summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1998-11-21 01:34:55 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1998-11-21 01:34:55 +0000
commit3396948868b7028ad180ddcd1d206d1801803e4e (patch)
tree08dce227981bb4265e5f860fdb1108e1fa94b486
parentba5ec70b5193da84592c05d5646fd339342b33ad (diff)
sudo 1.5.7
-rw-r--r--gnu/usr.bin/sudo/README8
-rw-r--r--gnu/usr.bin/sudo/sudo/check.c239
-rw-r--r--gnu/usr.bin/sudo/sudo/compat.h12
-rw-r--r--gnu/usr.bin/sudo/sudo/config.h243
-rw-r--r--gnu/usr.bin/sudo/sudo/find_path.c72
-rw-r--r--gnu/usr.bin/sudo/sudo/getspwuid.c228
-rw-r--r--gnu/usr.bin/sudo/sudo/goodpath.c12
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_2001.h6
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_classic.h6
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_csops.h6
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_goons.h6
-rw-r--r--gnu/usr.bin/sudo/sudo/insults.h13
-rw-r--r--gnu/usr.bin/sudo/sudo/interfaces.c24
-rw-r--r--gnu/usr.bin/sudo/sudo/logging.c40
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.c34
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.lex13
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.yacc32
-rw-r--r--gnu/usr.bin/sudo/sudo/pathnames.h48
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.826
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.c129
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.h48
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo_setenv.c13
-rw-r--r--gnu/usr.bin/sudo/sudo/sudoers.510
-rw-r--r--gnu/usr.bin/sudo/sudo/tgetpass.c50
-rw-r--r--gnu/usr.bin/sudo/sudo/version.h8
-rw-r--r--gnu/usr.bin/sudo/visudo/visudo.812
-rw-r--r--gnu/usr.bin/sudo/visudo/visudo.c21
27 files changed, 759 insertions, 600 deletions
diff --git a/gnu/usr.bin/sudo/README b/gnu/usr.bin/sudo/README
index 3e714dc1be0..045c545cedf 100644
--- a/gnu/usr.bin/sudo/README
+++ b/gnu/usr.bin/sudo/README
@@ -1,3 +1,11 @@
This is a minimal sudo distribution for OpenBSD. You can get the
full package at ftp://ftp.cs.colorado.edu/pub/sudo/. For info on
sudo please see http://www.courtesan.com/sudo/.
+
+This sudo was configured with the following options:
+ --disable-path-info
+ --with-insults
+ --with-env-editor
+ --with-logfac=LOG_AUTHPRIV
+
+S/Key and Kerberos IV are enabled based on bsd.own.mk
diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c
index 0c72fc2a070..0f3be189cdd 100644
--- a/gnu/usr.bin/sudo/sudo/check.c
+++ b/gnu/usr.bin/sudo/sudo/check.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: check.c,v 1.12 1998/11/13 22:44:33 millert Exp $ */
+/* $OpenBSD: check.c,v 1.13 1998/11/21 01:34:51 millert Exp $ */
/*
- * CU sudo version 1.5.6 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.7 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
@@ -37,10 +37,6 @@
* Jeff Nieusma Thu Mar 21 22:39:07 MST 1991
*/
-#ifndef lint
-static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -57,26 +53,14 @@ static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $"
#include <strings.h>
#endif /* HAVE_STRINGS_H */
#include <fcntl.h>
+#include <time.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/time.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <pwd.h>
#include <grp.h>
-#include "sudo.h"
-#include <options.h>
-#include "insults.h"
-#include "version.h"
-#if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* SPW_SECUREWARE */
#ifdef HAVE_KERB4
# include <krb.h>
#endif /* HAVE_KERB4 */
@@ -107,6 +91,13 @@ static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $"
# include "emul/utime.h"
#endif /* HAVE_UTIME */
+#include "sudo.h"
+#include "insults.h"
+#include "version.h"
+
+#ifndef lint
+static const char rcsid[] = "$From: check.c,v 1.163 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
/*
* Prototypes for local functions
@@ -116,6 +107,7 @@ static void check_passwd __P((void));
static int touch __P((char *));
static void update_timestamp __P((void));
static void reminder __P((void));
+static char *expand_prompt __P((char *, char *, char *));
#ifdef HAVE_KERB4
static int sudo_krb_validate_user __P((struct passwd *, char *));
#endif /* HAVE_KERB4 */
@@ -141,18 +133,9 @@ union config_record configure;
#ifdef HAVE_SKEY
struct skey skey;
#endif
-#ifdef HAVE_PAM
-static struct pam_conv conv = {
- misc_conv,
- NULL
-};
-#endif
#ifdef HAVE_OPIE
struct opie opie;
#endif
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
-extern uchar_t crypt_type;
-#endif /* SPW_SECUREWARE && __alpha */
@@ -180,11 +163,17 @@ void check_user()
if (rtn == 2)
reminder(); /* do the reminder if ticket file is new */
#endif /* NO_MESSAGE */
-#ifdef HAVE_PAM
+
+ /* expand any escapes in the prompt */
+ prompt = expand_prompt(prompt, user_name, shost);
+
+#ifdef HAVE_SIA
+ sia_attempt_auth();
+#elif HAVE_PAM
pam_attempt_auth();
-#else /* !HAVE_PAM */
+#else /* !HAVE_SIA && !HAVE_PAM */
check_passwd();
-#endif /* HAVE_PAM */
+#endif /* HAVE_SIA */
}
update_timestamp();
@@ -249,15 +238,15 @@ static int check_timestamp()
if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 >
sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0],
+ (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0],
_PATH_SUDO_TIMEDIR, user_name, p);
exit(1);
}
- (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p);
+ (void) sprintf(timestampfile, "%s/%s:%s", _PATH_SUDO_TIMEDIR, user_name, p);
#else
if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 >
sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
+ (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
_PATH_SUDO_TIMEDIR, user_name);
exit(1);
}
@@ -302,7 +291,7 @@ static int check_timestamp()
} else {
/* check the time against the timestamp file */
now = time((time_t *) NULL);
- if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT)
+ if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT) {
/* check for bogus time on the stampfile */
if (statbuf.st_mtime > now + 60 * TIMEOUT * 2) {
timestamp_is_old = 2; /* bogus time value */
@@ -312,8 +301,9 @@ static int check_timestamp()
} else {
timestamp_is_old = 0; /* time value is reasonable */
}
- else
+ } else {
timestamp_is_old = 1; /* else make 'em enter password */
+ }
}
}
/*
@@ -420,7 +410,7 @@ void remove_timestamp()
if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 >
sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0],
+ (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0],
_PATH_SUDO_TIMEDIR, user_name, p);
exit(1);
}
@@ -428,7 +418,7 @@ void remove_timestamp()
#else
if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 >
sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
+ (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
_PATH_SUDO_TIMEDIR, user_name);
exit(1);
}
@@ -482,11 +472,7 @@ static void check_passwd()
}
--counter; /* otherwise, try again */
-#ifdef USE_INSULTS
- (void) fprintf(stderr, "%s\n", INSULT);
-#else
- (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
-#endif /* USE_INSULTS */
+ pass_warn(stderr);
}
set_perms(PERM_USER, 0);
@@ -503,8 +489,8 @@ static void check_passwd()
#else /* !HAVE_SECURID */
static void check_passwd()
{
- char *pass; /* this is what gets entered */
- register int counter = TRIES_FOR_PASSWORD;
+ char *pass; /* this is what gets entered */
+ int counter = TRIES_FOR_PASSWORD;
#if defined(HAVE_KERB4) && defined(USE_GETPASS)
char kpass[_PASSWD_LEN + 1];
#endif /* HAVE_KERB4 && USE_GETPASS */
@@ -530,7 +516,7 @@ static void check_passwd()
# ifdef USE_GETPASS
pass = (char *) getpass(prompt);
# else
- pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60, user_name, shost);
+ pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60);
# endif /* USE_GETPASS */
reenter = 1;
if (authenticate(user_name, pass, &reenter, &message) == 0)
@@ -558,7 +544,7 @@ static void check_passwd()
pass = (char *) getpass(prompt);
# endif /* HAVE_KERB4 */
# else
- pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60, user_name, shost);
+ pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60);
# endif /* USE_GETPASS */
/* Exit loop on nil password */
@@ -596,41 +582,15 @@ static void check_passwd()
* If we use shadow passwords with a different crypt(3)
* check that here, else use standard crypt(3).
*/
-# if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_ULTRIX4)
+# ifdef HAVE_GETAUTHUID
if (!strcmp(user_passwd, (char *) crypt16(pass, user_passwd)))
return; /* if the passwd is correct return() */
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE) && !defined(__alpha)
-# ifdef HAVE_BIGCRYPT
- if (strcmp(user_passwd, (char *) bigcrypt(pass, user_passwd)) == 0)
- return; /* if the passwd is correct return() */
-# else
- if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0)
- return; /* if the passwd is correct return() */
-# endif /* HAVE_BIGCRYPT */
-# endif /* SECUREWARE && !__alpha */
-# if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
- if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
- if (!strcmp(user_passwd, bigcrypt(pass, user_passwd)))
- return; /* if the passwd is correct return() */
- } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
- if (!strcmp(user_passwd, crypt16(pass, user_passwd)))
- return; /* if the passwd is correct return() */
-# ifdef AUTH_CRYPT_OLDCRYPT
- } else if (crypt_type == AUTH_CRYPT_OLDCRYPT ||
- crypt_type == AUTH_CRYPT_C1CRYPT) {
- if (!strcmp(user_passwd, crypt(pass, user_passwd)))
- return; /* if the passwd is correct return() */
-# endif
- } else {
- (void) fprintf(stderr,
- "%s: Sorry, I don't know how to deal with crypt type %d.\n",
- Argv[0], crypt_type);
- exit(1);
- }
-# endif /* SECUREWARE && __alpha */
-# endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+# endif /* HAVE_GETAUTHUID */
+
+# ifdef HAVE_GETPRPWNAM
+ if (check_secureware(pass))
+ return; /* if the passwd is correct return() */
+# endif /* HAVE_HAVE_GETPRPWNAM */
/* Normal UN*X password check */
if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd)))
@@ -664,11 +624,7 @@ static void check_passwd()
#endif /* HAVE_AUTHENTICATE */
--counter; /* otherwise, try again */
-#ifdef USE_INSULTS
- (void) fprintf(stderr, "%s\n", INSULT);
-#else
- (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
-#endif /* USE_INSULTS */
+ pass_warn(stderr);
}
if (counter > 0) {
@@ -691,8 +647,8 @@ static void check_passwd()
*
* Validate a user via kerberos.
*/
-static int sudo_krb_validate_user(pw_ent, pass)
- struct passwd *pw_ent;
+static int sudo_krb_validate_user(pw, pass)
+ struct passwd *pw;
char *pass;
{
char realm[REALM_SZ];
@@ -708,7 +664,7 @@ static int sudo_krb_validate_user(pw_ent, pass)
* wipe out other kerberos tickets.
*/
(void) sprintf(tkfile, "%s/tkt%ld", _PATH_SUDO_TIMEDIR,
- (long) pw_ent->pw_uid);
+ (long) pw->pw_uid);
(void) krb_set_tkt_string(tkfile);
/*
@@ -716,7 +672,7 @@ static int sudo_krb_validate_user(pw_ent, pass)
* the ruid and euid to be the same here so we setuid to root.
