isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a plugin interface to sudo main event loop.

Browse Source
This commit is contained in:
Todd C. Miller
2019-11-15 13:36:01 -07:00
parent 58cede6fee
commit 5793023ffd
17 changed files with 1114 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

398
doc/sudo_plugin.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN" "5" "October 20, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN" "5" "November 12, 2019" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -88,6 +88,7 @@ struct policy_plugin {
int (*register_hook)(struct sudo_hook *hook));
void (*deregister_hooks)(int version,
int (*deregister_hook)(struct sudo_hook *hook));
struct sudo_plugin_event * (*event_alloc)(void);
};
.RE
.fi
@@ -1154,17 +1155,9 @@ Privileges should be output via the
or
\fBplugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR,
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
.TP 6n
list_user
The name of a different user to list privileges for if the policy
allows it.
If
\fRNULL\fR,
the plugin should list the privileges of the invoking user.
\fRSUDO_CONV_INFO_MSG\fR.
.sp
The function arguments are as follows:
.TP 6n
argc
The number of elements in
@@ -1183,6 +1176,16 @@ execve(2)
system call.
If the command is permitted by the policy, the fully-qualified path
to the command should be displayed along with any command line arguments.
.TP 6n
verbose
Flag indicating whether to list in verbose mode or not.
.TP 6n
list_user
The name of a different user to list privileges for if the policy
allows it.
If
\fRNULL\fR,
the plugin should list the privileges of the invoking user.
.PD 0
.PP
.RE
@@ -1442,6 +1445,44 @@ version 1.2 or higher,
\fRderegister_hooks\fR
will not be called.
.RE
.TP 6n
event_alloc
.nf
.RS 6n
struct sudo_plugin_event * (*event_alloc)(void);
.RE
.fi
.RS 6n
.sp
The
\fBevent_alloc\fR()
function is used to allocate a
\fRstruct sudo_plugin_event\fR
which provides access to the main
\fBsudo\fR
event loop.
Unlike the other fields, the
\fBevent_alloc\fR()
pointer is filled in by the
\fBsudo\fR
front end, not by the plugin.
.sp
See the
\fIEvent API\fR
section below for more information
about events.
.sp
NOTE: the
\fBevent_alloc\fR()
function is only available starting
with API version 1.15.
If the
\fBsudo\fR
front end doesn't support API
version 1.15 or higher,
\fBevent_alloc\fR()
will not be set.
.RE
.PP
\fIPolicy Plugin Version Macros\fR
.nf
@@ -1490,6 +1531,7 @@ struct io_plugin {
int (*deregister_hook)(struct sudo_hook *hook));
int (*change_winsize)(unsigned int lines, unsigned int cols);
int (*log_suspend)(int signo);
struct sudo_plugin_event * (*event_alloc)(void);
};
.RE
.fi
@@ -2049,6 +2091,44 @@ Returns \-1 if an error occurred, in which case no further calls to
\fBlog_suspend\fR()
will be made,
.RE
.TP 6n
event_alloc
.nf
.RS 6n
struct sudo_plugin_event * (*event_alloc)(void);
.RE
.fi
.RS 6n
.sp
The
\fBevent_alloc\fR()
function is used to allocate a
\fRstruct sudo_plugin_event\fR
which provides access to the main
\fBsudo\fR
event loop.
Unlike the other fields, the
\fBevent_alloc\fR()
pointer is filled in by the
\fBsudo\fR
front end, not by the plugin.
.sp
See the
\fIEvent API\fR
section below for more information
about events.
.sp
NOTE: the
\fBevent_alloc\fR()
function is only available starting
with API version 1.15.
If the
\fBsudo\fR
front end doesn't support API
version 1.15 or higher,
\fBevent_alloc\fR()
will not be set.
.RE
.PP
\fII/O Plugin Version Macros\fR
.PP
@@ -2338,6 +2418,295 @@ return SUDO_HOOK_RET_STOP;
.PP
For getters and setters see the
\fIPolicy plugin API\fR.
.SS "Event API"
When
\fBsudo\fR
runs a command, it uses an event loop to service signals and I/O.
Events may be triggered based on time, a file or socket descriptor
becoming ready, or due to receipt of a signal.
Starting with API version 1.15, it is possible for a plugin to
participate in this event loop by calling the
\fBevent_alloc\fR()
function.
.PP
\fIEvent structure\fR
.PP
Events are described by the following structure:
.nf
.RS 0n
typedef void (*sudo_plugin_ev_callback_t)(int fd, int what,
void *closure);
struct sudo_plugin_event {
int (*set)(struct sudo_plugin_event *pev, int fd, int events,
sudo_plugin_ev_callback_t callback, void *closure);
int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout);
int (*del)(struct sudo_plugin_event *pev);
int (*timeleft)(struct sudo_plugin_event *pev, struct timespec *ts);
int (*fd)(struct sudo_plugin_event *pev);
void (*setbase)(struct sudo_plugin_event *pev, void *base);
void (*loopbreak)(struct sudo_plugin_event *pev);
void (*free)(struct sudo_plugin_event *pev);
};
.RE
.fi
.PP
The sudo_plugin_event struct contains the following function pointers:
.TP 6n
\fBset\fR()
.br
.nf
.RS 6n
int (*set)(struct sudo_plugin_event *pev, int fd, int events,
sudo_plugin_ev_callback_t callback, void *closure);
.RE
.fi
.RS 6n
.sp
The
\fBset\fR()
function takes the following arguments:
.TP 6n
