isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo frontend: make more bit flags unsigned.

Browse Source
This commit is contained in:
Todd C. Miller
2023-07-10 11:06:34 -06:00
parent cbcb1d2506
commit dbb95ad214
11 changed files with 79 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/conversation.c
View File

@@ -53,7 +53,7 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
for (n = 0; n < num_msgs; n++) { for (n = 0; n < num_msgs; n++) {
const struct sudo_conv_message *msg = &msgs[n]; const struct sudo_conv_message *msg = &msgs[n];
int flags = tgetpass_flags; unsigned int flags = tgetpass_flags;
FILE *fp = stdout; FILE *fp = stdout;
switch (msg->msg_type & 0xff) { switch (msg->msg_type & 0xff) {

6
src/edit_open.c
View File

@@ -406,7 +406,7 @@ sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode,
#ifdef O_NOFOLLOW #ifdef O_NOFOLLOW
int int
sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags,
const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
{ {
int fd; int fd;
@@ -435,7 +435,7 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
} }
#else #else
int int
sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags,
const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
{ {
struct stat sb; struct stat sb;
@@ -488,7 +488,7 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
* Does not modify the value of errno. * Does not modify the value of errno.
*/ */
bool bool
sudo_edit_parent_valid(char *path, int sflags, sudo_edit_parent_valid(char *path, unsigned int sflags,
const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
{ {
const int serrno = errno; const int serrno = errno;

2
src/exec_common.c
View File

@@ -95,7 +95,7 @@ enable_intercept(char *envp[], const char *dso, int intercept_fd)
*/ */
int int
sudo_execve(int fd, const char *path, char *const argv[], char *envp[], sudo_execve(int fd, const char *path, char *const argv[], char *envp[],
int intercept_fd, int flags) int intercept_fd, unsigned int flags)
{ {
debug_decl(sudo_execve, SUDO_DEBUG_UTIL); debug_decl(sudo_execve, SUDO_DEBUG_UTIL);

12
src/parse_args.c
View File

@@ -42,7 +42,7 @@
#include "sudo.h" #include "sudo.h"
#include "sudo_lbuf.h" #include "sudo_lbuf.h"
int tgetpass_flags; unsigned int tgetpass_flags;
/* /*
* Local functions. * Local functions.
@@ -225,7 +225,7 @@ parse_env_list(struct environment *e, char *list)
* Sets nargc and nargv which corresponds to the argc/argv we'll use * Sets nargc and nargv which corresponds to the argc/argv we'll use
* for the command to be run (if we are running one). * for the command to be run (if we are running one).
*/ */
int unsigned int
parse_args(int argc, char **argv, const char *shell, int *old_optind, parse_args(int argc, char **argv, const char *shell, int *old_optind,
int *nargc, char ***nargv, struct sudo_settings **settingsp, int *nargc, char ***nargv, struct sudo_settings **settingsp,
char ***env_addp, const char **list_userp) char ***env_addp, const char **list_userp)
@@ -234,9 +234,9 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
struct option *long_opts = sudo_long_opts; struct option *long_opts = sudo_long_opts;
struct environment extra_env; struct environment extra_env;
const char *list_user = NULL; const char *list_user = NULL;
int mode = 0; /* what mode is sudo to be run in? */ unsigned int mode = 0; /* what mode is sudo to be run in? */
int flags = 0; /* mode flags */ unsigned int flags = 0; /* mode flags */
int valid_flags = DEFAULT_VALID_FLAGS; unsigned int valid_flags = DEFAULT_VALID_FLAGS;
int ch, i; int ch, i;
char *cp; char *cp;
debug_decl(parse_args, SUDO_DEBUG_ARGS); debug_decl(parse_args, SUDO_DEBUG_ARGS);
@@ -692,7 +692,7 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
*nargc = argc; *nargc = argc;
*nargv = argv; *nargv = argv;
*list_userp = list_user; *list_userp = list_user;
debug_return_int(mode | flags); debug_return_uint(mode | flags);
} }
/* /*

