summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2000-08-13 21:58:53 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2000-08-13 21:58:53 +0000
commit076394920371fce2e1a33f2150d5cb1594745fc6 (patch)
tree1a6d85b08702066bdea1ee15bd680c91bc8fbc1e
parentd9fbc819c4bc0822d9ce2d91af61eed69f7f0d02 (diff)
update to sudo 1.6.3p5
-rw-r--r--usr.bin/sudo/CHANGES6
-rw-r--r--usr.bin/sudo/parse.c42
-rw-r--r--usr.bin/sudo/sudo.c7
-rw-r--r--usr.bin/sudo/tgetpass.c2
-rw-r--r--usr.bin/sudo/version.h2
5 files changed, 41 insertions, 18 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES
index 718ab7f06f7..f6ea3e11c0e 100644
--- a/usr.bin/sudo/CHANGES
+++ b/usr.bin/sudo/CHANGES
@@ -1315,3 +1315,9 @@ Sudo 1.6.3p3 released.
412) Fixed a case where a string was used after it has been freed.
Sudo 1.6.3p4 released.
+
+413) Fixed listpw and verifypw sudoers options.
+
+414) Do not write NUL when writing passwd prompt; hag@linnaean.org.
+
+Sudo 1.6.3p5 released.
diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c
index b56d61d8e71..c58223caeed 100644
--- a/usr.bin/sudo/parse.c
+++ b/usr.bin/sudo/parse.c
@@ -112,10 +112,11 @@ static int has_meta __P((char *));
* allowed to run the specified command on this host as the target user.
*/
int
-sudoers_lookup(pwflags)
- int pwflags;
+sudoers_lookup(sudo_mode)
+ int sudo_mode;
{
int error;
+ int pwcheck;
/* Become sudoers file owner */
set_perms(PERM_SUDOERS, 0);
@@ -128,8 +129,9 @@ sudoers_lookup(pwflags)
/* Allocate space for data structures in the parser. */
init_parser();
- /* For most pwflags to be useful we need to keep more state around. */
- if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS)
+ /* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */
+ if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL &&
+ sudo_mode != MODE_INVALIDATE)
keepall = TRUE;
/* Need to be root while stat'ing things in the parser. */
@@ -144,6 +146,26 @@ sudoers_lookup(pwflags)
return(VALIDATE_ERROR);
/*
+ * The pw options may have changed during sudoers parse so we
+ * wait until now to set this.
+ */
+ switch (sudo_mode) {
+ case MODE_VALIDATE:
+ pwcheck = def_ival(I_VERIFYPW);
+ break;
+ case MODE_LIST:
+ pwcheck = def_ival(I_LISTPW);
+ break;
+ case MODE_KILL:
+ case MODE_INVALIDATE:
+ pwcheck = PWCHECK_NEVER;
+ break;
+ default:
+ pwcheck = 0;
+ break;
+}
+
+ /*
* Assume the worst. If the stack is empty the user was
* not mentioned at all.
*/
@@ -151,7 +173,7 @@ sudoers_lookup(pwflags)
error = VALIDATE_NOT_OK;
else
error = VALIDATE_NOT_OK | FLAG_NOPASS;
- if (pwflags) {
+ if (pwcheck) {
error |= FLAG_NO_CHECK;
} else {
error |= FLAG_NO_HOST;
@@ -160,14 +182,14 @@ sudoers_lookup(pwflags)
}
/*
- * Only check the actual command if pwflags flag is not set.
+ * Only check the actual command if pwcheck flag is not set.
* It is set for the "validate", "list" and "kill" pseudo-commands.
* Always check the host and user.
*/
- if (pwflags) {
+ if (pwcheck) {
int nopass, found;
- if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
+ if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
nopass = FLAG_NOPASS;
else
nopass = -1;
@@ -175,9 +197,9 @@ sudoers_lookup(pwflags)
while (top) {
if (host_matches == TRUE) {
found = 1;
- if (pwflags == PWCHECK_ANY && no_passwd == TRUE)
+ if (pwcheck == PWCHECK_ANY && no_passwd == TRUE)
nopass = FLAG_NOPASS;
- else if (pwflags == PWCHECK_ALL && nopass != 0)
+ else if (pwcheck == PWCHECK_ALL && nopass != 0)
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
}
top--;
diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c
index ca66a8b953a..7e80fefc16e 100644
--- a/usr.bin/sudo/sudo.c
+++ b/usr.bin/sudo/sudo.c
@@ -176,7 +176,6 @@ main(argc, argv)
int fd;
int cmnd_status;
int sudo_mode;
- int sudoers_flags;
#ifdef POSIX_SIGNALS
sigset_t set, oset;
#else
@@ -231,7 +230,6 @@ main(argc, argv)
/* Setup defaults data structures. */
init_defaults();
- sudoers_flags = 0;
if (sudo_mode & MODE_SHELL)
user_cmnd = "shell";
else
@@ -250,12 +248,10 @@ main(argc, argv)
break;
case MODE_VALIDATE:
user_cmnd = "validate";
- sudoers_flags = def_ival(I_VERIFYPW);
break;
case MODE_KILL:
case MODE_INVALIDATE:
user_cmnd = "kill";
- sudoers_flags = PWCHECK_NEVER;
break;
case MODE_LISTDEFS:
list_options();
@@ -264,7 +260,6 @@ main(argc, argv)
case MODE_LIST:
user_cmnd = "list";
printmatches = 1;
- sudoers_flags = def_ival(I_LISTPW);
break;
}
@@ -283,7 +278,7 @@ main(argc, argv)
add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */
/* Validate the user but don't search for pseudo-commands. */
- validated = sudoers_lookup(sudoers_flags);
+ validated = sudoers_lookup(sudo_mode);
/* This goes after the sudoers parse since we honor sudoers options. */
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
diff --git a/usr.bin/sudo/tgetpass.c b/usr.bin/sudo/tgetpass.c
index d8d2080d9ee..b1492aef922 100644
--- a/usr.bin/sudo/tgetpass.c
+++ b/usr.bin/sudo/tgetpass.c
@@ -128,7 +128,7 @@ tgetpass(prompt, timeout, flags)
}
if (prompt)
- (void) write(output, prompt, strlen(prompt) + 1);
+ (void) write(output, prompt, strlen(prompt));
/* Turn echo off/on as specified by flags. */
(void) term_getattr(input, &oterm);
diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h
index 4226e121c62..38e5570ce0f 100644
--- a/usr.bin/sudo/version.h
+++ b/usr.bin/sudo/version.h
@@ -37,6 +37,6 @@
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.3p4";
+static const char version[] = "1.6.3p5";
#endif /* _SUDO_VERSION_H */