2 * Copyright (c) 2004-2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/param.h>
24 #include <sys/socket.h>
33 #endif /* STDC_HEADERS */
36 #endif /* HAVE_STRING_H */
39 #endif /* HAVE_STRINGS_H */
42 #endif /* HAVE_UNISTD_H */
49 #if TIME_WITH_SYS_TIME
55 #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID)
58 switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups)
61 debug_decl(switch_user, SUDO_DEBUG_EDIT)
63 /* When restoring root, change euid first; otherwise change it last. */
64 if (euid == ROOT_UID) {
65 if (seteuid(ROOT_UID) != 0)
66 error(1, "seteuid(ROOT_UID)");
68 if (setegid(egid) != 0)
69 error(1, "setegid(%d)", (int)egid);
71 if (sudo_setgroups(ngroups, groups) != 0)
72 error(1, "setgroups");
74 if (euid != ROOT_UID) {
75 if (seteuid(euid) != 0)
76 error(1, "seteuid(%d)", (int)euid);
84 * Wrapper to allow users to edit privileged files with their own uid.
87 sudo_edit(struct command_details *command_details)
89 struct command_details editor_details;
90 ssize_t nread, nwritten;
92 char *cp, *suff, **nargv, **ap, **files = NULL;
94 int rc, i, j, ac, ofd, tfd, nargc, rval, tmplen;
95 int editor_argc = 0, nfiles = 0;
97 struct timeval tv, tv1, tv2;
101 struct timeval omtim;
104 debug_decl(sudo_edit, SUDO_DEBUG_EDIT)
107 * Set real, effective and saved uids to root.
108 * We will change the euid as needed below.
110 if (setuid(ROOT_UID) != 0) {
111 warning(_("unable to change uid to root (%u)"), ROOT_UID);
116 * Find our temporary directory, one of /var/tmp, /usr/tmp, or /tmp
118 if (stat(_PATH_VARTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
119 tmpdir = _PATH_VARTMP;
121 else if (stat(_PATH_USRTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
122 tmpdir = _PATH_USRTMP;
126 tmplen = strlen(tmpdir);
127 while (tmplen > 0 && tmpdir[tmplen - 1] == '/')
131 * The user's editor must be separated from the files to be
132 * edited by a "--" option.
134 for (ap = command_details->argv; *ap != NULL; ap++) {
137 else if (strcmp(*ap, "--") == 0)
143 warningx(_("plugin error: missing file list for sudoedit"));
148 * For each file specified by the user, make a temporary version
149 * and copy the contents of the original to it.
151 tf = emalloc2(nfiles, sizeof(*tf));
152 zero_bytes(tf, nfiles * sizeof(*tf));
153 for (i = 0, j = 0; i < nfiles; i++) {
155 switch_user(command_details->euid, command_details->egid,
156 command_details->ngroups, command_details->groups);
157 if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) {
159 zero_bytes(&sb, sizeof(sb)); /* new file */
162 rc = fstat(ofd, &sb);
165 switch_user(ROOT_UID, user_details.egid,
166 user_details.ngroups, user_details.groups);
167 if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) {
169 warning("%s", files[i]);
171 warningx(_("%s: not a regular file"), files[i]);
176 tf[j].ofile = files[i];
177 tf[j].osize = sb.st_size;
178 mtim_get(&sb, &tf[j].omtim);
179 if ((cp = strrchr(tf[j].ofile, '/')) != NULL)
183 suff = strrchr(cp, '.');
185 easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir,
186 (int)(size_t)(suff - cp), cp, suff);
188 easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp);
190 if (seteuid(user_details.uid) != 0)
191 error(1, "seteuid(%d)", (int)user_details.uid);
192 tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0);
193 if (seteuid(ROOT_UID) != 0)
194 error(1, "seteuid(ROOT_UID)");
200 while ((nread = read(ofd, buf, sizeof(buf))) != 0) {
201 if ((nwritten = write(tfd, buf, nread)) != nread) {
203 warning("%s", tf[j].tfile);
205 warningx(_("%s: short write"), tf[j].tfile);
212 * We always update the stashed mtime because the time
213 * resolution of the filesystem the temporary file is on may
214 * not match that of the filesystem where the file to be edited
215 * resides. It is OK if touch() fails since we only use the info
216 * to determine whether or not a file has been modified.
