Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/src/sudo_exec.h
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 2010-2017, 2020-2023 Todd C. Miller <[email protected]>

5
 *

6
 * Permission to use, copy, modify, and distribute this software for any

7
 * purpose with or without fee is hereby granted, provided that the above

8
 * copyright notice and this permission notice appear in all copies.

9
 *

10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17
 */

18


19
#ifndef SUDO_EXEC_H

20
#define SUDO_EXEC_H

21


22
/*

23
 * Older systems may not support MSG_WAITALL but it shouldn't really be needed.

24
 */

25
#ifndef MSG_WAITALL

26
# define MSG_WAITALL 0

27
#endif

28


29
/*

30
 * Linux-specific wait flag used with ptrace(2).

31
 */

32
#ifndef __WALL

33
# define __WALL 0

34
#endif

35


36
/*

37
 * Some older systems support siginfo but predate SI_USER.

38
 */

39
#ifdef SI_USER

40
# define USER_SIGNALED(_info) ((_info) != NULL && (_info)->si_code == SI_USER)

41
#else

42
# define USER_SIGNALED(_info) ((_info) != NULL && (_info)->si_code <= 0)

43
#endif

44


45
struct user_details;

46
struct command_details;

47
struct command_status;

48
struct sudo_event_base;

49
struct stat;

50


51
/*

52
 * Closure passed to I/O event callbacks.

53
 */

54
struct exec_closure {

55
    struct command_details *details;

56
    struct sudo_event_base *evbase;

57
    struct sudo_event *backchannel_event;

58
    struct sudo_event *fwdchannel_event;

59
    struct sudo_event *sigint_event;

60
    struct sudo_event *sigquit_event;

61
    struct sudo_event *sigtstp_event;

62
    struct sudo_event *sigterm_event;

63
    struct sudo_event *sighup_event;

64
    struct sudo_event *sigalrm_event;

65
    struct sudo_event *sigpipe_event;

66
    struct sudo_event *sigusr1_event;

67
    struct sudo_event *sigusr2_event;

68
    struct sudo_event *sigchld_event;

69
    struct sudo_event *sigcont_event;

70
    struct sudo_event *siginfo_event;

71
    struct sudo_event *sigwinch_event;

72
    struct command_status *cstat;

73
    char *ptyname;

74
    void *intercept;

75
    pid_t sudo_pid;

76
    pid_t monitor_pid;

77
    pid_t cmnd_pid;

78
    pid_t ppgrp;

79
    int rows;

80
    int cols;

81
    bool foreground;

82
    bool term_raw;

83
};

84


85
/*

86
 * I/O buffer with associated read/write events and a logging action.

87
 * Used to, e.g. pass data from the pty to the user's terminal

88
 * and any I/O logging plugins.

89
 */

90
struct io_buffer;

91
typedef bool (*sudo_io_action_t)(const char *, unsigned int, struct io_buffer *);

92
struct io_buffer {

93
    SLIST_ENTRY(io_buffer) entries;

94
    struct exec_closure *ec;

95
    struct sudo_event *revent;

96
    struct sudo_event *wevent;

97
    sudo_io_action_t action;

98
    unsigned int len; /* buffer length (how much produced) */

99
    unsigned int off; /* write position (how much already consumed) */

100
    char buf[64 * 1024];

101
};

102
SLIST_HEAD(io_buffer_list, io_buffer);

103


104
/*

105
 * Indices into io_fds[] when logging I/O.

106
 */

107
#define SFD_STDIN	0

108
#define SFD_STDOUT	1

109
#define SFD_STDERR	2

110
#define SFD_LEADER	3

111
#define SFD_FOLLOWER	4

112
#define SFD_USERTTY	5

113


114
/* Evaluates to true if the event has /dev/tty as its fd. */

115
#define USERTTY_EVENT(_ev)	(sudo_ev_get_fd((_ev)) == io_fds[SFD_USERTTY])

116


117
/*

118
 * Special values to indicate whether continuing in foreground or background.

119
 */

120
#define SIGCONT_FG	-2

121
#define SIGCONT_BG	-3

122


123
/*

124
 * Positions in saved_signals[]

125
 */

126
#define SAVED_SIGALRM	 0

127
#define SAVED_SIGCHLD	 1

128
#define SAVED_SIGCONT	 2

129
#define SAVED_SIGHUP	 3

130
#define SAVED_SIGINT	 4

131
#define SAVED_SIGPIPE	 5

132
#define SAVED_SIGQUIT	 6

133
#define SAVED_SIGTERM	 7

134
#define SAVED_SIGTSTP	 8

135
#define SAVED_SIGTTIN	 9

136
#define SAVED_SIGTTOU	10

137
#define SAVED_SIGUSR1	11

138
#define SAVED_SIGUSR2	12

139


140
/*

141
 * Error codes for sesh

142
 */

143
#define SESH_SUCCESS	    0		/* successful operation */

144
#define SESH_ERR_FAILURE    1		/* unspecified error */

145
#define SESH_ERR_KILLED     2		/* killed by a signal */

146
#define SESH_ERR_INVALID    30		/* invalid -e arg value */

147
#define SESH_ERR_BAD_PATHS  31		/* odd number of paths */

148
#define SESH_ERR_NO_FILES   32		/* copy error, no files copied */

149
#define SESH_ERR_SOME_FILES 33		/* copy error, some files copied */

150


151
#define INTERCEPT_FD_MIN    64		/* minimum fd so shell won't close it */

152
#define MESSAGE_SIZE_MAX    2097152	/* 2Mib max intercept message size */

153


154
union sudo_token_un {

155
    unsigned char u8[16];

156
    unsigned int u32[4];

157
    unsigned long long u64[2];

158
};

159


160
#define sudo_token_isset(_t) ((_t).u64[0] || (_t).u64[1])

161


162
/*

163
 * Use ptrace-based intercept (using seccomp) on Linux if possible.

