diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2000-08-13 21:58:53 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2000-08-13 21:58:53 +0000 |
commit | 076394920371fce2e1a33f2150d5cb1594745fc6 (patch) | |
tree | 1a6d85b08702066bdea1ee15bd680c91bc8fbc1e | |
parent | d9fbc819c4bc0822d9ce2d91af61eed69f7f0d02 (diff) |
update to sudo 1.6.3p5
-rw-r--r-- | usr.bin/sudo/CHANGES | 6 | ||||
-rw-r--r-- | usr.bin/sudo/parse.c | 42 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.c | 7 | ||||
-rw-r--r-- | usr.bin/sudo/tgetpass.c | 2 | ||||
-rw-r--r-- | usr.bin/sudo/version.h | 2 |
5 files changed, 41 insertions, 18 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 718ab7f06f7..f6ea3e11c0e 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1315,3 +1315,9 @@ Sudo 1.6.3p3 released. 412) Fixed a case where a string was used after it has been freed. Sudo 1.6.3p4 released. + +413) Fixed listpw and verifypw sudoers options. + +414) Do not write NUL when writing passwd prompt; hag@linnaean.org. + +Sudo 1.6.3p5 released. diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c index b56d61d8e71..c58223caeed 100644 --- a/usr.bin/sudo/parse.c +++ b/usr.bin/sudo/parse.c @@ -112,10 +112,11 @@ static int has_meta __P((char *)); * allowed to run the specified command on this host as the target user. */ int -sudoers_lookup(pwflags) - int pwflags; +sudoers_lookup(sudo_mode) + int sudo_mode; { int error; + int pwcheck; /* Become sudoers file owner */ set_perms(PERM_SUDOERS, 0); @@ -128,8 +129,9 @@ sudoers_lookup(pwflags) /* Allocate space for data structures in the parser. */ init_parser(); - /* For most pwflags to be useful we need to keep more state around. */ - if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS) + /* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */ + if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL && + sudo_mode != MODE_INVALIDATE) keepall = TRUE; /* Need to be root while stat'ing things in the parser. */ @@ -144,6 +146,26 @@ sudoers_lookup(pwflags) return(VALIDATE_ERROR); /* + * The pw options may have changed during sudoers parse so we + * wait until now to set this. + */ + switch (sudo_mode) { + case MODE_VALIDATE: + pwcheck = def_ival(I_VERIFYPW); + break; + case MODE_LIST: + pwcheck = def_ival(I_LISTPW); + break; + case MODE_KILL: + case MODE_INVALIDATE: + pwcheck = PWCHECK_NEVER; + break; + default: + pwcheck = 0; + break; +} + + /* * Assume the worst. If the stack is empty the user was * not mentioned at all. */ @@ -151,7 +173,7 @@ sudoers_lookup(pwflags) error = VALIDATE_NOT_OK; else error = VALIDATE_NOT_OK | FLAG_NOPASS; - if (pwflags) { + if (pwcheck) { error |= FLAG_NO_CHECK; } else { error |= FLAG_NO_HOST; @@ -160,14 +182,14 @@ sudoers_lookup(pwflags) } /* - * Only check the actual command if pwflags flag is not set. + * Only check the actual command if pwcheck flag is not set. * It is set for the "validate", "list" and "kill" pseudo-commands. * Always check the host and user. */ - if (pwflags) { + if (pwcheck) { int nopass, found; - if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) + if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) nopass = FLAG_NOPASS; else nopass = -1; @@ -175,9 +197,9 @@ sudoers_lookup(pwflags) while (top) { if (host_matches == TRUE) { found = 1; - if (pwflags == PWCHECK_ANY && no_passwd == TRUE) + if (pwcheck == PWCHECK_ANY && no_passwd == TRUE) nopass = FLAG_NOPASS; - else if (pwflags == PWCHECK_ALL && nopass != 0) + else if (pwcheck == PWCHECK_ALL && nopass != 0) nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; } top--; diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index ca66a8b953a..7e80fefc16e 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -176,7 +176,6 @@ main(argc, argv) int fd; int cmnd_status; int sudo_mode; - int sudoers_flags; #ifdef POSIX_SIGNALS sigset_t set, oset; #else @@ -231,7 +230,6 @@ main(argc, argv) /* Setup defaults data structures. */ init_defaults(); - sudoers_flags = 0; if (sudo_mode & MODE_SHELL) user_cmnd = "shell"; else @@ -250,12 +248,10 @@ main(argc, argv) break; case MODE_VALIDATE: user_cmnd = "validate"; - sudoers_flags = def_ival(I_VERIFYPW); break; case MODE_KILL: case MODE_INVALIDATE: user_cmnd = "kill"; - sudoers_flags = PWCHECK_NEVER; break; case MODE_LISTDEFS: list_options(); @@ -264,7 +260,6 @@ main(argc, argv) case MODE_LIST: user_cmnd = "list"; printmatches = 1; - sudoers_flags = def_ival(I_LISTPW); break; } @@ -283,7 +278,7 @@ main(argc, argv) add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ /* Validate the user but don't search for pseudo-commands. */ - validated = sudoers_lookup(sudoers_flags); + validated = sudoers_lookup(sudo_mode); /* This goes after the sudoers parse since we honor sudoers options. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { diff --git a/usr.bin/sudo/tgetpass.c b/usr.bin/sudo/tgetpass.c index d8d2080d9ee..b1492aef922 100644 --- a/usr.bin/sudo/tgetpass.c +++ b/usr.bin/sudo/tgetpass.c @@ -128,7 +128,7 @@ tgetpass(prompt, timeout, flags) } if (prompt) - (void) write(output, prompt, strlen(prompt) + 1); + (void) write(output, prompt, strlen(prompt)); /* Turn echo off/on as specified by flags. */ (void) term_getattr(input, &oterm); diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 4226e121c62..38e5570ce0f 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -37,6 +37,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.3p4"; +static const char version[] = "1.6.3p5"; #endif /* _SUDO_VERSION_H */ |