diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-04-03 19:15:35 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-04-03 19:15:35 +0000 |
| commit | 7d1bac92416230d9ee85e1a890ead0683d0948f6 (patch) | |
| tree | efd7bd51fa1e440c0cf7c099ebc14195ff0b333a | |
| parent | a8c1bd16fee3bf5fff45987e8ba0ef7a281ede93 (diff) | |
Sync with my sudo cvs repo:
o update to sudo 1.6.7p2
o use warn/err throughout
| -rw-r--r-- | usr.bin/sudo/CHANGES | 10 | ||||
| -rw-r--r-- | usr.bin/sudo/Makefile.in | 13 | ||||
| -rw-r--r-- | usr.bin/sudo/alloc.c | 91 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/fwtk.c | 30 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/kerb5.c | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/rfc1938.c | 11 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/securid.c | 11 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/securid5.c | 27 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/sia.c | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/check.c | 19 | ||||
| -rw-r--r-- | usr.bin/sudo/compat.h | 15 | ||||
| -rw-r--r-- | usr.bin/sudo/config.h.in | 9 | ||||
| -rw-r--r-- | usr.bin/sudo/configure | 360 | ||||
| -rw-r--r-- | usr.bin/sudo/configure.in | 37 | ||||
| -rw-r--r-- | usr.bin/sudo/defaults.c | 77 | ||||
| -rw-r--r-- | usr.bin/sudo/env.c | 15 | ||||
| -rw-r--r-- | usr.bin/sudo/find_path.c | 20 | ||||
| -rw-r--r-- | usr.bin/sudo/interfaces.c | 18 | ||||
| -rw-r--r-- | usr.bin/sudo/logging.c | 28 | ||||
| -rw-r--r-- | usr.bin/sudo/mkinstalldirs | 30 | ||||
| -rw-r--r-- | usr.bin/sudo/parse.c | 4 | ||||
| -rw-r--r-- | usr.bin/sudo/sudo.c | 125 | ||||
| -rw-r--r-- | usr.bin/sudo/sudo.h | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/testsudoers.c | 24 | ||||
| -rw-r--r-- | usr.bin/sudo/version.h | 2 | ||||
| -rw-r--r-- | usr.bin/sudo/visudo.c | 134 |
26 files changed, 704 insertions, 424 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index cb2257009f8..31bce32bcc9 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1605,3 +1605,13 @@ Sudo 1.6.7 released. 503) Fixed false positives in the overflow detection of expand_prompt(). Sudo 1.6.7p1 released. + +504) An unterminated comment broke Kerberos V authentication. + +505) The krb5-config script is used to determine Kerberos V CPPFLAGS + and LDFLAGS/LIBS if it exists. + +506) Backed out changes to mkinstalldirs from autoconf 2.57 that + caused problems on Tru64 Unix. + +Sudo 1.6.7p2 released. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 3ac76699489..451433fcb76 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -34,7 +34,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.230 2003/03/15 20:31:02 millert Exp $ +# $Sudo: Makefile.in,v 1.232 2003/04/02 18:45:35 millert Exp $ # #### Start of system configuration section. #### @@ -109,8 +109,8 @@ SHELL = /bin/sh PROGS = @PROGS@ -SRCS = alloc.c alloca.c check.c def_data.c defaults.c env.c fileops.c \ - find_path.c fnmatch.c getcwd.c getspwuid.c goodpath.c \ +SRCS = alloc.c alloca.c check.c def_data.c defaults.c env.c err.c fileops.c \ + find_path.c fnmatch.c getcwd.c getprogname.c getspwuid.c goodpath.c \ interfaces.c lex.yy.c lsearch.c logging.c parse.c parse.lex \ parse.yacc set_perms.c sigaction.c snprintf.c strcasecmp.c strerror.c \ strlcat.c strlcpy.c sudo.c sudo.tab.c testsudoers.c tgetpass.c utime.c \ @@ -123,7 +123,8 @@ AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ HDRS = compat.h def_data.h defaults.h ins_2001.h ins_classic.h ins_csops.h \ ins_goons.h insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h \ - version.h auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h + version.h auth/sudo_auth.h emul/err.h emul/fnmatch.h emul/search.h \ + emul/utime.h AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ @@ -139,7 +140,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.7p1 +VERSION = 1.6.7p2 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ @@ -206,8 +207,10 @@ testsudoers: $(TESTOBJS) $(LIBOBJS) alloc.o: alloc.c $(SUDODEP) check.o: check.c $(SUDODEP) env.o: env.c $(SUDODEP) +err.o: err.c