diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1998-11-21 01:34:55 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1998-11-21 01:34:55 +0000 |
commit | 3396948868b7028ad180ddcd1d206d1801803e4e (patch) | |
tree | 08dce227981bb4265e5f860fdb1108e1fa94b486 | |
parent | ba5ec70b5193da84592c05d5646fd339342b33ad (diff) |
sudo 1.5.7
27 files changed, 759 insertions, 600 deletions
diff --git a/gnu/usr.bin/sudo/README b/gnu/usr.bin/sudo/README index 3e714dc1be0..045c545cedf 100644 --- a/gnu/usr.bin/sudo/README +++ b/gnu/usr.bin/sudo/README @@ -1,3 +1,11 @@ This is a minimal sudo distribution for OpenBSD. You can get the full package at ftp://ftp.cs.colorado.edu/pub/sudo/. For info on sudo please see http://www.courtesan.com/sudo/. + +This sudo was configured with the following options: + --disable-path-info + --with-insults + --with-env-editor + --with-logfac=LOG_AUTHPRIV + +S/Key and Kerberos IV are enabled based on bsd.own.mk diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c index 0c72fc2a070..0f3be189cdd 100644 --- a/gnu/usr.bin/sudo/sudo/check.c +++ b/gnu/usr.bin/sudo/sudo/check.c @@ -1,7 +1,7 @@ -/* $OpenBSD: check.c,v 1.12 1998/11/13 22:44:33 millert Exp $ */ +/* $OpenBSD: check.c,v 1.13 1998/11/21 01:34:51 millert Exp $ */ /* - * CU sudo version 1.5.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -37,10 +37,6 @@ * Jeff Nieusma Thu Mar 21 22:39:07 MST 1991 */ -#ifndef lint -static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -57,26 +53,14 @@ static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $" #include <strings.h> #endif /* HAVE_STRINGS_H */ #include <fcntl.h> +#include <time.h> #include <sys/param.h> #include <sys/types.h> #include <sys/stat.h> -#include <sys/time.h> #include <sys/file.h> #include <netinet/in.h> #include <pwd.h> #include <grp.h> -#include "sudo.h" -#include <options.h> -#include "insults.h" -#include "version.h" -#if (SHADOW_TYPE == SPW_SECUREWARE) -# ifdef __hpux -# include <hpsecurity.h> -# else -# include <sys/security.h> -# endif /* __hpux */ -# include <prot.h> -#endif /* SPW_SECUREWARE */ #ifdef HAVE_KERB4 # include <krb.h> #endif /* HAVE_KERB4 */ @@ -107,6 +91,13 @@ static char rcsid[] = "$From: check.c,v 1.144 1998/09/18 05:29:26 millert Exp $" # include "emul/utime.h" #endif /* HAVE_UTIME */ +#include "sudo.h" +#include "insults.h" +#include "version.h" + +#ifndef lint +static const char rcsid[] = "$From: check.c,v 1.163 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ /* * Prototypes for local functions @@ -116,6 +107,7 @@ static void check_passwd __P((void)); static int touch __P((char *)); static void update_timestamp __P((void)); static void reminder __P((void)); +static char *expand_prompt __P((char *, char *, char *)); #ifdef HAVE_KERB4 static int sudo_krb_validate_user __P((struct passwd *, char *)); #endif /* HAVE_KERB4 */ @@ -141,18 +133,9 @@ union config_record configure; #ifdef HAVE_SKEY struct skey skey; #endif -#ifdef HAVE_PAM -static struct pam_conv conv = { - misc_conv, - NULL -}; -#endif #ifdef HAVE_OPIE struct opie opie; #endif -#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha) -extern uchar_t crypt_type; -#endif /* SPW_SECUREWARE && __alpha */ @@ -180,11 +163,17 @@ void check_user() if (rtn == 2) reminder(); /* do the reminder if ticket file is new */ #endif /* NO_MESSAGE */ -#ifdef HAVE_PAM + + /* expand any escapes in the prompt */ + prompt = expand_prompt(prompt, user_name, shost); + +#ifdef HAVE_SIA + sia_attempt_auth(); +#elif HAVE_PAM pam_attempt_auth(); -#else /* !HAVE_PAM */ +#else /* !HAVE_SIA && !HAVE_PAM */ check_passwd(); -#endif /* HAVE_PAM */ +#endif /* HAVE_SIA */ } update_timestamp(); @@ -249,15 +238,15 @@ static int check_timestamp() if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name, p); exit(1); } - (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p); + (void) sprintf(timestampfile, "%s/%s:%s", _PATH_SUDO_TIMEDIR, user_name, p); #else if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name); exit(1); } @@ -302,7 +291,7 @@ static int check_timestamp() } else { /* check the time against the timestamp file */ now = time((time_t *) NULL); - if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT) + if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT) { /* check for bogus time on the stampfile */ if (statbuf.st_mtime > now + 60 * TIMEOUT * 2) { timestamp_is_old = 2; /* bogus time value */ @@ -312,8 +301,9 @@ static int check_timestamp() } else { timestamp_is_old = 0; /* time value is reasonable */ } - else + } else { timestamp_is_old = 1; /* else make 'em enter password */ + } } } /* @@ -420,7 +410,7 @@ void remove_timestamp() if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name, p); exit(1); } @@ -428,7 +418,7 @@ void remove_timestamp() #else if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name); exit(1); } @@ -482,11 +472,7 @@ static void check_passwd() } --counter; /* otherwise, try again */ -#ifdef USE_INSULTS - (void) fprintf(stderr, "%s\n", INSULT); -#else - (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD); -#endif /* USE_INSULTS */ + pass_warn(stderr); } set_perms(PERM_USER, 0); @@ -503,8 +489,8 @@ static void check_passwd() #else /* !HAVE_SECURID */ static void check_passwd() { - char *pass; /* this is what gets entered */ - register int counter = TRIES_FOR_PASSWORD; + char *pass; /* this is what gets entered */ + int counter = TRIES_FOR_PASSWORD; #if defined(HAVE_KERB4) && defined(USE_GETPASS) char kpass[_PASSWD_LEN + 1]; #endif /* HAVE_KERB4 && USE_GETPASS */ @@ -530,7 +516,7 @@ static void check_passwd() # ifdef USE_GETPASS pass = (char *) getpass(prompt); # else - pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60, user_name, shost); + pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60); # endif /* USE_GETPASS */ reenter = 1; if (authenticate(user_name, pass, &reenter, &message) == 0) @@ -558,7 +544,7 @@ static void check_passwd() pass = (char *) getpass(prompt); # endif /* HAVE_KERB4 */ # else - pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60, user_name, shost); + pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60); # endif /* USE_GETPASS */ /* Exit loop on nil password */ @@ -596,41 +582,15 @@ static void check_passwd() * If we use shadow passwords with a different crypt(3) * check that here, else use standard crypt(3). */ -# if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD) -# if (SHADOW_TYPE == SPW_ULTRIX4) +# ifdef HAVE_GETAUTHUID if (!strcmp(user_passwd, (char *) crypt16(pass, user_passwd))) return; /* if the passwd is correct return() */ -# endif /* ULTRIX4 */ -# if (SHADOW_TYPE == SPW_SECUREWARE) && !defined(__alpha) -# ifdef HAVE_BIGCRYPT - if (strcmp(user_passwd, (char *) bigcrypt(pass, user_passwd)) == 0) - return; /* if the passwd is correct return() */ -# else - if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0) - return; /* if the passwd is correct return() */ -# endif /* HAVE_BIGCRYPT */ -# endif /* SECUREWARE && !__alpha */ -# if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha) - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { - if (!strcmp(user_passwd, bigcrypt(pass, user_passwd))) - return; /* if the passwd is correct return() */ - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { - if (!strcmp(user_passwd, crypt16(pass, user_passwd))) - return; /* if the passwd is correct return() */ -# ifdef AUTH_CRYPT_OLDCRYPT - } else if (crypt_type == AUTH_CRYPT_OLDCRYPT || - crypt_type == AUTH_CRYPT_C1CRYPT) { - if (!strcmp(user_passwd, crypt(pass, user_passwd))) - return; /* if the passwd is correct return() */ -# endif - } else { - (void) fprintf(stderr, - "%s: Sorry, I don't know how to deal with crypt type %d.\n", - Argv[0], crypt_type); - exit(1); - } -# endif /* SECUREWARE && __alpha */ -# endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */ +# endif /* HAVE_GETAUTHUID */ + +# ifdef HAVE_GETPRPWNAM + if (check_secureware(pass)) + return; /* if the passwd is correct return() */ +# endif /* HAVE_HAVE_GETPRPWNAM */ /* Normal UN*X password check */ if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd))) @@ -664,11 +624,7 @@ static void check_passwd() #endif /* HAVE_AUTHENTICATE */ --counter; /* otherwise, try again */ -#ifdef USE_INSULTS - (void) fprintf(stderr, "%s\n", INSULT); -#else - (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD); -#endif /* USE_INSULTS */ + pass_warn(stderr); } if (counter > 0) { @@ -691,8 +647,8 @@ static void check_passwd() * * Validate a user via kerberos. */ -static int sudo_krb_validate_user(pw_ent, pass) - struct passwd *pw_ent; +static int sudo_krb_validate_user(pw, pass) + struct passwd *pw; char *pass; { char realm[REALM_SZ]; @@ -708,7 +664,7 @@ static int sudo_krb_validate_user(pw_ent, pass) * wipe out other kerberos tickets. */ (void) sprintf(tkfile, "%s/tkt%ld", _PATH_SUDO_TIMEDIR, - (long) pw_ent->pw_uid); + (long) pw->pw_uid); (void) krb_set_tkt_string(tkfile); /* @@ -716,7 +672,7 @@ static int sudo_krb_validate_user(pw_ent, pass) * the ruid and euid to be the same here so we setuid to root. */ set_perms(PERM_ROOT, 0); - k_errno = krb_get_pw_in_tkt(pw_ent->pw_name, "", realm, "krbtgt", realm, + k_errno = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm, DEFAULT_TKT_LIFE, pass); /* @@ -748,6 +704,10 @@ static void pam_attempt_auth() pam_handle_t *pamh=NULL; int retval; register int counter = TRIES_FOR_PASSWORD; + struct pam_conv conv = { + misc_conv, + NULL + }; set_perms(PERM_ROOT, 0); retval = pam_start("sudo", user_name, &conv, &pamh); @@ -764,11 +724,7 @@ static void pam_attempt_auth() } --counter; -#ifdef USE_INSULTS - (void) fprintf(stderr, "%s\n", INSULT); -#else - (void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD); -#endif /* USE_INSULTS */ + pass_warn(stderr); } set_perms(PERM_USER, 0); @@ -834,7 +790,6 @@ static char *sudo_skeyprompt(user_skey, p) /* allocate space for new prompt */ np_size = op_len + strlen(challenge) + 7; if (!