#include "config.h"
#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/file.h>
#include <sys/wait.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#else
# ifdef HAVE_STRINGS_H
# include <strings.h>
# endif
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <ctype.h>
#include <pwd.h>
#include <time.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include "sudo.h"
#include "version.h"
#ifndef lint
static const char rcsid[] = "$Sudo: visudo.c,v 1.146 2002/01/17 15:35:54 millert Exp $";
#endif
static void usage __P((void));
static char whatnow __P((void));
static RETSIGTYPE Exit __P((int));
static void setup_signals __P((void));
static int run_command __P((char *, char **));
static int check_syntax __P((int));
int command_matches __P((char *, char *, char *, char *));
int addr_matches __P((char *));
int hostname_matches __P((char *, char *, char *));
int netgr_matches __P((char *, char *, char *, char *));
int usergr_matches __P((char *, char *));
void init_parser __P((void));
void yyrestart __P((FILE *));
extern FILE *yyin, *yyout;
extern int errorlineno;
extern int pedantic;
extern int quiet;
extern char *optarg;
extern int optind;
char **Argv;
char *sudoers = _PATH_SUDOERS;
char *stmp = _PATH_SUDOERS_TMP;
struct sudo_user sudo_user;
int parse_error = FALSE;
int
main(argc, argv)
int argc;
char **argv;
{
char buf[MAXPATHLEN*2];
char *Editor;
char *UserEditor;
char *EditorPath;
char *av[4];
int checkonly;
int sudoers_fd;
int stmp_fd;
int n;
int ch;
time_t now;
struct stat stmp_sb, sudoers_sb;
pedantic = 1;
Argv = argv;
checkonly = 0;
while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) {
switch (ch) {
case 'V':
(void) printf("visudo version %s\n", version);
exit(0);
case 'c':
checkonly++;
break;
case 'f':
sudoers = optarg;
easprintf(&stmp, "%s.tmp", optarg);
break;
case 's':
pedantic++;
break;
case 'q':
quiet++;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc)
usage();
user_host = user_shost = user_cmnd = "";
if ((sudo_user.pw = getpwuid(getuid())) == NULL) {
(void) fprintf(stderr, "%s: Can't find you in the passwd database.\n",
Argv[0]);
exit(1);
}
init_defaults();
if (checkonly)
exit(check_syntax(quiet));
sudoers_fd = open(sudoers, O_RDWR | O_CREAT, SUDOERS_MODE);
if (sudoers_fd == -1) {
(void) fprintf(stderr, "%s: %s: %s\n", Argv[0], sudoers,
strerror(errno));
exit(1);
}
if (!lock_file(sudoers_fd, SUDO_TLOCK)) {
(void) fprintf(stderr, "%s: sudoers file busy, try again later.\n",
Argv[0]);
exit(1);
}
#ifdef HAVE_FSTAT
if (fstat(sudoers_fd, &sudoers_sb) == -1) {
#else
if (stat(sudoers, &sudoers_sb) == -1) {
#endif
(void) fprintf(stderr, "%s: can't stat %s: %s\n",
Argv[0], sudoers, strerror(errno));
exit(1);
}
stmp_fd = open(stmp, O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (stmp_fd < 0) {
(void) fprintf(stderr, "%s: %s: %s\n", Argv[0], stmp, strerror(errno));
exit(1);
}
setup_signals();
if (sudoers_sb.st_size) {
while ((n = read(sudoers_fd, buf, sizeof(buf))) > 0)
if (write(stmp_fd, buf, n) != n) {
(void) fprintf(stderr, "%s: Write failed: %s\n", Argv[0],
strerror(errno));
Exit(-1);
}
(void) close(stmp_fd);
(void) touch(stmp, sudoers_sb.st_mtime);
if ((yyin = fopen(stmp, "r"))) {
yyout = stdout;
init_parser();
yyparse();
parse_error = FALSE;
yyrestart(yyin);
fclose(yyin);
}
} else
(void) close(stmp_fd);
if ((UserEditor = getenv("EDITOR")) == NULL || *UserEditor == '\0')
UserEditor = getenv("VISUAL");
if (UserEditor && *UserEditor == '\0')
UserEditor = NULL;