struct sudo_plugin_event *\fIpev\fR
A pointer to the struct sudo_plugin_event itself.
.TP 6n
\fIfd\fR
The file or socket descriptor for I/O-based events or the signal
number for signal events.
For time-based events,
\fIfd\fR
must be -1.
.TP 6n
\fIevents\fR
The following values determine what will trigger the event callback:
.PP
.RS 6n
.PD 0
.TP 6n
SUDO_PLUGIN_EV_TIMEOUT
callback is run after the specified timeout expires
.PD
.TP 6n
SUDO_PLUGIN_EV_READ
callback is run when the file descriptor is readable
.TP 6n
SUDO_PLUGIN_EV_WRITE
callback is run when the file descriptor is writable
.TP 6n
SUDO_PLUGIN_EV_PERSIST
event is persistent and remains enabled until explicitly deleted
.TP 6n
SUDO_PLUGIN_EV_SIGNAL
callback is run when the specified signal is received
.PP
The
\fRSUDO_PLUGIN_EV_PERSIST\fR
flag may be ORed with any of the event types.
It is also possible to OR
\fRSUDO_PLUGIN_EV_READ\fR
and
\fRSUDO_PLUGIN_EV_WRITE\fR
together to run the callback when a descriptor is ready to be
either read from or written to.
All other event values are mutually exclusive.
.RE
.TP 6n
sudo_plugin_ev_callback_t \fIcallback\fR
.nf
.RS 6n
typedef void (*sudo_plugin_ev_callback_t)(int fd, int what,
void *closure);
.RE
.fi
.RS 6n
.sp
The function to call when an event is triggered.
The
\fBcallback\fR()
function is run with the following arguments:
.TP 6n
\fIfd\fR
The file or socket descriptor for I/O-based events or the signal
number for signal events.
.TP 6n
\fIwhat\fR
The event type that triggered that callback.
For events that have multiple event types (for example
\fRSUDO_PLUGIN_EV_READ\fR
and
\fRSUDO_PLUGIN_EV_WRITE\fR)
or have an associated timeout,
\fIwhat\fR
can be used to determine why the callback was run.
.TP 6n
\fIclosure\fR
The generic pointer that was specified in the
\fBset\fR()
function.
.PD 0
.PP
.RE
.PD
.TP 6n
closure
A generic pointer that will be passed to the callback function.
.PP
The
\fBset\fR()
function returns 1 on success, and \-1 if a error occurred.
.RE
.TP 6n
\fBadd\fR()
.br
.nf
.RS 6n
int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout);
.RE
.fi
.RS 6n
.sp
The
\fBadd\fR()
function adds the event
\fIpev\fR
to
\fBsudo\fR's
event loop.
The event must have previously been initialized via the
\fBset\fR()
function.
If the
\fItimeout\fR
argument is not NULL, it should specify a (relative) timeout after
which the event will be triggered if the main event criteria has
not been met.
This is often used to implement an I/O timeout where the event
will fire if a descriptor is not ready within a certain time
period.
If the event is already present in the event loop, its
\fItimeout\fR
will be adjusted to match the new value, if any.
.sp
The
\fBadd\fR()
function returns 1 on success, and \-1 if a error occurred.
.RE
.TP 6n
\fBdel\fR()
.br
.nf
.RS 6n
int (*del)(struct sudo_plugin_event *pev);
.RE
.fi
.RS 6n
.sp
The
\fBdel\fR()
function deletes the event
\fIpev\fR
from
\fBsudo\fR's
event loop.
Deleted events can be added back via the
\fBadd\fR()
function.
.sp
The
\fBdel\fR()
function returns 1 on success, and \-1 if a error occurred.
.RE
.TP 6n
\fBtimeleft\fR()
.nf
.RS 6n
int (*timeleft)(struct sudo_plugin_event *pev, struct timespec *ts);
.RE
.fi
.RS 6n
.sp
The
\fBtimeleft\fR()
function can be used to determine how much time remains in an event's
timeout, if one was specified when the event was added.
The
\fIts\fR
pointer is filled in with the remaining time.
.sp
The
\fBtimeleft\fR()
function returns 1 on success, and \-1 if the event has no associated timeout.
.RE
.TP 6n
\fBfd\fR()
.nf
.RS 6n
int (*fd)(struct sudo_plugin_event *pev);
.RE
.fi
.RS 6n
.sp
The
\fBfd\fR()
function returns the descriptor or signal number associated with
the event
\fIpev\fR.
.RE
.TP 6n
\fBsetbase\fR()
.nf
.RS 6n
void (*setbase)(struct sudo_plugin_event *pev, void *base);
.RE
.fi
.RS 6n
.sp
The
\fBsetbase\fR()
function sets the underlying event
\fIbase\fR
for
\fIpev\fR
to the specified value.
This can be used to move an event created via
\fBevent_alloc\fR()
to a new event loop allocated by sudo's event subsystem.
Using this function requires linking the plugin with the sudo_util
library.
It is unlikely to be used outside of the
\fBsudoers\fR
plugin.
.RE
.TP 6n
\fBloopbreak\fR()
.nf
.RS 6n
void (*loopbreak)(struct sudo_plugin_event *pev);
.RE
.fi
.RS 6n
.sp
The
\fBloopbreak\fR()
function causes
\fBsudo\fR's
event loop to exit immediately and the running command to be terminated.
.RE
.TP 6n
\fBfree\fR()
.nf
.RS 6n
void (*free)(struct sudo_plugin_event *pev);
.RE
.fi
.RS 6n
.sp
The
\fBfree\fR()
function deletes the event
\fIpev\fR
from the event loop and frees the memory associated with it.
.RE
.SS "Remote command execution"
The
\fBsudo\fR
@@ -2966,6 +3335,11 @@ The
entry was added to the
\fRcommand_info\fR
list.
.TP 6n
Version 1.15 (sudo 1.9.0)
The
\fIevent_alloc\fR
field was added to the policy_plugin and io_plugin structs.
.SH "SEE ALSO"
sudo.conf(@mansectform@),
sudoers(@mansectform@),

