diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2005-02-05 23:31:54 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2005-02-05 23:31:54 +0000 |
commit | e7fa4316c2bf6f71dd851829824df85eaf17d4bd (patch) | |
tree | 5716ab05c054257d3281bd0f953088b16911cf23 | |
parent | 032e3e55c9462a20c0f9af0c4ba6374225707f3c (diff) |
Update to Sudo 1.6.8p7
-rw-r--r-- | usr.bin/sudo/CHANGES | 12 | ||||
-rw-r--r-- | usr.bin/sudo/LICENSE | 2 | ||||
-rw-r--r-- | usr.bin/sudo/Makefile.in | 2 | ||||
-rw-r--r-- | usr.bin/sudo/TROUBLESHOOTING | 16 | ||||
-rw-r--r-- | usr.bin/sudo/auth/pam.c | 26 | ||||
-rw-r--r-- | usr.bin/sudo/env.c | 3 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.8 | 2 | ||||
-rw-r--r-- | usr.bin/sudo/sudoers.5 | 2 | ||||
-rw-r--r-- | usr.bin/sudo/version.h | 2 | ||||
-rw-r--r-- | usr.bin/sudo/visudo.8 | 2 |
10 files changed, 48 insertions, 21 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index d4d5ab765d5..f614f0b4102 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1764,3 +1764,15 @@ Sudo 1.6.8p4 released. 556) Invalid values for a tuple are now handled correctly. Sudo 1.6.8p5 released. + +557) Added a set of missing braces needed for MacOS X / Darwin. + +558) Define LDAP_OPT_SUCCESS for those without it. + +Sudo 1.6.8p6 released. + +559) Warn if the user tries to use the -u option when not running a command. + +560) Better PAM error handling and messages. + +Sudo 1.6.8p7 released. diff --git a/usr.bin/sudo/LICENSE b/usr.bin/sudo/LICENSE index 8703535ff31..70655fa144f 100644 --- a/usr.bin/sudo/LICENSE +++ b/usr.bin/sudo/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996,1998-2004 Todd C. Miller <Todd.Miller@courtesan.com> + Copyright (c) 1994-1996,1998-2005 Todd C. Miller <Todd.Miller@courtesan.com> Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index b5585b65a94..477ad2b7a8a 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.8p5 +VERSION = 1.6.8p7 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \ diff --git a/usr.bin/sudo/TROUBLESHOOTING b/usr.bin/sudo/TROUBLESHOOTING index 94a93ccbcd4..3f7dd35a880 100644 --- a/usr.bin/sudo/TROUBLESHOOTING +++ b/usr.bin/sudo/TROUBLESHOOTING @@ -25,9 +25,19 @@ A) The operating system you are running probably has broken support for option and rebuild sudo. Q) Sudo never gives me a chance to enter a password using PAM, it just - says 'Sorry, try again.' three times and quits. -A) You didn't setup PAM to work with sudo. On Linux this generally - means installing sample.pam as /etc/pam.d/sudo. + says 'Sorry, try again.' three times and exits. +A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora + Core this generally means installing sample.pam as /etc/pam.d/sudo. + See the sample.pam file for hints on what to use for other Linux + systems. + +Q) Sudo says 'Account expired or PAM config lacks an "account" + section for sudo, contact your system administrator' and exits + but I know my account has not expired. +A) Your PAM config lacks an "account" specification. On Linux this + usually means you are missing a line like: + account required pam_unix.so + in /etc/pam.d/sudo. Q) Sudo is setup to log via syslog(3) but I'm not getting any log messages. diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index 1dc162ab94d..d289a06ef5c 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -91,8 +91,7 @@ pam_init(pw, promptp, auth) pam_conv.conv = sudo_conv; pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { - log_error(USE_ERRNO|NO_EXIT|NO_MAIL, - "unable to initialize PAM"); + log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM"); return(AUTH_FATAL); } if (strcmp(user_tty, "unknown")) @@ -125,25 +124,30 @@ pam_verify(pw, prompt, auth) *pam_status); return(AUTH_FAILURE); case PAM_NEW_AUTHTOK_REQD: - log_error(NO_EXIT|NO_MAIL, "%s, %s" + log_error(NO_EXIT|NO_MAIL, "%s, %s", "Account or password is expired", "reset your password and try again"); - *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + *pam_status = pam_chauthtok(pamh, + PAM_CHANGE_EXPIRED_AUTHTOK); if (*pam_status == PAM_SUCCESS) return(AUTH_SUCCESS); if ((s = pam_strerror(pamh, *pam_status))) - log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s",s); + log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s", s); return(AUTH_FAILURE); + case PAM_AUTHTOK_EXPIRED: + log_error(NO_EXIT|NO_MAIL, + "Password expired, contact your system administrator"); + return(AUTH_FATAL); case PAM_ACCT_EXPIRED: - log_error(NO_EXIT|NO_MAIL, "%s, %s" - "Account or password is expired", - "contact your system administrator"); - /* FALLTHROUGH */ - default: - return(AUTH_FAILURE); + log_error(NO_EXIT|NO_MAIL, "%s %s", + "Account expired or PAM config lacks an \"account\"", + "section for sudo, contact your system administrator"); + return(AUTH_FATAL); } + /* FALLTHROUGH */ case PAM_AUTH_ERR: case PAM_MAXTRIES: + case PAM_PERM_DENIED: return(AUTH_FAILURE); default: if ((s = pam_strerror(pamh, *pam_status))) diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c index 3f58b446ee4..3e156dde15e 100644 --- a/usr.bin/sudo/env.c +++ b/usr.bin/sudo/env.c @@ -499,7 +499,7 @@ rebuild_env(envp, sudo_mode, noexec) * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html * XXX - should prepend to original value, if any */ - if (noexec && def_noexec_file != NULL) + if (noexec && def_noexec_file != NULL) { #if defined(__darwin__) || defined(__APPLE__) insert_env(format_env("DYLD_INSERT_LIBRARIES", def_noexec_file, VNULL), 1); insert_env(format_env("DYLD_FORCE_FLAT_NAMESPACE", VNULL), 1); @@ -510,6 +510,7 @@ rebuild_env(envp, sudo_mode, noexec) insert_env(format_env("LD_PRELOAD", def_noexec_file, VNULL), 1); # endif #endif + } /* Set PS1 if SUDO_PS1 is set. */ if (ps1) diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8 index e0400a3e17b..a0024b61dc7 100644 --- a/usr.bin/sudo/sudo.8 +++ b/usr.bin/sudo/sudo.8 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO 8" -.TH SUDO 8 "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH SUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5 index 3fc10e1a7be..e5d381eccf2 100644 --- a/usr.bin/sudo/sudoers.5 +++ b/usr.bin/sudo/sudoers.5 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS 5" -.TH SUDOERS 5 "November 28, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH SUDOERS 5 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 3f06dfbc986..9ac1b0773c7 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.8p5"; +static const char version[] = "1.6.8p6"; #endif /* _SUDO_VERSION_H */ diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8 index d871eb4ec87..bfbfcae2678 100644 --- a/usr.bin/sudo/visudo.8 +++ b/usr.bin/sudo/visudo.8 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO 8" -.TH VISUDO 8 "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH VISUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" |