else if (UserEditor) {
if (find_path(UserEditor, &Editor, getenv("PATH")) == FOUND) {
UserEditor = Editor;
} else {
if (def_flag(I_ENV_EDITOR)) {
(void) fprintf(stderr,
"%s: specified editor (%s) doesn't exist!\n",
Argv[0], UserEditor);
Exit(-1);
} else {
UserEditor = NULL;
}
}
}
Editor = EditorPath = NULL;
if (def_flag(I_ENV_EDITOR) && UserEditor)
Editor = UserEditor;
else if (UserEditor) {
struct stat editor_sb;
struct stat user_editor_sb;
char *base, *userbase;
if (stat(UserEditor, &user_editor_sb) != 0) {
(void) fprintf(stderr, "%s: unable to stat editor (%s): %s\n",
Argv[0], UserEditor, strerror(errno));
Exit(-1);
}
EditorPath = estrdup(def_str(I_EDITOR));
Editor = strtok(EditorPath, ":");
do {
if ((base = strrchr(Editor, '/')) == NULL)
continue;
if ((userbase = strrchr(UserEditor, '/')) == NULL) {
Editor = NULL;
break;
}
base++, userbase++;
if (strcmp(base, userbase) == 0) {
if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
&& (editor_sb.st_mode & 0000111) &&
editor_sb.st_dev == user_editor_sb.st_dev &&
editor_sb.st_ino == user_editor_sb.st_ino)
break;
}
} while ((Editor = strtok(NULL, ":")));
}
if (Editor == NULL || *Editor == '\0') {
if (EditorPath != NULL)
free(EditorPath);
EditorPath = estrdup(def_str(I_EDITOR));
Editor = strtok(EditorPath, ":");
do {
if (sudo_goodpath(Editor))
break;
} while ((Editor = strtok(NULL, ":")));
if (Editor == NULL || *Editor == '\0') {
(void) fprintf(stderr, "%s: no editor found (editor path = %s)\n",
Argv[0], def_str(I_EDITOR));
Exit(-1);
}
}
do {
char linestr[64];
if ((av[0] = strrchr(Editor, '/')) != NULL)
av[0]++;
else
av[0] = Editor;
n = 1;
if (parse_error == TRUE) {
(void) snprintf(linestr, sizeof(linestr), "+%d", errorlineno);
av[n++] = linestr;
}
av[n++] = stmp;
av[n++] = NULL;
now = time(NULL);
if (run_command(Editor, av) != -1) {
if (stat(stmp, &stmp_sb) < 0) {
(void) fprintf(stderr,
"%s: Can't stat temporary file (%s), %s unchanged.\n",
Argv[0], stmp, sudoers);
Exit(-1);
}
if (stmp_sb.st_size == 0) {
(void) fprintf(stderr,
"%s: Zero length temporary file (%s), %s unchanged.\n",
Argv[0], stmp, sudoers);
Exit(-1);
}
yyout = stdout;
if (parse_error)
yyin = freopen(stmp, "r", yyin);
else
yyin = fopen(stmp, "r");
if (yyin == NULL) {
(void) fprintf(stderr,
"%s: Can't re-open temporary file (%s), %s unchanged.\n",
Argv[0], stmp, sudoers);
Exit(-1);
}
user_runas = NULL;
init_defaults();
init_parser();
if (yyparse() && parse_error != TRUE) {
(void) fprintf(stderr,
"%s: Failed to parse temporary file (%s), unknown error.\n",
Argv[0], stmp);
parse_error = TRUE;
}
} else {
(void) fprintf(stderr,
"%s: Editor (%s) failed, %s unchanged.\n", Argv[0],
Editor, sudoers);
Exit(-1);
}
if (parse_error == TRUE) {
switch (whatnow()) {
case 'Q' : parse_error = FALSE;
break;
case 'x' : if (sudoers_sb.st_size == 0)
unlink(sudoers);
Exit(0);
break;
}
yyrestart(yyin);
}
} while (parse_error == TRUE);
if (sudoers_sb.st_mtime != now && sudoers_sb.st_mtime == stmp_sb.st_mtime &&
sudoers_sb.st_size == stmp_sb.st_size) {
(void) fprintf(stderr, "%s: sudoers file unchanged.\n", Argv[0]);
Exit(0);
}
if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
(void) fprintf(stderr,
"%s: Unable to set (uid, gid) of %s to (%d, %d): %s\n",
Argv[0], stmp, SUDOERS_UID, SUDOERS_GID, strerror(errno));
Exit(-1);
}
if (chmod(stmp, SUDOERS_MODE)) {
(void) fprintf(stderr,
"%s: Unable to change mode of %s to %o: %s\n",
Argv[0], stmp, SUDOERS_MODE, strerror(errno));
Exit(-1);
