diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:38 +0000 |
commit | ae581a19fbe896a797450b9d9573fb66f2735227 (patch) | |
tree | 56c40be8518a29c9351364d13a9676aa83932dc0 /src/sudo.c | |
parent | Initial commit. (diff) | |
download | sudo-ae581a19fbe896a797450b9d9573fb66f2735227.tar.xz sudo-ae581a19fbe896a797450b9d9573fb66f2735227.zip |
Adding upstream version 1.9.13p3.upstream/1.9.13p3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/sudo.c')
-rw-r--r-- | src/sudo.c | 2234 |
1 files changed, 2234 insertions, 0 deletions
diff --git a/src/sudo.c b/src/sudo.c new file mode 100644 index 0000000..a8a18bb --- /dev/null +++ b/src/sudo.c @@ -0,0 +1,2234 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2022 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#ifdef __TANDEM +# include <floss.h> +#endif + +#include <config.h> + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <sys/resource.h> +#include <sys/socket.h> +#ifdef __linux__ +# include <sys/prctl.h> +#endif +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <ctype.h> +#include <errno.h> +#include <fcntl.h> +#include <limits.h> +#include <signal.h> +#include <grp.h> +#include <pwd.h> +#include <time.h> +#ifdef HAVE_SELINUX +# include <selinux/selinux.h> /* for is_selinux_enabled() */ +#endif +#ifdef HAVE_SETAUTHDB +# include <usersec.h> +#endif /* HAVE_SETAUTHDB */ +#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) +# ifdef __hpux +# undef MAXINT +# include <hpsecurity.h> +# else +# include <sys/security.h> +# endif /* __hpux */ +# include <prot.h> +#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ + +#include <sudo_usage.h> +#include "sudo.h" +#include "sudo_plugin.h" +#include "sudo_plugin_int.h" + +/* + * Local variables + */ +struct plugin_container policy_plugin; +struct plugin_container_list io_plugins = TAILQ_HEAD_INITIALIZER(io_plugins); +struct plugin_container_list audit_plugins = TAILQ_HEAD_INITIALIZER(audit_plugins); +struct plugin_container_list approval_plugins = TAILQ_HEAD_INITIALIZER(approval_plugins); +struct user_details user_details; +const char *list_user; /* extern for parse_args.c */ +int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +static struct command_details command_details; +static int sudo_mode; +static struct sudo_event_base *sudo_event_base; + +struct sudo_gc_entry { + SLIST_ENTRY(sudo_gc_entry) entries; + enum sudo_gc_types type; + union { + char **vec; + void *ptr; + } u; +}; +SLIST_HEAD(sudo_gc_list, sudo_gc_entry); +#ifdef NO_LEAKS +static struct sudo_gc_list sudo_gc_list = SLIST_HEAD_INITIALIZER(sudo_gc_list); +#endif + +/* + * Local functions + */ +static void fix_fds(void); +static void sudo_check_suid(const char *path); +static char **get_user_info(struct user_details *); +static void command_info_to_details(char * const info[], + struct command_details *details); +static void gc_init(void); + +/* Policy plugin convenience functions. */ +static void policy_open(void); +static void policy_close(int exit_status, int error); +static int policy_show_version(int verbose); +static bool policy_check(int argc, char * const argv[], char *env_add[], + char **command_info[], char **run_argv[], char **run_envp[]); +static void policy_list(int argc, char * const argv[], + int verbose, const char *user); +static void policy_validate(char * const argv[]); +static void policy_invalidate(int unlinkit); + +/* I/O log plugin convenience functions. */ +static bool iolog_open(char * const command_info[], int run_argc, + char * const run_argv[], char * const run_envp[]); +static void iolog_close(int exit_status, int error); +static void iolog_show_version(int verbose, int argc, char * const argv[], + char * const envp[]); +static void unlink_plugin(struct plugin_container_list *plugin_list, struct plugin_container *plugin); +static void free_plugin_container(struct plugin_container *plugin, bool ioplugin); + +/* Audit plugin convenience functions (some are public). */ +static void audit_open(void); +static void audit_close(int exit_status, int error); +static void audit_show_version(int verbose); + +/* Approval plugin convenience functions (some are public). */ +static void approval_show_version(int verbose); + +sudo_dso_public int main(int argc, char *argv[], char *envp[]); + +static struct sudo_settings *sudo_settings; +static char * const *user_info, * const *submit_argv, * const *submit_envp; +static int submit_optind; + +int +main(int argc, char *argv[], char *envp[]) +{ + int nargc, status = 0; + char **nargv, **env_add; + char **command_info = NULL, **argv_out = NULL, **run_envp = NULL; + const char * const allowed_prognames[] = { "sudo", "sudoedit", NULL }; + sigset_t mask; + debug_decl_vars(main, SUDO_DEBUG_MAIN); + + /* Only allow "sudo" or "sudoedit" as the program name. */ + initprogname2(argc > 0 ? argv[0] : "sudo", allowed_prognames); + + /* Crank resource limits to unlimited. */ + unlimit_sudo(); + + /* Make sure fds 0-2 are open and do OS-specific initialization. */ + fix_fds(); + os_init(argc, argv, envp); + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE_NAME, LOCALEDIR); + textdomain(PACKAGE_NAME); + + (void) tzset(); + + /* Must be done before we do any password lookups */ +#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) + (void) set_auth_parameters(argc, argv); +# ifdef HAVE_INITPRIVS + initprivs(); +# endif +#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ + + /* Initialize the debug subsystem. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) + exit(EXIT_FAILURE); + sudo_debug_instance = sudo_debug_register(getprogname(), + NULL, NULL, sudo_conf_debug_files(getprogname()), -1); + if (sudo_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) + exit(EXIT_FAILURE); + + /* Make sure we are setuid root. */ + sudo_check_suid(argc > 0 ? argv[0] : "sudo"); + + /* Save original signal state and setup default signal handlers. */ + save_signals(); + init_signals(); + + /* Reset signal mask to the default value (unblock). */ + (void) sigemptyset(&mask); + (void) sigprocmask(SIG_SETMASK, &mask, NULL); + + /* Parse the rest of sudo.conf. */ + sudo_conf_read(NULL, SUDO_CONF_ALL & ~SUDO_CONF_DEBUG); + + /* Fill in user_info with user name, uid, cwd, etc. */ + if ((user_info = get_user_info(&user_details)) == NULL) + exit(EXIT_FAILURE); /* get_user_info printed error message */ + + /* Disable core dumps if not enabled in sudo.conf. */ + if (sudo_conf_disable_coredump()) + disable_coredump(); + + /* Parse command line arguments, preserving the original argv/envp. */ + submit_argv = argv; + submit_envp = envp; + sudo_mode = parse_args(argc, argv, &submit_optind, &nargc, &nargv, + &sudo_settings, &env_add); + sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_mode 0x%x", sudo_mode); + + /* Print sudo version early, in case of plugin init failure. */ + if (ISSET(sudo_mode, MODE_VERSION)) { + printf(_("Sudo version %s\n"), PACKAGE_VERSION); + if (user_details.cred.uid == ROOT_UID) + (void) printf(_("Configure options: %s\n"), CONFIGURE_ARGS); + } + + /* Use conversation function for sudo_(warn|fatal)x? for plugins. */ + sudo_warn_set_conversation(sudo_conversation); + + /* Load plugins. */ + if (!sudo_load_plugins()) + sudo_fatalx("%s", U_("fatal error, unable to load plugins")); + + /* Allocate event base so plugin can use it. */ + if ((sudo_event_base = sudo_ev_base_alloc()) == NULL) + sudo_fatalx("%s", U_("unable to allocate memory")); + + /* Open policy and audit plugins. */ + /* XXX - audit policy_open errors */ + audit_open(); + policy_open(); + + switch (sudo_mode & MODE_MASK) { + case MODE_VERSION: + policy_show_version(!user_details.cred.uid); + iolog_show_version(!user_details.cred.uid, nargc, nargv, + submit_envp); + approval_show_version(!user_details.cred.uid); + audit_show_version(!user_details.cred.uid); + break; + case