Annotation of src/usr.bin/sudo/sudo.h, Revision 1.26
1.1 millert 1: /*
1.25 millert 2: * Copyright (c) 1993-1996, 1998-2005, 2007-2009
1.22 millert 3: * Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 4: *
1.16 millert 5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 16: *
1.12 millert 17: * Sponsored in part by the Defense Advanced Research Projects
18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
1.1 millert 20: */
21:
22: #ifndef _SUDO_SUDO_H
23: #define _SUDO_SUDO_H
24:
25: #include <pathnames.h>
1.16 millert 26: #include <limits.h>
1.1 millert 27: #include "compat.h"
28: #include "defaults.h"
1.22 millert 29: #include "error.h"
30: #include "list.h"
1.1 millert 31: #include "logging.h"
1.22 millert 32: #include "sudo_nss.h"
1.1 millert 33:
34: /*
35: * Info pertaining to the invoking user.
36: */
37: struct sudo_user {
38: struct passwd *pw;
1.7 millert 39: struct passwd *_runas_pw;
1.22 millert 40: struct group *_runas_gr;
1.16 millert 41: struct stat *cmnd_stat;
1.7 millert 42: char *path;
43: char *shell;
1.1 millert 44: char *tty;
1.19 millert 45: char *ttypath;
1.1 millert 46: char *host;
47: char *shost;
48: char *prompt;
49: char *cmnd;
50: char *cmnd_args;
1.16 millert 51: char *cmnd_base;
52: char *cmnd_safe;
1.4 millert 53: char *class_name;
1.22 millert 54: char *krb5_ccname;
55: char *display;
56: char *askpass;
57: int ngroups;
1.20 millert 58: GETGROUPS_T *groups;
1.18 millert 59: struct list_member *env_vars;
1.21 millert 60: #ifdef HAVE_SELINUX
61: char *role;
62: char *type;
63: #endif
1.22 millert 64: char cwd[PATH_MAX];
1.1 millert 65: };
66:
67: /*
68: * Return values for sudoers_lookup(), also used as arguments for log_auth()
69: * Note: cannot use '0' as a value here.
70: */
71: /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
1.16 millert 72: #define VALIDATE_ERROR 0x001
73: #define VALIDATE_OK 0x002
74: #define VALIDATE_NOT_OK 0x004
75: #define FLAG_CHECK_USER 0x010
1.22 millert 76: #define FLAG_NO_USER 0x020
77: #define FLAG_NO_HOST 0x040
78: #define FLAG_NO_CHECK 0x080
1.1 millert 79:
80: /*
1.16 millert 81: * Pseudo-boolean values
1.1 millert 82: */
83: #undef TRUE
84: #define TRUE 1
85: #undef FALSE
86: #define FALSE 0
87:
88: /*
89: * find_path()/load_cmnd() return values
90: */
91: #define FOUND 1
92: #define NOT_FOUND 0
93: #define NOT_FOUND_DOT -1
94:
95: /*
1.18 millert 96: * Various modes sudo can be in (based on arguments) in hex
1.1 millert 97: */
1.22 millert 98: #define MODE_RUN 0x00000001
99: #define MODE_EDIT 0x00000002
100: #define MODE_VALIDATE 0x00000004
101: #define MODE_INVALIDATE 0x00000008
102: #define MODE_KILL 0x00000010
103: #define MODE_VERSION 0x00000020
104: #define MODE_HELP 0x00000040
105: #define MODE_LIST 0x00000080
106: #define MODE_CHECK 0x00000100
107: #define MODE_LISTDEFS 0x00000200
108: #define MODE_MASK 0x0000ffff
109:
110: /* Mode flags */
111: #define MODE_BACKGROUND 0x00010000
112: #define MODE_SHELL 0x00020000
113: #define MODE_LOGIN_SHELL 0x00040000
114: #define MODE_IMPLIED_SHELL 0x00080000
115: #define MODE_RESET_HOME 0x00100000
116: #define MODE_PRESERVE_GROUPS 0x00200000
117: #define MODE_PRESERVE_ENV 0x00400000
118: #define MODE_NONINTERACTIVE 0x00800000
1.1 millert 119:
120: /*
121: * Used with set_perms()
122: */
123: #define PERM_ROOT 0x00
1.18 millert 124: #define PERM_USER 0x01
125: #define PERM_FULL_USER 0x02
126: #define PERM_SUDOERS 0x03
127: #define PERM_RUNAS 0x04
128: #define PERM_FULL_RUNAS 0x05
129: #define PERM_TIMESTAMP 0x06
1.25 millert 130: #define PERM_NOEXIT 0x10 /* flag */
131: #define PERM_MASK 0xf0
1.1 millert 132:
133: /*
134: * Shortcuts for sudo_user contents.