*/
set_perms(PERM_ROOT, 0);
- k_errno = krb_get_pw_in_tkt(pw_ent->pw_name, "", realm, "krbtgt", realm,
+ k_errno = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
DEFAULT_TKT_LIFE, pass);
/*
@@ -748,6 +704,10 @@ static void pam_attempt_auth()
pam_handle_t *pamh=NULL;
int retval;
register int counter = TRIES_FOR_PASSWORD;
+ struct pam_conv conv = {
+ misc_conv,
+ NULL
+ };
set_perms(PERM_ROOT, 0);
retval = pam_start("sudo", user_name, &conv, &pamh);
@@ -764,11 +724,7 @@ static void pam_attempt_auth()
}
--counter;
-#ifdef USE_INSULTS
- (void) fprintf(stderr, "%s\n", INSULT);
-#else
- (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
-#endif /* USE_INSULTS */
+ pass_warn(stderr);
}
set_perms(PERM_USER, 0);
@@ -834,7 +790,6 @@ static char *sudo_skeyprompt(user_skey, p)
/* allocate space for new prompt */
np_size = op_len + strlen(challenge) + 7;
if (!(new_prompt = (char *) malloc(np_size))) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -843,7 +798,6 @@ static char *sudo_skeyprompt(user_skey, p)
if (np_size < op_len + strlen(challenge) + 7) {
np_size = op_len + strlen(challenge) + 7;
if (!(new_prompt = (char *) realloc(new_prompt, np_size))) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n",
Argv[0]);
exit(1);
@@ -909,7 +863,6 @@ static char *sudo_opieprompt(user_opie, p)
/* allocate space for new prompt */
np_size = op_len + strlen(challenge) + 7;
if (!(new_prompt = (char *) malloc(np_size))) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -918,7 +871,6 @@ static char *sudo_opieprompt(user_opie, p)
if (np_size < op_len + strlen(challenge) + 7) {
np_size = op_len + strlen(challenge) + 7;
if (!(new_prompt = (char *) realloc(new_prompt, np_size))) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n",
Argv[0]);
exit(1);
@@ -952,7 +904,7 @@ static void reminder()
(void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n",
#else
(void) fprintf(stderr, "\n%s%s%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n",
- " CU sudo version ", version, ", based on Root Group sudo version 1.1",
+ " CU Sudo version ", version, ", based on Root Group sudo version 1.1.",
" sudo version 1.1 is Copyright (C) 1991 The Root Group, Inc.",
" sudo comes with ABSOLUTELY NO WARRANTY. This is free software,",
" and you are welcome to redistribute it under certain conditions.",
@@ -964,3 +916,92 @@ static void reminder()
);
}
#endif /* NO_MESSAGE */
+
+
+/********************************************************************
+ *
+ * pass_warn()
+ *
+ * warn the user that the password was incorrect
+ * (and insult them if insults are configured).
+ */
+
+void pass_warn(fp)
+ FILE *fp;
+{
+
+#ifdef USE_INSULTS
+ (void) fprintf(fp, "%s\n", INSULT);
+#else
+ (void) fprintf(fp, "%s\n", INCORRECT_PASSWORD);
+#endif /* USE_INSULTS */
+}
+
+/********************************************************************
+ *
+ * expand_prompt()
+ *
+ * expand %h and %u in the prompt and pass back the dynamically
+ * allocated result. Returns the same string if no escapes.
+ */
+
+static char *expand_prompt(old_prompt, user, host)
+ char *old_prompt;
+ char *user;
+ char *host;
+{
+ size_t len;
+ int subst;
+ char *p, *np, *new_prompt, lastchar;
+
+ /* How much space do we need to malloc for the prompt? */
+ subst = 0;
+ for (p = old_prompt, len = strlen(old_prompt), lastchar = '\0'; *p; p++) {
+ if (lastchar == '%') {
+ if (*p == 'h') {
+ len += strlen(shost) - 2;
+ subst = 1;
+ } else if (*p == 'u') {
+ len += strlen(user_name) - 2;
+ subst = 1;
+ }
+ }
+
+ if (lastchar == '%' && *p == '%') {
+ lastchar = '\0';
+ len--;
+ } else
+ lastchar = *p;
+ }
+
+ if (subst) {
+ if ((new_prompt = (char *) malloc(len + 1)) == NULL) {
+ (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+ exit(1);
+ }
+ for (p = prompt, np = new_prompt; *p; p++) {
+ if (lastchar == '%' && (*p == 'h' || *p == 'u' || *p == '%')) {
+ /* substiture user/host name */
+ if (*p == 'h') {
+ np--;
+ strcpy(np, shost);
+ np += strlen(shost);
+ } else if (*p == 'u') {
+ np--;
+ strcpy(np, user_name);
+ np += strlen(user_name);
+ }
+ } else
+ *np++ = *p;
+
+ if (lastchar == '%' && *p == '%')
+ lastchar = '\0';
+ else
+ lastchar = *p;
+ }
+ *np = '\0';
+ } else
+ new_prompt = prompt;
+
+ return(new_prompt);
+}
diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h
index 2c8231a426f..6d1b68572fc 100644
--- a/gnu/usr.bin/sudo/sudo/compat.h
+++ b/gnu/usr.bin/sudo/sudo/compat.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: compat.h,v 1.6 1998/09/15 02:42:43 millert Exp $ */
+/* $OpenBSD: compat.h,v 1.7 1998/11/21 01:34:51 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: compat.h,v 1.39 1998/09/09 00:45:17 millert Exp $
+ * $From: compat.h,v 1.42 1998/10/21 23:50:10 millert Exp $
*/
#ifndef _SUDO_COMPAT_H
@@ -102,7 +102,7 @@
# undef _PASSWD_LEN
# define _PASSWD_LEN 256
#else
-# if (SHADOW_TYPE == SPW_SECUREWARE)
+# ifdef HAVE_GETPRPWNAM
# undef _PASSWD_LEN
# define _PASSWD_LEN AUTH_MAX_PASSWD_LENGTH
# else
@@ -117,8 +117,8 @@
# endif /* SHADOW_TYPE != SPW_NONE */
# endif /* PASS_MAX */
# endif /* !_PASSWD_LEN */
-# endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
-#endif /* SPW_SECUREWARE */
+# endif /* HAVE_GETPRPWNAM */
+#endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
/*
* Some OS's lack these
diff --git a/gnu/usr.bin/sudo/sudo/config.h b/gnu/usr.bin/sudo/sudo/config.h
index 33a2494ea68..3f67f2be97e 100644
--- a/gnu/usr.bin/sudo/sudo/config.h
+++ b/gnu/usr.bin/sudo/sudo/config.h
@@ -1,8 +1,8 @@
-/* $OpenBSD: config.h,v 1.5 1998/09/15 02:42:43 millert Exp $ */
+/* $OpenBSD: config.h,v 1.6 1998/11/21 01:34:51 millert Exp $ */
/* config.h. Generated automatically by configure. */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: config.h.in,v 1.95 1998/09/11 23:23:33 millert Exp $
+ * $From: config.h.in,v 1.109 1998/11/18 20:31:25 millert Exp $
*/
/*
@@ -28,6 +28,9 @@
* NOT using configure.
*/
+#ifndef _SUDO_CONFIG_H
+#define _SUDO_CONFIG_H
+
/* New ANSI-style OS defs. */
#if defined(hpux) && !defined(__hpux)
# define __hpux 1
@@ -91,12 +94,42 @@
/* Define if you want to use the system getpass(). */
/* #undef USE_GETPASS */
+/* Define if you want to use execv() instead of execvp(). */
+/* #undef USE_EXECV */
+
+/* Define if you a different ticket file for each tty. */
+/* #undef USE_TTY_TICKETS */
+
+/* Define if you want to insult the user for entering an incorrect password. */
+#define USE_INSULTS 1
+
+/* Define if you want the insults from the "classic" version sudo. */
+#define CLASSIC_INSULTS 1
+
+/* Define if you want 2001-like insults. */
+/* #undef HAL_INSULTS */
+
+/* Define if you want insults from the "Goon Show" */
+/* #undef GOONS_INSULTS */
+
+/* Define if you want insults culled from the twisted minds of CSOps. */
+#define CSOPS_INSULTS 1
+
+/* Define to override the user's path with a builtin one. */
+/* #undef SECURE_PATH */
+
/* Define if you use S/Key. */
/* #undef HAVE_SKEY */
/* Define if you use NRL OPIE. */
/* #undef HAVE_OPIE */
+/* Define if you want a two line OTP (skey/opie) prompt. */
+/* #undef LONG_OTP_PROMPT */
+
+/* Define if you want to validate users via OTP (skey/opie) only. */
+/* #undef OTP_ONLY */
+
/* Define if you use SecurID. */
/* #undef HAVE_SECURID */
@@ -114,6 +147,9 @@
# define HAVE_KERB4
#endif /* HAVE_KERB5 */
+/* Define if you use SIA. */
+/* #undef HAVE_SIA */
+
/* Define if you use PAM. */
/* #undef HAVE_PAM */
@@ -168,28 +204,28 @@
# define memset(S, X, N) (bzero(S, N))
#endif
-/* Define if you have sysconf(3c). */
+/* Define if you have sysconf(3c). */
#define HAVE_SYSCONF 1
-/* Define if you have putenv(3). */
+/* Define if you have putenv(3). */
/* #undef HAVE_PUTENV */
-/* Define if you have setenv(3). */
+/* Define if you have setenv(3). */
#define HAVE_SETENV 1
-/* Define if you have strcasecmp(3). */
+/* Define if you have strcasecmp(3). */
#define HAVE_STRCASECMP 1
-/* Define if you have tcgetattr(3). */
+/* Define if you have tcgetattr(3). */
#define HAVE_TCGETATTR 1
-/* Define if you have innetgr(3). */
+/* Define if you have innetgr(3). */
#define HAVE_INNETGR 1
-/* Define if you have getdomainname(2). */
+/* Define if you have getdomainname(2). */
#define HAVE_GETDOMAINNAME 1
-/* Define if you have utime(2). */
+/* Define if you have utime(2). */
#define HAVE_UTIME 1
/* Define if you have a POSIX utime() (uses struct utimbuf) */
@@ -198,19 +234,46 @@
/* Define if utime(file, NULL) sets timestamp to current */
#define HAVE_UTIME_NULL 1
-/* Define if you have bigcrypt(3). */
+/* Define if you have bigcrypt(3). */
/* #undef HAVE_BIGCRYPT */
-/* Define if you have set_auth_parameters(3). */
+/* Define if you have set_auth_parameters(3). */
/* #undef HAVE_SET_AUTH_PARAMETERS */
-/* Define if you have seteuid(3). */
+/* Define if you have initprivs(3). */
+/* #undef HAVE_INITPRIVS */
+
+/* Define if you have dispcrypt(3). */
+/* #undef HAVE_DISPCRYPT */
+
+/* Define if you have getspnam(3). [SVR4-style shadow passwords] */
+/* #undef HAVE_GETSPNAM */
+
+/* Define if you have getprpwnam(3). [SecureWare-style shadow passwords] */
+/* #undef HAVE_GETPRPWNAM */
+
+/* Define if you have iscomsec(3). [HP-UX >= 10.x check for shadow enabled] */
+/* #undef HAVE_ISCOMSEC */
+
+/* Define if you have getspwuid(3). [HP-UX <= 9.X shadow passwords] */
+/* #undef HAVE_GETSPWUID */
+
+/* Define if you have getpwanam(3). [SunOS 4.x shadow passwords] */
+/* #undef HAVE_GETPWANAM */
+
+/* Define if you have issecure(3). [SunOS 4.x check for shadow enabled] */
+/* #undef HAVE_ISSECURE */
+
+/* Define if you have getauthuid(3). [ULTRIX 4.x shadow passwords] */
+/* #undef HAVE_GETAUTHUID */
+
+/* Define if you have seteuid(3). */
#define HAVE_SETEUID 1
-/* Define if you have waitpid(2). */
+/* Define if you have waitpid(2). */
#define HAVE_WAITPID 1
-/* Define if you have wait3(2). */
+/* Define if you have wait3(2). */
/* #undef HAVE_WAIT3 */
/* Define if you have the <malloc.h> header file. */
@@ -265,41 +328,21 @@
/* Define if you have the <sys/select.h> header file. */
#define HAVE_SYS_SELECT_H 1
-/* Define if your struct sockadr has an sa_len field. */
+/* Define if your struct sockadr has an sa_len field. */
#define HAVE_SA_LEN 1
-/* Supported shadow password types */
-#define SPW_NONE 0x00
-#define SPW_SECUREWARE 0x01
-#define SPW_HPUX9 0x02
-#define SPW_SUNOS4 0x03
-#define SPW_SVR4 0x04
-#define SPW_ULTRIX4 0x05
-#define SPW_BSD 0x06
-
-/* Define to the variety of shadow passwords supported on your OS */
-#define SHADOW_TYPE SPW_BSD
-
/* Define to void if your C compiler fully groks void, else char */
#define VOID void
-/* Define to the max length of a uid_t in string context (excluding the NULL */
+/* Define to the max length of a uid_t in string context (excluding the NUL) */
#define MAX_UID_T_LEN 10
/* Define if your syslog(3) does not guarantee the message will be logged */
/* and syslog(3) returns non-zero to denote failure */
/* #undef BROKEN_SYSLOG */
-/*
- * Emulate a subset of waitpid() if we don't have it.