2
src/selinux.c
View File

@@ -440,7 +440,7 @@ selinux_setexeccon(void)
void void
selinux_execve(int fd, const char *path, char *const argv[], char *envp[], selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
const char *rundir, int flags) const char *rundir, unsigned int flags)
{ {
char **nargv; char **nargv;
const char *sesh; const char *sesh;

2
src/sesh.c
View File

@@ -95,7 +95,7 @@ main(int argc, char *argv[], char *envp[])
{ {
enum sesh_mode mode = SESH_RUN_COMMAND; enum sesh_mode mode = SESH_RUN_COMMAND;
const char *errstr, *rundir = NULL; const char *errstr, *rundir = NULL;
int flags = CD_SUDOEDIT_FOLLOW; unsigned int flags = CD_SUDOEDIT_FOLLOW;
char *edit_user = NULL; char *edit_user = NULL;
int ch, ret, fd = -1; int ch, ret, fd = -1;
debug_decl(main, SUDO_DEBUG_MAIN); debug_decl(main, SUDO_DEBUG_MAIN);

3
src/sudo.c
View File

@@ -140,7 +140,8 @@ main(int argc, char *argv[], char *envp[])
{ {
struct command_details command_details; struct command_details command_details;
struct user_details user_details; struct user_details user_details;
int nargc, sudo_mode, status = 0; unsigned int sudo_mode;
int nargc, status = 0;
char **nargv, **env_add; char **nargv, **env_add;
char **command_info = NULL, **argv_out = NULL, **run_envp = NULL; char **command_info = NULL, **argv_out = NULL, **run_envp = NULL;
const char * const allowed_prognames[] = { "sudo", "sudoedit", NULL }; const char * const allowed_prognames[] = { "sudo", "sudoedit", NULL };

