int
sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
{
SIAENTITY *siah = NULL;
int i;
extern int NewArgc;
extern char **NewArgv;
/* Rebuild argv for sia_ses_init() */
sudo_argc = NewArgc + 1;
sudo_argv = emalloc2(sudo_argc + 1, sizeof(char *));
sudo_argv[0] = "sudo";
for (i = 0; i < NewArgc; i++)
sudo_argv[i + 1] = NewArgv[i];
sudo_argv[sudo_argc] = NULL;
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
_("unable to initialize SIA session"));
return AUTH_FATAL;
}
auth->data = (void *) siah;
return AUTH_SUCCESS;
}
/*
* Initialize env based on envp.
*/
void
env_init(char * const envp[])
{
char * const *ep;
size_t len;
for (ep = envp; *ep != NULL; ep++)
continue;
len = (size_t)(ep - envp);
env.env_len = len;
env.env_size = len + 1 + 128;
env.envp = emalloc2(env.env_size, sizeof(char *));
#ifdef ENV_DEBUG
memset(env.envp, 0, env.env_size * sizeof(char *));
#endif
memcpy(env.envp, envp, len * sizeof(char *));
env.envp[len] = '\0';
}
/*
* Check input for ' ', '<', '>'
* pause, slow, fast
*/
static void
check_input(int ttyfd, double *speed)
{
fd_set *fdsr;
int nready, paused = 0;
struct timeval tv;
char ch;
ssize_t n;
fdsr = (fd_set *)emalloc2(howmany(ttyfd + 1, NFDBITS), sizeof(fd_mask));
for (;;) {
FD_SET(ttyfd, fdsr);
tv.tv_sec = 0;
tv.tv_usec = 0;
nready = select(ttyfd + 1, fdsr, NULL, NULL, paused ? NULL : &tv);
if (nready != 1)
break;
n = read(ttyfd, &ch, 1);
if (n == 1) {
if (paused) {
paused = 0;
continue;
}
switch (ch) {
case ' ':
paused = 1;
break;
case '<':
*speed /= 2;
break;
case '>':
*speed *= 2;
break;
}
}
}
free(fdsr);
}
/*
* Like execve(2) but falls back to running through /bin/sh
* ala execvp(3) if we get ENOEXEC.
*/
int
sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec)
{
/* Modify the environment as needed to disable further execve(). */
if (noexec)
envp = disable_execute(envp);
execve(path, argv, envp);
if (errno == ENOEXEC) {
int argc;
char **nargv;
for (argc = 0; argv[argc] != NULL; argc++)
continue;
nargv = emalloc2(argc + 2, sizeof(char *));
nargv[0] = "sh";
nargv[1] = (char *)path;
memcpy(nargv + 2, argv + 1, argc * sizeof(char *));
execve(_PATH_BSHELL, nargv, envp);
efree(nargv);
}
return -1;
}
/* Reset user_groups based on passwd entry. */
static void
reset_groups(struct passwd *pw)
{
#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
if (pw != sudo_user.pw) {
# ifdef HAVE_SETAUTHDB
aix_setauthdb(pw->pw_name);
# endif
if (initgroups(pw->pw_name, pw->pw_gid) == -1)
log_error(USE_ERRNO|MSG_ONLY, "can't reset group vector");
efree(user_groups);
user_groups = NULL;
if ((user_ngroups = getgroups(0, NULL)) > 0) {
user_groups = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
if (getgroups(user_ngroups, user_groups) < 0)
log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
}
# ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
# endif
}
#endif
}
static int
sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
char **command_infop[], char **argv_out[], char **user_env_out[])
{
static char *command_info[32]; /* XXX */
char **edit_argv = NULL;
struct sudo_nss *nss;
int cmnd_status = -1, validated;
volatile int info_len = 0;
volatile int rval = TRUE;
if (sigsetjmp(error_jmp, 1)) {
/* error recovery via error(), errorx() or log_error() */
rval = -1;
goto done;
}
/* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) {
warningx(_("sudoers specifies that root is not allowed to sudo"));
goto bad;
}
/* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (!def_closefrom_override) {
warningx(_("you are not permitted to use the -C option"));
goto bad;
}
def_closefrom = user_closefrom;
}
set_perms(PERM_INITIAL);
/* Environment variables specified on the command line. */
if (env_add != NULL && env_add[0] != NULL)
sudo_user.env_vars = env_add;
/*
* Make a local copy of argc/argv, with special handling
* for pseudo-commands and the '-i' option.