322
doc/sudo_plugin.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd October 20, 2019
.Dd November 12, 2019
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -85,6 +85,7 @@ struct policy_plugin {
int (*register_hook)(struct sudo_hook *hook));
void (*deregister_hooks)(int version,
int (*deregister_hook)(struct sudo_hook *hook));
struct sudo_plugin_event * (*event_alloc)(void);
};
.Ed
.Pp
@@ -1016,16 +1017,10 @@ Privileges should be output via the
or
.Fn plugin_printf
function using
.Dv SUDO_CONV_INFO_MSG ,
.Dv SUDO_CONV_INFO_MSG .
.Pp
The function arguments are as follows:
.Bl -tag -width 4n
.It verbose
Flag indicating whether to list in verbose mode or not.
.It list_user
The name of a different user to list privileges for if the policy
allows it.
If
.Dv NULL ,
the plugin should list the privileges of the invoking user.
.It argc
The number of elements in
.Em argv ,
@@ -1042,6 +1037,14 @@ be passed to the
system call.
If the command is permitted by the policy, the fully-qualified path
to the command should be displayed along with any command line arguments.
.It verbose
Flag indicating whether to list in verbose mode or not.
.It list_user
The name of a different user to list privileges for if the policy
allows it.
If
.Dv NULL ,
the plugin should list the privileges of the invoking user.
.El
.It validate
.Bd -literal -compact
@@ -1273,6 +1276,39 @@ front end doesn't support API
version 1.2 or higher,
.Li deregister_hooks
will not be called.
.It event_alloc
.Bd -literal -compact
struct sudo_plugin_event * (*event_alloc)(void);
.Ed
.Pp
The
.Fn event_alloc
function is used to allocate a
.Li struct sudo_plugin_event
which provides access to the main
.Nm sudo
event loop.
Unlike the other fields, the
.Fn event_alloc
pointer is filled in by the
.Nm sudo
front end, not by the plugin.
.Pp
See the
.Sx Event API
section below for more information
about events.
.Pp
NOTE: the
.Fn event_alloc
function is only available starting
with API version 1.15.
If the
.Nm sudo
front end doesn't support API
version 1.15 or higher,
.Fn event_alloc
will not be set.
.El
.Pp
.Em Policy Plugin Version Macros
@@ -1318,6 +1354,7 @@ struct io_plugin {
int (*deregister_hook)(struct sudo_hook *hook));
int (*change_winsize)(unsigned int lines, unsigned int cols);
int (*log_suspend)(int signo);
struct sudo_plugin_event * (*event_alloc)(void);
};
.Ed
.Pp
@@ -1793,6 +1830,39 @@ the command was suspended during playback of a session.
Returns \-1 if an error occurred, in which case no further calls to
.Fn log_suspend
will be made,
.It event_alloc
.Bd -literal -compact
struct sudo_plugin_event * (*event_alloc)(void);
.Ed
.Pp
The
.Fn event_alloc
function is used to allocate a
.Li struct sudo_plugin_event
which provides access to the main
.Nm sudo
event loop.
Unlike the other fields, the
.Fn event_alloc
pointer is filled in by the
.Nm sudo
front end, not by the plugin.
.Pp
See the
.Sx Event API
section below for more information
about events.
.Pp
NOTE: the
.Fn event_alloc
function is only available starting
with API version 1.15.
If the
.Nm sudo
front end doesn't support API
version 1.15 or higher,
.Fn event_alloc
will not be set.
.El
.Pp
.Em I/O Plugin Version Macros
@@ -2028,6 +2098,234 @@ return SUDO_HOOK_RET_STOP;
.Pp
For getters and setters see the
.Sx Policy plugin API .
.Ss Event API
When
.Nm sudo
runs a command, it uses an event loop to service signals and I/O.
Events may be triggered based on time, a file or socket descriptor
becoming ready, or due to receipt of a signal.
Starting with API version 1.15, it is possible for a plugin to
participate in this event loop by calling the
.Fn event_alloc
function.
.Pp
.Em Event structure
.Pp
Events are described by the following structure:
.Pp
.Bd -literal -compact
typedef void (*sudo_plugin_ev_callback_t)(int fd, int what,
void *closure);
struct sudo_plugin_event {
int (*set)(struct sudo_plugin_event *pev, int fd, int events,
sudo_plugin_ev_callback_t callback, void *closure);
int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout);
int (*del)(struct sudo_plugin_event *pev);
int (*timeleft)(struct sudo_plugin_event *pev, struct timespec *ts);
int (*fd)(struct sudo_plugin_event *pev);
void (*setbase)(struct sudo_plugin_event *pev, void *base);
void (*loopbreak)(struct sudo_plugin_event *pev);
void (*free)(struct sudo_plugin_event *pev);
};
.Ed
.Pp
The sudo_plugin_event struct contains the following function pointers:
.Bl -tag -width 4n
.It Fn set
.Bd -literal -compact
int (*set)(struct sudo_plugin_event *pev, int fd, int events,
sudo_plugin_ev_callback_t callback, void *closure);
.Ed
.Pp
The
.Fn set
function takes the following arguments:
.Bl -tag -width 4n
.It struct sudo_plugin_event * Ns Fa pev