config.h compat.h emul/err.h fileops.o: fileops.c $(SUDODEP) find_path.o: find_path.c $(SUDODEP) +getprogname.o: getprogname.c config.h getspwuid.o: getspwuid.c $(SUDODEP) goodpath.o: goodpath.c $(SUDODEP) logging.o: logging.c $(SUDODEP) diff --git a/usr.bin/sudo/alloc.c b/usr.bin/sudo/alloc.c index 26a7f20e5f2..2cbeec18f6f 100644 --- a/usr.bin/sudo/alloc.c +++ b/usr.bin/sudo/alloc.c @@ -55,12 +55,17 @@ #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS) # include <malloc.h> #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <limits.h> #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: alloc.c,v 1.18 2003/03/15 20:31:01 millert Exp $"; +static const char rcsid[] = "$Sudo: alloc.c,v 1.19 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* @@ -81,8 +86,6 @@ static const char rcsid[] = "$Sudo: alloc.c,v 1.18 2003/03/15 20:31:01 millert E # endif /* SIZE_T_MAX */ #endif /* SIZE_MAX */ -extern char **Argv; /* from sudo.c */ - /* * emalloc() calls the system malloc(3) and exits with an error if * malloc(3) fails. @@ -93,15 +96,11 @@ emalloc(size) { VOID *ptr; - if (size == 0) { - (void) fprintf(stderr, "%s: internal error, tried to emalloc(0)\n", - Argv[0]); - exit(1); - } - if ((ptr = (VOID *) malloc(size)) == NULL) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if (size == 0) + errx(1, "internal error, tried to emalloc(0)"); + + if ((ptr = (VOID *) malloc(size)) == NULL) + errx(1, "unable to allocate memory"); return(ptr); } @@ -116,21 +115,14 @@ emalloc2(nmemb, size) { VOID *ptr; - if (nmemb == 0 || size == 0) { - (void) fprintf(stderr, "%s: internal error, tried to emalloc2(0)\n", - Argv[0]); - exit(1); - } - if (nmemb > SIZE_MAX / size) { - (void) fprintf(stderr, "%s: internal error, emalloc2() overflow\n", - Argv[0]); - exit(1); - } + if (nmemb == 0 || size == 0) + errx(1, "internal error, tried to emalloc2(0)"); + if (nmemb > SIZE_MAX / size) + errx(1, "internal error, emalloc2() overflow"); + size *= nmemb; - if ((ptr = (VOID *) malloc(size)) == NULL) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if ((ptr = (VOID *) malloc(size)) == NULL) + errx(1, "unable to allocate memory"); return(ptr); } @@ -145,16 +137,12 @@ erealloc(ptr, size) size_t size; { - if (size == 0) { - (void) fprintf(stderr, "%s: internal error, tried to erealloc(0)\n", - Argv[0]); - exit(1); - } + if (size == 0) + errx(1, "internal error, tried to erealloc(0)"); + ptr = ptr ? (VOID *) realloc(ptr, size) : (VOID *) malloc(size); - if (ptr == NULL) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if (ptr == NULL) + errx(1, "unable to allocate memory"); return(ptr); } @@ -171,22 +159,15 @@ erealloc3(ptr, nmemb, size) size_t size; { - if (nmemb == 0 || size == 0) { - (void) fprintf(stderr, "%s: internal error, tried to erealloc3(0)\n", - Argv[0]); - exit(1); - } - if (nmemb > SIZE_MAX / size) { - (void) fprintf(stderr, "%s: internal error, erealloc3() overflow\n", - Argv[0]); - exit(1); - } + if (nmemb == 0 || size == 0) + errx(1, "internal error, tried to erealloc3(0)"); + if (nmemb > SIZE_MAX / size) + errx(1, "internal error, erealloc3() overflow"); + size *= nmemb; ptr = ptr ? (VOID *) realloc(ptr, size) : (VOID *) malloc(size); - if (ptr == NULL) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if (ptr == NULL) + errx(1, "unable to allocate memory"); return(ptr); } @@ -236,10 +217,8 @@ easprintf(va_alist) len = vasprintf(ret, fmt, ap); va_end(ap); - if (len == -1) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if (len == -1) + errx(1, "unable to allocate memory"); return(len); } @@ -255,9 +234,7 @@ evasprintf(ret, format, args) { int len; - if ((len = vasprintf(ret, format, args)) == -1) { - (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); - exit(1); - } + if ((len = vasprintf(ret, format, args)) == -1) + errx(1, "unable to allocate memory"); return(len); } diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c index db6d3a8efd6..f885be09d58 100644 --- a/usr.bin/sudo/auth/fwtk.c +++ b/usr.bin/sudo/auth/fwtk.