*/
if (argc == 0) {
NewArgc = 1;
NewArgv = emalloc2(NewArgc + 1, sizeof(char *));
NewArgv[0] = user_cmnd;
NewArgv[1] = NULL;
} else {
/* Must leave an extra slot before NewArgv for bash's --login */
NewArgc = argc;
NewArgv = emalloc2(NewArgc + 2, sizeof(char *));
memcpy(++NewArgv, argv, argc * sizeof(char *));
NewArgv[NewArgc] = NULL;
if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
NewArgv[0] = estrdup(runas_pw->pw_shell);
}
/* If given the -P option, set the "preserve_groups" flag. */
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
def_preserve_groups = TRUE;
/* Find command in path */
cmnd_status = set_cmnd();
if (cmnd_status == -1) {
rval = -1;
goto done;
}
#ifdef HAVE_SETLOCALE
if (!setlocale(LC_ALL, def_sudoers_locale)) {
warningx(_("unable to set locale to \"%s\", using \"C\""),
def_sudoers_locale);
setlocale(LC_ALL, "C");
}
#endif
/*
* Check sudoers sources.
*/
validated = FLAG_NO_USER | FLAG_NO_HOST;
tq_foreach_fwd(snl, nss) {
validated = nss->lookup(nss, validated, pwflag);
if (ISSET(validated, VALIDATE_OK)) {
/* Handle "= auth" in netsvc.conf */
if (nss->ret_if_found)
break;
} else {
/* Handle [NOTFOUND=return] */
if (nss->ret_if_notfound)
break;
}
}
/*
* Build a new environment and ether clear potentially dangerous
* variables from the old one or start with a clean slate.
* Also adds sudo-specific variables (SUDO_*).
*/
void
rebuild_env(void)
{
char **old_envp, **ep, *cp, *ps1;
char idbuf[MAX_UID_T_LEN];
unsigned int didvar;
int reset_home = FALSE;
/*
* Either clean out the environment or reset to a safe default.
*/
ps1 = NULL;
didvar = 0;
env.env_len = 0;
env.env_size = 128;
old_envp = env.envp;
env.envp = emalloc2(env.env_size, sizeof(char *));
#ifdef ENV_DEBUG
memset(env.envp, 0, env.env_size * sizeof(char *));
#endif
/* Reset HOME based on target user if configured to. */
if (ISSET(sudo_mode, MODE_RUN)) {
if (def_always_set_home ||
ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) ||
(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
reset_home = TRUE;
}
if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
/* Pull in vars we want to keep from the old environment. */
for (ep = old_envp; *ep; ep++) {
int keepit;
/* Skip variables with values beginning with () (bash functions) */
if ((cp = strchr(*ep, '=')) != NULL) {
if (strncmp(cp, "=() ", 3) == 0)
continue;
}
/*
* First check certain variables for '%' and '/' characters.
* If no match there, check the keep list.
* If nothing matched, we remove it from the environment.
*/
keepit = matches_env_check(*ep);
if (keepit == -1)
keepit = matches_env_keep(*ep);
/* For SUDO_PS1 -> PS1 conversion. */
if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
ps1 = *ep + 5;
if (keepit) {
/* Preserve variable. */
switch (**ep) {
case 'H':
if (strncmp(*ep, "HOME=", 5) == 0)
SET(didvar, DID_HOME);
break;
case 'L':
if (strncmp(*ep, "LOGNAME=", 8) == 0)
SET(didvar, DID_LOGNAME);
break;
case 'M':
if (strncmp(*ep, "MAIL=", 5) == 0)
SET(didvar, DID_MAIL);
break;
case 'P':
if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH);
break;
case 'S':
if (strncmp(*ep, "SHELL=", 6) == 0)
SET(didvar, DID_SHELL);
break;
case 'T':
if (strncmp(*ep, "TERM=", 5) == 0)
SET(didvar, DID_TERM);
break;
case 'U':
if (strncmp(*ep, "USER="******"USERNAME="******"SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
sudo_setenv("LOGNAME", runas_pw->pw_name,
ISSET(didvar, DID_LOGNAME));
sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
sudo_setenv("USERNAME", runas_pw->pw_name,
ISSET(didvar, DID_USERNAME));
} else {
if (!ISSET(didvar, DID_SHELL))
sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
if (!ISSET(didvar, DID_LOGNAME))
sudo_setenv("LOGNAME", user_name, FALSE);
if (!ISSET(didvar, DID_USER))
sudo_setenv("USER", user_name, FALSE);
if (!ISSET(didvar, DID_USERNAME))
sudo_setenv("USERNAME", user_name, FALSE);
}
/* If we didn't keep HOME, reset it based on target user. */
if (!ISSET(didvar, KEPT_HOME))
reset_home = TRUE;
/*
* Set MAIL to target user in -i mode or if MAIL is not preserved
* from user's environment.
*/
if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
cp = _PATH_MAILDIR;
if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
else
easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
}
} else {
/*
* Copy environ entries as long as they don't match env_delete or
* env_check.
