version 1.21, 2008/07/31 16:44:03 |
version 1.22, 2008/11/14 11:58:08 |
|
|
/* |
/* |
* Copyright (c) 1993-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 1993-1996, 1998-2005, 2007-2008 |
|
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
|
|
* Agency (DARPA) and Air Force Research Laboratory, Air Force |
* Agency (DARPA) and Air Force Research Laboratory, Air Force |
* Materiel Command, USAF, under agreement number F39502-99-1-0512. |
* Materiel Command, USAF, under agreement number F39502-99-1-0512. |
* |
* |
* $Sudo: sudo.h,v 1.209.2.14 2008/02/09 14:44:48 millert Exp $ |
* $Sudo: sudo.h,v 1.268 2008/08/20 11:41:22 millert Exp $ |
*/ |
*/ |
|
|
#ifndef _SUDO_SUDO_H |
#ifndef _SUDO_SUDO_H |
|
|
#include <limits.h> |
#include <limits.h> |
#include "compat.h" |
#include "compat.h" |
#include "defaults.h" |
#include "defaults.h" |
|
#include "error.h" |
|
#include "list.h" |
#include "logging.h" |
#include "logging.h" |
|
#include "sudo_nss.h" |
|
|
/* |
/* |
* Info pertaining to the invoking user. |
* Info pertaining to the invoking user. |
|
|
struct sudo_user { |
struct sudo_user { |
struct passwd *pw; |
struct passwd *pw; |
struct passwd *_runas_pw; |
struct passwd *_runas_pw; |
|
struct group *_runas_gr; |
struct stat *cmnd_stat; |
struct stat *cmnd_stat; |
char *path; |
char *path; |
char *shell; |
char *shell; |
char *tty; |
char *tty; |
char *ttypath; |
char *ttypath; |
char cwd[PATH_MAX]; |
|
char *host; |
char *host; |
char *shost; |
char *shost; |
char **runas; |
|
char *prompt; |
char *prompt; |
char *cmnd; |
char *cmnd; |
char *cmnd_args; |
char *cmnd_args; |
char *cmnd_base; |
char *cmnd_base; |
char *cmnd_safe; |
char *cmnd_safe; |
char *class_name; |
char *class_name; |
int ngroups; |
char *krb5_ccname; |
|
char *display; |
|
char *askpass; |
|
int ngroups; |
GETGROUPS_T *groups; |
GETGROUPS_T *groups; |
struct list_member *env_vars; |
struct list_member *env_vars; |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
char *role; |
char *role; |
char *type; |
char *type; |
#endif |
#endif |
|
char cwd[PATH_MAX]; |
}; |
}; |
|
|
/* |
/* |
|
|
#define VALIDATE_OK 0x002 |
#define VALIDATE_OK 0x002 |
#define VALIDATE_NOT_OK 0x004 |
#define VALIDATE_NOT_OK 0x004 |
#define FLAG_CHECK_USER 0x010 |
#define FLAG_CHECK_USER 0x010 |
#define FLAG_NOPASS 0x020 |
#define FLAG_NO_USER 0x020 |
#define FLAG_NO_USER 0x040 |
#define FLAG_NO_HOST 0x040 |
#define FLAG_NO_HOST 0x080 |
#define FLAG_NO_CHECK 0x080 |
#define FLAG_NO_CHECK 0x100 |
|
#define FLAG_NOEXEC 0x200 |
|
#define FLAG_SETENV 0x400 |
|
|
|
/* |
/* |
* Pseudo-boolean values |
* Pseudo-boolean values |
|
|
#define TRUE 1 |
#define TRUE 1 |
#undef FALSE |
#undef FALSE |
#define FALSE 0 |
#define FALSE 0 |
#undef IMPLIED |
|
#define IMPLIED 2 |
|
#undef NOMATCH |
|
#define NOMATCH -1 |
|
#undef UNSPEC |
|
#define UNSPEC -2 |
|
|
|
/* |
/* |
* find_path()/load_cmnd() return values |
* find_path()/load_cmnd() return values |
|
|
/* |
/* |
* Various modes sudo can be in (based on arguments) in hex |
* Various modes sudo can be in (based on arguments) in hex |
*/ |
*/ |
#define MODE_RUN 0x0001 |
#define MODE_RUN 0x00000001 |
#define MODE_EDIT 0x0002 |
#define MODE_EDIT 0x00000002 |
#define MODE_VALIDATE 0x0004 |
#define MODE_VALIDATE 0x00000004 |
#define MODE_INVALIDATE 0x0008 |
#define MODE_INVALIDATE 0x00000008 |
#define MODE_KILL 0x0010 |
#define MODE_KILL 0x00000010 |
#define MODE_VERSION 0x0020 |
#define MODE_VERSION 0x00000020 |
#define MODE_HELP 0x0040 |
#define MODE_HELP 0x00000040 |
#define MODE_LIST 0x0080 |
#define MODE_LIST 0x00000080 |
#define MODE_LISTDEFS 0x0100 |
#define MODE_CHECK 0x00000100 |
#define MODE_BACKGROUND 0x0200 |
#define MODE_LISTDEFS 0x00000200 |
#define MODE_SHELL 0x0400 |
#define MODE_MASK 0x0000ffff |
#define MODE_LOGIN_SHELL 0x0800 |
|
#define MODE_IMPLIED_SHELL 0x1000 |
|
#define MODE_RESET_HOME 0x2000 |
|
#define MODE_PRESERVE_GROUPS 0x4000 |
|
#define MODE_PRESERVE_ENV 0x8000 |
|
|
|
|
/* Mode flags */ |
|
#define MODE_BACKGROUND 0x00010000 |
|