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2002 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2003 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -55,6 +55,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> #include <auth.h> @@ -64,7 +69,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: fwtk.c,v 1.17 2003/03/15 20:37:44 millert Exp $"; +static const char rcsid[] = "$Sudo: fwtk.c,v 1.18 2003/04/02 18:25:29 millert Exp $"; #endif /* lint */ int @@ -77,25 +82,22 @@ fwtk_init(pw, promptp, auth) char resp[128]; /* Response from the server */ if ((confp = cfg_read("sudo")) == (Cfg *)-1) { - (void) fprintf(stderr, "%s: cannot read fwtk config.\n", Argv[0]); + warnx("cannot read fwtk config"); return(AUTH_FATAL); } if (auth_open(confp)) { - (void) fprintf(stderr, "%s: cannot connect to authentication server.\n", - Argv[0]); + warnx("cannot connect to authentication server"); return(AUTH_FATAL); } /* Get welcome message from auth server */ if (auth_recv(resp, sizeof(resp))) { - (void) fprintf(stderr, - "%s: lost connection to authentication server.\n", Argv[0]); + warnx("lost connection to authentication server"); return(AUTH_FATAL); } if (strncmp(resp, "Authsrv ready", 13) != 0) { - (void) fprintf(stderr, - "%s: authentication server error.\n%s\n", Argv[0], resp); + warnx("authentication server error:\n%s", resp); return(AUTH_FATAL); } @@ -117,8 +119,7 @@ fwtk_verify(pw, prompt, auth) /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { - (void) fprintf(stderr, - "%s: lost connection to authentication server.\n", Argv[0]); + warnx("lost connection to authentication server"); return(AUTH_FATAL); } @@ -134,7 +135,7 @@ fwtk_verify(pw, prompt, auth) pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags); } else { - (void) fprintf(stderr, "%s: %s\n", Argv[0], resp); + warnx("%s", resp); return(AUTH_FATAL); } if (!pass) { /* ^C or error */ @@ -146,8 +147,7 @@ fwtk_verify(pw, prompt, auth) /* Send the user's response to the server */ (void) snprintf(buf, sizeof(buf), "response '%s'", pass); if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { - (void) fprintf(stderr, - "%s: lost connection to authentication server.\n", Argv[0]); + warnx("lost connection to authentication server"); error = AUTH_FATAL; goto done; } @@ -159,7 +159,7 @@ fwtk_verify(pw, prompt, auth) /* Main loop prints "Permission Denied" or insult. */ if (strcmp(resp, "Permission Denied.") != 0) - fprintf(stderr, "%s: %s\n", Argv[0], resp); + warnx("%s", resp); error = AUTH_FAILURE; done: memset(pass, 0, strlen(pass)); diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c index 50ef2b43648..151b40573cd 100644 --- a/usr.bin/sudo/auth/kerb5.c +++ b/usr.bin/sudo/auth/kerb5.c @@ -65,7 +65,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: kerb5.c,v 1.13 2003/03/15 20:37:44 millert Exp $"; +static const char rcsid[] = "$Sudo: kerb5.c,v 1.14 2003/04/02 18:57:34 millert Exp $"; #endif /* lint */ static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *)); @@ -266,8 +266,8 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name) return(-1); } - /* Extract the name directly. - strlcpy(phost, krb5_principal_get_realm(sudo_context, princ, 1), + /* Extract the name directly. */ + strlcpy(phost, krb5_principal_get_realm(sudo_context, princ), sizeof(phost)); /* diff --git a/usr.bin/sudo/auth/rfc1938.c b/usr.bin/sudo/auth/rfc1938.c index 4d702e61b41..84fc50366bb 100644 --- a/usr.bin/sudo/auth/rfc1938.c +++ b/usr.bin/sudo/auth/rfc1938.c @@ -55,6 +55,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> #if defined(HAVE_SKEY) @@ -77,7 +82,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: rfc1938.c,v 1.12 2003/03/16 02:18:34 millert Exp $"; +static const char rcsid[] = "$Sudo: rfc1938.c,v 1.13 2003/04/02 18:25:30 millert Exp $"; #endif /* lint */ int @@ -121,9 +126,7 @@ rfc1938_setup(pw, promptp, auth) */ if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (IS_ONEANDONLY(auth)) { - (void) fprintf(stderr, - "%s: You do not exist in the %s database.