Annotation of src/usr.bin/sudo/sudo.h, Revision 1.23
1.1 millert 1: /*
1.22 millert 2: * Copyright (c) 1993-1996, 1998-2005, 2007-2008
3: * Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 4: *
1.16 millert 5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 16: *
1.12 millert 17: * Sponsored in part by the Defense Advanced Research Projects
18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
20: *
1.23 ! millert 21: * $Sudo: sudo.h,v 1.269 2008/11/25 17:01:34 millert Exp $
1.1 millert 22: */
23:
24: #ifndef _SUDO_SUDO_H
25: #define _SUDO_SUDO_H
26:
27: #include <pathnames.h>
1.16 millert 28: #include <limits.h>
1.1 millert 29: #include "compat.h"
30: #include "defaults.h"
1.22 millert 31: #include "error.h"
32: #include "list.h"
1.1 millert 33: #include "logging.h"
1.22 millert 34: #include "sudo_nss.h"
1.1 millert 35:
36: /*
37: * Info pertaining to the invoking user.
38: */
39: struct sudo_user {
40: struct passwd *pw;
1.7 millert 41: struct passwd *_runas_pw;
1.22 millert 42: struct group *_runas_gr;
1.16 millert 43: struct stat *cmnd_stat;
1.7 millert 44: char *path;
45: char *shell;
1.1 millert 46: char *tty;
1.19 millert 47: char *ttypath;
1.1 millert 48: char *host;
49: char *shost;
50: char *prompt;
51: char *cmnd;
52: char *cmnd_args;
1.16 millert 53: char *cmnd_base;
54: char *cmnd_safe;
1.4 millert 55: char *class_name;
1.22 millert 56: char *krb5_ccname;
57: char *display;
58: char *askpass;
59: int ngroups;
1.20 millert 60: GETGROUPS_T *groups;
1.18 millert 61: struct list_member *env_vars;
1.21 millert 62: #ifdef HAVE_SELINUX
63: char *role;
64: char *type;
65: #endif
1.22 millert 66: char cwd[PATH_MAX];
1.1 millert 67: };
68:
69: /*
70: * Return values for sudoers_lookup(), also used as arguments for log_auth()
71: * Note: cannot use '0' as a value here.
72: */
73: /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
1.16 millert 74: #define VALIDATE_ERROR 0x001
75: #define VALIDATE_OK 0x002
76: #define VALIDATE_NOT_OK 0x004
77: #define FLAG_CHECK_USER 0x010
1.22 millert 78: #define FLAG_NO_USER 0x020
79: #define FLAG_NO_HOST 0x040
80: #define FLAG_NO_CHECK 0x080
1.1 millert 81:
82: /*
1.16 millert 83: * Pseudo-boolean values
1.1 millert 84: */
85: #undef TRUE
86: #define TRUE 1
87: #undef FALSE
88: #define FALSE 0
89:
90: /*
91: * find_path()/load_cmnd() return values
92: */
93: #define FOUND 1
94: #define NOT_FOUND 0
95: #define NOT_FOUND_DOT -1
96:
97: /*
1.18 millert 98: * Various modes sudo can be in (based on arguments) in hex
1.1 millert 99: */
1.22 millert 100: #define MODE_RUN 0x00000001
101: #define MODE_EDIT 0x00000002
102: #define MODE_VALIDATE 0x00000004
103: #define MODE_INVALIDATE 0x00000008
104: #define MODE_KILL 0x00000010
105: #define MODE_VERSION 0x00000020
106: #define MODE_HELP 0x00000040
107: #define MODE_LIST 0x00000080
108: #define MODE_CHECK 0x00000100
109: #define MODE_LISTDEFS 0x00000200
110: #define MODE_MASK 0x0000ffff
111:
112: /* Mode flags */
113: #define MODE_BACKGROUND 0x00010000
114: #define MODE_SHELL 0x00020000
115: #define MODE_LOGIN_SHELL 0x00040000
116: #define MODE_IMPLIED_SHELL 0x00080000
117: #define MODE_RESET_HOME 0x00100000
118: #define MODE_PRESERVE_GROUPS 0x00200000
119: #define MODE_PRESERVE_ENV 0x00400000
120: #define MODE_NONINTERACTIVE 0x00800000
1.1 millert 121:
122: /*
123: * Used with set_perms()
124: */
125: #define PERM_ROOT 0x00
1.18 millert 126: #define PERM_USER 0x01
127: #define PERM_FULL_USER 0x02
128: #define PERM_SUDOERS 0x03
129: #define PERM_RUNAS 0x04
130: #define PERM_FULL_RUNAS 0x05
131: #define PERM_TIMESTAMP 0x06
1.1 millert 132:
133: /*
134: * Shortcuts for sudo_user contents.