MODE_VALIDATE: + case MODE_VALIDATE|MODE_INVALIDATE: + policy_validate(nargv); + break; + case MODE_KILL: + case MODE_INVALIDATE: + policy_invalidate(sudo_mode == MODE_KILL); + break; + case MODE_CHECK: + case MODE_CHECK|MODE_INVALIDATE: + case MODE_LIST: + case MODE_LIST|MODE_INVALIDATE: + policy_list(nargc, nargv, ISSET(sudo_mode, MODE_LONG_LIST), + list_user); + break; + case MODE_EDIT: + case MODE_RUN: + if (!policy_check(nargc, nargv, env_add, &command_info, &argv_out, + &run_envp)) + goto access_denied; + + /* Reset nargv/nargc based on argv_out. */ + /* XXX - leaks old nargv in shell mode */ + for (nargv = argv_out, nargc = 0; nargv[nargc] != NULL; nargc++) + continue; + if (nargc == 0) + sudo_fatalx("%s", + U_("plugin did not return a command to execute")); + + /* Approval plugins run after policy plugin accepts the command. */ + if (!approval_check(command_info, nargv, run_envp)) + goto access_denied; + + /* Open I/O plugin once policy and approval plugins succeed. */ + if (!iolog_open(command_info, nargc, nargv, run_envp)) + goto access_denied; + + /* Audit the accept event on behalf of the sudo front-end. */ + if (!audit_accept("sudo", SUDO_FRONT_END, command_info, + nargv, run_envp)) + goto access_denied; + + /* Setup command details and run command/edit. */ + command_info_to_details(command_info, &command_details); + command_details.tty = user_details.tty; + command_details.argv = nargv; + command_details.argc = nargc; + command_details.envp = run_envp; + command_details.evbase = sudo_event_base; + if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) + SET(command_details.flags, CD_LOGIN_SHELL); + if (ISSET(sudo_mode, MODE_BACKGROUND)) + SET(command_details.flags, CD_BACKGROUND); + if (ISSET(command_details.flags, CD_SUDOEDIT)) { + status = sudo_edit(&command_details); + } else { + status = run_command(&command_details); + } + /* The close method was called by sudo_edit/run_command. */ + break; + default: + sudo_fatalx(U_("unexpected sudo mode 0x%x"), sudo_mode); + } + + /* + * If the command was terminated by a signal, sudo needs to terminated + * the same way. Otherwise, the shell may ignore a keyboard-generated + * signal. However, we want to avoid having sudo dump core itself. + */ + if (WIFSIGNALED(status)) { + struct sigaction sa; + + if (WCOREDUMP(status)) + disable_coredump(); + + memset(&sa, 0, sizeof(sa)); + sigemptyset(&sa.sa_mask); + sa.sa_handler = SIG_DFL; + sigaction(WTERMSIG(status), &sa, NULL); + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, + WTERMSIG(status) | 128); + kill(getpid(), WTERMSIG(status)); + } + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, + WEXITSTATUS(status)); + exit(WEXITSTATUS(status)); + +access_denied: + /* Policy/approval failure, close policy and audit plugins before exit. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, EACCES); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, + EXIT_FAILURE); + exit(EXIT_FAILURE); +} + +int +os_init_common(int argc, char *argv[], char *envp[]) +{ +#ifdef STATIC_SUDOERS_PLUGIN + preload_static_symbols(); +#endif + gc_init(); + return 0; +} + +/* + * Ensure that stdin, stdout and stderr are open; set to /dev/null if not. + * Some operating systems do this automatically in the kernel or libc. + */ +static void +fix_fds(void) +{ + int miss[3]; + debug_decl(fix_fds, SUDO_DEBUG_UTIL); + + /* + * stdin, stdout and stderr must be open; set them to /dev/null + * if they are closed. + */ + miss[STDIN_FILENO] = fcntl(STDIN_FILENO, F_GETFL, 0) == -1; + miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1; + miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1; + if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) { + int devnull = + open(_PATH_DEVNULL, O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if (devnull == -1) + sudo_fatal(U_("unable to open %s"), _PATH_DEVNULL); + if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1) + sudo_fatal("dup2"); + if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1) + sudo_fatal("dup2"); + if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1) + sudo_fatal("dup2"); + if (devnull > STDERR_FILENO) + close(devnull); + } + debug_return; +} + +/* + * Allocate space for groups and fill in using sudo_getgrouplist2() + * for when we cannot (or don't want to) use getgroups(). + * Returns 0 on success and -1 on failure. + */ +static int +fill_group_list(const char *user, struct sudo_cred *cred) +{ + int ret = -1; + debug_decl(fill_group_list, SUDO_DEBUG_UTIL); + + /* + * If user specified a max number of groups, use it, otherwise let + * sudo_getgrouplist2() allocate the group vector. + */ + cred->ngroups = sudo_conf_max_groups(); + if (cred->ngroups > 0) { + cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); + if (cred->groups != NULL) { + /* Clamp to max_groups if insufficient space for all groups. */ + if (sudo_getgrouplist2(user, cred->gid, &cred->groups, + &cred->ngroups) == -1) { + cred->ngroups = sudo_conf_max_groups(); + } + ret = 0; + } + } else { + cred->groups = NULL; + ret = sudo_getgrouplist2(user, cred->gid, &cred->groups, + &cred->ngroups); + } + if (ret == -1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: %s: unable to get groups via sudo_getgrouplist2()", + __func__, user); + } else { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: %s: got %d groups via sudo_getgrouplist2()", + __func__, user, cred->ngroups); + } + debug_return_int(ret); +} + +static char * +get_user_groups(const char *user, struct sudo_cred *cred) +{ + char *cp, *gid_list = NULL; + size_t glsize; + int i, len, group_source; + debug_decl(get_user_groups, SUDO_DEBUG_UTIL); + + cred->groups = NULL; + group_source = sudo_conf_group_source(); + if (group_source != GROUP_SOURCE_DYNAMIC) { + int maxgroups = (int)sysconf(_SC_NGROUPS_MAX); + if (maxgroups < 0) + maxgroups = NGROUPS_MAX; + + /* Note that macOS may return ngroups > NGROUPS_MAX. */ + cred->ngroups = getgroups(0, NULL); // -V575 + if (cred->ngroups > 0) { + /* Use groups from kernel if not at limit or source is static. */ + if (cred->ngroups != maxgroups || group_source == GROUP_SOURCE_STATIC) { + cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T)); + if (cred->groups == NULL) + goto done; + cred->ngroups = getgroups(cred->ngroups, cred->groups); + if (cred->ngroups < 0) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: unable to get %d groups via getgroups()", + __func__, cred->ngroups); + free(cred->groups); + cred->groups = NULL; + } else { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: got %d groups via getgroups()", + __func__, cred->ngroups); + } + } + } + } + if (cred->groups == NULL) { + /* + * Query group database if kernel list is too small or disabled. + * Typically, this is because NFS can only support up to 16 groups. + */ + if (fill_group_list(user, cred) == -1) + goto done; + } + + /* + * Format group list as a comma-separated string of gids. + */ + glsize = sizeof("groups=") - 1 + (cred->ngroups * (MAX_UID_T_LEN + 1)); + if ((gid_list = malloc(glsize)) == NULL) + goto done; + memcpy(gid_list, "groups=", sizeof("groups=") - 1); + cp = gid_list + sizeof("groups=") - 1; + for (i = 0; i < cred->ngroups; i++) { + len = snprintf(cp, glsize - (cp - gid_list), "%s%u", + i ? "," : "", (unsigned int)cred->groups[i]); + if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) + sudo_fatalx(U_("internal error, %s overflow"), __func__); + cp += len; + } +done: + debug_return_str(gid_list); +} + +/* + * Return user information as an array of name=value pairs. + * and fill in struct user_details (which shares the same strings). + */ +static char ** +get_user_info(struct user_details *ud) +{ + char *cp, **info, path[PATH_MAX]; + size_t info_max = 32 + RLIM_NLIMITS; + unsigned int i = 0; + mode_t