mode = MODE_CHECK; |
|
|
|
if (ISSET(flags, MODE_LOGIN_SHELL)) { |
|
if (ISSET(flags, MODE_SHELL)) { |
|
warningx("you may not specify both the `-i' and `-s' options"); |
|
usage(1); |
|
} |
|
if (ISSET(flags, MODE_PRESERVE_ENV)) { |
|
warningx("you may not specify both the `-i' and `-E' options"); |
|
usage(1); |
|
} |
|
SET(flags, MODE_SHELL); |
|
} |
|
if (mode == MODE_EDIT && |
|
(ISSET(flags, MODE_PRESERVE_ENV) || sudo_user.env_vars != NULL)) { |
|
if (ISSET(mode, MODE_PRESERVE_ENV)) |
|
warningx("the `-E' option is not valid in edit mode"); |
if (sudo_user.env_vars != NULL) |
if (sudo_user.env_vars != NULL) |
warnx("you may not specify environment variables in edit mode"); |
warningx("you may not specify environment variables in edit mode"); |
usage(1); |
usage(1); |
} |
} |
if (ISSET(rval, MODE_PRESERVE_ENV) && ISSET(rval, MODE_LOGIN_SHELL)) { |
if ((runas_user != NULL || runas_group != NULL) && |
warnx("you may not specify both the `-i' and `-E' options"); |
!ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK)) { |
usage(1); |
usage(1); |
} |
} |
if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN))) { |
if (list_pw != NULL && mode != MODE_LIST && mode != MODE_CHECK) { |
if (excl != '\0') |
warningx("the `-U' option may only be used with the `-l' option"); |
warnx("the `-u' and '-%c' options may not be used together", excl); |
|
usage(1); |
usage(1); |
} |
} |
if ((NewArgc == 0 && (rval & MODE_EDIT)) || |
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) { |
(NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT)))) |
warningx("the `-A' and `-S' options may not be used together"); |
usage(1); |
usage(1); |
if (NewArgc == 0 && rval == MODE_RUN) |
} |
SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL)); |
if ((NewArgc == 0 && mode == MODE_EDIT) || |
|
(NewArgc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK))) |
|
usage(1); |
|
if (NewArgc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL)) |
|
SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL)); |
|
|
return(rval); |
return(mode | flags); |
} |
} |
|
|
/* |
/* |
* Sanity check sudoers mode/owner/type. |
* Open sudoers and sanity check mode/owner/type. |
* Leaves a file pointer to the sudoers file open in ``fp''. |
* Returns a handle to the sudoers file or NULL on error. |
*/ |
*/ |
static void |
FILE * |
check_sudoers() |
open_sudoers(sudoers, keepopen) |
|
const char *sudoers; |
|
int *keepopen; |
{ |
{ |
struct stat statbuf; |
struct stat statbuf; |
int rootstat, i; |
FILE *fp = NULL; |
|
int rootstat; |
|
|
/* |
/* |
* Fix the mode and group on sudoers file from old default. |
* Fix the mode and group on sudoers file from old default. |
* Only works if file system is readable/writable by root. |
* Only works if file system is readable/writable by root. |
*/ |
*/ |
if ((rootstat = stat_sudoers(_PATH_SUDOERS, &statbuf)) == 0 && |
if ((rootstat = stat_sudoers(sudoers, &statbuf)) == 0 && |
SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 && |
SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 && |
(statbuf.st_mode & 0007777) == 0400) { |