A pointer to the struct sudo_plugin_event itself.
.It Fa fd
The file or socket descriptor for I/O-based events or the signal
number for signal events.
For time-based events,
.Fa fd
must be -1.
.It Fa events
The following values determine what will trigger the event callback:
.Bl -tag -width 4n
.It SUDO_PLUGIN_EV_TIMEOUT
callback is run after the specified timeout expires
.It SUDO_PLUGIN_EV_READ
callback is run when the file descriptor is readable
.It SUDO_PLUGIN_EV_WRITE
callback is run when the file descriptor is writable
.It SUDO_PLUGIN_EV_PERSIST
event is persistent and remains enabled until explicitly deleted
.It SUDO_PLUGIN_EV_SIGNAL
callback is run when the specified signal is received
.El
.Pp
The
.Ev SUDO_PLUGIN_EV_PERSIST
flag may be ORed with any of the event types.
It is also possible to OR
.Ev SUDO_PLUGIN_EV_READ
and
.Ev SUDO_PLUGIN_EV_WRITE
together to run the callback when a descriptor is ready to be
either read from or written to.
All other event values are mutually exclusive.
.It sudo_plugin_ev_callback_t Fa callback
.Bd -literal -compact
typedef void (*sudo_plugin_ev_callback_t)(int fd, int what,
void *closure);
.Ed
.Pp
The function to call when an event is triggered.
The
.Fn callback
function is run with the following arguments:
.Bl -tag -width 4n
.It Fa fd
The file or socket descriptor for I/O-based events or the signal
number for signal events.
.It Fa what
The event type that triggered that callback.
For events that have multiple event types (for example
.Ev SUDO_PLUGIN_EV_READ
and
.Ev SUDO_PLUGIN_EV_WRITE )
or have an associated timeout,
.Fa what
can be used to determine why the callback was run.
.It Fa closure
The generic pointer that was specified in the
.Fn set
function.
.El
.It closure
A generic pointer that will be passed to the callback function.
.El
.Pp
The
.Fn set
function returns 1 on success, and \-1 if a error occurred.
.It Fn add
.Bd -literal -compact
int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout);
.Ed
.Pp
The
.Fn add
function adds the event
.Fa pev
to
.Nm sudo Ns No 's
event loop.
The event must have previously been initialized via the
.Fn set
function.
If the
.Fa timeout
argument is not NULL, it should specify a (relative) timeout after
which the event will be triggered if the main event criteria has
not been met.
This is often used to implement an I/O timeout where the event
will fire if a descriptor is not ready within a certain time
period.
If the event is already present in the event loop, its
.Fa timeout
will be adjusted to match the new value, if any.
.Pp
The
.Fn add
function returns 1 on success, and \-1 if a error occurred.
.It Fn del
.Bd -literal -compact
int (*del)(struct sudo_plugin_event *pev);
.Ed
.Pp
The
.Fn del
function deletes the event
.Fa pev
from
.Nm sudo Ns No 's
event loop.
Deleted events can be added back via the
.Fn add
function.
.Pp
The
.Fn del
function returns 1 on success, and \-1 if a error occurred.
.It Fn timeleft
.Bd -literal -compact
int (*timeleft)(struct sudo_plugin_event *pev, struct timespec *ts);
.Ed
.Pp
The
.Fn timeleft
function can be used to determine how much time remains in an event's
timeout, if one was specified when the event was added.
The
.Fa ts
pointer is filled in with the remaining time.
.Pp
The
.Fn timeleft
function returns 1 on success, and \-1 if the event has no associated timeout.
.It Fn fd
.Bd -literal -compact
int (*fd)(struct sudo_plugin_event *pev);
.Ed
.Pp
The
.Fn fd
function returns the descriptor or signal number associated with
the event
.Fa pev .
.It Fn setbase
.Bd -literal -compact
void (*setbase)(struct sudo_plugin_event *pev, void *base);
.Ed
.Pp
The
.Fn setbase
function sets the underlying event
.Fa base
for
.Fa pev
to the specified value.
This can be used to move an event created via
.Fn event_alloc
to a new event loop allocated by sudo's event subsystem.
Using this function requires linking the plugin with the sudo_util
library.
It is unlikely to be used outside of the
.Nm sudoers
plugin.
.It Fn loopbreak
.Bd -literal -compact
void (*loopbreak)(struct sudo_plugin_event *pev);
.Ed
.Pp
The
.Fn loopbreak
function causes
.Nm sudo Ns No 's
event loop to exit immediately and the running command to be terminated.
.It Fn free
.Bd -literal -compact
void (*free)(struct sudo_plugin_event *pev);
.Ed
.Pp
The
.Fn free
function deletes the event
.Fa pev
from the event loop and frees the memory associated with it.
.El
.Ss Remote command execution
The
.Nm sudo
@@ -2603,6 +2901,10 @@ The
entry was added to the
.Li command_info
list.
.It Version 1.15 (sudo 1.9.0)
The
.Em event_alloc
field was added to the policy_plugin and io_plugin structs.
.El
.Sh SEE ALSO
.Xr sudo.conf @mansectform@ ,