- */
-#ifdef HAVE_WAITPID
-#define sudo_waitpid(p, s, o) waitpid(p, s, o)
-#else
-#ifdef HAVE_WAIT3
-#define sudo_waitpid(p, s, o) wait3(s, o, NULL)
-#endif
-#endif
+/* The umask that the root-run prog should use */
+#define SUDO_UMASK 0022
/* Define if you want the hostname to be entered into the log file */
/* #undef HOST_IN_LOG */
@@ -307,35 +350,97 @@
/* Define if you want the log file line to be wrapped */
#define WRAP_LOG 1
+/* Define to be the number of minutes before sudo asks for passwd again. */
+#define TIMEOUT 5
+
+/* Define to be the passwd prompt timeout (in minutes). */
+#define PASSWORD_TIMEOUT 5
+
+/* Define to be the number of tries the user gets to enter the passwd. */
+#define TRIES_FOR_PASSWORD 3
+
+/* Define to be the user sudo should run commands as by default. */
+#define RUNAS_DEFAULT "root"
+
+/* Define if you want to require fully qualified hosts in sudoers. */
+/* #undef FQDN */
+
+/* If defined, users in this group need not enter a passwd (ie "sudo"). */
+/* #undef EXEMPTGROUP */
+
+/* Define to the path of the editor visudo should use. */
+#define EDITOR _PATH_VI
+
+/* Define to be the user that gets sudo mail. */
+#define ALERTMAIL "root"
+
+/* Define to be the subject of the mail sent to ALERTMAIL by sudo. */
+#define MAILSUBJECT "*** SECURITY information for %h ***"
+
+/* Define to be the message given for a bad password. */
+#define INCORRECT_PASSWORD "Sorry, try again."
+
+/* Define to be the password prompt. */
+#define PASSPROMPT "Password:"
+
+/* Define if you want visudo to honor EDITOR and VISUAL env variables. */
+#define ENV_EDITOR 1
+
+/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH */
+#define LOGGING SLOG_SYSLOG
+
+/* Define to be the syslog facility to use. */
+#define LOGFAC LOG_AUTHPRIV
+
+/* Define to be the max chars per log line (for line wrapping). */
+#define MAXLOGFILELEN 80
+
+/* Define if you want to ignore '.' and '' in $PATH */
+/* #undef IGNORE_DOT_PATH */
+
+/* Define if you want "command not allowed" instead of "command not found" */
+#define DONT_LEAK_PATH_INFO 1
+
+/* Define SHORT_MESSAGE for a short lecture or NO_MESSAGE for none. */
+#define SHORT_MESSAGE 1
+/* #undef NO_MESSAGE */
+
+/* Define SEND_MAIL_WHEN_NO_USER to send mail when user not in sudoers file */
+#define SEND_MAIL_WHEN_NO_USER 1
+
+/* Define SEND_MAIL_WHEN_NOT_OK to send mail when not allowed to run command */
+/* #undef SEND_MAIL_WHEN_NOT_OK */
+
+/* Define if you want sudo to start a shell if given no arguments. */
+/* #undef SHELL_IF_NO_ARGS */
+
+/* Define if you want sudo to set $HOME in shell mode. */
+/* #undef SHELL_SETS_HOME */
+
+/* Define if the code in interfaces.c does not compile for you. */
+/* #undef STUB_LOAD_INTERFACES */
+
+/********** You probably don't want to modify anything below here ***********/
+
/*
- * Paths to commands used by sudo. There are used by pathnames.h.
- * If you want to override these values, do so in pathnames.h, not here!
+ * Emulate a subset of waitpid() if we don't have it.
*/
+#ifdef HAVE_WAITPID
+# define sudo_waitpid(p, s, o) waitpid(p, s, o)
+#else
+# ifdef HAVE_WAIT3
+# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
+# endif
+#endif
+
+#ifdef USE_EXECV
+# define EXEC execv
+#else
+# define EXEC execvp
+#endif /* USE_EXECV */
+
+#ifdef __svr4__
+# define BSD_COMP
+#endif /* __svr4__ */
-#ifndef _CONFIG_PATH_SENDMAIL
-#define _CONFIG_PATH_SENDMAIL "/usr/sbin/sendmail"
-#endif /* _CONFIG_PATH_SENDMAIL */
-
-#ifndef _CONFIG_PATH_VI
-#define _CONFIG_PATH_VI "/usr/bin/vi"
-#endif /* _CONFIG_PATH_VI */
-
-#ifndef _CONFIG_PATH_PWD
-#define _CONFIG_PATH_PWD "/bin/pwd"
-#endif /* _CONFIG_PATH_PWD */
-
-#ifndef _CONFIG_PATH_MV
-#define _CONFIG_PATH_MV "/bin/mv"
-#endif /* _CONFIG_PATH_MV */
-
-#ifndef _CONFIG_PATH_BSHELL
-#define _CONFIG_PATH_BSHELL "/bin/sh"
-#endif /* _CONFIG_PATH_BSHELL */
-
-#ifndef _CONFIG_PATH_LOGFILE
-#define _CONFIG_PATH_LOGFILE "/var/log/sudo.log"
-#endif /* _CONFIG_PATH_LOGFILE */
-
-#ifndef _CONFIG_PATH_TIMEDIR
-#define _CONFIG_PATH_TIMEDIR "/var/run/sudo"
-#endif /* _CONFIG_PATH_TIMEDIR */
+#endif /* _SUDO_CONFIG_H */
diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c
index 159edff7756..c4e87fdb310 100644
--- a/gnu/usr.bin/sudo/sudo/find_path.c
+++ b/gnu/usr.bin/sudo/sudo/find_path.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: find_path.c,v 1.7 1998/11/13 22:44:34 millert Exp $ */
+/* $OpenBSD: find_path.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,10 +30,6 @@
* Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995
*/
-#ifndef lint
-static char rcsid[] = "$From: find_path.c,v 1.74 1998/04/06 03:35:34 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -58,7 +54,6 @@ static char rcsid[] = "$From: find_path.c,v 1.74 1998/04/06 03:35:34 millert Exp
#include <sys/stat.h>
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
#ifndef STDC_HEADERS
#ifndef __GNUC__ /* gcc has its own malloc */
@@ -75,7 +70,6 @@ extern char *strdup __P((const char *));
#endif /* HAVE_STRDUP */
#endif /* !STDC_HEADERS */
-
#ifndef _S_IFMT
#define _S_IFMT S_IFMT
#endif /* _S_IFMT */
@@ -83,33 +77,37 @@ extern char *strdup __P((const char *));
#define _S_IFLNK S_IFLNK
#endif /* _S_IFLNK */
+#ifndef lint
+static const char rcsid[] = "$From: find_path.c,v 1.80 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
/*******************************************************************
*
* find_path()
*
* this function finds the full pathname for a command and
- * stores it in a statically allocated array, returning a pointer
- * to the array.
+ * stores it in a statically allocated array, filling in a pointer
+ * to the array. Returns FOUND if the command was found, NOT_FOUND
+ * if it was not found, or NOT_FOUND_DOT if it would have been found
+ * but it is in '.' and IGNORE_DOT_PATH is in effect.
*/
-char * find_path(file)
- char *file; /* file to find */
+int find_path(infile, outfile)
+ char *infile; /* file to find */
+ char **outfile; /* result parameter */
{
static char command[MAXPATHLEN]; /* qualified filename */
register char *n; /* for traversing path */
char *path = NULL; /* contents of PATH env var */
char *origpath; /* so we can free path later */
char *result = NULL; /* result of path/file lookup */
-#ifndef IGNORE_DOT_PATH
int checkdot = 0; /* check current dir? */
-#endif /* IGNORE_DOT_PATH */
command[0] = '\0';
- if (strlen(file) >= MAXPATHLEN) {
+ if (strlen(infile) >= MAXPATHLEN) {
errno = ENAMETOOLONG;
- (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], file);
+ (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
exit(1);
}
@@ -117,22 +115,26 @@ char * find_path(file)
* If we were given a fully qualified or relative path
* there is no need to look at PATH.