(new_prompt = (char *) malloc(np_size))) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -843,7 +798,6 @@ static char *sudo_skeyprompt(user_skey, p) if (np_size < op_len + strlen(challenge) + 7) { np_size = op_len + strlen(challenge) + 7; if (!(new_prompt = (char *) realloc(new_prompt, np_size))) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -909,7 +863,6 @@ static char *sudo_opieprompt(user_opie, p) /* allocate space for new prompt */ np_size = op_len + strlen(challenge) + 7; if (!(new_prompt = (char *) malloc(np_size))) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -918,7 +871,6 @@ static char *sudo_opieprompt(user_opie, p) if (np_size < op_len + strlen(challenge) + 7) { np_size = op_len + strlen(challenge) + 7; if (!(new_prompt = (char *) realloc(new_prompt, np_size))) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -952,7 +904,7 @@ static void reminder() (void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n", #else (void) fprintf(stderr, "\n%s%s%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n", - " CU sudo version ", version, ", based on Root Group sudo version 1.1", + " CU Sudo version ", version, ", based on Root Group sudo version 1.1.", " sudo version 1.1 is Copyright (C) 1991 The Root Group, Inc.", " sudo comes with ABSOLUTELY NO WARRANTY. This is free software,", " and you are welcome to redistribute it under certain conditions.", @@ -964,3 +916,92 @@ static void reminder() ); } #endif /* NO_MESSAGE */ + + +/******************************************************************** + * + * pass_warn() + * + * warn the user that the password was incorrect + * (and insult them if insults are configured). + */ + +void pass_warn(fp) + FILE *fp; +{ + +#ifdef USE_INSULTS + (void) fprintf(fp, "%s\n", INSULT); +#else + (void) fprintf(fp, "%s\n", INCORRECT_PASSWORD); +#endif /* USE_INSULTS */ +} + +/******************************************************************** + * + * expand_prompt() + * + * expand %h and %u in the prompt and pass back the dynamically + * allocated result. Returns the same string if no escapes. + */ + +static char *expand_prompt(old_prompt, user, host) + char *old_prompt; + char *user; + char *host; +{ + size_t len; + int subst; + char *p, *np, *new_prompt, lastchar; + + /* How much space do we need to malloc for the prompt? */ + subst = 0; + for (p = old_prompt, len = strlen(old_prompt), lastchar = '\0'; *p; p++) { + if (lastchar == '%') { + if (*p == 'h') { + len += strlen(shost) - 2; + subst = 1; + } else if (*p == 'u') { + len += strlen(user_name) - 2; + subst = 1; + } + } + + if (lastchar == '%' && *p == '%') { + lastchar = '\0'; + len--; + } else + lastchar = *p; + } + + if (subst) { + if ((new_prompt = (char *) malloc(len + 1)) == NULL) { + (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); + exit(1); + } + for (p = prompt, np = new_prompt; *p; p++) { + if (lastchar == '%' && (*p == 'h' || *p == 'u' || *p == '%')) { + /* substiture user/host name */ + if (*p == 'h') { + np--; + strcpy(np, shost); + np += strlen(shost); + } else if (*p == 'u') { + np--; + strcpy(np, user_name); + np += strlen(user_name); + } + } else + *np++ = *p; + + if (lastchar == '%' && *p == '%') + lastchar = '\0'; + else + lastchar = *p; + } + *np = '\0'; + } else + new_prompt = prompt; + + return(new_prompt); +} diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h index 2c8231a426f..6d1b68572fc 100644 --- a/gnu/usr.bin/sudo/sudo/compat.h +++ b/gnu/usr.bin/sudo/sudo/compat.h @@ -1,7 +1,7 @@ -/* $OpenBSD: compat.h,v 1.6 1998/09/15 02:42:43 millert Exp $ */ +/* $OpenBSD: compat.h,v 1.7 1998/11/21 01:34:51 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: compat.h,v 1.39 1998/09/09 00:45:17 millert Exp $ + * $From: compat.h,v 1.42 1998/10/21 23:50:10 millert Exp $ */ #ifndef _SUDO_COMPAT_H @@ -102,7 +102,7 @@ # undef _PASSWD_LEN # define _PASSWD_LEN 256 #else -# if (SHADOW_TYPE == SPW_SECUREWARE) +# ifdef HAVE_GETPRPWNAM # undef _PASSWD_LEN # define _PASSWD_LEN AUTH_MAX_PASSWD_LENGTH # else @@ -117,8 +117,8 @@ # endif /* SHADOW_TYPE != SPW_NONE */ # endif /* PASS_MAX */ # endif /* !_PASSWD_LEN */ -# endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */ -#endif /* SPW_SECUREWARE */ +# endif /* HAVE_GETPRPWNAM */ +#endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */ /* * Some OS's lack these diff --git a/gnu/usr.bin/sudo/sudo/config.h b/gnu/usr.bin/sudo/sudo/config.h index 33a2494ea68..3f67f2be97e 100644 --- a/gnu/usr.bin/sudo/sudo/config.h +++ b/gnu/usr.bin/sudo/sudo/config.h @@ -1,8 +1,8 @@ -/* $OpenBSD: config.h,v 1.5 1998/09/15 02:42:43 millert Exp $ */ +/* $OpenBSD: config.h,v 1.6 1998/11/21 01:34:51 millert Exp $ */ /* config.h. Generated automatically by configure. */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: config.h.in,v 1.95 1998/09/11 23:23:33 millert Exp $ + * $From: config.h.in,v 1.109 1998/11/18 20:31:25 millert Exp $ */ /* @@ -28,6 +28,9 @@ * NOT using configure. */ +#ifndef _SUDO_CONFIG_H +#define _SUDO_CONFIG_H + /* New ANSI-style OS defs. */ #if defined(hpux) && !defined(__hpux) # define __hpux 1 @@ -91,12 +94,42 @@ /* Define if you want to use the system getpass(). */ /* #undef USE_GETPASS */ +/* Define if you want to use execv() instead of execvp(). */ +/* #undef USE_EXECV */ + +/* Define if you a different ticket file for each tty. */ +/* #undef USE_TTY_TICKETS */ + +/* Define if you want to insult the user for entering an incorrect password. */ +#define USE_INSULTS 1 + +/* Define if you want the insults from the "classic" version sudo. */ +#define CLASSIC_INSULTS 1 + +/* Define if you want 2001-like insults. */ +/* #undef HAL_INSULTS */ + +/* Define if you want insults from the "Goon Show" */ +/* #undef GOONS_INSULTS */ + +/* Define if you want insults culled from the twisted minds of CSOps. */ +#define CSOPS_INSULTS 1 + +/* Define to override the user's path with a builtin one. */ +/* #undef SECURE_PATH */ + /* Define if you use S/Key. */ /* #undef HAVE_SKEY */ /* Define if you use NRL OPIE. */ /* #undef HAVE_OPIE */ +/* Define if you want a two line OTP (skey/opie) prompt. */ +/* #undef LONG_OTP_PROMPT */ + +/* Define if you want to validate users via OTP (skey/opie) only. */ +/* #undef OTP_ONLY */ + /* Define if you use SecurID. */ /* #undef HAVE_SECURID */ @@ -114,6 +147,9 @@ # define HAVE_KERB4 #endif /* HAVE_KERB5 */ +/* Define if you use SIA. */ +/* #undef HAVE_SIA */ + /* Define if you use PAM. */ /* #undef HAVE_PAM */ @@ -168,28 +204,28 @@ # define memset(S, X, N) (bzero(S, N)) #endif -/* Define if you have sysconf(3c). */ +/* Define if you have sysconf(3c). */ #define HAVE_SYSCONF 1 -/* Define if you have putenv(3). */ +/* Define if you have putenv(3). */ /* #undef HAVE_PUTENV */ -/* Define if you have setenv(3). */ +/* Define if you have setenv(3). */ #define HAVE_SETENV 1 -/* Define if you have strcasecmp(3). */ +/* Define if you have strcasecmp(3). */ #define HAVE_STRCASECMP 1 -/* Define if you have tcgetattr(3). */ +/* Define if you have tcgetattr(3). */ #define HAVE_TCGETATTR 1 -/* Define if you have innetgr(3). */ +/* Define if you have innetgr(3). */ #define HAVE_INNETGR 1 -/* Define if you have getdomainname(2). */ +/* Define if you have getdomainname(2). */ #define HAVE_GETDOMAINNAME 1 -/* Define if you have utime(2). */ +/* Define if you have utime(2). */ #define HAVE_UTIME 1 /* Define if you have a POSIX utime() (uses struct utimbuf) */ @@ -198,19 +234,46 @@ /* Define if utime(file, NULL) sets timestamp to current */ #define HAVE_UTIME_NULL 1 -/* Define if you have bigcrypt(3). */ +/* Define if you have bigcrypt(3). */ /* #undef HAVE_BIGCRYPT */ -/* Define if you have set_auth_parameters(3). */ +/* Define if you have set_auth_parameters(3). */ /* #undef HAVE_SET_AUTH_PARAMETERS */ -/* Define if you have seteuid(3). */ +/* Define if you have initprivs(3). */ +/* #undef HAVE_INITPRIVS */ + +/* Define if you have dispcrypt(3). */ +/* #undef HAVE_DISPCRYPT */ + +/* Define if you have getspnam(3). [SVR4-style shadow passwords] */ +/* #undef HAVE_GETSPNAM */ + +/* Define if you have getprpwnam(3). [SecureWare-style shadow passwords] */ +/* #undef HAVE_GETPRPWNAM */ + +/* Define if you have iscomsec(3). [HP-UX >= 10.x check for shadow enabled] */ +/* #undef HAVE_ISCOMSEC */ + +/* Define if you have getspwuid(3). [HP-UX <= 9.X shadow passwords] */ +/* #undef HAVE_GETSPWUID */ + +/* Define if you have getpwanam(3). [SunOS 4.x shadow passwords] */ +/* #undef HAVE_GETPWANAM */ + +/* Define if you have issecure(3). [SunOS 4.x check for shadow enabled] */ +/* #undef HAVE_ISSECURE */ + +/* Define if you have getauthuid(3). [ULTRIX 4.x shadow passwords] */ +/* #undef HAVE_GETAUTHUID */ + +/* Define if you have seteuid(3). */ #define HAVE_SETEUID 1 -/* Define if you have waitpid(2). */ +/* Define if you have waitpid(2). */ #define HAVE_WAITPID 1 -/* Define if you have wait3(2). */ +/* Define if you have wait3(2). */ /* #undef HAVE_WAIT3 */ /* Define if you have the <malloc.h> header file. */ @@ -265,41 +328,21 @@ /* Define if you have the <sys/select.h> header file. */ #define HAVE_SYS_SELECT_H 1 -/* Define if your struct sockadr has an sa_len field. */ +/* Define if your struct sockadr has an sa_len field. */ #define HAVE_SA_LEN 1 -/* Supported shadow password types */ -#define SPW_NONE 0x00 -#define SPW_SECUREWARE 0x01 -#define SPW_HPUX9 0x02 -#define SPW_SUNOS4 0x03 -#define SPW_SVR4 0x04 -#define SPW_ULTRIX4 0x05 -#define SPW_BSD 0x06 - -/* Define to the variety of shadow passwords supported on your OS */ -#define SHADOW_TYPE SPW_BSD - /* Define to void if your C compiler