/*
* verify that a path generated by mkdtemp() or mkstemp() looks like a
* reasonable expansion of the template and matches the fd. Returns true
* if all the X's were replaced with non-X's
*/
int
check(int fd, char const *kind, char const *path, char const *prefix,
size_t plen, char const *suffix, size_t slen, int tlen)
{
struct stat sb, fsb;
char const *p;
if (tlen < MIN_Xs) {
if (fd != -1)
sudo_fatalx("%s(%s) succeed with too few Xs", kind, path);
if (errno != EINVAL)
sudo_fatal("%s(%s) failed with wrong errno: %d", kind, path, errno);
return 1;
}
if (fd == -1)
sudo_fatal("%s(%s)", kind, path);
if (stat(path, &sb))
sudo_fatal("%s: stat(%s)", kind, path);
if (fd >= 0) {
if (fstat(fd, &fsb))
sudo_fatal("%s: fstat(%d==%s)", kind, fd, path);
if (sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino)
sudo_fatalx("%s: stat mismatch", kind);
}
if (memcmp(path, prefix, plen) != 0)
sudo_fatalx("%s: prefix changed! %s vs %s", kind, prefix, path);
if (memcmp(path + plen + tlen, suffix, slen + 1) != 0)
sudo_fatalx("%s: suffix changed! %s vs %s", kind, suffix, path);
for (p = path + plen; p < path + plen + tlen; p++)
if (*p == '\0')
sudo_fatalx("%s: unexpected truncation", kind);
else if (*p == 'X')
return 0;
return 1;
}
static int
audit_role_change(const security_context_t old_context,
const security_context_t new_context, const char *ttyn, int result)
{
int au_fd, rc = -1;
char *message;
debug_decl(audit_role_change, SUDO_DEBUG_SELINUX)
au_fd = audit_open();
if (au_fd == -1) {
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
)
sudo_fatal(U_("unable to open audit system"));
} else {
/* audit role change using the same format as newrole(1) */
rc = asprintf(&message, "newrole: old-context=%s new-context=%s",
old_context, new_context);
if (rc == -1)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
message, NULL, NULL, ttyn, result);
if (rc <= 0)
sudo_warn(U_("unable to send audit message"));
free(message);
close(au_fd);
}
debug_return_int(rc);
}
/*
* Exit codes defined in sudo_exec.h:
* SESH_SUCCESS (0) ... successful operation
* SESH_ERR_FAILURE (1) ... unspecified error
* SESH_ERR_INVALID (30) ... invalid -e arg value
* SESH_ERR_BAD_PATHS (31) ... odd number of paths
* SESH_ERR_NO_FILES (32) ... copy error, no files copied
* SESH_ERR_SOME_FILES (33) ... copy error, no files copied
*/
int
main(int argc, char *argv[], char *envp[])
{
int ret;
debug_decl(main, SUDO_DEBUG_MAIN)
initprogname(argc > 0 ? argv[0] : "sesh");
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE_NAME, LOCALEDIR);
textdomain(PACKAGE_NAME);
if (argc < 2)
sudo_fatalx(U_("requires at least one argument"));
/* Read sudo.conf and initialize the debug subsystem. */
if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1)
exit(EXIT_FAILURE);
sudo_debug_register(getprogname(), NULL, NULL,
sudo_conf_debug_files(getprogname()));
if (strcmp(argv[1], "-e") == 0) {
ret = sesh_sudoedit(argc, argv);
} else {
bool login_shell, noexec = false;
char *cp, *cmnd;
int fd = -1;
/* If the first char of argv[0] is '-', we are running a login shell. */
login_shell = argv[0][0] == '-';
/* If argv[0] ends in -noexec, pass the flag to sudo_execve() */
if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0])
noexec = strcmp(cp, "-noexec") == 0;
/* If argv[1] is --execfd=%d, extract the fd to exec with. */
if (strncmp(argv[1], "--execfd=", 9) == 0) {
const char *errstr;
cp = argv[1] + 9;
fd = strtonum(cp, 0, INT_MAX, &errstr);
if (errstr != NULL)
sudo_fatalx(U_("invalid file descriptor number: %s"), cp);
argv++;
argc--;
}
/* Shift argv and make a copy of the command to execute. */
argv++;
argc--;
if ((cmnd = strdup(argv[0])) == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
/* If invoked as a login shell, modify argv[0] accordingly. */
if (login_shell) {
if ((cp = strrchr(argv[0], '/')) == NULL)
sudo_fatal(U_("unable to run %s as a login shell"), argv[0]);
*cp = '-';
argv[0] = cp;
}
sudo_execve(fd, cmnd, argv, envp, noexec);
sudo_warn(U_("unable to execute %s"), cmnd);
ret = SESH_ERR_FAILURE;
}
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, ret);
_exit(ret);
}
int
main(int argc, char *argv[])
{
char cwd[PATH_MAX + 1];
char *p;
size_t clen;
long pg;
int i;
initprogname(argc > 0 ? argv[0] : "mktemp_test");
pg = sysconf(_SC_PAGESIZE);
if (getcwd(cwd, sizeof cwd - 1) == NULL)
sudo_fatal("getcwd");
clen = strlen(cwd);
cwd[clen++] = '/';
cwd[clen] = '\0';
#ifdef MAP_ANON
p = mmap(NULL, pg * 3, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
#else
i = open("/dev/zero", O_RDWR);
if (i == -1)
sudo_fatal("/dev/zero");
p = mmap(NULL, pg * 3, PROT_READ | PROT_WRITE, MAP_PRIVATE, i, 0);
#endif
if (p == MAP_FAILED)
sudo_fatal("mmap");
if (mprotect(p, pg, PROT_NONE) || mprotect(p + pg * 2, pg, PROT_NONE))
sudo_fatal("mprotect");
p += pg;
i = MAX_TEMPLATE_LEN + 1;
while (i-- > 0) {
/* try first at the start of a page, no prefix */
try_mkdtemp(p, "", i);
/* now at the end of the page, no prefix */
try_mkdtemp(p + pg - i - 1, "", i);
/* start of the page, prefixed with the cwd */
try_mkdtemp(p, cwd, i);
/* how about at the end of the page, prefixed with cwd? */
try_mkdtemp(p + pg - clen - i - 1, cwd, i);
/* again, with mkstemps() and an empty suffix */
/* try first at the start of a page, no prefix */
try_mkstemps(p, "", i, "");
/* now at the end of the page, no prefix */
try_mkstemps(p + pg - i - 1, "", i, "");
/* start of the page, prefixed with the cwd */
try_mkstemps(p, cwd, i, "");
/* how about at the end of the page, prefixed with cwd? */
try_mkstemps(p + pg - clen - i - 1, cwd, i, "");
/* mkstemps() and a non-empty suffix */
/* try first at the start of a page, no prefix */
try_mkstemps(p, "", i, SUFFIX);
/* now at the end of the page, no prefix */
try_mkstemps(p + pg - i - SLEN - 1, "", i, SUFFIX);
/* start of the page, prefixed with the cwd */
try_mkstemps(p, cwd, i, SUFFIX);
/* how about at the end of the page, prefixed with cwd? */
try_mkstemps(p + pg - clen - i - SLEN - 1, cwd, i, SUFFIX);
}
return 0;
}
