#endif
/* Become root if we are not already to avoid user interference */
- set_perms(PERM_ROOT);
+ set_perms(PERM_ROOT|PERM_NOEXIT);
/* Expand printf-style format + args. */
evasprintf(&message, fmt, ap);
* (so user cannot kill it) or as the user (for the paranoid).
*/
#ifndef NO_ROOT_MAILER
- set_perms(PERM_ROOT);
+ set_perms(PERM_ROOT|PERM_NOEXIT);
execve(mpath, argv, root_envp);
#else
- set_perms(PERM_FULL_USER);
+ set_perms(PERM_FULL_USER|PERM_NOEXIT);
execv(mpath, argv);
#endif /* NO_ROOT_MAILER */
mysyslog(LOG_ERR, "cannot execute %s: %m", mpath);
* We only flip the effective gid since it only changes for PERM_SUDOERS.
* This version of set_perms() works fine with the "stay_setuid" option.
*/
-void
+int
set_perms(perm)
int perm;
{
const char *errstr;
+ int noexit;
+
+ noexit = ISSET(perm, PERM_NOEXIT);
+ CLR(perm, PERM_MASK);
if (perm == current_perm)
- return;
+ return(1);
switch (perm) {
case PERM_ROOT:
}
current_perm = perm;
- return;
+ return(1);
bad:
- errorx(1, "%s: %s", errstr,
+ warningx("%s: %s", errstr,
errno == EAGAIN ? "too many processes" : strerror(errno));
+ if (noexit)
+ return(0);
+ exit(1);
}
#else
* we are headed for an exec().
* This version of set_perms() works fine with the "stay_setuid" option.
*/
-void
+int
set_perms(perm)
int perm;
{
const char *errstr;
+ int noexit;
+
+ noexit = ISSET(perm, PERM_NOEXIT);
+ CLR(perm, PERM_MASK);
if (perm == current_perm)
- return;
+ return(1);
switch (perm) {
case PERM_ROOT:
}
current_perm = perm;
- return;
+ return(1);
bad:
- errorx(1, "%s: %s", errstr,
+ warningx("%s: %s", errstr,
errno == EAGAIN ? "too many processes" : strerror(errno));
+ if (noexit)
+ return(0);
+ exit(1);
}
# else /* !HAVE_SETRESUID && !HAVE_SETREUID */
* Set real and effective uids and gids based on perm.
* NOTE: does not support the "stay_setuid" option.
*/
-void
+int
set_perms(perm)
int perm;
{
const char *errstr;
+ int noexit;
+
+ noexit = ISSET(perm, PERM_NOEXIT);
+ CLR(perm, PERM_MASK);
if (perm == current_perm)
- return;
+ return(1);
/*
* Since we only have setuid() and seteuid() and semantics
}
current_perm = perm;
- return;
+ return(1);
bad:
- errorx(1, "%s: %s", errstr,
+ warningx("%s: %s", errstr,
errno == EAGAIN ? "too many processes" : strerror(errno));
+ if (noexit)
+ return(0);
+ exit(1);
}
# else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */
* NOTE: does not support the "stay_setuid" or timestampowner options.
* Also, SUDOERS_UID and SUDOERS_GID are not used.
*/
-void
+int
set_perms(perm)
int perm;
{
const char *errstr;
+ int noexit;
+
+ noexit = ISSET(perm, PERM_NOEXIT);
+ CLR(perm, PERM_MASK);
if (perm == current_perm)
- return;
+ return(1);
switch (perm) {
case PERM_ROOT:
}
current_perm = perm;
- return;
+ return(1);
bad:
- errorx(1, "%s: %s", errstr,
+ warningx("%s: %s", errstr,
errno == EAGAIN ? "too many processes" : strerror(errno));
+ if (noexit)
+ return(0);
+ exit(1);
}
# endif /* HAVE_SETEUID */
# endif /* HAVE_SETREUID */
#define PERM_RUNAS 0x04
#define PERM_FULL_RUNAS 0x05
#define PERM_TIMESTAMP 0x06
+#define PERM_NOEXIT 0x10 /* flag */
+#define PERM_MASK 0xf0
/*
* Shortcuts for sudo_user contents.
int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
-void set_perms __P((int));
+int set_perms __P((int));
void remove_timestamp __P((int));
int check_secureware __P((char *));
void sia_attempt_auth __P((void));
projects / sudo / commitdiff