*/
for (ep = old_envp; *ep; ep++) {
int okvar;
/* Skip variables with values beginning with () (bash functions) */
if ((cp = strchr(*ep, '=')) != NULL) {
if (strncmp(cp, "=() ", 3) == 0)
continue;
}
/*
* First check variables against the blacklist in env_delete.
* If no match there check for '%' and '/' characters.
*/
okvar = matches_env_delete(*ep) != TRUE;
if (okvar)
okvar = matches_env_check(*ep) != FALSE;
if (okvar) {
if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
ps1 = *ep + 5;
else if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH);
else if (strncmp(*ep, "TERM=", 5) == 0)
SET(didvar, DID_TERM);
sudo_putenv(*ep, FALSE, FALSE);
}
}
}
/* Replace the PATH envariable with a secure one? */
if (def_secure_path && !user_is_exempt()) {
sudo_setenv("PATH", def_secure_path, TRUE);
SET(didvar, DID_PATH);
}
/*
* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is not
* disabled. We skip this if we are running a login shell (because
* they have already been set them) or sudoedit (because we want the
* editor to find the user's startup files).
*/
if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL|MODE_EDIT)) {
if (!ISSET(didvar, KEPT_LOGNAME))
sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
if (!ISSET(didvar, KEPT_USER))
sudo_setenv("USER", runas_pw->pw_name, TRUE);
if (!ISSET(didvar, KEPT_USERNAME))
sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
}
/* Set $HOME to target user if not preserving user's value. */
if (reset_home)
sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
/* Provide default values for $TERM and $PATH if they are not set. */
if (!ISSET(didvar, DID_TERM))
sudo_putenv("TERM=unknown", FALSE, FALSE);
if (!ISSET(didvar, DID_PATH))
sudo_setenv("PATH", _PATH_STDPATH, FALSE);
/* Set PS1 if SUDO_PS1 is set. */
if (ps1 != NULL)
sudo_putenv(ps1, TRUE, TRUE);
/* Add the SUDO_COMMAND envariable (cmnd + args). */
if (user_args) {
easprintf(&cp, "%s %s", user_cmnd, user_args);
sudo_setenv("SUDO_COMMAND", cp, TRUE);
efree(cp);
} else {
sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
}
/* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
sudo_setenv("SUDO_USER", user_name, TRUE);
snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int) user_uid);
sudo_setenv("SUDO_UID", idbuf, TRUE);
snprintf(idbuf, sizeof(idbuf), "%u", (unsigned int) user_gid);
sudo_setenv("SUDO_GID", idbuf, TRUE);
/* Free old environment. */
efree(old_envp);
}
/*
* Allocate and fill in the interfaces global variable with the
* machine's ip addresses and netmasks.
*/
void
load_interfaces()
{
struct ifaddrs *ifa, *ifaddrs;
struct sockaddr_in *sin;
#ifdef HAVE_IN6_ADDR
struct sockaddr_in6 *sin6;
#endif
int i;
if (getifaddrs(&ifaddrs))
return;
/* Allocate space for the interfaces list. */
for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
case AF_INET:
#ifdef HAVE_IN6_ADDR
case AF_INET6:
#endif
num_interfaces++;
break;
}
}
if (num_interfaces == 0)
return;
interfaces =
(struct interface *) emalloc2(num_interfaces, sizeof(struct interface));
/* Store the ip addr / netmask pairs. */
for (ifa = ifaddrs, i = 0; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
case AF_INET:
sin = (struct sockaddr_in *)ifa->ifa_addr;
if (sin == NULL)
continue;
memcpy(&interfaces[i].addr, &sin->sin_addr,
sizeof(struct in_addr));
sin = (struct sockaddr_in *)ifa->ifa_netmask;
if (sin == NULL)
continue;
memcpy(&interfaces[i].netmask, &sin->sin_addr,
sizeof(struct in_addr));
interfaces[i].family = AF_INET;
i++;
break;
#ifdef HAVE_IN6_ADDR
case AF_INET6:
sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
if (sin6 == NULL)
continue;
memcpy(&interfaces[i].addr, &sin6->sin6_addr,
sizeof(struct in6_addr));
sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask;
if (sin6 == NULL)
continue;
memcpy(&interfaces[i].netmask, &sin6->sin6_addr,
sizeof(struct in6_addr));
interfaces[i].family = AF_INET6;
i++;
break;
#endif /* HAVE_IN6_ADDR */
}
}
#ifdef HAVE_FREEIFADDRS
freeifaddrs(ifaddrs);
#else
efree(ifaddrs);
#endif
}
/*
* Allocate and fill in the interfaces global variable with the
* machine's ip addresses and netmasks.
