Modular sudo front-end which loads policy and I/O plugins that do
most the actual work. Currently relies on dynamic loading using dlopen(). See doc/plugin.pod for the plugin API.
This commit is contained in:
Todd C. Miller
234
src/sudo.h
Normal file
234
src/sudo.h
Normal file
@@ -0,0 +1,234 @@
|
||||
/*
|
||||
* Copyright (c) 1993-1996, 1998-2005, 2007-2009
|
||||
* Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*
|
||||
* Sponsored in part by the Defense Advanced Research Projects
|
||||
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||
*
|
||||
* $Sudo: sudo.h,v 1.290 2009/12/12 16:12:26 millert Exp $
|
||||
*/
|
||||
|
||||
#ifndef _SUDO_SUDO_H
|
||||
#define _SUDO_SUDO_H
|
||||
|
||||
#include <pathnames.h>
|
||||
#include <limits.h>
|
||||
#include "compat.h"
|
||||
#include "alloc.h"
|
||||
#include "error.h"
|
||||
#include "list.h"
|
||||
#include "missing.h"
|
||||
|
||||
#ifdef __TANDEM
|
||||
# define ROOT_UID 65535
|
||||
#else
|
||||
# define ROOT_UID 0
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Pseudo-boolean values
|
||||
*/
|
||||
#undef TRUE
|
||||
#define TRUE 1
|
||||
#undef FALSE
|
||||
#define FALSE 0
|
||||
|
||||
/*
|
||||
* Various modes sudo can be in (based on arguments) in hex
|
||||
*/
|
||||
#define MODE_RUN 0x00000001
|
||||
#define MODE_EDIT 0x00000002
|
||||
#define MODE_VALIDATE 0x00000004
|
||||
#define MODE_INVALIDATE 0x00000008
|
||||
#define MODE_KILL 0x00000010
|
||||
#define MODE_VERSION 0x00000020
|
||||
#define MODE_HELP 0x00000040
|
||||
#define MODE_LIST 0x00000080
|
||||
#define MODE_CHECK 0x00000100
|
||||
#define MODE_MASK 0x0000ffff
|
||||
|
||||
/* Mode flags */
|
||||
/* XXX - prune this */
|
||||
#define MODE_BACKGROUND 0x00010000
|
||||
#define MODE_SHELL 0x00020000
|
||||
#define MODE_LOGIN_SHELL 0x00040000
|
||||
#define MODE_IMPLIED_SHELL 0x00080000
|
||||
#define MODE_RESET_HOME 0x00100000
|
||||
#define MODE_PRESERVE_GROUPS 0x00200000
|
||||
#define MODE_PRESERVE_ENV 0x00400000
|
||||
#define MODE_NONINTERACTIVE 0x00800000
|
||||
#define MODE_LONG_LIST 0x01000000
|
||||
|
||||
/*
|
||||
* Used with set_perms()
|
||||
*/
|
||||
#define PERM_ROOT 0x00
|
||||
#define PERM_USER 0x01
|
||||
#define PERM_FULL_USER 0x02
|
||||
#define PERM_SUDOERS 0x03
|
||||
#define PERM_RUNAS 0x04
|
||||
#define PERM_FULL_RUNAS 0x05
|
||||
#define PERM_TIMESTAMP 0x06
|
||||
#define PERM_NOEXIT 0x10 /* flag */
|
||||
#define PERM_MASK 0xf0
|
||||
|
||||
/*
|
||||
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
|
||||
* but that caused problems with various alternate authentication
|
||||
* methods. So, we just define our own and assume that it is >= the
|
||||
* system max.