135: */
136: #define user_name (sudo_user.pw->pw_name)
137: #define user_passwd (sudo_user.pw->pw_passwd)
138: #define user_uid (sudo_user.pw->pw_uid)
139: #define user_gid (sudo_user.pw->pw_gid)
140: #define user_dir (sudo_user.pw->pw_dir)
1.7 millert 141: #define user_shell (sudo_user.shell)
1.18 millert 142: #define user_ngroups (sudo_user.ngroups)
143: #define user_groups (sudo_user.groups)
1.1 millert 144: #define user_tty (sudo_user.tty)
1.19 millert 145: #define user_ttypath (sudo_user.ttypath)
1.1 millert 146: #define user_cwd (sudo_user.cwd)
147: #define user_cmnd (sudo_user.cmnd)
148: #define user_args (sudo_user.cmnd_args)
1.16 millert 149: #define user_base (sudo_user.cmnd_base)
150: #define user_stat (sudo_user.cmnd_stat)
1.7 millert 151: #define user_path (sudo_user.path)
1.1 millert 152: #define user_prompt (sudo_user.prompt)
153: #define user_host (sudo_user.host)
154: #define user_shost (sudo_user.shost)
1.22 millert 155: #define user_ccname (sudo_user.krb5_ccname)
156: #define user_display (sudo_user.display)
157: #define user_askpass (sudo_user.askpass)
1.1 millert 158: #define safe_cmnd (sudo_user.cmnd_safe)
1.4 millert 159: #define login_class (sudo_user.class_name)
1.7 millert 160: #define runas_pw (sudo_user._runas_pw)
1.22 millert 161: #define runas_gr (sudo_user._runas_gr)
1.21 millert 162: #define user_role (sudo_user.role)
163: #define user_type (sudo_user.type)
1.1 millert 164:
165: /*
166: * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
167: * but that caused problems with various alternate authentication
168: * methods. So, we just define our own and assume that it is >= the
169: * system max.
170: */
171: #define SUDO_PASS_MAX 256
172:
173: /*
174: * Flags for lock_file()
175: */
176: #define SUDO_LOCK 1 /* lock a file */
177: #define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
178: #define SUDO_UNLOCK 4 /* unlock a file */
1.3 millert 179:
180: /*
1.4 millert 181: * Flags for tgetpass()
182: */
183: #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
184: #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
1.22 millert 185: #define TGP_ASKPASS 0x04 /* read from askpass helper program */
1.4 millert 186:
1.22 millert 187: struct lbuf;
1.17 millert 188: struct passwd;
189: struct timespec;
190: struct timeval;
191:
1.4 millert 192: /*
1.1 millert 193: * Function prototypes
194: */
195: #define YY_DECL int yylex __P((void))
196:
1.14 millert 197: #ifndef HAVE_CLOSEFROM
198: void closefrom __P((int));
199: #endif
1.1 millert 200: #ifndef HAVE_GETCWD
201: char *getcwd __P((char *, size_t size));
202: #endif
1.16 millert 203: #ifndef HAVE_UTIMES
204: int utimes __P((const char *, const struct timeval *));
205: #endif
206: #ifdef HAVE_FUTIME
207: int futimes __P((int, const struct timeval *));
208: #endif
1.1 millert 209: #ifndef HAVE_SNPRINTF
1.18 millert 210: int snprintf __P((char *, size_t, const char *, ...))
211: __printflike(3, 4);
1.1 millert 212: #endif
213: #ifndef HAVE_VSNPRINTF
1.18 millert 214: int vsnprintf __P((char *, size_t, const char *, va_list))
215: __printflike(3, 0);
1.1 millert 216: #endif
217: #ifndef HAVE_ASPRINTF
1.18 millert 218: int asprintf __P((char **, const char *, ...))
