From 9f57eb536310181fbd2d7b9294c84209260d0971 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 27 Mar 2023 16:29:46 -0600 Subject: Make struct {command,user}_details pointers const where possible. --- src/edit_open.c | 20 +++++++++++--------- src/exec.c | 15 ++++++++------- src/exec_intercept.c | 4 ++-- src/exec_intercept.h | 2 +- src/exec_monitor.c | 4 ++-- src/exec_nopty.c | 14 +++++++------- src/exec_pty.c | 13 +++++++------ src/sudo.c | 5 ++--- src/sudo.h | 9 ++++----- src/sudo_edit.c | 27 ++++++++++++++------------- src/sudo_edit.h | 6 +++--- src/sudo_exec.h | 6 +++--- src/tgetpass.c | 8 ++++---- 13 files changed, 68 insertions(+), 65 deletions(-) diff --git a/src/edit_open.c b/src/edit_open.c index 091eed838..3e1c0a74c 100644 --- a/src/edit_open.c +++ b/src/edit_open.c @@ -100,7 +100,7 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) } static bool -group_matches(gid_t target, struct sudo_cred *cred) +group_matches(gid_t target, const struct sudo_cred *cred) { int i; debug_decl(group_matches, SUDO_DEBUG_EDIT); @@ -123,7 +123,7 @@ group_matches(gid_t target, struct sudo_cred *cred) } static bool -is_writable(struct sudo_cred *user_cred, struct stat *sb) +is_writable(const struct sudo_cred *user_cred, struct stat *sb) { debug_decl(is_writable, SUDO_DEBUG_EDIT); @@ -153,7 +153,8 @@ is_writable(struct sudo_cred *user_cred, struct stat *sb) * Returns true if writable, false if not, or -1 on error. */ int -dir_is_writable(int dfd, struct sudo_cred *user_cred, struct sudo_cred *cur_cred) +dir_is_writable(int dfd, const struct sudo_cred *user_cred, + const struct sudo_cred *cur_cred) { struct stat sb; int rc; @@ -215,7 +216,8 @@ fallback: * Returns true if writable, false if not, or -1 on error. */ int -dir_is_writable(int dfd, struct sudo_cred *user_cred, struct sudo_cred *cur_cred) +dir_is_writable(int dfd, const struct sudo_cred *user_cred, + const struct sudo_cred *cur_cred) { struct stat sb; debug_decl(dir_is_writable, SUDO_DEBUG_EDIT); @@ -338,7 +340,7 @@ done: static int sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode, - struct sudo_cred *user_cred, struct sudo_cred *cur_cred) + const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) { const int dflags = DIR_OPEN_FLAGS; int dfd, fd, writable; @@ -405,7 +407,7 @@ sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode, #ifdef O_NOFOLLOW int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, - struct sudo_cred *user_cred, struct sudo_cred *cur_cred) + const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) { int fd; debug_decl(sudo_edit_open, SUDO_DEBUG_EDIT); @@ -434,7 +436,7 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, #else int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, - struct sudo_cred *user_cred, struct sudo_cred *cur_cred) + const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) { struct stat sb; int fd; @@ -486,8 +488,8 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, * Does not modify the value of errno. */ bool -sudo_edit_parent_valid(char *path, int sflags, struct sudo_cred *user_cred, - struct sudo_cred *cur_cred) +sudo_edit_parent_valid(char *path, int sflags, + const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred) { const int serrno = errno; struct stat sb; diff --git a/src/exec.c b/src/exec.c index 072b53d13..4d97c4976 100644 --- a/src/exec.c +++ b/src/exec.