static int
audit_role_change(const security_context_t old_context,
const security_context_t new_context, const char *ttyn, int result)
{
int au_fd, rc = -1;
char *message;
debug_decl(audit_role_change, SUDO_DEBUG_SELINUX)
au_fd = audit_open();
if (au_fd == -1) {
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
)
sudo_fatal(U_("unable to open audit system"));
} else {
/* audit role change using the same format as newrole(1) */
rc = asprintf(&message, "newrole: old-context=%s new-context=%s",
old_context, new_context);
if (rc == -1)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
message, NULL, NULL, ttyn, result);
if (rc <= 0)
sudo_warn(U_("unable to send audit message"));
free(message);
close(au_fd);
}
debug_return_int(rc);
}
/*
* Log and audit that user was not allowed to run the command.
*/
bool
log_failure(int status, int flags)
{
bool ret, inform_user = true;
debug_decl(log_failure, SUDOERS_DEBUG_LOGGING)
/* The user doesn't always get to see the log message (path info). */
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
(flags == NOT_FOUND_DOT || flags == NOT_FOUND))
inform_user = false;
ret = log_denial(status, inform_user);
if (!inform_user) {
/*
* We'd like to not leak path info at all here, but that can
* *really* confuse the users. To really close the leak we'd
* have to say "not allowed to run foo" even when the problem
* is just "no foo in path" since the user can trivially set
* their path to just contain a single dir.
*/
if (flags == NOT_FOUND)
sudo_warnx(U_("%s: command not found"), user_cmnd);
else if (flags == NOT_FOUND_DOT)
sudo_warnx(U_("ignoring \"%s\" found in '.'\nUse \"sudo ./%s\" if this is the \"%s\" you wish to run."), user_cmnd, user_cmnd, user_cmnd);
}
debug_return_bool(ret);
}
/*
* This function attempts to revert the relabeling done to the tty.
* fd - referencing the opened ttyn
* ttyn - name of tty to restore
*
* Returns zero on success, non-zero otherwise
*/
int
selinux_restore_tty(void)
{
int retval = 0;
security_context_t chk_tty_context = NULL;
debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX)
if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL)
goto skip_relabel;
/* Verify that the tty still has the context set by sudo. */
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
sudo_warn(U_("unable to fgetfilecon %s"), se_state.ttyn);
goto skip_relabel;
}
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
sudo_warnx(U_("%s changed labels"), se_state.ttyn);
goto skip_relabel;
}
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
sudo_warn(U_("unable to restore context for %s"), se_state.ttyn);
skip_relabel:
if (se_state.ttyfd != -1) {
close(se_state.ttyfd);
se_state.ttyfd = -1;
}
if (chk_tty_context != NULL) {
freecon(chk_tty_context);
chk_tty_context = NULL;
}
debug_return_int(retval);
}
bool
fill_cmnd(const char *src, size_t len)
{
char *dst;
size_t i;
debug_decl(fill_cmnd, SUDOERS_DEBUG_PARSER)
arg_len = arg_size = 0;
dst = sudoerslval.command.cmnd = malloc(len + 1);
if (dst == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
sudoerserror(NULL);
debug_return_bool(false);
}
sudoerslval.command.args = NULL;
/* Copy the string and collapse any escaped sudo-specific characters. */
for (i = 0; i < len; i++) {
if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1]))
*dst++ = src[++i];
else
*dst++ = src[i];
}
*dst = '\0';
debug_return_bool(true);
}
bool
fill_txt(const char *src, size_t len, size_t olen)
{
char *dst;
int h;
debug_decl(fill_txt, SUDOERS_DEBUG_PARSER)
dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1);
if (dst == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
sudoerserror(NULL);
debug_return_bool(false);
}
sudoerslval.string = dst;
/* Copy the string and collapse any escaped characters. */
dst += olen;
while (len--) {
if (*src == '\\' && len) {
if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) {
*dst++ = h;
src += 4;
len -= 3;
} else {
src++;
len--;
*dst++ = *src++;
}
} else {
*dst++ = *src++;
}
}
*dst = '\0';
debug_return_bool(true);
}
void eqnsys<nr_type_t>::givens_apply_u (int c1, int c2,
nr_double_t c, nr_double_t s) {
for (int i = 0; i < N; i++) {
nr_type_t y = U_(i, c1);
nr_type_t z = U_(i, c2);
U_(i, c1) = y * c + z * s;
U_(i, c2) = z * c - y * s;
}
}
/*
* Set the exec and tty contexts in preparation for fork/exec.
* Must run as root, before the uid change.
* If ptyfd is not -1, it indicates we are running
* in a pty and do not need to reset std{in,out,err}.
* Returns 0 on success and -1 on failure.
*/
int
selinux_setup(const char *role, const char *type, const char *ttyn,
int ptyfd)
{
int ret = -1;
debug_decl(selinux_setup, SUDO_DEBUG_SELINUX)
/* Store the caller's SID in old_context. */
if (getprevcon(&se_state.old_context)) {
sudo_warn(U_("failed to get old_context"));
goto done;
}
se_state.enforcing = security_getenforce();
if (se_state.enforcing < 0) {
sudo_warn(U_("unable to determine enforcing mode."));
goto done;
}
#ifdef DEBUG
sudo_warnx("your old context was %s", se_state.old_context);
#endif
se_state.new_context = get_exec_context(se_state.old_context, role, type);
if (!se_state.new_context) {
#ifdef HAVE_LINUX_AUDIT
audit_role_change(se_state.old_context, "?",
se_state.ttyn, 0);
#endif
goto done;
}
if (relabel_tty(ttyn, ptyfd) < 0) {
sudo_warn(U_("unable to set tty context to %s"), se_state.new_context);
goto done;
}
#ifdef DEBUG
if (se_state.ttyfd != -1) {
sudo_warnx("your old tty context is %s", se_state.tty_context);
sudo_warnx("your new tty context is %s", se_state.new_tty_context);
}
#endif
#ifdef HAVE_LINUX_AUDIT
audit_role_change(se_state.old_context, se_state.new_context,
se_state.ttyn, 1);
#endif
ret = 0;
done:
debug_return_int(ret);
}
void
selinux_execve(const char *path, char *const argv[], char *const envp[],
int noexec)
{
char **nargv;
const char *sesh;
int argc, serrno;
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
sesh = sudo_conf_sesh_path();
if (sesh == NULL) {
sudo_warnx("internal error: sesh path not set");
errno = EINVAL;
debug_return;
}
if (setexeccon(se_state.new_context)) {
sudo_warn(U_("unable to set exec context to %s"), se_state.new_context);
if (se_state.enforcing)
debug_return;
}
#ifdef HAVE_SETKEYCREATECON
if (setkeycreatecon(se_state.new_context)) {
sudo_warn(U_("unable to set key creation context to %s"), se_state.new_context);
if (se_state.enforcing)
debug_return;
}
#endif /* HAVE_SETKEYCREATECON */
/*
* Build new argv with sesh as argv[0].