*/
- if (strchr(file, '/')) {
- (void) strcpy(command, file);
- return(sudo_goodpath(command));
+ if (strchr(infile, '/')) {
+ (void) strcpy(command, infile);
+ if (sudo_goodpath(command)) {
+ *outfile = command;
+ return(FOUND);
+ } else
+ return(NOT_FOUND);
}
/*
* grab PATH out of environment and make a local copy
*/
if ((path = getenv("PATH")) == NULL)
- return(NULL);
+ return(NOT_FOUND);
if ((path = (char *) strdup(path)) == NULL) {
(void) fprintf(stderr, "%s: out of memory!\n", Argv[0]);
exit(1);
}
- origpath=path;
+ origpath = path;
/* XXX use strtok() */
do {
@@ -144,9 +146,7 @@ char * find_path(file)
* things like using './' or './/'
*/
if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
-#ifndef IGNORE_DOT_PATH
checkdot = 1;
-#endif /* IGNORE_DOT_PATH */
path = n + 1;
continue;
}
@@ -154,27 +154,33 @@ char * find_path(file)
/*
* resolve the path and exit the loop if found
*/
- if (strlen(path) + strlen(file) + 1 >= MAXPATHLEN) {
- (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], file);
+ if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {
+ (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
exit(1);
}
- (void) sprintf(command, "%s/%s", path, file);
+ (void) sprintf(command, "%s/%s", path, infile);
if ((result = sudo_goodpath(command)))
break;
path = n + 1;
} while (n);
+ (void) free(origpath);
-#ifndef IGNORE_DOT_PATH
/*
- * check current dir if dot was in the PATH
+ * Check current dir if dot was in the PATH
*/
- if (!result && checkdot)
- result = sudo_goodpath(file);
+ if (!result && checkdot) {
+ result = sudo_goodpath(infile);
+#ifdef IGNORE_DOT_PATH
+ if (result)
+ return(NOT_FOUND_DOT);
#endif /* IGNORE_DOT_PATH */
+ }
- (void) free(origpath);
-
- return(result);
+ if (result) {
+ *outfile = result;
+ return(FOUND);
+ } else
+ return(NOT_FOUND);
}
diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c
index 156af87f8bd..79eabd20631 100644
--- a/gnu/usr.bin/sudo/sudo/getspwuid.c
+++ b/gnu/usr.bin/sudo/sudo/getspwuid.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: getspwuid.c,v 1.7 1998/11/13 22:44:34 millert Exp $ */
+/* $OpenBSD: getspwuid.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,10 +29,6 @@
* Todd C. Miller Mon Nov 20 13:53:06 MST 1995
*/
-#ifndef lint
-static char rcsid[] = "$From: getspwuid.c,v 1.29 1998/04/06 03:35:34 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -49,32 +45,35 @@ static char rcsid[] = "$From: getspwuid.c,v 1.29 1998/04/06 03:35:34 millert Exp
#include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <sys/types.h>
+#include <sys/stat.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <pwd.h>
+#ifdef HAVE_GETSPNAM
+# include <shadow.h>
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETPRPWNAM
+# ifdef __hpux
+# include <hpsecurity.h>
+# else
+# include <sys/security.h>
+# endif /* __hpux */
+# include <prot.h>
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETPWANAM
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+# include <auth.h>
+#endif /* HAVE_GETAUTHUID */
+
#include "sudo.h"
-#include <options.h>
-#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_SVR4)
-# include <shadow.h>
-# endif /* SVR4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-# endif /* SECUREWARE */
-# if (SHADOW_TYPE == SPW_ULTRIX4)
-# include <auth.h>
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SUNOS4)
-# include <sys/label.h>
-# include <sys/audit.h>
-# include <pwdadj.h>
-# endif /* SUNOS4 */
-#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+
+#ifndef lint
+static const char rcsid[] = "$From: getspwuid.c,v 1.40 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
#ifndef STDC_HEADERS
#ifndef __GNUC__ /* gcc has its own malloc */
@@ -89,16 +88,16 @@ extern char *strdup __P((const char *));
/*
* Global variables (yuck)
*/
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
-uchar_t crypt_type;
-#endif /* SPW_SECUREWARE && __alpha */
+#if defined(HAVE_GETPRPWNAM) && defined(__alpha)
+int crypt_type = INT_MAX;
+#endif /* HAVE_GETPRPWNAM && __alpha */
/*
* Local functions not visible outside getspwuid.c
*/
static char *sudo_getshell __P((struct passwd *));
-static char *sudo_getspwd __P((struct passwd *));
+static char *sudo_getepw __P((struct passwd *));
@@ -110,13 +109,13 @@ static char *sudo_getspwd __P((struct passwd *));
* SHELL evariable or the passwd(5) entry (in that order).
*/
-static char *sudo_getshell(pw_ent)
- struct passwd *pw_ent;
+static char *sudo_getshell(pw)
+ struct passwd *pw;
{
char *pw_shell;
if ((pw_shell = getenv("SHELL")) == NULL)
- pw_shell = pw_ent -> pw_shell;
+ pw_shell = pw -> pw_shell;
#ifdef _PATH_BSHELL
/* empty string "" means bourne shell */
@@ -130,78 +129,76 @@ static char *sudo_getshell(pw_ent)
/**********************************************************************
*
- * sudo_getspwd()
+ * sudo_getepw()
*
- * This function returns the shadow password for the user described
- * by pw_ent. If there is no shadow password the normal UN*X password
- * is returned instead.
+ * This function returns the encrypted password for the user described
+ * by pw. If there is a shadow password it is returned, else the
+ * normal UN*X password is returned instead.
*/
-static char *sudo_getspwd(pw_ent)
- struct passwd *pw_ent;
-#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
-# if (SHADOW_TYPE == SPW_SVR4)
+static char *sudo_getepw(pw)
+ struct passwd *pw;
{
- struct spwd *spw_ent;
- if ((spw_ent = getspnam(pw_ent -> pw_name)) && spw_ent -> sp_pwdp)
- return(spw_ent -> sp_pwdp);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SVR4 */
-# if (SHADOW_TYPE == SPW_HPUX9)
-{
- struct s_passwd *spw_ent;
+ /* if there is a function to check for shadow enabled, use it... */
+#ifdef HAVE_ISCOMSEC
+ if (!iscomsec())
+ return(pw->pw_passwd);
+#endif /* HAVE_ISCOMSEC */
+#ifdef HAVE_ISSECURE
+ if (!issecure())
+ return(pw->pw_passwd);
+#endif /* HAVE_ISSECURE */
+
+#ifdef HAVE_GETPRPWNAM
+ {
+ struct pr_passwd *spw;
+
+ spw = getprpwnam(pw->pw_name);
+ if (spw != NULL && spw->ufld.fd_encrypt != NULL) {
+# ifdef __alpha
+ crypt_type = spw -> ufld.fd_oldcrypt;
+# endif /* __alpha */
+ return(spw -> ufld.fd_encrypt);
+ }
+ }
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETSPNAM
+ {
+ struct spwd *spw;
- if ((spw_ent = getspwuid(pw_ent -> pw_uid)) && spw_ent -> pw_passwd)
- return(spw_ent -> pw_passwd);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* HPUX9 */
-# if (SHADOW_TYPE == SPW_SUNOS4)
-{
- struct passwd_adjunct *spw_ent;
+ if ((spw = getspnam(pw -> pw_name)) && spw -> sp_pwdp)
+ return(spw -> sp_pwdp);
+ }
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETSPWUID
+ {
+ struct s_passwd *spw;
- if ((spw_ent = getpwanam(pw_ent -> pw_name)) && spw_ent -> pwa_passwd)
- return(spw_ent -> pwa_passwd);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SUNOS4 */
-# if (SHADOW_TYPE == SPW_ULTRIX4)
-{
- AUTHORIZATION *spw_ent;
+ if ((spw = getspwuid(pw -> pw_uid)) && spw -> pw_passwd)
+ return(spw -> pw_passwd);
+ }
+#endif /* HAVE_GETSPWUID */
+#ifdef HAVE_GETPWANAM
+ {
+ struct passwd_adjunct *spw;
- if ((spw_ent = getauthuid(pw_ent -> pw_uid)) && spw_ent -> a_password)
- return(spw_ent -> a_password);
- else
- return(pw_ent -> pw_passwd);
-}
-# endif /* ULTRIX4 */
-# if (SHADOW_TYPE == SPW_SECUREWARE)
-{
- struct pr_passwd *spw_ent;
-
- if ((spw_ent = getprpwnam(pw_ent->pw_name)) && spw_ent->ufld.fd_encrypt) {
-# ifdef __alpha
- crypt_type = spw_ent -> ufld.fd_oldcrypt;
-# ifdef AUTH_CRYPT_C1CRYPT
- if (crypt_type == AUTH_CRYPT_C1CRYPT)
- return(pw_ent -> pw_passwd);
-# endif /* AUTH_CRYPT_C1CRYPT */
-# endif /* __alpha */
- return(spw_ent -> ufld.fd_encrypt);
- } else
- return(pw_ent -> pw_passwd);
-}
-# endif /* SECUREWARE */
-#else
-{
- return(pw_ent->pw_passwd);
+ if ((spw = getpwanam(pw -> pw_name)) && spw -> pwa_passwd)
+ return(spw -> pwa_passwd);
+ }
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+ {
+ AUTHORIZATION *spw;
+
+ if ((spw = getauthuid(pw -> pw_uid)) && spw -> a_password)
+ return(spw -> a_password);
+ }
+#endif /* HAVE_GETAUTHUID */
+
+ /* Fall back on normal passwd */
+ return(pw->pw_passwd);
}
-#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
/**********************************************************************
@@ -216,15 +213,14 @@ static char *sudo_getspwd(pw_ent)
struct passwd *sudo_getpwuid(uid)
uid_t uid;
{
- struct passwd *pw_ent, *local_pw_ent;
+ struct passwd *pw, *local_pw;
- if ((pw_ent = getpwuid(uid)) == NULL)
+ if ((pw = getpwuid(uid)) == NULL)
return(NULL);
- /* allocate space for a local copy of pw_ent */
- local_pw_ent = (struct passwd *) malloc(sizeof(struct passwd));
- if (local_pw_ent == NULL) {
- perror("malloc");
+ /* allocate space for a local copy of pw */
+ local_pw = (struct passwd *) malloc(sizeof(struct passwd));
+ if (local_pw == NULL) {
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -232,37 +228,33 @@ struct passwd *sudo_getpwuid(uid)
/*
* Copy the struct passwd and the interesting strings...
