| version 1.7, 2000/08/13 21:58:52 |
version 1.8, 2000/11/21 17:58:44 |
|
|
| # endif /* __hpux */ |
# endif /* __hpux */ |
| # include <prot.h> |
# include <prot.h> |
| #endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ |
| #ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
| # include <login_cap.h> |
# include <login_cap.h> |
| # ifndef LOGIN_DEFROOTCLASS |
# ifndef LOGIN_DEFROOTCLASS |
| # define LOGIN_DEFROOTCLASS "daemon" |
# define LOGIN_DEFROOTCLASS "daemon" |
|
|
| static void usage_excl __P((int)); |
static void usage_excl __P((int)); |
| static void check_sudoers __P((void)); |
static void check_sudoers __P((void)); |
| static int init_vars __P((int)); |
static int init_vars __P((int)); |
| static int set_loginclass __P((struct passwd *)); |
static void set_loginclass __P((struct passwd *)); |
| static void add_env __P((int)); |
static void add_env __P((int)); |
| static void clean_env __P((char **, struct env_table *)); |
static void clean_env __P((char **, struct env_table *)); |
| static void initial_setup __P((void)); |
static void initial_setup __P((void)); |
|
|
| #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
| static struct rlimit corelimit; |
static struct rlimit corelimit; |
| #endif /* RLIMIT_CORE */ |
#endif /* RLIMIT_CORE */ |
| |
#ifdef HAVE_LOGIN_CAP_H |
| |
login_cap_t *lc; |
| |
#endif /* HAVE_LOGIN_CAP_H */ |
| |
#ifdef HAVE_BSD_AUTH_H |
| |
char *login_style; |
| |
#endif /* HAVE_BSD_AUTH_H */ |
| |
|
| /* |
/* |
| * Table of "bad" envariables to remove and len for strncmp() |
* Table of "bad" envariables to remove and len for strncmp() |
|
|
| |
|
| /* Replace the PATH envariable with a secure one. */ |
/* Replace the PATH envariable with a secure one. */ |
| if (def_str(I_SECURE_PATH) && !user_is_exempt()) |
if (def_str(I_SECURE_PATH) && !user_is_exempt()) |
| if (sudo_setenv("PATH", def_str(I_SECURE_PATH))) { |
sudo_setenv("PATH", def_str(I_SECURE_PATH)); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", |
|
| Argv[0]); |
|
| exit(1); |
|
| } |
|
| |
|
| /* Restore coredumpsize resource limit. */ |
/* Restore coredumpsize resource limit. */ |
| #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) |
|
|
| |
|
| /* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ |
/* Set $HOME for `sudo -H'. Only valid at PERM_RUNAS. */ |
| if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) |
if ((sudo_mode & MODE_RESET_HOME) && runas_homedir) |
| (void) sudo_setenv("HOME", runas_homedir); |
sudo_setenv("HOME", runas_homedir); |
| |
|
| #ifndef PROFILING |
#ifndef PROFILING |
| if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) |
|
|
| ; |
; |
| } |
} |
| |
|
| |
/* Set login class if applicable. */ |
| |
set_loginclass(sudo_user.pw); |
| |
|
| /* Resolve the path and return. */ |
/* Resolve the path and return. */ |
| if ((sudo_mode & MODE_RUN)) |
if ((sudo_mode & MODE_RUN)) |
| return(find_path(NewArgv[0], &user_cmnd)); |
return(find_path(NewArgv[0], &user_cmnd)); |
|
|
| NewArgc--; |
NewArgc--; |
| NewArgv++; |
NewArgv++; |
| break; |
break; |
| #ifdef HAVE_LOGINCAP |
#ifdef HAVE_BSD_AUTH_H |
| |
case 'a': |
| |
/* Must have an associated authentication style. */ |
| |
if (NewArgv[1] == NULL) |
| |
usage(1); |
| |
|
| |
login_style = NewArgv[1]; |
| |
|
| |
/* Shift Argv over and adjust Argc. */ |
| |
NewArgc--; |
| |
NewArgv++; |
| |
break; |
| |
#endif |
| |
#ifdef HAVE_LOGIN_CAP_H |
| case 'c': |
case 'c': |
| /* Must have an associated login class. */ |
/* Must have an associated login class. */ |
| if (NewArgv[1] == NULL) |
if (NewArgv[1] == NULL) |
|
|
| } else { |
} else { |
| buf = user_cmnd; |
buf = user_cmnd; |
| } |
} |
| if (sudo_setenv("SUDO_COMMAND", buf)) { |
sudo_setenv("SUDO_COMMAND", buf); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
| exit(1); |
|
| } |
|
| if (NewArgc > 1) |
if (NewArgc > 1) |
| free(buf); |
free(buf); |
| |
|
|
|
| user_args = NULL; |
user_args = NULL; |
| } |
} |
| |
|
| /* Add the SUDO_USER environment variable. */ |
/* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ |
| if (sudo_setenv("SUDO_USER", user_name)) { |
sudo_setenv("SUDO_USER", user_name); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
| exit(1); |
|
| } |
|
| |
|
| /* Add the SUDO_UID environment variable. */ |
|
| (void) sprintf(idstr, "%ld", (long) user_uid); |
(void) sprintf(idstr, "%ld", (long) user_uid); |
| if (sudo_setenv("SUDO_UID", idstr)) { |
