flags = tgetpass_flags;
switch (pm->msg_style) {
case PAM_PROMPT_ECHO_ON:
- flags |= TGP_ECHO;
+ SET(flags, TGP_ECHO);
case PAM_PROMPT_ECHO_OFF:
/* Only override PAM prompt if it matches /^Password: ?/ */
if (strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
/* Set FLAG_ONEANDONLY if there is only one auth method. */
if (auth_switch[1].name == NULL)
- auth_switch[0].flags |= FLAG_ONEANDONLY;
+ SET(auth_switch[0].flags, FLAG_ONEANDONLY);
/* Initialize auth methods and unconfigure the method if necessary. */
for (auth = auth_switch; auth->name; auth++) {
status = (auth->init)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
- auth->flags &= ~FLAG_CONFIGURED;
+ CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */
status = (auth->setup)(pw, &prompt, auth);
if (status == AUTH_FAILURE)
- auth->flags &= ~FLAG_CONFIGURED;
+ CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) /* XXX log */
exit(1); /* assume error msg already printed */
/* Allocate space for the interfaces list. */
for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
- if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) ||
- (ifa->ifa_flags & IFF_LOOPBACK))
+ if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+ ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
/* Store the ip addr / netmask pairs. */
for (ifa = ifaddrs, i = 0; ifa != NULL; ifa = ifa -> ifa_next) {
/* Skip interfaces marked "down" and "loopback". */
- if (ifa->ifa_addr == NULL || !(ifa->ifa_flags & IFF_UP) ||
- (ifa->ifa_flags & IFF_LOOPBACK))
+ if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+ ISSET(ifa->ifa_flags, IFF_LOOPBACK))
continue;
switch(ifa->ifa_addr->sa_family) {
ifr_tmp = *ifr;
/* Skip interfaces marked "down" and "loopback". */
- if (!(ifr_tmp.ifr_flags & IFF_UP) || (ifr_tmp.ifr_flags & IFF_LOOPBACK))
+ if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) ||
+ ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK))
continue;
sin = (struct sockaddr_in *) &ifr->ifr_addr;
char *logline;
int pri;
- if (status & VALIDATE_OK)
+ if (ISSET(status, VALIDATE_OK))
pri = def_syslog_goodpri;
else
pri = def_syslog_badpri;
/* Set error message, if any. */
- if (status & VALIDATE_OK)
+ if (ISSET(status, VALIDATE_OK))
message = "";
- else if (status & FLAG_NO_USER)
+ else if (ISSET(status, FLAG_NO_USER))
message = "user NOT in sudoers ; ";
- else if (status & FLAG_NO_HOST)
+ else if (ISSET(status, FLAG_NO_HOST))
message = "user NOT authorized on host ; ";
- else if (status & VALIDATE_NOT_OK)
+ else if (ISSET(status, VALIDATE_NOT_OK))
message = "command not allowed ; ";
else
message = "unknown error ; ";
mail_auth(status, logline); /* send mail based on status */
/* Inform the user if they failed to authenticate. */
- if (inform_user && (status & VALIDATE_NOT_OK)) {
- if (status & FLAG_NO_USER)
+ if (inform_user && ISSET(status, VALIDATE_NOT_OK)) {
+ if (ISSET(status, FLAG_NO_USER))
(void) fprintf(stderr, "%s is not in the sudoers file. %s",
user_name, "This incident will be reported.\n");
- else if (status & FLAG_NO_HOST)
+ else if (ISSET(status, FLAG_NO_HOST))
(void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s",
user_name, user_shost, "This incident will be reported.\n");
- else if (status & FLAG_NO_CHECK)
+ else if (ISSET(status, FLAG_NO_CHECK))
(void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
user_name, user_shost);
else
else {
mail_mask = VALIDATE_ERROR;
if (def_mail_no_user)
- mail_mask |= FLAG_NO_USER;
+ SET(mail_mask, FLAG_NO_USER);
if (def_mail_no_host)
- mail_mask |= FLAG_NO_HOST;
+ SET(mail_mask, FLAG_NO_HOST);