164
 * On MIPS we can't change the syscall return and only support log_subcmds.

165
 */

166
#if defined(_PATH_SUDO_INTERCEPT) && defined(__linux__)

167
# if defined(HAVE_DECL_SECCOMP_MODE_FILTER) && HAVE_DECL_SECCOMP_MODE_FILTER

168
#  if defined(__x86_64__) || defined(__i386__) || defined(__aarch64__) || defined(__arm__) || defined(__mips__) || defined(__powerpc__) || (defined(__riscv) && __riscv_xlen == 64) || defined(__s390__)

169
#   ifndef HAVE_PTRACE_INTERCEPT

170
#    define HAVE_PTRACE_INTERCEPT 1

171
#   endif /* HAVE_PTRACE_INTERCEPT */

172
#  endif /* __amd64__ || __i386__ || __aarch64__ || __riscv || __s390__ */

173
# endif /* HAVE_DECL_SECCOMP_MODE_FILTER */

174
#endif /* _PATH_SUDO_INTERCEPT && __linux__ */

175


176
/* exec.c */

177
struct stat;

178
void exec_cmnd(struct command_details *details, sigset_t *mask, int intercept_fd, int errfd);

179
void terminate_command(pid_t pid, bool use_pgrp);

180
bool sudo_terminated(struct command_status *cstat);

181
void free_exec_closure(struct exec_closure *ec);

182
bool fd_matches_pgrp(int fd, pid_t pgrp, struct stat *sb);

183


184
/* exec_common.c */

185
int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, unsigned int flags);

186
char **disable_execute(char *envp[], const char *dso);

187
char **enable_monitor(char *envp[], const char *dso);

188


189
/* exec_intercept.c */

190
void *intercept_setup(int fd, struct sudo_event_base *evbase, const struct command_details *details);

191
void intercept_cleanup(struct exec_closure *ec);

192


193
/* exec_iolog.c */

194
bool log_ttyin(const char *buf, unsigned int n, struct io_buffer *iob);

195
bool log_stdin(const char *buf, unsigned int n, struct io_buffer *iob);

196
bool log_ttyout(const char *buf, unsigned int n, struct io_buffer *iob);

197
bool log_stdout(const char *buf, unsigned int n, struct io_buffer *iob);

198
bool log_stderr(const char *buf, unsigned int n, struct io_buffer *iob);

199
void log_suspend(void *v, int signo);

200
void log_winchange(struct exec_closure *ec, unsigned int rows, unsigned int cols);

201
void io_buf_new(int rfd, int wfd, bool (*action)(const char *, unsigned int, struct io_buffer *), void (*read_cb)(int fd, int what, void *v), void (*write_cb)(int fd, int what, void *v), struct exec_closure *ec);

202
int safe_close(int fd);

203
void ev_free_by_fd(struct sudo_event_base *evbase, int fd);

204
void free_io_bufs(void);

205
void add_io_events(struct exec_closure *ec);

206
void del_io_events(bool nonblocking);

207
void init_ttyblock(void);

208


209
/* exec_nopty.c */

210
void exec_nopty(struct command_details *details, const struct user_details *user_details, struct sudo_event_base *evbase, struct command_status *cstat);

211


212
/* exec_pty.c */

213
bool exec_pty(struct command_details *details, const struct user_details *user_details, struct sudo_event_base *evbase, struct command_status *cstat);

214
extern int io_fds[6];

215


216
/* exec_monitor.c */

217
int exec_monitor(struct command_details *details, sigset_t *omask, bool foreground, int backchannel, int intercept_fd);

218


219
/* utmp.c */

220
bool utmp_login(const char *from_line, const char *to_line, int ttyfd,

221
    const char *user);

222
bool utmp_logout(const char *line, int status);

223


224
/* exec_preload.c */

225
char **sudo_preload_dso(char *const envp[], const char *dso_file, int intercept_fd);

226
char **sudo_preload_dso_mmap(char *const envp[], const char *dso_file, int intercept_fd);

227


228
/* exec_ptrace.c */

229
bool exec_ptrace_stopped(pid_t pid, int status, void *intercept);

230
bool set_exec_filter(void);

231
int exec_ptrace_seize(pid_t child);

232


233
/* suspend_parent.c */

234
void sudo_suspend_parent(int signo, pid_t my_pid, pid_t my_pgrp, pid_t cmnd_pid, void *closure, void (*callback)(void *, int));

235


236
#endif /* SUDO_EXEC_H */

237


238