*/
- (void) memcpy(local_pw_ent, pw_ent, sizeof(struct passwd));
+ (void) memcpy(local_pw, pw, sizeof(struct passwd));
- local_pw_ent->pw_name = (char *) strdup(pw_ent->pw_name);
- if (local_pw_ent->pw_name == NULL) {
- perror("malloc");
+ local_pw->pw_name = (char *) strdup(pw->pw_name);
+ if (local_pw->pw_name == NULL) {
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
- local_pw_ent->pw_dir = (char *) strdup(pw_ent->pw_dir);
- if (local_pw_ent->pw_dir == NULL) {
- perror("malloc");
+ local_pw->pw_dir = (char *) strdup(pw->pw_dir);
+ if (local_pw->pw_dir == NULL) {
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
/* pw_shell is a special case since we overide with $SHELL */
- local_pw_ent->pw_shell = (char *) strdup(sudo_getshell(pw_ent));
- if (local_pw_ent->pw_shell == NULL) {
- perror("malloc");
+ local_pw->pw_shell = (char *) strdup(sudo_getshell(pw));
+ if (local_pw->pw_shell == NULL) {
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
/* pw_passwd gets a shadow password if applicable */
- local_pw_ent->pw_passwd = (char *) strdup(sudo_getspwd(pw_ent));
- if (local_pw_ent->pw_passwd == NULL) {
- perror("malloc");
+ local_pw->pw_passwd = (char *) strdup(sudo_getepw(pw));
+ if (local_pw->pw_passwd == NULL) {
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
- return(local_pw_ent);
+ return(local_pw);
}
diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c
index e61d547cb6a..31b9383df4b 100644
--- a/gnu/usr.bin/sudo/sudo/goodpath.c
+++ b/gnu/usr.bin/sudo/sudo/goodpath.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: goodpath.c,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: goodpath.c,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,10 +30,6 @@
* Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:58:17 MST 1995
*/
-#ifndef lint
-static char rcsid[] = "$From: goodpath.c,v 1.22 1998/04/06 03:35:35 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -53,12 +49,14 @@ static char rcsid[] = "$From: goodpath.c,v 1.22 1998/04/06 03:35:35 millert Exp
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
#ifndef STDC_HEADERS
extern int stat __P((const char *, struct stat *));
#endif /* !STDC_HEADERS */
+#ifndef lint
+static const char rcsid[] = "$From: goodpath.c,v 1.26 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
/******************************************************************
*
diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h
index edb83a9361c..449dca05245 100644
--- a/gnu/usr.bin/sudo/sudo/ins_2001.h
+++ b/gnu/usr.bin/sudo/sudo/ins_2001.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: ins_2001.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: ins_2001.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: ins_2001.h,v 1.20 1998/09/07 02:59:06 millert Exp $
+ * $From: ins_2001.h,v 1.21 1998/09/17 16:27:03 millert Exp $
*/
#ifndef _SUDO_INS_2001_H
diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h
index 55f134b49f4..a1ed8cbe87d 100644
--- a/gnu/usr.bin/sudo/sudo/ins_classic.h
+++ b/gnu/usr.bin/sudo/sudo/ins_classic.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: ins_classic.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: ins_classic.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: ins_classic.h,v 1.20 1998/09/07 02:59:06 millert Exp $
+ * $From: ins_classic.h,v 1.21 1998/09/17 16:27:03 millert Exp $
*/
#ifndef _SUDO_INS_CLASSIC_H
diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h
index ed5adf4387c..a869990b644 100644
--- a/gnu/usr.bin/sudo/sudo/ins_csops.h
+++ b/gnu/usr.bin/sudo/sudo/ins_csops.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: ins_csops.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: ins_csops.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: ins_csops.h,v 1.19 1998/09/07 02:59:06 millert Exp $
+ * $From: ins_csops.h,v 1.20 1998/09/17 16:27:04 millert Exp $
*/
#ifndef _SUDO_INS_CSOPS_H
diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h
index 6fc1dfb0f1a..2b24f881d12 100644
--- a/gnu/usr.bin/sudo/sudo/ins_goons.h
+++ b/gnu/usr.bin/sudo/sudo/ins_goons.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: ins_goons.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: ins_goons.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: ins_goons.h,v 1.20 1998/09/07 02:59:06 millert Exp $
+ * $From: ins_goons.h,v 1.21 1998/09/17 16:27:04 millert Exp $
*/
#ifndef _SUDO_INS_GOONS_H
diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h
index 79610564d37..7e4ba7816c4 100644
--- a/gnu/usr.bin/sudo/sudo/insults.h
+++ b/gnu/usr.bin/sudo/sudo/insults.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: insults.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: insults.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: insults.h,v 1.32 1998/09/07 02:59:36 millert Exp $
+ * $From: insults.h,v 1.35 1998/10/18 22:00:50 millert Exp $
*/
#ifndef _SUDO_INSULTS_H
@@ -27,13 +27,8 @@
#ifdef USE_INSULTS
-#if !defined(HAL_INSULTS) && !defined(GOONS_INSULTS) && !defined(CLASSIC_INSULTS)
-# define CLASSIC_INSULTS
-# define CSOPS_INSULTS
-#endif
-
/*
- * Use one or more set of insults as defined in options.h.
+ * Use one or more set of insults as determined by configure
*/
char *insults[] = {
diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c
index 3ef4047838f..a7b6f8649f2 100644
--- a/gnu/usr.bin/sudo/sudo/interfaces.c
+++ b/gnu/usr.bin/sudo/sudo/interfaces.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: interfaces.c,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: interfaces.c,v 1.7 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -28,10 +28,6 @@
* Todd C. Miller Mon May 1 20:48:43 MDT 1995
*/
-#ifndef lint
-static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -55,11 +51,10 @@ static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Ex
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/param.h>
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#else
#include <sys/ioctl.h>
-#endif /* HAVE_SYS_SOCKIO_H */
+#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF)
+#include <sys/sockio.h>
+#endif
#ifdef _ISC
#include <sys/stream.h>
#include <sys/sioctl.h>
@@ -75,11 +70,9 @@ static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Ex
#endif /* _MIPS */
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <sys/time.h>
#include <net/if.h>
#include "sudo.h"
-#include <options.h>
#include "version.h"
#if !defined(STDC_HEADERS) && !defined(__GNUC__)
@@ -87,6 +80,10 @@ extern char *malloc __P((size_t));
extern char *realloc __P((VOID *, size_t));
#endif /* !STDC_HEADERS && !__GNUC__ */
+#ifndef lint
+static const char rcsid[] = "$From: interfaces.c,v 1.45 1998/11/18 20:31:25 millert Exp $";
+#endif /* lint */
+
/*
* Globals
*/
@@ -129,7 +126,7 @@ void load_interfaces()
for (;;) {
ifconf_buf = ifconf_buf ? realloc(ifconf_buf, len) : malloc(len);
if (ifconf_buf == NULL) {
- perror("malloc");
+ (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
ifconf = (struct ifconf *) ifconf_buf;
@@ -163,7 +160,6 @@ void load_interfaces()
*/
interfaces = (struct interface *) malloc(sizeof(struct interface) * n);
if (interfaces == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c
index 9fe7fea27d3..89cb8fb8289 100644
--- a/gnu/usr.bin/sudo/sudo/logging.c
+++ b/gnu/usr.bin/sudo/sudo/logging.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: logging.c,v 1.7 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: logging.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */
/*
- * CU sudo version 1.5.6 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.7 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
@@ -38,10 +38,6 @@
* Jeff Nieusma Thu Mar 21 23:39:04 MST 1991
*/
-#ifndef lint
-static char rcsid[] = "$From: logging.c,v 1.97 1998/09/10 22:51:09 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -62,16 +58,19 @@ static char rcsid[] = "$From: logging.c,v 1.97 1998/09/10 22:51:09 millert Exp $
#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#include <pwd.h>
#include <signal.h>
+#include <time.h>
+#include <errno.h>
#include <sys/types.h>
-#include <sys/time.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
-#include <sys/errno.h>
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
+
+#ifndef lint
+static const char rcsid[] = "$From: logging.c,v 1.106 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
/*
* Prototypes for local functions
@@ -163,7 +162,6 @@ void log_error(code)
logline = (char *) malloc(count);
if (logline == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -286,8 +284,14 @@ void log_error(code)
tty, cwd, runas_user);
break;
+ case BAD_ALLOCATION:
+ (void) sprintf(p,
+ "allocation failure; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+ tty, cwd, runas_user);
+ break;
+
default:
- strcat(p, "found a wierd error : ");
+ strcat(p, "found a weird error : ");
break;
}
@@ -442,7 +446,7 @@ void log_error(code)
-#ifdef MAILER
+#ifdef _PATH_SENDMAIL
/**********************************************************************
*
* send_mail()
@@ -455,7 +459,7 @@ static char *mail_argv[] = { "sendmail", "-t", (char *) NULL };
static void send_mail()
{
- char *mailer = MAILER;
+ char *mailer = _PATH_SENDMAIL;
char *subject = MAILSUBJECT;
int fd[2];
char *p;
@@ -536,7 +540,7 @@ static void send_mail()
/* no mailer defined */
return;
}
-#endif /* MAILER */
+#endif /* _PATH_SENDMAIL */
@@ -678,9 +682,14 @@ void inform_user(code)
"Your timestamp file has a preposterous date, ignoring.\n");
break;
+ case BAD_ALLOCATION:
+ (void) fprintf(stderr,
+ "Resource allocation failure.\n");
+ break;
+
default:
(void) fprintf(stderr,
- "Something wierd happened.\n\n");
+ "Something weird happened.\n\n");
break;
}
}
@@ -735,6 +744,7 @@ static int appropriate(code)
case SPOOF_ATTEMPT:
case BAD_STAMPDIR:
case BAD_STAMPFILE:
+ case BAD_ALLOCATION:
default:
return (1);
break;
diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c
index e5b0209ccd9..3e87ffd8a86 100644
--- a/gnu/usr.bin/sudo/sudo/parse.c
+++ b/gnu/usr.bin/sudo/sudo/parse.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: parse.c,v 1.8 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: parse.c,v 1.9 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -26,10 +26,6 @@
* Chris Jepeway <jepeway@cs.utk.edu>
*/
-#ifndef lint
-static char rcsid[] = "$From: parse.c,v 1.91 1998/09/07 02:41:33 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -85,7 +81,10 @@ static char rcsid[] = "$From: parse.c,v 1.91 1998/09/07 02:41:33 millert Exp $";
#endif
#include "sudo.h"
-#include <options.h>
+
+#ifndef lint
+static const char rcsid[] = "$From: parse.c,v 1.97 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
/*
* Globals
@@ -159,12 +158,13 @@ int validate(check_cmnd)
*/
if (check_cmnd == FALSE)
while (top) {
- if (host_matches == TRUE)
+ if (host_matches == TRUE) {
/* user may always do validate or list on allowed hosts */
if (no_passwd == TRUE)
return(VALIDATE_OK_NOPASS);
else
return(VALIDATE_OK);
+ }
top--;
}
else
@@ -254,7 +254,6 @@ int command_matches(cmnd, user_args, path, sudoers_args)
return(FALSE);
} else {
if (path[plen - 1] != '/') {
-#ifdef FAST_MATCH
char *p;
/* Only proceed if the basenames of cmnd and path are the same */
@@ -264,7 +263,6 @@ int command_matches(cmnd, user_args, path, sudoers_args)
p++;
if (strcmp(c, p))
return(FALSE);
-#endif /* FAST_MATCH */
if (stat(path, &pst) < 0)
return(FALSE);
@@ -299,11 +297,10 @@ int command_matches(cmnd, user_args, path, sudoers_args)
continue;
strcpy(buf, path);
strcat(buf, dent->d_name);