* If argv[0] ends in -noexec, sesh will disable execute
* for the command it runs.
*/
for (argc = 0; argv[argc] != NULL; argc++)
continue;
nargv = sudo_emallocarray(argc + 2, sizeof(char *));
if (noexec)
nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec";
else
nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh";
nargv[1] = (char *)path;
memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */
/* sesh will handle noexec for us. */
sudo_execve(sesh, nargv, envp, false);
serrno = errno;
free(nargv);
errno = serrno;
debug_return;
}
// Error Interrupt Service Routine
void UART_INTFUNC(UART_USED, Err, no_auto_psv)(void)
{
// Clear Interrupt flag
UART_CLR_ERFLAG(UART_USED);
if (UART_IS_OERR(UART_USED))
{ // Overrun FIFO
UART_CLR_OERR(UART_USED); // Clear FIFO and OERR
// No errors at this point (FIFO is empty)
}
else
{ // Frame or parity error - dummy read
int i = UART_READ9(UART_USED);
if (UART_IS_FERR(UART_USED) && (i == 0))
{ // Break character is received:
__asm__("nop"); // TODO: AutoBaud
__asm__("nop"); // Mode can be
__asm__("nop"); // started here
} // Break condition
}
// Calculate errors
++U_(UART_USED, rxerr);
DISPATCH();
}
// Transmitter Interrupt Service Routine
void UART_INTFUNC(UART_USED, TX, no_auto_psv)(void)
{
int i;
// Clear Interrupt flag
UART_CLR_TXFLAG(UART_USED);
switch (QUEBUF_LEN(TXB)) {
case 0: ++U_(UART_USED, txevt);
i = U_TXI_END; break;
case 1: i = U_TXI_READY; break;
default: i = U_TXI_EMPTY; // We'll fill FIFO
} UART_SET_TXI(UART_USED, i);
while (!QUEBUF_EMPTY(TXB))
{ // Load TX queue and fill TX FIFO
if (UART_CAN_WRITE(UART_USED)) {
_QUEBUF_POP(TXB, i);
UART_WRITE(UART_USED, i);
} else break; // FIFO is full
}
if (QUEBUF_EMPTY(TXB)) DISPATCH();
#ifdef __MPLAB_SIM // Poll error bits and set ERFLAG
if (UART_IS_RXERR(UART_USED)) UART_SET_ERFLAG(UART_USED);
#endif // SIM doesn't check receiver errors, but set OERR
}
/*
* Parse a comma-separated list of gids into an allocated array of GETGROUPS_T.
* If a pointer to the base gid is specified, it is stored as the first element
* in the array.
* Returns the number of gids in the allocated array.
*/
int
sudo_parse_gids_v1(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp)
{
int ngids = 0;
GETGROUPS_T *gids;
const char *cp = gidstr;
const char *errstr;
char *ep;
debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL)
/* Count groups. */
if (*cp != '\0') {
ngids++;
do {
if (*cp++ == ',')
ngids++;
} while (*cp != '\0');
}
/* Base gid is optional. */
if (basegid != NULL)
ngids++;
/* Allocate and fill in array. */
if (ngids != 0) {
gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T));
if (gids == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(-1);
}
ngids = 0;
if (basegid != NULL)
gids[ngids++] = *basegid;
cp = gidstr;
do {
gids[ngids] = (GETGROUPS_T) sudo_strtoid(cp, ",", &ep, &errstr);
if (errstr != NULL) {
sudo_warnx(U_("%s: %s"), cp, U_(errstr));
free(gids);
debug_return_int(-1);
}
if (basegid == NULL || gids[ngids] != *basegid)
ngids++;
cp = ep + 1;
} while (*ep != '\0');
*gidsp = gids;
}
debug_return_int(ngids);
}
bool
fill_args(const char *s, size_t len, int addspace)
{
unsigned int new_len;
char *p;
debug_decl(fill_args, SUDOERS_DEBUG_PARSER)
if (arg_size == 0) {
addspace = 0;
new_len = len;
} else
new_len = arg_len + len + addspace;
if (new_len >= arg_size) {
/* Allocate in increments of 128 bytes to avoid excessive realloc(). */
arg_size = (new_len + 1 + 127) & ~127;
p = realloc(sudoerslval.command.args, arg_size);
if (p == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
} else
sudoerslval.command.args = p;
}
/* Efficiently append the arg (with a leading space if needed). */
p = sudoerslval.command.args + arg_len;
if (addspace)
*p++ = ' ';
len = arg_size - (p - sudoerslval.command.args);
if (strlcpy(p, s, len) >= len) {
sudo_warnx(U_("internal error, %s overflow"), __func__);
goto bad;
}
arg_len = new_len;
debug_return_bool(true);
bad:
sudoerserror(NULL);
free(sudoerslval.command.args);
sudoerslval.command.args = NULL;
arg_len = arg_size = 0;
debug_return_bool(false);
}
void sysu_rxpurge(void)
{
DISABLE_MOD(UART, RXINT(UART_USED));
{
// Clear buffer, errors and FIFO
U_(UART_USED, rxerr) = 0; QUEBUF_INIT(RXB);
while (UART_CAN_READ(UART_USED)) UART_READ9(UART_USED);
}
ENABLE_MOD(UART, RXINT(UART_USED));
}
int
linux_audit_command(char *argv[], int result)
{
int au_fd, rc = -1;
char *command, *cp, **av;
size_t size, n;
debug_decl(linux_audit_command, SUDOERS_DEBUG_AUDIT)
/* Don't return an error if auditing is not configured. */
if ((au_fd = linux_audit_open()) < 0)
debug_return_int(au_fd == AUDIT_NOT_CONFIGURED ? 0 : -1);
/* Convert argv to a flat string. */
for (size = 0, av = argv; *av != NULL; av++)
size += strlen(*av) + 1;
command = cp = sudo_emalloc(size);
for (av = argv; *av != NULL; av++) {
n = strlcpy(cp, *av, size - (cp - command));
if (n >= size - (cp - command)) {
sudo_warnx(U_("internal error, %s overflow"), __func__);
goto done;
}
cp += n;
*cp++ = ' ';
}
*--cp = '\0';
/* Log command, ignoring ECONNREFUSED on error. */
if (audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result) <= 0) {
if (errno != ECONNREFUSED) {
sudo_warn(U_("unable to send audit message"));
goto done;
}
}
rc = 0;
done:
sudo_efree(command);
debug_return_int(rc);
}
/*
* Parse the "filename flags,..." debug_flags entry and insert a new
* sudo_debug_file struct into debug_files.
