1 /* 2 * SPDX-License-Identifier: ISC 3 * 4 * Copyright (c) 1993-1996, 1998-2005, 2007-2021 5 * Todd C. Miller <Todd.Miller@sudo.ws> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * Sponsored in part by the Defense Advanced Research Projects 20 * Agency (DARPA) and Air Force Research Laboratory, Air Force 21 * Materiel Command, USAF, under agreement number F39502-99-1-0512. 22 */ 23 24 #ifndef SUDO_SUDO_H 25 #define SUDO_SUDO_H 26 27 #include <limits.h> 28 #ifdef HAVE_STDBOOL_H 29 # include <stdbool.h> 30 #else 31 # include "compat/stdbool.h" 32 #endif /* HAVE_STDBOOL_H */ 33 #ifdef HAVE_PRIV_SET 34 # include <priv.h> 35 #endif 36 37 #include "pathnames.h" 38 #include "sudo_compat.h" 39 #include "sudo_conf.h" 40 #include "sudo_debug.h" 41 #include "sudo_event.h" 42 #include "sudo_fatal.h" 43 #include "sudo_gettext.h" 44 #include "sudo_queue.h" 45 #include "sudo_util.h" 46 47 /* Enable asserts() to avoid static analyzer false positives. */ 48 #if !(defined(SUDO_DEVEL) || defined(__clang_analyzer__) || defined(__COVERITY__)) 49 # define NDEBUG 50 #endif 51 52 /* 53 * Various modes sudo can be in (based on arguments) in hex 54 */ 55 #define MODE_RUN 0x00000001 56 #define MODE_EDIT 0x00000002 57 #define MODE_VALIDATE 0x00000004 58 #define MODE_INVALIDATE 0x00000008 59 #define MODE_KILL 0x00000010 60 #define MODE_VERSION 0x00000020 61 #define MODE_HELP 0x00000040 62 #define MODE_LIST 0x00000080 63 #define MODE_CHECK 0x00000100 64 #define MODE_MASK 0x0000ffff 65 66 /* Mode flags */ 67 /* XXX - prune this */ 68 #define MODE_BACKGROUND 0x00010000 69 #define MODE_SHELL 0x00020000 70 #define MODE_LOGIN_SHELL 0x00040000 71 #define MODE_IMPLIED_SHELL 0x00080000 72 #define MODE_RESET_HOME 0x00100000 73 #define MODE_PRESERVE_GROUPS 0x00200000 74 #define MODE_PRESERVE_ENV 0x00400000 75 #define MODE_NONINTERACTIVE 0x00800000 76 #define MODE_LONG_LIST 0x01000000 77 78 /* 79 * Flags for tgetpass() 80 */ 81 #define TGP_NOECHO 0x00 /* turn echo off reading pw (default) */ 82 #define TGP_ECHO 0x01 /* leave echo on when reading passwd */ 83 #define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ 84 #define TGP_ASKPASS 0x04 /* read from askpass helper program */ 85 #define TGP_MASK 0x08 /* mask user input when reading */ 86 #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */ 87 #define TGP_BELL 0x20 /* bell on password prompt */ 88 89 /* name/value pairs for command line settings. */ 90 struct sudo_settings { 91 const char *name; 92 const char *value; 93 }; 94 95 /* Sudo user credentials */ 96 struct sudo_cred { 97 uid_t uid; 98 uid_t euid; 99 uid_t gid; 100 uid_t egid; 101 int ngroups; 102 GETGROUPS_T *groups; 103 }; 104 105 struct user_details { 106 struct sudo_cred cred; 107 pid_t pid; 108 pid_t ppid; 109 pid_t pgid; 110 pid_t tcpgid; 111 pid_t sid; 112 const char *username; 113 const char *cwd; 114 const char *tty; 115 const char *host; 116 const char *shell; 117 int ts_rows; 118 int ts_cols; 119 }; 120 121 #define CD_SET_UID 0x000001 122 #define CD_SET_EUID 0x000002 123 #define CD_SET_GID 0x000004 124 #define CD_SET_EGID 0x000008 125 #define CD_PRESERVE_GROUPS 0x000010 126 #define CD_INTERCEPT 0x000020 127 #define CD_NOEXEC 0x000040 128 #define CD_SET_PRIORITY 0x000080 129 #define CD_SET_UMASK 0x000100 130 #define CD_SET_TIMEOUT 0x000200 131 #define CD_SUDOEDIT 0x000400 132 #define CD_BACKGROUND 0x000800 133 #define CD_RBAC_ENABLED 0x001000 134 #define CD_USE_PTY 0x002000 135 #define CD_SET_UTMP 0x004000 136 #define CD_EXEC_BG 0x008000 137 #define CD_SUDOEDIT_FOLLOW 0x010000 138 #define CD_SUDOEDIT_CHECKDIR 0x020000 139 #define CD_SET_GROUPS 0x040000 140 #define CD_LOGIN_SHELL 0x080000 141 #define CD_OVERRIDE_UMASK 0x100000 142 #define CD_LOG_SUBCMDS 0x200000 143 144 struct preserved_fd { 145 TAILQ_ENTRY(preserved_fd) entries; 146 int lowfd; 147 int highfd; 148 int flags; 149 }; 150 TAILQ_HEAD(preserved_fd_list, preserved_fd); 151 152 struct command_details { 153 struct sudo_cred cred; 154 mode_t umask; 155 int priority; 156 int timeout; 157 int closefrom; 158 int flags; 159 int execfd; 160 int cwd_optional; 161 struct preserved_fd_list preserved_fds; 162 struct passwd *pw; 163 const char *command; 164 const char *runas_user; 165 const char *cwd; 166 const char *login_class; 167 const char *chroot; 168 const char *selinux_role; 169 const char *selinux_type; 170 const char *utmp_user; 171 const char *tty; 172 char **argv; 