-#ifdef FAST_MATCH
+
/* only stat if basenames are not the same */
if (strcmp(c, dent->d_name))
continue;
-#endif /* FAST_MATCH */
if (stat(buf, &pst) < 0)
continue;
if (cmnd_st.st_dev == pst.st_dev && cmnd_st.st_ino == pst.st_ino)
@@ -361,23 +358,27 @@ int usergr_matches(group, user)
char *group;
char *user;
{
- struct group *grpent;
+ struct group *grp;
+ struct passwd *pw;
char **cur;
/* make sure we have a valid usergroup, sudo style */
if (*group++ != '%')
return(FALSE);
- if ((grpent = getgrnam(group)) == NULL)
+ if ((grp = getgrnam(group)) == NULL)
return(FALSE);
/*
* Check against user's real gid as well as group's user list
*/
- if (grpent->gr_gid == user_gid)
+ if ((pw = getpwnam(user)) == NULL)
+ return(FALSE);
+
+ if (grp->gr_gid == pw->pw_gid)
return(TRUE);
- for (cur=grpent->gr_mem; *cur; cur++) {
+ for (cur=grp->gr_mem; *cur; cur++) {
if (strcmp(*cur, user) == 0)
return(TRUE);
}
@@ -411,7 +412,6 @@ int netgr_matches(netgr, host, user)
/* get the domain name (if any) */
if (domain == (char *) -1) {
if ((domain = (char *) malloc(MAXHOSTNAMELEN)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex
index 7e5d64065c2..8ed78e5259e 100644
--- a/gnu/usr.bin/sudo/sudo/parse.lex
+++ b/gnu/usr.bin/sudo/sudo/parse.lex
@@ -1,8 +1,8 @@
%{
-/* $OpenBSD: parse.lex,v 1.6 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: parse.lex,v 1.7 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,10 +27,6 @@
* Chris Jepeway <jepeway@cs.utk.edu>
*/
-#ifndef lint
-static char rcsid[] = "$From: parse.lex,v 1.78 1998/09/07 03:09:49 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#ifdef STDC_HEADERS
@@ -50,9 +46,12 @@ static char rcsid[] = "$From: parse.lex,v 1.78 1998/09/07 03:09:49 millert Exp $
#include <sys/param.h>
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
#include "sudo.tab.h"
+#ifndef lint
+static const char rcsid[] = "$From: parse.lex,v 1.82 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
+
#undef yywrap /* guard against a yywrap macro */
extern YYSTYPE yylval;
diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc
index 60b38b921c5..ea68760b2ce 100644
--- a/gnu/usr.bin/sudo/sudo/parse.yacc
+++ b/gnu/usr.bin/sudo/sudo/parse.yacc
@@ -1,8 +1,8 @@
%{
-/* $OpenBSD: parse.yacc,v 1.10 1998/09/15 02:42:44 millert Exp $ */
+/* $OpenBSD: parse.yacc,v 1.11 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,10 +27,6 @@
* Chris Jepeway <jepeway@cs.utk.edu>
*/
-#ifndef lint
-static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
#ifdef STDC_HEADERS
@@ -56,7 +52,6 @@ static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp
#include <search.h>
#endif /* HAVE_LSEARCH */
-#include <options.h>
#include "sudo.h"
#ifndef HAVE_LSEARCH
@@ -67,6 +62,10 @@ static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp
#define strcasecmp(a,b) strcmp(a,b)
#endif /* !HAVE_STRCASECMP */
+#ifndef lint
+static const char rcsid[] = "$From: parse.yacc,v 1.122 1998/11/20 19:26:16 millert Exp $";
+#endif /* lint */
+
/*
* Globals
*/
@@ -95,7 +94,6 @@ int top = 0, stacksize = 0;
while ((stacksize += STACKINCREMENT) < top); \
match = (struct matchstack *) realloc(match, sizeof(struct matchstack) * stacksize); \
if (match == NULL) { \
- perror("malloc"); \
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); \
exit(1); \
} \
@@ -150,9 +148,10 @@ void yyerror(s)
{
/* save the line the first error occured on */
if (errorlineno == -1)
- errorlineno = sudolineno;
+ errorlineno = sudolineno - 1;
#ifndef TRACELEXER
- (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, sudolineno);
+ (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
+ sudolineno - 1);
#else
(void) fprintf(stderr, "<*> ");
#endif
@@ -513,7 +512,6 @@ cmndalias : ALIAS {
/* Allocate space for ga_list if necesary. */
expand_ga_list();
if (!(ga_list[ga_list_len-1].alias = strdup($1))){
- perror("malloc");
(void) fprintf(stderr,
"%s: cannot allocate memory!\n", Argv[0]);
exit(1);
@@ -547,7 +545,6 @@ runasalias : ALIAS {
/* Allocate space for ga_list if necesary. */
expand_ga_list();
if (!(ga_list[ga_list_len-1].alias = strdup($1))){
- perror("malloc");
(void) fprintf(stderr,
"%s: cannot allocate memory!\n", Argv[0]);
exit(1);
@@ -872,7 +869,6 @@ static void append(src, dstp, dst_len, dst_size, separator)
/* Assumes dst will be NULL if not set. */
if (dst == NULL) {
if ((dst = (char *) malloc(BUFSIZ)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -888,7 +884,6 @@ static void append(src, dstp, dst_len, dst_size, separator)
*dst_size += BUFSIZ;
if (!(dst = (char *) realloc(dst, *dst_size))) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -929,19 +924,17 @@ void reset_aliases()
static void expand_ga_list()
{
- if (++ga_list_len > ga_list_size) {
+ if (++ga_list_len >= ga_list_size) {
while ((ga_list_size += STACKINCREMENT) < ga_list_len);
if (ga_list == NULL) {
if ((ga_list = (struct generic_alias *)
malloc(sizeof(struct generic_alias) * ga_list_size)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
} else {
if ((ga_list = (struct generic_alias *) realloc(ga_list,
sizeof(struct generic_alias) * ga_list_size)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -961,12 +954,11 @@ static void expand_ga_list()
static void expand_match_list()
{
- if (++cm_list_len > cm_list_size) {
+ if (++cm_list_len >= cm_list_size) {
while ((cm_list_size += STACKINCREMENT) < cm_list_len);
if (cm_list == NULL) {
if ((cm_list = (struct command_match *)
malloc(sizeof(struct command_match) * cm_list_size)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -974,7 +966,6 @@ static void expand_match_list()
} else {
if ((cm_list = (struct command_match *) realloc(cm_list,
sizeof(struct command_match) * cm_list_size)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -1010,7 +1001,6 @@ void init_parser()
stacksize = STACKINCREMENT;
match = (struct matchstack *) malloc(sizeof(struct matchstack) * stacksize);
if (match == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h
index ebed9935d88..cd21b73cfed 100644
--- a/gnu/usr.bin/sudo/sudo/pathnames.h
+++ b/gnu/usr.bin/sudo/sudo/pathnames.h
@@ -1,7 +1,8 @@
-/* $OpenBSD: pathnames.h,v 1.6 1998/09/15 02:42:45 millert Exp $ */
+/* $OpenBSD: pathnames.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */
+/* pathnames.h. Generated automatically by configure. */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,7 +20,7 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: pathnames.h,v 1.32 1998/09/15 02:25:48 millert Exp $
+ * $From: pathnames.h.in,v 1.34 1998/09/20 23:10:04 millert Exp $
*/
/*
@@ -34,8 +35,12 @@
#define _PATH_DEV "/dev/"
#endif /* _PATH_DEV */
+#ifndef _PATH_TTY
+#define _PATH_TTY "/dev/tty"
+#endif /* _PATH_TTY */
+
/*
- * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile
+ * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile.
*/
#ifndef _PATH_SUDO_SUDOERS
#define _PATH_SUDO_SUDOERS "/etc/sudoers"
@@ -50,43 +55,38 @@
#define _PATH_SUDO_STMP "/etc/stmp"
#endif /* _PATH_SUDO_STMP */
-#ifndef _PATH_SUDO_TIMEDIR
-#define _PATH_SUDO_TIMEDIR _CONFIG_PATH_TIMEDIR
-#endif /* _PATH_SUDO_TIMEDIR */
-
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif /* _PATH_TTY */
+/*
+ * The following paths are controlled via the configure script.
+ */
/*
- * The following paths are gleaned via configure but you can override
- * configure's values here if you want.
+ * Where to put the timestamp files. Defaults to /var/run/sudo if
+ * /var/run exists, else /tmp/.odus.
*/
+#ifndef _PATH_SUDO_TIMEDIR
+#define _PATH_SUDO_TIMEDIR "/var/run/sudo"
+#endif /* _PATH_SUDO_TIMEDIR */
/*
- * Where to put the sudo log file when logging to a file this
- * is /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log
+ * Where to put the sudo log file when logging to a file. Defaults to
+ * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log.
*/
#ifndef _PATH_SUDO_LOGFILE
-#define _PATH_SUDO_LOGFILE _CONFIG_PATH_LOGFILE
+#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
#endif /* _PATH_SUDO_LOGFILE */
#ifndef _PATH_SENDMAIL
-#define _PATH_SENDMAIL _CONFIG_PATH_SENDMAIL
+#define _PATH_SENDMAIL "/usr/sbin/sendmail"
#endif /* _PATH_SENDMAIL */
#ifndef _PATH_VI
-#define _PATH_VI _CONFIG_PATH_VI
+#define _PATH_VI "/usr/bin/vi"
#endif /* _PATH_VI */
-#ifndef _PATH_PWD
-#define _PATH_PWD _CONFIG_PATH_PWD
-#endif /* _PATH_PWD */
-
#ifndef _PATH_MV
-#define _PATH_MV _CONFIG_PATH_MV
+#define _PATH_MV "/bin/mv"
#endif /* _PATH_MV */
#ifndef _PATH_BSHELL
-#define _PATH_BSHELL _CONFIG_PATH_BSHELL
+#define _PATH_BSHELL "/bin/sh"
#endif /* _PATH_BSHELL */
diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8
index d16bc8b74cf..17606ba95e2 100644
--- a/gnu/usr.bin/sudo/sudo/sudo.8
+++ b/gnu/usr.bin/sudo/sudo/sudo.8
@@ -1,11 +1,11 @@
.rn '' }`
-''' $OpenBSD: sudo.8,v 1.6 1998/09/15 02:42:45 millert Exp $
+''' $OpenBSD: sudo.8,v 1.7 1998/11/21 01:34:53 millert Exp $
'''
-''' $RCSfile: sudo.8,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $
+''' $RCSfile: sudo.8,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:53 $
'''
''' $Log: sudo.8,v $
-''' Revision 1.6 1998/09/15 02:42:45 millert
-''' sudo 1.5.6
+''' Revision 1.7 1998/11/21 01:34:53 millert
+''' sudo 1.5.7
'''
'''
.de Sh
@@ -98,7 +98,7 @@
.nr % 0
.rr F
.\}
-.TH sudo 8 "1.5.6" "20/Jan/98" "MAINTENANCE COMMANDS"
+.TH sudo 8 "1.5.7" "5/Nov/98" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
@@ -214,10 +214,6 @@ user to the local authorities (defined at installation time).
.PP
\fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but
can log to a file instead if so desired (or to both syslog and a file).
-.PP
-All preferences are defined at installation time and are derived from
-the options.h and pathnames.h include files as well as as well as the
-Makefile.
.SH "OPTIONS"
\fBsudo\fR accepts the following command line options:
.Ip "-V" 4
@@ -256,10 +252,10 @@ as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
\fIusername\fR, use \*(L"#uid\*(R".
.Ip "-s" 4
The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
-environmental variable if it is set or the shell as specified
+environment variable if it is set or the shell as specified
in \fIpasswd\fR\|(5).
.Ip "-H" 4
-The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environmental variable
+The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
to the homedir of the target user (root by default) as specified
in \fIpasswd\fR\|(5).
.Ip "--" 4
@@ -283,7 +279,7 @@ currently unreachable.
Variables that control how dynamic loading and binding is
done can be used to subvert the program that \fBsudo\fR runs.
To combat this the \f(CWLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only),
-\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environmental variables are
+\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environment variables are
removed from the environment passed on to all commands executed.
\fBsudo\fR will also remove the \f(CWIFS\fR, \f(CWENV\fR, \f(CWBASH_ENV\fR
and \f(CWKRB_CONF\fR variables as they too can pose a threat.
@@ -291,7 +287,7 @@ and \f(CWKRB_CONF\fR variables as they too can pose a threat.
To prevent command spoofing, \fBsudo\fR checks "." and "" (both
denoting current directory) last when searching for a command
in the user's PATH (if one or both are in the PATH).
-Note, however, that the actual PATH environmental variable
+Note, however, that the actual PATH environment variable
is \fInot\fR modified and is passed unchanged to the program that
\fBsudo\fR executes.
.PP
@@ -330,9 +326,11 @@ date.