218 (void) touch(tfd, NULL, &tf[j].omtim);
219 rc = fstat(tfd, &sb);
221 mtim_get(&sb, &tf[j].omtim);
225 if ((nfiles = j) == 0)
226 goto cleanup; /* no files readable, you lose */
229 * Allocate space for the new argument vector and fill it in.
230 * We concatenate the editor with its args and the file list
231 * to create a new argv.
233 nargc = editor_argc + nfiles;
234 nargv = (char **) emalloc2(nargc + 1, sizeof(char *));
235 for (ac = 0; ac < editor_argc; ac++)
236 nargv[ac] = command_details->argv[ac];
237 for (i = 0; i < nfiles && ac < nargc; )
238 nargv[ac++] = tf[i++].tfile;
242 * Run the editor with the invoking user's creds,
243 * keeping track of the time spent in the editor.
245 gettimeofday(&tv1, NULL);
246 memcpy(&editor_details, command_details, sizeof(editor_details));
247 editor_details.uid = user_details.uid;
248 editor_details.euid = user_details.uid;
249 editor_details.gid = user_details.gid;
250 editor_details.egid = user_details.gid;
251 editor_details.ngroups = user_details.ngroups;
252 editor_details.groups = user_details.groups;
253 editor_details.argv = nargv;
254 rval = run_command(&editor_details);
255 gettimeofday(&tv2, NULL);
257 /* Copy contents of temp files to real ones */
258 for (i = 0; i < nfiles; i++) {
260 if (seteuid(user_details.uid) != 0)
261 error(1, "seteuid(%d)", (int)user_details.uid);
262 if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) {
263 rc = fstat(tfd, &sb);
265 if (seteuid(ROOT_UID) != 0)
266 error(1, "seteuid(ROOT_UID)");
267 if (rc || !S_ISREG(sb.st_mode)) {
269 warning("%s", tf[i].tfile);
271 warningx(_("%s: not a regular file"), tf[i].tfile);
272 warningx(_("%s left unmodified"), tf[i].ofile);
278 if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) {
280 * If mtime and size match but the user spent no measurable
281 * time in the editor we can't tell if the file was changed.
283 timevalsub(&tv1, &tv2);
284 if (timevalisset(&tv2)) {
285 warningx(_("%s unchanged"), tf[i].ofile);
291 switch_user(command_details->euid, command_details->egid,
292 command_details->ngroups, command_details->groups);
293 ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644);
294 switch_user(ROOT_UID, user_details.egid,
295 user_details.ngroups, user_details.groups);
297 warning(_("unable to write to %s"), tf[i].ofile);
298 warningx(_("contents of edit session left in %s"), tf[i].tfile);
302 while ((nread = read(tfd, buf, sizeof(buf))) > 0) {
303 if ((nwritten = write(ofd, buf, nread)) != nread) {
305 warning("%s", tf[i].ofile);
307 warningx(_("%s: short write"), tf[i].ofile);
312 /* success, got EOF */
314 } else if (nread < 0) {
315 warning(_("unable to read temporary file"));
316 warningx(_("contents of edit session left in %s"), tf[i].tfile);
318 warning(_("unable to write to %s"), tf[i].ofile);
319 warningx(_("contents of edit session left in %s"), tf[i].tfile);
323 debug_return_int(rval);
326 /* Clean up temp files and return. */
328 for (i = 0; i < nfiles; i++) {
329 if (tf[i].tfile != NULL)
336 #else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
339 * Must have the ability to change the effective uid to use sudoedit.
342 sudo_edit(struct command_details *command_details)
344 debug_decl(sudo_edit, SUDO_DEBUG_EDIT)
348 #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */