1 /* 2 * Copyright (c) 1993-1996,1998-2004 Todd C. Miller <Todd.Miller@courtesan.com> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 * 16 * Sponsored in part by the Defense Advanced Research Projects 17 * Agency (DARPA) and Air Force Research Laboratory, Air Force 18 * Materiel Command, USAF, under agreement number F39502-99-1-0512. 19 * 20 * $Sudo: sudo.h,v 1.213 2004/09/08 15:48:23 millert Exp $ 21 */ 22 23 #ifndef _SUDO_SUDO_H 24 #define _SUDO_SUDO_H 25 26 #include <pathnames.h> 27 #include <limits.h> 28 #include "compat.h" 29 #include "defaults.h" 30 #include "logging.h" 31 32 /* 33 * Info pertaining to the invoking user. 34 */ 35 struct sudo_user { 36 struct passwd *pw; 37 struct passwd *_runas_pw; 38 struct stat *cmnd_stat; 39 char *path; 40 char *shell; 41 char *tty; 42 char cwd[PATH_MAX]; 43 char *host; 44 char *shost; 45 char **runas; 46 char *prompt; 47 char *cmnd; 48 char *cmnd_args; 49 char *cmnd_base; 50 char *cmnd_safe; 51 char *class_name; 52 }; 53 54 /* 55 * Return values for sudoers_lookup(), also used as arguments for log_auth() 56 * Note: cannot use '0' as a value here. 57 */ 58 /* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */ 59 #define VALIDATE_ERROR 0x001 60 #define VALIDATE_OK 0x002 61 #define VALIDATE_NOT_OK 0x004 62 #define FLAG_CHECK_USER 0x010 63 #define FLAG_NOPASS 0x020 64 #define FLAG_NO_USER 0x040 65 #define FLAG_NO_HOST 0x080 66 #define FLAG_NO_CHECK 0x100 67 #define FLAG_NOEXEC 0x200 68 69 /* 70 * Pseudo-boolean values 71 */ 72 #undef TRUE 73 #define TRUE 1 74 #undef FALSE 75 #define FALSE 0 76 #undef NOMATCH 77 #define NOMATCH -1 78 #undef UNSPEC 79 #define UNSPEC -2 80 81 /* 82 * find_path()/load_cmnd() return values 83 */ 84 #define FOUND 1 85 #define NOT_FOUND 0 86 #define NOT_FOUND_DOT -1 87 88 /* 89 * Various modes sudo can be in (based on arguments) in octal 90 */ 91 #define MODE_RUN 000001 92 #define MODE_VALIDATE 000002 93 #define MODE_INVALIDATE 000004 94 #define MODE_KILL 000010 95 #define MODE_VERSION 000020 96 #define MODE_HELP 000040 97 #define MODE_LIST 000100 98 #define MODE_LISTDEFS 000200 99 #define MODE_BACKGROUND 000400 100 #define MODE_SHELL 001000 101 #define MODE_LOGIN_SHELL 002000 102 #define MODE_IMPLIED_SHELL 004000 103 #define MODE_RESET_HOME 010000 104 #define MODE_PRESERVE_GROUPS 020000 105 #define MODE_EDIT 040000 106 107 /* 108 * Used with set_perms() 109 */ 110 #define PERM_ROOT 0x00 111 #define PERM_FULL_ROOT 0x01 112 #define PERM_USER 0x02 113 #define PERM_FULL_USER 0x03 114 #define PERM_SUDOERS 0x04 115 #define PERM_RUNAS 0x05 116 #define PERM_FULL_RUNAS 0x06 117 #define PERM_TIMESTAMP 0x07 118 119 /* 120 * Shortcuts for sudo_user contents. 121 */ 122 #define user_name (sudo_user.pw->pw_name) 123 #define user_passwd (sudo_user.pw->pw_passwd) 124 #define user_uid (sudo_user.pw->pw_uid) 125 #define user_gid (sudo_user.pw->pw_gid) 126 #define user_dir (sudo_user.pw->pw_dir) 127 #define user_shell (sudo_user.shell) 128 #define user_tty (sudo_user.tty) 129 #define user_cwd (sudo_user.cwd) 130 #define user_runas (sudo_user.runas) 131 #define user_cmnd (sudo_user.cmnd) 132 #define user_args (sudo_user.cmnd_args) 133 #define user_base (sudo_user.cmnd_base) 134 #define user_stat (sudo_user.cmnd_stat) 135 #define user_path (sudo_user.path) 136 #define user_prompt (sudo_user.prompt) 137 #define user_host (sudo_user.host) 138 #define user_shost (sudo_user.shost) 139 #define safe_cmnd (sudo_user.cmnd_safe) 140 #define login_class (sudo_user.class_name) 141 #define runas_pw (sudo_user._runas_pw) 142 143 /* 144 * We used to use the system definition of PASS_MAX or _PASSWD_LEN, 145 * but that caused problems with various alternate authentication 146 * methods. So, we just define our own and assume that it is >= the 147 * system max. 148 */ 149 #define SUDO_PASS_MAX 256 150 151 /* 152 * Flags for lock_file() 153 */ 154 #define SUDO_LOCK 1 /* lock a file */ 155 #define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */ 156 #define SUDO_UNLOCK 4 /* unlock a file */ 157 158 /* 159 * Flags for tgetpass() 160 */ 161 #define TGP_ECHO 0x01 /* leave echo on when reading passwd */ 162 #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ 163 164 struct passwd; 165 struct timespec; 166 struct timeval; 167 168 /* 169 * Function prototypes 170 */ 171 #define YY_DECL int yylex __P((void)) 172 173 #ifndef HAVE_CLOSEFROM 174 void closefrom __P((int)); 175 #endif 176 #ifndef HAVE_GETCWD 177 char *getcwd __P((char *, size_t size)); 178 #endif 179 #ifndef HAVE_UTIMES 180 int utimes __P((const char *, const struct timeval *)); 181 #endif 182 #ifdef HAVE_FUTIME 183 int futimes __P((int, const struct timeval *)); 184 #endif 185 #ifndef HAVE_SNPRINTF 186 int snprintf __P((char *, size_t, const char *, ...)); 187 #endif 188 #ifndef HAVE_VSNPRINTF 189 int vsnprintf __P((char *, size_t, const char *, va_list)); 190 #endif 191 #ifndef HAVE_ASPRINTF 192 int asprintf __P((char **, const char *, ...)); 193 #endif 194 #ifndef HAVE_VASPRINTF 195 int vasprintf __P((char **, const char *, va_list)); 196 #endif 197 #ifndef HAVE_STRCASECMP 198 int strcasecmp __P((const char *, const char *)); 199 #endif 200 #ifndef HAVE_STRLCAT 201 size_t strlcat __P((char *, const char *, size_t)); 202 #endif 203 #ifndef HAVE_STRLCPY 204 size_t strlcpy __P((char *, const char *, size_t)); 205 #endif 206 char *sudo_goodpath __P((const char *, struct stat *)); 207 char *tgetpass __P((const char *, int, int)); 208 int find_path __P((char *, char **, struct stat *, char *)); 209 void check_user __P((int)); 210 void verify_user __P((struct passwd *, char *)); 211 int sudoers_lookup __P((int)); 212 #ifdef HAVE_LDAP 213 int sudo_ldap_check __P((int)); 214 void sudo_ldap_list_matches __P((void)); 215 #endif 216 void set_perms_nosuid __P((int)); 217 void set_perms_posix __P((int)); 218 void set_perms_suid __P((int)); 219 void remove_timestamp __P((int)); 220 int check_secureware __P((char *)); 221 void sia_attempt_auth __P((void)); 222 void pam_attempt_auth __P((void)); 223 int yyparse __P((void)); 224 void pass_warn __P((FILE *)); 225 VOID *emalloc __P((size_t)); 226 VOID *emalloc2 __P((size_t, size_t)); 227 VOID *erealloc __P((VOID *, size_t)); 228 VOID *erealloc3 __P((VOID *, size_t, size_t)); 229 char *estrdup __P((const char *)); 230 int easprintf __P((char **, const char *, ...)); 231 int evasprintf __P((char **, const char *, va_list)); 232 void dump_defaults __P((void)); 233 void dump_auth_methods __P((void)); 234 void init_envtables __P((void)); 235 int lock_file __P((int, int)); 236 int touch __P((int, char *, struct timespec *)); 237 int user_is_exempt __P((void)); 238 void set_fqdn __P((void)); 239 int set_runaspw __P((char *)); 240 char *sudo_getepw __P((const struct passwd *)); 241 int pam_prep_user __P((struct passwd *)); 242 void zero_bytes __P((volatile VOID *, size_t)); 243 int gettime __P((struct timespec *)); 244 YY_DECL; 245 246 /* Only provide extern declarations outside of sudo.c. */ 247 #ifndef _SUDO_MAIN 248 extern struct sudo_user sudo_user; 249 extern struct passwd *auth_pw; 250 251 extern FILE *sudoers_fp; 252 extern int tgetpass_flags; 253 extern uid_t timestamp_uid; 254 255 extern void (*set_perms) __P((int)); 256 #endif 257 #ifndef errno 258 extern int errno; 259 #endif 260 261 #endif /* _SUDO_SUDO_H */ 262