219: __printflike(2, 3);
1.1 millert 220: #endif
221: #ifndef HAVE_VASPRINTF
1.18 millert 222: int vasprintf __P((char **, const char *, va_list))
223: __printflike(2, 0);
1.1 millert 224: #endif
225: #ifndef HAVE_STRCASECMP
226: int strcasecmp __P((const char *, const char *));
227: #endif
1.10 millert 228: #ifndef HAVE_STRLCAT
229: size_t strlcat __P((char *, const char *, size_t));
230: #endif
231: #ifndef HAVE_STRLCPY
232: size_t strlcpy __P((char *, const char *, size_t));
233: #endif
1.18 millert 234: #ifndef HAVE_MEMRCHR
1.22 millert 235: void *memrchr __P((const void *, int, size_t));
1.18 millert 236: #endif
237: #ifndef HAVE_MKSTEMP
238: int mkstemp __P((char *));
239: #endif
1.16 millert 240: char *sudo_goodpath __P((const char *, struct stat *));
1.1 millert 241: char *tgetpass __P((const char *, int, int));
1.16 millert 242: int find_path __P((char *, char **, struct stat *, char *));
1.23 ! millert 243: int tty_present __P((void));
1.22 millert 244: void check_user __P((int, int));
1.5 millert 245: void verify_user __P((struct passwd *, char *));
1.16 millert 246: #ifdef HAVE_LDAP
1.22 millert 247: int sudo_ldap_open __P((struct sudo_nss *));
248: int sudo_ldap_close __P((struct sudo_nss *));
249: int sudo_ldap_setdefs __P((struct sudo_nss *));
250: int sudo_ldap_lookup __P((struct sudo_nss *, int, int));
251: int sudo_ldap_parse __P((struct sudo_nss *));
252: int sudo_ldap_display_cmnd __P((struct sudo_nss *, struct passwd *));
253: int sudo_ldap_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
254: int sudo_ldap_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
255: int sudo_ldap_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
256: #endif
257: int sudo_file_open __P((struct sudo_nss *));
258: int sudo_file_close __P((struct sudo_nss *));
259: int sudo_file_setdefs __P((struct sudo_nss *));
260: int sudo_file_lookup __P((struct sudo_nss *, int, int));
261: int sudo_file_parse __P((struct sudo_nss *));
262: int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *));
263: int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
264: int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
265: int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
1.18 millert 266: void set_perms __P((int));
1.1 millert 267: void remove_timestamp __P((int));
268: int check_secureware __P((char *));
269: void sia_attempt_auth __P((void));
270: void pam_attempt_auth __P((void));
271: int yyparse __P((void));
272: void pass_warn __P((FILE *));
1.22 millert 273: void *emalloc __P((size_t));
274: void *emalloc2 __P((size_t, size_t));
275: void *erealloc __P((void *, size_t));
276: void *erealloc3 __P((void *, size_t, size_t));
1.1 millert 277: char *estrdup __P((const char *));
1.18 millert 278: int easprintf __P((char **, const char *, ...))
279: __printflike(2, 3);
280: int evasprintf __P((char **, const char *, va_list))
281: __printflike(2, 0);
1.22 millert 282: void efree __P((void *));
1.1 millert 283: void dump_defaults __P((void));
284: void dump_auth_methods __P((void));
1.7 millert 285: void init_envtables __P((void));
1.22 millert 286: void read_env_file __P((const char *, int));
1.1 millert 287: int lock_file __P((int, int));
1.16 millert 288: int touch __P((int, char *, struct timespec *));
1.4 millert 289: int user_is_exempt __P((void));
1.2 millert 290: void set_fqdn __P((void));
1.16 millert 291: char *sudo_getepw __P((const struct passwd *));
1.7 millert 292: int pam_prep_user __P((struct passwd *));
1.22 millert 293: void zero_bytes __P((volatile void *, size_t));
1.16 millert 294: int gettime __P((struct timespec *));
1.22 millert 295: FILE *open_sudoers __P((const char *, int *));
296: void display_privs __P((struct sudo_nss_list *, struct passwd *));
297: int display_cmnd __P((struct sudo_nss_list *, struct passwd *));
298: int get_ttycols __P((void));
299: char *sudo_parseln __P((FILE *));
300: void sudo_setenv __P((const char *, const char *, int));
301: void sudo_unsetenv __P((const char *));
302: void sudo_setgrent __P((void));
303: void sudo_endgrent __P((void));
304: void sudo_setpwent __P((void));
305: void sudo_endpwent __P((void));
306: void sudo_setspent __P((void));
307: void sudo_endspent __P((void));
308: void cleanup __P((int));
309: struct passwd *sudo_getpwnam __P((const char *));
310: struct passwd *sudo_fakepwnam __P((const char *, gid_t));
311: struct passwd *sudo_getpwuid __P((uid_t));
312: struct group *sudo_getgrnam __P((const char *));
313: struct group *sudo_fakegrnam __P((const char *));
314: struct group *sudo_getgrgid __P((gid_t));
1.21 millert 315: #ifdef HAVE_SELINUX
1.22 millert 316: void selinux_exec __P((char *, char *, char **, int));
317: #endif
318: #ifdef HAVE_GETUSERATTR
319: void aix_setlimits __P((char *));
1.21 millert 320: #endif
1.1 millert 321: YY_DECL;
322:
323: /* Only provide extern declarations outside of sudo.c. */
1.11 millert 324: #ifndef _SUDO_MAIN
1.1 millert 325: extern struct sudo_user sudo_user;
1.22 millert 326: extern struct passwd *auth_pw, *list_pw;
1.1 millert 327:
1.4 millert 328: extern int tgetpass_flags;
1.22 millert 329: extern int long_list;
1.10 millert 330: extern uid_t timestamp_uid;
1.1 millert 331: #endif
1.15 otto 332: #ifndef errno
1.1 millert 333: extern int errno;
1.15 otto 334: #endif
1.1 millert 335:
336: #endif /* _SUDO_SUDO_H */