135: */
136: #define user_name (sudo_user.pw->pw_name)
137: #define user_passwd (sudo_user.pw->pw_passwd)
138: #define user_uid (sudo_user.pw->pw_uid)
139: #define user_gid (sudo_user.pw->pw_gid)
140: #define user_dir (sudo_user.pw->pw_dir)
1.7 millert 141: #define user_shell (sudo_user.shell)
1.18 millert 142: #define user_ngroups (sudo_user.ngroups)
143: #define user_groups (sudo_user.groups)
1.1 millert 144: #define user_tty (sudo_user.tty)
1.19 millert 145: #define user_ttypath (sudo_user.ttypath)
1.1 millert 146: #define user_cwd (sudo_user.cwd)
147: #define user_cmnd (sudo_user.cmnd)
148: #define user_args (sudo_user.cmnd_args)
1.16 millert 149: #define user_base (sudo_user.cmnd_base)
150: #define user_stat (sudo_user.cmnd_stat)
1.7 millert 151: #define user_path (sudo_user.path)
1.1 millert 152: #define user_prompt (sudo_user.prompt)
153: #define user_host (sudo_user.host)
154: #define user_shost (sudo_user.shost)
1.22 millert 155: #define user_ccname (sudo_user.krb5_ccname)
156: #define user_display (sudo_user.display)
157: #define user_askpass (sudo_user.askpass)
1.1 millert 158: #define safe_cmnd (sudo_user.cmnd_safe)
1.4 millert 159: #define login_class (sudo_user.class_name)
1.7 millert 160: #define runas_pw (sudo_user._runas_pw)
1.22 millert 161: #define runas_gr (sudo_user._runas_gr)
1.21 millert 162: #define user_role (sudo_user.role)
163: #define user_type (sudo_user.type)
1.1 millert 164:
165: /*
166: * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
167: * but that caused problems with various alternate authentication
168: * methods. So, we just define our own and assume that it is >= the
169: * system max.
170: */
171: #define SUDO_PASS_MAX 256
172:
173: /*
174: * Flags for lock_file()
175: */
176: #define SUDO_LOCK 1 /* lock a file */
177: #define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
178: #define SUDO_UNLOCK 4 /* unlock a file */
1.3 millert 179:
180: /*
1.4 millert 181: * Flags for tgetpass()
182: */
183: #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
184: #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
1.22 millert 185: #define TGP_ASKPASS 0x04 /* read from askpass helper program */
1.4 millert 186:
1.22 millert 187: struct lbuf;
1.17 millert 188: struct passwd;
189: struct timespec;
190: struct timeval;
191:
1.4 millert 192: /*
1.1 millert 193: * Function prototypes
194: */
195: #define YY_DECL int yylex __P((void))
196:
1.14 millert 197: #ifndef HAVE_CLOSEFROM
198: void closefrom __P((int));
199: #endif
1.1 millert 200: #ifndef HAVE_GETCWD
201: char *getcwd __P((char *, size_t size));
202: #endif
1.16 millert 203: #ifndef HAVE_UTIMES
204: int utimes __P((const char *, const struct timeval *));
205: #endif
206: #ifdef HAVE_FUTIME
207: int futimes __P((int, const struct timeval *));
208: #endif
1.1 millert 209: #ifndef HAVE_SNPRINTF
1.18 millert 210: int snprintf __P((char *, size_t, const char *, ...))
211: __printflike(3, 4);
1.1 millert 212: #endif
213: #ifndef HAVE_VSNPRINTF
1.18 millert 214: int vsnprintf __P((char *, size_t, const char *, va_list))
215: __printflike(3, 0);
1.1 millert 216: #endif
217: #ifndef HAVE_ASPRINTF
1.18 millert 218: int asprintf __P((char **, const char *, ...))