(statbuf.st_mode & 0007777) == 0400) { |
|
|
if (chmod(_PATH_SUDOERS, SUDOERS_MODE) == 0) { |
if (chmod(sudoers, SUDOERS_MODE) == 0) { |
warnx("fixed mode on %s", _PATH_SUDOERS); |
warningx("fixed mode on %s", sudoers); |
SET(statbuf.st_mode, SUDOERS_MODE); |
SET(statbuf.st_mode, SUDOERS_MODE); |
if (statbuf.st_gid != SUDOERS_GID) { |
if (statbuf.st_gid != SUDOERS_GID) { |
if (!chown(_PATH_SUDOERS,(uid_t) -1,SUDOERS_GID)) { |
if (chown(sudoers, (uid_t) -1, SUDOERS_GID) == 0) { |
warnx("set group on %s", _PATH_SUDOERS); |
warningx("set group on %s", sudoers); |
statbuf.st_gid = SUDOERS_GID; |
statbuf.st_gid = SUDOERS_GID; |
} else |
} else |
warn("unable to set group on %s", _PATH_SUDOERS); |
warning("unable to set group on %s", sudoers); |
} |
} |
} else |
} else |
warn("unable to fix mode on %s", _PATH_SUDOERS); |
warning("unable to fix mode on %s", sudoers); |
} |
} |
|
|
/* |
/* |
|
|
*/ |
*/ |
set_perms(PERM_SUDOERS); |
set_perms(PERM_SUDOERS); |
|
|
if (rootstat != 0 && stat_sudoers(_PATH_SUDOERS, &statbuf) != 0) |
if (rootstat != 0 && stat_sudoers(sudoers, &statbuf) != 0) |
log_error(USE_ERRNO, "can't stat %s", _PATH_SUDOERS); |
log_error(USE_ERRNO|NO_EXIT, "can't stat %s", sudoers); |
else if (!S_ISREG(statbuf.st_mode)) |
else if (!S_ISREG(statbuf.st_mode)) |
log_error(0, "%s is not a regular file", _PATH_SUDOERS); |
log_error(NO_EXIT, "%s is not a regular file", sudoers); |
else if (statbuf.st_size == 0) |
|
log_error(0, "%s is zero length", _PATH_SUDOERS); |
|
else if ((statbuf.st_mode & 07777) != SUDOERS_MODE) |
else if ((statbuf.st_mode & 07777) != SUDOERS_MODE) |
log_error(0, "%s is mode 0%o, should be 0%o", _PATH_SUDOERS, |
log_error(NO_EXIT, "%s is mode 0%o, should be 0%o", sudoers, |
(unsigned int) (statbuf.st_mode & 07777), |
(unsigned int) (statbuf.st_mode & 07777), |
(unsigned int) SUDOERS_MODE); |
(unsigned int) SUDOERS_MODE); |
else if (statbuf.st_uid != SUDOERS_UID) |
else if (statbuf.st_uid != SUDOERS_UID) |
log_error(0, "%s is owned by uid %lu, should be %lu", _PATH_SUDOERS, |
log_error(NO_EXIT, "%s is owned by uid %lu, should be %lu", sudoers, |
(unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID); |
(unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID); |
else if (statbuf.st_gid != SUDOERS_GID) |
else if (statbuf.st_gid != SUDOERS_GID) |
log_error(0, "%s is owned by gid %lu, should be %lu", _PATH_SUDOERS, |
log_error(NO_EXIT, "%s is owned by gid %lu, should be %lu", sudoers, |
(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID); |
(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID); |
else { |
else if ((fp = fopen(sudoers, "r")) == NULL) |
/* Solaris sometimes returns EAGAIN so try 10 times */ |
log_error(USE_ERRNO, "can't open %s", sudoers); |
for (i = 0; i < 10 ; i++) { |
else if (statbuf.st_size != 0) { |
errno = 0; |
/* |
if ((sudoers_fp = fopen(_PATH_SUDOERS, "r")) == NULL || |
* Make sure we can actually read sudoers so we can present the |
fgetc(sudoers_fp) == EOF) { |
* user with a reasonable error message. |
if (sudoers_fp != NULL) |
*/ |
fclose(sudoers_fp); |
if (fgetc(fp) == EOF) |
sudoers_fp = NULL; |
