/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#ifdef HAVE_LOGIN_CAP_H
# include <login_cap.h>
+# ifndef LOGIN_SETENV
+# define LOGIN_SETENV 0
+# endif
#endif
#ifdef HAVE_PROJECT_H
# include <project.h>
# endif /* __hpux */
# include <prot.h>
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
-#if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV)
-# include <sys/sysctl.h>
-#elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV)
-# include <sys/sysctl.h>
-# include <sys/user.h>
-#endif
#include "sudo.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
-#include <sudo_usage.h>
+#include "sudo_usage.h"
/*
* Local variables
struct plugin_container_list io_plugins;
struct user_details user_details;
const char *list_user, *runas_user, *runas_group; /* extern for parse_args.c */
+static struct command_details command_details;
static int sudo_mode;
/*
*/
static void fix_fds(void);
static void disable_coredumps(void);
+static void sudo_check_suid(const char *path);
static char **get_user_info(struct user_details *);
static void command_info_to_details(char * const info[],
struct command_details *details);
char * const argv[], int verbose, const char *list_user);
static int policy_validate(struct plugin_container *plugin);
static void policy_invalidate(struct plugin_container *plugin, int remove);
-static int policy_init_session(struct plugin_container *plugin,
- struct passwd *pwd);
/* I/O log plugin convenience functions. */
static int iolog_open(struct plugin_container *plugin, char * const settings[],
static void iolog_close(struct plugin_container *plugin, int exit_status,
int error);
static int iolog_show_version(struct plugin_container *plugin, int verbose);
+static void iolog_unlink(struct plugin_container *plugin);
#ifdef RLIMIT_CORE
static struct rlimit corelimit;
static struct rlimit nproclimit;
#endif
-#ifdef HAVE_LOGIN_CAP_H
-extern char **environ;
-#endif
+__dso_public int main(int argc, char *argv[], char *envp[]);
int
main(int argc, char *argv[], char *envp[])
char **nargv, **settings, **env_add;
char **user_info, **command_info, **argv_out, **user_env_out;
struct plugin_container *plugin, *next;
- struct command_details command_details;
sigset_t mask;
debug_decl(main, SUDO_DEBUG_MAIN)
-#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
- {
- extern char *malloc_options;
- malloc_options = "AFGJPR";
- }
-#endif
-
-#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
- if (argc > 0)
- setprogname(argv[0]);
-#endif
+ os_init(argc, argv, envp);
-#ifdef HAVE_SETLOCALE
setlocale(LC_ALL, "");
-#endif
bindtextdomain(PACKAGE_NAME, LOCALEDIR);
textdomain(PACKAGE_NAME);
+#ifdef HAVE_TZSET
+ (void) tzset();
+#endif /* HAVE_TZSET */
+
/* Must be done before we do any password lookups */
#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
(void) set_auth_parameters(argc, argv);
# endif
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
- if (geteuid() != 0)
- errorx(1, _("must be setuid root"));
+ /* Make sure we are setuid root. */
+ sudo_check_suid(argv[0]);
- /* Reset signal mask and make sure fds 0-2 are open. */
+ /* Reset signal mask, save signal state and make sure fds 0-2 are open. */
(void) sigemptyset(&mask);
(void) sigprocmask(SIG_SETMASK, &mask, NULL);
+ save_signals();
fix_fds();
+ /* Read sudo.conf. */
+ sudo_conf_read(NULL);
+
/* Fill in user_info with user name, uid, cwd, etc. */
memset(&user_details, 0, sizeof(user_details));
user_info = get_user_info(&user_details);
- /* Read sudo.conf. */
- sudo_conf_read();
-
/* Disable core dumps if not enabled in sudo.conf. */
disable_coredumps();
/* Load plugins. */
if (!sudo_load_plugins(&policy_plugin, &io_plugins))
- errorx(1, _("fatal error, unable to load plugins"));
+ fatalx(_("fatal error, unable to load plugins"));
/* Open policy plugin. */
ok = policy_open(&policy_plugin, settings, user_info, envp);
if (ok == -2)
usage(1);
else
- errorx(1, _("unable to initialize policy plugin"));
+ fatalx(_("unable to initialize policy plugin"));
}
+ init_signals();
+
switch (sudo_mode & MODE_MASK) {