if (def_mail_no_perms)
- mail_mask |= VALIDATE_NOT_OK;
+ SET(mail_mask, VALIDATE_NOT_OK);
}
if ((status & mail_mask) != 0)
else
error = VALIDATE_NOT_OK | FLAG_NOPASS;
if (pwcheck) {
- error |= FLAG_NO_CHECK;
+ SET(error, FLAG_NO_CHECK);
} else {
- error |= FLAG_NO_HOST;
+ SET(error, FLAG_NO_HOST);
if (!top)
- error |= FLAG_NO_USER;
+ SET(error, FLAG_NO_USER);
}
/*
} else {
while (top) {
if (host_matches == TRUE) {
- error &= ~FLAG_NO_HOST;
+ CLR(error, FLAG_NO_HOST);
if (runas_matches == TRUE) {
if (cmnd_matches == TRUE) {
/*
*/
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
if (!def_preserve_groups)
- flags |= LOGIN_SETGROUP;
+ SET(flags, LOGIN_SETGROUP);
else if (setgid(runas_pw->pw_gid))
perror("cannot set gid to runas gid");
error = setusercontext(lc, runas_pw,
return(-1);
}
- *set |= sigmask(signo);
+ SET(*set, sigmask(signo));
return(0);
}
return(-1);
}
- *set &= ~(sigmask(signo));
+ CLR(*set, sigmask(signo));
return(0);
}
int signo;
{
- return(*set & sigmask(signo));
+ return(ISSET(*set, sigmask(signo)));
}
int
load_interfaces();
pwflag = 0;
- if (sudo_mode & MODE_SHELL)
+ if (ISSET(sudo_mode, MODE_SHELL))
user_cmnd = "shell";
- else if (sudo_mode & MODE_EDIT)
+ else if (ISSET(sudo_mode, MODE_EDIT))
user_cmnd = "sudoedit";
else
switch (sudo_mode) {
exit(0);
}
- if (validated & VALIDATE_ERROR)
+ if (ISSET(validated, VALIDATE_ERROR))
log_error(0, "parse error in %s near line %d", _PATH_SUDOERS,
errorlineno);
}
/* If given the -P option, set the "preserve_groups" flag. */
- if (sudo_mode & MODE_PRESERVE_GROUPS)
+ if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
def_preserve_groups = TRUE;
/* If no command line args and "set_home" is not set, error out. */
- if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_shell_noargs)
+ if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs)
usage(1);
/* May need to set $HOME to target user if we are running a command. */
- if ((sudo_mode & MODE_RUN) && (def_always_set_home ||
- ((sudo_mode & MODE_SHELL) && def_set_home)))
- sudo_mode |= MODE_RESET_HOME;
+ if (ISSET(sudo_mode, MODE_RUN) && (def_always_set_home ||
+ (ISSET(sudo_mode, MODE_SHELL) && def_set_home)))
+ SET(sudo_mode, MODE_RESET_HOME);
/* Bail if a tty is required and we don't have one. */
if (def_requiretty) {
auth_pw = get_authpw();
/* Require a password if sudoers says so. */
- if (!(validated & FLAG_NOPASS))
- check_user(validated & FLAG_CHECK_USER);
+ if (!ISSET(validated, FLAG_NOPASS))
+ check_user(ISSET(validated, FLAG_CHECK_USER));
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) {
}
/* Build a new environment that avoids any nasty bits if we have a cmnd. */
- if (sudo_mode & MODE_RUN)
- new_environ = rebuild_env(envp, sudo_mode, (validated & FLAG_NOEXEC));
+ if (ISSET(sudo_mode, MODE_RUN))
+ new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
else
new_environ = envp;
- if (validated & VALIDATE_OK) {
+ if (ISSET(validated, VALIDATE_OK)) {
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
#endif /* RLIMIT_CORE && !SUDO_DEVEL */
/* Become specified user or root if executing a command. */
- if (sudo_mode & MODE_RUN)
+ if (ISSET(sudo_mode, MODE_RUN))
set_perms(PERM_FULL_RUNAS);
/* Close the password and group files */
/* Install the real environment. */
environ = new_environ;
- if (sudo_mode & MODE_LOGIN_SHELL) {
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
char *p;
/* Convert /bin/sh -> -sh so shell knows it is a login shell */
warn("unable to change directory to %s", runas_pw->pw_dir);
}
- if (sudo_mode & MODE_EDIT)
+ if (ISSET(sudo_mode, MODE_EDIT))