.Ve
.SH "ENVIRONMENT VARIABLES"
.PP
-.Vb 10
+.Vb 12
\& PATH Set to a sane value if SECURE_PATH is set
\& SHELL Used to determine shell to run with -s option
+\& USER Set to the target user (root unless the -u option
+\& is specified)
\& HOME In -s mode, set to homedir of root (or runas user)
\& if built with the SHELL_SETS_HOME option
\& SUDO_PROMPT Replaces the default password prompt
diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c
index 7d07c33f658..d7dd2a44888 100644
--- a/gnu/usr.bin/sudo/sudo/sudo.c
+++ b/gnu/usr.bin/sudo/sudo/sudo.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: sudo.c,v 1.10 1998/09/15 02:42:45 millert Exp $ */
+/* $OpenBSD: sudo.c,v 1.11 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.7 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
@@ -52,10 +52,6 @@
* Todd Miller <Todd.Miller@courtesan.com>
*/
-#ifndef lint
-static char rcsid[] = "$From: sudo.c,v 1.197 1998/09/13 19:32:48 millert Exp $";
-#endif /* lint */
-
#define MAIN
#include "config.h"
@@ -81,24 +77,14 @@ static char rcsid[] = "$From: sudo.c,v 1.197 1998/09/13 19:32:48 millert Exp $";
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/time.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <netdb.h>
-#if (SHADOW_TYPE == SPW_SECUREWARE)
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* SPW_SECUREWARE */
#ifdef HAVE_DCE
#include <pthread.h>
#endif /* HAVE_DCE */
#include "sudo.h"
-#include <options.h>
#include "version.h"
#ifndef STDC_HEADERS
@@ -111,6 +97,10 @@ extern char *strdup __P((const char *));
extern char *getenv __P((char *));
#endif /* STDC_HEADERS */
+#ifndef lint
+static const char rcsid[] = "$From: sudo.c,v 1.213 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
+
/*
* Local type declarations
@@ -191,13 +181,16 @@ int main(argc, argv)
int argc;
char **argv;
{
- int rtn, found_cmnd;
+ int rtn, cmnd_status = FOUND;
int sudo_mode = MODE_RUN;
extern char ** environ;
-#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(HAVE_SET_AUTH_PARAMETERS)
+#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
(void) set_auth_parameters(argc, argv);
-#endif /* SPW_SECUREWARE */
+# ifdef HAVE_INITPRIVS
+ initprivs();
+# endif
+#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
Argv = argv;
Argc = argc;
@@ -268,7 +261,6 @@ int main(argc, argv)
NewArgv = (char **) malloc (sizeof(char *) * (++NewArgc + 1));
if (NewArgv == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -297,14 +289,13 @@ int main(argc, argv)
#ifdef SECURE_PATH
/* replace the PATH envariable with a secure one */
if (!user_is_exempt() && sudo_setenv("PATH", SECURE_PATH)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
#endif /* SECURE_PATH */
if ((sudo_mode & MODE_RUN)) {
- found_cmnd = load_cmnd(sudo_mode); /* load the cmnd global variable */
+ cmnd_status = load_cmnd(sudo_mode); /* load the cmnd global variable */
} else if (sudo_mode == MODE_KILL) {
remove_timestamp(); /* remove the timestamp ticket file */
exit(0);
@@ -312,20 +303,23 @@ int main(argc, argv)
add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */
- /* validate the user but don't search for "validate" */
+ /* validate the user but don't search for pseudo-commands */
rtn = validate((sudo_mode != MODE_VALIDATE && sudo_mode != MODE_LIST));
switch (rtn) {
case VALIDATE_OK:
- case VALIDATE_OK_NOPASS:
- if (rtn != VALIDATE_OK_NOPASS)
- check_user();
+ check_user();
+ /* fallthrough */
+ case VALIDATE_OK_NOPASS:
/* finally tell the user if the command did not exist */
- if ((sudo_mode & MODE_RUN) && !found_cmnd) {
+ if (cmnd_status == NOT_FOUND_DOT) {
+ (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd);
+ exit(1);
+ } else if (cmnd_status == NOT_FOUND) {
(void) fprintf(stderr, "%s: %s: command not found\n", Argv[0],
- cmnd);
+ cmnd);
exit(1);
}
@@ -383,9 +377,24 @@ int main(argc, argv)
exit(-1);
break;
+ case VALIDATE_NOT_OK:
+ check_user();
+
+#ifndef DONT_LEAK_PATH_INFO
+ log_error(rtn);
+ if (cmnd_status == NOT_FOUND_DOT)
+ (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd);
+ else if (cmnd_status == NOT_FOUND)
+ (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0],
+ cmnd);
+ else
+ inform_user(rtn);
+ exit(1);
+ break;
+#endif /* DONT_LEAK_PATH_INFO */
+
default:
log_error(rtn);
- set_perms(PERM_FULL_USER, sudo_mode);
inform_user(rtn);
exit(1);
break;
@@ -417,14 +426,14 @@ static void load_globals(sudo_mode)
*/
if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) {
/* need to make a fake user_pw_ent */
- struct passwd pw_ent;
+ struct passwd pw;
char pw_name[MAX_UID_T_LEN + 1];
/* fill in uid and name fields with the uid */
- pw_ent.pw_uid = getuid();
- (void) sprintf(pw_name, "%ld", (long) pw_ent.pw_uid);
- pw_ent.pw_name = pw_name;
- user_pw_ent = &pw_ent;
+ pw.pw_uid = getuid();
+ (void) sprintf(pw_name, "%ld", (long) pw.pw_uid);
+ pw.pw_name = pw_name;
+ user_pw_ent = &pw;
/* complain, log, and die */
log_error(GLOBAL_NO_PW_ENT);
@@ -447,15 +456,14 @@ static void load_globals(sudo_mode)
if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
p += sizeof(_PATH_DEV) - 1;
if ((tty = (char *) strdup(p)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
}
-#ifdef UMASK
- (void) umask((mode_t)UMASK);
-#endif /* UMASK */
+#ifdef SUDO_UMASK
+ (void) umask((mode_t)SUDO_UMASK);
+#endif /* SUDO_UMASK */
#ifdef NO_ROOT_SUDO
if (user_uid == 0) {
@@ -472,7 +480,7 @@ static void load_globals(sudo_mode)
/* try as root... */
set_perms(PERM_ROOT, sudo_mode);
if (!getcwd(cwd, sizeof(cwd))) {
- (void) fprintf(stderr, "%s: Can't get working directory!\n",
+ (void) fprintf(stderr, "%s: Can't get working directory!\n",
Argv[0]);
(void) strcpy(cwd, "unknown");
}
@@ -503,7 +511,6 @@ static void load_globals(sudo_mode)
if ((p = strchr(host, '.'))) {
*p = '\0';
if ((shost = strdup(host)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -685,7 +692,6 @@ static void add_env(contiguous)
}
if ((buf = (char *) malloc(size)) == NULL) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -704,7 +710,6 @@ static void add_env(contiguous)
buf = cmnd;
}
if (sudo_setenv("SUDO_COMMAND", buf)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -721,7 +726,6 @@ static void add_env(contiguous)
/* add the SUDO_USER envariable */
if (sudo_setenv("SUDO_USER", user_name)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -729,7 +733,6 @@ static void add_env(contiguous)
/* add the SUDO_UID envariable */
(void) sprintf(idstr, "%ld", (long) user_uid);
if (sudo_setenv("SUDO_UID", idstr)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -737,7 +740,6 @@ static void add_env(contiguous)
/* add the SUDO_GID envariable */
(void) sprintf(idstr, "%ld", (long) user_gid);
if (sudo_setenv("SUDO_GID", idstr)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -745,7 +747,6 @@ static void add_env(contiguous)
/* set PS1 if SUDO_PS1 is set */
if ((buf = getenv("SUDO_PS1")))
if (sudo_setenv("PS1", buf)) {
- perror("malloc");
(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
exit(1);
}
@@ -764,6 +765,8 @@ static void add_env(contiguous)
static int load_cmnd(sudo_mode)
int sudo_mode;
{
+ int retval;
+
if (strlen(NewArgv[0]) >= MAXPATHLEN) {
errno = ENAMETOOLONG;
(void) fprintf(stderr, "%s: %s: Pathname too long\n", Argv[0],
@@ -774,11 +777,9 @@ static int load_cmnd(sudo_mode)
/*
* Resolve the path
*/
- if ((cmnd = find_path(NewArgv[0])) == NULL) {
+ if ((retval = find_path(NewArgv[0], &cmnd)) != FOUND)
cmnd = NewArgv[0];
- return(0);
- } else
- return(1);
+ return(retval);
}
@@ -882,7 +883,7 @@ void set_perms(perm, sudo_mode)
int perm;
int sudo_mode;
{
- struct passwd *pw_ent;
+ struct passwd *pw;
switch (perm) {
case PERM_ROOT:
@@ -931,27 +932,35 @@ void set_perms(perm, sudo_mode)
exit(1);
}
} else {
- if (!(pw_ent = getpwnam(runas_user))) {
+ if (!(pw = getpwnam(runas_user))) {
(void) fprintf(stderr,
"%s: no passwd entry for %s!\n",
Argv[0], runas_user);
exit(1);
}
- if (setgid(pw_ent->pw_gid)) {
+ /* Set $USER to match target user */
+ if (sudo_setenv("USER", pw->pw_name)) {
+ (void) fprintf(stderr,
+ "%s: cannot allocate memory!\n",
+ Argv[0]);
+ exit(1);
+ }
+
+ if (setgid(pw->pw_gid)) {
(void) fprintf(stderr,
"%s: cannot set gid to %d: ",
- Argv[0], pw_ent->pw_gid);
+ Argv[0], pw->pw_gid);
perror("");
exit(1);
}
/*
- * Initialize group vector only if
- * we are going to be a non-root user.
+ * Initialize group vector only if are
+ * going to run as a non-root user.
