version 1.7, 2000/08/13 21:58:52 |
version 1.8, 2000/11/21 17:58:44 |
|
|
# endif /* __hpux */ |
# endif /* __hpux */ |
# include <prot.h> |
# include <prot.h> |
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
#ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
# include <login_cap.h> |
# include <login_cap.h> |
# ifndef LOGIN_DEFROOTCLASS |
# ifndef LOGIN_DEFROOTCLASS |
# define LOGIN_DEFROOTCLASS "daemon" |
# define LOGIN_DEFROOTCLASS "daemon" |
|
|
static void usage_excl __P((int)); |
static void usage_excl __P((int)); |
static void check_sudoers __P((void)); |
static void check_sudoers __P((void)); |
static int init_vars __P((int)); |
static int init_vars __P((int)); |
static int set_loginclass __P((struct passwd *)); |
static void set_loginclass __P((struct passwd *)); |
static void add_env __P((int)); |
static void add_env __P((int)); |
static void clean_env __P((char **, struct env_table *)); |
static void clean_env __P((char **, struct env_table *)); |
static void initial_setup __P((void)); |
static void initial_setup __P((void)); |
|
|
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
static struct rlimit corelimit; |
static struct rlimit corelimit; |
#endif /* RLIMIT_CORE */ |
#endif /* RLIMIT_CORE */ |
|
#ifdef HAVE_LOGIN_CAP_H |
|
login_cap_t *lc; |
|
#endif /* HAVE_LOGIN_CAP_H */ |
|
#ifdef HAVE_BSD_AUTH_H |
|
char *login_style; |
|
#endif /* HAVE_BSD_AUTH_H */ |
|
|
/* |
/* |
* Table of "bad" envariables to remove and len for strncmp() |
* Table of "bad" envariables to remove and len for strncmp() |
|
|
|
|
/* Replace the PATH envariable with a secure one. */ |
/* Replace the PATH envariable with a secure one. */ |
if (def_str(I_SECURE_PATH) && !user_is_exempt()) |
if (def_str(I_SECURE_PATH) && !user_is_exempt()) |
if (sudo_setenv("PATH", def_str(I_SECURE_PATH))) { |
sudo_setenv("PATH", def_str(I_SECURE_PATH)); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", |
|
Argv[0]); |
|
exit(1); |
|
} |
|
|
|
/* Restore coredumpsize resource limit. */ |
/* Restore coredumpsize resource limit. */ |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
|
|
|
|
/* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ |
/* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ |
if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) |
if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) |
(void) sudo_setenv("HOME", runas_homedir); |
sudo_setenv("HOME", runas_homedir); |
|
|
#ifndef PROFILING |
#ifndef PROFILING |
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
|
|
; |
; |
} |
} |
|
|
|
/* Set login class if applicable. */ |
|
set_loginclass(sudo_user.pw); |
|
|
/* Resolve the path and return. */ |
/* Resolve the path and return. */ |
if ((sudo_mode & MODE_RUN)) |
if ((sudo_mode & MODE_RUN)) |
return(find_path(NewArgv[0], &user_cmnd)); |
return(find_path(NewArgv[0], &user_cmnd)); |
|
|
NewArgc--; |
NewArgc--; |
NewArgv++; |
NewArgv++; |
break; |
break; |
#ifdef HAVE_LOGINCAP |
#ifdef HAVE_BSD_AUTH_H |
|
case 'a': |
|
/* Must have an associated authentication style. */ |
|
if (NewArgv[1] == NULL) |
|
usage(1); |
|
|
|
login_style = NewArgv[1]; |
|
|
|
/* Shift Argv over and adjust Argc. */ |
|
NewArgc--; |
|
NewArgv++; |
|
break; |
|
#endif |
|
#ifdef HAVE_LOGIN_CAP_H |
case 'c': |
case 'c': |
/* Must have an associated login class. */ |
/* Must have an associated login class. */ |
if (NewArgv[1] == NULL) |
if (NewArgv[1] == NULL) |
|
|
} else { |
} else { |
buf = user_cmnd; |
buf = user_cmnd; |
} |
} |
if (sudo_setenv("SUDO_COMMAND", buf)) { |
sudo_setenv("SUDO_COMMAND", buf); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
exit(1); |
|
} |
|
if (NewArgc > 1) |
if (NewArgc > 1) |
free(buf); |
free(buf); |
|
|
|
|
user_args = NULL; |
user_args = NULL; |
} |
} |
|
|
/* Add the SUDO_USER environment variable. */ |
/* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ |
if (sudo_setenv("SUDO_USER", user_name)) { |
sudo_setenv("SUDO_USER", user_name); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
exit(1); |
|
} |
|
|
|
/* Add the SUDO_UID environment variable. */ |
|
(void) sprintf(idstr, "%ld", (long) user_uid); |
(void) sprintf(idstr, "%ld", (long) user_uid); |