exit(sudo_edit(NewArgc, NewArgv));
/* Restore signal handlers before we exec. */
(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
#ifndef PROFILING
- if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
+ if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
else
EXECV(safe_cmnd, NewArgv); /* run the command */
*/
warn("unable to execute %s", safe_cmnd);
exit(127);
- } else if ((validated & FLAG_NO_USER) || (validated & FLAG_NO_HOST)) {
+ } else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) {
log_auth(validated, 1);
exit(1);
- } else if (validated & VALIDATE_NOT_OK) {
+ } else if (ISSET(validated, VALIDATE_NOT_OK)) {
if (def_path_info) {
/*
* We'd like to not leak path info at all here, but that can
char **dst, **src = NewArgv;
NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *));
- if (sudo_mode & MODE_EDIT)
+ if (ISSET(sudo_mode, MODE_EDIT))
NewArgv[0] = "sudoedit";
- else if (sudo_mode & MODE_LOGIN_SHELL)
+ else if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
NewArgv[0] = runas_pw->pw_shell;
else if (user_shell && *user_shell)
NewArgv[0] = user_shell;
/* Resolve the path and return. */
rval = FOUND;
if (sudo_mode & (MODE_RUN | MODE_EDIT)) {
- if (sudo_mode & MODE_RUN) {
+ if (ISSET(sudo_mode, MODE_RUN)) {
/* XXX - default_runas may be modified during parsing of sudoers */
set_perms(PERM_RUNAS);
rval = find_path(NewArgv[0], &user_cmnd, user_path);
rval = MODE_RUN;
if (NewArgc == 0 && rval == MODE_RUN) { /* no options and no command */
- rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
+ SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL));
return(rval);
}
break;
#endif
case 'b':
- rval |= MODE_BACKGROUND;
+ SET(rval, MODE_BACKGROUND);
break;
case 'e':
rval = MODE_EDIT;
excl = 'v';
break;
case 'i':
- rval |= (MODE_LOGIN_SHELL | MODE_SHELL);
+ SET(rval, (MODE_LOGIN_SHELL | MODE_SHELL));
def_env_reset = TRUE;
if (excl && excl != 'i')
usage_excl(1);
excl = 'h';
break;
case 's':
- rval |= MODE_SHELL;
+ SET(rval, MODE_SHELL);
if (excl && excl != 's')
usage_excl(1);
excl = 's';
break;
case 'H':
- rval |= MODE_RESET_HOME;
+ SET(rval, MODE_RESET_HOME);
break;
case 'P':
- rval |= MODE_PRESERVE_GROUPS;
+ SET(rval, MODE_PRESERVE_GROUPS);
break;
case 'S':
- tgetpass_flags |= TGP_STDIN;
+ SET(tgetpass_flags, TGP_STDIN);
break;
case '-':
NewArgc--;
NewArgv++;
if (rval == MODE_RUN)
- rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
+ SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL));
return(rval);
case '\0':
warnx("'-' requires an argument");
if (chmod(_PATH_SUDOERS, SUDOERS_MODE) == 0) {
warnx("fixed mode on %s", _PATH_SUDOERS);
- statbuf.st_mode |= SUDOERS_MODE;
+ SET(statbuf.st_mode, SUDOERS_MODE);
if (statbuf.st_gid != SUDOERS_GID) {
if (!chown(_PATH_SUDOERS,(uid_t) -1,SUDOERS_GID)) {
warnx("set group on %s", _PATH_SUDOERS);
restart:
/* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
- if ((flags & TGP_STDIN) ||
+ if (ISSET(flags, TGP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
input = STDIN_FILENO;
output = STDERR_FILENO;
/* Turn echo off/on as specified by flags. */
if (term_getattr(input, &oterm) == 0) {
(void) memcpy(&term, &oterm, sizeof(term));
- if (!(flags & TGP_ECHO))
- term.tflags &= ~(ECHO | ECHONL);
+ if (!ISSET(flags, TGP_ECHO))
+ CLR(term.tflags, (ECHO | ECHONL));
#ifdef VSTATUS
term.c_cc[VSTATUS] = _POSIX_VDISABLE;
#endif
pass = tgetline(input, buf, sizeof(buf), timeout);
save_errno = errno;
- if (!(term.tflags & ECHO))
+ if (!ISSET(term.tflags, ECHO))
(void) write(output, "\n", 1);
/* Restore old tty settings and signals. */
projects / sudo / commitdiff