fully groks void, else char */ #define VOID void -/* Define to the max length of a uid_t in string context (excluding the NULL */ +/* Define to the max length of a uid_t in string context (excluding the NUL) */ #define MAX_UID_T_LEN 10 /* Define if your syslog(3) does not guarantee the message will be logged */ /* and syslog(3) returns non-zero to denote failure */ /* #undef BROKEN_SYSLOG */ -/* - * Emulate a subset of waitpid() if we don't have it. - */ -#ifdef HAVE_WAITPID -#define sudo_waitpid(p, s, o) waitpid(p, s, o) -#else -#ifdef HAVE_WAIT3 -#define sudo_waitpid(p, s, o) wait3(s, o, NULL) -#endif -#endif +/* The umask that the root-run prog should use */ +#define SUDO_UMASK 0022 /* Define if you want the hostname to be entered into the log file */ /* #undef HOST_IN_LOG */ @@ -307,35 +350,97 @@ /* Define if you want the log file line to be wrapped */ #define WRAP_LOG 1 +/* Define to be the number of minutes before sudo asks for passwd again. */ +#define TIMEOUT 5 + +/* Define to be the passwd prompt timeout (in minutes). */ +#define PASSWORD_TIMEOUT 5 + +/* Define to be the number of tries the user gets to enter the passwd. */ +#define TRIES_FOR_PASSWORD 3 + +/* Define to be the user sudo should run commands as by default. */ +#define RUNAS_DEFAULT "root" + +/* Define if you want to require fully qualified hosts in sudoers. */ +/* #undef FQDN */ + +/* If defined, users in this group need not enter a passwd (ie "sudo"). */ +/* #undef EXEMPTGROUP */ + +/* Define to the path of the editor visudo should use. */ +#define EDITOR _PATH_VI + +/* Define to be the user that gets sudo mail. */ +#define ALERTMAIL "root" + +/* Define to be the subject of the mail sent to ALERTMAIL by sudo. */ +#define MAILSUBJECT "*** SECURITY information for %h ***" + +/* Define to be the message given for a bad password. */ +#define INCORRECT_PASSWORD "Sorry, try again." + +/* Define to be the password prompt. */ +#define PASSPROMPT "Password:" + +/* Define if you want visudo to honor EDITOR and VISUAL env variables. */ +#define ENV_EDITOR 1 + +/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH */ +#define LOGGING SLOG_SYSLOG + +/* Define to be the syslog facility to use. */ +#define LOGFAC LOG_AUTHPRIV + +/* Define to be the max chars per log line (for line wrapping). */ +#define MAXLOGFILELEN 80 + +/* Define if you want to ignore '.' and '' in $PATH */ +/* #undef IGNORE_DOT_PATH */ + +/* Define if you want "command not allowed" instead of "command not found" */ +#define DONT_LEAK_PATH_INFO 1 + +/* Define SHORT_MESSAGE for a short lecture or NO_MESSAGE for none. */ +#define SHORT_MESSAGE 1 +/* #undef NO_MESSAGE */ + +/* Define SEND_MAIL_WHEN_NO_USER to send mail when user not in sudoers file */ +#define SEND_MAIL_WHEN_NO_USER 1 + +/* Define SEND_MAIL_WHEN_NOT_OK to send mail when not allowed to run command */ +/* #undef SEND_MAIL_WHEN_NOT_OK */ + +/* Define if you want sudo to start a shell if given no arguments. */ +/* #undef SHELL_IF_NO_ARGS */ + +/* Define if you want sudo to set $HOME in shell mode. */ +/* #undef SHELL_SETS_HOME */ + +/* Define if the code in interfaces.c does not compile for you. */ +/* #undef STUB_LOAD_INTERFACES */ + +/********** You probably don't want to modify anything below here ***********/ + /* - * Paths to commands used by sudo. There are used by pathnames.h. - * If you want to override these values, do so in pathnames.h, not here! + * Emulate a subset of waitpid() if we don't have it. */ +#ifdef HAVE_WAITPID +# define sudo_waitpid(p, s, o) waitpid(p, s, o) +#else +# ifdef HAVE_WAIT3 +# define sudo_waitpid(p, s, o) wait3(s, o, NULL) +# endif +#endif + +#ifdef USE_EXECV +# define EXEC execv +#else +# define EXEC execvp +#endif /* USE_EXECV */ + +#ifdef __svr4__ +# define BSD_COMP +#endif /* __svr4__ */ -#ifndef _CONFIG_PATH_SENDMAIL -#define _CONFIG_PATH_SENDMAIL "/usr/sbin/sendmail" -#endif /* _CONFIG_PATH_SENDMAIL */ - -#ifndef _CONFIG_PATH_VI -#define _CONFIG_PATH_VI "/usr/bin/vi" -#endif /* _CONFIG_PATH_VI */ - -#ifndef _CONFIG_PATH_PWD -#define _CONFIG_PATH_PWD "/bin/pwd" -#endif /* _CONFIG_PATH_PWD */ - -#ifndef _CONFIG_PATH_MV -#define _CONFIG_PATH_MV "/bin/mv" -#endif /* _CONFIG_PATH_MV */ - -#ifndef _CONFIG_PATH_BSHELL -#define _CONFIG_PATH_BSHELL "/bin/sh" -#endif /* _CONFIG_PATH_BSHELL */ - -#ifndef _CONFIG_PATH_LOGFILE -#define _CONFIG_PATH_LOGFILE "/var/log/sudo.log" -#endif /* _CONFIG_PATH_LOGFILE */ - -#ifndef _CONFIG_PATH_TIMEDIR -#define _CONFIG_PATH_TIMEDIR "/var/run/sudo" -#endif /* _CONFIG_PATH_TIMEDIR */ +#endif /* _SUDO_CONFIG_H */ diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c index 159edff7756..c4e87fdb310 100644 --- a/gnu/usr.bin/sudo/sudo/find_path.c +++ b/gnu/usr.bin/sudo/sudo/find_path.c @@ -1,7 +1,7 @@ -/* $OpenBSD: find_path.c,v 1.7 1998/11/13 22:44:34 millert Exp $ */ +/* $OpenBSD: find_path.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,10 +30,6 @@ * Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995 */ -#ifndef lint -static char rcsid[] = "$From: find_path.c,v 1.74 1998/04/06 03:35:34 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -58,7 +54,6 @@ static char rcsid[] = "$From: find_path.c,v 1.74 1998/04/06 03:35:34 millert Exp #include <sys/stat.h> #include <netinet/in.h> #include "sudo.h" -#include <options.h> #ifndef STDC_HEADERS #ifndef __GNUC__ /* gcc has its own malloc */ @@ -75,7 +70,6 @@ extern char *strdup __P((const char *)); #endif /* HAVE_STRDUP */ #endif /* !STDC_HEADERS */ - #ifndef _S_IFMT #define _S_IFMT S_IFMT #endif /* _S_IFMT */ @@ -83,33 +77,37 @@ extern char *strdup __P((const char *)); #define _S_IFLNK S_IFLNK #endif /* _S_IFLNK */ +#ifndef lint +static const char rcsid[] = "$From: find_path.c,v 1.80 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ /******************************************************************* * * find_path() * * this function finds the full pathname for a command and - * stores it in a statically allocated array, returning a pointer - * to the array. + * stores it in a statically allocated array, filling in a pointer + * to the array. Returns FOUND if the command was found, NOT_FOUND + * if it was not found, or NOT_FOUND_DOT if it would have been found + * but it is in '.' and IGNORE_DOT_PATH is in effect. */ -char * find_path(file) - char *file; /* file to find */ +int find_path(infile, outfile) + char *infile; /* file to find */ + char **outfile; /* result parameter */ { static char command[MAXPATHLEN]; /* qualified filename */ register char *n; /* for traversing path */ char *path = NULL; /* contents of PATH env var */ char *origpath; /* so we can free path later */ char *result = NULL; /* result of path/file lookup */ -#ifndef IGNORE_DOT_PATH int checkdot = 0; /* check current dir? */ -#endif /* IGNORE_DOT_PATH */ command[0] = '\0'; - if (strlen(file) >= MAXPATHLEN) { + if (strlen(infile) >= MAXPATHLEN) { errno = ENAMETOOLONG; - (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], file); + (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile); exit(1); } @@ -117,22 +115,26 @@ char * find_path(file) * If we were given a fully qualified or relative path * there is no need to look at PATH. */ - if (strchr(file, '/')) { - (void) strcpy(command, file); - return(sudo_goodpath(command)); + if (strchr(infile, '/')) { + (void) strcpy(command, infile); + if (sudo_goodpath(command)) { + *outfile = command; + return(FOUND); + } else + return(NOT_FOUND); } /* * grab PATH out of environment and make a local copy */ if ((path = getenv("PATH")) == NULL) - return(NULL); + return(NOT_FOUND); if ((path = (char *) strdup(path)) == NULL) { (void) fprintf(stderr, "%s: out of memory!\n", Argv[0]); exit(1); } - origpath=path; + origpath = path; /* XXX use strtok() */ do { @@ -144,9 +146,7 @@ char * find_path(file) * things like using './' or './/' */ if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) { -#ifndef IGNORE_DOT_PATH checkdot = 1; -#endif /* IGNORE_DOT_PATH */ path = n + 1; continue; } @@ -154,27 +154,33 @@ char * find_path(file) /* * resolve the path and exit the loop if found */ - if (strlen(path) + strlen(file) + 1 >= MAXPATHLEN) { - (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], file); + if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) { + (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile); exit(1); } - (void) sprintf(command, "%s/%s", path, file); + (void) sprintf(command, "%s/%s", path, infile); if ((result = sudo_goodpath(command))) break; path = n + 1; } while (n); + (void) free(origpath); -#ifndef IGNORE_DOT_PATH /* - * check current dir if dot was in the PATH + * Check current dir if dot was in the PATH */ - if (!result && checkdot) - result = sudo_goodpath(file); + if (!result && checkdot) { + result = sudo_goodpath(infile); +#ifdef IGNORE_DOT_PATH + if (result) + return(NOT_FOUND_DOT); #endif /* IGNORE_DOT_PATH */ + } - (void) free(origpath); - - return(result); + if (result) { + *outfile = result; + return(FOUND); + } else + return(NOT_FOUND); } diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c index 156af87f8bd..79eabd20631 100644 --- a/gnu/usr.bin/sudo/sudo/getspwuid.c +++ b/gnu/usr.bin/sudo/sudo/getspwuid.c @@ -1,7 +1,7 @@ -/* $OpenBSD: getspwuid.c,v 1.7 1998/11/13 22:44:34 millert Exp $ */ +/* $OpenBSD: getspwuid.