log_error(USE_ERRNO, "can't read %s", sudoers); |
if (errno != EAGAIN && errno != EWOULDBLOCK) |
rewind(fp); |
break; |
|
} else |
|
break; |
|
sleep(1); |
|
} |
|
if (sudoers_fp == NULL) |
|
log_error(USE_ERRNO, "can't open %s", _PATH_SUDOERS); |
|
} |
} |
|
(void) fcntl(fileno(fp), F_SETFD, 1); |
|
|
set_perms(PERM_ROOT); /* change back to root */ |
set_perms(PERM_ROOT); /* change back to root */ |
|
return(fp); |
} |
} |
|
|
/* |
/* |
* Close all open files (except std*) and turn off core dumps. |
* Close all open files (except std*) and turn off core dumps. |
|
* Also sets the set_perms() pointer to the correct function. |
*/ |
*/ |
static void |
static void |
initial_setup() |
initial_setup() |
|
|
(void) dup2(devnull, STDOUT_FILENO); |
(void) dup2(devnull, STDOUT_FILENO); |
if (miss[STDERR_FILENO]) |
if (miss[STDERR_FILENO]) |
(void) dup2(devnull, STDERR_FILENO); |
(void) dup2(devnull, STDERR_FILENO); |
|
if (devnull > STDERR_FILENO) |
|
close(devnull); |
} |
} |
} |
} |
closefrom(STDERR_FILENO + 1); |
|
} |
} |
|
|
#ifdef HAVE_LOGIN_CAP_H |
#ifdef HAVE_LOGIN_CAP_H |
|
|
errflags = NO_MAIL|MSG_ONLY|NO_EXIT; |
errflags = NO_MAIL|MSG_ONLY|NO_EXIT; |
|
|
if (login_class && strcmp(login_class, "-") != 0) { |
if (login_class && strcmp(login_class, "-") != 0) { |
if (strcmp(*user_runas, "root") != 0 && user_uid != 0) |
if (user_uid != 0 && |
errx(1, "only root can use -c %s", login_class); |
strcmp(runas_user ? runas_user : def_runas_default, "root") != 0) |
|
errorx(1, "only root can use -c %s", login_class); |
} else { |
} else { |
login_class = pw->pw_class; |
login_class = pw->pw_class; |
if (!login_class || !*login_class) |
if (!login_class || !*login_class) |
|
|
char *p; |
char *p; |
|
|
#ifdef HAVE_GETADDRINFO |
#ifdef HAVE_GETADDRINFO |
memset(&hint, 0, sizeof(hint)); |
zero_bytes(&hint, sizeof(hint)); |
hint.ai_family = PF_UNSPEC; |
hint.ai_family = PF_UNSPEC; |
hint.ai_flags = AI_CANONNAME; |
hint.ai_flags = AI_CANONNAME; |
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { |
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { |
|
|
* Get passwd entry for the user we are going to run commands as. |
* Get passwd entry for the user we are going to run commands as. |
* By default, this is "root". Updates runas_pw as a side effect. |
* By default, this is "root". Updates runas_pw as a side effect. |
*/ |
*/ |
int |
static void |
set_runaspw(user) |
set_runaspw(user) |
char *user; |
char *user; |
{ |
{ |
if (runas_pw != NULL) { |
|
if (user_runas != &def_runas_default) |
|
return(TRUE); /* don't override -u option */ |
|
efree(runas_pw); |
|
} |
|
if (*user == '#') { |
if (*user == '#') { |
runas_pw = sudo_getpwuid(atoi(user + 1)); |
if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) |
if (runas_pw == NULL) { |
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); |
runas_pw = emalloc(sizeof(struct passwd)); |
|
(void) memset((VOID *)runas_pw, 0, sizeof(struct passwd)); |
|
runas_pw->pw_uid = atoi(user + 1); |
|
runas_pw->pw_name = user; |
|
runas_pw->pw_passwd = "*"; |
|
runas_pw->pw_gecos = user; |
|
runas_pw->pw_dir = "/"; |