7
include/sudo_event.h
View File

@@ -22,7 +22,7 @@
#include <signal.h> /* for sigatomic_t and NSIG */
#include "sudo_queue.h"
/* Event types */
/* Event types (keep in sync with sudo_plugin.h) */
#define SUDO_EV_TIMEOUT 0x01 /* fire after timeout */
#define SUDO_EV_READ 0x02 /* fire when readable */
#define SUDO_EV_WRITE 0x04 /* fire when writable */
@@ -48,6 +48,7 @@
#define SUDO_EVBASE_GOT_BREAK 0x20
#define SUDO_EVBASE_GOT_MASK 0xf0
/* Must match sudo_plugin_ev_callback_t in sudo_plugin.h */
typedef void (*sudo_ev_callback_t)(int fd, int what, void *closure);
/*
@@ -125,6 +126,10 @@ __dso_public struct sudo_event *sudo_ev_alloc_v1(int fd, short events, sudo_ev_c
__dso_public void sudo_ev_free_v1(struct sudo_event *ev);
#define sudo_ev_free(_a) sudo_ev_free_v1((_a))
/* Set an event struct that was pre-allocated. */
__dso_public int sudo_ev_set_v1(struct sudo_event *ev, int fd, short events, sudo_ev_callback_t callback, void *closure);
#define sudo_ev_set(_a, _b, _c, _d, _e) sudo_ev_set_v1((_a), (_b), (_c), (_d), (_e))
/* Add an event, returns 0 on success, -1 on error */
__dso_public int sudo_ev_add_v1(struct sudo_event_base *head, struct sudo_event *ev, struct timeval *timo, bool tohead);
__dso_public int sudo_ev_add_v2(struct sudo_event_base *head, struct sudo_event *ev, struct timespec *timo, bool tohead);

33
include/sudo_plugin.h
View File

@@ -21,7 +21,7 @@
/* API version major/minor */
#define SUDO_API_VERSION_MAJOR 1
#define SUDO_API_VERSION_MINOR 14
#define SUDO_API_VERSION_MINOR 15
#define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y))
#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR)
@@ -128,7 +128,32 @@ struct sudo_hook {
#define SUDO_HOOK_PUTENV 3
#define SUDO_HOOK_GETENV 4
/* Policy plugin type and defines */
/*
* Plugin interface to sudo's main event loop.
*/
typedef void (*sudo_plugin_ev_callback_t)(int fd, int what, void *closure);
struct timespec;
struct sudo_plugin_event {
int (*set)(struct sudo_plugin_event *pev, int fd, int events, sudo_plugin_ev_callback_t callback, void *closure);
int (*add)(struct sudo_plugin_event *pev, struct timespec *timeout);
int (*del)(struct sudo_plugin_event *pev);
int (*timeleft)(struct sudo_plugin_event *pev, struct timespec *ts);
int (*fd)(struct sudo_plugin_event *pev);
void (*setbase)(struct sudo_plugin_event *pev, void *base);
void (*loopbreak)(struct sudo_plugin_event *pev);
void (*free)(struct sudo_plugin_event *pev);
/* actually larger... */
};
/* Sudo plugin Event types */
#define SUDO_PLUGIN_EV_TIMEOUT 0x01 /* fire after timeout */
#define SUDO_PLUGIN_EV_READ 0x02 /* fire when readable */
#define SUDO_PLUGIN_EV_WRITE 0x04 /* fire when writable */
#define SUDO_PLUGIN_EV_PERSIST 0x08 /* persist until deleted */
#define SUDO_PLUGIN_EV_SIGNAL 0x10 /* fire on signal receipt */
/* Policy plugin type and defines. */
struct passwd;
struct policy_plugin {
#define SUDO_POLICY_PLUGIN 1
@@ -150,9 +175,10 @@ struct policy_plugin {
int (*init_session)(struct passwd *pwd, char **user_env_out[]);
void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook));
void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook));
struct sudo_plugin_event * (*event_alloc)(void);
};
/* I/O plugin type and defines */
/* I/O plugin type and defines. */
struct io_plugin {
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
@@ -173,6 +199,7 @@ struct io_plugin {
void (*deregister_hooks)(int version, int (*deregister_hook)(struct sudo_hook *hook));
int (*change_winsize)(unsigned int line, unsigned int cols);
int (*log_suspend)(int signo);
struct sudo_plugin_event * (*event_alloc)(void);
};
/* Sudoers group plugin version major/minor */