173 char **envp; 174 struct sudo_event_base *evbase; 175 #ifdef HAVE_PRIV_SET 176 priv_set_t *privs; 177 priv_set_t *limitprivs; 178 #endif 179 char * const *info; 180 }; 181 182 /* Status passed between parent and child via socketpair */ 183 struct command_status { 184 #define CMD_INVALID 0 185 #define CMD_ERRNO 1 186 #define CMD_WSTATUS 2 187 #define CMD_SIGNO 3 188 #define CMD_PID 4 189 #define CMD_TTYWINCH 5 190 int type; 191 int val; 192 }; 193 194 /* Garbage collector data types. */ 195 enum sudo_gc_types { 196 GC_UNKNOWN, 197 GC_VECTOR, 198 GC_PTR 199 }; 200 201 /* For fatal() and fatalx() (XXX - needed?) */ 202 void cleanup(int); 203 204 /* tgetpass.c */ 205 char *tgetpass(const char *prompt, int timeout, int flags, 206 struct sudo_conv_callback *callback); 207 208 /* exec.c */ 209 int sudo_execute(struct command_details *details, struct command_status *cstat); 210 211 /* parse_args.c */ 212 int parse_args(int argc, char **argv, int *old_optind, int *nargc, 213 char ***nargv, struct sudo_settings **settingsp, char ***env_addp); 214 extern int tgetpass_flags; 215 216 /* get_pty.c */ 217 bool get_pty(int *leader, int *follower, char *name, size_t namesz, uid_t uid); 218 219 /* sudo.c */ 220 int policy_init_session(struct command_details *details); 221 int run_command(struct command_details *details); 222 int os_init_common(int argc, char *argv[], char *envp[]); 223 bool gc_add(enum sudo_gc_types type, void *v); 224 bool set_user_groups(struct command_details *details); 225 struct sudo_plugin_event *sudo_plugin_event_alloc(void); 226 bool audit_accept(const char *plugin_name, unsigned int plugin_type, 227 char * const command_info[], char * const run_argv[], 228 char * const run_envp[]); 229 bool audit_reject(const char *plugin_name, unsigned int plugin_type, 230 const char *audit_msg, char * const command_info[]); 231 bool audit_error(const char *plugin_name, unsigned int plugin_type, 232 const char *audit_msg, char * const command_info[]); 233 bool approval_check(char * const command_info[], char * const run_argv[], 234 char * const run_envp[]); 235 extern const char *list_user; 236 extern struct user_details user_details; 237 extern int sudo_debug_instance; 238 239 /* sudo_edit.c */ 240 int sudo_edit(struct command_details *details); 241 242 /* parse_args.c */ 243 void usage(void) __attribute__((__noreturn__)); 244 245 /* openbsd.c */ 246 int os_init_openbsd(int argc, char *argv[], char *envp[]); 247 248 /* selinux.c */ 249 int selinux_restore_tty(void); 250 int selinux_setup(const char *role, const char *type, const char *ttyn, 251 int ttyfd, bool label_tty); 252 int selinux_setcon(void); 253 void selinux_execve(int fd, const char *path, char *const argv[], 254 char *envp[], bool noexec); 255 256 /* solaris.c */ 257 void set_project(struct passwd *); 258 int os_init_solaris(int argc, char *argv[], char *envp[]); 259 260 /* hooks.c */ 261 /* XXX - move to sudo_plugin_int.h? */ 262 struct sudo_hook; 263 int register_hook(struct sudo_hook *hook); 264 int deregister_hook(struct sudo_hook *hook); 265 int process_hooks_getenv(const char *name, char **val); 266 int process_hooks_setenv(const char *name, const char *value, int overwrite); 267 int process_hooks_putenv(char *string); 268 int process_hooks_unsetenv(const char *name); 269 270 /* env_hooks.c */ 271 char *getenv_unhooked(const char *name); 272 273 /* interfaces.c */ 274 int get_net_ifs(char **addrinfo); 275 276 /* ttyname.c */ 277 char *get_process_ttyname(char *name, size_t namelen); 278 279 /* signal.c */ 280 struct sigaction; 281 int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa); 282 void init_signals(void); 283 void restore_signals(void); 284 void save_signals(void); 285 bool signal_pending(int signo); 286 287 /* preload.c */ 288 void preload_static_symbols(void); 289 290 /* preserve_fds.c */ 291 int add_preserved_fd(struct preserved_fd_list *pfds, int fd); 292 void closefrom_except(int startfd, struct preserved_fd_list *pfds); 293 void parse_preserved_fds(struct preserved_fd_list *pfds, const char *fdstr); 294 295 /* setpgrp_nobg.c */ 296 int tcsetpgrp_nobg(int fd, pid_t pgrp_id); 297 298 /* limits.c */ 299 void disable_coredump(); 300 void restore_limits(void); 301 void restore_nproc(void); 302 void unlimit_nproc(void); 303 void unlimit_sudo(void); 304 int serialize_limits(char **info, size_t info_max); 305 306 #endif /* SUDO_SUDO_H */ 307