|
runas_pw->pw_shell = estrdup(_PATH_BSHELL); |
|
} |
|
} else { |
} else { |
runas_pw = sudo_getpwnam(user); |
if ((runas_pw = sudo_getpwnam(user)) == NULL) |
if (runas_pw == NULL) |
log_error(NO_MAIL|MSG_ONLY, "unknown user: %s", user); |
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user); |
|
} |
} |
return(TRUE); |
|
} |
} |
|
|
/* |
/* |
|
* Get group entry for the group we are going to run commands as. |
|
* Updates runas_pw as a side effect. |
|
*/ |
|
static void |
|
set_runasgr(group) |
|
char *group; |
|
{ |
|
if (*group == '#') { |
|
if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL) |
|
runas_gr = sudo_fakegrnam(group); |
|
} else { |
|
if ((runas_gr = sudo_getgrnam(group)) == NULL) |
|
log_error(NO_MAIL|MSG_ONLY, "unknown group: %s", group); |
|
} |
|
} |
|
|
|
/* |
* Get passwd entry for the user we are going to authenticate as. |
* Get passwd entry for the user we are going to authenticate as. |
* By default, this is the user invoking sudo. In the most common |
* By default, this is the user invoking sudo. In the most common |
* case, this matches sudo_user.pw or runas_pw. |
* case, this matches sudo_user.pw or runas_pw. |
|
|
struct passwd *pw; |
struct passwd *pw; |
|
|
if (def_rootpw) { |
if (def_rootpw) { |
if (runas_pw->pw_uid == 0) |
if ((pw = sudo_getpwuid(0)) == NULL) |
pw = runas_pw; |
log_error(0, "unknown uid: 0"); |
else if ((pw = sudo_getpwuid(0)) == NULL) |
|
log_error(0, "uid 0 does not exist in the passwd file!"); |
|
} else if (def_runaspw) { |
} else if (def_runaspw) { |
if (strcmp(def_runas_default, *user_runas) == 0) |
if ((pw = sudo_getpwnam(def_runas_default)) == NULL) |
pw = runas_pw; |
log_error(0, "unknown user: %s", def_runas_default); |
else if ((pw = sudo_getpwnam(def_runas_default)) == NULL) |
|
log_error(0, "user %s does not exist in the passwd file!", |
|
def_runas_default); |
|
} else if (def_targetpw) { |
} else if (def_targetpw) { |
if (runas_pw->pw_name == NULL) |
if (runas_pw->pw_name == NULL) |
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %lu!", |
log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu", |
(unsigned long) runas_pw->pw_uid); |
(unsigned long) runas_pw->pw_uid); |
pw = runas_pw; |
pw = runas_pw; |
} else |
} else |
|
|
} |
} |
|
|
/* |
/* |
|
* Cleanup hook for error()/errorx() |
|
*/ |
|
void |
|
cleanup(gotsignal) |
|
int gotsignal; |
|
{ |
|
struct sudo_nss *nss; |
|
|
|
if (!gotsignal) { |
|
if (snl != NULL) { |
|
tq_foreach_fwd(snl, nss) |
|
nss->close(nss); |
|
} |
|
sudo_endpwent(); |
|
sudo_endgrent(); |
|
} |
|
} |
|
|
|
static void |
|
show_version() |
|
{ |
|
(void) printf("Sudo version %s\n", version); |
|
if (getuid() == 0) { |
|
putchar('\n'); |
|
(void) printf("Sudoers path: %s\n", _PATH_SUDOERS); |
|
#ifdef HAVE_LDAP |
|
# ifdef _PATH_NSSWITCH_CONF |
|
(void) printf("nsswitch path: %s\n", _PATH_NSSWITCH_CONF); |
|
# endif |
|
(void) printf("ldap.conf path: %s\n", _PATH_LDAP_CONF); |
|
(void) printf("ldap.secret path: %s\n", _PATH_LDAP_SECRET); |
|
#endif |
|
dump_auth_methods(); |
|
dump_defaults(); |
|
dump_interfaces(); |
|
} |
|