\n", - Argv[0], auth->name); + warnx("you do not exist in the %s database", auth->name); return(AUTH_FATAL); } else { return(AUTH_FAILURE); diff --git a/usr.bin/sudo/auth/securid.c b/usr.bin/sudo/auth/securid.c index b3df35237fd..697404baa85 100644 --- a/usr.bin/sudo/auth/securid.c +++ b/usr.bin/sudo/auth/securid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2001, 2003 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * This code is derived from software contributed by Giles Todd @@ -58,6 +58,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> #include <sdi_athd.h> @@ -68,7 +73,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: securid.c,v 1.9 2003/03/16 03:03:32 millert Exp $"; +static const char rcsid[] = "$Sudo: securid.c,v 1.10 2003/04/02 18:25:30 millert Exp $"; #endif /* lint */ union config_record configure; @@ -103,7 +108,7 @@ securid_setup(pw, promptp, auth) strlcpy(sd->username, pw->pw_name, 32); return(AUTH_SUCCESS); } else { - (void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]); + warnx("unable to contact the SecurID server"); return(AUTH_FATAL); } } diff --git a/usr.bin/sudo/auth/securid5.c b/usr.bin/sudo/auth/securid5.c index 62b443e9fb6..b01d77635d8 100644 --- a/usr.bin/sudo/auth/securid5.c +++ b/usr.bin/sudo/auth/securid5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2002 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2003 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 2002 Michael Stroucken <michael@stroucken.org> * All rights reserved. * @@ -59,6 +59,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> /* Needed for SecurID v5.0 Authentication on UNIX */ @@ -70,7 +75,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: securid5.c,v 1.2 2002/05/20 20:51:23 millert Exp $"; +static const char rcsid[] = "$Sudo: securid5.c,v 1.3 2003/04/02 18:25:30 millert Exp $"; #endif /* lint */ /* @@ -99,7 +104,7 @@ securid_init(pw, promptp, auth) if (AceInitialize() != SD_FALSE) return(AUTH_SUCCESS); - fprintf(stderr, "Failed to initialise ACE API library.\n"); + warnx("failed to initialise the ACE API library"); return(AUTH_FATAL); } @@ -127,7 +132,7 @@ securid_setup(pw, promptp, auth) /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { - (void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]); + warnx("unable to contact the SecurID server"); return(AUTH_FATAL); } @@ -136,19 +141,19 @@ securid_setup(pw, promptp, auth) switch (retval) { case ACE_UNDEFINED_USERNAME: - fprintf(stderr, "Invalid username length for SecurID\n"); + warnx("invalid username length for SecurID"); return(AUTH_FATAL); case ACE_ERR_INVALID_HANDLE: - fprintf(stderr, "Invalid Authentication Handle for SecurID\n"); + warnx("invalid Authentication Handle for SecurID"); return(AUTH_FATAL); case ACM_ACCESS_DENIED: - fprintf(stderr, "SecurID communication has failed\n"); + warnx("SecurID communication failed"); return(AUTH_FATAL); case ACM_OK: - fprintf(stderr, "User ID locked for SecurID Authentication\n"); + warnx("User ID locked for SecurID Authentication"); return(AUTH_SUCCESS); } } @@ -180,17 +185,17 @@ securid_verify(pw, pass, auth) /* Have ACE verify password */ switch (SD_Check(*sd, pass, pw->pw_name)) { case ACE_UNDEFINED_PASSCODE: - fprintf(stderr, "Invalid passcode length for SecurID\n"); + warnx("invalid passcode length for SecurID"); rval = AUTH_FATAL; break; case ACE_UNDEFINED_USERNAME: - fprintf(stderr, "Invalid username length for SecurID\n"); + warnx("invalid username length for SecurID"); rval = AUTH_FATAL; break; case ACE_ERR_INVALID_HANDLE: - fprintf(stderr, "Invalid Authentication Handle for SecurID\n"); + warnx("invalid Authentication Handle for SecurID"); rval = AUTH_FATAL; case ACM_ACCESS_DENIED: diff --git a/usr.bin/sudo/auth/sia.c b/usr.bin/sudo/auth/sia.c index 09b67e21e7e..bf7fc188c89 100644 --- a/usr.bin/sudo/auth/sia.c +++ b/usr.bin/sudo/auth/sia.