219: __printflike(2, 3);
1.1 millert 220: #endif
221: #ifndef HAVE_VASPRINTF
1.18 millert 222: int vasprintf __P((char **, const char *, va_list))
223: __printflike(2, 0);
1.1 millert 224: #endif
225: #ifndef HAVE_STRCASECMP
226: int strcasecmp __P((const char *, const char *));
227: #endif
1.10 millert 228: #ifndef HAVE_STRLCAT
229: size_t strlcat __P((char *, const char *, size_t));
230: #endif
231: #ifndef HAVE_STRLCPY
232: size_t strlcpy __P((char *, const char *, size_t));
233: #endif
1.18 millert 234: #ifndef HAVE_MEMRCHR
1.22 millert 235: void *memrchr __P((const void *, int, size_t));
1.18 millert 236: #endif
237: #ifndef HAVE_MKSTEMP
238: int mkstemp __P((char *));
239: #endif
1.24 millert 240: #ifndef HAVE_SETENV
241: int setenv __P((const char *, const char *, int));
242: #endif
243: #ifndef HAVE_UNSETENV
244: int unsetenv __P((const char *));
245: #endif
1.16 millert 246: char *sudo_goodpath __P((const char *, struct stat *));
1.1 millert 247: char *tgetpass __P((const char *, int, int));
1.16 millert 248: int find_path __P((char *, char **, struct stat *, char *));
1.23 millert 249: int tty_present __P((void));
1.22 millert 250: void check_user __P((int, int));
1.5 millert 251: void verify_user __P((struct passwd *, char *));
1.16 millert 252: #ifdef HAVE_LDAP
1.22 millert 253: int sudo_ldap_open __P((struct sudo_nss *));
254: int sudo_ldap_close __P((struct sudo_nss *));
255: int sudo_ldap_setdefs __P((struct sudo_nss *));
256: int sudo_ldap_lookup __P((struct sudo_nss *, int, int));
257: int sudo_ldap_parse __P((struct sudo_nss *));
258: int sudo_ldap_display_cmnd __P((struct sudo_nss *, struct passwd *));
259: int sudo_ldap_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
260: int sudo_ldap_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
261: int sudo_ldap_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
262: #endif
263: int sudo_file_open __P((struct sudo_nss *));
264: int sudo_file_close __P((struct sudo_nss *));
265: int sudo_file_setdefs __P((struct sudo_nss *));
266: int sudo_file_lookup __P((struct sudo_nss *, int, int));
267: int sudo_file_parse __P((struct sudo_nss *));
268: int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *));
269: int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
270: int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
271: int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
1.25 millert 272: int set_perms __P((int));
1.1 millert 273: void remove_timestamp __P((int));
274: int check_secureware __P((char *));
275: void sia_attempt_auth __P((void));
276: void pam_attempt_auth __P((void));
277: int yyparse __P((void));
278: void pass_warn __P((FILE *));
1.22 millert 279: void *emalloc __P((size_t));
280: void *emalloc2 __P((size_t, size_t));
281: void *erealloc __P((void *, size_t));
282: void *erealloc3 __P((void *, size_t, size_t));
1.1 millert 283: char *estrdup __P((const char *));
1.18 millert 284: int easprintf __P((char **, const char *, ...))
285: __printflike(2, 3);
286: int evasprintf __P((char **, const char *, va_list))
287: __printflike(2, 0);
1.22 millert 288: void efree __P((void *));
1.1 millert 289: void dump_defaults __P((void));
290: void dump_auth_methods __P((void));
1.7 millert 291: void init_envtables __P((void));
1.22 millert 292: void read_env_file __P((const char *, int));
1.1 millert 293: int lock_file __P((int, int));
1.16 millert 294: int touch __P((int, char *, struct timespec *));
1.4 millert 295: int user_is_exempt __P((void));
1.2 millert 296: void set_fqdn __P((void));
1.16 millert 297: char *sudo_getepw __P((const struct passwd *));
1.7 millert 298: int pam_prep_user __P((struct passwd *));
1.22 millert 299: void zero_bytes __P((volatile void *, size_t));
1.16 millert 300: int gettime __P((struct timespec *));
1.25 millert 301: FILE *open_sudoers __P((const char *, int, int *));
1.22 millert 302: void display_privs __P((struct sudo_nss_list *, struct passwd *));
303: int display_cmnd __P((struct sudo_nss_list *, struct passwd *));
304: int get_ttycols __P((void));
305: char *sudo_parseln __P((FILE *));
306: void sudo_setgrent __P((void));
307: void sudo_endgrent __P((void));
308: void sudo_setpwent __P((void));
309: void sudo_endpwent __P((void));
310: void sudo_setspent __P((void));
311: void sudo_endspent __P((void));
312: void cleanup __P((int));
313: struct passwd *sudo_getpwnam __P((const char *));
314: struct passwd *sudo_fakepwnam __P((const char *, gid_t));
315: struct passwd *sudo_getpwuid __P((uid_t));
316: struct group *sudo_getgrnam __P((const char *));
317: struct group *sudo_fakegrnam __P((const char *));
318: struct group *sudo_getgrgid __P((gid_t));
1.21 millert 319: #ifdef HAVE_SELINUX
1.22 millert 320: void selinux_exec __P((char *, char *, char **, int));
321: #endif
322: #ifdef HAVE_GETUSERATTR
323: void aix_setlimits __P((char *));
1.21 millert 324: #endif
1.1 millert 325: YY_DECL;
326:
327: /* Only provide extern declarations outside of sudo.c. */
1.11 millert 328: #ifndef _SUDO_MAIN
1.1 millert 329: extern struct sudo_user sudo_user;
1.22 millert 330: extern struct passwd *auth_pw, *list_pw;
1.1 millert 331:
1.4 millert 332: extern int tgetpass_flags;
1.22 millert 333: extern int long_list;
1.10 millert 334: extern uid_t timestamp_uid;
1.1 millert 335: #endif
1.15 otto 336: #ifndef errno
1.1 millert 337: extern int errno;
1.15 otto 338: #endif
1.1 millert 339:
340: #endif /* _SUDO_SUDO_H */