X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=env.c;h=c6e0a6b43fdfa144fb3f138a024a3e7c8162f2ae;hb=b8ca866b720428733450967af30c0154e5f83789;hp=ba2c7ac9e60f1e9f64376774a8043d883df9ee14;hpb=5016223c4bc1aba42df0a84b54e80e383b8be723;p=debian%2Fsudo diff --git a/env.c b/env.c index ba2c7ac..c6e0a6b 100644 --- a/env.c +++ b/env.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 2000-2007 Todd C. Miller + * Copyright (c) 2000-2005, 2007-2010 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,27 +35,19 @@ #endif /* STDC_HEADERS */ #ifdef HAVE_STRING_H # include -#else -# ifdef HAVE_STRINGS_H -# include -# endif #endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ -#ifdef HAVE_ERR_H -# include -#else -# include "emul/err.h" -#endif /* HAVE_ERR_H */ +#include +#include #include #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34:57 millert Exp $"; -#endif /* lint */ - /* * Flags used in rebuild_env() */ @@ -72,6 +65,8 @@ __unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34: #define DID_USER 0x0020 #undef DID_USERNAME #define DID_USERNAME 0x0040 +#undef DID_MAIL +#define DID_MAIL 0x0080 #undef DID_MAX #define DID_MAX 0x00ff @@ -89,24 +84,25 @@ __unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34: #define KEPT_USER 0x2000 #undef KEPT_USERNAME #define KEPT_USERNAME 0x4000 +#undef KEPT_MAIL +#define KEPT_MAIL 0x8000 #undef KEPT_MAX #define KEPT_MAX 0xff00 -#undef VNULL -#define VNULL (VOID *)NULL - struct environment { char **envp; /* pointer to the new environment */ size_t env_size; /* size of new_environ in char **'s */ size_t env_len; /* number of slots used, not counting NULL */ + int owned; /* do we own envp or is it the system's? */ }; /* * Prototypes */ -char **rebuild_env __P((char **, int, int)); -static void insert_env __P((char *, struct environment *, int)); -static char *format_env __P((char *, ...)); +static void sudo_setenv __P((const char *, const char *, int)); +static void sudo_putenv __P((char *, int, int)); + +extern char **environ; /* global environment */ /* * Copy of the sudo-managed environment. @@ -133,6 +129,7 @@ static const char *initial_badenv_table[] = { #ifdef _AIX "LDR_*", "LIBPATH", + "AUTHSTATE", #endif #ifdef __APPLE__ "DYLD_*", @@ -174,6 +171,7 @@ static const char *initial_badenv_table[] = { "PYTHONHOME", /* python, module search path */ "PYTHONPATH", /* python, search path */ "PYTHONINSPECT", /* python, allow inspection */ + "PYTHONUSERBASE", /* python, per user site-packages directory */ "RUBYLIB", /* ruby, library load path */ "RUBYOPT", /* ruby, extra command line options */ NULL @@ -198,11 +196,9 @@ static const char *initial_checkenv_table[] = { static const char *initial_keepenv_table[] = { "COLORS", "DISPLAY", - "HOME", "HOSTNAME", "KRB5CCNAME", "LS_COLORS", - "MAIL", "PATH", "PS1", "PS2", @@ -213,88 +209,288 @@ static const char *initial_keepenv_table[] = { }; /* - * Given a variable and value, allocate and format an environment string. + * Initialize env based on envp. */ -static char * -#ifdef __STDC__ -format_env(char *var, ...) -#else -format_env(var, va_alist) - char *var; - va_dcl +void +env_init(lazy) + int lazy; +{ + char * const *ep; + size_t len; + + for (ep = environ; *ep != NULL; ep++) + continue; + len = (size_t)(ep - environ); + + if (lazy) { + /* + * If we are already initialized due to lazy init (usualy via getenv()) + * we need to avoid calling malloc() as it may call getenv() itself. + */ + env.envp = environ; + env.env_len = len; + env.env_size = len; + } else if (!env.owned) { + env.env_len = len; + env.env_size = len + 1 + 128; + env.envp = emalloc2(env.env_size, sizeof(char *)); +#ifdef ENV_DEBUG + memset(env.envp, 0, env.env_size * sizeof(char *)); #endif + memcpy(env.envp, environ, len * sizeof(char *)); + env.envp[len] = '\0'; + env.owned = TRUE; + } +} + +char ** +env_get() +{ + return env.envp; +} + +/* + * Similar to setenv(3) but operates on sudo's private copy of the environment + * (not environ) and it always overwrites. The dupcheck param determines + * whether we need to verify that the variable is not already set. + */ +static void +sudo_setenv(var, val, dupcheck) + const char *var; + const char *val; + int dupcheck; { char *estring; - char *val; size_t esize; - va_list ap; -#ifdef __STDC__ - va_start(ap, var); -#else - va_start(ap); -#endif - esize = strlen(var) + 2; - while ((val = va_arg(ap, char *)) != NULL) - esize += strlen(val); - va_end(ap); - estring = (char *) emalloc(esize); + esize = strlen(var) + 1 + strlen(val) + 1; + estring = emalloc(esize); - /* Store variable name and the '=' separator. */ + /* Build environment string and insert it. */ if (strlcpy(estring, var, esize) >= esize || - strlcat(estring, "=", esize) >= esize) { + strlcat(estring, "=", esize) >= esize || + strlcat(estring, val, esize) >= esize) { - errx(1, "internal error, format_env() overflow"); + errorx(1, "internal error, sudo_setenv() overflow"); } + sudo_putenv(estring, dupcheck, TRUE); +} - /* Now store the variable's value (if any) */ -#ifdef __STDC__ - va_start(ap, var); +/* + * Version of getenv(3) that uses our own environ pointer. + */ +char * +getenv(var) + const char *var; +{ + char *cp, **ev; + size_t vlen = strlen(var); + + if (env.envp == NULL) + env_init(TRUE); + + for (ev = env.envp; (cp = *ev) != NULL; ev++) { + if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=') + return cp + vlen + 1; + } + return NULL; +} + +/* + * Version of setenv(3) that uses our own environ pointer. + */ +int +setenv(var, val, overwrite) + const char *var; + const char *val; + int overwrite; +{ + char *estring, *ep; + const char *cp; + size_t esize; + + if (!var || *var == '\0') { + errno = EINVAL; + return(-1); + } + + if (env.envp == NULL) + env_init(TRUE); + + /* + * POSIX says a var name with '=' is an error but BSD + * just ignores the '=' and anything after it. + */ + for (cp = var; *cp && *cp != '='; cp++) + ; + esize = (size_t)(cp - var) + 2; + if (val) { + esize += strlen(val); /* glibc treats a NULL val as "" */ + } + + /* Allocate and fill in estring. */ + estring = ep = emalloc(esize); + for (cp = var; *cp && *cp != '='; cp++) + *ep++ = *cp; + *ep++ = '='; + if (val) { + for (cp = val; *cp; cp++) + *ep++ = *cp; + } + *ep = '\0'; + +#ifdef ENV_DEBUG + if (env.envp[env.env_len] != NULL) + errorx(1, "setenv: corrupted envp, len mismatch"); +#endif + sudo_putenv(estring, TRUE, overwrite); + return(0); +} + +/* + * Version of unsetenv(3) that uses our own environ pointer. + */ +#ifdef UNSETENV_VOID +void #else - va_start(ap); +int #endif - while ((val = va_arg(ap, char *)) != NULL) { - if (strlcat(estring, val, esize) >= esize) - errx(1, "internal error, format_env() overflow"); +unsetenv(var) + const char *var; +{ + char **ep; + size_t len; + + if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) { + errno = EINVAL; +#ifdef UNSETENV_VOID + return; +#else + return(-1); +#endif + } + + if (env.envp == NULL) + env_init(TRUE); + +#ifdef ENV_DEBUG + if (env.envp[env.env_len] != NULL) + errorx(1, "unsetenv: corrupted envp, len mismatch"); +#endif + + len = strlen(var); + for (ep = env.envp; *ep != NULL;) { + if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { + /* Found it; shift remainder + NULL over by one. */ + char **cur = ep; + while ((*cur = *(cur + 1)) != NULL) + cur++; + /* Keep going, could be multiple instances of the var. */ + } else { + ep++; + } } - va_end(ap); + env.env_len = ep - env.envp; +#ifndef UNSETENV_VOID + return(0); +#endif +} + +/* + * Version of putenv(3) that uses our own environ pointer. + */ +int +#ifdef PUTENV_CONST +putenv(const char *string) +#else +putenv(string) + char *string; +#endif +{ + if (env.envp == NULL) + env_init(TRUE); - return(estring); + if (strchr(string, '=') == NULL) { + errno = EINVAL; + return(-1); + } +#ifdef ENV_DEBUG + if (env.envp[env.env_len] != NULL) + errorx(1, "putenv: corrupted envp, len mismatch"); +#endif + sudo_putenv((char *)string, TRUE, TRUE); + return(0); } /* - * Insert str into e->envp, assumes str has an '=' in it. + * Similar to putenv(3) but operates on sudo's private copy of the + * environment (not environ) and it always overwrites. The dupcheck param + * determines whether we need to verify that the variable is not already set. + * Will only overwrite an existing variable if overwrite is set. */ static void -insert_env(str, e, dupcheck) +sudo_putenv(str, dupcheck, overwrite) char *str; - struct environment *e; int dupcheck; + int overwrite; { - char **nep; - size_t varlen; + char **ep; + size_t len; + int found = FALSE; /* Make sure there is room for the new entry plus a NULL. */ - if (e->env_len + 2 > e->env_size) { - e->env_size += 128; - e->envp = erealloc3(e->envp, e->env_size, sizeof(char *)); + if (env.env_len + 2 > env.env_size) { + env.env_size += 128; + if (env.owned) { + env.envp = erealloc3(env.envp, env.env_size, sizeof(char *)); + } else { + /* We don't own env.envp, allocate a new one. */ + ep = emalloc2(env.env_size, sizeof(char *)); + memcpy(ep, env.envp, env.env_size * sizeof(char *)); + env.envp = ep; + env.owned = TRUE; + } +#ifdef ENV_DEBUG + memset(env.envp + env.env_len, 0, + (env.env_size - env.env_len) * sizeof(char *)); +#endif } - if (dupcheck) { - varlen = (strchr(str, '=') - str) + 1; +#ifdef ENV_DEBUG + if (env.envp[env.env_len] != NULL) + errorx(1, "sudo_putenv: corrupted envp, len mismatch"); +#endif - for (nep = e->envp; *nep; nep++) { - if (strncmp(str, *nep, varlen) == 0) { - *nep = str; - return; + if (dupcheck) { + len = (strchr(str, '=') - str) + 1; + for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; + found = TRUE; + } + } + /* Prune out duplicate variables. */ + if (found && overwrite) { + while (*ep != NULL) { + if (strncmp(str, *ep, len) == 0) { + char **cur = ep; + while ((*cur = *(cur + 1)) != NULL) + cur++; + } else { + ep++; } } - } else - nep = e->envp + e->env_len; + env.env_len = ep - env.envp; + } + } - e->env_len++; - *nep++ = str; - *nep = NULL; + if (!found) { + ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; + } } /* @@ -391,24 +587,33 @@ matches_env_keep(var) * variables from the old one or start with a clean slate. * Also adds sudo-specific variables (SUDO_*). */ -char ** -rebuild_env(envp, sudo_mode, noexec) - char **envp; - int sudo_mode; +void +rebuild_env(noexec) int noexec; { - char **ep, *cp, *ps1; + char **old_envp, **ep, *cp, *ps1; + char idbuf[MAX_UID_T_LEN]; unsigned int didvar; + int reset_home = FALSE; /* * Either clean out the environment or reset to a safe default. */ ps1 = NULL; didvar = 0; - memset(&env, 0, sizeof(env)); - if (def_env_reset) { + env.env_len = 0; + env.env_size = 128; + old_envp = env.envp; + env.envp = emalloc2(env.env_size, sizeof(char *)); +#ifdef ENV_DEBUG + memset(env.envp, 0, env.env_size * sizeof(char *)); +#endif + if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) { + /* Reset HOME based on target user unless keeping old value. */ + reset_home = TRUE; + /* Pull in vars we want to keep from the old environment. */ - for (ep = envp; *ep; ep++) { + for (ep = old_envp; *ep; ep++) { int keepit; /* Skip variables with values beginning with () (bash functions) */ @@ -441,6 +646,10 @@ rebuild_env(envp, sudo_mode, noexec) if (strncmp(*ep, "LOGNAME=", 8) == 0) SET(didvar, DID_LOGNAME); break; + case 'M': + if (strncmp(*ep, "MAIL=", 5) == 0) + SET(didvar, DID_MAIL); + break; case 'P': if (strncmp(*ep, "PATH=", 5) == 0) SET(didvar, DID_PATH); @@ -460,7 +669,7 @@ rebuild_env(envp, sudo_mode, noexec) SET(didvar, DID_USERNAME); break; } - insert_env(*ep, &env, 0); + sudo_putenv(*ep, FALSE, FALSE); } } didvar |= didvar << 8; /* convert DID_* to KEPT_* */ @@ -471,35 +680,47 @@ rebuild_env(envp, sudo_mode, noexec) * on sudoers options). */ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { - insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), &env, - ISSET(didvar, DID_HOME)); - insert_env(format_env("SHELL", runas_pw->pw_shell, VNULL), &env, - ISSET(didvar, DID_SHELL)); - insert_env(format_env("LOGNAME", runas_pw->pw_name, VNULL), &env, + sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL)); + sudo_setenv("LOGNAME", runas_pw->pw_name, ISSET(didvar, DID_LOGNAME)); - insert_env(format_env("USER", runas_pw->pw_name, VNULL), &env, - ISSET(didvar, DID_USER)); - insert_env(format_env("USERNAME", runas_pw->pw_name, VNULL), &env, + sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER)); + sudo_setenv("USERNAME", runas_pw->pw_name, ISSET(didvar, DID_USERNAME)); } else { - if (!ISSET(didvar, DID_HOME)) - insert_env(format_env("HOME", user_dir, VNULL), &env, 0); if (!ISSET(didvar, DID_SHELL)) - insert_env(format_env("SHELL", sudo_user.pw->pw_shell, VNULL), - &env, 0); + sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE); if (!ISSET(didvar, DID_LOGNAME)) - insert_env(format_env("LOGNAME", user_name, VNULL), &env, 0); + sudo_setenv("LOGNAME", user_name, FALSE); if (!ISSET(didvar, DID_USER)) - insert_env(format_env("USER", user_name, VNULL), &env, 0); + sudo_setenv("USER", user_name, FALSE); if (!ISSET(didvar, DID_USERNAME)) - insert_env(format_env("USERNAME", user_name, VNULL), &env, 0); + sudo_setenv("USERNAME", user_name, FALSE); + } + /* + * Set MAIL to target user in -i mode or if MAIL is not preserved + * from user's environment. + */ + if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) { + cp = _PATH_MAILDIR; + if (cp[sizeof(_PATH_MAILDIR) - 2] == '/') + easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name); + else + easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name); + sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE); } } else { + /* Reset HOME based on target user if configured to. */ + if (ISSET(sudo_mode, MODE_RUN)) { + if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) || + (ISSET(sudo_mode, MODE_SHELL) && def_set_home)) + reset_home = TRUE; + } + /* - * Copy envp entries as long as they don't match env_delete or + * Copy environ entries as long as they don't match env_delete or * env_check. */ - for (ep = envp; *ep; ep++) { + for (ep = old_envp; *ep; ep++) { int okvar; /* Skip variables with values beginning with () (bash functions) */ @@ -523,42 +744,35 @@ rebuild_env(envp, sudo_mode, noexec) SET(didvar, DID_PATH); else if (strncmp(*ep, "TERM=", 5) == 0) SET(didvar, DID_TERM); - insert_env(*ep, &env, 0); + sudo_putenv(*ep, FALSE, FALSE); } } } - -#ifdef SECURE_PATH - /* Replace the PATH envariable with a secure one. */ - if (!user_is_exempt()) { - insert_env(format_env("PATH", SECURE_PATH, VNULL), &env, 1); + /* Replace the PATH envariable with a secure one? */ + if (def_secure_path && !user_is_exempt()) { + sudo_setenv("PATH", def_secure_path, TRUE); SET(didvar, DID_PATH); } -#endif /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */ - if (def_set_logname && runas_pw->pw_name) { + if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) { if (!ISSET(didvar, KEPT_LOGNAME)) - insert_env(format_env("LOGNAME", runas_pw->pw_name, VNULL), &env, 1); + sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE); if (!ISSET(didvar, KEPT_USER)) - insert_env(format_env("USER", runas_pw->pw_name, VNULL), &env, 1); + sudo_setenv("USER", runas_pw->pw_name, TRUE); if (!ISSET(didvar, KEPT_USERNAME)) - insert_env(format_env("USERNAME", runas_pw->pw_name, VNULL), &env, 1); + sudo_setenv("USERNAME", runas_pw->pw_name, TRUE); } - /* Set $HOME for `sudo -H'. Only valid at PERM_FULL_RUNAS. */ - if (runas_pw->pw_dir) { - if (ISSET(sudo_mode, MODE_RESET_HOME) || - (ISSET(sudo_mode, MODE_RUN) && (def_always_set_home || - (ISSET(sudo_mode, MODE_SHELL) && def_set_home)))) - insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), &env, 1); - } + /* Set $HOME to target user if not preserving user's value. */ + if (reset_home && !ISSET(didvar, KEPT_HOME)) + sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME)); /* Provide default values for $TERM and $PATH if they are not set. */ if (!ISSET(didvar, DID_TERM)) - insert_env("TERM=unknown", &env, 0); + sudo_putenv("TERM=unknown", FALSE, FALSE); if (!ISSET(didvar, DID_PATH)) - insert_env(format_env("PATH", _PATH_DEFPATH, VNULL), &env, 0); + sudo_setenv("PATH", _PATH_STDPATH, FALSE); /* * Preload a noexec file? For a list of LD_PRELOAD-alikes, see @@ -567,78 +781,56 @@ rebuild_env(envp, sudo_mode, noexec) */ if (noexec && def_noexec_file != NULL) { #if defined(__darwin__) || defined(__APPLE__) - insert_env(format_env("DYLD_INSERT_LIBRARIES", def_noexec_file, VNULL), - &env, 1); - insert_env(format_env("DYLD_FORCE_FLAT_NAMESPACE", VNULL), &env, 1); + sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE); + sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE); #else # if defined(__osf__) || defined(__sgi) - insert_env(format_env("_RLD_LIST", def_noexec_file, ":DEFAULT", VNULL), - &env, 1); + easprintf(&cp, "%s:DEFAULT", def_noexec_file); + sudo_setenv("_RLD_LIST", cp, TRUE); + efree(cp); # else # ifdef _AIX - insert_env(format_env("LDR_PRELOAD", def_noexec_file, VNULL), &env, 1); + sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE); # else - insert_env(format_env("LD_PRELOAD", def_noexec_file, VNULL), &env, 1); + sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE); # endif /* _AIX */ # endif /* __osf__ || __sgi */ #endif /* __darwin__ || __APPLE__ */ } /* Set PS1 if SUDO_PS1 is set. */ - if (ps1) - insert_env(ps1, &env, 1); + if (ps1 != NULL) + sudo_putenv(ps1, TRUE, TRUE); /* Add the SUDO_COMMAND envariable (cmnd + args). */ - if (user_args) - insert_env(format_env("SUDO_COMMAND", user_cmnd, " ", user_args, VNULL), - &env, 1); - else - insert_env(format_env("SUDO_COMMAND", user_cmnd, VNULL), &env, 1); + if (user_args) { + easprintf(&cp, "%s %s", user_cmnd, user_args); + sudo_setenv("SUDO_COMMAND", cp, TRUE); + efree(cp); + } else { + sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE); + } /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */ - insert_env(format_env("SUDO_USER", user_name, VNULL), &env, 1); - easprintf(&cp, "SUDO_UID=%lu", (unsigned long) user_uid); - insert_env(cp, &env, 1); - easprintf(&cp, "SUDO_GID=%lu", (unsigned long) user_gid); - insert_env(cp, &env, 1); - - return(env.envp); + sudo_setenv("SUDO_USER", user_name, TRUE); + snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid); + sudo_setenv("SUDO_UID", idbuf, TRUE); + snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid); + sudo_setenv("SUDO_GID", idbuf, TRUE); + + /* Free old environment. */ + efree(old_envp); } -char ** -insert_env_vars(envp, env_vars) - char **envp; +void +insert_env_vars(env_vars) struct list_member *env_vars; { struct list_member *cur; - if (env_vars == NULL) - return (envp); - - /* - * Make sure we still own the environment and steal it back if not. - */ - if (env.envp != envp) { - size_t evlen; - char **ep; - - for (ep = envp; *ep != NULL; ep++) - continue; - evlen = ep - envp; - if (evlen + 1 > env.env_size) { - efree(env.envp); - env.env_size = evlen + 1 + 128; - env.envp = emalloc2(env.env_size, sizeof(char *)); - } - memcpy(env.envp, envp, (evlen + 1) * sizeof(char *)); - env.env_len = evlen; - } - /* Add user-specified environment variables. */ for (cur = env_vars; cur != NULL; cur = cur->next) - insert_env(cur->value, &env, 1); - - return(env.envp); + putenv(cur->value); } /* @@ -655,13 +847,12 @@ validate_env_vars(env_vars) size_t len, blen = 0, bsize = 0; int okvar; + /* Add user-specified environment variables. */ for (var = env_vars; var != NULL; var = var->next) { -#ifdef SECURE_PATH - if (!user_is_exempt() && strncmp(var->value, "PATH=", 5) == 0) { + if (def_secure_path && !user_is_exempt() && + strncmp(var->value, "PATH=", 5) == 0) { okvar = FALSE; - } else -#endif - if (def_env_reset) { + } else if (def_env_reset) { okvar = matches_env_check(var->value); if (okvar == -1) okvar = matches_env_keep(var->value); @@ -698,6 +889,65 @@ validate_env_vars(env_vars) } } +/* + * Read in /etc/environment ala AIX and Linux. + * Lines may be in either of three formats: + * NAME=VALUE + * NAME="VALUE" + * NAME='VALUE' + * with an optional "export" prefix so the shell can source the file. + * Invalid lines, blank lines, or lines consisting solely of a comment + * character are skipped. + */ +void +read_env_file(path, overwrite) + const char *path; + int overwrite; +{ + FILE *fp; + char *cp, *var, *val; + size_t var_len, val_len; + + if ((fp = fopen(path, "r")) == NULL) + return; + + while ((var = sudo_parseln(fp)) != NULL) { + /* Skip blank or comment lines */ + if (*var == '\0') + continue; + + /* Skip optional "export " */ + if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) { + var += 7; + while (isspace((unsigned char) *var)) { + var++; + } + } + + /* Must be of the form name=["']value['"] */ + for (val = var; *val != '\0' && *val != '='; val++) + ; + if (var == val || *val != '=') + continue; + var_len = (size_t)(val - var); + val_len = strlen(++val); + + /* Strip leading and trailing single/double quotes */ + if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) { + val[val_len - 1] = '\0'; + val++; + val_len -= 2; + } + + cp = emalloc(var_len + 1 + val_len + 1); + memcpy(cp, var, var_len + 1); /* includes '=' */ + memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */ + + sudo_putenv(cp, TRUE, overwrite); + } + fclose(fp); +} + void init_envtables() {