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2001, 2003 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * This code is derived from software contributed by Spider Boardman @@ -64,7 +64,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: sia.c,v 1.10 2001/12/14 19:52:53 millert Exp $"; +static const char rcsid[] = "$Sudo: sia.c,v 1.11 2003/04/02 18:25:30 millert Exp $"; #endif /* lint */ static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *)); @@ -111,6 +111,8 @@ sia_setup(pw, promptp, auth) sudo_auth *auth; { SIAENTITY *siah = NULL; + extern int Argc; + extern char **Argv; if (sia_ses_init(&siah, Argc, Argv, NULL, pw->pw_name, ttyname(0), 1, NULL) != SIASUCCESS) { diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index 53a2360684b..76db67c0fce 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -57,6 +57,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <errno.h> #include <fcntl.h> #include <signal.h> @@ -67,7 +72,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: check.c,v 1.211 2003/04/01 14:58:55 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.212 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -269,9 +274,7 @@ expand_prompt(old_prompt, user, host) oflow: /* We pre-allocate enough space, so this should never happen. */ - (void) fprintf(stderr, "%s: internal error, expand_prompt() overflow\n", - Argv[0]); - exit(1); + errx(1, "internal error, expand_prompt() overflow"); } /* @@ -543,15 +546,13 @@ remove_timestamp(remove) else status = rmdir(timestampdir); if (status == -1 && errno != ENOENT) { - log_error(NO_EXIT, "can't remove %s (%s), will reset to epoch", + log_error(NO_EXIT, "can't remove %s (%s), will reset to Epoch", ts, strerror(errno)); remove = FALSE; } } - if (!remove && touch(ts, 0) == -1) { - (void) fprintf(stderr, "%s: can't reset %s to epoch: %s\n", - Argv[0], ts, strerror(errno)); - } + if (!remove && touch(ts, 0) == -1) + err(1, "can't reset %s to Epoch", ts); } free(timestampdir); diff --git a/usr.bin/sudo/compat.h b/usr.bin/sudo/compat.h index a5cf55fc593..03ee85bc95c 100644 --- a/usr.bin/sudo/compat.h +++ b/usr.bin/sudo/compat.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: compat.h,v 1.65 2003/03/15 20:31:02 millert Exp $ + * $Sudo: compat.h,v 1.66 2003/04/02 18:25:19 millert Exp $ */ #ifndef _SUDO_COMPAT_H @@ -227,4 +227,17 @@ typedef struct sigaction sigaction_t; # define RLIM_INFINITY (-1) #endif +/* + * If we lack getprogname(), emulate with __progname if possible. + * Otherwise, add a prototype for use with our own getprogname.c. + */ +#ifndef HAVE_GETPROGNAME +# ifdef HAVE___PROGNAME +extern const char *__progname; +# define getprogname() (__progname) +# else +const char *getprogname __P((void)); +#endif /* HAVE___PROGNAME */ +#endif /* !HAVE_GETPROGNAME */ + #endif /* _SUDO_COMPAT_H */ diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in index b83a6164c23..cbcc2200d0a 100644 --- a/usr.bin/sudo/config.h.in +++ b/usr.bin/sudo/config.h.in @@ -75,6 +75,9 @@ /* Define to 1 if you have the `dispcrypt' function. */ #undef HAVE_DISPCRYPT +/* Define to 1 if you have the <err.h> header file. */ +#undef HAVE_ERR_H + /* Define to 1 if you have the `flock' function. */ #undef HAVE_FLOCK @@ -103,6 +106,9 @@ /* Define to 1 if you have the `getifaddrs' function. */ #undef HAVE_GETIFADDRS +/* Define to 1 if you have the `getprogname' function. */ +#undef HAVE_GETPROGNAME + /* Define if you have the `getprpwnam' function. (SecureWare-style shadow passwords) */ #undef HAVE_GETPRPWNAM @@ -324,6 +330,9 @@ /* Define to 1 if you have the `_innetgr' function. */ #undef HAVE__INNETGR +/* Define if your crt0.o defines the __progname symbol for you. */ +#undef HAVE___PROGNAME + /* Define if you want the hostname to be entered into the log file. */ #undef HOST_IN_LOG diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index d165e2929b4..20168b173f2 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.57 for sudo 1.6.7. +# Generated by GNU Autoconf 2.57 for sudo 1.6.7p2. # # Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 # Free Software Foundation, Inc. @@ -266,8 +266,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.6.7' -PACKAGE_STRING='sudo 1.6.7' +PACKAGE_VERSION='1.6.7p2' +PACKAGE_STRING='sudo 1.6.7p2' PACKAGE_BUGREPORT='' # Factoring default headers for most tests. @@ -307,7 +307,7 @@ ac_includes_default="\ # include <unistd.h> #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CFLAGS PROGS CPPFLAGS LDFLAGS SUDO_LDFLAGS SUDO_LIBS NET_LIBS AFS_LIBS OSDEFS AUTH_OBJS MANTYPE MAN_POSTINSTALL SUDOERS_MODE SUDOERS_UID SUDOERS_GID DEV mansectsu mansectform mansrcdir timedir timeout password_timeout sudo_umask passprompt long_otp_prompt lecture logfac goodpri badpri loglen ignore_dot mail_no_user mail_no_host mail_no_perms mailto mailsub badpass_message fqdn runas_default env_editor passwd_tries tty_tickets insults EGREPPROG CC ac_ct_CC EXEEXT OBJEXT CPP UNAMEPROG TRPROG SEDPROG NROFFPROG build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP YACC LIBOBJS ALLOCA LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CFLAGS PROGS CPPFLAGS LDFLAGS SUDO_LDFLAGS SUDO_LIBS NET_LIBS AFS_LIBS OSDEFS AUTH_OBJS MANTYPE MAN_POSTINSTALL SUDOERS_MODE SUDOERS_UID SUDOERS_GID DEV mansectsu mansectform mansrcdir timedir timeout password_timeout sudo_umask passprompt long_otp_prompt lecture logfac goodpri badpri loglen ignore_dot mail_no_user mail_no_host mail_no_perms mailto mailsub badpass_message fqdn runas_default env_editor passwd_tries tty_tickets insults EGREPPROG CC ac_ct_CC EXEEXT OBJEXT CPP UNAMEPROG TRPROG SEDPROG NROFFPROG build build_cpu build_vendor build_os host host_cpu host_vendor host_os EGREP YACC LIBOBJS ALLOCA KRB5CONFIG LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -776,7 +776,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.6.7 to adapt to many kinds of systems. +\`configure' configures sudo 1.6.7p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -837,7 +837,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.6.7:";; + short | recursive ) echo "Configuration of sudo 1.6.7p2:";; esac cat <<\_ACEOF @@ -1004,7 +1004,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.6.7 +sudo configure 1.6.7p2 generated by GNU Autoconf 2.57 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -1019,7 +1019,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.6.7, which was +It was created by sudo $as_me 1.6.7p2, which was generated by GNU Autoconf 2.57. Invocation command line was $ $0 $@ @@ -1357,8 +1357,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h pathnames.h" -{ echo "$as_me:$LINENO: Configuring Sudo version 1.6.7" >&5 -echo "$as_me: Configuring Sudo version 1.6.7" >&6;} +{ echo "$as_me:$LINENO: Configuring Sudo version 1.6.7p2" >&5 +echo "$as_me: Configuring Sudo version 1.6.7p2" >&6;} @@ -8285,6 +8285,150 @@ fi done + +for ac_header in err.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc in + yes:no ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------ ## +## Report this to bug-autoconf@gnu.org. ## +## ------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; + no:yes ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------ ## +## Report this to bug-autoconf@gnu.org. ## +## ------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +else + LIBOBJS="$LIBOBJS err.$ac_objext" +fi + +done + if test "$OS" != "ultrix"; then echo "$as_me:$LINENO: checking POSIX termios" >&5 echo $ECHO_N "checking POSIX termios... $ECHO_C" >&6 @@ -12488,6 +12632,147 @@ fi fi +for ac_func in getprogname +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +else + + echo "$as_me:$LINENO: checking for __progname" >&5 +echo $ECHO_N "checking for __progname... $ECHO_C" >&6 + if test "${sudo_cv___progname+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +extern char *__progname; (void)puts(__progname); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + sudo_cv___progname=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +sudo_cv___progname=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi + + if test "$sudo_cv___progname" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE___PROGNAME 1 +_ACEOF + + else + LIBOBJS="$LIBOBJS getprogname.