2 * Copyright (c) 1999-2005, 2007-2008
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
24 #include <sys/types.h>
25 #include <sys/param.h>
34 #endif /* STDC_HEADERS */
38 # ifdef HAVE_STRINGS_H
41 #endif /* HAVE_STRING_H */
44 #endif /* HAVE_UNISTD_H */
53 * For converting between syslog numbers and strings.
60 #ifdef LOG_NFACILITIES
61 static struct strmap facilities[] = {
63 { "authpriv", LOG_AUTHPRIV },
66 { "daemon", LOG_DAEMON },
68 { "local0", LOG_LOCAL0 },
69 { "local1", LOG_LOCAL1 },
70 { "local2", LOG_LOCAL2 },
71 { "local3", LOG_LOCAL3 },
72 { "local4", LOG_LOCAL4 },
73 { "local5", LOG_LOCAL5 },
74 { "local6", LOG_LOCAL6 },
75 { "local7", LOG_LOCAL7 },
78 #endif /* LOG_NFACILITIES */
80 static struct strmap priorities[] = {
81 { "alert", LOG_ALERT },
83 { "debug", LOG_DEBUG },
84 { "emerg", LOG_EMERG },
87 { "notice", LOG_NOTICE },
88 { "warning", LOG_WARNING },
95 static int store_int __P((char *, struct sudo_defs_types *, int));
96 static int store_list __P((char *, struct sudo_defs_types *, int));
97 static int store_mode __P((char *, struct sudo_defs_types *, int));
98 static int store_str __P((char *, struct sudo_defs_types *, int));
99 static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
100 static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
101 static int store_tuple __P((char *, struct sudo_defs_types *, int));
102 static int store_uint __P((char *, struct sudo_defs_types *, int));
103 static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
104 static const char *logfac2str __P((int));
105 static const char *logpri2str __P((int));
108 * Table describing compile-time and run-time options.
110 #include <def_data.c>
113 * Print version and configure info.
118 struct sudo_defs_types *cur;
119 struct list_member *item;
120 struct def_values *def;
122 for (cur = sudo_defs_table; cur->name; cur++) {
124 switch (cur->type & T_MASK) {
130 if (cur->sd_un.str) {
131 (void) printf(cur->desc, cur->sd_un.str);
136 if (cur->sd_un.ival) {
137 (void) printf(cur->desc, logfac2str(cur->sd_un.ival));
142 if (cur->sd_un.ival) {
143 (void) printf(cur->desc, logpri2str(cur->sd_un.ival));
149 (void) printf(cur->desc, cur->sd_un.ival);
153 (void) printf(cur->desc, cur->sd_un.mode);
157 if (cur->sd_un.list) {
159 for (item = cur->sd_un.list; item; item = item->next)
160 printf("\t%s\n", item->value);
164 for (def = cur->values; def->sval; def++) {
165 if (cur->sd_un.ival == def->ival) {
166 (void) printf(cur->desc, def->sval);
178 * List each option along with its description.
183 struct sudo_defs_types *cur;
186 (void) puts("Available options in a sudoers ``Defaults'' line:\n");
187 for (cur = sudo_defs_table; cur->name; cur++) {
188 if (cur->name && cur->desc) {
189 switch (cur->type & T_MASK) {
191 (void) printf("%s: %s\n", cur->name, cur->desc);
194 p = strrchr(cur->desc, ':');
196 (void) printf("%s: %.*s\n", cur->name,
197 (int) (p - cur->desc), cur->desc);
199 (void) printf("%s: %s\n", cur->name, cur->desc);
207 * Sets/clears an entry in the defaults structure
208 * If a variable that takes a value is used in a boolean
209 * context with op == 0, disable that variable.
210 * Eg. you may want to turn off logging to a file for some hosts.
211 * This is only meaningful for variables that are *optional*.