case MODE_VERSION:
policy_show_version(&policy_plugin, !user_details.uid);
tq_foreach_fwd(&io_plugins, plugin) {
ok = iolog_open(plugin, settings, user_info, NULL,
nargc, nargv, envp);
- if (ok == 1)
+ if (ok != -1)
iolog_show_version(plugin, !user_details.uid);
}
break;
case 1:
break;
case 0:
- /* I/O plugin asked to be disabled, remove from list. */
- tq_remove(&io_plugins, plugin);
+ /* I/O plugin asked to be disabled, remove and free. */
+ iolog_unlink(plugin);
break;
case -2:
usage(1);
break;
default:
- errorx(1, _("error initializing I/O plugin %s"),
+ fatalx(_("error initializing I/O plugin %s"),
plugin->name);
}
}
+ /* Setup command details and run command/edit. */
command_info_to_details(command_info, &command_details);
command_details.argv = argv_out;
command_details.envp = user_env_out;
if (ISSET(sudo_mode, MODE_BACKGROUND))
SET(command_details.flags, CD_BACKGROUND);
/* Become full root (not just setuid) so user cannot kill us. */
- (void) setuid(ROOT_UID);
+ if (setuid(ROOT_UID) == -1)
+ warning("setuid(%d)", ROOT_UID);
/* Restore coredumpsize resource limit before running. */
#ifdef RLIMIT_CORE
if (sudo_conf_disable_coredump())
/* The close method was called by sudo_edit/run_command. */
break;
default:
- errorx(1, _("unexpected sudo mode 0x%x"), sudo_mode);
+ fatalx(_("unexpected sudo mode 0x%x"), sudo_mode);
}
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode);
exit(exitcode);
}
+int
+os_init_common(int argc, char *argv[], char *envp[])
+{
+#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
+ if (argc > 0)
+ setprogname(argv[0]);
+#endif
+ return 0;
+}
+
/*
* Ensure that stdin, stdout and stderr are open; set to /dev/null if not.
* Some operating systems do this automatically in the kernel or libc.
miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
- error(1, _("unable to open %s"), _PATH_DEVNULL);
+ fatal(_("unable to open %s"), _PATH_DEVNULL);
if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (devnull > STDERR_FILENO)
close(devnull);
}
/*
* Allocate space for groups and fill in using getgrouplist()
- * for when we cannot use getgroups().
+ * for when we cannot (or don't want to) use getgroups().
*/
static int
-fill_group_list(struct user_details *ud)
+fill_group_list(struct user_details *ud, int system_maxgroups)
{
- int maxgroups, tries, rval = -1;
+ int tries, rval = -1;
debug_decl(fill_group_list, SUDO_DEBUG_UTIL)
-#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
- maxgroups = (int)sysconf(_SC_NGROUPS_MAX);
- if (maxgroups < 0)
-#endif
- maxgroups = NGROUPS_MAX;
-
/*
- * It is possible to belong to more groups in the group database
- * than NGROUPS_MAX. We start off with NGROUPS_MAX * 2 entries
- * and double this as needed.
+ * If user specified a max number of groups, use it, otherwise keep
+ * trying getgrouplist() until we have enough room in the array.
*/
- ud->groups = NULL;
- ud->ngroups = maxgroups;
- for (tries = 0; tries < 10 && rval == -1; tries++) {
- ud->ngroups *= 2;
- efree(ud->groups);
+ ud->ngroups = sudo_conf_max_groups();
+ if (ud->ngroups != -1) {
ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
- rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ /* No error on insufficient space if user specified max_groups. */
+ (void)getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ rval = 0;
+ } else {
+ /*
+ * It is possible to belong to more groups in the group database
+ * than NGROUPS_MAX. We start off with NGROUPS_MAX * 4 entries
+ * and double this as needed.
+ */
+ ud->groups = NULL;
+ ud->ngroups = system_maxgroups << 1;
+ for (tries = 0; tries < 10 && rval == -1; tries++) {
+ ud->ngroups <<= 1;
+ efree(ud->groups);
+ ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
+ rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ }
}
debug_return_int(rval);
}
{
char *cp, *gid_list = NULL;
size_t glsize;
- int i, len;
+ int i, len, maxgroups, group_source;
debug_decl(get_user_groups, SUDO_DEBUG_UTIL)
- /*
- * Systems with mbr_check_membership() support more than NGROUPS_MAX
- * groups so we cannot use getgroups().