#define MODE_SHELL 0x00020000 |
|
#define MODE_LOGIN_SHELL 0x00040000 |
|
#define MODE_IMPLIED_SHELL 0x00080000 |
|
#define MODE_RESET_HOME 0x00100000 |
|
#define MODE_PRESERVE_GROUPS 0x00200000 |
|
#define MODE_PRESERVE_ENV 0x00400000 |
|
#define MODE_NONINTERACTIVE 0x00800000 |
|
|
/* |
/* |
* Used with set_perms() |
* Used with set_perms() |
*/ |
*/ |
|
|
#define user_tty (sudo_user.tty) |
#define user_tty (sudo_user.tty) |
#define user_ttypath (sudo_user.ttypath) |
#define user_ttypath (sudo_user.ttypath) |
#define user_cwd (sudo_user.cwd) |
#define user_cwd (sudo_user.cwd) |
#define user_runas (sudo_user.runas) |
|
#define user_cmnd (sudo_user.cmnd) |
#define user_cmnd (sudo_user.cmnd) |
#define user_args (sudo_user.cmnd_args) |
#define user_args (sudo_user.cmnd_args) |
#define user_base (sudo_user.cmnd_base) |
#define user_base (sudo_user.cmnd_base) |
|
|
#define user_prompt (sudo_user.prompt) |
#define user_prompt (sudo_user.prompt) |
#define user_host (sudo_user.host) |
#define user_host (sudo_user.host) |
#define user_shost (sudo_user.shost) |
#define user_shost (sudo_user.shost) |
|
#define user_ccname (sudo_user.krb5_ccname) |
|
#define user_display (sudo_user.display) |
|
#define user_askpass (sudo_user.askpass) |
#define safe_cmnd (sudo_user.cmnd_safe) |
#define safe_cmnd (sudo_user.cmnd_safe) |
#define login_class (sudo_user.class_name) |
#define login_class (sudo_user.class_name) |
#define runas_pw (sudo_user._runas_pw) |
#define runas_pw (sudo_user._runas_pw) |
|
#define runas_gr (sudo_user._runas_gr) |
#define user_role (sudo_user.role) |
#define user_role (sudo_user.role) |
#define user_type (sudo_user.type) |
#define user_type (sudo_user.type) |
|
|
|
|
*/ |
*/ |
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ |
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ |
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ |
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ |
|
#define TGP_ASKPASS 0x04 /* read from askpass helper program */ |
|
|
|
struct lbuf; |
struct passwd; |
struct passwd; |
struct timespec; |
struct timespec; |
struct timeval; |
struct timeval; |
|
|
size_t strlcpy __P((char *, const char *, size_t)); |
size_t strlcpy __P((char *, const char *, size_t)); |
#endif |
#endif |
#ifndef HAVE_MEMRCHR |
#ifndef HAVE_MEMRCHR |
VOID *memrchr __P((const VOID *, int, size_t)); |
void *memrchr __P((const void *, int, size_t)); |
#endif |
#endif |
#ifndef HAVE_MKSTEMP |
#ifndef HAVE_MKSTEMP |
int mkstemp __P((char *)); |
int mkstemp __P((char *)); |
|
|
char *sudo_goodpath __P((const char *, struct stat *)); |
char *sudo_goodpath __P((const char *, struct stat *)); |
char *tgetpass __P((const char *, int, int)); |
char *tgetpass __P((const char *, int, int)); |
int find_path __P((char *, char **, struct stat *, char *)); |
int find_path __P((char *, char **, struct stat *, char *)); |
void check_user __P((int)); |
void check_user __P((int, int)); |
void verify_user __P((struct passwd *, char *)); |
void verify_user __P((struct passwd *, char *)); |
int sudoers_lookup __P((int)); |
|
#ifdef HAVE_LDAP |
#ifdef HAVE_LDAP |
int sudo_ldap_check __P((int)); |
int sudo_ldap_open __P((struct sudo_nss *)); |
void sudo_ldap_list_matches __P((void)); |
int sudo_ldap_close __P((struct sudo_nss *)); |
|
int sudo_ldap_setdefs __P((struct sudo_nss *)); |
|
int sudo_ldap_lookup __P((struct sudo_nss *, int, int)); |
|
int sudo_ldap_parse __P((struct sudo_nss *)); |
|
int sudo_ldap_display_cmnd __P((struct sudo_nss *, struct passwd *)); |
|
int sudo_ldap_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
int sudo_ldap_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
int sudo_ldap_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
#endif |
#endif |
|
int sudo_file_open __P((struct sudo_nss *)); |
|
int sudo_file_close __P((struct sudo_nss *)); |
|
int sudo_file_setdefs __P((struct sudo_nss *)); |
|
int sudo_file_lookup __P((struct sudo_nss *, int, int)); |
|
int sudo_file_parse __P((struct sudo_nss *)); |
|