40
lib/util/event.c
View File

@@ -284,6 +284,33 @@ sudo_ev_init(struct sudo_event *ev, int fd, short events,
debug_return;
}
/*
* Set a pre-allocated struct sudo_event.
* Allocates space for siginfo_t for SUDO_EV_SIGINFO as needed.
*/
int
sudo_ev_set_v1(struct sudo_event *ev, int fd, short events,
sudo_ev_callback_t callback, void *closure)
{
debug_decl(sudo_ev_set, SUDO_DEBUG_EVENT)
/* For SUDO_EV_SIGINFO we use a container to store closure + siginfo_t */
if (ISSET(events, SUDO_EV_SIGINFO)) {
struct sudo_ev_siginfo_container *container =
malloc(sizeof(*container) + sizeof(siginfo_t) - 1);
if (container == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: unable to allocate siginfo container", __func__);
debug_return_int(-1);
}
container->closure = closure;
closure = container;
}
sudo_ev_init(ev, fd, events, callback, closure);
debug_return_int(0);
}
struct sudo_event *
sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closure)
{
@@ -296,21 +323,10 @@ sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closur
"%s: unable to allocate event", __func__);
debug_return_ptr(NULL);
}
/* For SUDO_EV_SIGINFO we use a container to store closure + siginfo_t */
if (ISSET(events, SUDO_EV_SIGINFO)) {
struct sudo_ev_siginfo_container *container =
malloc(sizeof(*container) + sizeof(siginfo_t) - 1);
if (container == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: unable to allocate siginfo container", __func__);
if (sudo_ev_set(ev, fd, events, callback, closure) == -1) {
free(ev);
debug_return_ptr(NULL);
}
container->closure = closure;
closure = container;
}
sudo_ev_init(ev, fd, events, callback, closure);
debug_return_ptr(ev);
}

3
plugins/sudoers/iolog.c
View File

@@ -828,5 +828,6 @@ __dso_public struct io_plugin sudoers_io = {
NULL, /* register_hooks */
NULL, /* deregister_hooks */
sudoers_io_change_winsize,
sudoers_io_suspend
sudoers_io_suspend,
NULL /* event_alloc() filled in by sudo */
};

3
plugins/sudoers/policy.c
View File

@@ -1003,5 +1003,6 @@ __dso_public struct policy_plugin sudoers_policy = {
sudoers_policy_validate,
sudoers_policy_invalidate,
sudoers_policy_init_session,
sudoers_policy_register_hooks
sudoers_policy_register_hooks,
NULL /* event_alloc() filled in by sudo */
};

304
src/Makefile.in
View File

@@ -318,17 +318,19 @@ check_ttyname.plog: check_ttyname.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/ttyname/check_ttyname.c --i-file $< --output-file $@
conversation.o: $(srcdir)/conversation.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/conversation.c
conversation.i: $(srcdir)/conversation.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
@@ -337,18 +339,18 @@ conversation.plog: conversation.i
env_hooks.o: $(srcdir)/env_hooks.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/env_hooks.c
env_hooks.i: $(srcdir)/env_hooks.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
env_hooks.plog: env_hooks.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/env_hooks.c --i-file $< --output-file $@
@@ -370,17 +372,19 @@ exec.plog: exec.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec.c --i-file $< --output-file $@
exec_common.o: $(srcdir)/exec_common.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/exec_common.c
exec_common.i: $(srcdir)/exec_common.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
exec_common.plog: exec_common.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_common.c --i-file $< --output-file $@
@@ -446,65 +450,67 @@ exec_pty.plog: exec_pty.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/exec_pty.c --i-file $< --output-file $@
get_pty.o: $(srcdir)/get_pty.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/get_pty.c
get_pty.i: $(srcdir)/get_pty.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
get_pty.plog: get_pty.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/get_pty.c --i-file $< --output-file $@
hooks.o: $(srcdir)/hooks.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/hooks.c
hooks.i: $(srcdir)/hooks.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
hooks.plog: hooks.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hooks.c --i-file $< --output-file $@
limits.o: $(srcdir)/limits.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/limits.c
limits.i: $(srcdir)/limits.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
limits.plog: limits.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/limits.c --i-file $< --output-file $@
load_plugins.o: $(srcdir)/load_plugins.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/load_plugins.c
load_plugins.i: $(srcdir)/load_plugins.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
@@ -526,35 +532,37 @@ net_ifs.plog: net_ifs.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/net_ifs.c --i-file $< --output-file $@
openbsd.o: $(srcdir)/openbsd.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/openbsd.c
openbsd.i: $(srcdir)/openbsd.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
openbsd.plog: openbsd.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/openbsd.c --i-file $< --output-file $@
parse_args.o: $(srcdir)/parse_args.c $(incdir)/compat/getopt.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_lbuf.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h ./sudo_usage.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h \
./sudo_usage.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/parse_args.c
parse_args.i: $(srcdir)/parse_args.c $(incdir)/compat/getopt.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_lbuf.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h ./sudo_usage.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h \
./sudo_usage.h
$(CC) -E -o $@ $(CPPFLAGS) $<
parse_args.plog: parse_args.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_args.c --i-file $< --output-file $@
@@ -568,33 +576,35 @@ preload.plog: preload.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/preload.c --i-file $< --output-file $@
preserve_fds.o: $(srcdir)/preserve_fds.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/preserve_fds.c
preserve_fds.i: $(srcdir)/preserve_fds.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
preserve_fds.plog: preserve_fds.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/preserve_fds.c --i-file $< --output-file $@
selinux.o: $(srcdir)/selinux.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/selinux.c
selinux.i: $(srcdir)/selinux.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
selinux.plog: selinux.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/selinux.c --i-file $< --output-file $@
@@ -614,127 +624,133 @@ sesh.plog: sesh.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sesh.c --i-file $< --output-file $@
signal.o: $(srcdir)/signal.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/signal.c
signal.i: $(srcdir)/signal.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
signal.plog: signal.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/signal.c --i-file $< --output-file $@
solaris.o: $(srcdir)/solaris.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/solaris.c
solaris.i: $(srcdir)/solaris.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_dso.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
solaris.plog: solaris.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/solaris.c --i-file $< --output-file $@
sudo.o: $(srcdir)/sudo.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h ./sudo_usage.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo.c
sudo.i: $(srcdir)/sudo.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_plugin_int.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h ./sudo_usage.h
$(CC) -E -o $@ $(CPPFLAGS) $<
sudo.plog: sudo.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo.c --i-file $< --output-file $@
sudo_edit.o: $(srcdir)/sudo_edit.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_edit.c
sudo_edit.i: $(srcdir)/sudo_edit.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
sudo_edit.plog: sudo_edit.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_edit.c --i-file $< --output-file $@
tcsetpgrp_nobg.o: $(srcdir)/tcsetpgrp_nobg.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tcsetpgrp_nobg.c
tcsetpgrp_nobg.i: $(srcdir)/tcsetpgrp_nobg.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
tcsetpgrp_nobg.plog: tcsetpgrp_nobg.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tcsetpgrp_nobg.c --i-file $< --output-file $@
tgetpass.o: $(srcdir)/tgetpass.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tgetpass.c
tgetpass.i: $(srcdir)/tgetpass.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
tgetpass.plog: tgetpass.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tgetpass.c --i-file $< --output-file $@
ttyname.o: $(srcdir)/ttyname.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/ttyname.c
ttyname.i: $(srcdir)/ttyname.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
$(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/sudo.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
ttyname.plog: ttyname.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ttyname.c --i-file $< --output-file $@
utmp.o: $(srcdir)/utmp.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/utmp.c
utmp.i: $(srcdir)/utmp.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/sudo.h $(srcdir)/sudo_exec.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(srcdir)/sudo.h $(srcdir)/sudo_exec.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
utmp.plog: utmp.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/utmp.c --i-file $< --output-file $@