120
src/sudo.h
View File

@@ -52,28 +52,28 @@
/* /*
* Various modes sudo can be in (based on arguments) in hex * Various modes sudo can be in (based on arguments) in hex
*/ */
#define MODE_RUN 0x00000001 #define MODE_RUN 0x00000001U
#define MODE_EDIT 0x00000002 #define MODE_EDIT 0x00000002U
#define MODE_VALIDATE 0x00000004 #define MODE_VALIDATE 0x00000004U
#define MODE_INVALIDATE 0x00000008 #define MODE_INVALIDATE 0x00000008U
#define MODE_KILL 0x00000010 #define MODE_KILL 0x00000010U
#define MODE_VERSION 0x00000020 #define MODE_VERSION 0x00000020U
#define MODE_HELP 0x00000040 #define MODE_HELP 0x00000040U
#define MODE_LIST 0x00000080 #define MODE_LIST 0x00000080U
#define MODE_CHECK 0x00000100 #define MODE_CHECK 0x00000100U
#define MODE_MASK 0x0000ffff #define MODE_MASK 0x0000ffffU
/* Mode flags */ /* Mode flags */
/* XXX - prune this */ /* XXX - prune this */
#define MODE_BACKGROUND 0x00010000 #define MODE_BACKGROUND 0x00010000U
#define MODE_SHELL 0x00020000 #define MODE_SHELL 0x00020000U
#define MODE_LOGIN_SHELL 0x00040000 #define MODE_LOGIN_SHELL 0x00040000U
#define MODE_IMPLIED_SHELL 0x00080000 #define MODE_IMPLIED_SHELL 0x00080000U
#define MODE_RESET_HOME 0x00100000 #define MODE_RESET_HOME 0x00100000U
#define MODE_PRESERVE_GROUPS 0x00200000 #define MODE_PRESERVE_GROUPS 0x00200000U
#define MODE_PRESERVE_ENV 0x00400000 #define MODE_PRESERVE_ENV 0x00400000U
#define MODE_NONINTERACTIVE 0x00800000 #define MODE_NONINTERACTIVE 0x00800000U
#define MODE_LONG_LIST 0x01000000 #define MODE_LONG_LIST 0x01000000U
/* Indexes into sudo_settings[] args, must match parse_args.c. */ /* Indexes into sudo_settings[] args, must match parse_args.c. */
#define ARG_BSDAUTH_TYPE 0 #define ARG_BSDAUTH_TYPE 0
@@ -110,13 +110,13 @@
/* /*
* Flags for tgetpass() * Flags for tgetpass()
*/ */
#define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */ #define TGP_NOECHO 0x00U /* turn echo off reading pw (default) */
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ #define TGP_ECHO 0x01U /* leave echo on when reading passwd */
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ #define TGP_STDIN 0x02U /* read from stdin, not /dev/tty */
#define TGP_ASKPASS 0x04 /* read from askpass helper program */ #define TGP_ASKPASS 0x04U /* read from askpass helper program */
#define TGP_MASK 0x08 /* mask user input when reading */ #define TGP_MASK 0x08U /* mask user input when reading */
#define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */ #define TGP_NOECHO_TRY 0x10U /* turn off echo if possible */
#define TGP_BELL 0x20 /* bell on password prompt */ #define TGP_BELL 0x20U /* bell on password prompt */
/* name/value pairs for command line settings. */ /* name/value pairs for command line settings. */
struct sudo_settings { struct sudo_settings {
@@ -150,33 +150,33 @@ struct user_details {
int ts_cols; int ts_cols;
}; };
#define CD_SET_UID 0x00000001 #define CD_SET_UID 0x00000001U
#define CD_SET_EUID 0x00000002 #define CD_SET_EUID 0x00000002U
#define CD_SET_GID 0x00000004 #define CD_SET_GID 0x00000004U
#define CD_SET_EGID 0x00000008 #define CD_SET_EGID 0x00000008U
#define CD_PRESERVE_GROUPS 0x00000010 #define CD_PRESERVE_GROUPS 0x00000010U
#define CD_INTERCEPT 0x00000020 #define CD_INTERCEPT 0x00000020U
#define CD_NOEXEC 0x00000040 #define CD_NOEXEC 0x00000040U
#define CD_SET_PRIORITY 0x00000080 #define CD_SET_PRIORITY 0x00000080U
#define CD_SET_UMASK 0x00000100 #define CD_SET_UMASK 0x00000100U
#define CD_SET_TIMEOUT 0x00000200 #define CD_SET_TIMEOUT 0x00000200U
#define CD_SUDOEDIT 0x00000400 #define CD_SUDOEDIT 0x00000400U
#define CD_BACKGROUND 0x00000800 #define CD_BACKGROUND 0x00000800U
#define CD_RBAC_ENABLED 0x00001000 #define CD_RBAC_ENABLED 0x00001000U
#define CD_USE_PTY 0x00002000 #define CD_USE_PTY 0x00002000U
#define CD_SET_UTMP 0x00004000 #define CD_SET_UTMP 0x00004000U
#define CD_EXEC_BG 0x00008000 #define CD_EXEC_BG 0x00008000U
#define CD_SUDOEDIT_FOLLOW 0x00010000 #define CD_SUDOEDIT_FOLLOW 0x00010000U
#define CD_SUDOEDIT_CHECKDIR 0x00020000 #define CD_SUDOEDIT_CHECKDIR 0x00020000U
#define CD_SET_GROUPS 0x00040000 #define CD_SET_GROUPS 0x00040000U
#define CD_LOGIN_SHELL 0x00080000 #define CD_LOGIN_SHELL 0x00080000U
#define CD_OVERRIDE_UMASK 0x00100000 #define CD_OVERRIDE_UMASK 0x00100000U
#define CD_LOG_SUBCMDS 0x00200000 #define CD_LOG_SUBCMDS 0x00200000U
#define CD_USE_PTRACE 0x00400000 #define CD_USE_PTRACE 0x00400000U
#define CD_FEXECVE 0x00800000 #define CD_FEXECVE 0x00800000U
#define CD_INTERCEPT_VERIFY 0x01000000 #define CD_INTERCEPT_VERIFY 0x01000000U
#define CD_RBAC_SET_CWD 0x02000000 #define CD_RBAC_SET_CWD 0x02000000U
#define CD_CWD_OPTIONAL 0x04000000 #define CD_CWD_OPTIONAL 0x04000000U
struct preserved_fd { struct preserved_fd {
TAILQ_ENTRY(preserved_fd) entries; TAILQ_ENTRY(preserved_fd) entries;
@@ -193,7 +193,7 @@ struct command_details {
int priority; int priority;
unsigned int timeout; unsigned int timeout;
int closefrom; int closefrom;
int flags; unsigned int flags;
int execfd; int execfd;
int nfiles; int nfiles;
struct preserved_fd_list preserved_fds; struct preserved_fd_list preserved_fds;
@@ -240,7 +240,7 @@ enum sudo_gc_types {
void cleanup(int); void cleanup(int);
/* tgetpass.c */ /* tgetpass.c */
char *tgetpass(const char *prompt, int timeout, int flags, char *tgetpass(const char *prompt, int timeout, unsigned int flags,
struct sudo_conv_callback *callback); struct sudo_conv_callback *callback);
const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred); const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred);
@@ -248,10 +248,10 @@ const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred);
int sudo_execute(struct command_details *details, const struct user_details *ud, struct sudo_event_base *evbase, struct command_status *cstat); int sudo_execute(struct command_details *details, const struct user_details *ud, struct sudo_event_base *evbase, struct command_status *cstat);
/* parse_args.c */ /* parse_args.c */
int parse_args(int argc, char **argv, const char *shell, int *old_optind, unsigned int parse_args(int argc, char **argv, const char *shell,
int *nargc, char ***nargv, struct sudo_settings **settingsp, int *old_optind, int *nargc, char ***nargv,
char ***env_addp, const char **list_user); struct sudo_settings **settingsp, char ***env_addp, const char **list_user);
extern int tgetpass_flags; extern unsigned int tgetpass_flags;
/* get_pty.c */ /* get_pty.c */
char *get_pty(int *leader, int *follower, uid_t uid); char *get_pty(int *leader, int *follower, uid_t uid);
@@ -290,7 +290,7 @@ int selinux_relabel_tty(const char *ttyn, int ttyfd);
int selinux_restore_tty(void); int selinux_restore_tty(void);
int selinux_setexeccon(void); int selinux_setexeccon(void);
void selinux_execve(int fd, const char *path, char *const argv[], void selinux_execve(int fd, const char *path, char *const argv[],
char *envp[], const char *rundir, int flags); char *envp[], const char *rundir, unsigned int flags);
/* apparmor.c */ /* apparmor.c */
int apparmor_is_enabled(void); int apparmor_is_enabled(void);

4
src/sudo_edit.h
View File

@@ -48,8 +48,8 @@ bool sudo_check_temp_file(int tfd, const char *tname, uid_t uid, struct stat *sb
/* edit_open.c */ /* edit_open.c */
struct sudo_cred; struct sudo_cred;
void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups); void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups);
int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); int sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
int dir_is_writable(int dfd, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); int dir_is_writable(int dfd, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
bool sudo_edit_parent_valid(char *path, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); bool sudo_edit_parent_valid(char *path, unsigned int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
#endif /* SUDO_EDIT_H */ #endif /* SUDO_EDIT_H */

2
src/sudo_exec.h
View File

@@ -180,7 +180,7 @@ bool sudo_terminated(struct command_status *cstat);
void free_exec_closure(struct exec_closure *ec); void free_exec_closure(struct exec_closure *ec);
/* exec_common.c */ /* exec_common.c */
int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, int flags); int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, unsigned int flags);
char **disable_execute(char *envp[], const char *dso); char **disable_execute(char *envp[], const char *dso);
char **enable_monitor(char *envp[], const char *dso); char **enable_monitor(char *envp[], const char *dso);

2
src/tgetpass.c
View File

@@ -108,7 +108,7 @@ tgetpass_display_error(enum tgetpass_errval errval)
* Like getpass(3) but with timeout and echo flags. * Like getpass(3) but with timeout and echo flags.
*/ */
char * char *
tgetpass(const char *prompt, int timeout, int flags, tgetpass(const char *prompt, int timeout, unsigned int flags,
struct sudo_conv_callback *callback) struct sudo_conv_callback *callback)
{ {
struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;