214 set_default(var, val, op)
217 int op; /* TRUE or FALSE */
219 struct sudo_defs_types *cur;
222 for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
223 if (strcmp(var, cur->name) == 0)
227 warningx("unknown defaults entry `%s'", var);
231 switch (cur->type & T_MASK) {
233 if (!store_syslogfac(val, cur, op)) {
235 warningx("value `%s' is invalid for option `%s'", val, var);
237 warningx("no value specified for `%s'", var);
242 if (!store_syslogpri(val, cur, op)) {
244 warningx("value `%s' is invalid for option `%s'", val, var);
246 warningx("no value specified for `%s'", var);
252 /* Check for bogus boolean usage or lack of a value. */
253 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
254 warningx("no value specified for `%s'", var);
258 if (ISSET(cur->type, T_PATH) && val && *val != '/') {
259 warningx("values for `%s' must start with a '/'", var);
262 if (!store_str(val, cur, op)) {
263 warningx("value `%s' is invalid for option `%s'", val, var);
269 /* Check for bogus boolean usage or lack of a value. */
270 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
271 warningx("no value specified for `%s'", var);
275 if (!store_int(val, cur, op)) {
276 warningx("value `%s' is invalid for option `%s'", val, var);
282 /* Check for bogus boolean usage or lack of a value. */
283 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
284 warningx("no value specified for `%s'", var);
288 if (!store_uint(val, cur, op)) {
289 warningx("value `%s' is invalid for option `%s'", val, var);
295 /* Check for bogus boolean usage or lack of a value. */
296 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
297 warningx("no value specified for `%s'", var);
301 if (!store_mode(val, cur, op)) {
302 warningx("value `%s' is invalid for option `%s'", val, var);
308 warningx("option `%s' does not take a value", var);
311 cur->sd_un.flag = op;
313 /* Special action for I_FQDN. Move to own switch if we get more */
314 if (num == I_FQDN && op)
319 /* Check for bogus boolean usage or lack of a value. */
320 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
321 warningx("no value specified for `%s'", var);
325 if (!store_list(val, cur, op)) {
326 warningx("value `%s' is invalid for option `%s'", val, var);
331 if (!val && !ISSET(cur->type, T_BOOL)) {
332 warningx("no value specified for `%s'", var);
335 if (!store_tuple(val, cur, op)) {
336 warningx("value `%s' is invalid for option `%s'", val, var);
346 * Set default options to compiled-in values.
347 * Any of these may be overridden at runtime by a "Defaults" file.
352 static int firsttime = 1;
353 struct sudo_defs_types *def;
355 /* Clear any old settings. */
357 for (def = sudo_defs_table; def->name; def++) {
358 switch (def->type & T_MASK) {
360 efree(def->sd_un.str);
361 def->sd_un.str = NULL;
364 list_op(NULL, 0, def, freeall);
367 zero_bytes(&def->sd_un, sizeof(def->sd_un));
371 /* First initialize the flags. */
372 #ifdef LONG_OTP_PROMPT
373 def_long_otp_prompt = TRUE;
375 #ifdef IGNORE_DOT_PATH
376 def_ignore_dot = TRUE;
378 #ifdef ALWAYS_SEND_MAIL
379 def_mail_always = TRUE;
381 #ifdef SEND_MAIL_WHEN_NO_USER
382 def_mail_no_user = TRUE;
384 #ifdef SEND_MAIL_WHEN_NO_HOST
385 def_mail_no_host = TRUE;
387 #ifdef SEND_MAIL_WHEN_NOT_OK
388 def_mail_no_perms = TRUE;
390 #ifdef USE_TTY_TICKETS
391 def_tty_tickets = TRUE;
396 #ifndef NO_AUTHENTICATION
397 def_authenticate = TRUE;
400 def_root_sudo = TRUE;
405 #ifdef SHELL_IF_NO_ARGS
406 def_shell_noargs = TRUE;
408 #ifdef SHELL_SETS_HOME
411 #ifndef DONT_LEAK_PATH_INFO
412 def_path_info = TRUE;
421 def_env_editor = TRUE;
423 #ifdef _PATH_SUDO_ASKPASS
424 def_askpass = estrdup(_PATH_SUDO_ASKPASS);
426 def_sudoers_locale = estrdup("C");
427 def_env_reset = TRUE;
428 def_set_logname = TRUE;
429 def_closefrom = STDERR_FILENO + 1;
431 /* Syslog options need special care since they both strings and ints */
432 #if (LOGGING & SLOG_SYSLOG)
433 (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
434 (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
436 (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
440 /* Password flags also have a string and integer component. */
441 (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
442 (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
444 /* Then initialize the int-like things. */
446 def_umask = SUDO_UMASK;
450 def_loglinelen = MAXLOGFILELEN;
451 def_timestamp_timeout = TIMEOUT;
452 def_passwd_timeout = PASSWORD_TIMEOUT;
453 def_passwd_tries = TRIES_FOR_PASSWORD;
455 /* Now do the strings */
456 def_mailto = estrdup(MAILTO);
457 def_mailsub = estrdup(MAILSUBJECT);
458 def_badpass_message = estrdup(INCORRECT_PASSWORD);
459 def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
460 def_passprompt = estrdup(PASSPROMPT);
461 def_runas_default = estrdup(RUNAS_DEFAULT);
462 #ifdef _PATH_SUDO_SENDMAIL
463 def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
464 def_mailerflags = estrdup("-t");
466 #if (LOGGING & SLOG_FILE)
467 def_logfile = estrdup(_PATH_SUDO_LOGFILE);
470 def_exempt_group = estrdup(EXEMPTGROUP);
473 def_secure_path = estrdup(SECURE_PATH);
475 def_editor = estrdup(EDITOR);
476 #ifdef _PATH_SUDO_NOEXEC
477 def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
480 /* Finally do the lists (currently just environment tables). */
487 * Update the defaults based on what was set by sudoers.
488 * Pass in a an OR'd list of which default types to update.
491 update_defaults(what)
494 struct defaults *def;
496 tq_foreach_fwd(&defaults, def) {
499 if (ISSET(what, SETDEF_GENERIC) &&
500 !set_default(def->var, def->val, def->op))
504 if (ISSET(what, SETDEF_USER) &&
505 userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
506 !set_default(def->var, def->val, def->op))
510 if (ISSET(what, SETDEF_RUNAS) &&
511 runaslist_matches(&def->binding, NULL) == ALLOW &&
512 !set_default(def->var, def->val, def->op))
516 if (ISSET(what, SETDEF_HOST) &&
517 hostlist_matches(&def->binding) == ALLOW &&
518 !set_default(def->var, def->val, def->op))
522 if (ISSET(what, SETDEF_CMND) &&
523 cmndlist_matches(&def->binding) == ALLOW &&
524 !set_default(def->var, def->val, def->op))
533 store_int(val, def, op)
535 struct sudo_defs_types *def;
544 l = strtol(val, &endp, 10);
547 /* XXX - should check against INT_MAX */
548 def->sd_un.ival = (unsigned int)l;
551 return(def->callback(val));
556 store_uint(val, def, op)
558 struct sudo_defs_types *def;
567 l = strtol(val, &endp, 10);
568 if (*endp != '\0' || l < 0)
570 /* XXX - should check against INT_MAX */
571 def->sd_un.ival = (unsigned int)l;
574 return(def->callback(val));
579 store_tuple(val, def, op)
581 struct sudo_defs_types *def;
584 struct def_values *v;
587 * Since enums are really just ints we store the value as an ival.
588 * In the future, there may be multiple enums for different tuple
589 * types we want to avoid and special knowledge of the tuple type.
590 * This does assume that the first entry in the tuple enum will
591 * be the equivalent to a boolean "false".
594 def->sd_un.ival = (op == FALSE) ? 0 : 1;
596 for (v = def->values; v->sval != NULL; v++) {
597 if (strcmp(v->sval, val) == 0) {
598 def->sd_un.ival = v->ival;
606 return(def->callback(val));
611 store_str(val, def, op)
613 struct sudo_defs_types *def;
617 efree(def->sd_un.str);
619 def->sd_un.str = NULL;
621 def->sd_un.str = estrdup(val);
623 return(def->callback(val));
628 store_list(str, def, op)
630 struct sudo_defs_types *def;
635 /* Remove all old members. */
636 if (op == FALSE || op == TRUE)
637 list_op(NULL, 0, def, freeall);
639 /* Split str into multiple space-separated words and act on each one. */
643 /* Remove leading blanks, if nothing but blanks we are done. */
644 for (start = end; isblank(*start); start++)
649 /* Find end position and perform operation. */
650 for (end = start; *end && !isblank(*end); end++)
652 list_op(start, end - start, def, op == '-' ? delete : add);
653 } while (*end++ != '\0');
659 store_syslogfac(val, def, op)
661 struct sudo_defs_types *def;
667 def->sd_un.ival = FALSE;
670 #ifdef LOG_NFACILITIES
673 for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
675 if (fac->name == NULL)
676 return(FALSE); /* not found */
678 def->sd_un.ival = fac->num;
680 def->sd_un.ival = -1;
681 #endif /* LOG_NFACILITIES */
689 #ifdef LOG_NFACILITIES
692 for (fac = facilities; fac->name && fac->num != n; fac++)
697 #endif /* LOG_NFACILITIES */
701 store_syslogpri(val, def, op)
703 struct sudo_defs_types *def;
708 if (op == FALSE || !val)
711 for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
713 if (pri->name == NULL)
714 return(FALSE); /* not found */
716 def->sd_un.ival = pri->num;
726 for (pri = priorities; pri->name && pri->num != n; pri++)
732 store_mode(val, def, op)
734 struct sudo_defs_types *def;
741 def->sd_un.mode = (mode_t)0777;
743 l = strtol(val, &endp, 8);
744 if (*endp != '\0' || l < 0 || l > 0777)
746 def->sd_un.mode = (mode_t)l;
749 return(def->callback(val));
754 list_op(val, len, def, op)
757 struct sudo_defs_types *def;
760 struct list_member *cur, *prev, *tmp;
763 for (cur = def->sd_un.list; cur; ) {
769 def->sd_un.list = NULL;
773 for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
774 if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
777 return; /* already exists */
781 prev->next = cur->next;
783 def->sd_un.list = cur->next;
790 /* Add new node to the head of the list. */
792 cur = emalloc(sizeof(struct list_member));
793 cur->value = emalloc(len + 1);
794 (void) memcpy(cur->value, val, len);
795 cur->value[len] = '\0';
796 cur->next = def->sd_un.list;
797 def->sd_un.list = cur;
projects / debian / sudo / blob