$ac_objext" + fi + echo "$as_me:$LINENO: result: $sudo_cv___progname" >&5 +echo "${ECHO_T}$sudo_cv___progname" >&6 + +fi +done + if test -n "$with_kerb4"; then cat >>confdefs.h <<\_ACEOF @@ -13032,7 +13317,55 @@ fi AUTH_OBJS="${AUTH_OBJS} kerb4.o" fi -if test -n "$with_kerb5"; then +if test "$with_kerb5" = "yes"; then + # Extract the first word of "krb5-config", so it can be a program name with args. +set dummy krb5-config; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_KRB5CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$KRB5CONFIG"; then + ac_cv_prog_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_KRB5CONFIG="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_prog_KRB5CONFIG" && ac_cv_prog_KRB5CONFIG="""" +fi +fi +KRB5CONFIG=$ac_cv_prog_KRB5CONFIG +if test -n "$KRB5CONFIG"; then + echo "$as_me:$LINENO: result: $KRB5CONFIG" >&5 +echo "${ECHO_T}$KRB5CONFIG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + if test -n "$KRB5CONFIG"; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_KERB5 1 +_ACEOF + + AUTH_OBJS="${AUTH_OBJS} kerb5.o" + CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" + SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + fi +fi +if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then cat >>confdefs.h <<\_ACEOF #define HAVE_KERB5 1 @@ -14313,7 +14646,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by sudo $as_me 1.6.7, which was +This file was extended by sudo $as_me 1.6.7p2, which was generated by GNU Autoconf 2.57. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14373,7 +14706,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.6.7 +sudo config.status 1.6.7p2 configured by $0, generated by GNU Autoconf 2.57, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" @@ -14631,6 +14964,7 @@ s,@EGREP@,$EGREP,;t t s,@YACC@,$YACC,;t t s,@LIBOBJS@,$LIBOBJS,;t t s,@ALLOCA@,$ALLOCA,;t t +s,@KRB5CONFIG@,$KRB5CONFIG,;t t s,@LTLIBOBJS@,$LTLIBOBJS,;t t CEOF diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index d3229733538..bc67c458f3c 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -1,15 +1,15 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.378 2003/03/24 16:05:59 millert Exp $ +dnl $Sudo: configure.in,v 1.381 2003/04/02 18:45:35 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com> dnl -AC_INIT(sudo, 1.6.7) +AC_INIT(sudo, 1.6.7p2) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -AC_MSG_NOTICE([Configuring Sudo version 1.6.7]) +AC_MSG_NOTICE([Configuring Sudo version 1.6.7p2]) dnl dnl Variables that get substituted in the Makefile and man pages dnl @@ -1587,6 +1587,7 @@ dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) +AC_CHECK_HEADERS(err.h, , [AC_LIBOBJ(err)]) dnl ultrix termio/termios are broken if test "$OS" != "ultrix"; then AC_SYS_POSIX_TERMIOS @@ -1692,7 +1693,21 @@ dnl if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then AC_FUNC_ALLOCA fi - +dnl +dnl Check for getprogname() or __progname +dnl +AC_CHECK_FUNCS(getprogname, , [ + AC_MSG_CHECKING([for __progname]) + AC_CACHE_VAL(sudo_cv___progname, [ + AC_TRY_LINK(, [extern char *__progname; (void)puts(__progname);], + [sudo_cv___progname=yes], [sudo_cv___progname=no])]) + if test "$sudo_cv___progname" = "yes"; then + AC_DEFINE(HAVE___PROGNAME, 1, [Define if your crt0.o defines the __progname symbol for you.]) + else + AC_LIBOBJ(getprogname) + fi + AC_MSG_RESULT($sudo_cv___progname) +]) dnl dnl Kerberos IV dnl @@ -1755,8 +1770,18 @@ fi dnl dnl Kerberos V -dnl -if test -n "$with_kerb5"; then +dnl There is an easy way and a hard way... +dnl +if test "$with_kerb5" = "yes"; then + AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") + if test -n "$KRB5CONFIG"; then + AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.]) + AUTH_OBJS="${AUTH_OBJS} kerb5.o" + CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" + SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + fi +fi +if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.]) dnl dnl Use the specified directory, if any, else search for correct inc dir diff --git a/usr.bin/sudo/defaults.c b/usr.bin/sudo/defaults.c index 4621bbef9e1..8e5821a8c15 100644 --- a/usr.bin/sudo/defaults.c +++ b/usr.bin/sudo/defaults.