if (sudo_setenv("SUDO_UID", idstr)) { |
sudo_setenv("SUDO_UID", idstr); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
exit(1); |
|
} |
|
|
|
/* Add the SUDO_GID environment variable. */ |
|
(void) sprintf(idstr, "%ld", (long) user_gid); |
(void) sprintf(idstr, "%ld", (long) user_gid); |
if (sudo_setenv("SUDO_GID", idstr)) { |
sudo_setenv("SUDO_GID", idstr); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
exit(1); |
|
} |
|
|
|
/* Set PS1 if SUDO_PS1 is set. */ |
/* Set PS1 if SUDO_PS1 is set. */ |
if ((buf = getenv("SUDO_PS1"))) |
if ((buf = getenv("SUDO_PS1"))) |
if (sudo_setenv("PS1", buf)) { |
sudo_setenv("PS1", buf); |
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
exit(1); |
|
} |
|
} |
} |
|
|
/* |
/* |
|
|
|
|
/* Set $USER and $LOGNAME to target user */ |
/* Set $USER and $LOGNAME to target user */ |
if (def_flag(I_LOGNAME)) { |
if (def_flag(I_LOGNAME)) { |
if (sudo_setenv("USER", pw->pw_name)) { |
sudo_setenv("USER", pw->pw_name); |
(void) fprintf(stderr, |
sudo_setenv("LOGNAME", pw->pw_name); |
"%s: cannot allocate memory!\n", |
|
Argv[0]); |
|
exit(1); |
|
} |
|
if (sudo_setenv("LOGNAME", pw->pw_name)) { |
|
(void) fprintf(stderr, |
|
"%s: cannot allocate memory!\n", |
|
Argv[0]); |
|
exit(1); |
|
} |
|
} |
} |
|
|
|
#ifdef HAVE_LOGIN_CAP_H |
if (def_flag(I_LOGINCLASS)) { |
if (def_flag(I_LOGINCLASS)) { |
/* |
/* |
* setusercontext() will set uid/gid/etc |
* setusercontext() will set uid/gid/etc |
* for us so no need to do it below. |
* for us so no need to do it below. |
*/ |
*/ |
if (set_loginclass(pw) > 0) |
if (setusercontext(lc, pw, pw->pw_uid, |
|
LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY)) |
|
log_error( |
|
NO_MAIL|USE_ERRNO|MSG_ONLY, |
|
"setusercontext() failed for login class %s", |
|
login_class); |
|
else |
break; |
break; |
} |
} |
|
#endif /* HAVE_LOGIN_CAP_H */ |
|
|
if (setgid(pw->pw_gid)) { |
if (setgid(pw->pw_gid)) { |
(void) fprintf(stderr, |
(void) fprintf(stderr, |
|
|
#endif /* POSIX_SIGNALS */ |
#endif /* POSIX_SIGNALS */ |
} |
} |
|
|
#ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
static int |
static void |
set_loginclass(pw) |
set_loginclass(pw) |
struct passwd *pw; |
struct passwd *pw; |
{ |
{ |
login_cap_t *lc; |
|
int errflags; |
int errflags; |
|
|
/* |
/* |
|
|
} |
} |
|
|
lc = login_getclass(login_class); |
lc = login_getclass(login_class); |
if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) { |
if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) |
log_error(errflags, "unknown login class: %s", login_class); |
log_error(errflags, "unknown login class: %s", login_class); |
return(0); |
|
} |
|
|
|
/* Set everything except the environment and umask. */ |
|
if (setusercontext(lc, pw, pw->pw_uid, |
|
LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY) < 0) |
|
log_error(NO_MAIL|USE_ERRNO|MSG_ONLY, |
|
"setusercontext() failed for login class %s", login_class); |
|
|
|
login_close(lc); |
|
return(1); |
|
} |
} |
#else |
#else |
static int |
static void |
set_loginclass(pw) |
set_loginclass(pw) |
struct passwd *pw; |
struct passwd *pw; |
{ |
{ |
return(0); |
|
} |
} |
#endif /* HAVE_LOGINCAP */ |
#endif /* HAVE_LOGIN_CAP_H */ |
|
|
/* |
/* |
* Look up the fully qualified domain name and set user_host and user_shost. |
* Look up the fully qualified domain name and set user_host and user_shost. |
|
|
usage(exit_val) |
usage(exit_val) |
int exit_val; |
int exit_val; |
{ |
{ |
(void) fprintf(stderr, |
|
"usage: %s -V | -h | -L | -l | -v | -k | -K | [-H] [-S] [-b]\n%*s", |
(void) fprintf(stderr, "usage: sudo -V | -h | -L | -l | -v | -k | -K | %s", |
Argv[0], (int) strlen(Argv[0]) + 8, " "); |
"[-H] [-S] [-b] [-p prompt]\n [-u username/#uid] "); |
#ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
(void) fprintf(stderr, "[-p prompt] [-u username/#uid] [-c class] -s | <command>\n"); |
(void) fprintf(stderr, "[-c class] "); |
#else |
|
(void) fprintf(stderr, "[-p prompt] [-u username/#uid] -s | <command>\n"); |
|
#endif |
#endif |
|
#ifdef HAVE_BSD_AUTH_H |
|
(void) fprintf(stderr, "[-a auth_type] "); |
|
#endif |
|
(void) fprintf(stderr, "-s | <command>\n"); |
exit(exit_val); |
exit(exit_val); |
} |
} |