|
||||
*/
|
||||
#define SUDO_PASS_MAX 256
|
||||
|
||||
/*
|
||||
* Flags for lock_file()
|
||||
*/
|
||||
#define SUDO_LOCK 1 /* lock a file */
|
||||
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
|
||||
#define SUDO_UNLOCK 4 /* unlock a file */
|
||||
|
||||
/*
|
||||
* Flags for tgetpass()
|
||||
*/
|
||||
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */
|
||||
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
|
||||
#define TGP_ASKPASS 0x04 /* read from askpass helper program */
|
||||
#define TGP_FEEDBACK 0x08 /* visual feedback during input */
|
||||
|
||||
struct user_details {
|
||||
uid_t uid;
|
||||
uid_t euid;
|
||||
uid_t gid;
|
||||
uid_t egid;
|
||||
const char *username;
|
||||
const char *cwd;
|
||||
const char *tty;
|
||||
const char *host;
|
||||
GETGROUPS_T *groups;
|
||||
int ngroups;
|
||||
};
|
||||
|
||||
#define CD_SET_UID 0x0001
|
||||
#define CD_SET_EUID 0x0002
|
||||
#define CD_SET_GID 0x0004
|
||||
#define CD_SET_EGID 0x0008
|
||||
#define CD_PRESERVE_GROUPS 0x0010
|
||||
#define CD_NOEXEC 0x0020
|
||||
#define CD_SET_PRIORITY 0x0040
|
||||
#define CD_SET_UMASK 0x0080
|
||||
#define CD_SET_TIMEOUT 0x0100
|
||||
|
||||
struct command_details {
|
||||
uid_t uid;
|
||||
uid_t euid;
|
||||
gid_t gid;
|
||||
gid_t egid;
|
||||
mode_t umask;
|
||||
int flags;
|
||||
int priority;
|
||||
int timeout;
|
||||
int ngroups;
|
||||
GETGROUPS_T *groups;
|
||||
const char *command;
|
||||
const char *cwd;
|
||||
const char *login_class;
|
||||
const char *chroot;
|
||||
const char *selinux_role;
|
||||
const char *selinux_type;
|
||||
};
|
||||
|
||||
/* Status passed between parent and child via socketpair */
|
||||
struct command_status {
|
||||
#define CMD_INVALID 0
|
||||
#define CMD_ERRNO 1
|
||||
#define CMD_WSTATUS 2
|
||||
#define CMD_SIGNO 3
|
||||
int type;
|
||||
int val;
|
||||
};
|
||||
|
||||
/* For error() and errorx() (XXX - needed?) */
|
||||
void cleanup(int);
|
||||
|
||||
/* tgetpass.c */
|
||||
char *tgetpass(const char *, int, int);
|
||||
int tty_present(void);
|
||||
|
||||
/* zero_bytes.c */
|
||||
void zero_bytes(volatile void *, size_t);
|
||||
|
||||
/* fileops.c */
|
||||
int lock_file(int, int);
|
||||
char *sudo_parseln(FILE *);
|
||||
|
||||
/* script.c */
|
||||
int script_duplow(int);
|
||||
int script_execve(struct command_details *details, char *argv[], char *envp[],
|
||||
struct command_status *cstat);
|
||||
void script_setup(uid_t);
|
||||
|
||||
/* term.c */
|
||||
int term_cbreak(int);
|
||||
int term_copy(int, int, int);
|
||||
int term_noecho(int);
|
||||
int term_raw(int, int, int);
|
||||
int term_restore(int, int);
|
||||
|
||||
/* fmt_string.h */
|
||||
char *fmt_string(const char *var, const char *value);
|
||||
|
||||
/* atobool.c */
|
||||
int atobool(const char *str);
|
||||
|
||||
/* parse_args.c */
|
||||
int parse_args(int argc, char **argv, int *nargc, char ***nargv,
|
||||
char ***settingsp, char ***env_addp);
|
||||
|
||||
/* pty.c */
|
||||
int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t uid);
|
||||
|
||||
/* sudo.c */
|
||||
int exec_setup(struct command_details *details);
|
||||
extern int debug_level;
|
||||
extern struct plugin_container_list io_plugins;
|
||||
|
||||
#ifndef errno
|
||||
extern int errno;
|
||||
#endif
|
||||
|
||||
#ifdef ntoyet
|
||||
/*
|
||||
* Sudo logging/debugging, printf-style.
|
||||
* XXX - not hooked up yet
|
||||
* The debug level may be set on the command line via the -D flag.
|
||||
* A higher debug level yields more verbose debugging.
|
||||
*/
|
||||
#define SUDO_LOG_DEBUG1 1
|
||||
#define SUDO_LOG_DEBUG2 2
|
||||
#define SUDO_LOG_DEBUG3 3
|
||||
#define SUDO_LOG_DEBUG4 4
|
||||
#define SUDO_LOG_DEBUG5 5
|
||||
#define SUDO_LOG_DEBUG6 6
|
||||
#define SUDO_LOG_DEBUG7 7
|
||||
#define SUDO_LOG_DEBUG8 8
|
||||
#define SUDO_LOG_DEBUG9 9
|
||||
#define SUDO_LOG_INFO 10
|
||||
#define SUDO_LOG_WARN 11
|
||||
#define SUDO_LOG_ERROR 12
|
||||
void sudo_log(int level, const char *format, ...) __printflike(2, 3);
|
||||
#endif
|
||||
|
||||
#endif /* _SUDO_SUDO_H */
|
||||
Reference in New Issue
Block a user