*/
void
load_interfaces()
{
struct ifconf *ifconf;
struct ifreq *ifr, ifr_tmp;
struct sockaddr_in *sin;
int sock, n, i;
size_t len = sizeof(struct ifconf) + BUFSIZ;
char *previfname = "", *ifconf_buf = NULL;
#ifdef _ISC
struct strioctl strioctl;
#endif /* _ISC */
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0)
error(1, "cannot open socket");
/*
* Get interface configuration or return (leaving num_interfaces == 0)
*/
for (;;) {
ifconf_buf = erealloc(ifconf_buf, len);
ifconf = (struct ifconf *) ifconf_buf;
ifconf->ifc_len = len - sizeof(struct ifconf);
ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf));
#ifdef _ISC
STRSET(SIOCGIFCONF, (caddr_t) ifconf, len);
if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) {
#else
/* Note that some kernels return EINVAL if the buffer is too small */
if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0 && errno != EINVAL) {
#endif /* _ISC */
efree(ifconf_buf);
(void) close(sock);
return;
}
/* Break out of loop if we have a big enough buffer. */
if (ifconf->ifc_len + sizeof(struct ifreq) < len)
break;
len += BUFSIZ;
}
/* Allocate space for the maximum number of interfaces that could exist. */
if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0)
return;
interfaces = (struct interface *) emalloc2(n, sizeof(struct interface));
/* For each interface, store the ip address and netmask. */
for (i = 0; i < ifconf->ifc_len; ) {
/* Get a pointer to the current interface. */
ifr = (struct ifreq *) &ifconf->ifc_buf[i];
/* Set i to the subscript of the next interface. */
i += sizeof(struct ifreq);
#ifdef HAVE_SA_LEN
if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr))
i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr);
#endif /* HAVE_SA_LEN */
/* Skip duplicates and interfaces with NULL addresses. */
sin = (struct sockaddr_in *) &ifr->ifr_addr;
if (sin->sin_addr.s_addr == 0 ||
strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0)
continue;
if (ifr->ifr_addr.sa_family != AF_INET)
continue;
#ifdef SIOCGIFFLAGS
zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0)
#endif
ifr_tmp = *ifr;
/* Skip interfaces marked "down" and "loopback". */
if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) ||
ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK))
continue;
sin = (struct sockaddr_in *) &ifr->ifr_addr;
interfaces[num_interfaces].addr.ip4.s_addr = sin->sin_addr.s_addr;
/* Stash the name of the interface we saved. */
previfname = ifr->ifr_name;
/* Get the netmask. */
zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
#ifdef SIOCGIFNETMASK
#ifdef _ISC
STRSET(SIOCGIFNETMASK, (caddr_t) &ifr_tmp, sizeof(ifr_tmp));
if (ioctl(sock, I_STR, (caddr_t) &strioctl) == 0) {
#else
if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifr_tmp) == 0) {
#endif /* _ISC */
sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr;
interfaces[num_interfaces].netmask.ip4.s_addr = sin->sin_addr.s_addr;
} else {
#else
{
#endif /* SIOCGIFNETMASK */
if (IN_CLASSC(interfaces[num_interfaces].addr.ip4.s_addr))
interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSC_NET);
else if (IN_CLASSB(interfaces[num_interfaces].addr.ip4.s_addr))
interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSB_NET);
else
interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSA_NET);
}
/* Only now can we be sure it was a good/interesting interface. */
interfaces[num_interfaces].family = AF_INET;
num_interfaces++;
}
/* If the expected size < real size, realloc the array. */
if (n != num_interfaces) {
if (num_interfaces != 0)
interfaces = (struct interface *) erealloc3(interfaces,
num_interfaces, sizeof(struct interface));
else
efree(interfaces);
}
efree(ifconf_buf);
(void) close(sock);
}
#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */
/*
* Stub function for those without SIOCGIFCONF
*/
void
load_interfaces()
{
return;
}
#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */
void
dump_interfaces()
{
int i;
#ifdef HAVE_IN6_ADDR
char addrbuf[INET6_ADDRSTRLEN], maskbuf[INET6_ADDRSTRLEN];
#endif
puts("Local IP address and netmask pairs:");
for (i = 0; i < num_interfaces; i++) {
switch(interfaces[i].family) {
case AF_INET:
printf("\t%s / ", inet_ntoa(interfaces[i].addr.ip4));
puts(inet_ntoa(interfaces[i].netmask.ip4));
break;
#ifdef HAVE_IN6_ADDR
case AF_INET6:
inet_ntop(AF_INET6, &interfaces[i].addr.ip6,
addrbuf, sizeof(addrbuf));
inet_ntop(AF_INET6, &interfaces[i].netmask.ip6,
maskbuf, sizeof(maskbuf));
printf("\t%s / %s\n", addrbuf, maskbuf);
break;
#endif /* HAVE_IN6_ADDR */
}
}
}
/*
* Load the specified plugin and run its init function.
* Returns -1 if unable to open the plugin, else it returns
* the value from the plugin's init function.