*/
bool
sudoers_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files,
const char *entry)
{
struct sudo_debug_file *debug_file;
const char *filename, *flags;
size_t namelen;
/* Already initialized? */
if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER)
return true;
/* Only process new-style debug flags: filename flags,... */
filename = entry;
if (*filename != '/' || (flags = strpbrk(filename, " \t")) == NULL)
return true;
namelen = (size_t)(flags - filename);
while (isblank((unsigned char)*flags))
flags++;
if (*flags != '\0') {
if ((debug_file = calloc(1, sizeof(*debug_file))) == NULL)
goto oom;
if ((debug_file->debug_file = strndup(filename, namelen)) == NULL)
goto oom;
if ((debug_file->debug_flags = strdup(flags)) == NULL)
goto oom;
TAILQ_INSERT_TAIL(debug_files, debug_file, entries);
}
return true;
oom:
if (debug_file != NULL) {
free(debug_file->debug_file);
free(debug_file->debug_flags);
free(debug_file);
}
sudo_warnx_nodebug(U_("%s: %s"), "sudoers_debug_parse_flags",
U_("unable to allocate memory"));
return false;
}
/*
* securid_init - Initialises communications with ACE server
* Arguments in:
* pw - UNUSED
* auth - sudo authentication structure
*
* Results out:
* auth - auth->data contains pointer to new SecurID handle
* return code - Fatal if initialization unsuccessful, otherwise
* success.
*/
int
sudo_securid_init(struct passwd *pw, sudo_auth *auth)
{
static SDI_HANDLE sd_dat; /* SecurID handle */
debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH)
auth->data = (void *) &sd_dat; /* For method-specific data */
/* Start communications */
if (AceInitialize() != SD_FALSE)
debug_return_int(AUTH_SUCCESS);
sudo_warnx(U_("failed to initialise the ACE API library"));
debug_return_int(AUTH_FATAL);
}
/*
* Open audit connection if possible.
* Returns audit fd on success and -1 on failure.
*/
static int
linux_audit_open(void)
{
static int au_fd = -1;
debug_decl(linux_audit_open, SUDOERS_DEBUG_AUDIT)
if (au_fd != -1)
debug_return_int(au_fd);
au_fd = audit_open();
if (au_fd == -1) {
/* Kernel may not have audit support. */
if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
au_fd = AUDIT_NOT_CONFIGURED;
else
sudo_warn(U_("unable to open audit system"));
} else {
(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
}
debug_return_int(au_fd);
}
int sysu_init(void)
{
sysu_done(); // Disable all
QUEBUF_INIT(RXB); QUEBUF_INIT(TXB);
U_(UART_USED, rxerr) = 0;
UART_INIT(UART_USED, // Try to initialize UART
#if (defined(__MPLAB_SIM) && (UART_USED == 2))
/* =!= It works with UART2 too if set LPBACK here */ U_LPBACK |
#endif // SIM supports UART1 only (SIM: UART1 IO must be enabled)
U_NOPARITY | UART_EN, // 8-bit, no parity; Enabled
U_TXI_READY | U_RXI_ANY | // Defaul event settings
U_TXEN, FCY2BRG(FCY2, 9600), // TX Enabled; 9600 baud
UART_IPL // All interrupts are enabled
); // UART_INIT()
return( sysu_is_init() );
}
// Receiver Interrupt Service Routine
void UART_INTFUNC(UART_USED, RX, no_auto_psv)(void)
{
// Clear Interrupt flag
UART_CLR_RXFLAG(UART_USED);
while (!QUEBUF_FULL(RXB))
{ // Read bytes from FIFO to buffer
if (UART_CAN_READ(UART_USED)) {
// Push received bytes into RX buffer
_QUEBUF_PUSH(RXB, UART_READ8(UART_USED));
} else break; // FIFO is empty
} // while (!QUEBUF_FULL(RXB))
// If receiver queue is full:
// ignore received character
// and leave it into RX FIFO (and ++errors)
if (QUEBUF_FULL(RXB)) ++U_(UART_USED, rxerr);
DISPATCH();
}
void eqnsys<nr_type_t>::substitute_svd (void) {
int c, r;
nr_type_t f;
// calculate U'B
for (c = 0; c < N; c++) {
f = 0.0;
// non-zero result only if S is non-zero
if (S_(c) != 0.0) {
for (r = 0; r < N; r++) f += cond_conj (U_(r, c)) * B_(r);
// this is the divide by S
f /= S_(c);
}
R_(c) = f;
}
// matrix multiply by V to get the final solution
for (r = 0; r < N; r++) {
for (f = 0.0, c = 0; c < N; c++) f += cond_conj (V_(c, r)) * R_(c);
X_(r) = f;
}
}
/*
* Get a password entry by name and allocate space for it.
*/
struct passwd *
sudo_getpwnam(const char *name)
{
struct cache_item key, *item;
struct rbnode *node;
size_t len;
debug_decl(sudo_getpwnam, SUDOERS_DEBUG_NSS)
key.k.name = (char *) name;
if ((node = rbfind(pwcache_byname, &key)) != NULL) {
item = node->data;
goto done;
}
/*
* Cache passwd db entry if it exists or a negative response if not.
*/
#ifdef HAVE_SETAUTHDB
aix_setauthdb((char *) name);
#endif
item = sudo_make_pwitem((uid_t)-1, name);
if (item == NULL) {
len = strlen(name) + 1;
item = sudo_ecalloc(1, sizeof(*item) + len);
item->refcnt = 1;
item->k.name = (char *) item + sizeof(*item);
memcpy(item->k.name, name, len);
/* item->d.pw = NULL; */
}
if (rbinsert(pwcache_byname, item) != NULL) {
/* should not happen */
sudo_warnx(U_("unable to cache user %s, already exists"), name);
item->refcnt = 0;
}
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
done:
item->refcnt++;
debug_return_ptr(item->d.pw);
}
/*
* Get a password entry by uid and allocate space for it.
*/
struct passwd *
sudo_getpwuid(uid_t uid)
{
struct cache_item key, *item;
struct rbnode *node;
debug_decl(sudo_getpwuid, SUDOERS_DEBUG_NSS)
key.k.uid = uid;
if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
item = node->data;
goto done;
}
/*
* Cache passwd db entry if it exists or a negative response if not.