*/
if (strcmp(runas_user, "root") != 0 &&
- initgroups(runas_user, pw_ent->pw_gid)
+ initgroups(runas_user, pw->pw_gid)
== -1) {
(void) fprintf(stderr,
"%s: cannot set group vector ",
@@ -960,15 +969,15 @@ void set_perms(perm, sudo_mode)
exit(1);
}
- if (setuid(pw_ent->pw_uid)) {
+ if (setuid(pw->pw_uid)) {
(void) fprintf(stderr,
"%s: cannot set uid to %d: ",
- Argv[0], pw_ent->pw_uid);
+ Argv[0], pw->pw_uid);
perror("");
exit(1);
}
if (sudo_mode & MODE_RESET_HOME)
- runas_homedir = pw_ent->pw_dir;
+ runas_homedir = pw->pw_dir;
}
break;
diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h
index 01041b21c9e..beb860b4500 100644
--- a/gnu/usr.bin/sudo/sudo/sudo.h
+++ b/gnu/usr.bin/sudo/sudo/sudo.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: sudo.h,v 1.6 1998/09/15 02:42:45 millert Exp $ */
+/* $OpenBSD: sudo.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.7 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
@@ -27,7 +27,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
- * $From: sudo.h,v 1.126 1998/09/07 02:51:05 millert Exp $
+ * $From: sudo.h,v 1.133 1998/11/08 20:56:52 millert Exp $
*/
#ifndef _SUDO_SUDO_H
@@ -111,10 +111,33 @@ struct generic_alias {
# define MAXSYSLOGLEN 960
#endif
+/*
+ * syslog(3) parameters
+ */
+
#define SLOG_SYSLOG 0x01
#define SLOG_FILE 0x02
#define SLOG_BOTH 0x03
+#if (LOGGING & SLOG_SYSLOG)
+# include <syslog.h>
+# ifndef Syslog_ident
+# define Syslog_ident "sudo"
+# endif
+# ifndef Syslog_options
+# define Syslog_options 0
+# endif
+# if !defined(Syslog_facility) && defined(LOG_NFACILITIES)
+# define Syslog_facility LOGFAC
+# endif
+# ifndef Syslog_priority_OK
+# define Syslog_priority_OK LOG_NOTICE
+# endif
+# ifndef Syslog_priority_NO
+# define Syslog_priority_NO LOG_ALERT
+# endif
+#endif /* LOGGING & SLOG_SYSLOG */
+
#define VALIDATE_OK 0x00
#define VALIDATE_NO_USER 0x01
#define VALIDATE_NOT_OK 0x02
@@ -141,14 +164,22 @@ struct generic_alias {
#define SPOOF_ATTEMPT 0x0D
#define BAD_STAMPDIR 0x0E
#define BAD_STAMPFILE 0x0F
+#define BAD_ALLOCATION 0x10
/*
* Boolean values
*/
#undef TRUE
-#define TRUE 0x01
+#define TRUE 1
#undef FALSE
-#define FALSE 0x00
+#define FALSE 0
+
+/*
+ * find_path()/load_cmnd() return values
+ */
+#define FOUND 1
+#define NOT_FOUND 0
+#define NOT_FOUND_DOT -1
/*
* Various modes sudo can be in (based on arguments) in octal
@@ -198,8 +229,8 @@ int putenv __P((const char *));
#endif
char *sudo_goodpath __P((const char *));
int sudo_setenv __P((char *, char *));
-char *tgetpass __P((char *, int, char *, char *));
-char * find_path __P((char *));
+char *tgetpass __P((char *, int));
+int find_path __P((char *, char **));
void log_error __P((int));
void inform_user __P((int));
void check_user __P((void));
@@ -207,7 +238,10 @@ int validate __P((int));
void set_perms __P((int, int));
void remove_timestamp __P((void));
void load_interfaces __P((void));
+int check_secureware __P((char *));
+void sia_attempt_auth __P((void));
int yyparse __P((void));
+void pass_warn __P((FILE *));
YY_DECL;
diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c
index c9b817915a0..d5dbdee5097 100644
--- a/gnu/usr.bin/sudo/sudo/sudo_setenv.c
+++ b/gnu/usr.bin/sudo/sudo/sudo_setenv.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: sudo_setenv.c,v 1.6 1998/09/15 02:42:45 millert Exp $ */
+/* $OpenBSD: sudo_setenv.c,v 1.7 1998/11/21 01:34:53 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,10 +27,6 @@
* Todd C. Miller (millert@colorado.edu) Fri Jun 3 18:32:19 MDT 1994
*/
-#ifndef lint
-static char rcsid[] = "$From: sudo_setenv.c,v 1.26 1998/04/06 03:35:47 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -48,7 +44,6 @@ static char rcsid[] = "$From: sudo_setenv.c,v 1.26 1998/04/06 03:35:47 millert E
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
#ifndef STDC_HEADERS
#ifdef HAVE_PUTENV
@@ -59,6 +54,10 @@ extern int setenv __P((char *, char *, int));
#endif /* HAVE_SETENV */
#endif /* !STDC_HEADERS */
+#ifndef lint
+static const char rcsid[] = "$From: sudo_setenv.c,v 1.30 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
+
/**********************************************************************
*
diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5
index 935e4e148a7..6c40a2dfad7 100644
--- a/gnu/usr.bin/sudo/sudo/sudoers.5
+++ b/gnu/usr.bin/sudo/sudo/sudoers.5
@@ -1,11 +1,11 @@
.rn '' }`
-''' $OpenBSD: sudoers.5,v 1.6 1998/09/15 02:42:45 millert Exp $
+''' $OpenBSD: sudoers.5,v 1.7 1998/11/21 01:34:53 millert Exp $
'''
-''' $RCSfile: sudoers.5,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $
+''' $RCSfile: sudoers.5,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:53 $
'''
''' $Log: sudoers.5,v $
-''' Revision 1.6 1998/09/15 02:42:45 millert
-''' sudo 1.5.6
+''' Revision 1.7 1998/11/21 01:34:53 millert
+''' sudo 1.5.7
'''
'''
.de Sh
@@ -98,7 +98,7 @@
.nr % 0
.rr F
.\}
-.TH sudoers 5 "1.5.6" "6/Feb/98" "FILE FORMATS"
+.TH sudoers 5 "1.5.7" "17/Oct/98" "FILE FORMATS"
.UC
.if n .hy 0
.if n .na
diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c
index 706abf6e89e..020f1df5e98 100644
--- a/gnu/usr.bin/sudo/sudo/tgetpass.c
+++ b/gnu/usr.bin/sudo/sudo/tgetpass.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: tgetpass.c,v 1.11 1998/11/13 22:44:34 millert Exp $ */
+/* $OpenBSD: tgetpass.c,v 1.12 1998/11/21 01:34:54 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -28,10 +28,6 @@
* Todd C. Miller Sun Jun 5 17:22:31 MDT 1994
*/
-#ifndef lint
-static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -71,14 +67,14 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp
#include <sys/ioctl.h>
#endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
-#if (SHADOW_TYPE == SPW_SECUREWARE)
+#ifdef HAVE_GETPRPWNAM
# ifdef __hpux
# include <hpsecurity.h>
# else
# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* SPW_SECUREWARE */
+# endif /* __hpux */
+# include <prot.h> /* for AUTH_MAX_PASSWD_LENGTH */
+#endif /* HAVE_GETPRPWNAM */
#include <pathnames.h>
#include "compat.h"
@@ -87,6 +83,10 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp
#define TCSASOFT 0
#endif /* TCSASOFT */
+#ifndef lint
+static const char rcsid[] = "$From: tgetpass.c,v 1.72 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
+
/******************************************************************
*
@@ -97,11 +97,9 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp
* and input will time out based on the value of timeout.
*/
-char * tgetpass(prompt, timeout, user, host)
+char * tgetpass(prompt, timeout)
const char *prompt;
int timeout;
- char *user;
- char *host;
{
#ifdef HAVE_TERMIOS_H
struct termios term;
@@ -123,7 +121,6 @@ char * tgetpass(prompt, timeout, user, host)
static char buf[_PASSWD_LEN + 1];
fd_set *readfds;
struct timeval tv;
- char *p;
/*
* mask out SIGINT and SIGTSTP, should probably just catch and deal.
@@ -149,28 +146,9 @@ char * tgetpass(prompt, timeout, user, host)
setbuf(output, NULL);
}
- /*
- * print the prompt
- */
- if (prompt) {
- p = (char *) prompt;
- do {
- /* expand %u -> username, %h -> host */
- switch (*p) {
- case '%': if (user && *(p+1) == 'u') {
- (void) fputs(user, output);
- p++;
- break;
- } else if (host && *(p+1) == 'h') {
- (void) fputs(host, output);
- p++;
- break;
- }
-
- default: (void) fputc(*p, output);
- }
- } while (*(++p));
- }
+ /* print the prompt */
+ if (prompt)
+ fputs(prompt, output);
/* rewind if necesary */
if (input == output) {
diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h
index 1766c5c5acb..d24caab62ee 100644
--- a/gnu/usr.bin/sudo/sudo/version.h
+++ b/gnu/usr.bin/sudo/sudo/version.h
@@ -1,7 +1,7 @@
-/* $OpenBSD: version.h,v 1.7 1998/11/13 22:44:34 millert Exp $ */
+/* $OpenBSD: version.h,v 1.8 1998/11/21 01:34:54 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -19,12 +19,12 @@
*
* Please send bugs, changes, problems to sudo-bugs@courtesan.com
*
- * $From: version.h,v 1.46 1998/04/06 03:36:33 millert Exp $
+ * $From: version.h,v 1.47 1998/11/20 23:33:52 millert Exp $
*/
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static char version[] = "1.5.6p6";
+static const char version[] = "1.5.7";
#endif /* _SUDO_VERSION_H */
diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8
index acf550086a7..61d8166133a 100644
--- a/gnu/usr.bin/sudo/visudo/visudo.8
+++ b/gnu/usr.bin/sudo/visudo/visudo.8
@@ -1,11 +1,11 @@
.rn '' }`
-''' $OpenBSD: visudo.8,v 1.6 1998/09/15 02:42:45 millert Exp $
+''' $OpenBSD: visudo.8,v 1.7 1998/11/21 01:34:54 millert Exp $
'''
-''' $RCSfile: visudo.8,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $
+''' $RCSfile: visudo.8,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:54 $
'''
''' $Log: visudo.8,v $
-''' Revision 1.6 1998/09/15 02:42:45 millert
-''' sudo 1.5.6
+''' Revision 1.7 1998/11/21 01:34:54 millert
+''' sudo 1.5.7
'''
'''
.de Sh
@@ -98,7 +98,7 @@
.nr % 0
.rr F
.\}
-.TH visudo 8 "1.5.6" "16/Feb/98" "MAINTENANCE COMMANDS"
+.TH visudo 8 "1.5.7" "17/Oct/98" "MAINTENANCE COMMANDS"
.UC
.if n .hy 0
.if n .na
@@ -204,7 +204,7 @@ for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later. In the
default configuration, the \fIvi\fR\|(1) editor is used, but there is
a compile time option to allow use of whatever editor the
-environmental variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
+environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
.PP
\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding
diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c
index 30f01188352..d88537cb660 100644
--- a/gnu/usr.bin/sudo/visudo/visudo.c
+++ b/gnu/usr.bin/sudo/visudo/visudo.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: visudo.c,v 1.8 1998/09/15 02:42:45 millert Exp $ */
+/* $OpenBSD: visudo.c,v 1.9 1998/11/21 01:34:54 millert Exp $ */
/*
- * CU sudo version 1.5.6
+ * CU sudo version 1.5.7
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,10 +27,6 @@
* Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995
*/
-#ifndef lint
-static char rcsid[] = "$From: visudo.c,v 1.91 1998/09/08 00:42:02 millert Exp $";
-#endif /* lint */
-
#include "config.h"
#include <stdio.h>
@@ -61,7 +57,6 @@ static char rcsid[] = "$From: visudo.c,v 1.91 1998/09/08 00:42:02 millert Exp $"
#include <netinet/in.h>
#include "sudo.h"
-#include <options.h>
#include "version.h"
#ifndef STDC_HEADERS
@@ -76,6 +71,10 @@ extern int stat __P((const char *, struct stat *));
#define SA_RESETHAND 0
#endif /* POSIX_SIGNALS && !SA_RESETHAND */
+#ifndef lint
+static const char rcsid[] = "$From: visudo.c,v 1.95 1998/11/18 04:16:13 millert Exp $";
+#endif /* lint */
+
/*
* Function prototypes
*/
@@ -147,15 +146,16 @@ int main(argc, argv)
* If passesd -V then print version, else print usage
* if any other option...
*/
- if (argc == 2)
+ if (argc == 2) {
if (!strcmp(Argv[1], "-V")) {
(void) printf("visudo version %s\n", version);
exit(0);
} else {
usage();
}
- else if (argc != 1)
+ } else if (argc != 1) {
usage();
+ }
/* user_pw_ent needs to point to something... */
if ((user_pw_ent = getpwuid(getuid())) == NULL) {
@@ -322,7 +322,7 @@ int main(argc, argv)
* rename(2)'d to sudoers. If the rename(2) fails we try using
* mv(1) in case stmp and sudoers are on different filesystems.
*/
- if (rename(stmp, sudoers))
+ if (rename(stmp, sudoers)) {
if (errno == EXDEV) {
char *tmpbuf;
@@ -356,6 +356,7 @@ int main(argc, argv)
perror("");
Exit(-1);
}
+ }
return(0);
}