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2022 Todd C. Miller + * Copyright (c) 2009-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -361,7 +361,7 @@ sudo_terminated(struct command_status *cstat) } static bool -sudo_needs_pty(struct command_details *details) +sudo_needs_pty(const struct command_details *details) { struct plugin_container *plugin; @@ -382,7 +382,7 @@ sudo_needs_pty(struct command_details *details) * sudo can exec the command directly (and not wait). */ static bool -direct_exec_allowed(struct command_details *details) +direct_exec_allowed(const struct command_details *details) { struct plugin_container *plugin; debug_decl(direct_exec_allowed, SUDO_DEBUG_EXEC); @@ -407,8 +407,9 @@ direct_exec_allowed(struct command_details *details) * we fact that we have two different controlling terminals to deal with. */ int -sudo_execute(struct command_details *details, struct user_details *user_details, - struct command_status *cstat) +sudo_execute(struct command_details *details, + const struct user_details *user_details, + struct sudo_event_base *evbase, struct command_status *cstat) { debug_decl(sudo_execute, SUDO_DEBUG_EXEC); @@ -462,7 +463,7 @@ sudo_execute(struct command_details *details, struct user_details *user_details, * is configured, this returns false and we run the command without a pty. */ if (sudo_needs_pty(details)) { - if (exec_pty(details, user_details, cstat)) + if (exec_pty(details, user_details, evbase, cstat)) goto done; } @@ -482,7 +483,7 @@ sudo_execute(struct command_details *details, struct user_details *user_details, /* * Run the command in the existing tty (if any) and wait for it to finish. */ - exec_nopty(details, user_details, cstat); + exec_nopty(details, user_details, evbase, cstat); done: /* The caller will run any plugin close functions. */ diff --git a/src/exec_intercept.c b/src/exec_intercept.c index 70e4f98a8..3c7791ad2 100644 --- a/src/exec_intercept.c +++ b/src/exec_intercept.c @@ -98,7 +98,7 @@ enable_write_event(int fd, sudo_ev_callback_t callback, */ void * intercept_setup(int fd, struct sudo_event_base *evbase, - struct command_details *details) + const struct command_details *details) { struct intercept_closure *closure; debug_decl(intercept_setup, SUDO_DEBUG_EXEC); @@ -1086,7 +1086,7 @@ bad: #else /* _PATH_SUDO_INTERCEPT */ void * intercept_setup(int fd, struct sudo_event_base *evbase, - struct command_details *details) + const struct command_details *details) { debug_decl(intercept_setup, SUDO_DEBUG_EXEC); diff --git a/src/exec_intercept.h b/src/exec_intercept.h index ed145887c..e7f173297 100644 --- a/src/exec_intercept.h +++ b/src/exec_intercept.h @@ -35,7 +35,7 @@ enum intercept_state { /* Closure for intercept_cb() */ struct intercept_closure { union sudo_token_un token; - struct command_details *details; + const struct command_details *details; struct sudo_event ev; const char *errstr; char *command; /* dynamically allocated */ diff --git a/src/exec_monitor.c b/src/exec_monitor.c index 41cf7fde8..c12c1fb2b 100644 --- a/src/exec_monitor.c +++ b/src/exec_monitor.c @@ -42,7 +42,7 @@ #include "sudo_plugin_int.h" struct monitor_closure { - struct command_details *details; + const struct command_details *details; struct sudo_event_base *evbase; struct sudo_event *errpipe_event; struct sudo_event *backchannel_event; @@ -401,7 +401,7 @@ exec_cmnd_pty(struct command_details *details, sigset_t *mask, */ static void fill_exec_closure_monitor(struct monitor_closure *mc, - struct command_details *details, struct command_status *cstat, + const struct command_details *details, struct command_status *cstat, int errfd, int backchannel) { debug_decl(fill_exec_closure_monitor, SUDO_DEBUG_EXEC); diff --git a/src/exec_nopty.c b/src/exec_nopty.c index f973fcc0e..3c78e4415 100644 --- a/src/exec_nopty.c +++ b/src/exec_nopty.c @@ -208,8 +208,8 @@ signal_cb_nopty(int signo, int what, void *v) */ static void fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, - struct command_details *details, struct user_details *user_details, - int errfd) + struct command_details *details, const struct user_details *user_details, + struct sudo_event_base *evbase, int errfd) { debug_decl(fill_exec_closure, SUDO_DEBUG_EXEC); @@ -222,8 +222,7 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, ec->cols = user_details->ts_cols; /* Setup event base and events. */ - ec->evbase = details->evbase; - details->evbase = NULL; + ec->evbase = evbase; /* Event for command status via errfd. */ ec->backchannel_event = sudo_ev_alloc(errfd, @@ -536,8 +535,9 @@ interpose_pipes(struct exec_closure *ec, int io_pipe[3][2]) * Execute a command and wait for it to finish. */ void -exec_nopty(struct command_details *details, struct user_details *user_details, - struct command_status *cstat) +exec_nopty(struct command_details *details, + const struct user_details *user_details, + struct sudo_event_base *evbase, struct command_status *cstat) { int io_pipe[3][2] = { { -1, -1 }, { -1, -1 }, { -1, -1 } }; int errpipe[2], intercept_sv[2] = { -1, -1 }; @@ -660,7 +660,7 @@ exec_nopty(struct command_details *details, struct user_details *user_details, * Fill in exec closure, allocate event base, signal events and * the error pipe event. */ - fill_exec_closure(&ec, cstat, details, user_details, errpipe[0]); + fill_exec_closure(&ec, cstat, details, user_details, evbase, errpipe[0]); if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { int rc = 1; diff --git a/src/exec_pty.c b/src/exec_pty.c index 10bc4fa75..2b5228020 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -935,8 +935,8 @@ fwdchannel_cb(int sock, int what, void *v) */ static void fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, - struct command_details *details, struct user_details *user_details, - pid_t sudo_pid, pid_t ppgrp, int backchannel) + struct command_details *details, const struct user_details *user_details, + struct sudo_event_base *evbase, pid_t sudo_pid, pid_t ppgrp, int backchannel) { debug_decl(fill_exec_closure, SUDO_DEBUG_EXEC); @@ -954,8 +954,7 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, cstat->val = 0; /* Setup event base and events. */ - ec->evbase = details->evbase; - details->evbase = NULL; + ec->evbase = evbase; /* Event for command status via backchannel. */ ec->backchannel_event = sudo_ev_alloc(backchannel, @@ -1063,7 +1062,8 @@ fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, * we fact that we have two different controlling terminals to deal with. */ bool -exec_pty(struct command_details *details, struct user_details *user_details, +exec_pty(struct command_details *details, + const struct user_details *user_details, struct sudo_event_base *evbase, struct command_status *cstat) { int io_pipe[3][2] = { { -1, -1 }, { -1, -1 }, { -1, -1 } }; @@ -1361,7 +1361,8 @@ exec_pty(struct command_details *details, struct user_details *user_details, * Fill in exec closure, allocate event base, signal events and * the backchannel event. */ - fill_exec_closure(&ec, cstat, details, user_details, sudo_pid, ppgrp, sv[0]); + fill_exec_closure(&ec, cstat, details, user_details, evbase, + sudo_pid, ppgrp, sv[0]); /* Create event and closure for intercept mode. */ if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { diff --git a/src/sudo.c b/src/sudo.c index 642fb3abf..285ce7f6d 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -292,7 +292,6 @@ main(int argc, char *argv[], char *envp[]) command_details.argv = nargv; command_details.argc = nargc; command_details.envp = run_envp; - command_details.evbase = sudo_event_base; if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) SET(command_details.flags, CD_LOGIN_SHELL); if (ISSET(sudo_mode, MODE_BACKGROUND)) @@ -1022,7 +1021,7 @@ done: */ int run_command(struct command_details *command_details, - struct user_details *user_details) + const struct user_details *user_details) { struct command_status cstat; int status = W_EXITCODE(1, 0); @@ -1044,7 +1043,7 @@ run_command(struct command_details *command_details, debug_return_int(status); } - sudo_execute(command_details, user_details, &cstat); + sudo_execute(command_details, user_details, sudo_event_base, &cstat); switch (cstat.type) { case CMD_ERRNO: diff --git a/src/sudo.h b/src/sudo.h index 589a8b8a2..4bec1bb54 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -211,7 +211,6 @@ struct command_details { const char *tty; char **argv; char **envp; - struct sudo_event_base *evbase; #ifdef HAVE_PRIV_SET priv_set_t *privs; priv_set_t *limitprivs; @@ -243,10 +242,10 @@ void cleanup(int); /* tgetpass.c */ char *tgetpass(const char *prompt, int timeout, int flags, struct sudo_conv_callback *callback); -struct sudo_cred *sudo_askpass_cred(struct sudo_cred *cred); +const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred); /* exec.c */ -int sudo_execute(struct command_details *details, struct user_details *ud, struct command_status *cstat); +int sudo_execute(struct command_details *details, const struct user_details *ud, struct sudo_event_base *evbase, struct command_status *cstat); /* parse_args.c */ int parse_args(int argc, char **argv, const char *shell, int *old_optind, @@ -259,7 +258,7 @@ char *get_pty(int *leader, int *follower, uid_t uid); /* sudo.c */ int policy_init_session(struct command_details *details); -int run_command(struct command_details *command_details, struct user_details *user_details); +int run_command(struct command_details *command_details, const struct user_details *user_details); int os_init_common(int argc, char *argv[], char *envp[]); bool gc_add(enum sudo_gc_types type, void *v); bool set_user_groups(struct command_details *details); @@ -276,7 +275,7 @@ bool approval_check(char * const command_info[], char * const run_argv[], extern int sudo_debug_instance; /* sudo_edit.c */ -int sudo_edit(struct command_details *command_details, struct user_details *user_details); +int sudo_edit(struct command_details *command_details, const struct user_details *user_details); /* parse_args.c */ sudo_noreturn void usage(void); diff --git a/src/sudo_edit.c b/src/sudo_edit.c index 8c8e9b86c..dc7d6840c 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -60,7 +60,7 @@ static char edit_tmpdir[MAX(sizeof(_PATH_VARTMP), sizeof(_PATH_TMP))]; * Returns true on success, else false; */ static bool -set_tmpdir(struct sudo_cred *user_cred) +set_tmpdir(const struct sudo_cred *user_cred) { const char *tdir = NULL; const char *tmpdirs[] = { @@ -162,8 +162,8 @@ sudo_edit_mktemp(const char *ofile, char **tfile) * or -1 if a fatal error occurred. */ static int -sudo_edit_create_tfiles(struct command_details *command_details, - struct sudo_cred *user_cred, struct tempfile *tf, char *files[], +sudo_edit_create_tfiles(const struct command_details *command_details, + const struct sudo_cred *user_cred, struct tempfile *tf, char *files[], int nfiles) { int i, j, tfd, ofd, rc; @@ -266,8 +266,8 @@ sudo_edit_create_tfiles(struct command_details *command_details, * Returns the number of copy errors or 0 if completely successful. */ static int -sudo_edit_copy_tfiles(struct command_details *command_details, - struct sudo_cred *user_cred, struct tempfile *tf, +sudo_edit_copy_tfiles(const struct command_details *command_details, + const struct sudo_cred *user_cred, struct tempfile *tf, int nfiles, struct timespec *times) { int i, tfd, ofd, errors = 0; @@ -380,7 +380,7 @@ selinux_run_helper(uid_t uid, gid_t gid, int ngroups, GETGROUPS_T *groups, } static char * -selinux_fmt_sudo_user(struct sudo_cred *user_cred) +selinux_fmt_sudo_user(const struct sudo_cred *user_cred) { char *cp, *user_str; size_t user_size; @@ -411,8 +411,8 @@ selinux_fmt_sudo_user(struct sudo_cred *user_cred) } static int -selinux_edit_create_tfiles(struct command_details *command_details, - struct sudo_cred *user_cred, struct tempfile *tf, +selinux_edit_create_tfiles(const struct command_details *command_details, + const struct sudo_cred *user_cred, struct tempfile *tf, char *files[], int nfiles) { const char **sesh_args, **sesh_ap; @@ -518,8 +518,8 @@ done: } static int -selinux_edit_copy_tfiles(struct command_details *command_details, - struct sudo_cred *user_cred, struct tempfile *tf, +selinux_edit_copy_tfiles(const struct command_details *command_details, + const struct