*/
#ifdef HAVE_SETAUTHDB
aix_setauthdb(IDtouser(uid));
#endif
item = sudo_make_pwitem(uid, NULL);
if (item == NULL) {
item = sudo_ecalloc(1, sizeof(*item));
item->refcnt = 1;
item->k.uid = uid;
/* item->d.pw = NULL; */
}
if (rbinsert(pwcache_byuid, item) != NULL) {
/* should not happen */
sudo_warnx(U_("unable to cache uid %u, already exists"),
(unsigned int) uid);
item->refcnt = 0;
}
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
done:
item->refcnt++;
debug_return_ptr(item->d.pw);
}
/*
* securid_setup - Initialises a SecurID transaction and locks out other
* ACE servers
*
* Arguments in:
* pw - struct passwd for username
* promptp - UNUSED
* auth - sudo authentication structure for SecurID handle
*
* Results out:
* return code - Success if transaction started correctly, fatal
* otherwise
*/
int
sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
{
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
int retval;
debug_decl(sudo_securid_setup, SUDOERS_DEBUG_AUTH)
/* Re-initialize SecurID every time. */
if (SD_Init(sd) != ACM_OK) {
sudo_warnx(U_("unable to contact the SecurID server"));
debug_return_int(AUTH_FATAL);
}
/* Lock new PIN code */
retval = SD_Lock(*sd, pw->pw_name);
switch (retval) {
case ACM_OK:
sudo_warnx(U_("User ID locked for SecurID Authentication"));
debug_return_int(AUTH_SUCCESS);
case ACE_UNDEFINED_USERNAME:
sudo_warnx(U_("invalid username length for SecurID"));
debug_return_int(AUTH_FATAL);
case ACE_ERR_INVALID_HANDLE:
sudo_warnx(U_("invalid Authentication Handle for SecurID"));
debug_return_int(AUTH_FATAL);
case ACM_ACCESS_DENIED:
sudo_warnx(U_("SecurID communication failed"));
debug_return_int(AUTH_FATAL);
default:
sudo_warnx(U_("unknown SecurID error"));
debug_return_int(AUTH_FATAL);
}
}
static bool
do_logfile(const char *msg)
{
static bool warned = false;
const char *timestr;
int len, oldlocale;
bool ret = false;
char *full_line;
mode_t oldmask;
FILE *fp;
debug_decl(do_logfile, SUDOERS_DEBUG_LOGGING)
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
oldmask = umask(S_IRWXG|S_IRWXO);
fp = fopen(def_logfile, "a");
(void) umask(oldmask);
if (fp == NULL) {
if (!warned) {
log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG,
N_("unable to open log file: %s"), def_logfile);
warned = true;
}
goto done;
}
if (!sudo_lock_file(fileno(fp), SUDO_LOCK)) {
if (!warned) {
log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG,
N_("unable to lock log file: %s"), def_logfile);
warned = true;
}
goto done;
}
timestr = get_timestr(time(NULL), def_log_year);
if (timestr == NULL)
timestr = "invalid date";
if (def_log_host) {
len = asprintf(&full_line, "%s : %s : HOST=%s : %s",
timestr, user_name, user_srunhost, msg);
} else {
len = asprintf(&full_line, "%s : %s : %s",
timestr, user_name, msg);
}
if (len == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto done;
}
if ((size_t)def_loglinelen < sizeof(LOG_INDENT)) {
/* Don't pretty-print long log file lines (hard to grep). */
(void) fputs(full_line, fp);
(void) fputc('\n', fp);
} else {
/* Write line with word wrap around def_loglinelen chars. */
writeln_wrap(fp, full_line, len, def_loglinelen);
}
free(full_line);
(void) fflush(fp);
if (ferror(fp)) {
if (!warned) {
log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG,
N_("unable to write log file: %s"), def_logfile);
warned = true;
}
goto done;
}
ret = true;
done:
if (fp != NULL)
(void) fclose(fp);
sudoers_setlocale(oldlocale, NULL);
debug_return_bool(ret);
}
/*
* Expand %h and %u escapes (if present) in the prompt and pass back
* the dynamically allocated result.
*/
char *
expand_prompt(const char *old_prompt, const char *auth_user)
{
size_t len, n;
int subst;
const char *p;
char *np, *new_prompt, *endp;
debug_decl(expand_prompt, SUDOERS_DEBUG_AUTH)
/* How much space do we need to malloc for the prompt? */
subst = 0;
for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
if (p[0] =='%') {
switch (p[1]) {
case 'h':
p++;
len += strlen(user_shost) - 2;
subst = 1;
break;
case 'H':
p++;
len += strlen(user_host) - 2;
subst = 1;
break;
case 'p':
p++;
len += strlen(auth_user) - 2;
subst = 1;
break;
case 'u':
p++;
len += strlen(user_name) - 2;
subst = 1;
break;
case 'U':
p++;
len += strlen(runas_pw->pw_name) - 2;
subst = 1;
break;
case '%':
p++;
len--;
subst = 1;
break;
default:
break;
}
}
}
if ((new_prompt = malloc(++len)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_str(NULL);
}
if (subst) {
endp = new_prompt + len;
for (p = old_prompt, np = new_prompt; *p; p++) {
if (p[0] =='%') {
switch (p[1]) {
case 'h':
p++;
n = strlcpy(np, user_shost, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'H':
p++;
n = strlcpy(np, user_host, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'p':
p++;
n = strlcpy(np, auth_user, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'u':
p++;
n = strlcpy(np, user_name, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case 'U':
p++;
n = strlcpy(np, runas_pw->pw_name, np - endp);
if (n >= (size_t)(np - endp))
goto oflow;
np += n;
continue;
case '%':
/* convert %% -> % */
p++;
break;
default:
/* no conversion */
break;
}
}
*np++ = *p;
if (np >= endp)
goto oflow;
}
*np = '\0';
} else {
/* Nothing to expand. */
memcpy(new_prompt, old_prompt, len); /* len includes NUL */
}
debug_return_str(new_prompt);
oflow:
/* We pre-allocate enough space, so this should never happen. */
free(new_prompt);
sudo_warnx(U_("internal error, %s overflow"), __func__);
debug_return_str(NULL);
}
/*
* Exit codes defined in sudo_exec.h:
* SESH_SUCCESS (0) ... successful operation
* SESH_ERR_FAILURE (1) ... unspecified error
* SESH_ERR_INVALID (30) ... invalid -e arg value
* SESH_ERR_BAD_PATHS (31) ... odd number of paths
* SESH_ERR_NO_FILES (32) ... copy error, no files copied
* SESH_ERR_SOME_FILES (33) ... copy error, no files copied
*/
int
main(int argc, char *argv[], char *envp[])
{
int ret;