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,10 +29,6 @@ * Todd C. Miller Mon Nov 20 13:53:06 MST 1995 */ -#ifndef lint -static char rcsid[] = "$From: getspwuid.c,v 1.29 1998/04/06 03:35:34 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -49,32 +45,35 @@ static char rcsid[] = "$From: getspwuid.c,v 1.29 1998/04/06 03:35:34 millert Exp #include <unistd.h> #endif /* HAVE_UNISTD_H */ #include <sys/types.h> +#include <sys/stat.h> #include <sys/param.h> #include <netinet/in.h> #include <pwd.h> +#ifdef HAVE_GETSPNAM +# include <shadow.h> +#endif /* HAVE_GETSPNAM */ +#ifdef HAVE_GETPRPWNAM +# ifdef __hpux +# include <hpsecurity.h> +# else +# include <sys/security.h> +# endif /* __hpux */ +# include <prot.h> +#endif /* HAVE_GETPRPWNAM */ +#ifdef HAVE_GETPWANAM +# include <sys/label.h> +# include <sys/audit.h> +# include <pwdadj.h> +#endif /* HAVE_GETPWANAM */ +#ifdef HAVE_GETAUTHUID +# include <auth.h> +#endif /* HAVE_GETAUTHUID */ + #include "sudo.h" -#include <options.h> -#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD) -# if (SHADOW_TYPE == SPW_SVR4) -# include <shadow.h> -# endif /* SVR4 */ -# if (SHADOW_TYPE == SPW_SECUREWARE) -# ifdef __hpux -# include <hpsecurity.h> -# else -# include <sys/security.h> -# endif /* __hpux */ -# include <prot.h> -# endif /* SECUREWARE */ -# if (SHADOW_TYPE == SPW_ULTRIX4) -# include <auth.h> -# endif /* ULTRIX4 */ -# if (SHADOW_TYPE == SPW_SUNOS4) -# include <sys/label.h> -# include <sys/audit.h> -# include <pwdadj.h> -# endif /* SUNOS4 */ -#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */ + +#ifndef lint +static const char rcsid[] = "$From: getspwuid.c,v 1.40 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ #ifndef STDC_HEADERS #ifndef __GNUC__ /* gcc has its own malloc */ @@ -89,16 +88,16 @@ extern char *strdup __P((const char *)); /* * Global variables (yuck) */ -#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha) -uchar_t crypt_type; -#endif /* SPW_SECUREWARE && __alpha */ +#if defined(HAVE_GETPRPWNAM) && defined(__alpha) +int crypt_type = INT_MAX; +#endif /* HAVE_GETPRPWNAM && __alpha */ /* * Local functions not visible outside getspwuid.c */ static char *sudo_getshell __P((struct passwd *)); -static char *sudo_getspwd __P((struct passwd *)); +static char *sudo_getepw __P((struct passwd *)); @@ -110,13 +109,13 @@ static char *sudo_getspwd __P((struct passwd *)); * SHELL evariable or the passwd(5) entry (in that order). */ -static char *sudo_getshell(pw_ent) - struct passwd *pw_ent; +static char *sudo_getshell(pw) + struct passwd *pw; { char *pw_shell; if ((pw_shell = getenv("SHELL")) == NULL) - pw_shell = pw_ent -> pw_shell; + pw_shell = pw -> pw_shell; #ifdef _PATH_BSHELL /* empty string "" means bourne shell */ @@ -130,78 +129,76 @@ static char *sudo_getshell(pw_ent) /********************************************************************** * - * sudo_getspwd() + * sudo_getepw() * - * This function returns the shadow password for the user described - * by pw_ent. If there is no shadow password the normal UN*X password - * is returned instead. + * This function returns the encrypted password for the user described + * by pw. If there is a shadow password it is returned, else the + * normal UN*X password is returned instead. */ -static char *sudo_getspwd(pw_ent) - struct passwd *pw_ent; -#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD) -# if (SHADOW_TYPE == SPW_SVR4) +static char *sudo_getepw(pw) + struct passwd *pw; { - struct spwd *spw_ent; - if ((spw_ent = getspnam(pw_ent -> pw_name)) && spw_ent -> sp_pwdp) - return(spw_ent -> sp_pwdp); - else - return(pw_ent -> pw_passwd); -} -# endif /* SVR4 */ -# if (SHADOW_TYPE == SPW_HPUX9) -{ - struct s_passwd *spw_ent; + /* if there is a function to check for shadow enabled, use it... */ +#ifdef HAVE_ISCOMSEC + if (!iscomsec()) + return(pw->pw_passwd); +#endif /* HAVE_ISCOMSEC */ +#ifdef HAVE_ISSECURE + if (!issecure()) + return(pw->pw_passwd); +#endif /* HAVE_ISSECURE */ + +#ifdef HAVE_GETPRPWNAM + { + struct pr_passwd *spw; + + spw = getprpwnam(pw->pw_name); + if (spw != NULL && spw->ufld.fd_encrypt != NULL) { +# ifdef __alpha + crypt_type = spw -> ufld.fd_oldcrypt; +# endif /* __alpha */ + return(spw -> ufld.fd_encrypt); + } + } +#endif /* HAVE_GETPRPWNAM */ +#ifdef HAVE_GETSPNAM + { + struct spwd *spw; - if ((spw_ent = getspwuid(pw_ent -> pw_uid)) && spw_ent -> pw_passwd) - return(spw_ent -> pw_passwd); - else - return(pw_ent -> pw_passwd); -} -# endif /* HPUX9 */ -# if (SHADOW_TYPE == SPW_SUNOS4) -{ - struct passwd_adjunct *spw_ent; + if ((spw = getspnam(pw -> pw_name)) && spw -> sp_pwdp) + return(spw -> sp_pwdp); + } +#endif /* HAVE_GETSPNAM */ +#ifdef HAVE_GETSPWUID + { + struct s_passwd *spw; - if ((spw_ent = getpwanam(pw_ent -> pw_name)) && spw_ent -> pwa_passwd) - return(spw_ent -> pwa_passwd); - else - return(pw_ent -> pw_passwd); -} -# endif /* SUNOS4 */ -# if (SHADOW_TYPE == SPW_ULTRIX4) -{ - AUTHORIZATION *spw_ent; + if ((spw = getspwuid(pw -> pw_uid)) && spw -> pw_passwd) + return(spw -> pw_passwd); + } +#endif /* HAVE_GETSPWUID */ +#ifdef HAVE_GETPWANAM + { + struct passwd_adjunct *spw; - if ((spw_ent = getauthuid(pw_ent -> pw_uid)) && spw_ent -> a_password) - return(spw_ent -> a_password); - else - return(pw_ent -> pw_passwd); -} -# endif /* ULTRIX4 */ -# if (SHADOW_TYPE == SPW_SECUREWARE) -{ - struct pr_passwd *spw_ent; - - if ((spw_ent = getprpwnam(pw_ent->pw_name)) && spw_ent->ufld.fd_encrypt) { -# ifdef __alpha - crypt_type = spw_ent -> ufld.fd_oldcrypt; -# ifdef AUTH_CRYPT_C1CRYPT - if (crypt_type == AUTH_CRYPT_C1CRYPT) - return(pw_ent -> pw_passwd); -# endif /* AUTH_CRYPT_C1CRYPT */ -# endif /* __alpha */ - return(spw_ent -> ufld.fd_encrypt); - } else - return(pw_ent -> pw_passwd); -} -# endif /* SECUREWARE */ -#else -{ - return(pw_ent->pw_passwd); + if ((spw = getpwanam(pw -> pw_name)) && spw -> pwa_passwd) + return(spw -> pwa_passwd); + } +#endif /* HAVE_GETPWANAM */ +#ifdef HAVE_GETAUTHUID + { + AUTHORIZATION *spw; + + if ((spw = getauthuid(pw -> pw_uid)) && spw -> a_password) + return(spw -> a_password); + } +#endif /* HAVE_GETAUTHUID */ + + /* Fall back on normal passwd */ + return(pw->pw_passwd); } -#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */ /********************************************************************** @@ -216,15 +213,14 @@ static char *sudo_getspwd(pw_ent) struct passwd *sudo_getpwuid(uid) uid_t uid; { - struct passwd *pw_ent, *local_pw_ent; + struct passwd *pw, *local_pw; - if ((pw_ent = getpwuid(uid)) == NULL) + if ((pw = getpwuid(uid)) == NULL) return(NULL); - /* allocate space for a local copy of pw_ent */ - local_pw_ent = (struct passwd *) malloc(sizeof(struct passwd)); - if (local_pw_ent == NULL) { - perror("malloc"); + /* allocate space for a local copy of pw */ + local_pw = (struct passwd *) malloc(sizeof(struct passwd)); + if (local_pw == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -232,37 +228,33 @@ struct passwd *sudo_getpwuid(uid) /* * Copy the struct passwd and the interesting strings... */ - (void) memcpy(local_pw_ent, pw_ent, sizeof(struct passwd)); + (void) memcpy(local_pw, pw, sizeof(struct passwd)); - local_pw_ent->pw_name = (char *) strdup(pw_ent->pw_name); - if (local_pw_ent->pw_name == NULL) { - perror("malloc"); + local_pw->pw_name = (char *) strdup(pw->pw_name); + if (local_pw->pw_name == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } - local_pw_ent->pw_dir = (char *) strdup(pw_ent->pw_dir); - if (local_pw_ent->pw_dir == NULL) { - perror("malloc"); + local_pw->pw_dir = (char *) strdup(pw->pw_dir); + if (local_pw->pw_dir == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } /* pw_shell is a special case since we overide with $SHELL */ - local_pw_ent->pw_shell = (char *) strdup(sudo_getshell(pw_ent)); - if (local_pw_ent->pw_shell == NULL) { - perror("malloc"); + local_pw->pw_shell = (char *) strdup(sudo_getshell(pw)); + if (local_pw->pw_shell == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } /* pw_passwd gets a shadow password if applicable */ - local_pw_ent->pw_passwd = (char *) strdup(sudo_getspwd(pw_ent)); - if (local_pw_ent->pw_passwd == NULL) { - perror("malloc"); + local_pw->pw_passwd = (char *) strdup(sudo_getepw(pw)); + if (local_pw->pw_passwd == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } - return(local_pw_ent); + return(local_pw); } diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c index e61d547cb6a..31b9383df4b 100644 --- a/gnu/usr.bin/sudo/sudo/goodpath.c +++ b/gnu/usr.bin/sudo/sudo/goodpath.c @@ -1,7 +1,7 @@ -/* $OpenBSD: goodpath.c,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: goodpath.c,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,10 +30,6 @@ * Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:58:17 MST 1995 */ -#ifndef lint -static char rcsid[] = "$From: goodpath.c,v 1.22 1998/04/06 03:35:35 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -53,12 +49,14 @@ static char rcsid[] = "$From: goodpath.c,v 1.22 1998/04/06 03:35:35 millert Exp #include <netinet/in.h> #include "sudo.h" -#include <options.h> #ifndef STDC_HEADERS extern int stat __P((const char *, struct stat *)); #endif /* !STDC_HEADERS */ +#ifndef lint +static const char rcsid[] = "$From: goodpath.c,v 1.26 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ /****************************************************************** * diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h index edb83a9361c..449dca05245 100644 --- a/gnu/usr.bin/sudo/sudo/ins_2001.h +++ b/gnu/usr.bin/sudo/sudo/ins_2001.h @@ -1,7 +1,7 @@ -/* $OpenBSD: ins_2001.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: ins_2001.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_2001.h,v 1.20 1998/09/07 02:59:06 millert Exp $ + * $From: ins_2001.h,v 1.21 1998/09/17 16:27:03 millert Exp $ */ #ifndef _SUDO_INS_2001_H diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h index 55f134b49f4..a1ed8cbe87d 100644 --- a/gnu/usr.bin/sudo/sudo/ins_classic.h +++ b/gnu/usr.bin/sudo/sudo/ins_classic.h @@ -1,7 +1,7 @@ -/* $OpenBSD: ins_classic.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: ins_classic.