diff --git a/Makefile.in b/Makefile.in index c9213ad9e..13af4366b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -39,7 +39,7 @@ sudoers_uid = @SUDOERS_UID@ sudoers_gid = @SUDOERS_GID@ sudoers_mode = @SUDOERS_MODE@ -SUBDIRS = compat common src plugins/sudoers include doc +SUBDIRS = compat common plugins/sudoers src include doc SAMPLES = plugins/sample plugins/sample_group diff --git a/compat/Makefile.in b/compat/Makefile.in index 1b04b0652..13a1d562c 100644 --- a/compat/Makefile.in +++ b/compat/Makefile.in @@ -76,6 +76,7 @@ siglist.lo: siglist.c $(incdir)/missing.h $(top_builddir)/config.h # Dependencies closefrom.lo: $(compat)/closefrom.c $(incdir)/missing.h $(top_builddir)/config.h +dlopen.lo: $(compat)/dlopen.c $(compat)/dlfcn.h $(incdir)/missing.h $(top_builddir)/config.h fnmatch.lo: $(compat)/fnmatch.c $(compat)/fnmatch.h $(compat)/charclass.h $(incdir)/missing.h $(top_builddir)/config.h getcwd.lo: $(compat)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h getline.lo: $(compat)/getline.c $(incdir)/missing.h $(top_builddir)/config.h diff --git a/compat/dlfcn.h b/compat/dlfcn.h new file mode 100644 index 000000000..931dd7ad9 --- /dev/null +++ b/compat/dlfcn.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* Emulated functions. */ +void *dlopen(const char *path, int mode); +int dlclose(void *handle); +void *dlsym(void *handle, const char *symbol); +const char *dlerror(void); + +/* Values for dlopen() mode. */ +#define RTLD_LAZY 0x1 +#define RTLD_NOW 0x2 +#define RTLD_GLOBAL 0x4 +#define RTLD_LOCAL 0x8 + +/* Special handle arguments for dlsym(). */ +#define RTLD_NEXT ((void *) -1) /* Search subsequent objects. */ +#define RTLD_DEFAULT ((void *) -2) /* Use default search algorithm. */ +#define RTLD_SELF ((void *) -3) /* Search the caller itself. */ + +#endif /* !_DLFCN_H_ */ diff --git a/compat/dlopen.c b/compat/dlopen.c new file mode 100644 index 000000000..434465637 --- /dev/null +++ b/compat/dlopen.c @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include + +#include "compat/dlfcn.h" +#include "missing.h" + +#ifdef HAVE_SHL_LOAD +/* + * Emulate dlopen() using shl_load(). + */ +#include + +#ifndef DYNAMIC_PATH +# define DYNAMIC_PATH 0 +#endif + +void * +dlopen(const char *path, int mode) +{ + int flags = DYNAMIC_PATH; + shl_t handle; + + if (mode == 0) + mode = RTLD_LAZY; /* default behavior */ + + if (ISSET(mode, RTLD_LAZY)) + flags |= BIND_DEFERRED + if (ISSET(mode, RTLD_NOW)) + flags |= BIND_IMMEDIATE + + /* We don't support RTLD_GLOBAL or RTLD_LOCAL yet. */ + + return (void *)handle; +} + +int +dlclose(void *handle) +{ + return shl_unload((shl_t)handle); +} + +void * +dlsym(void *handle, const char *symbol) +{ + shl_t handle; + void *value = NULL; + + (void)shl_findsym(&handle, symbol, TYPE_UNDEFINED, (void *)&value); + + return value; +} + +char * +dlerror(void) +{ + return strerror(errno); +} + +#else /* !HAVE_SHL_LOAD */ + +/* + * Emulate dlopen() using a static list of symbols compiled into sudo. + */ + +struct sudo_preload_table { + const char *name; + void *address; +}; +extern sudo_preload_table; + +void * +dlopen(const char *path, int mode) +{ + return path; +} + +int +dlclose(void *handle) +{ + return 0; +} + +void * +dlsym(void *handle, const char *symbol) +{ + struct sudo_preload_table *sym; + + for (sym = sudo_preload_table; sym->name != NULL; sym++) { + if (strcmp(symbol, sym->name) == 0) + return sym->address; + } + return NULL; +} + +char * +dlerror(void) +{ + return strerror(errno); +} + +#endif /* HAVE_SHL_LOAD */ diff --git a/config.h.in b/config.h.in index 54a603ef6..18e383938 100644 --- a/config.h.in +++ b/config.h.in @@ -104,6 +104,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H +/* Define to 1 if you have the `dlopen' function. */ +#undef HAVE_DLOPEN + /* Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags. */ #undef HAVE_EXTENDED_GLOB @@ -424,6 +427,9 @@ /* Define to 1 if you have the `set_auth_parameters' function. */ #undef HAVE_SET_AUTH_PARAMETERS +/* Define to 1 if you have the `shl_load' function. */ +#undef HAVE_SHL_LOAD + /* Define to 1 if you have the `sia_ses_init' function. */ #undef HAVE_SIA_SES_INIT diff --git a/configure b/configure index a1c87737d..e539e2833 100755 --- a/configure +++ b/configure @@ -823,7 +823,6 @@ CONFIGURE_ARGS ac_config_libobj_dir LIBTOOL_DEPS ZLIB -NONUNIX_GROUPS_IMPL LOGINCAP_USAGE LDAP SELINUX_USAGE @@ -2965,7 +2964,6 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} - # @@ -6770,13 +6768,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:6773: $ac_compile\"" >&5) + (eval echo "\"\$as_me:6771: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:6776: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:6774: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:6779: output\"" >&5) + (eval echo "\"\$as_me:6777: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -7981,7 +7979,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 7984 "configure"' > conftest.$ac_ext + echo '#line 7982 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9373,11 +9371,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9376: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9374: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9380: \$? = $ac_status" >&5 + echo "$as_me:9378: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9712,11 +9710,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9715: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9713: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9719: \$? = $ac_status" >&5 + echo "$as_me:9717: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9817,11 +9815,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9820: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9818: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9824: \$? = $ac_status" >&5 + echo "$as_me:9822: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9872,11 +9870,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9875: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9873: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9879: \$? = $ac_status" >&5 + echo "$as_me:9877: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12239,7 +12237,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12242 "configure" +#line 12240 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12335,7 +12333,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12338 "configure" +#line 12336 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -18078,8 +18076,46 @@ $as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the fi # -# Add library needed for dynamic linking, if any. -# XXX - using the cache value like this is ugly +# How to do dynamic object loading. +# We support dlopen() and sh_load(), else fall back to static loading. +# +case "$lt_cv_dlopen" in + dlopen) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + ;; + shl_load) + $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h + + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + ;; + no) + # Preload sudoers module symbols + SUDO_OBJS="${SUDO_OBJS} preload.o" + SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" + ;; +esac +for ac_func in dlopen +do : + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLOPEN 1 +_ACEOF + +else + case " $LIBOBJS " in + *" $ac_func.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext" + ;; +esac + +fi +done + + + +# +# Add library needed for dynamic loading, if any. # LIBDL="$lt_cv_dlopen_libs" if test X"$LIBDL" != X""; then @@ -20560,5 +20596,6 @@ fi + diff --git a/configure.in b/configure.in index 6a4a2c74d..cffda8e78 100644 --- a/configure.in +++ b/configure.in @@ -55,12 +55,12 @@ AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) AC_SUBST([LDAP]) AC_SUBST([LOGINCAP_USAGE]) -AC_SUBST([NONUNIX_GROUPS_IMPL]) AC_SUBST([ZLIB]) AC_SUBST([LIBTOOL_DEPS]) AC_SUBST([ac_config_libobj_dir]) AC_SUBST([CONFIGURE_ARGS]) AC_SUBST([LIBDL]) +AC_SUBST([LT_STATIC]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl @@ -2663,8 +2663,30 @@ if test ${with_ldap-'no'} != "no"; then fi # -# Add library needed for dynamic linking, if any. -# XXX - using the cache value like this is ugly +# How to do dynamic object loading. +# We support dlopen() and sh_load(), else fall back to static loading. +# +case "$lt_cv_dlopen" in + dlopen) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC='--tag=disable-static" + ;; + shl_load) + AC_DEFINE(HAVE_SHL_LOAD) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC='--tag=disable-static" + ;; + no) + # Preload sudoers module symbols + SUDO_OBJS="${SUDO_OBJS} preload.o" + SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" + LT_STATIC="" + ;; +esac +AC_REPLACE_FUNCS(dlopen) + +# +# Add library needed for dynamic loading, if any. # LIBDL="$lt_cv_dlopen_libs" if test X"$LIBDL" != X""; then @@ -2855,6 +2877,7 @@ AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) +AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) diff --git a/plugins/sample/Makefile.in b/plugins/sample/Makefile.in index cd90db708..aa3499daa 100644 --- a/plugins/sample/Makefile.in +++ b/plugins/sample/Makefile.in @@ -30,7 +30,7 @@ VPATH = $(srcdir) # Compiler & tools to use CC = @CC@ -LIBTOOL = @LIBTOOL@ --tag=disable-static +LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c diff --git a/plugins/sample_group/Makefile.in b/plugins/sample_group/Makefile.in index 883484271..9486a56a4 100644 --- a/plugins/sample_group/Makefile.in +++ b/plugins/sample_group/Makefile.in @@ -30,7 +30,7 @@ VPATH = $(srcdir) # Compiler & tools to use CC = @CC@ -LIBTOOL = @LIBTOOL@ --tag=disable-static +LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 272644ce3..f0a8ccfc6 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -103,12 +103,11 @@ PROGS = sudoers.la visudo sudoreplay testsudoers AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBSUDOERS_OBJS = alias.lo audit.lo defaults.lo gram.lo match.lo pwutil.lo \ - timestr.lo toke.lo redblack.lo @NONUNIX_GROUPS_IMPL@ + timestr.lo toke.lo redblack.lo -SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo plugin_error.lo env.lo \ - goodpath.lo group_plugin.lo find_path.lo interfaces.lo \ - logging.lo parse.lo set_perms.lo sudoers.lo sudo_nss.lo \ - iolog.lo @SUDOERS_OBJS@ +SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo goodpath.lo \ + group_plugin.lo find_path.lo interfaces.lo logging.lo parse.lo \ + set_perms.lo sudoers.lo sudo_nss.lo iolog.lo @SUDOERS_OBJS@ VISUDO_OBJS = visudo.o goodpath.o find_path.o error.o @@ -149,7 +148,7 @@ libsudoers.la: $(LIBSUDOERS_OBJS) $(LIBTOOL) --mode=link $(CC) -o $@ $(LIBSUDOERS_OBJS) -no-install sudoers.la: $(SUDOERS_OBJS) libsudoers.la - $(LIBTOOL) --tag=disable-static --mode=link $(CC) $(SUDOERS_LDFLAGS) -o $@ $(SUDOERS_OBJS) libsudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) + $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(SUDOERS_LDFLAGS) -o $@ $(SUDOERS_OBJS) libsudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) visudo: libsudoers.la $(VISUDO_OBJS) $(LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) libsudoers.la $(LIBS) $(NET_LIBS) diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index effaad0a2..f00e22174 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -16,6 +16,8 @@ #include +#if defined(HAVE_DLOPEN) || defined(HAVE_SHL_LOAD) + #include #include #include @@ -41,13 +43,21 @@ #if TIME_WITH_SYS_TIME # include #endif +#ifdef HAVE_DLFCN_H +# include +#else +# include "compat/dlfcn.h" +#endif #include -#include #include #include #include "sudoers.h" +#ifndef RTLD_LOCAL +# define RTLD_LOCAL 0 +#endif + static void *group_handle; static struct sudoers_group_plugin *group_plugin; @@ -99,7 +109,7 @@ group_plugin_load(char *plugin_info) } /* Open plugin and map in symbol. */ - group_handle = dlopen(path, RTLD_LAZY); + group_handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL); if (!group_handle) { warningx("unable to dlopen %s: %s", path, dlerror()); return -1; @@ -161,3 +171,30 @@ group_plugin_query(const char *user, const char *group, { return (group_plugin->query)(user, group, pwd); } + +#else /* !HAVE_DLOPEN && !HAVE_SHL_LOAD */ + +/* + * No loadable shared object support. + */ + +int +group_plugin_load(char *plugin_info) +{ + return FALSE; +} + +void +group_plugin_unload(void) +{ + return; +} + +int +group_plugin_query(const char *user, const char *group, + const struct passwd *pwd) +{ + return FALSE; +} + +#endif /* HAVE_DLOPEN || HAVE_SHL_LOAD */ diff --git a/plugins/sudoers/plugin_error.c b/plugins/sudoers/plugin_error.c index 2513d018b..c4a6a996e 100644 --- a/plugins/sudoers/plugin_error.c +++ b/plugins/sudoers/plugin_error.c @@ -30,9 +30,9 @@ #include "sudo_plugin.h" static void _warning(int, const char *, va_list); - void cleanup(int); + void plugin_cleanup(int); -sigjmp_buf error_jmp; +extern sigjmp_buf error_jmp; extern sudo_conv_t sudo_conv; @@ -44,7 +44,7 @@ error(int eval, const char *fmt, ...) va_start(ap, fmt); _warning(1, fmt, ap); va_end(ap); - cleanup(0); + plugin_cleanup(0); siglongjmp(error_jmp, eval); } @@ -56,7 +56,7 @@ errorx(int eval, const char *fmt, ...) va_start(ap, fmt); _warning(0, fmt, ap); va_end(ap); - cleanup(0); + plugin_cleanup(0); siglongjmp(error_jmp, eval); } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index e4ca9183a..38b5973f8 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -150,7 +150,7 @@ int NewArgc; char **NewArgv; /* error.c */ -extern sigjmp_buf error_jmp; +sigjmp_buf error_jmp; static int sudoers_policy_open(unsigned int version, sudo_conv_t conversation, @@ -1117,7 +1117,7 @@ set_runasgr(char *group) * Cleanup hook for error()/errorx() */ void -cleanup(int gotsignal) +plugin_cleanup(int gotsignal) { struct sudo_nss *nss; diff --git a/src/Makefile.in b/src/Makefile.in index 2854e4a6a..91c61cc0a 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -30,7 +30,7 @@ VPATH = $(srcdir) # Compiler & tools to use CC = @CC@ -LIBTOOL = @LIBTOOL@ --tag=disable-static +LIBTOOL = @LIBTOOL@ @LT_STATIC@ # Our install program supports extra flags... INSTALL = $(SHELL) $(top_srcdir)/install-sh -c @@ -113,6 +113,7 @@ get_pty.o: $(srcdir)/get_pty.c $(SUDODEP) net_ifs.o: $(srcdir)/net_ifs.c $(SUDODEP) load_plugins.o: $(srcdir)/load_plugins.c $(SUDODEP) parse_args.o: $(srcdir)/parse_args.c sudo_usage.h $(SUDODEP) +preload.o: $(srcdir)/preload.c $(incdir)/sudo_plugin.h $(top_builddir)/config.h selinux.o: $(srcdir)/selinux.c $(SUDODEP) sesh.o: $(srcdir)/sesh.c $(incdir)/missing.h $(top_builddir)/config.h sudo.o: $(srcdir)/sudo.c $(SUDODEP) diff --git a/src/load_plugins.c b/src/load_plugins.c index 80fd77802..a5d45733c 100644 --- a/src/load_plugins.c +++ b/src/load_plugins.c @@ -37,13 +37,21 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_DLFCN_H +# include +#else +# include "compat/dlfcn.h" +#endif #include -#include #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" +#ifndef RTLD_LOCAL +# define RTLD_LOCAL 0 +#endif + /* * Read in /etc/sudo.conf * Returns a list of plugins. @@ -157,7 +165,7 @@ sudo_load_plugins(const char *conf_file, errorx(1, "%s must be only be writable by owner", path); /* Open plugin and map in symbol */ - handle = dlopen(path, RTLD_LAZY); + handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL); if (!handle) errorx(1, "unable to dlopen %s: %s", path, dlerror()); plugin = dlsym(handle, info->symbol_name); diff --git a/src/preload.c b/src/preload.c new file mode 100644 index 000000000..7566fd360 --- /dev/null +++ b/src/preload.c @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include "sudo_plugin.h" + +extern struct policy_plugin sudoers_policy; +extern struct io_plugin sudoers_io; + +struct sudo_preload_table { + const char *name; + void *address; +} sudo_preload_table = { + { "sudoers_policy", (void *) &sudoers_policy}, + { "sudoers_io", (void *) &sudoers_io}, + { NULL, NULL } +};