- */
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+ maxgroups = (int)sysconf(_SC_NGROUPS_MAX);
+ if (maxgroups < 0)
+#endif
+ maxgroups = NGROUPS_MAX;
+
ud->groups = NULL;
-#ifndef HAVE_MBR_CHECK_MEMBERSHIP
- if ((ud->ngroups = getgroups(0, NULL)) > 0) {
- ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
- if (getgroups(ud->ngroups, ud->groups) < 0) {
- efree(ud->groups);
- ud->groups = NULL;
+ group_source = sudo_conf_group_source();
+ if (group_source != GROUP_SOURCE_DYNAMIC) {
+ if ((ud->ngroups = getgroups(0, NULL)) > 0) {
+ /* Use groups from kernel if not too many or source is static. */
+ if (ud->ngroups < maxgroups || group_source == GROUP_SOURCE_STATIC) {
+ ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
+ if (getgroups(ud->ngroups, ud->groups) < 0) {
+ efree(ud->groups);
+ ud->groups = NULL;
+ }
+ }
}
}
-#endif /* HAVE_MBR_CHECK_MEMBERSHIP */
if (ud->groups == NULL) {
- if (fill_group_list(ud) == -1)
- error(1, _("unable to get group vector"));
+ /*
+ * Query group database if kernel list is too small or disabled.
+ * Typically, this is because NFS can only support up to 16 groups.
+ */
+ if (fill_group_list(ud, maxgroups) == -1)
+ fatal(_("unable to get group vector"));
}
/*
static char **
get_user_info(struct user_details *ud)
{
- char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN];
+ char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1];
struct passwd *pw;
- int i = 0;
+ int fd, i = 0;
debug_decl(get_user_info, SUDO_DEBUG_UTIL)
/* XXX - bound check number of entries */
user_info = emalloc2(32, sizeof(char *));
+ ud->pid = getpid();
+ ud->ppid = getppid();
+ ud->pgid = getpgid(0);
+ ud->tcpgid = (pid_t)-1;
+ fd = open(_PATH_TTY, O_RDWR|O_NOCTTY|O_NONBLOCK, 0);
+ if (fd != -1) {
+ ud->tcpgid = tcgetpgrp(fd);
+ close(fd);
+ }
+ ud->sid = getsid(0);
+
ud->uid = getuid();
ud->euid = geteuid();
ud->gid = getgid();
pw = getpwuid(ud->uid);
if (pw == NULL)
- errorx(1, _("unknown uid %u: who are you?"), (unsigned int)ud->uid);
+ fatalx(_("unknown uid %u: who are you?"), (unsigned int)ud->uid);
user_info[i] = fmt_string("user", pw->pw_name);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->username = user_info[i] + sizeof("user=") - 1;
/* Stash user's shell for use with the -s flag; don't pass to plugin. */
}
ud->shell = estrdup(ud->shell);
+ easprintf(&user_info[++i], "pid=%d", (int)ud->pid);
+ easprintf(&user_info[++i], "ppid=%d", (int)ud->ppid);
+ easprintf(&user_info[++i], "pgid=%d", (int)ud->pgid);
+ easprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid);
+ easprintf(&user_info[++i], "sid=%d", (int)ud->sid);
+
easprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid);
easprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid);
easprintf(&user_info[++i], "gid=%u", (unsigned int)ud->gid);
if (getcwd(cwd, sizeof(cwd)) != NULL) {
user_info[++i] = fmt_string("cwd", cwd);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->cwd = user_info[i] + sizeof("cwd=") - 1;
}
if ((cp = get_process_ttyname()) != NULL) {
user_info[++i] = fmt_string("tty", cp);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->tty = user_info[i] + sizeof("tty=") - 1;
efree(cp);
}
strlcpy(host, "localhost", sizeof(host));
user_info[++i] = fmt_string("host", host);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->host = user_info[i] + sizeof("host=") - 1;
get_ttysize(&ud->ts_lines, &ud->ts_cols);
break;
}
break;
+ case 'e':
+ if (strncmp("exec_background=", info[i], sizeof("exec_background=") - 1) == 0) {
+ if (atobool(info[i] + sizeof("exec_background=") - 1) == true)
+ SET(details->flags, CD_EXEC_BG);
+ break;
+ }
+ break;
case 'l':
SET_STRING("login_class=", login_class)
break;
}
break;
}
+#ifdef HAVE_PRIV_SET
+ if (strncmp("runas_privs=", info[i], sizeof("runas_privs=") - 1) == 0) {
+ const char *endp;
+ cp = info[i] + sizeof("runas_privs=") - 1;
+ if (*cp == '\0')
+ break;
+ errno = 0;
+ details->privs = priv_str_to_set(cp, ",", &endp);
+ if (details->privs == NULL)
