+ sudo_setenv("SUDO_USER", user_name, TRUE);
+ snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
+ sudo_setenv("SUDO_UID", idbuf, TRUE);
+ snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
+ sudo_setenv("SUDO_GID", idbuf, TRUE);
+
+ /* Free old environment. */
+ efree(old_envp);
+}
+
+void
+insert_env_vars(env_vars)
+ struct list_member *env_vars;
+{
+ struct list_member *cur;
+
+ /* Add user-specified environment variables. */
+ for (cur = env_vars; cur != NULL; cur = cur->next)
+ putenv(cur->value);
+}
+
+/*
+ * Validate the list of environment variables passed in on the command
+ * line against env_delete, env_check, and env_keep.
+ * Calls log_error() if any specified variables are not allowed.
+ */
+void
+validate_env_vars(env_vars)
+ struct list_member *env_vars;
+{
+ struct list_member *var;
+ char *eq, *bad = NULL;
+ size_t len, blen = 0, bsize = 0;
+ int okvar;
+
+ /* Add user-specified environment variables. */
+ for (var = env_vars; var != NULL; var = var->next) {
+ if (def_secure_path && !user_is_exempt() &&
+ strncmp(var->value, "PATH=", 5) == 0) {
+ okvar = FALSE;
+ } else if (def_env_reset) {
+ okvar = matches_env_check(var->value);
+ if (okvar == -1)
+ okvar = matches_env_keep(var->value);
+ } else {
+ okvar = matches_env_delete(var->value) == FALSE;
+ if (okvar == FALSE)
+ okvar = matches_env_check(var->value) != FALSE;
+ }
+ if (okvar == FALSE) {
+ /* Not allowed, add to error string, allocating as needed. */
+ if ((eq = strchr(var->value, '=')) != NULL)
+ *eq = '\0';
+ len = strlen(var->value) + 2;
+ if (blen + len >= bsize) {
+ do {
+ bsize += 1024;
+ } while (blen + len >= bsize);
+ bad = erealloc(bad, bsize);
+ bad[blen] = '\0';
+ }
+ strlcat(bad, var->value, bsize);
+ strlcat(bad, ", ", bsize);
+ blen += len;
+ if (eq != NULL)
+ *eq = '=';
+ }
+ }
+ if (bad != NULL) {
+ bad[blen - 2] = '\0'; /* remove trailing ", " */
+ log_error(NO_MAIL,
+ "sorry, you are not allowed to set the following environment variables: %s", bad);
+ /* NOTREACHED */
+ efree(bad);
+ }
+}