*/
int
group_plugin_load(char *plugin_info)
{
struct stat sb;
char *args, path[PATH_MAX];
char **argv = NULL;
int len, rc = -1;
debug_decl(group_plugin_load, SUDO_DEBUG_UTIL)
/*
* Fill in .so path and split out args (if any).
*/
if ((args = strpbrk(plugin_info, " \t")) != NULL) {
len = snprintf(path, sizeof(path), "%s%.*s",
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "",
(int)(args - plugin_info), plugin_info);
args++;
} else {
len = snprintf(path, sizeof(path), "%s%s",
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
}
if (len <= 0 || len >= sizeof(path)) {
errno = ENAMETOOLONG;
warning("%s%s",
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
goto done;
}
/* Sanity check plugin path. */
if (stat(path, &sb) != 0) {
warning("%s", path);
goto done;
}
if (sb.st_uid != ROOT_UID) {
warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
warningx(_("%s must only be writable by owner"), path);
goto done;
}
/* Open plugin and map in symbol. */
group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!group_handle) {
warningx(_("unable to dlopen %s: %s"), path, dlerror());
goto done;
}
group_plugin = dlsym(group_handle, "group_plugin");
if (group_plugin == NULL) {
warningx(_("unable to find symbol \"group_plugin\" in %s"), path);
goto done;
}
if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
warningx(_("%s: incompatible group plugin major version %d, expected %d"),
path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
GROUP_API_VERSION_MAJOR);
goto done;
}
/*
* Split args into a vector if specified.
*/
if (args != NULL) {
int ac = 0;
bool wasblank = true;
char *cp;
for (cp = args; *cp != '\0'; cp++) {
if (isblank((unsigned char)*cp)) {
wasblank = true;
} else if (wasblank) {
wasblank = false;
ac++;
}
}
if (ac != 0) {
argv = emalloc2(ac, sizeof(char *));
ac = 0;
for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
argv[ac++] = cp;
}
}
rc = (group_plugin->init)(GROUP_API_VERSION, sudo_printf, argv);
done:
efree(argv);
if (rc != true) {
if (group_handle != NULL) {
dlclose(group_handle);
group_handle = NULL;
group_plugin = NULL;
}
}
debug_return_bool(rc);
}
int
main(int argc, char *argv[])
{
int ch, idx, plen, nready, interactive = 0, listonly = 0;
const char *id, *user = NULL, *pattern = NULL, *tty = NULL, *decimal = ".";
char path[PATH_MAX], buf[LINE_MAX], *cp, *ep;
double seconds, to_wait, speed = 1.0, max_wait = 0;
FILE *lfile;
fd_set *fdsw;
sigaction_t sa;
size_t len, nbytes, nread, off;
ssize_t nwritten;
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
setprogname(argc > 0 ? argv[0] : "sudoreplay");
#endif
#ifdef HAVE_SETLOCALE
setlocale(LC_ALL, "");
decimal = localeconv()->decimal_point;
#endif
while ((ch = getopt(argc, argv, "d:f:hlm:s:V")) != -1) {
switch(ch) {
case 'd':
session_dir = optarg;
break;
case 'f':
/* Set the replay filter. */
replay_filter = 0;
for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) {
if (strcmp(cp, "stdout") == 0)
SET(replay_filter, 1 << IOFD_STDOUT);
else if (strcmp(cp, "stderr") == 0)
SET(replay_filter, 1 << IOFD_STDERR);
else if (strcmp(cp, "ttyout") == 0)
SET(replay_filter, 1 << IOFD_TTYOUT);
else
errorx(1, "invalid filter option: %s", optarg);
}
break;
case 'h':
help();
/* NOTREACHED */
case 'l':
listonly = 1;
break;
case 'm':
errno = 0;
max_wait = strtod(optarg, &ep);
if (*ep != '\0' || errno != 0)
errorx(1, "invalid max wait: %s", optarg);
break;
case 's':
errno = 0;
speed = strtod(optarg, &ep);
if (*ep != '\0' || errno != 0)
errorx(1, "invalid speed factor: %s", optarg);
break;
case 'V':
(void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION);
exit(0);
default:
usage(1);
/* NOTREACHED */
}
}
argc -= optind;
argv += optind;
if (listonly)
exit(list_sessions(argc, argv, pattern, user, tty));
if (argc != 1)
usage(1);
/* 6 digit ID in base 36, e.g. 01G712AB */
id = argv[0];
if (!VALID_ID(id))
errorx(1, "invalid ID %s", id);
plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing",
session_dir, id, &id[2], &id[4]);
if (plen <= 0 || plen >= sizeof(path))
errorx(1, "%s/%.2s/%.2s/%.2s/%.2s/timing: %s", session_dir,
id, &id[2], &id[4], strerror(ENAMETOOLONG));
plen -= 7;
/* Open files for replay, applying replay filter for the -f flag. */
for (idx = 0; idx < IOFD_MAX; idx++) {
if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) {
io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]);
if (io_fds[idx].v == NULL)
error(1, "unable to open %s", path);
}
}
/* Read log file. */
path[plen] = '\0';
strlcat(path, "/log", sizeof(path));
lfile = fopen(path, "r");
if (lfile == NULL)
error(1, "unable to open %s", path);
cp = NULL;
len = 0;
/* Pull out command (third line). */
if (getline(&cp, &len, lfile) == -1 ||
getline(&cp, &len, lfile) == -1 ||
getline(&cp, &len, lfile) == -1) {
errorx(1, "invalid log file %s", path);
}
printf("Replaying sudo session: %s", cp);
free(cp);
fclose(lfile);
fflush(stdout);
zero_bytes(&sa, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESETHAND;
sa.sa_handler = cleanup;
(void) sigaction(SIGINT, &sa, NULL);
(void) sigaction(SIGKILL, &sa, NULL);
(void) sigaction(SIGTERM, &sa, NULL);
(void) sigaction(SIGHUP, &sa, NULL);
sa.sa_flags = SA_RESTART;
sa.sa_handler = SIG_IGN;
(void) sigaction(SIGTSTP, &sa, NULL);
(void) sigaction(SIGQUIT, &sa, NULL);
/* XXX - read user input from /dev/tty and set STDOUT to raw if not a pipe */
/* Set stdin to raw mode if it is a tty */
interactive = isatty(STDIN_FILENO);
if (interactive) {
ch = fcntl(STDIN_FILENO, F_GETFL, 0);
if (ch != -1)
(void) fcntl(STDIN_FILENO, F_SETFL, ch | O_NONBLOCK);
if (!term_raw(STDIN_FILENO, 1))
error(1, "cannot set tty to raw mode");
}
fdsw = (fd_set *)emalloc2(howmany(STDOUT_FILENO + 1, NFDBITS),
sizeof(fd_mask));
/*
* Timing file consists of line of the format: "%f %d\n"
*/
#ifdef HAVE_ZLIB_H
while (gzgets(io_fds[IOFD_TIMING].g, buf, sizeof(buf)) != NULL) {
#else
while (fgets(buf, sizeof(buf), io_fds[IOFD_TIMING].f) != NULL) {
#endif
if (!parse_timing(buf, decimal, &idx, &seconds, &nbytes))
errorx(1, "invalid timing file line: %s", buf);
if (interactive)
check_input(STDIN_FILENO, &speed);
/* Adjust delay using speed factor and clamp to max_wait */
to_wait = seconds / speed;
if (max_wait && to_wait > max_wait)
to_wait = max_wait;
delay(to_wait);
/* Even if we are not relaying, we still have to delay. */
if (io_fds[idx].v == NULL)
continue;
/* All output is sent to stdout. */
while (nbytes != 0) {
if (nbytes > sizeof(buf))
len = sizeof(buf);
else
len = nbytes;
#ifdef HAVE_ZLIB_H
nread = gzread(io_fds[idx].g, buf, len);
#else
nread = fread(buf, 1, len, io_fds[idx].f);
#endif
nbytes -= nread;
off = 0;
do {
/* no stdio, must be unbuffered */
nwritten = write(STDOUT_FILENO, buf + off, nread - off);
if (nwritten == -1) {
if (errno == EINTR)
continue;
if (errno == EAGAIN) {
FD_SET(STDOUT_FILENO, fdsw);
do {
nready = select(STDOUT_FILENO + 1, NULL, fdsw, NULL, NULL);
} while (nready == -1 && errno == EINTR);
if (nready == 1)
continue;
}
error(1, "writing to standard output");
}
off += nwritten;
} while (nread > off);
}
}
term_restore(STDIN_FILENO, 1);
exit(0);
}
static void
delay(double secs)
{
struct timespec ts, rts;
int rval;
/*
* Typical max resolution is 1/HZ but we can't portably check that.
* If the interval is small enough, just ignore it.
*/
if (secs < 0.0001)
return;
rts.tv_sec = secs;
rts.tv_nsec = (secs - (double) rts.tv_sec) * 1000000000.0;
do {
memcpy(&ts, &rts, sizeof(ts));
rval = nanosleep(&ts, &rts);
} while (rval == -1 && errno == EINTR);
if (rval == -1)
error(1, "nanosleep: tv_sec %ld, tv_nsec %ld", ts.tv_sec, ts.tv_nsec);
}
static void *
open_io_fd(char *path, int len, const char *suffix)
{
path[len] = '\0';
strlcat(path, suffix, PATH_MAX);
#ifdef HAVE_ZLIB_H
return gzopen(path, "r");
#else
return fopen(path, "r");
#endif
}
/*
* Command line argument parsing.