+ warning("invalid runas_privs %s", endp);
+ }
+ if (strncmp("runas_limitprivs=", info[i], sizeof("runas_limitprivs=") - 1) == 0) {
+ const char *endp;
+ cp = info[i] + sizeof("runas_limitprivs=") - 1;
+ if (*cp == '\0')
+ break;
+ errno = 0;
+ details->limitprivs = priv_str_to_set(cp, ",", &endp);
+ if (details->limitprivs == NULL)
+ warning("invalid runas_limitprivs %s", endp);
+ }
+#endif /* HAVE_PRIV_SET */
break;
case 's':
SET_STRING("selinux_role=", selinux_role)
if (!ISSET(details->flags, CD_SET_EUID))
details->euid = details->uid;
+#ifdef HAVE_SETAUTHDB
+ aix_setauthdb(IDtouser(details->euid));
+#endif
+ details->pw = getpwuid(details->euid);
+ if (details->pw != NULL && (details->pw = pw_dup(details->pw)) == NULL)
+ fatalx(NULL);
+#ifdef HAVE_SETAUTHDB
+ aix_restoreauthdb();
+#endif
+
#ifdef HAVE_SELINUX
if (details->selinux_role != NULL && is_selinux_enabled() > 0)
SET(details->flags, CD_RBAC_ENABLED);
debug_return;
}
+static void
+sudo_check_suid(const char *path)
+{
+ struct stat sb;
+ debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM)
+
+ if (geteuid() != 0) {
+ if (strchr(path, '/') != NULL && stat(path, &sb) == 0) {
+ /* Try to determine why sudo was not running as root. */
+ if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) {
+ fatalx(
+ _("%s must be owned by uid %d and have the setuid bit set"),
+ path, ROOT_UID);
+ } else {
+ fatalx(_("effective uid is not %d, is %s on a file system "
+ "with the 'nosuid' option set or an NFS file system without"
+ " root privileges?"), ROOT_UID, path);
+ }
+ } else {
+ fatalx(
+ _("effective uid is not %d, is sudo installed setuid root?"),
+ ROOT_UID);
+ }
+ }
+ debug_return;
+}
+
/*
* Disable core dumps to avoid dropping a core with user password in it.
* We will reset this limit before executing the command.
debug_return;
}
-#ifdef HAVE_PROJECT_H
-static void
-set_project(struct passwd *pw)
-{
- struct project proj;
- char buf[PROJECT_BUFSZ];
- int errval;
- debug_decl(set_project, SUDO_DEBUG_UTIL)
-
- /*
- * Collect the default project for the user and settaskid
- */
- setprojent();
- if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
- errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
- switch(errval) {
- case 0:
- break;
- case SETPROJ_ERR_TASK:
- switch (errno) {
- case EAGAIN:
- warningx(_("resource control limit has been reached"));
- break;
- case ESRCH:
- warningx(_("user \"%s\" is not a member of project \"%s\""),
- pw->pw_name, proj.pj_name);
- break;
- case EACCES:
- warningx(_("the invoking task is final"));
- break;
- default:
- warningx(_("could not join project \"%s\""), proj.pj_name);
- }
- case SETPROJ_ERR_POOL:
- switch (errno) {
- case EACCES:
- warningx(_("no resource pool accepting default bindings "
- "exists for project \"%s\""), proj.pj_name);
- break;
- case ESRCH:
- warningx(_("specified resource pool does not exist for "
- "project \"%s\""), proj.pj_name);
- break;
- default:
- warningx(_("could not bind to default resource pool for "
- "project \"%s\""), proj.pj_name);
- }
- break;
- default:
- if (errval <= 0) {
- warningx(_("setproject failed for project \"%s\""), proj.pj_name);
- } else {
- warningx(_("warning, resource control assignment failed for "
- "project \"%s\""), proj.pj_name);
- }
- }
- } else {
- warning("getdefaultproj");
- }
- endprojent();
- debug_return;
-}
-#endif /* HAVE_PROJECT_H */
-
/*
* Setup the execution environment immediately prior to the call to execve()
* Returns true on success and false on failure.
exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
{
bool rval = false;
- struct passwd *pw;
debug_decl(exec_setup, SUDO_DEBUG_EXEC)
-#ifdef HAVE_SETAUTHDB
- aix_setauthdb(IDtouser(details->euid));
-#endif
- if ((pw = getpwuid(details->euid)) != NULL && (pw = pw_dup(pw)) == NULL)
- errorx(1, _("unable to allocate memory"));
-#ifdef HAVE_SETAUTHDB
- aix_restoreauthdb();
-#endif
-
- /*
- * Call policy plugin's session init before other setup occurs.