}
if (rename(stmp, sudoers)) {
if (errno == EXDEV) {
(void) fprintf(stderr,
"%s: %s and %s not on the same filesystem, using mv to rename.\n",
Argv[0], stmp, sudoers);
if ((av[0] = strrchr(_PATH_MV, '/')) != NULL)
av[0]++;
else
av[0] = _PATH_MV;
av[1] = stmp;
av[2] = sudoers;
av[3] = NULL;
if (run_command(_PATH_MV, av)) {
(void) fprintf(stderr,
"%s: Command failed: '%s %s %s', %s unchanged.\n",
Argv[0], _PATH_MV, stmp, sudoers, sudoers);
Exit(-1);
}
} else {
(void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: %s\n",
Argv[0], stmp, sudoers, strerror(errno));
Exit(-1);
}
}
exit(0);
}
int
command_matches(cmnd, cmnd_args, path, sudoers_args)
char *cmnd;
char *cmnd_args;
char *path;
char *sudoers_args;
{
return(TRUE);
}
int
addr_matches(n)
char *n;
{
return(TRUE);
}
int
hostname_matches(s, l, p)
char *s, *l, *p;
{
return(TRUE);
}
int
usergr_matches(g, u)
char *g, *u;
{
return(TRUE);
}
int
netgr_matches(n, h, sh, u)
char *n, *h, *sh, *u;
{
return(TRUE);
}
void
set_fqdn()
{
return;
}
int
user_is_exempt()
{
return(TRUE);
}
void
init_envtables()
{
return;
}
static char
whatnow()
{
int choice, c;
for (;;) {
(void) fputs("What now? ", stdout);
choice = getchar();
for (c = choice; c != '\n' && c != EOF;)
c = getchar();
switch (choice) {
case EOF:
choice = 'x';
case 'e':
case 'x':
case 'Q':
return(choice);
default:
(void) puts("Options are:");
(void) puts(" (e)dit sudoers file again");
(void) puts(" e(x)it without saving changes to sudoers file");
(void) puts(" (Q)uit and save changes to sudoers file (DANGER!)\n");
}
}
}
static void
setup_signals()
{
sigaction_t sa;
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = Exit;
(void) sigaction(SIGTERM, &sa, NULL);
(void) sigaction(SIGHUP, &sa, NULL);
(void) sigaction(SIGINT, &sa, NULL);
(void) sigaction(SIGQUIT, &sa, NULL);
}
static int
run_command(path, argv)
char *path;
char **argv;
{
int status;
pid_t pid;
sigset_t set, oset;
(void) sigemptyset(&set);
(void) sigaddset(&set, SIGCHLD);
(void) sigprocmask(SIG_BLOCK, &set, &oset);
switch (pid = fork()) {
case -1:
(void) fprintf(stderr,
"%s: unable to run %s: %s\n", Argv[0], path, strerror(errno));
Exit(-1);
break;
case 0:
(void) sigprocmask(SIG_SETMASK, &oset, NULL);
execv(path, argv);
(void) fprintf(stderr,
"%s: unable to run %s: %s\n", Argv[0], path, strerror(errno));
_exit(127);
break;
}
#ifdef sudo_waitpid
pid = sudo_waitpid(pid, &status, 0);
#else
pid = wait(&status);
#endif
(void) sigprocmask(SIG_SETMASK, &oset, NULL);
return(pid == -1 ? -1 : (status >> 8));
}
static int
check_syntax(quiet)
int quiet;
{
if ((yyin = fopen(sudoers, "r")) == NULL) {
if (!quiet)
(void) fprintf(stderr, "%s: unable to open %s: %s\n", Argv[0],
sudoers, strerror(errno));
exit(1);
}
yyout = stdout;
init_parser();
if (yyparse() && parse_error != TRUE) {
if (!quiet)
(void) fprintf(stderr,
"%s: failed to parse %s file, unknown error.\n",
Argv[0], sudoers);
parse_error = TRUE;
}
if (!quiet){
if (parse_error)
(void) printf("parse error in %s near line %d\n", sudoers,
errorlineno);
else
(void) printf("%s file parsed OK\n", sudoers);
}
return(parse_error == TRUE);
}
static RETSIGTYPE
Exit(sig)
int sig;
{
char *emsg = " exiting due to signal.\n";
(void) unlink(stmp);
if (sig > 0) {
write(STDERR_FILENO, Argv[0], strlen(Argv[0]));
write(STDERR_FILENO, emsg, sizeof(emsg) - 1);
_exit(-sig);
}
exit(-sig);
}
static void
usage()
{
(void) fprintf(stderr, "usage: %s [-c] [-f sudoers] [-q] [-s] [-V]\n",
Argv[0]);
exit(1);
}