mask; + struct passwd *pw; + int fd, n; + debug_decl(get_user_info, SUDO_DEBUG_UTIL); + + /* + * On BSD systems you can set a hint to keep the password and + * group databases open instead of having to open and close + * them all the time. Since sudo does a lot of password and + * group lookups, keeping the file open can speed things up. + */ +#ifdef HAVE_SETPASSENT + setpassent(1); +#endif /* HAVE_SETPASSENT */ +#ifdef HAVE_SETGROUPENT + setgroupent(1); +#endif /* HAVE_SETGROUPENT */ + + memset(ud, 0, sizeof(*ud)); + + /* XXX - bound check number of entries */ + info = reallocarray(NULL, info_max, sizeof(char *)); + if (info == NULL) + goto oom; + + ud->pid = getpid(); + ud->ppid = getppid(); + ud->pgid = getpgid(0); + fd = open(_PATH_TTY, O_RDWR); + if (fd != -1) { + if ((ud->tcpgid = tcgetpgrp(fd)) == -1) + ud->tcpgid = 0; + close(fd); + } + if ((ud->sid = getsid(0)) == -1) + ud->sid = 0; + + ud->cred.uid = getuid(); + ud->cred.euid = geteuid(); + ud->cred.gid = getgid(); + ud->cred.egid = getegid(); + +#ifdef HAVE_SETAUTHDB + aix_setauthdb(IDtouser(ud->cred.uid), NULL); +#endif + pw = getpwuid(ud->cred.uid); +#ifdef HAVE_SETAUTHDB + aix_restoreauthdb(); +#endif + if (pw == NULL) + sudo_fatalx(U_("you do not exist in the %s database"), "passwd"); + + info[i] = sudo_new_key_val("user", pw->pw_name); + if (info[i] == NULL) + goto oom; + ud->username = info[i] + sizeof("user=") - 1; + + /* Stash user's shell for use with the -s flag; don't pass to plugin. */ + if ((ud->shell = getenv("SHELL")) == NULL || ud->shell[0] == '\0') { + ud->shell = pw->pw_shell[0] ? pw->pw_shell : _PATH_SUDO_BSHELL; + } + if ((ud->shell = strdup(ud->shell)) == NULL) + goto oom; + + if (asprintf(&info[++i], "pid=%d", (int)ud->pid) == -1) + goto oom; + if (asprintf(&info[++i], "ppid=%d", (int)ud->ppid) == -1) + goto oom; + if (asprintf(&info[++i], "pgid=%d", (int)ud->pgid) == -1) + goto oom; + if (asprintf(&info[++i], "tcpgid=%d", (int)ud->tcpgid) == -1) + goto oom; + if (asprintf(&info[++i], "sid=%d", (int)ud->sid) == -1) + goto oom; + if (asprintf(&info[++i], "uid=%u", (unsigned int)ud->cred.uid) == -1) + goto oom; + if (asprintf(&info[++i], "euid=%u", (unsigned int)ud->cred.euid) == -1) + goto oom; + if (asprintf(&info[++i], "gid=%u", (unsigned int)ud->cred.gid) == -1) + goto oom; + if (asprintf(&info[++i], "egid=%u", (unsigned int)ud->cred.egid) == -1) + goto oom; + + if ((cp = get_user_groups(ud->username, &ud->cred)) == NULL) + goto oom; + info[++i] = cp; + + mask = umask(0); + umask(mask); + if (asprintf(&info[++i], "umask=0%o", (unsigned int)mask) == -1) + goto oom; + + if (getcwd(path, sizeof(path)) != NULL) { + info[++i] = sudo_new_key_val("cwd", path); + if (info[i] == NULL) + goto oom; + ud->cwd = info[i] + sizeof("cwd=") - 1; + } + + if (get_process_ttyname(path, sizeof(path)) != NULL) { + info[++i] = sudo_new_key_val("tty", path); + if (info[i] == NULL) + goto oom; + ud->tty = info[i] + sizeof("tty=") - 1; + } else { + /* tty may not always be present */ + if (errno != ENOENT) + sudo_warn("%s", U_("unable to determine tty")); + } + + cp = sudo_gethostname(); + info[++i] = sudo_new_key_val("host", cp ? cp : "localhost"); + free(cp); + if (info[i] == NULL) + goto oom; + ud->host = info[i] + sizeof("host=") - 1; + + sudo_get_ttysize(&ud->ts_rows, &ud->ts_cols); + if (asprintf(&info[++i], "lines=%d", ud->ts_rows) == -1) + goto oom; + if (asprintf(&info[++i], "cols=%d", ud->ts_cols) == -1) + goto oom; + + n = serialize_rlimits(&info[i + 1], info_max - (i + 1)); + if (n == -1) + goto oom; + i += n; + + info[++i] = NULL; + + /* Add to list of vectors to be garbage collected at exit. */ + if (!gc_add(GC_VECTOR, info)) + goto bad; + + debug_return_ptr(info); +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); +bad: + while (i--) + free(info[i]); + free(info); + debug_return_ptr(NULL); +} + +/* + * Convert a command_info array into a command_details structure. + */ +static void +command_info_to_details(char * const info[], struct command_details *details) +{ + const char *errstr; + char *cp; + id_t id; + int i; + debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM); + + memset(details, 0, sizeof(*details)); + details->info = info; + details->closefrom = -1; + details->execfd = -1; + details->flags = CD_SUDOEDIT_CHECKDIR | CD_SET_GROUPS; + TAILQ_INIT(&details->preserved_fds); + +#define SET_STRING(s, n) \ + if (strncmp(s, info[i], sizeof(s) - 1) == 0 && info[i][sizeof(s) - 1]) { \ + details->n = info[i] + sizeof(s) - 1; \ + break; \ + } +#define SET_FLAG(s, n) \ + if (strncmp(s, info[i], sizeof(s) - 1) == 0) { \ + switch (sudo_strtobool(info[i] + sizeof(s) - 1)) { \ + case true: \ + SET(details->flags, n); \ + break; \ + case false: \ + CLR(details->flags, n); \ + break; \ + default: \ + sudo_debug_printf(SUDO_DEBUG_ERROR, \ + "invalid boolean value for %s", info[i]); \ + break; \ + } \ + break; \ + } + + sudo_debug_printf(SUDO_DEBUG_INFO, "command info from plugin:"); + for (i = 0; info[i] != NULL; i++) { + sudo_debug_printf(SUDO_DEBUG_INFO, " %d: %s", i, info[i]); + switch (info[i][0]) { + case 'a': + SET_STRING("apparmor_profile=", apparmor_profile); + break; + case 'c': + SET_STRING("chroot=", chroot) + SET_STRING("command=", command) + SET_STRING("cwd=", cwd) + SET_FLAG("cwd_optional=", CD_CWD_OPTIONAL) + if (strncmp("closefrom=", info[i], sizeof("closefrom=") - 1) == 0) { + cp = info[i] + sizeof("closefrom=") - 1; + details->closefrom = sudo_strtonum(cp, 0, INT_MAX, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + break; + } + break; + case 'e': + SET_FLAG("exec_background=", CD_EXEC_BG) + if (strncmp("execfd=", info[i], sizeof("execfd=") - 1) == 0) { + cp = info[i] + sizeof("execfd=") - 1; + details->execfd = sudo_strtonum(cp, 0, INT_MAX, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); +#ifdef HAVE_FEXECVE + /* Must keep fd open during exec. */ + add_preserved_fd(&details->preserved_fds, details->execfd); + SET(details->flags, CD_FEXECVE); +#else + /* Plugin thinks we support fexecve() but we don't. */ + (void)fcntl(details->execfd, F_SETFD, FD_CLOEXEC); + details->execfd = -1; +#endif + break; + } + break; + case 'i': + SET_FLAG("intercept=", CD_INTERCEPT) + SET_FLAG("intercept_verify=", CD_INTERCEPT_VERIFY) + break; + case 'l': + SET_STRING("login_class=", login_class) + SET_FLAG("log_subcmds=", CD_LOG_SUBCMDS) + break; + case 'n': + if (strncmp("nice=", info[i], sizeof("nice=") - 1) == 0) { + cp = info[i] + sizeof("nice=") - 1; + details->priority = sudo_strtonum(cp, INT_MIN, INT_MAX, + &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + SET(details->flags, CD_SET_PRIORITY); + break; + } + SET_FLAG("noexec=", CD_NOEXEC) + break; + case 'p': + SET_FLAG("preserve_groups=", CD_PRESERVE_GROUPS) + if (strncmp("preserve_fds=", info[i], sizeof("preserve_fds=") - 1) == 0) { + parse_preserved_fds(&details->preserved_fds, + info[i] + sizeof("preserve_fds=") - 1); + break; + } + break; + case 'r': + if (strncmp("rlimit_", info[i], sizeof("rlimit_") - 1) == 0) { + parse_policy_rlimit(info[i] + sizeof("rlimit_") - 1); + break; + } + if (strncmp("runas_egid=", info[i], sizeof("runas_egid=") - 1) == 0) { + cp = info[i] + sizeof("runas_egid=") - 1; + id = sudo_strtoid(cp, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + details->cred.egid = (gid_t)id; + SET(details->flags, CD_SET_EGID); + break; + } + if (strncmp("runas_euid=", info[i], sizeof("runas_euid=") - 1) == 0) { + cp = info[i] + sizeof("runas_euid=") - 1; + id = sudo_strtoid(cp, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + details->cred.euid = (uid_t)id; + SET(details->flags, CD_SET_EUID); + break; + } + if (strncmp("runas_gid=", info[i], sizeof("runas_gid=") - 1) == 0) { + cp = info[i] + sizeof("runas_gid=") - 1; + id = sudo_strtoid(cp, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + details->cred.gid = (gid_t)id; + SET(details->flags, CD_SET_GID); + break; + } + if (strncmp("runas_groups=", info[i], sizeof("runas_groups=") - 1) == 0) { + cp = info[i] + sizeof("runas_groups=") - 1; + details->cred.ngroups = sudo_parse_gids(cp, NULL, &details->cred.groups); + /* sudo_parse_gids() will print a warning on error. */ + if (details->cred.ngroups == -1) + exit(EXIT_FAILURE); /* XXX */ + break; + } + if (strncmp("runas_uid=", info[i], sizeof("runas_uid=") - 1) == 0) { + cp = info[i] + sizeof("runas_uid=") - 1; + id = sudo_strtoid(cp, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + details->cred.uid = (uid_t)id; + SET(details->flags, CD_SET_UID); + break; + } +#ifdef HAVE_PRIV_SET + if (strncmp("runas_privs=", info[i], sizeof("runas_privs=") - 1) == 0) { + const char *endp; + cp = info[i] + sizeof("runas_privs=") - 1; + if (*cp != '\0') { + details->privs = priv_str_to_set(cp, ",", &endp); + if (details->privs == NULL) + sudo_warn("invalid runas_privs %s", endp); + } + break; + } + if (strncmp("runas_limitprivs=", info[i], sizeof("runas_limitprivs=") - 1) == 0) { + const char *endp; + cp = info[i] + sizeof("runas_limitprivs=") - 1; + if (*cp != '\0') { + details->limitprivs = priv_str_to_set(cp, ",", &endp); + if (details->limitprivs == NULL) + sudo_warn("invalid runas_limitprivs %s", endp); + } + break; + } +#endif /* HAVE_PRIV_SET */ + SET_STRING("runas_user=", runas_user) + break; + case 's': + SET_STRING("selinux_role=", selinux_role) + SET_STRING("selinux_type=", selinux_type) + SET_FLAG("set_utmp=", CD_SET_UTMP) + SET_FLAG("sudoedit=", CD_SUDOEDIT) + SET_FLAG("sudoedit_checkdir=", CD_SUDOEDIT_CHECKDIR) + SET_FLAG("sudoedit_follow=", CD_SUDOEDIT_FOLLOW) + if (strncmp("sudoedit_nfiles=", info[i], sizeof("sudoedit_nfiles=") - 1) == 0) { + cp = info[i] + sizeof("sudoedit_nfiles=") - 1; + details->nfiles = sudo_strtonum(cp, 1, INT_MAX, + &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + break; + } + break; + case 't': + if (strncmp("timeout=", info[i], sizeof("timeout=") - 1) == 0) { + cp = info[i] + sizeof("timeout=") - 1; + details->timeout = sudo_strtonum(cp, 0, INT_MAX, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + SET(details->flags, CD_SET_TIMEOUT); + break; + } + break; + case 'u': + if (strncmp("umask=", info[i], sizeof("umask=") - 1) == 0) { + cp = info[i] + sizeof("umask=") - 1; + details->umask = sudo_strtomode(cp, &errstr); + if (errstr != NULL) + sudo_fatalx(U_("%s: %s"), info[i], U_(errstr)); + SET(details->flags, CD_SET_UMASK); + break; + } + SET_FLAG("umask_override=", CD_OVERRIDE_UMASK) + SET_FLAG("use_ptrace=", CD_USE_PTRACE) + SET_FLAG("use_pty=", CD_USE_PTY) + SET_STRING("utmp_user=", utmp_user) + break; + } + } + + /* Only use ptrace(2) for intercept/log_subcmds if supported. */ + exec_ptrace_fix_flags(details); + + if (!ISSET(details->flags, CD_SET_EUID)) + details->cred.euid = details->cred.uid; + if (!ISSET(details->flags, CD_SET_EGID)) + details->cred.egid = details->cred.gid; + if (!ISSET(details->flags, CD_SET_UMASK)) + CLR(details->flags, CD_OVERRIDE_UMASK); + +#ifdef HAVE_SETAUTHDB + aix_setauthdb(IDtouser(details->cred.euid), NULL); +#endif + if (details->runas_user != NULL) + details->pw = getpwnam(details->runas_user); + if (details->pw == NULL) + details->pw = getpwuid(details->cred.euid); +#ifdef HAVE_SETAUTHDB + aix_restoreauthdb(); +#endif + if (details->pw != NULL && (details->pw = pw_dup(details->pw)) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + +#ifdef HAVE_SELINUX + if (details->selinux_role != NULL && is_selinux_enabled() > 0) { + SET(details->flags, CD_RBAC_ENABLED); + i = selinux_getexeccon(details->selinux_role, details->selinux_type); + if (i != 0) + exit(EXIT_FAILURE); + } +#endif + +#ifdef HAVE_APPARMOR + if (details->apparmor_profile != NULL && apparmor_is_enabled()) { + i = apparmor_prepare(details->apparmor_profile); + if (i != 0) + exit(EXIT_FAILURE); + } +#endif + + debug_return; +} + +static void +sudo_check_suid(const char *sudo) +{ + char pathbuf[PATH_MAX]; + struct stat sb; + bool qualified; + debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM); + + if (geteuid() != ROOT_UID) { +#if defined(__linux__) && defined(PR_GET_NO_NEW_PRIVS) + /* The no_new_privs flag disables set-user-ID at execve(2) time. */ + if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) == 1) { + sudo_warnx("%s", U_("The \"no new privileges\" flag is set, which " + "prevents sudo from running as root.")); + sudo_warnx("%s", U_("If sudo is running in a container, you may need" + " to adjust the container configuration to disable the flag.")); + exit(EXIT_FAILURE); + } +#endif /* __linux__ && PR_GET_NO_NEW_PRIVS */ + + /* Search for sudo binary in PATH if not fully qualified. */ + qualified = strchr(sudo, '/') != NULL; + if (!qualified) { + char *path = getenv_unhooked("PATH"); + if (path != NULL) { + const char *cp, *ep; + const char *pathend = path + strlen(path); + + for (cp = sudo_strsplit(path, pathend, ":", &ep); cp != NULL; + cp = sudo_strsplit(NULL, pathend, ":", &ep)) { + + int len = snprintf(pathbuf, sizeof(pathbuf), "%.*s/%s", + (int)(ep - cp), cp, sudo); + if (len < 0 || len >= ssizeof(pathbuf)) + continue; + if (access(pathbuf, X_OK) == 0) { + sudo = pathbuf; + qualified = true; + break; + } + } + } + } + + if (qualified && stat(sudo, &sb) == 0) { + /* Try to determine why sudo was not running as root. */ + if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) { + sudo_fatalx( + U_("%s must be owned by uid %d and have the setuid bit set"), + sudo, ROOT_UID); + } else { + sudo_fatalx(U_("effective uid is not %d, is %s on a file system " + "with the 'nosuid' option set or an NFS file system without" + " root privileges?"), ROOT_UID, sudo); + } + } else { + sudo_fatalx( + U_("effective uid is not %d, is sudo installed setuid root?"), + ROOT_UID); + } + } + debug_return; +} + +bool +set_user_groups(struct command_details *details) +{ + bool ret = false; + debug_decl(set_user_groups, SUDO_DEBUG_EXEC); + + if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { + if (details->cred.ngroups >= 0) { + if (sudo_setgroups(details->cred.ngroups, details->cred.groups) < 0) { + sudo_warn("%s", U_("unable to set supplementary group IDs")); + goto done; + } + } + } +#ifdef HAVE_SETEUID + if (ISSET(details->flags, CD_SET_EGID) && setegid(details->cred.egid)) { + sudo_warn(U_("unable to set effective gid to runas gid %u"), + (unsigned int)details->cred.egid); + goto done; + } +#endif + if (ISSET(details->flags, CD_SET_GID) && setgid(details->cred.gid)) { + sudo_warn(U_("unable to set gid to runas gid %u"), + (unsigned int)details->cred.gid); + goto done; + } + ret = true; + +done: + CLR(details->flags, CD_SET_GROUPS); + debug_return_bool(ret); +} + +/* + * Run the command and wait for it to complete. + * Returns wait status suitable for use with the wait(2) macros. + */ +int +run_command(struct command_details *details) +{ + struct command_status cstat; + int status = W_EXITCODE(1, 0); + debug_decl(run_command, SUDO_DEBUG_EXEC); + + cstat.type = CMD_INVALID; + cstat.val = 0; + + if (details->command == NULL) { + sudo_warnx("%s", U_("command not set by the security policy")); + debug_return_int(status); + } + if (details->argv == NULL) { + sudo_warnx("%s", U_("argv not set by the security policy")); + debug_return_int(status); + } + if (details->envp == NULL) { + sudo_warnx("%s", U_("envp not set by the security policy")); + debug_return_int(status); + } + + sudo_execute(details, &cstat); + + switch (cstat.type) { + case CMD_ERRNO: + /* exec_setup() or execve() returned an error. */ + iolog_close(0, cstat.val); + policy_close(0, cstat.val); + audit_close(SUDO_PLUGIN_EXEC_ERROR, cstat.val); + break; + case CMD_WSTATUS: + /* Command ran, exited or was killed. */ + status = cstat.val; + iolog_close(status, 0); + policy_close(status, 0); + audit_close(SUDO_PLUGIN_WAIT_STATUS, cstat.val); + break; + default: + /* TODO: handle front end error conditions. */ + sudo_warnx(U_("unexpected child termination condition: %d"), cstat.type); + break; + } + debug_return_int(status); +} + +/* + * Format struct sudo_settings as name=value pairs for the plugin + * to consume. Returns a NULL-terminated plugin-style array of pairs. + */ +static char ** +format_plugin_settings(struct plugin_container *plugin) +{ + size_t plugin_settings_size; + struct sudo_debug_file *debug_file; + struct sudo_settings *setting; + char **plugin_settings; + unsigned int i = 0; + debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM); + + /* We update the ticket entry by default. */ + if (sudo_settings[ARG_IGNORE_TICKET].value == NULL && + sudo_settings[ARG_UPDATE_TICKET].value == NULL) { + sudo_settings[ARG_UPDATE_TICKET].value = "true"; + } + + /* Determine sudo_settings array size (including plugin_path and NULL) */ + plugin_settings_size = 2; + for (setting = sudo_settings; setting->name != NULL; setting++) + plugin_settings_size++; + if (plugin->debug_files != NULL) { + TAILQ_FOREACH(debug_file, plugin->debug_files, entries) + plugin_settings_size++; + } + + /* Allocate and fill in. */ + plugin_settings = reallocarray(NULL, plugin_settings_size, sizeof(char *)); + if (plugin_settings == NULL) + goto bad; + plugin_settings[i] = sudo_new_key_val("plugin_path", plugin->path); + if (plugin_settings[i] == NULL) + goto bad; + for (setting = sudo_settings; setting->name != NULL; setting++) { + if (setting->value != NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s=%s", + setting->name, setting->value); + plugin_settings[++i] = + sudo_new_key_val(setting->name, setting->value); + if (plugin_settings[i] == NULL) + goto bad; + } + } + if (plugin->debug_files != NULL) { + TAILQ_FOREACH(debug_file, plugin->debug_files, entries) { + /* XXX - quote filename? */ + if (asprintf(&plugin_settings[++i], "debug_flags=%s %s", + debug_file->debug_file, debug_file->debug_flags) == -1) + goto bad; + } + } + plugin_settings[i + 1] = NULL; + + /* Add to list of vectors to be garbage collected at exit. */ + if (!gc_add(GC_VECTOR, plugin_settings)) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + debug_return_ptr(plugin_settings); +bad: + while (i--) + free(plugin_settings[i]); + free(plugin_settings); + debug_return_ptr(NULL); +} + +static void +policy_open(void) +{ + char **plugin_settings; + const char *errstr = NULL; + int ok; + debug_decl(policy_open, SUDO_DEBUG_PCOMM); + + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(&policy_plugin); + if (plugin_settings == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + /* + * Backward compatibility for older API versions + */ + sudo_debug_set_active_instance(SUDO_DEBUG_INSTANCE_INITIALIZER); + switch (policy_plugin.u.generic->version) { + case SUDO_API_MKVERSION(1, 0): + case SUDO_API_MKVERSION(1, 1): + ok = policy_plugin.u.policy_1_0->open(policy_plugin.u.io_1_0->version, + sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, + user_info, submit_envp); + break; + default: + ok = policy_plugin.u.policy->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, submit_envp, + policy_plugin.options, &errstr); + } + + /* Stash plugin debug instance ID if set in open() function. */ + policy_plugin.debug_instance = sudo_debug_get_active_instance(); + sudo_debug_set_active_instance(sudo_debug_instance); + + if (ok != 1) { + if (ok == -2) + usage(); + else { + /* XXX - audit */ + sudo_fatalx("%s", U_("unable to initialize policy plugin")); + } + } + + debug_return; +} + +static void +policy_close(int exit_status, int error_code) +{ + debug_decl(policy_close, SUDO_DEBUG_PCOMM); + + if (error_code != 0) { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling policy close with errno %d", + policy_plugin.name, error_code); + } else { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling policy close with wait status %d", + policy_plugin.name, exit_status); + } + if (policy_plugin.u.policy->close != NULL) { + sudo_debug_set_active_instance(policy_plugin.debug_instance); + policy_plugin.u.policy->close(exit_status, error_code); + sudo_debug_set_active_instance(sudo_debug_instance); + } else if (error_code != 0) { + if (command_details.command != NULL) { + errno = error_code; + sudo_warn(U_("unable to execute %s"), command_details.command); + } + } + + debug_return; +} + +static int +policy_show_version(int verbose) +{ + int ret = true; + debug_decl(policy_show_version, SUDO_DEBUG_PCOMM); + + sudo_debug_set_active_instance(policy_plugin.debug_instance); + if (policy_plugin.u.policy->show_version != NULL) + ret = policy_plugin.u.policy->show_version(verbose); + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) { + if (policy_plugin.u.policy->close != NULL) + policy_plugin.u.policy->close(0, 0); + } + sudo_debug_set_active_instance(sudo_debug_instance); + + debug_return_int(ret); +} + +static bool +policy_check(int argc, char * const argv[], char *env_add[], + char **command_info[], char **run_argv[], char **run_envp[]) +{ + const char *errstr = NULL; + int ok; + debug_decl(policy_check, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->check_policy == NULL) { + sudo_fatalx(U_("policy plugin %s is missing the \"check_policy\" method"), + policy_plugin.name); + } + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->check_policy(argc, argv, env_add, + command_info, run_argv, run_envp, &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d (%s)", + ok, errstr ? errstr : ""); + + /* On success, the close method will be called by sudo_edit/run_command. */ + if (ok != 1) { + switch (ok) { + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + *command_info); + break; + case -1: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + *command_info); + break; + case -2: + usage(); + break; + } + debug_return_bool(false); + } + debug_return_bool(audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + *command_info, *run_argv, *run_envp)); +} + +static void +policy_list(int argc, char * const argv[], int verbose, const char *user) +{ + const char *errstr = NULL; + /* TODO: add list_user */ + const char * const command_info[] = { + "command=list", + NULL + }; + int ok; + debug_decl(policy_list, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->list == NULL) { + sudo_fatalx(U_("policy plugin %s does not support listing privileges"), + policy_plugin.name); + } + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->list(argc, argv, verbose, user, &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + + switch (ok) { + case 1: + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + (char **)command_info, argv, submit_envp); + break; + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + (char **)command_info); + break; + default: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + (char **)command_info); + break; + } + + /* Policy must be closed after auditing to avoid use after free. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, 0); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(ok != 1); +} + +static void +policy_validate(char * const argv[]) +{ + const char *errstr = NULL; + const char * const command_info[] = { + "command=validate", + NULL + }; + int ok = 0; + debug_decl(policy_validate, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->validate == NULL) { + sudo_fatalx(U_("policy plugin %s does not support the -v option"), + policy_plugin.name); + } + sudo_debug_set_active_instance(policy_plugin.debug_instance); + ok = policy_plugin.u.policy->validate(&errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + + switch (ok) { + case 1: + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + (char **)command_info, argv, submit_envp); + break; + case 0: + audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("command rejected by policy"), + (char **)command_info); + break; + default: + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + (char **)command_info); + break; + } + + /* Policy must be closed after auditing to avoid use after free. */ + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) + policy_close(0, 0); + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(ok != 1); +} + +static void +policy_invalidate(int unlinkit) +{ + debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM); + + if (policy_plugin.u.policy->invalidate == NULL) { + sudo_fatalx(U_("policy plugin %s does not support the -k/-K options"), + policy_plugin.name); + } + sudo_debug_set_active_instance(policy_plugin.debug_instance); + policy_plugin.u.policy->invalidate(unlinkit); + if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) { + if (policy_plugin.u.policy->close != NULL) + policy_plugin.u.policy->close(0, 0); + } + sudo_debug_set_active_instance(sudo_debug_instance); + + audit_close(SUDO_PLUGIN_NO_STATUS, 0); + + exit(EXIT_SUCCESS); +} + +int +policy_init_session(struct command_details *details) +{ + const char *errstr = NULL; + int ret = true; + debug_decl(policy_init_session, SUDO_DEBUG_PCOMM); + + /* + * We set groups, including supplementary group vector, + * as part of the session setup. This allows for dynamic + * groups to be set via pam_group(8) in pam_setcred(3). + */ + if (ISSET(details->flags, CD_SET_GROUPS)) { + /* set_user_groups() prints error message on failure. */ + if (!set_user_groups(details)) + goto done; + } + + /* Session setup may override sudoers umask so set it first. */ + if (ISSET(details->flags, CD_SET_UMASK)) + (void) umask(details->umask); + + if (policy_plugin.u.policy->init_session) { + /* + * Backward compatibility for older API versions + */ + sudo_debug_set_active_instance(policy_plugin.debug_instance); + switch (policy_plugin.u.generic->version) { + case SUDO_API_MKVERSION(1, 0): + case SUDO_API_MKVERSION(1, 1): + ret = policy_plugin.u.policy_1_0->init_session(details->pw); + break; + default: + ret = policy_plugin.u.policy->init_session(details->pw, + &details->envp, &errstr); + } + sudo_debug_set_active_instance(sudo_debug_instance); + if (ret != 1) { + audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, + errstr ? errstr : _("policy plugin error"), + details->info); + } + } + +done: + debug_return_int(ret); +} + +static int +iolog_open_int(struct plugin_container *plugin, char * const command_info[], + int argc, char * const argv[], char * const run_envp[], const char **errstr) +{ + char **plugin_settings; + int ret; + debug_decl(iolog_open_int, SUDO_DEBUG_PCOMM); + + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(plugin); + if (plugin_settings == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(-1); + } + + /* + * Backward compatibility for older API versions + */ + sudo_debug_set_active_instance(plugin->debug_instance); + switch (plugin->u.generic->version) { + case SUDO_API_MKVERSION(1, 0): + ret = plugin->u.io_1_0->open(plugin->u.io_1_0->version, + sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, + user_info, argc, argv, run_envp); + break; + case SUDO_API_MKVERSION(1, 1): + ret = plugin->u.io_1_1->open(plugin->u.io_1_1->version, + sudo_conversation_1_7, sudo_conversation_printf, plugin_settings, + user_info, command_info, argc, argv, run_envp); + break; + default: + ret = plugin->u.io->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, command_info, + argc, argv, run_envp, plugin->options, errstr); + } + + /* Stash plugin debug instance ID if set in open() function. */ + plugin->debug_instance = sudo_debug_get_active_instance(); + sudo_debug_set_active_instance(sudo_debug_instance); + + debug_return_int(ret); +} + +static bool +iolog_open(char * const command_info[], int argc, char * const argv[], + char * const run_envp[]) +{ + struct plugin_container *plugin, *next; + const char *errstr = NULL; + debug_decl(iolog_open, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH_SAFE(plugin, &io_plugins, entries, next) { + int ok = iolog_open_int(plugin, command_info, argc, argv, run_envp, + &errstr); + switch (ok) { + case 1: + break; + case 0: + /* I/O plugin asked to be disabled, remove and free. */ + unlink_plugin(&io_plugins, plugin); + break; + case -2: + usage(); + break; + default: + sudo_warnx(U_("error initializing I/O plugin %s"), + plugin->name); + audit_error(plugin->name, SUDO_IO_PLUGIN, + errstr ? errstr : _("error initializing I/O plugin"), + command_info); + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +static void +iolog_close(int exit_status, int error_code) +{ + struct plugin_container *plugin; + debug_decl(iolog_close, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &io_plugins, entries) { + if (plugin->u.io->close != NULL) { + if (error_code != 0) { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling I/O close with errno %d", + plugin->name, error_code); + } else { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s: calling I/O close with wait status %d", + plugin->name, exit_status); + } + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.io->close(exit_status, error_code); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +static void +iolog_show_version(int verbose, int argc, char * const argv[], + char * const envp[]) +{ + const char *errstr = NULL; + struct plugin_container *plugin; + debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &io_plugins, entries) { + int ok = iolog_open_int(plugin, NULL, argc, argv, envp, &errstr); + if (ok != -1) { + sudo_debug_set_active_instance(plugin->debug_instance); + if (plugin->u.io->show_version != NULL) { + /* Return value of show_version currently ignored. */ + plugin->u.io->show_version(verbose); + } + if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 15)) { + if (plugin->u.io->close != NULL) + plugin->u.io->close(0, 0); + } + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +/* + * Remove the specified plugin from the plugins list. + * Deregisters any hooks before unlinking, then frees the container. + */ +static void +unlink_plugin(struct plugin_container_list *plugin_list, + struct plugin_container *plugin) +{ + void (*deregister_hooks)(int , int (*)(struct sudo_hook *)) = NULL; + debug_decl(unlink_plugin, SUDO_DEBUG_PCOMM); + + /* Deregister hooks, if any. */ + if (plugin->u.generic->version >= SUDO_API_MKVERSION(1, 2)) { + switch (plugin->u.generic->type) { + case SUDO_IO_PLUGIN: + deregister_hooks = plugin->u.io->deregister_hooks; + break; + case SUDO_AUDIT_PLUGIN: + deregister_hooks = plugin->u.audit->deregister_hooks; + break; + default: + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: unsupported plugin type %d", __func__, + plugin->u.generic->type); + break; + } + } + if (deregister_hooks != NULL) { + sudo_debug_set_active_instance(plugin->debug_instance); + deregister_hooks(SUDO_HOOK_VERSION, deregister_hook); + sudo_debug_set_active_instance(sudo_debug_instance); + } + + /* Remove from plugin list and free. */ + TAILQ_REMOVE(plugin_list, plugin, entries); + free_plugin_container(plugin, true); + + debug_return; +} + +static int +audit_open_int(struct plugin_container *plugin, const char **errstr) +{ + char **plugin_settings; + int ret; + debug_decl(audit_open_int, SUDO_DEBUG_PCOMM); + + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(plugin); + if (plugin_settings == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_int(-1); + } + + sudo_debug_set_active_instance(plugin->debug_instance); + ret = plugin->u.audit->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, + submit_optind, submit_argv, submit_envp, plugin->options, errstr); + + /* Stash