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_classic.h,v 1.20 1998/09/07 02:59:06 millert Exp $ + * $From: ins_classic.h,v 1.21 1998/09/17 16:27:03 millert Exp $ */ #ifndef _SUDO_INS_CLASSIC_H diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h index ed5adf4387c..a869990b644 100644 --- a/gnu/usr.bin/sudo/sudo/ins_csops.h +++ b/gnu/usr.bin/sudo/sudo/ins_csops.h @@ -1,7 +1,7 @@ -/* $OpenBSD: ins_csops.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: ins_csops.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_csops.h,v 1.19 1998/09/07 02:59:06 millert Exp $ + * $From: ins_csops.h,v 1.20 1998/09/17 16:27:04 millert Exp $ */ #ifndef _SUDO_INS_CSOPS_H diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h index 6fc1dfb0f1a..2b24f881d12 100644 --- a/gnu/usr.bin/sudo/sudo/ins_goons.h +++ b/gnu/usr.bin/sudo/sudo/ins_goons.h @@ -1,7 +1,7 @@ -/* $OpenBSD: ins_goons.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: ins_goons.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_goons.h,v 1.20 1998/09/07 02:59:06 millert Exp $ + * $From: ins_goons.h,v 1.21 1998/09/17 16:27:04 millert Exp $ */ #ifndef _SUDO_INS_GOONS_H diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h index 79610564d37..7e4ba7816c4 100644 --- a/gnu/usr.bin/sudo/sudo/insults.h +++ b/gnu/usr.bin/sudo/sudo/insults.h @@ -1,7 +1,7 @@ -/* $OpenBSD: insults.h,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: insults.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: insults.h,v 1.32 1998/09/07 02:59:36 millert Exp $ + * $From: insults.h,v 1.35 1998/10/18 22:00:50 millert Exp $ */ #ifndef _SUDO_INSULTS_H @@ -27,13 +27,8 @@ #ifdef USE_INSULTS -#if !defined(HAL_INSULTS) && !defined(GOONS_INSULTS) && !defined(CLASSIC_INSULTS) -# define CLASSIC_INSULTS -# define CSOPS_INSULTS -#endif - /* - * Use one or more set of insults as defined in options.h. + * Use one or more set of insults as determined by configure */ char *insults[] = { diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c index 3ef4047838f..a7b6f8649f2 100644 --- a/gnu/usr.bin/sudo/sudo/interfaces.c +++ b/gnu/usr.bin/sudo/sudo/interfaces.c @@ -1,7 +1,7 @@ -/* $OpenBSD: interfaces.c,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: interfaces.c,v 1.7 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,6 @@ * Todd C. Miller Mon May 1 20:48:43 MDT 1995 */ -#ifndef lint -static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -55,11 +51,10 @@ static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Ex #include <sys/types.h> #include <sys/socket.h> #include <sys/param.h> -#ifdef HAVE_SYS_SOCKIO_H -#include <sys/sockio.h> -#else #include <sys/ioctl.h> -#endif /* HAVE_SYS_SOCKIO_H */ +#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF) +#include <sys/sockio.h> +#endif #ifdef _ISC #include <sys/stream.h> #include <sys/sioctl.h> @@ -75,11 +70,9 @@ static char rcsid[] = "$From: interfaces.c,v 1.38 1998/09/14 15:48:05 millert Ex #endif /* _MIPS */ #include <netinet/in.h> #include <arpa/inet.h> -#include <sys/time.h> #include <net/if.h> #include "sudo.h" -#include <options.h> #include "version.h" #if !defined(STDC_HEADERS) && !defined(__GNUC__) @@ -87,6 +80,10 @@ extern char *malloc __P((size_t)); extern char *realloc __P((VOID *, size_t)); #endif /* !STDC_HEADERS && !__GNUC__ */ +#ifndef lint +static const char rcsid[] = "$From: interfaces.c,v 1.45 1998/11/18 20:31:25 millert Exp $"; +#endif /* lint */ + /* * Globals */ @@ -129,7 +126,7 @@ void load_interfaces() for (;;) { ifconf_buf = ifconf_buf ? realloc(ifconf_buf, len) : malloc(len); if (ifconf_buf == NULL) { - perror("malloc"); + (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } ifconf = (struct ifconf *) ifconf_buf; @@ -163,7 +160,6 @@ void load_interfaces() */ interfaces = (struct interface *) malloc(sizeof(struct interface) * n); if (interfaces == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c index 9fe7fea27d3..89cb8fb8289 100644 --- a/gnu/usr.bin/sudo/sudo/logging.c +++ b/gnu/usr.bin/sudo/sudo/logging.c @@ -1,7 +1,7 @@ -/* $OpenBSD: logging.c,v 1.7 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: logging.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ /* - * CU sudo version 1.5.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -38,10 +38,6 @@ * Jeff Nieusma Thu Mar 21 23:39:04 MST 1991 */ -#ifndef lint -static char rcsid[] = "$From: logging.c,v 1.97 1998/09/10 22:51:09 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -62,16 +58,19 @@ static char rcsid[] = "$From: logging.c,v 1.97 1998/09/10 22:51:09 millert Exp $ #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include <pwd.h> #include <signal.h> +#include <time.h> +#include <errno.h> #include <sys/types.h> -#include <sys/time.h> #include <sys/param.h> #include <sys/stat.h> #include <sys/wait.h> -#include <sys/errno.h> #include <netinet/in.h> #include "sudo.h" -#include <options.h> + +#ifndef lint +static const char rcsid[] = "$From: logging.c,v 1.106 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ /* * Prototypes for local functions @@ -163,7 +162,6 @@ void log_error(code) logline = (char *) malloc(count); if (logline == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -286,8 +284,14 @@ void log_error(code) tty, cwd, runas_user); break; + case BAD_ALLOCATION: + (void) sprintf(p, + "allocation failure; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=", + tty, cwd, runas_user); + break; + default: - strcat(p, "found a wierd error : "); + strcat(p, "found a weird error : "); break; } @@ -442,7 +446,7 @@ void log_error(code) -#ifdef MAILER +#ifdef _PATH_SENDMAIL /********************************************************************** * * send_mail() @@ -455,7 +459,7 @@ static char *mail_argv[] = { "sendmail", "-t", (char *) NULL }; static void send_mail() { - char *mailer = MAILER; + char *mailer = _PATH_SENDMAIL; char *subject = MAILSUBJECT; int fd[2]; char *p; @@ -536,7 +540,7 @@ static void send_mail() /* no mailer defined */ return; } -#endif /* MAILER */ +#endif /* _PATH_SENDMAIL */ @@ -678,9 +682,14 @@ void inform_user(code) "Your timestamp file has a preposterous date, ignoring.\n"); break; + case BAD_ALLOCATION: + (void) fprintf(stderr, + "Resource allocation failure.\n"); + break; + default: (void) fprintf(stderr, - "Something wierd happened.\n\n"); + "Something weird happened.\n\n"); break; } } @@ -735,6 +744,7 @@ static int appropriate(code) case SPOOF_ATTEMPT: case BAD_STAMPDIR: case BAD_STAMPFILE: + case BAD_ALLOCATION: default: return (1); break; diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c index e5b0209ccd9..3e87ffd8a86 100644 --- a/gnu/usr.bin/sudo/sudo/parse.c +++ b/gnu/usr.bin/sudo/sudo/parse.c @@ -1,7 +1,7 @@ -/* $OpenBSD: parse.c,v 1.8 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: parse.c,v 1.9 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,10 +26,6 @@ * Chris Jepeway <jepeway@cs.utk.edu> */ -#ifndef lint -static char rcsid[] = "$From: parse.c,v 1.91 1998/09/07 02:41:33 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -85,7 +81,10 @@ static char rcsid[] = "$From: parse.c,v 1.91 1998/09/07 02:41:33 millert Exp $"; #endif #include "sudo.h" -#include <options.h> + +#ifndef lint +static const char rcsid[] = "$From: parse.c,v 1.97 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ /* * Globals @@ -159,12 +158,13 @@ int validate(check_cmnd) */ if (check_cmnd == FALSE) while (top) { - if (host_matches == TRUE) + if (host_matches == TRUE) { /* user may always do validate or list on allowed hosts */ if (no_passwd == TRUE) return(VALIDATE_OK_NOPASS); else return(VALIDATE_OK); + } top--; } else @@ -254,7 +254,6 @@ int command_matches(cmnd, user_args, path, sudoers_args) return(FALSE); } else { if (path[plen - 1] != '/') { -#ifdef FAST_MATCH char *p; /* Only proceed if the basenames of cmnd and path are the same */ @@ -264,7 +263,6 @@ int command_matches(cmnd, user_args, path, sudoers_args) p++; if (strcmp(c, p)) return(FALSE); -#endif /* FAST_MATCH */ if (stat(path, &pst) < 0) return(FALSE); @@ -299,11 +297,10 @@ int command_matches(cmnd, user_args, path, sudoers_args) continue; strcpy(buf, path); strcat(buf, dent->d_name); -#ifdef FAST_MATCH + /* only stat if basenames are not the same */ if (strcmp(c, dent->d_name)) continue; -#endif /* FAST_MATCH */ if (stat(buf, &pst) < 0) continue; if (cmnd_st.st_dev == pst.st_dev && cmnd_st.st_ino == pst.st_ino) @@ -361,23 +358,27 @@ int usergr_matches(group, user) char *group; char *user; { - struct group *grpent; + struct group *grp; + struct passwd *pw; char **cur; /* make sure we have a valid usergroup, sudo style */ if (*group++ != '%') return(FALSE); - if ((grpent = getgrnam(group)) == NULL) + if ((grp = getgrnam(group)) == NULL) return(FALSE); /* * Check against user's real gid as well as group's user list */ - if (grpent->gr_gid == user_gid) + if ((pw = getpwnam(user)) == NULL) + return(FALSE); + + if (grp->gr_gid == pw->pw_gid) return(TRUE); - for (cur=grpent->gr_mem; *cur; cur++) { + for (cur=grp->gr_mem; *cur; cur++) { if (strcmp(*cur, user) == 0) return(TRUE); } @@ -411,7 +412,6 @@ int netgr_matches(netgr, host, user) /* get the domain name (if any) */ if (domain == (char *) -1) { if ((domain = (char *) malloc(MAXHOSTNAMELEN)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex index 7e5d64065c2..8ed78e5259e 100644 --- a/gnu/usr.bin/sudo/sudo/parse.lex +++ b/gnu/usr.bin/sudo/sudo/parse.lex @@ -1,8 +1,8 @@ %{ -/* $OpenBSD: parse.lex,v 1.6 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: parse.lex,v 1.7 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,10 +27,6 @@ * Chris Jepeway <jepeway@cs.utk.edu> */ -#ifndef lint -static char rcsid[] = "$From: parse.lex,v 1.78 1998/09/07 03:09:49 millert Exp $"; -#endif /* lint */ - #include "config.h" #ifdef STDC_HEADERS @@ -50,9 +46,12 @@ static char rcsid[] = "$From: parse.lex,v 1.78 1998/09/07 03:09:49 millert