sudo_cred *user_cred, struct tempfile *tf, int nfiles, struct timespec *times) { const char **sesh_args, **sesh_ap; @@ -627,10 +627,11 @@ done: * of 1 on failure. */ int -sudo_edit(struct command_details *command_details, struct user_details *user_details) +sudo_edit(struct command_details *command_details, + const struct user_details *user_details) { struct command_details saved_command_details; - struct sudo_cred *user_cred = &user_details->cred; + const struct sudo_cred *user_cred = &user_details->cred; char **nargv = NULL, **files = NULL; int nfiles = command_details->nfiles; int errors, i, ac, nargc, ret; @@ -786,7 +787,7 @@ cleanup: * Must have the ability to change the effective uid to use sudoedit. */ int -sudo_edit(struct command_details *command_details, struct sudo_cred *user_cred) +sudo_edit(const struct command_details *command_details, const struct sudo_cred *user_cred) { debug_decl(sudo_edit, SUDO_DEBUG_EDIT); debug_return_int(W_EXITCODE(1, 0)); diff --git a/src/sudo_edit.h b/src/sudo_edit.h index 87e6e9f6a..61b02ebf8 100644 --- a/src/sudo_edit.h +++ b/src/sudo_edit.h @@ -48,8 +48,8 @@ bool sudo_check_temp_file(int tfd, const char *tname, uid_t uid, struct stat *sb /* edit_open.c */ struct sudo_cred; void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups); -int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, struct sudo_cred *user_cred, struct sudo_cred *cur_cred); -int dir_is_writable(int dfd, struct sudo_cred *user_cred, struct sudo_cred *cur_cred); -bool sudo_edit_parent_valid(char *path, int sflags, struct sudo_cred *user_cred, struct sudo_cred *cur_cred); +int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); +int dir_is_writable(int dfd, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); +bool sudo_edit_parent_valid(char *path, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred); #endif /* SUDO_EDIT_H */ diff --git a/src/sudo_exec.h b/src/sudo_exec.h index de6ac45ad..4358baee2 100644 --- a/src/sudo_exec.h +++ b/src/sudo_exec.h @@ -185,7 +185,7 @@ char **disable_execute(char *envp[], const char *dso); char **enable_monitor(char *envp[], const char *dso); /* exec_intercept.c */ -void *intercept_setup(int fd, struct sudo_event_base *evbase, struct command_details *details); +void *intercept_setup(int fd, struct sudo_event_base *evbase, const struct command_details *details); void intercept_cleanup(struct exec_closure *ec); /* exec_iolog.c */ @@ -205,10 +205,10 @@ void del_io_events(bool nonblocking); void init_ttyblock(void); /* exec_nopty.c */ -void exec_nopty(struct command_details *details, struct user_details *user_details, struct command_status *cstat); +void exec_nopty(struct command_details *details, const struct user_details *user_details, struct sudo_event_base *evbase, struct command_status *cstat); /* exec_pty.c */ -bool exec_pty(struct command_details *details, struct user_details *user_details, struct command_status *cstat); +bool exec_pty(struct command_details *details, const struct user_details *user_details, struct sudo_event_base *evbase, struct command_status *cstat); extern int io_fds[6]; /* exec_monitor.c */ diff --git a/src/tgetpass.c b/src/tgetpass.c index 80431ef63..0e6996953 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -290,7 +290,7 @@ static char * sudo_askpass(const char *askpass, const char *prompt) { static char buf[SUDO_CONV_REPL_MAX + 1], *pass; - struct sudo_cred *cred = sudo_askpass_cred(NULL); + const struct sudo_cred *cred = sudo_askpass_cred(NULL); sigset_t chldmask; enum tgetpass_errval errval; int pfd[2], status; @@ -455,10 +455,10 @@ tgetpass_handler(int s) signo[s] = 1; } -struct sudo_cred * -sudo_askpass_cred(struct sudo_cred *cred) +const struct sudo_cred * +sudo_askpass_cred(const struct sudo_cred *cred) { - static struct sudo_cred *saved_cred; + static const struct sudo_cred *saved_cred; if (cred != NULL) saved_cred = cred; -- cgit v1.2.1