plugin debug instance ID if set in open() function. */ + plugin->debug_instance = sudo_debug_get_active_instance(); + sudo_debug_set_active_instance(sudo_debug_instance); + + debug_return_int(ret); +} + +static void +audit_open(void) +{ + struct plugin_container *plugin, *next; + const char *errstr = NULL; + debug_decl(audit_open, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH_SAFE(plugin, &audit_plugins, entries, next) { + int ok = audit_open_int(plugin, &errstr); + switch (ok) { + case 1: + break; + case 0: + /* Audit plugin asked to be disabled, remove and free. */ + unlink_plugin(&audit_plugins, plugin); + break; + case -2: + usage(); + break; + default: + /* TODO: pass error message to other audit plugins */ + sudo_fatalx(U_("error initializing audit plugin %s"), + plugin->name); + } + } + + debug_return; +} + +static void +audit_close(int status_type, int status) +{ + struct plugin_container *plugin; + debug_decl(audit_close, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->close != NULL) { + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.audit->close(status_type, status); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +static void +audit_show_version(int verbose) +{ + struct plugin_container *plugin; + debug_decl(audit_show_version, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + sudo_debug_set_active_instance(plugin->debug_instance); + if (plugin->u.audit->show_version != NULL) { + /* Return value of show_version currently ignored. */ + plugin->u.audit->show_version(verbose); + } + if (plugin->u.audit->close != NULL) + plugin->u.audit->close(SUDO_PLUGIN_NO_STATUS, 0); + sudo_debug_set_active_instance(sudo_debug_instance); + } + + debug_return; +} + +/* + * Error from plugin or front-end. + * The error will not be sent to plugin source, if specified. + */ +static bool +audit_error2(struct plugin_container *source, const char *plugin_name, + unsigned int plugin_type, const char *audit_msg, char * const command_info[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + bool ret = true; + int ok; + debug_decl(audit_error2, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->error == NULL) + continue; + + /* Avoid a loop if the audit plugin itself has an error. */ + if (plugin == source) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->error(plugin_name, plugin_type, + audit_msg, command_info, &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + if (ok != 1) { + /* + * Don't propagate the error to other audit plugins. + * It is not worth the trouble to avoid potential loops. + */ + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s error failed, ret %d", __func__, + plugin->name, ok); + sudo_warnx(U_("%s: unable to log error event%s%s"), + plugin->name, errstr ? ": " : "", errstr ? errstr : ""); + ret = false; + } + } + + debug_return_bool(ret); +} + +/* + * Command accepted by policy. + * See command_info[] for additional info. + * XXX - actual environment may be updated by policy_init_session(). + */ +bool +audit_accept(const char *plugin_name, unsigned int plugin_type, + char * const command_info[], char * const run_argv[], + char * const run_envp[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + int ok; + debug_decl(audit_accept, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->accept == NULL) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->accept(plugin_name, plugin_type, + command_info, run_argv, run_envp, &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + if (ok != 1) { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s accept failed, ret %d", __func__, + plugin->name, ok); + sudo_warnx(U_("%s: unable to log accept event%s%s"), + plugin->name, errstr ? ": " : "", errstr ? errstr : ""); + + /* Notify other audit plugins and return. */ + audit_error2(plugin, plugin->name, SUDO_AUDIT_PLUGIN, + errstr ? errstr : _("audit plugin error"), command_info); + debug_return_bool(false); + } + } + + debug_return_bool(true); +} + +/* + * Command rejected by policy or I/O plugin. + */ +bool +audit_reject(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]) +{ + struct plugin_container *plugin; + const char *errstr = NULL; + bool ret = true; + int ok; + debug_decl(audit_reject, SUDO_DEBUG_PCOMM); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->reject == NULL) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.audit->reject(plugin_name, plugin_type, + audit_msg, command_info, &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + if (ok != 1) { + sudo_debug_printf(SUDO_DEBUG_ERROR, + "%s: plugin %s reject failed, ret %d", __func__, + plugin->name, ok); + sudo_warnx(U_("%s: unable to log reject event%s%s"), + plugin->name, errstr ? ": " : "", errstr ? errstr : ""); + + /* Notify other audit plugins. */ + audit_error2(plugin, plugin->name, SUDO_AUDIT_PLUGIN, + errstr ? errstr : _("audit plugin error"), command_info); + + ret = false; + break; + } + } + + debug_return_bool(ret); +} + +/* + * Error from plugin or front-end. + */ +bool +audit_error(const char *plugin_name, unsigned int plugin_type, + const char *audit_msg, char * const command_info[]) +{ + return audit_error2(NULL, plugin_name, plugin_type, audit_msg, + command_info); +} + +static int +approval_open_int(struct plugin_container *plugin) +{ + char **plugin_settings; + const char *errstr = NULL; + int ret; + debug_decl(approval_open_int, SUDO_DEBUG_PCOMM); + + /* Convert struct sudo_settings to plugin_settings[] */ + plugin_settings = format_plugin_settings(plugin); + if (plugin_settings == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + + sudo_debug_set_active_instance(SUDO_DEBUG_INSTANCE_INITIALIZER); + ret = plugin->u.approval->open(SUDO_API_VERSION, sudo_conversation, + sudo_conversation_printf, plugin_settings, user_info, submit_optind, + submit_argv, submit_envp, plugin->options, &errstr); + + /* Stash plugin debug instance ID if set in open() function. */ + plugin->debug_instance = sudo_debug_get_active_instance(); + sudo_debug_set_active_instance(sudo_debug_instance); + + switch (ret) { + case 1: + break; + case 0: + /* approval plugin asked to be disabled, remove and free. */ + unlink_plugin(&approval_plugins, plugin); + break; + case -2: + usage(); + break; + default: + /* XXX - audit */ + sudo_fatalx(U_("error initializing approval plugin %s"), + plugin->name); + } + + debug_return_int(ret); +} + +static void +approval_show_version(int verbose) +{ + struct plugin_container *plugin, *next; + int ok; + debug_decl(approval_show_version, SUDO_DEBUG_PCOMM); + + /* + * Approval plugin us only open for the life of the show_version() call. + */ + TAILQ_FOREACH_SAFE(plugin, &approval_plugins, entries, next) { + if (plugin->u.approval->show_version == NULL) + continue; + + ok = approval_open_int(plugin); + if (ok == 1) { + /* Return value of show_version currently ignored. */ + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.approval->show_version(verbose); + if (plugin->u.approval->close != NULL) + plugin->u.approval->close(); + sudo_debug_set_active_instance(sudo_debug_instance); + } + } + + debug_return; +} + +/* + * Run approval checks (there may be more than one). + * This is a "one-shot" plugin that has no open/close and is only + * called if the policy plugin accepts the command first. + */ +bool +approval_check(char * const command_info[], char * const run_argv[], + char * const run_envp[]) +{ + struct plugin_container *plugin, *next; + const char *errstr = NULL; + int ok; + debug_decl(approval_check, SUDO_DEBUG_PCOMM); + + /* + * Approval plugin is only open for the life of the check() call. + */ + TAILQ_FOREACH_SAFE(plugin, &approval_plugins, entries, next) { + if (plugin->u.approval->check == NULL) + continue; + + ok = approval_open_int(plugin); + if (ok != 1) + continue; + + sudo_debug_set_active_instance(plugin->debug_instance); + ok = plugin->u.approval->check(command_info, run_argv, run_envp, + &errstr); + sudo_debug_set_active_instance(sudo_debug_instance); + sudo_debug_printf(SUDO_DEBUG_INFO, "approval plugin %s returns %d (%s)", + plugin->name, ok, errstr ? errstr : ""); + + switch (ok) { + case 0: + audit_reject(plugin->name, SUDO_APPROVAL_PLUGIN, + errstr ? errstr : _("command rejected by approver"), + command_info); + break; + case 1: + if (!audit_accept(plugin->name, SUDO_APPROVAL_PLUGIN, command_info, + run_argv, run_envp)) + ok = -1; + break; + case -1: + audit_error(plugin->name, SUDO_APPROVAL_PLUGIN, + errstr ? errstr : _("approval plugin error"), + command_info); + break; + case -2: + usage(); + break; + } + + /* Close approval plugin now that errstr has been consumed. */ + if (plugin->u.approval->close != NULL) { + sudo_debug_set_active_instance(plugin->debug_instance); + plugin->u.approval->close(); + sudo_debug_set_active_instance(sudo_debug_instance); + } + + if (ok != 1) + debug_return_bool(false); + } + + debug_return_bool(true); +} + +static void +plugin_event_callback(int fd, int what, void *v) +{ + struct sudo_plugin_event_int *ev_int = v; + int old_instance; + debug_decl(plugin_event_callback, SUDO_DEBUG_PCOMM); + + /* Run the real callback using the plugin's debug instance. */ + old_instance = sudo_debug_set_active_instance(ev_int->debug_instance); + ev_int->callback(fd, what, ev_int->closure); + sudo_debug_set_active_instance(old_instance); + + debug_return; +} + +/* + * Fill in a previously allocated struct sudo_plugin_event. + */ +static int +plugin_event_set(struct sudo_plugin_event *pev, int fd, int events, + sudo_ev_callback_t callback, void *closure) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_set, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_set(&ev_int->private, fd, events, plugin_event_callback, ev_int) == -1) + debug_return_int(-1); + + /* Stash active instance so we can restore it when callback runs. */ + ev_int->debug_instance = sudo_debug_get_active_instance(); + + /* Actual user-specified callback and closure. */ + ev_int->callback = callback; + ev_int->closure = closure; + + /* Plugin can only operate on the main event loop. */ + ev_int->private.base = sudo_event_base; + + debug_return_int(1); +} + +/* + * Add a struct sudo_plugin_event to the main event loop. + */ +static int +plugin_event_add(struct sudo_plugin_event *pev, struct timespec *timo) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_add, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_add(NULL, &ev_int->private, timo, 0) == -1) + debug_return_int(-1); + debug_return_int(1); +} + +/* + * Delete a struct sudo_plugin_event from the main event loop. + */ +static int +plugin_event_del(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_del, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (sudo_ev_del(NULL, &ev_int->private) == -1) + debug_return_int(-1); + debug_return_int(1); +} + +/* + * Get the amount of time remaining in a timeout event. + */ +static int +plugin_event_pending(struct sudo_plugin_event *pev, int events, + struct timespec *ts) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_pending, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + debug_return_int(sudo_ev_pending(&ev_int->private, events, ts)); +} + +/* + * Get the file descriptor associated with an event. + */ +static int +plugin_event_fd(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_fd, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + debug_return_int(sudo_ev_get_fd(&ev_int->private)); +} + +/* + * Break out of the event loop, killing the command if it is running. + */ +static void +plugin_event_loopbreak(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_loopbreak, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + sudo_ev_loopbreak(ev_int->private.base); + debug_return; +} + +/* + * Reset the event base of a struct sudo_plugin_event. + * The event is removed from the old base (if any) first. + * A NULL base can be used to set the default sudo event base. + */ +static void +plugin_event_setbase(struct sudo_plugin_event *pev, void *base) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_setbase, SUDO_DEBUG_PCOMM); + + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + if (ev_int->private.base != NULL) + sudo_ev_del(ev_int->private.base, &ev_int->private); + ev_int->private.base = base ? base : sudo_event_base; + debug_return; +} + +/* + * Free a struct sudo_plugin_event allocated by plugin_event_alloc(). + */ +static void +plugin_event_free(struct sudo_plugin_event *pev) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_free, SUDO_DEBUG_PCOMM); + + /* The private field is first so sudo_ev_free() can free the struct. */ + ev_int = __containerof(pev, struct sudo_plugin_event_int, public); + sudo_ev_free(&ev_int->private); + + debug_return; +} + +/* + * Allocate a struct sudo_plugin_event and fill in the public fields. + */ +struct sudo_plugin_event * +sudo_plugin_event_alloc(void) +{ + struct sudo_plugin_event_int *ev_int; + debug_decl(plugin_event_alloc, SUDO_DEBUG_PCOMM); + + if ((ev_int = malloc(sizeof(*ev_int))) == NULL) + debug_return_ptr(NULL); + + /* Init public fields. */ + ev_int->public.set = plugin_event_set; + ev_int->public.add = plugin_event_add; + ev_int->public.del = plugin_event_del; + ev_int->public.fd = plugin_event_fd; + ev_int->public.pending = plugin_event_pending; + ev_int->public.setbase = plugin_event_setbase; + ev_int->public.loopbreak = plugin_event_loopbreak; + ev_int->public.free = plugin_event_free; + + /* Debug instance to use with the callback. */ + ev_int->debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + + /* Clear private portion in case caller tries to use us uninitialized. */ + memset(&ev_int->private, 0, sizeof(ev_int->private)); + + debug_return_ptr(&ev_int->public); +} + +static void +free_plugin_container(struct plugin_container *plugin, bool ioplugin) +{ + debug_decl(free_plugin_container, SUDO_DEBUG_PLUGIN); + + free(plugin->path); + free(plugin->name); + if (plugin->options != NULL) { + int i = 0; + while (plugin->options[i] != NULL) + free(plugin->options[i++]); + free(plugin->options); + } + if (ioplugin) + free(plugin); + + debug_return; +} + +bool +gc_add(enum sudo_gc_types type, void *v) +{ +#ifdef NO_LEAKS + struct sudo_gc_entry *gc; + debug_decl(gc_add, SUDO_DEBUG_MAIN); + + if (v == NULL) + debug_return_bool(false); + + gc = calloc(1, sizeof(*gc)); + if (gc == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return_bool(false); + } + switch (type) { + case GC_PTR: + gc->u.ptr = v; + break; + case GC_VECTOR: + gc->u.vec = v; + break; + default: + free(gc); + sudo_warnx("unexpected garbage type %d", type); + debug_return_bool(false); + } + gc->type = type; + SLIST_INSERT_HEAD(&sudo_gc_list, gc, entries); + debug_return_bool(true); +#else + return true; +#endif /* NO_LEAKS */ +} + +#ifdef NO_LEAKS +static void +gc_run(void) +{ + struct plugin_container *plugin; + struct sudo_gc_entry *gc; + char **cur; + debug_decl(gc_run, SUDO_DEBUG_MAIN); + + /* Collect garbage. */ + while ((gc = SLIST_FIRST(&sudo_gc_list))) { + SLIST_REMOVE_HEAD(&sudo_gc_list, entries); + switch (gc->type) { + case GC_PTR: + free(gc->u.ptr); + free(gc); + break; + case GC_VECTOR: + for (cur = gc->u.vec; *cur != NULL; cur++) + free(*cur); + free(gc->u.vec); + free(gc); + break; + default: + sudo_warnx("unexpected garbage type %d", gc->type); + } + } + + /* Free plugin structs. */ + free_plugin_container(&policy_plugin, false); + while ((plugin = TAILQ_FIRST(&io_plugins))) { + TAILQ_REMOVE(&io_plugins, plugin, entries); + free_plugin_container(plugin, true); + } + + debug_return; +} +#endif /* NO_LEAKS */ + +static void +gc_init(void) +{ +#ifdef NO_LEAKS + atexit(gc_run); +#endif +} |