1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 2021-2022 Todd C. Miller <[email protected]>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18

19
#ifndef SUDO_EXEC_INTERCEPT_H
20
#define SUDO_EXEC_INTERCEPT_H
21

22
enum intercept_state {
23
    INVALID_STATE,
24
    RECV_HELLO_INITIAL,
25
    RECV_HELLO,
26
    RECV_SECRET,
27
    RECV_POLICY_CHECK,
28
    RECV_CONNECTION,
29
    POLICY_ACCEPT,
30
    POLICY_REJECT,
31
    POLICY_TEST,
32
    POLICY_ERROR
33
};
34

35
/* Closure for intercept_cb() */
36
struct intercept_closure {
37
    union sudo_token_un token;
38
    const struct command_details *details;
39
    struct sudo_event ev;
40
    const char *errstr;
41
    char *command;		/* dynamically allocated */
42
    char **run_argv;		/* owned by plugin */
43
    char **run_envp;		/* dynamically allocated */
44
    uint8_t *buf;		/* dynamically allocated */
45
    uint32_t len;
46
    uint32_t off;
47
    int listen_sock;
48
    enum intercept_state state;
49
    int initial_command;
50
};
51

52
void intercept_closure_reset(struct intercept_closure *closure);
53
bool intercept_check_policy(const char *command, int argc, char **argv, int envc, char **envp, const char *runcwd, int *oldcwd, void *closure);
54

55
#endif /* SUDO_EXEC_INTERCEPT_H */
56

57