1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
/*
* CU sudo version 1.4 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
* Please send bugs, changes, problems to sudo-bugs@cs.colorado.edu
*
*/
/*
* sudo version 1.1 allows users to execute commands as root
* Copyright (C) 1991 The Root Group, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* $Id$
*/
#ifndef _SUDO_SUDO_H
#define _SUDO_SUDO_H
#include <pathnames.h>
#include "compat.h"
/*
* IP address and netmask pairs for checking against local interfaces.
*/
struct interface {
struct in_addr addr;
struct in_addr netmask;
};
/*
* Data structure used in parsing sudoers;
* top of stack values are the ones that
* apply when parsing is done & can be
* accessed by *_matches macros
*/
struct matchstack {
int user;
int cmnd;
int host;
};
extern struct matchstack match[];
extern int top;
#define user_matches (match[top-1].user)
#define cmnd_matches (match[top-1].cmnd)
#define host_matches (match[top-1].host)
/*
* Maximum number of characters to log per entry. The syslogger
* will log this much, after that, it truncates the log line.
* We need this here to make sure that we continue with another
* syslog(3) call if the internal buffer is moe than 1023 characters.
*/
#ifndef MAXSYSLOGLEN
# define MAXSYSLOGLEN 960
#endif
#define SLOG_SYSLOG 0x01
#define SLOG_FILE 0x02
#define SLOG_BOTH 0x03
#define VALIDATE_OK 0x00
#define VALIDATE_NO_USER 0x01
#define VALIDATE_NOT_OK 0x02
#define VALIDATE_ERROR -1
/*
* the arguments passed to log_error() are ANDed with GLOBAL_PROBLEM
* If the result is TRUE, the argv is NOT logged with the error message
*/
#define GLOBAL_PROBLEM 0x20
#define ALL_SYSTEMS_GO 0x00
#define GLOBAL_NO_PW_ENT ( 0x01 | GLOBAL_PROBLEM )
#define GLOBAL_NO_SPW_ENT ( 0x02 | GLOBAL_PROBLEM )
#define GLOBAL_NO_HOSTNAME ( 0x03 | GLOBAL_PROBLEM )
#define GLOBAL_HOST_UNREGISTERED ( 0x04 | GLOBAL_PROBLEM )
#define PASSWORD_NOT_CORRECT 0x05
#define PASSWORDS_NOT_CORRECT 0x06
#define NO_SUDOERS_FILE ( 0x07 | GLOBAL_PROBLEM )
#define BAD_SUDOERS_FILE ( 0x08 | GLOBAL_PROBLEM )
#define SUDOERS_NO_OWNER ( 0x09 | GLOBAL_PROBLEM )
#define SUDOERS_WRONG_OWNER ( 0x0A | GLOBAL_PROBLEM )
#define SUDOERS_NOT_FILE ( 0x0B | GLOBAL_PROBLEM )
#define SUDOERS_RW_OTHER ( 0x0C | GLOBAL_PROBLEM )
#define SPOOF_ATTEMPT 0x0D
#define BAD_STAMPDIR 0x0E
#define BAD_STAMPFILE 0x0F
/*
* Boolean values
*/
#undef TRUE
#define TRUE 0x01
#undef FALSE
#define FALSE 0x00
/*
* Various modes sudo can be in (based on arguments) in octal
*/
#define MODE_RUN 00001
#define MODE_VALIDATE 00002
#define MODE_KILL 00004
#define MODE_VERSION 00010
#define MODE_HELP 00020
#define MODE_LIST 00040
#define MODE_BACKGROUND 00100
#define MODE_SHELL 00200
/*
* Used with set_perms()
*/
#define PERM_ROOT 0x00
#define PERM_FULL_ROOT 0x01
#define PERM_USER 0x02
#define PERM_FULL_USER 0x03
#define PERM_SUDOERS 0x04
/*
* Shortcuts for user_pw_ent
*/
#define user_name (user_pw_ent -> pw_name)
#define user_passwd (user_pw_ent -> pw_passwd)
#define user_uid (user_pw_ent -> pw_uid)
#define user_gid (user_pw_ent -> pw_gid)
#define user_shell (user_pw_ent -> pw_shell)
#define user_dir (user_pw_ent -> pw_dir)
/*
* Prototypes
*/
/* These are the functions that are called in sudo(8) */
#ifndef HAVE_STRDUP
char *strdup __P((const char *));
#endif
#ifndef HAVE_GETWD
char *getwd __P((char *));
#endif
#if !defined(HAVE_PUTENV) && !defined(HAVE_SETENV)
int putenv __P((const char *));
#endif
char *sudo_goodpath __P((const char *));
int sudo_setenv __P((char *, char *));
char *tgetpass __P((char *, int));
char * find_path __P((char *));
void log_error __P((int));
void inform_user __P((int));
void check_user __P((void));
int validate __P((int));
void set_perms __P((int));
void remove_timestamp __P((void));
void load_interfaces __P((void));
/*
* Most of these variables are declared in main() so they don't need
* to be extern'ed here if this is main...
*/
#ifndef MAIN
extern char host[];
extern char cwd[];
extern struct interface *interfaces;
extern int num_interfaces;
extern struct passwd *user_pw_ent;
extern char *tty;
extern char *cmnd;
extern char *cmnd_args;
extern char *prompt;
extern struct stat cmnd_st;
extern int Argc;
extern char **Argv;
#endif
extern int errno;
#endif /* _SUDO_SUDO_H */
|