sudo_setenv("SUDO_UID", idstr); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
| exit(1); |
|
| } |
|
| |
|
| /* Add the SUDO_GID environment variable. */ |
|
| (void) sprintf(idstr, "%ld", (long) user_gid); |
(void) sprintf(idstr, "%ld", (long) user_gid); |
| if (sudo_setenv("SUDO_GID", idstr)) { |
sudo_setenv("SUDO_GID", idstr); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
| exit(1); |
|
| } |
|
| |
|
| /* Set PS1 if SUDO_PS1 is set. */ |
/* Set PS1 if SUDO_PS1 is set. */ |
| if ((buf = getenv("SUDO_PS1"))) |
if ((buf = getenv("SUDO_PS1"))) |
| if (sudo_setenv("PS1", buf)) { |
sudo_setenv("PS1", buf); |
| (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); |
|
| exit(1); |
|
| } |
|
| } |
} |
| |
|
| /* |
/* |
|
|
| |
|
| /* Set $USER and $LOGNAME to target user */ |
/* Set $USER and $LOGNAME to target user */ |
| if (def_flag(I_LOGNAME)) { |
if (def_flag(I_LOGNAME)) { |
| if (sudo_setenv("USER", pw->pw_name)) { |
sudo_setenv("USER", pw->pw_name); |
| (void) fprintf(stderr, |
sudo_setenv("LOGNAME", pw->pw_name); |
| "%s: cannot allocate memory!\n", |
|
| Argv[0]); |
|
| exit(1); |
|
| } |
|
| if (sudo_setenv("LOGNAME", pw->pw_name)) { |
|
| (void) fprintf(stderr, |
|
| "%s: cannot allocate memory!\n", |
|
| Argv[0]); |
|
| exit(1); |
|
| } |
|
| } |
} |
| |
|
| |
#ifdef HAVE_LOGIN_CAP_H |
| if (def_flag(I_LOGINCLASS)) { |
if (def_flag(I_LOGINCLASS)) { |
| /* |
/* |
| * setusercontext() will set uid/gid/etc |
* setusercontext() will set uid/gid/etc |
| * for us so no need to do it below. |
* for us so no need to do it below. |
| */ |
*/ |
| if (set_loginclass(pw) > 0) |
if (setusercontext(lc, pw, pw->pw_uid, |
| |
LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY)) |
| |
log_error( |
| |
NO_MAIL|USE_ERRNO|MSG_ONLY, |
| |
"setusercontext() failed for login class %s", |
| |
login_class); |
| |
else |
| break; |
break; |
| } |
} |
| |
#endif /* HAVE_LOGIN_CAP_H */ |
| |
|
| if (setgid(pw->pw_gid)) { |
if (setgid(pw->pw_gid)) { |
| (void) fprintf(stderr, |
(void) fprintf(stderr, |
|
|
| #endif /* POSIX_SIGNALS */ |
#endif /* POSIX_SIGNALS */ |
| } |
} |
| |
|
| #ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
| static int |
static void |
| set_loginclass(pw) |
set_loginclass(pw) |
| struct passwd *pw; |
struct passwd *pw; |
| { |
{ |
| login_cap_t *lc; |
|
| int errflags; |
int errflags; |
| |
|
| /* |
/* |
|
|
| } |
} |
| |
|
| lc = login_getclass(login_class); |
lc = login_getclass(login_class); |
| if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) { |
if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) |
| log_error(errflags, "unknown login class: %s", login_class); |
log_error(errflags, "unknown login class: %s", login_class); |
| return(0); |
|
| } |
|
| |
|
| /* Set everything except the environment and umask. */ |
|
| if (setusercontext(lc, pw, pw->pw_uid, |
|
| LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY) < 0) |
|
| log_error(NO_MAIL|USE_ERRNO|MSG_ONLY, |
|
| "setusercontext() failed for login class %s", login_class); |
|
| |
|
| login_close(lc); |
|
| return(1); |
|
| } |
} |
| #else |
#else |
| static int |
static void |
| set_loginclass(pw) |
set_loginclass(pw) |
| struct passwd *pw; |
struct passwd *pw; |
| { |
{ |
| return(0); |
|
| } |
} |
| #endif /* HAVE_LOGINCAP */ |
#endif /* HAVE_LOGIN_CAP_H */ |
| |
|
| /* |
/* |
| * Look up the fully qualified domain name and set user_host and user_shost. |
* Look up the fully qualified domain name and set user_host and user_shost. |
|
|
| usage(exit_val) |
usage(exit_val) |
| int exit_val; |
int exit_val; |
| { |
{ |
| (void) fprintf(stderr, |
|
| "usage: %s -V | -h | -L | -l | -v | -k | -K | [-H] [-S] [-b]\n%*s", |
(void) fprintf(stderr, "usage: sudo -V | -h | -L | -l | -v | -k | -K | %s", |
| Argv[0], (int) strlen(Argv[0]) + 8, " "); |
"[-H] [-S] [-b] [-p prompt]\n [-u username/#uid] "); |
| #ifdef HAVE_LOGINCAP |
#ifdef HAVE_LOGIN_CAP_H |
| (void) fprintf(stderr, "[-p prompt] [-u username/#uid] [-c class] -s | <command>\n"); |
(void) fprintf(stderr, "[-c class] "); |
| #else |
|
| (void) fprintf(stderr, "[-p prompt] [-u username/#uid] -s | <command>\n"); |
|
| #endif |
#endif |
| |
#ifdef HAVE_BSD_AUTH_H |
| |
(void) fprintf(stderr, "[-a auth_type] "); |
| |
#endif |
| |
(void) fprintf(stderr, "-s | <command>\n"); |
| exit(exit_val); |
exit(exit_val); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to sudo.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo