2 * Copyright (c) 1993-1996, 1998-2005, 2007-2013
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
26 #include <pathnames.h>
30 # include "compat/stdbool.h"
31 #endif /* HAVE_STDBOOL_H */
38 #include "sudo_conf.h"
39 #include "sudo_debug.h"
47 # define ROOT_UID 65535
53 * Various modes sudo can be in (based on arguments) in hex
55 #define MODE_RUN 0x00000001
56 #define MODE_EDIT 0x00000002
57 #define MODE_VALIDATE 0x00000004
58 #define MODE_INVALIDATE 0x00000008
59 #define MODE_KILL 0x00000010
60 #define MODE_VERSION 0x00000020
61 #define MODE_HELP 0x00000040
62 #define MODE_LIST 0x00000080
63 #define MODE_CHECK 0x00000100
64 #define MODE_MASK 0x0000ffff
67 /* XXX - prune this */
68 #define MODE_BACKGROUND 0x00010000
69 #define MODE_SHELL 0x00020000
70 #define MODE_LOGIN_SHELL 0x00040000
71 #define MODE_IMPLIED_SHELL 0x00080000
72 #define MODE_RESET_HOME 0x00100000
73 #define MODE_PRESERVE_GROUPS 0x00200000
74 #define MODE_PRESERVE_ENV 0x00400000
75 #define MODE_NONINTERACTIVE 0x00800000
76 #define MODE_LONG_LIST 0x01000000
79 * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
80 * but that caused problems with various alternate authentication
81 * methods. So, we just define our own and assume that it is >= the
84 #define SUDO_PASS_MAX 256
87 * Flags for tgetpass()
89 #define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */
90 #define TGP_ECHO 0x01 /* leave echo on when reading passwd */
91 #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
92 #define TGP_ASKPASS 0x04 /* read from askpass helper program */
93 #define TGP_MASK 0x08 /* mask user input when reading */
94 #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */
106 const char *username;
117 #define CD_SET_UID 0x0001
118 #define CD_SET_EUID 0x0002
119 #define CD_SET_GID 0x0004
120 #define CD_SET_EGID 0x0008
121 #define CD_PRESERVE_GROUPS 0x0010
122 #define CD_NOEXEC 0x0020
123 #define CD_SET_PRIORITY 0x0040
124 #define CD_SET_UMASK 0x0080
125 #define CD_SET_TIMEOUT 0x0100
126 #define CD_SUDOEDIT 0x0200
127 #define CD_BACKGROUND 0x0400
128 #define CD_RBAC_ENABLED 0x0800
129 #define CD_USE_PTY 0x1000
130 #define CD_SET_UTMP 0x2000
131 #define CD_EXEC_BG 0x4000
133 struct command_details {
148 const char *login_class;
150 const char *selinux_role;
151 const char *selinux_type;
152 const char *utmp_user;
157 priv_set_t *limitprivs;
161 /* Status passed between parent and child via socketpair */
162 struct command_status {
163 #define CMD_INVALID 0
165 #define CMD_WSTATUS 2
174 /* For fatal() and fatalx() (XXX - needed?) */
178 char *tgetpass(const char *, int, int);
179 int tty_present(void);
182 void zero_bytes(volatile void *, size_t);
185 int pipe_nonblock(int fds[2]);
186 int sudo_execute(struct command_details *details, struct command_status *cstat);
189 int term_cbreak(int);
190 int term_copy(int, int);
191 int term_noecho(int);
192 int term_raw(int, int);
193 int term_restore(int, int);
196 char *fmt_string(const char *var, const char *value);
199 bool atobool(const char *str);
202 int parse_args(int argc, char **argv, int *nargc, char ***nargv,
203 char ***settingsp, char ***env_addp);
204 extern int tgetpass_flags;
207 int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t uid);
210 void get_ttysize(int *rowp, int *colp);
213 bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd);
214 int policy_init_session(struct command_details *details);
215 int run_command(struct command_details *details);
216 int os_init_common(int argc, char *argv[], char *envp[]);
217 extern const char *list_user, *runas_user, *runas_group;
218 extern struct user_details user_details;
221 int sudo_edit(struct command_details *details);
227 int os_init_openbsd(int argc, char *argv[], char *envp[]);
230 int selinux_restore_tty(void);
231 int selinux_setup(const char *role, const char *type, const char *ttyn,
233 void selinux_execve(const char *path, char *const argv[], char *const envp[],
237 void set_project(struct passwd *);
238 int os_init_solaris(int argc, char *argv[], char *envp[]);
241 void aix_prep_user(char *user, const char *tty);
242 void aix_restoreauthdb(void);
243 void aix_setauthdb(char *user);
246 /* XXX - move to sudo_plugin_int.h? */
248 int register_hook(struct sudo_hook *hook);
249 int deregister_hook(struct sudo_hook *hook);
250 int process_hooks_getenv(const char *name, char **val);
251 int process_hooks_setenv(const char *name, const char *value, int overwrite);
252 int process_hooks_putenv(char *string);
253 int process_hooks_unsetenv(const char *name);
256 char *getenv_unhooked(const char *name);
259 int get_net_ifs(char **addrinfo);
262 int sudo_setgroups(int ngids, const GETGROUPS_T *gids);
265 char *get_process_ttyname(void);
269 extern int signal_pipe[2];
270 int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa);
271 void init_signals(void);
272 void restore_signals(void);
273 void save_signals(void);
275 #endif /* _SUDO_SUDO_H */