debug_decl(main, SUDO_DEBUG_MAIN)
initprogname(argc > 0 ? argv[0] : "sesh");
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE_NAME, LOCALEDIR);
textdomain(PACKAGE_NAME);
if (argc < 2)
sudo_fatalx(U_("requires at least one argument"));
/* Read sudo.conf and initialize the debug subsystem. */
if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1)
exit(EXIT_FAILURE);
sudo_debug_register(getprogname(), NULL, NULL,
sudo_conf_debug_files(getprogname()));
if (strcmp(argv[1], "-e") == 0) {
ret = sesh_sudoedit(argc, argv);
} else {
bool login_shell, noexec = false;
char *cp, *cmnd;
int fd = -1;
/* If the first char of argv[0] is '-', we are running a login shell. */
login_shell = argv[0][0] == '-';
/* If argv[0] ends in -noexec, pass the flag to sudo_execve() */
if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0])
noexec = strcmp(cp, "-noexec") == 0;
/* If argv[1] is --execfd=%d, extract the fd to exec with. */
if (strncmp(argv[1], "--execfd=", 9) == 0) {
const char *errstr;
cp = argv[1] + 9;
fd = strtonum(cp, 0, INT_MAX, &errstr);
if (errstr != NULL)
sudo_fatalx(U_("invalid file descriptor number: %s"), cp);
argv++;
argc--;
}
/* Shift argv and make a copy of the command to execute. */
argv++;
argc--;
if ((cmnd = strdup(argv[0])) == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
/* If invoked as a login shell, modify argv[0] accordingly. */
if (login_shell) {
if ((cp = strrchr(argv[0], '/')) == NULL)
sudo_fatal(U_("unable to run %s as a login shell"), argv[0]);
*cp = '-';
argv[0] = cp;
}
sudo_execve(fd, cmnd, argv, envp, noexec);
sudo_warn(U_("unable to execute %s"), cmnd);
ret = SESH_ERR_FAILURE;
}
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, ret);
_exit(ret);
}
static GGadgetCreateData *MakeTransBlock(TransData *td,int bnum,
GGadgetCreateData *gcd, GTextInfo *label, GGadgetCreateData **array) {
int offset = bnum*TBlock_CIDOffset;
gcd[0].gd.pos.x = 5; gcd[0].gd.pos.y = 9;
gcd[0].gd.flags = gg_visible | gg_enabled;
gcd[0].gd.label = &transformtypes[0];
gcd[0].gd.u.list = transformtypes;
gcd[0].gd.cid = CID_Type+offset;
gcd[0].creator = GListButtonCreate;
gcd[0].data = (void *) -1;
gcd[0].gd.handle_controlevent = Trans_TypeChange;
transformtypes[0].selected = true;
label[1].text = (unichar_t *) _("_X");
label[1].text_is_1byte = true;
label[1].text_in_resource = true;
gcd[1].gd.label = &label[1];
gcd[1].gd.pos.x = TBlock_XStart; gcd[1].gd.pos.y = 15;
gcd[1].gd.flags = bnum==0? (gg_enabled|gg_visible) : gg_enabled;
gcd[1].data = (void *) 0x49;
gcd[1].gd.cid = CID_XLab+offset;
gcd[1].creator = GLabelCreate;
label[2].text = (unichar_t *) "0";
label[2].text_is_1byte = true;
gcd[2].gd.label = &label[2];
gcd[2].gd.pos.x = TBlock_XStart+10; gcd[2].gd.pos.y = 9; gcd[2].gd.pos.width = 40;
gcd[2].gd.flags = bnum==0? (gg_enabled|gg_visible) : gg_enabled;
gcd[2].data = (void *) 0x1;
gcd[2].gd.cid = CID_XMove+offset;
gcd[2].creator = GTextFieldCreate;
label[3].text = (unichar_t *) _("_Y");
label[3].text_is_1byte = true;
label[3].text_in_resource = true;
gcd[3].gd.label = &label[3];
gcd[3].gd.pos.x = TBlock_XStart+70; gcd[3].gd.pos.y = 15;
gcd[3].gd.flags = bnum==0? (gg_enabled|gg_visible) : gg_enabled;
gcd[3].data = (void *) 0x49;
gcd[3].gd.cid = CID_YLab+offset;
gcd[3].creator = GLabelCreate;
label[4].text = (unichar_t *) "0";
label[4].text_is_1byte = true;
gcd[4].gd.label = &label[4];
gcd[4].gd.pos.x = TBlock_XStart+80; gcd[4].gd.pos.y = 9; gcd[4].gd.pos.width = 40;
gcd[4].gd.flags = bnum==0? (gg_enabled|gg_visible) : gg_enabled;
gcd[4].data = (void *) 0x1;
gcd[4].gd.cid = CID_YMove+offset;
gcd[4].creator = GTextFieldCreate;
label[5].text = (unichar_t *) "100";
label[5].text_is_1byte = true;
gcd[5].gd.label = &label[5];
gcd[5].gd.pos.x = TBlock_XStart+10; gcd[5].gd.pos.y = 9; gcd[5].gd.pos.width = 40;
gcd[5].gd.flags = gg_enabled;
gcd[5].data = (void *) 0x8;
gcd[5].gd.cid = CID_XScale+offset;
gcd[5].creator = GTextFieldCreate;
label[6].text = (unichar_t *) "100";
label[6].text_is_1byte = true;
gcd[6].gd.label = &label[6];
gcd[6].gd.pos.x = TBlock_XStart+80; gcd[6].gd.pos.y = 9; gcd[6].gd.pos.width = 40;
gcd[6].gd.flags = gg_enabled;
gcd[6].data = (void *) 0x8;
gcd[6].gd.cid = CID_YScale+offset;
gcd[6].creator = GTextFieldCreate;
label[7].text = (unichar_t *) "100";
label[7].text_is_1byte = true;
gcd[7].gd.label = &label[7];
gcd[7].gd.pos.x = TBlock_XStart+10; gcd[7].gd.pos.y = 9; gcd[7].gd.pos.width = 40;
gcd[7].gd.flags = gg_enabled;
gcd[7].data = (void *) 0x4;
gcd[7].gd.cid = CID_Scale+offset;
gcd[7].creator = GTextFieldCreate;
label[8].text = (unichar_t *) U_("° Clockwise");
label[8].text_is_1byte = true;
gcd[8].gd.label = &label[8];
gcd[8].gd.pos.x = TBlock_XStart+53; gcd[8].gd.pos.y = 2; gcd[8].gd.pos.height = 12;
gcd[8].gd.flags = gg_enabled;
gcd[8].data = (void *) 0x22;
gcd[8].gd.cid = CID_Clockwise+offset;
gcd[8].creator = GRadioCreate;
/* GT: Sometimes spelled Widdershins. An old word which means counter clockwise. */
/* GT: I used it because "counter clockwise" took too much space. */
label[9].text = (unichar_t *) U_("° Withershins"); /* deiseal */
label[9].text_is_1byte = true;
gcd[9].gd.label = &label[9];
gcd[9].gd.pos.x = TBlock_XStart+53; gcd[9].gd.pos.y = 17; gcd[9].gd.pos.height = 12;
gcd[9].gd.flags = gg_enabled | gg_cb_on;
gcd[9].data = (void *) 0x22;
gcd[9].gd.cid = CID_CounterClockwise+offset;
gcd[9].creator = GRadioCreate;
label[10].text = (unichar_t *) "180";
label[10].text_is_1byte = true;
gcd[10].gd.label = &label[10];
gcd[10].gd.pos.x = TBlock_XStart+10; gcd[10].gd.pos.y = 9; gcd[10].gd.pos.width = 40;
gcd[10].gd.flags = gg_enabled;
gcd[10].data = (void *) 0x2;
gcd[10].gd.cid = CID_Angle+offset;
gcd[10].creator = GTextFieldCreate;
label[11].text = (unichar_t *) "10"; /* -10 if we default clockwise */
label[11].text_is_1byte = true;
gcd[11].gd.label = &label[11];
gcd[11].gd.pos.x = TBlock_XStart+10; gcd[11].gd.pos.y = 9; gcd[11].gd.pos.width = 40;
gcd[11].gd.flags = gg_enabled;
gcd[11].data = (void *) 0x20;
gcd[11].gd.cid = CID_SkewAng+offset;
gcd[11].creator = GTextFieldCreate;
label[12].text = (unichar_t *) _("Horizontal");
label[12].text_is_1byte = true;
gcd[12].gd.label = &label[12];
gcd[12].gd.pos.x = TBlock_XStart; gcd[12].gd.pos.y = 2; gcd[12].gd.pos.height = 12;
gcd[12].gd.flags = gg_enabled | gg_cb_on;
gcd[12].data = (void *) 0x10;
gcd[12].gd.cid = CID_Horizontal+offset;
gcd[12].creator = GRadioCreate;
label[13].text = (unichar_t *) _("Vertical");
label[13].text_is_1byte = true;
gcd[13].gd.label = &label[13];
gcd[13].gd.pos.x = TBlock_XStart; gcd[13].gd.pos.y = 17; gcd[13].gd.pos.height = 12;
gcd[13].gd.flags = gg_enabled;
gcd[13].data = (void *) 0x10;
gcd[13].gd.cid = CID_Vertical+offset;
gcd[13].creator = GRadioCreate;
label[14].text = (unichar_t *) _("%");
label[14].text_is_1byte = true;
gcd[14].gd.label = &label[14];
gcd[14].gd.pos.x = TBlock_XStart+51; gcd[14].gd.pos.y = 15;
gcd[14].gd.flags = gg_enabled;
gcd[14].data = (void *) 0xc;
gcd[14].gd.cid = CID_XPercent+offset;
gcd[14].creator = GLabelCreate;
label[15].text = (unichar_t *) _("%");
label[15].text_is_1byte = true;
gcd[15].gd.label = &label[15];
gcd[15].gd.pos.x = TBlock_XStart+121; gcd[15].gd.pos.y = 15;
gcd[15].gd.flags = gg_enabled;
gcd[15].data = (void *) 0x8;
gcd[15].gd.cid = CID_YPercent+offset;
gcd[15].creator = GLabelCreate;
label[16].text = (unichar_t *) U_("°");
label[16].text_is_1byte = true;
gcd[16].gd.label = &label[16];
gcd[16].gd.pos.x = TBlock_XStart+51; gcd[16].gd.pos.y = 15;
gcd[16].gd.flags = gg_enabled;
gcd[16].data = (void *) 0x40;
gcd[16].gd.cid = CID_XDegree+offset;
gcd[16].creator = GLabelCreate;
label[17].text = (unichar_t *) U_("°");
label[17].text_is_1byte = true;
gcd[17].gd.label = &label[17];
gcd[17].gd.pos.x = TBlock_XStart+121; gcd[17].gd.pos.y = 15;
gcd[17].gd.flags = gg_enabled;
gcd[17].data = (void *) 0x40;
gcd[17].gd.cid = CID_YDegree+offset;
gcd[17].creator = GLabelCreate;
label[18].text = (unichar_t *) "45";
label[18].text_is_1byte = true;
gcd[18].gd.label = &label[18];
gcd[18].gd.pos.x = TBlock_XStart+10; gcd[18].gd.pos.y = 9; gcd[18].gd.pos.width = 40;
gcd[18].gd.flags = gg_enabled;
gcd[18].data = (void *) 0x40;
gcd[18].gd.cid = CID_XAxis+offset;
gcd[18].creator = GTextFieldCreate;
label[19].text = (unichar_t *) "0";
label[19].text_is_1byte = true;
gcd[19].gd.label = &label[19];
gcd[19].gd.pos.x = TBlock_XStart+80; gcd[19].gd.pos.y = 9; gcd[19].gd.pos.width = 40;
gcd[19].gd.flags = gg_enabled;
gcd[19].data = (void *) 0x40;
gcd[19].gd.cid = CID_YAxis+offset;
gcd[19].creator = GTextFieldCreate;
array[0] = &gcd[12]; array[1] = &gcd[13]; array[2] = NULL;
array[3] = &gcd[8]; array[4] = &gcd[9]; array[5] = NULL;
gcd[20].gd.flags = gg_enabled|gg_visible;
gcd[20].gd.u.boxelements = array;
gcd[20].gd.cid = CID_HVBox+offset;
gcd[20].creator = GVBoxCreate;
gcd[21].gd.flags = gg_enabled|gg_visible;
gcd[21].gd.u.boxelements = array+3;
gcd[21].gd.cid = CID_ClockBox+offset;
gcd[21].creator = GVBoxCreate;
array[6] = &gcd[0];
array[7] = &gcd[20];
array[8] = &gcd[1];
array[9] = &gcd[2];
array[10] = &gcd[5];
array[11] = &gcd[7];
array[12] = &gcd[10];
array[13] = &gcd[11];
array[14] = &gcd[18];
array[15] = &gcd[14];
array[16] = &gcd[16];
array[17] = &gcd[21];
array[18] = &gcd[3];
array[19] = &gcd[4];
array[20] = &gcd[6];
array[21] = &gcd[19];
array[22] = &gcd[15];
array[23] = &gcd[17];
array[24] = GCD_Glue;
array[25] = NULL;
array[26] = NULL;
gcd[22].gd.flags = gg_enabled|gg_visible;
gcd[22].gd.u.boxelements = array+6;
gcd[22].gd.cid = CID_HBox+offset;
gcd[22].creator = GHVGroupCreate;
return( gcd+22 );
}
int PointOfViewDlg(struct pov_data *pov, SplineFont *sf, int flags) {
static struct pov_data def = { or_center, or_value, 0, 0, .1,
0, 3.1415926535897932/16, .2, 0 };
double emsize = (sf->ascent + sf->descent);
struct nldlg d;
GRect pos;
GWindowAttrs wattrs;
GGadgetCreateData gcd[24], boxes[7], *varray[10][3], *harray1[3], *harray2[3],
*barray[9], *harray3[3], *harray4[3];
GTextInfo label[24];
int i,k,l;
char xval[40], yval[40], zval[40], dval[40], tval[40], dirval[40];
double x,y,z,dv,tilt,dir;
int err;
static int done = false;
if ( !done ) {
done = true;
for ( i=0; originx[i].text!=NULL; ++i )
originx[i].text = (unichar_t *) _((char *) originx[i].text);
for ( i=0; originy[i].text!=NULL; ++i )
originy[i].text = (unichar_t *) _((char *) originy[i].text);
}
*pov = def;
pov->x *= emsize; pov->y *= emsize; pov->z *= emsize; pov->d *= emsize;
if ( !(flags&1) ) {
if ( pov->xorigin == or_lastpress ) pov->xorigin = or_center;
if ( pov->yorigin == or_lastpress ) pov->yorigin = or_center;
}
memset(&d,'\0',sizeof(d));
memset(&wattrs,0,sizeof(wattrs));
wattrs.mask = wam_events|wam_cursor|wam_utf8_wtitle|wam_undercursor|wam_restrict|wam_isdlg;
wattrs.event_masks = ~(1<<et_charup);
wattrs.restrict_input_to_me = 1;
wattrs.is_dlg = 1;
wattrs.undercursor = 1;
wattrs.cursor = ct_pointer;
wattrs.utf8_window_title = _("Point of View Projection");
pos.x = pos.y = 0;
pos.width = GGadgetScale(GDrawPointsToPixels(NULL,240));
pos.height = GDrawPointsToPixels(NULL,216);
d.gw = GDrawCreateTopWindow(NULL,&pos,nld_e_h,&d,&wattrs);
memset(gcd,0,sizeof(gcd));
memset(boxes,0,sizeof(boxes));
memset(label,0,sizeof(label));
k=l=0;
label[k].text = (unichar_t *) _("View Point");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 10; gcd[k].gd.pos.y = 8;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1]; varray[l][1] = GCD_ColSpan; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("_X");
label[k].text_is_1byte = true;
label[k].text_in_resource = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 10; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y + 16;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
harray1[0] = &gcd[k-1];
for ( i=or_zero; i<or_undefined; ++i ) originx[i].selected = false;
originx[pov->xorigin].selected = true;
originx[or_lastpress].disabled = !(flags&1);
gcd[k].gd.pos.x = 23; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k].gd.label = &originx[pov->xorigin];
gcd[k].gd.u.list = originx;
gcd[k].gd.cid = CID_XType;
gcd[k++].creator = GListButtonCreate;
harray1[1] = &gcd[k-1]; harray1[2] = NULL;
boxes[2].gd.flags = gg_enabled|gg_visible;
boxes[2].gd.u.boxelements = harray1;
boxes[2].creator = GHBoxCreate;
varray[l][0] = &boxes[2];
sprintf( xval, "%g", rint(pov->x));
label[k].text = (unichar_t *) xval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y; gcd[k].gd.pos.width = 60;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k].gd.cid = CID_XValue;
gcd[k++].creator = GTextFieldCreate;
varray[l][1] = &gcd[k-1]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("_Y");
label[k].text_is_1byte = true;
label[k].text_in_resource = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-3].gd.pos.x; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y + 28;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
harray2[0] = &gcd[k-1];
for ( i=or_zero; i<or_undefined; ++i ) originy[i].selected = false;
originy[pov->yorigin].selected = true;
originy[or_lastpress].disabled = !(flags&1);
gcd[k].gd.pos.x = gcd[k-3].gd.pos.x; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k].gd.label = &originy[pov->yorigin];
gcd[k].gd.u.list = originy;
gcd[k].gd.cid = CID_YType;
gcd[k++].creator = GListButtonCreate;
harray2[1] = &gcd[k-1]; harray2[2] = NULL;
boxes[3].gd.flags = gg_enabled|gg_visible;
boxes[3].gd.u.boxelements = harray2;
boxes[3].creator = GHBoxCreate;
varray[l][0] = &boxes[3];
sprintf( yval, "%g", rint(pov->y));
label[k].text = (unichar_t *) yval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-3].gd.pos.x; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y; gcd[k].gd.pos.width = gcd[k-3].gd.pos.width;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.cid = CID_YValue;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k++].creator = GTextFieldCreate;
varray[l][1] = &gcd[k-1]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("Distance to drawing plane:");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 10; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y + 28;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1];
sprintf( zval, "%g", rint(pov->z));
label[k].text = (unichar_t *) zval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4; gcd[k].gd.pos.width = 60;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k].gd.cid = CID_ZValue;
gcd[k++].creator = GTextFieldCreate;
varray[l][1] = &gcd[k-1]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("Distance to projection plane:");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-2].gd.pos.x; gcd[k].gd.pos.y = gcd[k-2].gd.pos.y + 24;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1];
sprintf( dval, "%g", rint(pov->d));
label[k].text = (unichar_t *) dval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4; gcd[k].gd.pos.width = 60;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k].gd.cid = CID_DValue;
gcd[k++].creator = GTextFieldCreate;
varray[l][1] = &gcd[k-1]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("Drawing plane tilt:");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-2].gd.pos.x; gcd[k].gd.pos.y = gcd[k-2].gd.pos.y + 24;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1];
sprintf( tval, "%g", rint(pov->tilt*180/3.1415926535897932));
label[k].text = (unichar_t *) tval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4; gcd[k].gd.pos.width = 40;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k].gd.cid = CID_Tilt;
gcd[k++].creator = GTextFieldCreate;
harray3[0] = &gcd[k-1];
label[k].text = (unichar_t *) U_("°");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-1].gd.pos.x+gcd[k-1].gd.pos.width+3; gcd[k].gd.pos.y = gcd[k-2].gd.pos.y;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
harray3[1] = &gcd[k-1]; harray3[2] = NULL;
boxes[4].gd.flags = gg_enabled|gg_visible;
boxes[4].gd.u.boxelements = harray3;
boxes[4].creator = GHBoxCreate;
varray[l][1] = &boxes[4]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("Direction of gaze:");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-3].gd.pos.x; gcd[k].gd.pos.y = gcd[k-3].gd.pos.y + 24;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1];
sprintf( dirval, "%g", rint(pov->direction*180/3.1415926535897932));
label[k].text = (unichar_t *) dirval;
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y-4; gcd[k].gd.pos.width = 40;
gcd[k].gd.flags = gg_enabled|gg_visible;
gcd[k].gd.handle_controlevent = PoV_Vanish;
gcd[k].gd.cid = CID_GazeDirection;
gcd[k++].creator = GTextFieldCreate;
harray4[0] = &gcd[k-1];
label[k].text = (unichar_t *) U_("°");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = gcd[k-1].gd.pos.x+gcd[k-1].gd.pos.width+3; gcd[k].gd.pos.y = gcd[k-2].gd.pos.y;
gcd[k].gd.flags = gg_visible | gg_enabled;
gcd[k++].creator = GLabelCreate;
harray4[1] = &gcd[k-1]; harray4[2] = NULL;
boxes[5].gd.flags = gg_enabled|gg_visible;
boxes[5].gd.u.boxelements = harray4;
boxes[5].creator = GHBoxCreate;
varray[l][1] = &boxes[5]; varray[l++][2] = NULL;
label[k].text = (unichar_t *) _("Vanishing Point:");
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 10; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y+18;
gcd[k].gd.flags = gg_visible | gg_enabled | gg_utf8_popup;
gcd[k].gd.popup_msg = (unichar_t *) _("This is the approximate location of the vanishing point.\nIt does not include the offset induced by \"Center of selection\"\nnor \"Last Press\".");
gcd[k++].creator = GLabelCreate;
varray[l][0] = &gcd[k-1];
label[k].text = (unichar_t *) "123456.,123456.";
label[k].text_is_1byte = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.pos.x = 160; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y;
gcd[k].gd.flags = gg_visible | gg_enabled | gg_utf8_popup;
gcd[k].gd.popup_msg = (unichar_t *) _("This is the approximate location of the vanishing point.\nIt does not include the offset induced by \"Center of selection\"\nnor \"Last Press\".");
gcd[k].gd.cid = CID_Vanish;
gcd[k++].creator = GLabelCreate;
varray[l][1] = &gcd[k-1]; varray[l++][2] = NULL;
gcd[k].gd.pos.x = 30-3; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y+18;
gcd[k].gd.pos.width = -1; gcd[k].gd.pos.height = 0;
gcd[k].gd.flags = gg_visible | gg_enabled | gg_but_default;
label[k].text = (unichar_t *) _("_OK");
label[k].text_is_1byte = true;
label[k].text_in_resource = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.cid = true;
gcd[k++].creator = GButtonCreate;
barray[0] = GCD_Glue; barray[1] = &gcd[k-1]; barray[2] = GCD_Glue;
gcd[k].gd.pos.x = -30; gcd[k].gd.pos.y = gcd[k-1].gd.pos.y+3;
gcd[k].gd.pos.width = -1; gcd[k].gd.pos.height = 0;
gcd[k].gd.flags = gg_visible | gg_enabled | gg_but_cancel;
label[k].text = (unichar_t *) _("_Cancel");
label[k].text_is_1byte = true;
label[k].text_in_resource = true;
gcd[k].gd.label = &label[k];
gcd[k].gd.cid = false;
gcd[k++].creator = GButtonCreate;
barray[3] = GCD_Glue; barray[4] = &gcd[k-1]; barray[5] = GCD_Glue; barray[6] = NULL;
boxes[6].gd.flags = gg_enabled|gg_visible;
boxes[6].gd.u.boxelements = barray;
boxes[6].creator = GHBoxCreate;
varray[l][0] = &boxes[6]; varray[l][1] = GCD_ColSpan; varray[l++][2] = NULL;
varray[l][0] = NULL;
boxes[0].gd.pos.x = boxes[0].gd.pos.y = 2;
boxes[0].gd.flags = gg_enabled|gg_visible;
boxes[0].gd.u.boxelements = varray[0];
boxes[0].creator = GHVGroupCreate;
GGadgetsCreate(d.gw,boxes);
GHVBoxFitWindow(boxes[0].ret);
PoV_DoVanish(&d);
GDrawSetVisible(d.gw,true);
while ( !d.done ) {
GDrawProcessOneEvent(NULL);
if ( d.done ) {
if ( !d.ok ) {
GDrawDestroyWindow(d.gw);
return( -1 );
}
err = false;
x = GetReal8(d.gw,CID_XValue,_("_X"),&err);
y = GetReal8(d.gw,CID_YValue,_("_Y"),&err);
z = GetReal8(d.gw,CID_ZValue,_("Distance to drawing plane:"),&err);
dv = GetReal8(d.gw,CID_DValue,_("Distance to projection plane:"),&err);
tilt = GetReal8(d.gw,CID_Tilt,_("Drawing plane tilt:"),&err);
dir = GetReal8(d.gw,CID_GazeDirection,_("Direction of gaze:"),&err);
if ( err ) {
d.done = d.ok = false;
continue;
}
pov->x = x; pov->y = y; pov->z = z; pov->d = dv;
pov->tilt = tilt*3.1415926535897932/180;
pov->direction = dir*3.1415926535897932/180;
pov->xorigin = GGadgetGetFirstListSelectedItem( GWidgetGetControl(d.gw,CID_XType));
pov->yorigin = GGadgetGetFirstListSelectedItem( GWidgetGetControl(d.gw,CID_YType));
}
}
GDrawDestroyWindow(d.gw);
def = *pov;
def.x /= emsize; def.y /= emsize; def.z /= emsize; def.d /= emsize;
return( 0 ); /* -1 => Canceled */
}
int
sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
{
char challenge[256];
size_t challenge_len;
static char *orig_prompt = NULL, *new_prompt = NULL;
static size_t op_len, np_size;
static struct RFC1938 rfc1938;
debug_decl(sudo_rfc1938_setup, SUDOERS_DEBUG_AUTH)
/* Stash a pointer to the rfc1938 struct if we have not initialized */
if (!auth->data)
auth->data = &rfc1938;
/* Save the original prompt */
if (orig_prompt == NULL) {
orig_prompt = *promptp;
op_len = strlen(orig_prompt);
/* Ignore trailing colon (we will add our own) */
if (orig_prompt[op_len - 1] == ':')
op_len--;
else if (op_len >= 2 && orig_prompt[op_len - 1] == ' '
&& orig_prompt[op_len - 2] == ':')
op_len -= 2;
}
#ifdef HAVE_SKEY
/* Close old stream */
if (rfc1938.keyfile)
(void) fclose(rfc1938.keyfile);
#endif
/*
* Look up the user and get the rfc1938 challenge.
* If the user is not in the OTP db, only post a fatal error if
* we are running alone (since they may just use a normal passwd).
*/
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
if (IS_ONEANDONLY(auth)) {
sudo_warnx(U_("you do not exist in the %s database"), auth->name);
debug_return_int(AUTH_FATAL);
} else {
debug_return_int(AUTH_FAILURE);
}
}
/* Get space for new prompt with embedded challenge */
challenge_len = strlen(challenge);
if (np_size < op_len + challenge_len + 7) {
char *p = realloc(new_prompt, op_len + challenge_len + 7);
if (p == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
}
np_size = op_len + challenge_len + 7;
new_prompt = p;
}
if (def_long_otp_prompt)
(void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt);
else
(void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", (int)op_len,
orig_prompt, challenge);
*promptp = new_prompt;
debug_return_int(AUTH_SUCCESS);
}
void
set_project(struct passwd *pw)
{
struct project proj;
char buf[PROJECT_BUFSZ];
int errval;
debug_decl(set_project, SUDO_DEBUG_UTIL)
/*
* Collect the default project for the user and settaskid
*/
setprojent();
if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
switch(errval) {
case 0:
break;
case SETPROJ_ERR_TASK:
switch (errno) {
case EAGAIN:
sudo_warnx(U_("resource control limit has been reached"));
break;
case ESRCH:
sudo_warnx(U_("user \"%s\" is not a member of project \"%s\""),
pw->pw_name, proj.pj_name);
break;
case EACCES:
sudo_warnx(U_("the invoking task is final"));
break;
default:
sudo_warnx(U_("could not join project \"%s\""), proj.pj_name);
}
case SETPROJ_ERR_POOL:
switch (errno) {
case EACCES:
sudo_warnx(U_("no resource pool accepting default bindings "
"exists for project \"%s\""), proj.pj_name);
break;
case ESRCH:
sudo_warnx(U_("specified resource pool does not exist for "
"project \"%s\""), proj.pj_name);
break;
default:
sudo_warnx(U_("could not bind to default resource pool for "
"project \"%s\""), proj.pj_name);
}
break;
default:
if (errval <= 0) {
sudo_warnx(U_("setproject failed for project \"%s\""), proj.pj_name);
} else {
sudo_warnx(U_("warning, resource control assignment failed for "
"project \"%s\""), proj.pj_name);
}
}
} else {
sudo_warn("getdefaultproj");
}
endprojent();
debug_return;
}