- * The session init code is expected to print an error as needed.
- */
- if (policy_init_session(&policy_plugin, pw) != true)
- goto done;
-
#ifdef HAVE_SELINUX
if (ISSET(details->flags, CD_RBAC_ENABLED)) {
if (selinux_setup(details->selinux_role, details->selinux_type,
}
#endif
- if (pw != NULL) {
+ if (details->pw != NULL) {
#ifdef HAVE_PROJECT_H
- set_project(pw);
+ set_project(details->pw);
#endif
+#ifdef HAVE_PRIV_SET
+ if (details->privs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) {
+ warning("unable to set privileges");
+ goto done;
+ }
+ }
+ if (details->limitprivs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) {
+ warning("unable to set limit privileges");
+ goto done;
+ }
+ } else if (details->privs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) {
+ warning("unable to set limit privileges");
+ goto done;
+ }
+ }
+#endif /* HAVE_PRIV_SET */
+
#ifdef HAVE_GETUSERATTR
- aix_prep_user(pw->pw_name, ptyname ? ptyname : user_details.tty);
+ aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty);
#endif
#ifdef HAVE_LOGIN_CAP_H
if (details->login_class) {
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
/* Set everything except user, group and login name. */
flags = LOGIN_SETALL;
- CLR(flags, LOGIN_SETGROUP|LOGIN_SETLOGIN|LOGIN_SETUSER);
+ CLR(flags, LOGIN_SETGROUP|LOGIN_SETLOGIN|LOGIN_SETUSER|LOGIN_SETENV|LOGIN_SETPATH);
CLR(details->flags, CD_SET_UMASK); /* LOGIN_UMASK instead */
- /* Swap in the plugin-supplied environment for LOGIN_SETENV */
- environ = details->envp;
} else {
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
}
- if (setusercontext(lc, pw, pw->pw_uid, flags)) {
- if (pw->pw_uid != ROOT_UID) {
+ if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) {
+ if (details->pw->pw_uid != ROOT_UID) {
warning(_("unable to set user context"));
goto done;
} else
warning(_("unable to set user context"));
}
- if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
- /* Stash the updated environment pointer in command details */
- details->envp = environ;
- }
}
#endif /* HAVE_LOGIN_CAP_H */
}
}
/*
- * Restore nproc resource limit if pam_limits didn't do it for us.
+ * SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
+ * interchangably. This causes problems when setting RLIMIT_NPROC
+ * to RLIM_INFINITY due to a bug in bash where bash tries to honor
+ * the value of _SC_CHILD_MAX but treats a value of -1 as an error,
+ * and uses a default value of 32 instead.
+ *
+ * To work around this problem, we restore the nproc resource limit
+ * if sysconf(_SC_CHILD_MAX) is negative. In most cases, pam_limits
+ * will set RLIMIT_NPROC for us.
+ *
* We must do this *after* the uid change to avoid potential EAGAIN
* from setuid().
*/
-#if defined(__linux__)
+#if defined(__linux__) && defined(_SC_CHILD_MAX)
{
struct rlimit rl;
- if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
+ long l;
+ errno = 0;
+ l = sysconf(_SC_CHILD_MAX);
+ if (l == -1 && errno == 0 && getrlimit(RLIMIT_NPROC, &rl) == 0) {
if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)
(void) setrlimit(RLIMIT_NPROC, &nproclimit);
}
rval = true;
done:
- efree(pw);
debug_return_bool(rval);
}
policy_open(struct plugin_container *plugin, char * const settings[],
char * const user_info[], char * const user_env[])
{
+ int rval;
debug_decl(policy_open, SUDO_DEBUG_PCOMM)
- debug_return_bool(plugin->u.policy->open(SUDO_API_VERSION,
- sudo_conversation, _sudo_printf, settings, user_info, user_env));
+
+ /*
+ * Backwards compatibility for older API versions
+ */
+ switch (plugin->u.generic->version) {
+ case SUDO_API_MKVERSION(1, 0):
+ case SUDO_API_MKVERSION(1, 1):
+ rval = plugin->u.policy_1_0->open(plugin->u.io_1_0->version,
+ sudo_conversation, _sudo_printf, settings, user_info, user_env);
+ break;
+ default:
+ rval = plugin->u.policy->open(SUDO_API_VERSION, sudo_conversation,
+ _sudo_printf, settings, user_info, user_env, plugin->options);
+ }
+
+ debug_return_bool(rval);
}
static void
policy_close(struct plugin_container *plugin, int exit_status, int error)
{
debug_decl(policy_close, SUDO_DEBUG_PCOMM)
- plugin->u.policy->close(exit_status, error);
+ if (plugin->u.policy->close != NULL)
+ plugin->u.policy->close(exit_status, error);
+ else
+ warning(_("unable to execute %s"), command_details.command);
debug_return;
}
policy_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(policy_show_version, SUDO_DEBUG_PCOMM)
+ if (plugin->u.policy->show_version == NULL)
+ debug_return_bool(true);
debug_return_bool(plugin->u.policy->show_version(verbose));
}
char **user_env_out[])
{
debug_decl(policy_check, SUDO_DEBUG_PCOMM)
+ if (plugin->u.policy->check_policy == NULL) {
+ fatalx(_("policy plugin %s is missing the `check_policy' method"),
+ plugin->name);
+ }
debug_return_bool(plugin->u.policy->check_policy(argc, argv, env_add,
command_info, argv_out, user_env_out));
}
{
debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->invalidate == NULL) {
- errorx(1, _("policy plugin %s does not support the -k/-K options"),
+ fatalx(_("policy plugin %s does not support the -k/-K options"),
plugin->name);
}
plugin->u.policy->invalidate(remove);
debug_return;
}
-static int
-policy_init_session(struct plugin_container *plugin, struct passwd *pwd)
+int
+policy_init_session(struct command_details *details)
{
+ int rval = true;
debug_decl(policy_init_session, SUDO_DEBUG_PCOMM)
- if (plugin->u.policy->init_session)
- debug_return_bool(plugin->u.policy->init_session(pwd));
- debug_return_bool(true);
+
+ if (policy_plugin.u.policy->init_session) {
+ /*
+ * Backwards compatibility for older API versions
+ */
+ switch (policy_plugin.u.generic->version) {
+ case SUDO_API_MKVERSION(1, 0):
+ case SUDO_API_MKVERSION(1, 1):
+ rval = policy_plugin.u.policy_1_0->init_session(details->pw);
+ break;
+ default:
+ rval = policy_plugin.u.policy->init_session(details->pw,
+ &details->envp);
+ }
+ }
+ debug_return_bool(rval);
}
static int
debug_decl(iolog_open, SUDO_DEBUG_PCOMM)
/*
- * Backwards compatibility for API major 1, minor 0
+ * Backwards compatibility for older API versions
*/
switch (plugin->u.generic->version) {
case SUDO_API_MKVERSION(1, 0):
sudo_conversation, _sudo_printf, settings, user_info, argc, argv,
user_env);
break;
+ case SUDO_API_MKVERSION(1, 1):
+ rval = plugin->u.io_1_1->open(plugin->u.io_1_1->version,
+ sudo_conversation, _sudo_printf, settings, user_info,
+ command_info, argc, argv, user_env);
+ break;
default:
rval = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation,
- _sudo_printf, settings, user_info, command_info, argc, argv,
- user_env);
+ _sudo_printf, settings, user_info, command_info,
+ argc, argv, user_env, plugin->options);
}
debug_return_bool(rval);
}
iolog_close(struct plugin_container *plugin, int exit_status, int error)
{
debug_decl(iolog_close, SUDO_DEBUG_PCOMM)
- plugin->u.io->close(exit_status, error);
+ if (plugin->u.io->close != NULL)
+ plugin->u.io->close(exit_status, error);
debug_return;
}
iolog_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM)
+ if (plugin->u.io->show_version == NULL)
+ debug_return_bool(true);
debug_return_bool(plugin->u.io->show_version(verbose));
}
+
+/*
+ * Remove the specified I/O logging plugin from the io_plugins list.
+ * Deregisters any hooks before unlinking, then frees the container.
+ */
+static void
+iolog_unlink(struct plugin_container *plugin)
+{
+ debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM)
+
+ /* Deregister hooks, if any. */
+ if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 2)) {
+ if (plugin->u.io->deregister_hooks != NULL)
+ plugin->u.io->deregister_hooks(SUDO_HOOK_VERSION,
+ deregister_hook);
+ }
+ /* Remove from io_plugins list and free. */
+ tq_remove(&io_plugins, plugin);
+ efree(plugin);
+
+ debug_return;
+}