* Sets nargc and nargv which corresponds to the argc/argv we'll use
* for the command to be run (if we are running one).
*/
int
parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
char ***env_addp)
{
int mode = 0; /* what mode is sudo to be run in? */
int flags = 0; /* mode flags */
int valid_flags, ch;
int i, j;
char *cp, **env_add, **settings;
int nenv = 0;
int env_size = 32;
env_add = emalloc2(env_size, sizeof(char *));
/* Pass progname to plugin so it can call setprogname() */
sudo_settings[ARG_PROGNAME].value = getprogname();
/* First, check to see if we were invoked as "sudoedit". */
if (strcmp(getprogname(), "sudoedit") == 0) {
mode = MODE_EDIT;
sudo_settings[ARG_SUDOEDIT].value = "true";
}
/* Load local IP addresses and masks. */
if (get_net_ifs(&cp) > 0)
sudo_settings[ARG_NET_ADDRS].value = cp;
/* Returns true if the last option string was "--" */
#define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \
argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0')
/* Returns true if next option is an environment variable */
#define is_envar (optind < argc && argv[optind][0] != '/' && \
strchr(argv[optind], '=') != NULL)
/* Flags allowed when running a command */
valid_flags = MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|
MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL;
/* XXX - should fill in settings at the end to avoid dupes */
for (;;) {
/*
* We disable arg permutation for GNU getopt().
* Some trickiness is required to allow environment variables
* to be interspersed with command line options.
*/
if ((ch = getopt(argc, argv, "+Aa:bC:c:D:Eeg:HhiKklnPp:r:Sst:U:u:Vv")) != -1) {
switch (ch) {
case 'A':
SET(tgetpass_flags, TGP_ASKPASS);
break;
#ifdef HAVE_BSD_AUTH_H
case 'a':
sudo_settings[ARG_BSDAUTH_TYPE].value = optarg;
break;
#endif
case 'b':
SET(flags, MODE_BACKGROUND);
break;
case 'C':
if (atoi(optarg) < 3) {
warningx(_("the argument to -C must be a number greater than or equal to 3"));
usage(1);
}
sudo_settings[ARG_CLOSEFROM].value = optarg;
break;
#ifdef HAVE_LOGIN_CAP_H
case 'c':
sudo_settings[ARG_LOGIN_CLASS].value = optarg;
break;
#endif
case 'D':
if ((debug_level = atoi(optarg)) < 1 || debug_level > 9) {
warningx(_("the argument to -D must be between 1 and 9 inclusive"));
usage(1);
}
sudo_settings[ARG_DEBUG_LEVEL].value = optarg;
break;
case 'E':
sudo_settings[ARG_PRESERVE_ENVIRONMENT].value = "true";
break;
case 'e':
if (mode && mode != MODE_EDIT)
usage_excl(1);
mode = MODE_EDIT;
sudo_settings[ARG_SUDOEDIT].value = "true";
valid_flags = MODE_NONINTERACTIVE;
break;
case 'g':
runas_group = optarg;
sudo_settings[ARG_RUNAS_GROUP].value = optarg;
break;
case 'H':
sudo_settings[ARG_SET_HOME].value = "true";
break;
case 'h':
if (mode && mode != MODE_HELP) {
if (strcmp(getprogname(), "sudoedit") != 0)
usage_excl(1);
}
mode = MODE_HELP;
valid_flags = 0;
break;
case 'i':
sudo_settings[ARG_LOGIN_SHELL].value = "true";
SET(flags, MODE_LOGIN_SHELL);
break;
case 'k':
sudo_settings[ARG_IGNORE_TICKET].value = "true";
break;
case 'K':
sudo_settings[ARG_IGNORE_TICKET].value = "true";
if (mode && mode != MODE_KILL)
usage_excl(1);
mode = MODE_KILL;
valid_flags = 0;
break;
case 'l':
if (mode) {
if (mode == MODE_LIST)
SET(flags, MODE_LONG_LIST);
else
usage_excl(1);
}
mode = MODE_LIST;
valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST;
break;
case 'n':
SET(flags, MODE_NONINTERACTIVE);
sudo_settings[ARG_NONINTERACTIVE].value = "true";
break;
case 'P':
sudo_settings[ARG_PRESERVE_GROUPS].value = "true";
break;
case 'p':
sudo_settings[ARG_PROMPT].value = optarg;
break;
#ifdef HAVE_SELINUX
case 'r':
sudo_settings[ARG_SELINUX_ROLE].value = optarg;
break;
case 't':
sudo_settings[ARG_SELINUX_TYPE].value = optarg;
break;
#endif
case 'S':
SET(tgetpass_flags, TGP_STDIN);
break;
case 's':
sudo_settings[ARG_USER_SHELL].value = "true";
SET(flags, MODE_SHELL);
break;
case 'U':
if ((getpwnam(optarg)) == NULL)
errorx(1, _("unknown user: %s"), optarg);
list_user = optarg;
break;
case 'u':
runas_user = optarg;
sudo_settings[ARG_RUNAS_USER].value = optarg;
break;
case 'v':
if (mode && mode != MODE_VALIDATE)
usage_excl(1);
mode = MODE_VALIDATE;
valid_flags = MODE_NONINTERACTIVE;
break;
case 'V':
if (mode && mode != MODE_VERSION)
usage_excl(1);
mode = MODE_VERSION;
valid_flags = 0;
break;
default:
usage(1);
}
} else if (!got_end_of_args && is_envar) {
if (nenv == env_size - 2) {
env_size *= 2;
env_add = erealloc3(env_add, env_size, sizeof(char *));
}
env_add[nenv++] = argv[optind];
/* Crank optind and resume getopt. */
optind++;
} else {
/* Not an option or an environment variable -- we're done. */
break;
}
}
env_add[nenv] = NULL;
argc -= optind;
argv += optind;
if (!mode) {
/* Defer -k mode setting until we know whether it is a flag or not */
if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) {
if (argc == 0) {
mode = MODE_INVALIDATE; /* -k by itself */
sudo_settings[ARG_IGNORE_TICKET].value = NULL;
valid_flags = 0;
}
}
if (!mode)
mode = MODE_RUN; /* running a command */
}
if (argc > 0 && mode == MODE_LIST)
mode = MODE_CHECK;
if (ISSET(flags, MODE_LOGIN_SHELL)) {
if (ISSET(flags, MODE_SHELL)) {
warningx(_("you may not specify both the `-i' and `-s' options"));
usage(1);
}
if (ISSET(flags, MODE_PRESERVE_ENV)) {
warningx(_("you may not specify both the `-i' and `-E' options"));
usage(1);
}
SET(flags, MODE_SHELL);
}
if ((flags & valid_flags) != flags)
usage(1);
if (mode == MODE_EDIT &&
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
if (ISSET(mode, MODE_PRESERVE_ENV))
warningx(_("the `-E' option is not valid in edit mode"));
if (env_add[0] != NULL)
warningx(_("you may not specify environment variables in edit mode"));
usage(1);
}
if ((runas_user != NULL || runas_group != NULL) &&
!ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK | MODE_VALIDATE)) {
usage(1);
}
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
warningx(_("the `-U' option may only be used with the `-l' option"));
usage(1);
}
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
warningx(_("the `-A' and `-S' options may not be used together"));
usage(1);
}
if ((argc == 0 && mode == MODE_EDIT) ||
(argc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK)))
usage(1);
if (argc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL)) {
SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL));
sudo_settings[ARG_IMPLIED_SHELL].value = "true";
}
if (mode == MODE_HELP)
help();
/*
* For shell mode we need to rewrite argv
*/
if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) {
char **av;
int ac;
if (argc == 0) {
/* just the shell */
ac = argc + 1;
av = emalloc2(ac + 1, sizeof(char *));
memcpy(av + 1, argv, argc * sizeof(char *));
} else {
/* shell -c "command" */
char *cmnd, *src, *dst;
size_t cmnd_size = (size_t) (argv[argc - 1] - argv[0]) +
strlen(argv[argc - 1]) + 1;
cmnd = dst = emalloc2(cmnd_size, 2);
for (av = argv; *av != NULL; av++) {
for (src = *av; *src != '\0'; src++) {
/* quote potential meta characters */
if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-')
*dst++ = '\\';
*dst++ = *src;
}
*dst++ = ' ';
}
if (cmnd != dst)
dst--; /* replace last space with a NUL */
*dst = '\0';
ac = 3;
av = emalloc2(ac + 1, sizeof(char *));
av[1] = "-c";
av[2] = cmnd;
}
av[0] = (char *)user_details.shell; /* plugin may override shell */
av[ac] = NULL;
argv = av;
argc = ac;
}
/*
* Format setting_pairs into settings array.
*/
settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *));
for (i = 0, j = 0; i < NUM_SETTINGS; i++) {
if (sudo_settings[i].value) {
sudo_debug(9, "settings: %s=%s", sudo_settings[i].name,
sudo_settings[i].value);
settings[j] = fmt_string(sudo_settings[i].name,
sudo_settings[i].value);
if (settings[j] == NULL)
errorx(1, _("unable to allocate memory"));
j++;
}
}
settings[j] = NULL;
if (mode == MODE_EDIT) {
#if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID)
/* Must have the command in argv[0]. */
argc++;
argv--;
argv[0] = "sudoedit";
#else
errorx(1, _("sudoedit is not supported on this platform"));
#endif
}
*settingsp = settings;
*env_addp = env_add;
*nargc = argc;
*nargv = argv;
return mode | flags;
}