Exp $ #include <sys/param.h> #include <netinet/in.h> #include "sudo.h" -#include <options.h> #include "sudo.tab.h" +#ifndef lint +static const char rcsid[] = "$From: parse.lex,v 1.82 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ + #undef yywrap /* guard against a yywrap macro */ extern YYSTYPE yylval; diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc index 60b38b921c5..ea68760b2ce 100644 --- a/gnu/usr.bin/sudo/sudo/parse.yacc +++ b/gnu/usr.bin/sudo/sudo/parse.yacc @@ -1,8 +1,8 @@ %{ -/* $OpenBSD: parse.yacc,v 1.10 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: parse.yacc,v 1.11 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,10 +27,6 @@ * Chris Jepeway <jepeway@cs.utk.edu> */ -#ifndef lint -static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> #ifdef STDC_HEADERS @@ -56,7 +52,6 @@ static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp #include <search.h> #endif /* HAVE_LSEARCH */ -#include <options.h> #include "sudo.h" #ifndef HAVE_LSEARCH @@ -67,6 +62,10 @@ static char rcsid[] = "$From: parse.yacc,v 1.115 1998/09/15 02:25:48 millert Exp #define strcasecmp(a,b) strcmp(a,b) #endif /* !HAVE_STRCASECMP */ +#ifndef lint +static const char rcsid[] = "$From: parse.yacc,v 1.122 1998/11/20 19:26:16 millert Exp $"; +#endif /* lint */ + /* * Globals */ @@ -95,7 +94,6 @@ int top = 0, stacksize = 0; while ((stacksize += STACKINCREMENT) < top); \ match = (struct matchstack *) realloc(match, sizeof(struct matchstack) * stacksize); \ if (match == NULL) { \ - perror("malloc"); \ (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); \ exit(1); \ } \ @@ -150,9 +148,10 @@ void yyerror(s) { /* save the line the first error occured on */ if (errorlineno == -1) - errorlineno = sudolineno; + errorlineno = sudolineno - 1; #ifndef TRACELEXER - (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, sudolineno); + (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, + sudolineno - 1); #else (void) fprintf(stderr, "<*> "); #endif @@ -513,7 +512,6 @@ cmndalias : ALIAS { /* Allocate space for ga_list if necesary. */ expand_ga_list(); if (!(ga_list[ga_list_len-1].alias = strdup($1))){ - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -547,7 +545,6 @@ runasalias : ALIAS { /* Allocate space for ga_list if necesary. */ expand_ga_list(); if (!(ga_list[ga_list_len-1].alias = strdup($1))){ - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -872,7 +869,6 @@ static void append(src, dstp, dst_len, dst_size, separator) /* Assumes dst will be NULL if not set. */ if (dst == NULL) { if ((dst = (char *) malloc(BUFSIZ)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -888,7 +884,6 @@ static void append(src, dstp, dst_len, dst_size, separator) *dst_size += BUFSIZ; if (!(dst = (char *) realloc(dst, *dst_size))) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -929,19 +924,17 @@ void reset_aliases() static void expand_ga_list() { - if (++ga_list_len > ga_list_size) { + if (++ga_list_len >= ga_list_size) { while ((ga_list_size += STACKINCREMENT) < ga_list_len); if (ga_list == NULL) { if ((ga_list = (struct generic_alias *) malloc(sizeof(struct generic_alias) * ga_list_size)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } } else { if ((ga_list = (struct generic_alias *) realloc(ga_list, sizeof(struct generic_alias) * ga_list_size)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -961,12 +954,11 @@ static void expand_ga_list() static void expand_match_list() { - if (++cm_list_len > cm_list_size) { + if (++cm_list_len >= cm_list_size) { while ((cm_list_size += STACKINCREMENT) < cm_list_len); if (cm_list == NULL) { if ((cm_list = (struct command_match *) malloc(sizeof(struct command_match) * cm_list_size)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -974,7 +966,6 @@ static void expand_match_list() } else { if ((cm_list = (struct command_match *) realloc(cm_list, sizeof(struct command_match) * cm_list_size)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -1010,7 +1001,6 @@ void init_parser() stacksize = STACKINCREMENT; match = (struct matchstack *) malloc(sizeof(struct matchstack) * stacksize); if (match == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h index ebed9935d88..cd21b73cfed 100644 --- a/gnu/usr.bin/sudo/sudo/pathnames.h +++ b/gnu/usr.bin/sudo/sudo/pathnames.h @@ -1,7 +1,8 @@ -/* $OpenBSD: pathnames.h,v 1.6 1998/09/15 02:42:45 millert Exp $ */ +/* $OpenBSD: pathnames.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */ +/* pathnames.h. Generated automatically by configure. */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: pathnames.h,v 1.32 1998/09/15 02:25:48 millert Exp $ + * $From: pathnames.h.in,v 1.34 1998/09/20 23:10:04 millert Exp $ */ /* @@ -34,8 +35,12 @@ #define _PATH_DEV "/dev/" #endif /* _PATH_DEV */ +#ifndef _PATH_TTY +#define _PATH_TTY "/dev/tty" +#endif /* _PATH_TTY */ + /* - * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile + * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile. */ #ifndef _PATH_SUDO_SUDOERS #define _PATH_SUDO_SUDOERS "/etc/sudoers" @@ -50,43 +55,38 @@ #define _PATH_SUDO_STMP "/etc/stmp" #endif /* _PATH_SUDO_STMP */ -#ifndef _PATH_SUDO_TIMEDIR -#define _PATH_SUDO_TIMEDIR _CONFIG_PATH_TIMEDIR -#endif /* _PATH_SUDO_TIMEDIR */ - -#ifndef _PATH_TTY -#define _PATH_TTY "/dev/tty" -#endif /* _PATH_TTY */ +/* + * The following paths are controlled via the configure script. + */ /* - * The following paths are gleaned via configure but you can override - * configure's values here if you want. + * Where to put the timestamp files. Defaults to /var/run/sudo if + * /var/run exists, else /tmp/.odus. */ +#ifndef _PATH_SUDO_TIMEDIR +#define _PATH_SUDO_TIMEDIR "/var/run/sudo" +#endif /* _PATH_SUDO_TIMEDIR */ /* - * Where to put the sudo log file when logging to a file this - * is /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log + * Where to put the sudo log file when logging to a file. Defaults to + * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log. */ #ifndef _PATH_SUDO_LOGFILE -#define _PATH_SUDO_LOGFILE _CONFIG_PATH_LOGFILE +#define _PATH_SUDO_LOGFILE "/var/log/sudo.log" #endif /* _PATH_SUDO_LOGFILE */ #ifndef _PATH_SENDMAIL -#define _PATH_SENDMAIL _CONFIG_PATH_SENDMAIL +#define _PATH_SENDMAIL "/usr/sbin/sendmail" #endif /* _PATH_SENDMAIL */ #ifndef _PATH_VI -#define _PATH_VI _CONFIG_PATH_VI +#define _PATH_VI "/usr/bin/vi" #endif /* _PATH_VI */ -#ifndef _PATH_PWD -#define _PATH_PWD _CONFIG_PATH_PWD -#endif /* _PATH_PWD */ - #ifndef _PATH_MV -#define _PATH_MV _CONFIG_PATH_MV +#define _PATH_MV "/bin/mv" #endif /* _PATH_MV */ #ifndef _PATH_BSHELL -#define _PATH_BSHELL _CONFIG_PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" #endif /* _PATH_BSHELL */ diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8 index d16bc8b74cf..17606ba95e2 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.8 +++ b/gnu/usr.bin/sudo/sudo/sudo.8 @@ -1,11 +1,11 @@ .rn '' }` -''' $OpenBSD: sudo.8,v 1.6 1998/09/15 02:42:45 millert Exp $ +''' $OpenBSD: sudo.8,v 1.7 1998/11/21 01:34:53 millert Exp $ ''' -''' $RCSfile: sudo.8,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $ +''' $RCSfile: sudo.8,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:53 $ ''' ''' $Log: sudo.8,v $ -''' Revision 1.6 1998/09/15 02:42:45 millert -''' sudo 1.5.6 +''' Revision 1.7 1998/11/21 01:34:53 millert +''' sudo 1.5.7 ''' ''' .de Sh @@ -98,7 +98,7 @@ .nr % 0 .rr F .\} -.TH sudo 8 "1.5.6" "20/Jan/98" "MAINTENANCE COMMANDS" +.TH sudo 8 "1.5.7" "5/Nov/98" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na @@ -214,10 +214,6 @@ user to the local authorities (defined at installation time). .PP \fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but can log to a file instead if so desired (or to both syslog and a file). -.PP -All preferences are defined at installation time and are derived from -the options.h and pathnames.h include files as well as as well as the -Makefile. .SH "OPTIONS" \fBsudo\fR accepts the following command line options: .Ip "-V" 4 @@ -256,10 +252,10 @@ as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a \fIusername\fR, use \*(L"#uid\*(R". .Ip "-s" 4 The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR -environmental variable if it is set or the shell as specified +environment variable if it is set or the shell as specified in \fIpasswd\fR\|(5). .Ip "-H" 4 -The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environmental variable +The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable to the homedir of the target user (root by default) as specified in \fIpasswd\fR\|(5). .Ip "--" 4 @@ -283,7 +279,7 @@ currently unreachable. Variables that control how dynamic loading and binding is done can be used to subvert the program that \fBsudo\fR runs. To combat this the \f(CWLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), -\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environmental variables are +\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environment variables are removed from the environment passed on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, \f(CWENV\fR, \f(CWBASH_ENV\fR and \f(CWKRB_CONF\fR variables as they too can pose a threat. @@ -291,7 +287,7 @@ and \f(CWKRB_CONF\fR variables as they too can pose a threat. To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting current directory) last when searching for a command in the user's PATH (if one or both are in the PATH). -Note, however, that the actual PATH environmental variable +Note, however, that the actual PATH environment variable is \fInot\fR modified and is passed unchanged to the program that \fBsudo\fR executes. .PP @@ -330,9 +326,11 @@ date. .Ve .SH "ENVIRONMENT VARIABLES" .PP -.Vb 10 +.Vb 12 \& PATH Set to a sane value if SECURE_PATH is set \& SHELL Used to determine shell to run with -s option +\& USER Set to the target user (root unless the -u option +\& is specified) \& HOME In -s mode, set to homedir of root (or runas user) \& if built with the SHELL_SETS_HOME option \& SUDO_PROMPT Replaces the default password prompt diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c index 7d07c33f658..d7dd2a44888 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.c +++ b/gnu/usr.bin/sudo/sudo/sudo.c @@ -1,7 +1,7 @@ -/* $OpenBSD: sudo.c,v 1.10 1998/09/15 02:42:45 millert Exp $ */ +/* $OpenBSD: sudo.c,v 1.11 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -52,10 +52,6 @@ * Todd Miller <Todd.Miller@courtesan.com> */ -#ifndef lint -static char rcsid[] = "$From: sudo.c,v 1.197 1998/09/13 19:32:48 millert Exp $"; -#endif /* lint */ - #define MAIN #include "config.h" @@ -81,24 +77,14 @@ static char rcsid[] = "$From: sudo.c,v 1.197 1998/09/13 19:32:48 millert Exp $"; #include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> -#include <sys/time.h> #include <sys/param.h> #include <netinet/in.h> #include <netdb.h> -#if (SHADOW_TYPE == SPW_SECUREWARE) -# ifdef __hpux -# include <hpsecurity.h> -# else -# include <sys/security.h> -# endif /* __hpux */ -# include <prot.h> -#endif /* SPW_SECUREWARE */ #ifdef HAVE_DCE #include <pthread.h> #endif /* HAVE_DCE */ #include "sudo.h" -#include <options.h> #include "version.h" #ifndef STDC_HEADERS @@ -111,6 +97,10 @@ extern char *strdup __P((const char *)); extern char *getenv __P((char *)); #endif /* STDC_HEADERS */ +#ifndef lint +static const char rcsid[] = "$From: sudo.c,v 1.213 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ + /* * Local type declarations @@ -191,13 +181,16 @@ int main(argc, argv) int argc; char **argv; { - int rtn, found_cmnd; + int rtn, cmnd_status = FOUND; int sudo_mode = MODE_RUN; extern char ** environ; -#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(HAVE_SET_AUTH_PARAMETERS) +#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) (void) set_auth_parameters(argc, argv); -#endif /* SPW_SECUREWARE */ +# ifdef HAVE_INITPRIVS + initprivs(); +# endif +#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */ Argv = argv; Argc = argc; @@ -268,7 +261,6 @@ int main(argc, argv) NewArgv = (char **) malloc (sizeof(char *) * (++NewArgc + 1)); if (NewArgv == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -297,14 +289,13 @@ int main(argc, argv) #ifdef SECURE_PATH /* replace the PATH envariable with a secure one */ if (!user_is_exempt() && sudo_setenv("PATH", SECURE_PATH)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } #endif /* SECURE_PATH */ if ((sudo_mode & MODE_RUN)) { - found_cmnd = load_cmnd(sudo_mode); /* load the cmnd global variable */ + cmnd_status = load_cmnd(sudo_mode); /* load the cmnd global variable */ } else if (sudo_mode == MODE_KILL) { remove_timestamp(); /* remove the timestamp ticket file */ exit(0); @@ -312,20 +303,23 @@ int main(argc, argv) add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ - /* validate the user but don't search for "validate" */ + /* validate the user but don't search for pseudo-commands */ rtn = validate((sudo_mode != MODE_VALIDATE && sudo_mode != MODE_LIST)); switch (rtn) { case VALIDATE_OK: - case VALIDATE_OK_NOPASS: - if (rtn != VALIDATE_OK_NOPASS) - check_user(); + check_user(); + /* fallthrough */ + case VALIDATE_OK_NOPASS: /* finally tell the user if the command did not exist */ - if ((sudo_mode & MODE_RUN) && !found_cmnd) { + if (cmnd_status == NOT_FOUND_DOT) { + (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd); + exit(1); + } else if (cmnd_status == NOT_FOUND) { (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0], - cmnd); + cmnd); exit(1); } @@ -383,9 +377,24 @@ int main(argc, argv) exit(-1); break; + case VALIDATE_NOT_OK: + check_user(); + +#ifndef DONT_LEAK_PATH_INFO + log_error(rtn); + if (cmnd_status == NOT_FOUND_DOT) + (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd); + else if (cmnd_status == NOT_FOUND) + (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0], + cmnd); + else + inform_user(rtn); + exit(1); + break; +#endif /* DONT_LEAK_PATH_INFO */ + default: log_error(rtn); - set_perms(PERM_FULL_USER, sudo_mode); inform_user(rtn); exit(1); break; @@ -417,14 +426,14 @@ static void load_globals(sudo_mode) */ if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) { /* need to make a fake user_pw_ent */ - struct passwd pw_ent; + struct passwd pw; char pw_name[MAX_UID_T_LEN + 1]; /* fill in uid and name fields with the uid */ - pw_ent.pw_uid = getuid(); - (void) sprintf(pw_name, "%ld", (long) pw_ent.pw_uid); - pw_ent.pw_name = pw_name; - user_pw_ent = &pw_ent; + pw.pw_uid = getuid(); + (void) sprintf(pw_name, "%ld", (long) pw.pw_uid); + pw.pw_name = pw_name; + user_pw_ent = &pw; /* complain, log, and die */ log_error(GLOBAL_NO_PW_ENT); @@ -447,15 +456,14 @@ static void load_globals(sudo_mode) if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) p += sizeof(_PATH_DEV) - 1; if ((tty = (char *) strdup(p)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } } -#ifdef UMASK - (void) umask((mode_t)UMASK); -#endif /* UMASK */ +#ifdef SUDO_UMASK + (void) umask((mode_t)SUDO_UMASK); +#endif /* SUDO_UMASK */ #ifdef NO_ROOT_SUDO if (user_uid == 0) { @@ -472,7 +480,7 @@ static void load_globals(sudo_mode) /* try as root... */ set_perms(PERM_ROOT, sudo_mode); if (!getcwd(cwd, sizeof(cwd))) { - (void) fprintf(stderr, "%s: Can't get working directory!\n", + (void) fprintf(stderr, "%s: Can't get working directory!\n", Argv[0]); (void) strcpy(cwd, "unknown"); } @@ -503,7 +511,6 @@ static void load_globals(sudo_mode) if ((p = strchr(host, '.'))) { *p = '\0'; if ((shost = strdup(host)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -685,7 +692,6 @@ static void add_env(contiguous) } if ((buf = (char *) malloc(size)) == NULL) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -704,7 +710,6 @@ static void add_env(contiguous) buf = cmnd; } if (sudo_setenv("SUDO_COMMAND", buf)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -721,7 +726,6 @@ static void add_env(contiguous) /* add the SUDO_USER envariable */ if (sudo_setenv("SUDO_USER", user_name)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -729,7 +733,6 @@ static void add_env(contiguous) /* add the SUDO_UID envariable */ (void) sprintf(idstr, "%ld", (long) user_uid); if (sudo_setenv("SUDO_UID", idstr)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -737,7 +740,6 @@ static void add_env(contiguous) /* add the SUDO_GID envariable */ (void) sprintf(idstr, "%ld", (long) user_gid); if (sudo_setenv("SUDO_GID", idstr)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -745,7 +747,6 @@ static void add_env(contiguous) /* set PS1 if SUDO_PS1 is set */ if ((buf = getenv("SUDO_PS1"))) if (sudo_setenv("PS1", buf)) { - perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -764,6 +765,8 @@ static void add_env(contiguous) static int load_cmnd(sudo_mode) int sudo_mode; { + int retval; + if (strlen(NewArgv[0]) >= MAXPATHLEN) { errno = ENAMETOOLONG; (void) fprintf(stderr, "%s: %s: Pathname too long\n", Argv[0], @@ -774,11 +777,9 @@ static int load_cmnd(sudo_mode) /* * Resolve the path */ - if ((cmnd = find_path(NewArgv[0])) == NULL) { + if ((retval = find_path(NewArgv[0], &cmnd)) != FOUND) cmnd = NewArgv[0]; - return(0); - } else - return(1); + return(retval); } @@ -882,7 +883,7 @@ void set_perms(perm, sudo_mode) int perm; int sudo_mode; { - struct passwd *pw_ent; + struct passwd *pw; switch (perm) { case PERM_ROOT: @@ -931,27 +932,35 @@ void set_perms(perm, sudo_mode) exit(1); } } else { - if (!(pw_ent = getpwnam(runas_user))) { + if (!(pw = getpwnam(runas_user))) { (void) fprintf(stderr, "%s: no passwd entry for %s!\n", Argv[0], runas_user); exit(1); } - if (setgid(pw_ent->pw_gid)) { + /* Set $USER to match target user */ + if (sudo_setenv("USER", pw->pw_name)) { + (void) fprintf(stderr, + "%s: cannot allocate memory!\n", + Argv[0]); + exit(1); + } + + if (setgid(pw->pw_gid)) { (void) fprintf(stderr, "%s: cannot set gid to %d: ", - Argv[0], pw_ent->pw_gid); + Argv[0], pw->pw_gid); perror(""); exit(1); } /* - * Initialize group vector only if - * we are going to be a non-root user. + * Initialize group vector only if are + * going to run as a non-root user. */ if (strcmp(runas_user, "root") != 0 && - initgroups(runas_user, pw_ent->pw_gid) + initgroups(runas_user, pw->pw_gid) == -1) { (void) fprintf(stderr, "%s: cannot set group vector ", @@ -960,15 +969,15 @@ void set_perms(perm, sudo_mode) exit(1); } - if (setuid(pw_ent->pw_uid)) { + if (setuid(pw->pw_uid)) { (void) fprintf(stderr, "%s: cannot set uid to %d: ", - Argv[0], pw_ent->pw_uid); + Argv[0], pw->pw_uid); perror(""); exit(1); } if (sudo_mode & MODE_RESET_HOME) - runas_homedir = pw_ent->pw_dir; + runas_homedir = pw->pw_dir; } break; diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h index 01041b21c9e..beb860b4500 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.h +++ b/gnu/usr.bin/sudo/sudo/sudo.h @@ -1,7 +1,7 @@ -/* $OpenBSD: sudo.h,v 1.6 1998/09/15 02:42:45 millert Exp $ */ +/* $OpenBSD: sudo.