int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *)); |
|
int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
|
int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *)); |
void set_perms __P((int)); |
void set_perms __P((int)); |
void remove_timestamp __P((int)); |
void remove_timestamp __P((int)); |
int check_secureware __P((char *)); |
int check_secureware __P((char *)); |
|
|
void pam_attempt_auth __P((void)); |
void pam_attempt_auth __P((void)); |
int yyparse __P((void)); |
int yyparse __P((void)); |
void pass_warn __P((FILE *)); |
void pass_warn __P((FILE *)); |
VOID *emalloc __P((size_t)); |
void *emalloc __P((size_t)); |
VOID *emalloc2 __P((size_t, size_t)); |
void *emalloc2 __P((size_t, size_t)); |
VOID *erealloc __P((VOID *, size_t)); |
void *erealloc __P((void *, size_t)); |
VOID *erealloc3 __P((VOID *, size_t, size_t)); |
void *erealloc3 __P((void *, size_t, size_t)); |
char *estrdup __P((const char *)); |
char *estrdup __P((const char *)); |
int easprintf __P((char **, const char *, ...)) |
int easprintf __P((char **, const char *, ...)) |
__printflike(2, 3); |
__printflike(2, 3); |
int evasprintf __P((char **, const char *, va_list)) |
int evasprintf __P((char **, const char *, va_list)) |
__printflike(2, 0); |
__printflike(2, 0); |
void efree __P((VOID *)); |
void efree __P((void *)); |
void dump_defaults __P((void)); |
void dump_defaults __P((void)); |
void dump_auth_methods __P((void)); |
void dump_auth_methods __P((void)); |
void init_envtables __P((void)); |
void init_envtables __P((void)); |
|
void read_env_file __P((const char *, int)); |
int lock_file __P((int, int)); |
int lock_file __P((int, int)); |
int touch __P((int, char *, struct timespec *)); |
int touch __P((int, char *, struct timespec *)); |
int user_is_exempt __P((void)); |
int user_is_exempt __P((void)); |
void set_fqdn __P((void)); |
void set_fqdn __P((void)); |
int set_runaspw __P((char *)); |
|
char *sudo_getepw __P((const struct passwd *)); |
char *sudo_getepw __P((const struct passwd *)); |
int pam_prep_user __P((struct passwd *)); |
int pam_prep_user __P((struct passwd *)); |
void zero_bytes __P((volatile VOID *, size_t)); |
void zero_bytes __P((volatile void *, size_t)); |
int gettime __P((struct timespec *)); |
int gettime __P((struct timespec *)); |
|
FILE *open_sudoers __P((const char *, int *)); |
|
void display_privs __P((struct sudo_nss_list *, struct passwd *)); |
|
int display_cmnd __P((struct sudo_nss_list *, struct passwd *)); |
|
int get_ttycols __P((void)); |
|
char *sudo_parseln __P((FILE *)); |
|
void sudo_setenv __P((const char *, const char *, int)); |
|
void sudo_unsetenv __P((const char *)); |
|
void sudo_setgrent __P((void)); |
|
void sudo_endgrent __P((void)); |
|
void sudo_setpwent __P((void)); |
|
void sudo_endpwent __P((void)); |
|
void sudo_setspent __P((void)); |
|
void sudo_endspent __P((void)); |
|
void cleanup __P((int)); |
|
struct passwd *sudo_getpwnam __P((const char *)); |
|
struct passwd *sudo_fakepwnam __P((const char *, gid_t)); |
|
struct passwd *sudo_getpwuid __P((uid_t)); |
|
struct group *sudo_getgrnam __P((const char *)); |
|
struct group *sudo_fakegrnam __P((const char *)); |
|
struct group *sudo_getgrgid __P((gid_t)); |
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
void selinux_exec __P((char *, char *, char **, char **, int)); |
void selinux_exec __P((char *, char *, char **, int)); |
#endif |
#endif |
|
#ifdef HAVE_GETUSERATTR |
|
void aix_setlimits __P((char *)); |
|
#endif |
YY_DECL; |
YY_DECL; |
|
|
/* Only provide extern declarations outside of sudo.c. */ |
/* Only provide extern declarations outside of sudo.c. */ |
#ifndef _SUDO_MAIN |
#ifndef _SUDO_MAIN |
extern struct sudo_user sudo_user; |
extern struct sudo_user sudo_user; |
extern struct passwd *auth_pw; |
extern struct passwd *auth_pw, *list_pw; |
|
|
extern FILE *sudoers_fp; |
|
extern int tgetpass_flags; |
extern int tgetpass_flags; |
|
extern int long_list; |
extern uid_t timestamp_uid; |
extern uid_t timestamp_uid; |
#endif |
#endif |
#ifndef errno |
#ifndef errno |