3
src/exec.c
View File

@@ -52,7 +52,6 @@
#include "sudo.h"
#include "sudo_exec.h"
#include "sudo_event.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
@@ -314,7 +313,7 @@ sudo_terminated(struct command_status *cstat)
debug_return_bool(false);
}
#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 14)
#if SUDO_API_VERSION != SUDO_API_MKVERSION(1, 15)
# error "Update sudo_needs_pty() after changing the plugin API"
#endif
static bool

1
src/exec_monitor.c
View File

@@ -43,7 +43,6 @@
#include <termios.h>
#include "sudo.h"
#include "sudo_event.h"
#include "sudo_exec.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"

6
src/exec_nopty.c
View File

@@ -40,7 +40,6 @@
#include "sudo.h"
#include "sudo_exec.h"
#include "sudo_event.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
@@ -209,9 +208,8 @@ fill_exec_closure_nopty(struct exec_closure_nopty *ec,
ec->details = details;
/* Setup event base and events. */
ec->evbase = sudo_ev_base_alloc();
if (ec->evbase == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
ec->evbase = details->evbase;
details->evbase = NULL;
/* Event for command status via errfd. */
ec->errpipe_event = sudo_ev_alloc(errfd,

6
src/exec_pty.c
View File

@@ -43,7 +43,6 @@
#include <termios.h> /* for struct winsize on HP-UX */
#include "sudo.h"
#include "sudo_event.h"
#include "sudo_exec.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
@@ -1160,9 +1159,8 @@ fill_exec_closure_pty(struct exec_closure_pty *ec, struct command_status *cstat,
TAILQ_INIT(&ec->monitor_messages);
/* Setup event base and events. */
ec->evbase = sudo_ev_base_alloc();
if (ec->evbase == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
ec->evbase = details->evbase;
details->evbase = NULL;
/* Event for command status via backchannel. */
ec->backchannel_event = sudo_ev_alloc(backchannel,

9
src/load_plugins.c
View File

@@ -368,6 +368,15 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
container->u.io->register_hooks(SUDO_HOOK_VERSION, register_hook);
}
}
/* Set event_alloc() in plugins. */
if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 15))
policy_plugin->u.policy->event_alloc = sudo_plugin_event_alloc;
TAILQ_FOREACH(container, io_plugins, entries) {
if (container->u.io->version >= SUDO_API_MKVERSION(1, 15))
container->u.io->event_alloc = sudo_plugin_event_alloc;
}
sudo_debug_set_active_instance(sudo_debug_instance);
done:

159
src/sudo.c
View File

@@ -31,6 +31,7 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#ifdef HAVE_STRING_H
@@ -79,6 +80,7 @@ const char *list_user; /* extern for parse_args.c */
int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER;
static struct command_details command_details;
static int sudo_mode;
static struct sudo_event_base *sudo_event_base;
struct sudo_gc_entry {
SLIST_ENTRY(sudo_gc_entry) entries;
@@ -213,6 +215,10 @@ main(int argc, char *argv[], char *envp[])
if (!sudo_load_plugins(&policy_plugin, &io_plugins))
sudo_fatalx(U_("fatal error, unable to load plugins"));
/* Allocate event base so plugin can use it. */
if ((sudo_event_base = sudo_ev_base_alloc()) == NULL)
sudo_fatalx("%s", U_("unable to allocate memory"));
/* Open policy plugin. */
ok = policy_open(&policy_plugin, settings, user_info, envp);
if (ok != 1) {
@@ -288,6 +294,7 @@ main(int argc, char *argv[], char *envp[])
command_details.tty = user_details.tty;
command_details.argv = argv_out;
command_details.envp = user_env_out;
command_details.evbase = sudo_event_base;
if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
SET(command_details.flags, CD_LOGIN_SHELL);
if (ISSET(sudo_mode, MODE_BACKGROUND))
@@ -1328,6 +1335,158 @@ iolog_unlink(struct plugin_container *plugin)
debug_return;
}
/*
* Fill in a previously allocated struct sudo_plugin_event.
*/
static int
plugin_event_set(struct sudo_plugin_event *pev, int fd, int events,
sudo_ev_callback_t callback, void *closure)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_set, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
if (sudo_ev_set(&ev_int->private, fd, events, callback, closure) == -1)
debug_return_int(-1);
/* Plugin can only operate on the main event loop. */
ev_int->private.base = sudo_event_base;
debug_return_int(1);
}
/*
* Add a struct sudo_plugin_event to the main event loop.
*/
static int
plugin_event_add(struct sudo_plugin_event *pev, struct timespec *timo)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_add, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
if (sudo_ev_add(NULL, &ev_int->private, timo, 0) == -1)
debug_return_int(-1);
debug_return_int(1);
}
/*
* Delete a struct sudo_plugin_event from the main event loop.
*/
static int
plugin_event_del(struct sudo_plugin_event *pev)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_del, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
if (sudo_ev_del(NULL, &ev_int->private) == -1)
debug_return_int(-1);
debug_return_int(1);
}
/*
* Get the amount of time remaining in a timeout event.
*/
static int
plugin_event_timeleft(struct sudo_plugin_event *pev, struct timespec *ts)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_timeleft, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
if (sudo_ev_get_timeleft(&ev_int->private, ts) == -1)
debug_return_int(-1);
debug_return_int(1);
}
/*
* Get the file descriptor associated with an event.
*/
static int
plugin_event_fd(struct sudo_plugin_event *pev)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_fd, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
debug_return_int(sudo_ev_get_fd(&ev_int->private));
}
/*
* Break out of the event loop, killing the command if it is running.
*/
static void
plugin_event_loopbreak(struct sudo_plugin_event *pev)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_loopbreak, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
sudo_ev_loopbreak(ev_int->private.base);
debug_return;
}
/*
* Reset the event base of a struct sudo_plugin_event.
* The event is removed from the old base (if any) first.
*/
static void
plugin_event_setbase(struct sudo_plugin_event *pev, void *base)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_setbase, SUDO_DEBUG_PCOMM)
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
if (ev_int->private.base != NULL)
sudo_ev_del(ev_int->private.base, &ev_int->private);
ev_int->private.base = base;
debug_return;
}
/*
* Free a struct sudo_plugin_event allocated by plugin_event_alloc().
*/
static void
plugin_event_free(struct sudo_plugin_event *pev)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_free, SUDO_DEBUG_PCOMM)
/* The private field is first so sudo_ev_free() can free the struct. */
ev_int = __containerof(pev, struct sudo_plugin_event_int, public);
sudo_ev_free(&ev_int->private);
debug_return;
}
/*
* Allocate a struct sudo_plugin_event and fill in the public fields.
*/
struct sudo_plugin_event *
sudo_plugin_event_alloc(void)
{
struct sudo_plugin_event_int *ev_int;
debug_decl(plugin_event_alloc, SUDO_DEBUG_PCOMM)
if ((ev_int = malloc(sizeof(*ev_int))) == NULL)
debug_return_ptr(NULL);
/* Init public fields. */
ev_int->public.set = plugin_event_set;
ev_int->public.add = plugin_event_add;
ev_int->public.del = plugin_event_del;
ev_int->public.fd = plugin_event_fd;
ev_int->public.timeleft = plugin_event_timeleft;
ev_int->public.setbase = plugin_event_setbase;
ev_int->public.free = plugin_event_free;
/* Clear private portion in case caller tries to use us uninitialized. */
memset(&ev_int->private, 0, sizeof(ev_int->private));
debug_return_ptr(&ev_int->public);
}
static void
free_plugin_container(struct plugin_container *plugin, bool ioplugin)
{

3
src/sudo.h
View File

@@ -39,6 +39,7 @@
#include "sudo_conf.h"
#include "sudo_debug.h"
#include "sudo_queue.h"
#include "sudo_event.h"
#include "sudo_util.h"
#ifdef HAVE_PRIV_SET
@@ -169,6 +170,7 @@ struct command_details {
const char *tty;
char **argv;
char **envp;
struct sudo_event_base *evbase;
#ifdef HAVE_PRIV_SET
priv_set_t *privs;
priv_set_t *limitprivs;
@@ -218,6 +220,7 @@ int run_command(struct command_details *details);
int os_init_common(int argc, char *argv[], char *envp[]);
bool gc_add(enum sudo_gc_types type, void *v);
bool set_user_groups(struct command_details *details);
struct sudo_plugin_event *sudo_plugin_event_alloc(void);
extern const char *list_user;
extern struct user_details user_details;
extern int sudo_debug_instance;

8
src/sudo_plugin_int.h
View File

@@ -104,6 +104,14 @@ struct plugin_container {
};
TAILQ_HEAD(plugin_container_list, plugin_container);
/*
* Private implementation of struct sudo_plugin_event.
*/
struct sudo_plugin_event_int {
struct sudo_event private; /* must be first */
struct sudo_plugin_event public;
};
extern struct plugin_container policy_plugin;
extern struct plugin_container_list io_plugins;