2 * SPDX-License-Identifier: ISC
4 * Copyright (c) 2010-2016 Todd C. Miller <Todd.Miller@sudo.ws>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
21 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
26 #include <sys/types.h>
35 # include "compat/stdbool.h"
36 #endif /* HAVE_STDBOOL_H */
39 #endif /* HAVE_STRING_H */
42 #endif /* HAVE_STRINGS_H */
51 #include <pathnames.h>
52 #include "sudo_compat.h"
53 #include "sudo_plugin.h"
54 #include "sudo_util.h"
57 * Sample plugin module that allows any user who knows the password
58 * ("test") to run any command as root. Since there is no credential
59 * caching the validate and invalidate functions are NULL.
63 # define ROOT_UID 65535
68 static struct plugin_state {
70 char * const *settings;
71 char * const *user_info;
73 static sudo_conv_t sudo_conv;
74 static sudo_printf_t sudo_log;
75 static FILE *input, *output;
76 static uid_t runas_uid = ROOT_UID;
77 static gid_t runas_gid = -1;
78 static int use_sudoedit = false;
81 * Plugin policy open function.
84 policy_open(unsigned int version, sudo_conv_t conversation,
85 sudo_printf_t sudo_printf, char * const settings[],
86 char * const user_info[], char * const user_env[], char * const args[])
90 const char *runas_user = NULL;
92 const char *runas_group = NULL;
95 sudo_conv = conversation;
97 sudo_log = sudo_printf;
99 if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) {
100 sudo_log(SUDO_CONV_ERROR_MSG,
101 "the sample plugin requires API version %d.x\n",
102 SUDO_API_VERSION_MAJOR);
106 /* Only allow commands to be run as root. */
107 for (ui = settings; *ui != NULL; ui++) {
108 if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) {
109 runas_user = *ui + sizeof("runas_user=") - 1;
111 if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) {
112 runas_group = *ui + sizeof("runas_group=") - 1;
114 if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) {
115 initprogname(*ui + sizeof("progname=") - 1);
117 /* Check to see if sudo was called as sudoedit or with -e flag. */
118 if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) {
119 if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0)
122 /* This plugin doesn't support running sudo with no arguments. */
123 if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) {
124 if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0)
125 return -2; /* usage error */
128 if (runas_user != NULL) {
129 if ((pw = getpwnam(runas_user)) == NULL) {
130 sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user);
133 runas_uid = pw->pw_uid;
135 if (runas_group != NULL) {
136 if ((gr = getgrnam(runas_group)) == NULL) {
137 sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group);
140 runas_gid = gr->gr_gid;
144 plugin_state.envp = (char **)user_env;
145 plugin_state.settings = settings;
146 plugin_state.user_info = user_info;
152 find_in_path(char *command, char **envp)
155 char *path, *path0, **ep, *cp;
156 char pathbuf[PATH_MAX], *qualified = NULL;
158 if (strchr(command, '/') != NULL)
161 path = _PATH_DEFPATH;
162 for (ep = plugin_state.envp; *ep != NULL; ep++) {
163 if (strncmp(*ep, "PATH=", 5) == 0) {
168 path = path0 = strdup(path);
170 if ((cp = strchr(path, ':')))
172 snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".",
174 if (stat(pathbuf, &sb) == 0) {
175 if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) {
181 } while (cp != NULL);
183 return qualified ? strdup(qualified) : NULL;
189 struct sudo_conv_message msg;
190 struct sudo_conv_reply repl;
192 /* Prompt user for password via conversation function. */
193 memset(&msg, 0, sizeof(msg));
194 msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF;
195 msg.msg = "Password: ";
196 memset(&repl, 0, sizeof(repl));
197 sudo_conv(1, &msg, &repl, NULL);
198 if (repl.reply == NULL) {
199 sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n");
202 if (strcmp(repl.reply, "test") != 0) {
203 sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n");
210 build_command_info(const char *command)
212 static char **command_info;
215 /* Setup command info. */
216 command_info = calloc(32, sizeof(char *));
217 if (command_info == NULL)
219 if ((command_info[i++] = sudo_new_key_val("command", command)) == NULL ||
220 asprintf(&command_info[i++], "runas_euid=%ld", (long)runas_uid) == -1 ||
221 asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) {
224 if (runas_gid != (gid_t)-1) {
225 if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1 ||
226 asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) {
231 command_info[i] = strdup("sudoedit=true");
232 if (command_info[i++] == NULL)
236 command_info[i++] = "timeout=30";
242 find_editor(int nfiles, char * const files[], char **argv_out[])
244 char *cp, *last, **ep, **nargv, *editor, *editor_path;
245 int ac, i, nargc, wasblank;
247 /* Lookup EDITOR in user's environment. */
249 for (ep = plugin_state.envp; *ep != NULL; ep++) {
250 if (strncmp(*ep, "EDITOR=", 7) == 0) {
255 editor = strdup(editor);
256 if (editor == NULL) {
257 sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
262 * Split editor into an argument vector; editor is reused (do not free).