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -27,7 +27,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * - * $From: sudo.h,v 1.126 1998/09/07 02:51:05 millert Exp $ + * $From: sudo.h,v 1.133 1998/11/08 20:56:52 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -111,10 +111,33 @@ struct generic_alias { # define MAXSYSLOGLEN 960 #endif +/* + * syslog(3) parameters + */ + #define SLOG_SYSLOG 0x01 #define SLOG_FILE 0x02 #define SLOG_BOTH 0x03 +#if (LOGGING & SLOG_SYSLOG) +# include <syslog.h> +# ifndef Syslog_ident +# define Syslog_ident "sudo" +# endif +# ifndef Syslog_options +# define Syslog_options 0 +# endif +# if !defined(Syslog_facility) && defined(LOG_NFACILITIES) +# define Syslog_facility LOGFAC +# endif +# ifndef Syslog_priority_OK +# define Syslog_priority_OK LOG_NOTICE +# endif +# ifndef Syslog_priority_NO +# define Syslog_priority_NO LOG_ALERT +# endif +#endif /* LOGGING & SLOG_SYSLOG */ + #define VALIDATE_OK 0x00 #define VALIDATE_NO_USER 0x01 #define VALIDATE_NOT_OK 0x02 @@ -141,14 +164,22 @@ struct generic_alias { #define SPOOF_ATTEMPT 0x0D #define BAD_STAMPDIR 0x0E #define BAD_STAMPFILE 0x0F +#define BAD_ALLOCATION 0x10 /* * Boolean values */ #undef TRUE -#define TRUE 0x01 +#define TRUE 1 #undef FALSE -#define FALSE 0x00 +#define FALSE 0 + +/* + * find_path()/load_cmnd() return values + */ +#define FOUND 1 +#define NOT_FOUND 0 +#define NOT_FOUND_DOT -1 /* * Various modes sudo can be in (based on arguments) in octal @@ -198,8 +229,8 @@ int putenv __P((const char *)); #endif char *sudo_goodpath __P((const char *)); int sudo_setenv __P((char *, char *)); -char *tgetpass __P((char *, int, char *, char *)); -char * find_path __P((char *)); +char *tgetpass __P((char *, int)); +int find_path __P((char *, char **)); void log_error __P((int)); void inform_user __P((int)); void check_user __P((void)); @@ -207,7 +238,10 @@ int validate __P((int)); void set_perms __P((int, int)); void remove_timestamp __P((void)); void load_interfaces __P((void)); +int check_secureware __P((char *)); +void sia_attempt_auth __P((void)); int yyparse __P((void)); +void pass_warn __P((FILE *)); YY_DECL; diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c index c9b817915a0..d5dbdee5097 100644 --- a/gnu/usr.bin/sudo/sudo/sudo_setenv.c +++ b/gnu/usr.bin/sudo/sudo/sudo_setenv.c @@ -1,7 +1,7 @@ -/* $OpenBSD: sudo_setenv.c,v 1.6 1998/09/15 02:42:45 millert Exp $ */ +/* $OpenBSD: sudo_setenv.c,v 1.7 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,10 +27,6 @@ * Todd C. Miller (millert@colorado.edu) Fri Jun 3 18:32:19 MDT 1994 */ -#ifndef lint -static char rcsid[] = "$From: sudo_setenv.c,v 1.26 1998/04/06 03:35:47 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -48,7 +44,6 @@ static char rcsid[] = "$From: sudo_setenv.c,v 1.26 1998/04/06 03:35:47 millert E #include <netinet/in.h> #include "sudo.h" -#include <options.h> #ifndef STDC_HEADERS #ifdef HAVE_PUTENV @@ -59,6 +54,10 @@ extern int setenv __P((char *, char *, int)); #endif /* HAVE_SETENV */ #endif /* !STDC_HEADERS */ +#ifndef lint +static const char rcsid[] = "$From: sudo_setenv.c,v 1.30 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ + /********************************************************************** * diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5 index 935e4e148a7..6c40a2dfad7 100644 --- a/gnu/usr.bin/sudo/sudo/sudoers.5 +++ b/gnu/usr.bin/sudo/sudo/sudoers.5 @@ -1,11 +1,11 @@ .rn '' }` -''' $OpenBSD: sudoers.5,v 1.6 1998/09/15 02:42:45 millert Exp $ +''' $OpenBSD: sudoers.5,v 1.7 1998/11/21 01:34:53 millert Exp $ ''' -''' $RCSfile: sudoers.5,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $ +''' $RCSfile: sudoers.5,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:53 $ ''' ''' $Log: sudoers.5,v $ -''' Revision 1.6 1998/09/15 02:42:45 millert -''' sudo 1.5.6 +''' Revision 1.7 1998/11/21 01:34:53 millert +''' sudo 1.5.7 ''' ''' .de Sh @@ -98,7 +98,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.5.6" "6/Feb/98" "FILE FORMATS" +.TH sudoers 5 "1.5.7" "17/Oct/98" "FILE FORMATS" .UC .if n .hy 0 .if n .na diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c index 706abf6e89e..020f1df5e98 100644 --- a/gnu/usr.bin/sudo/sudo/tgetpass.c +++ b/gnu/usr.bin/sudo/sudo/tgetpass.c @@ -1,7 +1,7 @@ -/* $OpenBSD: tgetpass.c,v 1.11 1998/11/13 22:44:34 millert Exp $ */ +/* $OpenBSD: tgetpass.c,v 1.12 1998/11/21 01:34:54 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,10 +28,6 @@ * Todd C. Miller Sun Jun 5 17:22:31 MDT 1994 */ -#ifndef lint -static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -71,14 +67,14 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp #include <sys/ioctl.h> #endif /* HAVE_TERMIO_H */ #endif /* HAVE_TERMIOS_H */ -#if (SHADOW_TYPE == SPW_SECUREWARE) +#ifdef HAVE_GETPRPWNAM # ifdef __hpux # include <hpsecurity.h> # else # include <sys/security.h> -# endif /* __hpux */ -# include <prot.h> -#endif /* SPW_SECUREWARE */ +# endif /* __hpux */ +# include <prot.h> /* for AUTH_MAX_PASSWD_LENGTH */ +#endif /* HAVE_GETPRPWNAM */ #include <pathnames.h> #include "compat.h" @@ -87,6 +83,10 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp #define TCSASOFT 0 #endif /* TCSASOFT */ +#ifndef lint +static const char rcsid[] = "$From: tgetpass.c,v 1.72 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ + /****************************************************************** * @@ -97,11 +97,9 @@ static char rcsid[] = "$From: tgetpass.c,v 1.63 1998/09/09 00:43:49 millert Exp * and input will time out based on the value of timeout. */ -char * tgetpass(prompt, timeout, user, host) +char * tgetpass(prompt, timeout) const char *prompt; int timeout; - char *user; - char *host; { #ifdef HAVE_TERMIOS_H struct termios term; @@ -123,7 +121,6 @@ char * tgetpass(prompt, timeout, user, host) static char buf[_PASSWD_LEN + 1]; fd_set *readfds; struct timeval tv; - char *p; /* * mask out SIGINT and SIGTSTP, should probably just catch and deal. @@ -149,28 +146,9 @@ char * tgetpass(prompt, timeout, user, host) setbuf(output, NULL); } - /* - * print the prompt - */ - if (prompt) { - p = (char *) prompt; - do { - /* expand %u -> username, %h -> host */ - switch (*p) { - case '%': if (user && *(p+1) == 'u') { - (void) fputs(user, output); - p++; - break; - } else if (host && *(p+1) == 'h') { - (void) fputs(host, output); - p++; - break; - } - - default: (void) fputc(*p, output); - } - } while (*(++p)); - } + /* print the prompt */ + if (prompt) + fputs(prompt, output); /* rewind if necesary */ if (input == output) { diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h index 1766c5c5acb..d24caab62ee 100644 --- a/gnu/usr.bin/sudo/sudo/version.h +++ b/gnu/usr.bin/sudo/sudo/version.h @@ -1,7 +1,7 @@ -/* $OpenBSD: version.h,v 1.7 1998/11/13 22:44:34 millert Exp $ */ +/* $OpenBSD: version.h,v 1.8 1998/11/21 01:34:54 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,12 +19,12 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: version.h,v 1.46 1998/04/06 03:36:33 millert Exp $ + * $From: version.h,v 1.47 1998/11/20 23:33:52 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static char version[] = "1.5.6p6"; +static const char version[] = "1.5.7"; #endif /* _SUDO_VERSION_H */ diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8 index acf550086a7..61d8166133a 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.8 +++ b/gnu/usr.bin/sudo/visudo/visudo.8 @@ -1,11 +1,11 @@ .rn '' }` -''' $OpenBSD: visudo.8,v 1.6 1998/09/15 02:42:45 millert Exp $ +''' $OpenBSD: visudo.8,v 1.7 1998/11/21 01:34:54 millert Exp $ ''' -''' $RCSfile: visudo.8,v $$Revision: 1.6 $$Date: 1998/09/15 02:42:45 $ +''' $RCSfile: visudo.8,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:54 $ ''' ''' $Log: visudo.8,v $ -''' Revision 1.6 1998/09/15 02:42:45 millert -''' sudo 1.5.6 +''' Revision 1.7 1998/11/21 01:34:54 millert +''' sudo 1.5.7 ''' ''' .de Sh @@ -98,7 +98,7 @@ .nr % 0 .rr F .\} -.TH visudo 8 "1.5.6" "16/Feb/98" "MAINTENANCE COMMANDS" +.TH visudo 8 "1.5.7" "17/Oct/98" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na @@ -204,7 +204,7 @@ for parse errors. If the \fIsudoers\fR file is currently being edited you will receive a message to try again later. In the default configuration, the \fIvi\fR\|(1) editor is used, but there is a compile time option to allow use of whatever editor the -environmental variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to. +environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to. .PP \fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c index 30f01188352..d88537cb660 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.c +++ b/gnu/usr.bin/sudo/visudo/visudo.c @@ -1,7 +1,7 @@ -/* $OpenBSD: visudo.c,v 1.8 1998/09/15 02:42:45 millert Exp $ */ +/* $OpenBSD: visudo.c,v 1.9 1998/11/21 01:34:54 millert Exp $ */ /* - * CU sudo version 1.5.6 + * CU sudo version 1.5.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,10 +27,6 @@ * Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995 */ -#ifndef lint -static char rcsid[] = "$From: visudo.c,v 1.91 1998/09/08 00:42:02 millert Exp $"; -#endif /* lint */ - #include "config.h" #include <stdio.h> @@ -61,7 +57,6 @@ static char rcsid[] = "$From: visudo.c,v 1.91 1998/09/08 00:42:02 millert Exp $" #include <netinet/in.h> #include "sudo.h" -#include <options.h> #include "version.h" #ifndef STDC_HEADERS @@ -76,6 +71,10 @@ extern int stat __P((const char *, struct stat *)); #define SA_RESETHAND 0 #endif /* POSIX_SIGNALS && !SA_RESETHAND */ +#ifndef lint +static const char rcsid[] = "$From: visudo.c,v 1.95 1998/11/18 04:16:13 millert Exp $"; +#endif /* lint */ + /* * Function prototypes */ @@ -147,15 +146,16 @@ int main(argc, argv) * If passesd -V then print version, else print usage * if any other option... */ - if (argc == 2) + if (argc == 2) { if (!strcmp(Argv[1], "-V")) { (void) printf("visudo version %s\n", version); exit(0); } else { usage(); } - else if (argc != 1) + } else if (argc != 1) { usage(); + } /* user_pw_ent needs to point to something... */ if ((user_pw_ent = getpwuid(getuid())) == NULL) { @@ -322,7 +322,7 @@ int main(argc, argv) * rename(2)'d to sudoers. If the rename(2) fails we try using * mv(1) in case stmp and sudoers are on different filesystems. */ - if (rename(stmp, sudoers)) + if (rename(stmp, sudoers)) { if (errno == EXDEV) { char *tmpbuf; @@ -356,6 +356,7 @@ int main(argc, argv) perror(""); Exit(-1); } + } return(0); } |