exit(0); |
|
} |
|
|
|
/* |
* Tell which options are mutually exclusive and exit. |
* Tell which options are mutually exclusive and exit. |
*/ |
*/ |
static void |
static void |
usage_excl(exit_val) |
usage_excl(exit_val) |
int exit_val; |
int exit_val; |
{ |
{ |
warnx("Only one of the -e, -h, i, -k, -K, -l, -s, -v or -V options may be used"); |
warningx("Only one of the -e, -h, -i, -k, -K, -l, -s, -v or -V options may be specified"); |
usage(exit_val); |
usage(exit_val); |
} |
} |
|
|
/* |
/* |
* Give usage message and exit. |
* Give usage message and exit. |
|
* The actual usage strings are in sudo_usage.h for configure substitution. |
*/ |
*/ |
static void |
static void |
usage(exit_val) |
usage(exit_val) |
int exit_val; |
int exit_val; |
{ |
{ |
char **p, **uvec[4]; |
struct lbuf lbuf; |
int i, linelen, linemax, ulen, plen; |
char *uvec[5]; |
static char *uvec1[] = { |
int i, ulen; |
" -h |", |
|
" -K |", |
|
" -k |", |
|
" -L |", |
|
" -l |", |
|
" -V |", |
|
" -v", |
|
NULL |
|
}; |
|
static char *uvec2[] = { |
|
" [-bEHPS]", |
|
#ifdef HAVE_BSD_AUTH_H |
|
" [-a auth_type]", |
|
#endif |
|
#ifdef HAVE_LOGIN_CAP_H |
|
" [-c class|-]", |
|
#endif |
|
#ifdef HAVE_SELINUX |
|
" [-r role]", |
|
#endif |
|
" [-p prompt]", |
|
#ifdef HAVE_SELINUX |
|
" [-t type]", |
|
#endif |
|
" [-u username|#uid]", |
|
" [VAR=value]", |
|
" {-i | -s | <command>}", |
|
NULL |
|
}; |
|
static char *uvec3[] = { |
|
" -e", |
|
" [-S]", |
|
#ifdef HAVE_BSD_AUTH_H |
|
" [-a auth_type]", |
|
#endif |
|
#ifdef HAVE_LOGIN_CAP_H |
|
" [-c class|-]", |
|
#endif |
|
" [-p prompt]", |
|
" [-u username|#uid]", |
|
" file ...", |
|
NULL |
|
}; |
|
|
|
/* |
/* |
* Use usage vectors appropriate to the progname. |
* Use usage vectors appropriate to the progname. |
*/ |
*/ |
if (strcmp(getprogname(), "sudoedit") == 0) { |
if (strcmp(getprogname(), "sudoedit") == 0) { |
uvec[0] = uvec3 + 1; |
uvec[0] = SUDO_USAGE4 + 3; |
uvec[1] = NULL; |
uvec[1] = NULL; |
} else { |
} else { |
uvec[0] = uvec1; |
uvec[0] = SUDO_USAGE1; |
uvec[1] = uvec2; |
uvec[1] = SUDO_USAGE2; |
uvec[2] = uvec3; |
uvec[2] = SUDO_USAGE3; |
uvec[3] = NULL; |
uvec[3] = SUDO_USAGE4; |
|
uvec[4] = NULL; |
} |
} |
|
|
/* |
/* |
* Print usage and wrap lines as needed. |
* Print usage and wrap lines as needed, depending on the |
* Assumes an 80-character wide terminal, which is kind of bogus... |
* tty width. |
*/ |
*/ |
ulen = (int)strlen(getprogname()) + 7; |
ulen = (int)strlen(getprogname()) + 8; |
linemax = 80; |
lbuf_init(&lbuf, NULL, ulen, 0); |
for (i = 0; uvec[i] != NULL; i++) { |
for (i = 0; uvec[i] != NULL; i++) { |
printf("usage: %s", getprogname()); |
lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL); |
linelen = linemax - ulen; |
lbuf_print(&lbuf); |
for (p = uvec[i]; *p != NULL; p++) { |
|
plen = (int)strlen(*p); |
|
if (linelen >= plen || linelen == linemax - ulen) { |
|
fputs(*p, stdout); |
|
linelen -= plen; |
|
} else { |
|
p--; |
|
linelen = linemax - ulen; |
|
printf("\n%*s", ulen, ""); |
|
} |
|
} |
|
putchar('\n'); |
|
} |
} |
|
lbuf_destroy(&lbuf); |
exit(exit_val); |
exit(exit_val); |
} |
} |