263 * The EDITOR environment variables may contain command
264 * line args so look for those and alloc space for them too.
267 for (wasblank = 0, cp = editor; *cp != '\0'; cp++) {
268 if (isblank((unsigned char) *cp))
275 /* If we can't find the editor in the user's PATH, give up. */
276 cp = strtok_r(editor, " \t", &last);
278 (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
282 if (editor_path != editor)
284 nargv = malloc((nargc + 1 + nfiles + 1) * sizeof(char *));
286 sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n");
290 for (ac = 0; cp != NULL && ac < nargc; ac++) {
292 cp = strtok_r(NULL, " \t", &last);
295 for (i = 0; i < nfiles; )
296 nargv[ac++] = files[i++];
304 * Plugin policy check function.
305 * Simple example that prompts for a password, hard-coded to "test".
308 policy_check(int argc, char * const argv[],
309 char *env_add[], char **command_info_out[],
310 char **argv_out[], char **user_env_out[])
314 if (!argc || argv[0] == NULL) {
315 sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n");
322 command = find_in_path(argv[0], plugin_state.envp);
323 if (command == NULL) {
324 sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]);
328 /* If "sudo vi" is run, auto-convert to sudoedit. */
329 if (strcmp(command, _PATH_VI) == 0)
333 /* Rebuild argv using editor */
335 command = find_editor(argc - 1, argv + 1, argv_out);
336 if (command == NULL) {
337 sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n");
342 /* No changes needd to argv */
343 *argv_out = (char **)argv;
346 /* No changes to envp */
347 *user_env_out = plugin_state.envp;
349 /* Setup command info. */
350 *command_info_out = build_command_info(command);
352 if (*command_info_out == NULL) {
353 sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n");
361 policy_list(int argc, char * const argv[], int verbose, const char *list_user)
364 * List user's capabilities.
366 sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n");
371 policy_version(int verbose)
373 sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", PACKAGE_VERSION);
378 policy_close(int exit_status, int error)
381 * The policy might log the command exit status here.
382 * In this example, we just print a message.
385 sudo_log(SUDO_CONV_ERROR_MSG, "Command error: %s\n", strerror(error));
387 if (WIFEXITED(exit_status)) {
388 sudo_log(SUDO_CONV_INFO_MSG, "Command exited with status %d\n",
389 WEXITSTATUS(exit_status));
390 } else if (WIFSIGNALED(exit_status)) {
391 sudo_log(SUDO_CONV_INFO_MSG, "Command killed by signal %d\n",
392 WTERMSIG(exit_status));
398 io_open(unsigned int version, sudo_conv_t conversation,
399 sudo_printf_t sudo_printf, char * const settings[],
400 char * const user_info[], char * const command_info[],
401 int argc, char * const argv[], char * const user_env[], char * const args[])
407 sudo_conv = conversation;
409 sudo_log = sudo_printf;
411 /* Open input and output files. */
412 snprintf(path, sizeof(path), "/var/tmp/sample-%u.output",
413 (unsigned int)getpid());
414 fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644);
417 output = fdopen(fd, "w");
419 snprintf(path, sizeof(path), "/var/tmp/sample-%u.input",
420 (unsigned int)getpid());
421 fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644);
424 input = fdopen(fd, "w");
430 io_close(int exit_status, int error)
437 io_version(int verbose)
439 sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n",
445 io_log_input(const char *buf, unsigned int len)
447 ignore_result(fwrite(buf, len, 1, input));
452 io_log_output(const char *buf, unsigned int len)
457 ignore_result(fwrite(buf, len, 1, output));
459 * If we find the string "honk!" in the buffer, reject it.
460 * In practice we'd want to be able to detect the word
461 * broken across two buffers.
463 for (cp = buf, ep = buf + len; cp < ep; cp++) {
464 if (cp + 5 < ep && memcmp(cp, "honk!", 5) == 0) {
472 __dso_public struct policy_plugin sample_policy = {
481 NULL, /* invalidate */
482 NULL, /* init_session */
483 NULL, /* register_hooks */
484 NULL /* deregister_hooks */
488 * Note: This plugin does not differentiate between tty and pipe I/O.
489 * It all gets logged to the same file.
491 __dso_public struct io_plugin sample_io = {
497 io_log_input, /* tty input */
498 io_log_output, /* tty output */
499 io_log_input, /* command stdin if not tty */
500 io_log_output, /* command stdout if not tty */
501 io_log_output /* command stderr if not tty */