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2001, 2003 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -55,12 +55,17 @@ # ifdef HAVE_UNISTD_H #include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <ctype.h> #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: defaults.c,v 1.38 2001/12/30 18:40:09 millert Exp $"; +static const char rcsid[] = "$Sudo: defaults.c,v 1.39 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* @@ -219,8 +224,7 @@ set_default(var, val, op) break; } if (!cur->name) { - (void) fprintf(stderr, - "%s: unknown defaults entry `%s' referenced near line %d\n", Argv[0], + warnx("unknown defaults entry `%s' referenced near line %d", var, sudolineno); return(FALSE); } @@ -229,12 +233,9 @@ set_default(var, val, op) case T_LOGFAC: if (!store_syslogfac(val, cur, op)) { if (val) - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); else - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } @@ -242,12 +243,9 @@ set_default(var, val, op) case T_LOGPRI: if (!store_syslogpri(val, cur, op)) { if (val) - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); else - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } @@ -255,12 +253,9 @@ set_default(var, val, op) case T_PWFLAG: if (!store_pwflag(val, cur, op)) { if (val) - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); else - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } @@ -269,22 +264,17 @@ set_default(var, val, op) if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!(cur->type & T_BOOL) || op != FALSE) { - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } } if ((cur->type & T_PATH) && val && *val != '/') { - (void) fprintf(stderr, - "%s: values for `%s' must start with a '/'\n", Argv[0], - var); + warnx("values for `%s' must start with a '/'", var); return(FALSE); } if (!store_str(val, cur, op)) { - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); return(FALSE); } break; @@ -292,16 +282,13 @@ set_default(var, val, op) if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!(cur->type & T_BOOL) || op != FALSE) { - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } } if (!store_int(val, cur, op)) { - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); return(FALSE); } break; @@ -309,16 +296,13 @@ set_default(var, val, op) if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!(cur->type & T_BOOL) || op != FALSE) { - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } } if (!store_uint(val, cur, op)) { - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); return(FALSE); } break; @@ -326,24 +310,20 @@ set_default(var, val, op) if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!(cur->type & T_BOOL) || op != FALSE) { - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } } if (!store_mode(val, cur, op)) { - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); return(FALSE); } break; case T_FLAG: if (val) { - (void) fprintf(stderr, - "%s: option `%s' does not take a value on line %d\n", - Argv[0], var, sudolineno); + warnx("option `%s' does not take a value on line %d", + var, sudolineno); return(FALSE); } cur->sd_un.flag = op; @@ -356,16 +336,13 @@ set_default(var, val, op) if (!val) { /* Check for bogus boolean usage or lack of a value. */ if (!(cur->type & T_BOOL) || op != FALSE) { - (void) fprintf(stderr, - "%s: no value specified for `%s' on line %d\n", Argv[0], + warnx("no value specified for `%s' on line %d", var, sudolineno); return(FALSE); } } if (!store_list(val, cur, op)) { - (void) fprintf(stderr, - "%s: value '%s' is invalid for option '%s'\n", Argv[0], - val, var); + warnx("value `%s' is invalid for option `%s'", val, var); return(FALSE); } } diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c index 4078ecde422..002c139df5e 100644 --- a/usr.bin/sudo/env.c +++ b/usr.bin/sudo/env.c @@ -56,13 +56,17 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> -#include <errno.h> #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: env.c,v 1.25 2003/03/15 20:31:01 millert Exp $"; +static const char rcsid[] = "$Sudo: env.c,v 1.26 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* @@ -113,7 +117,7 @@ static const char *initial_badenv_table[] = { #endif #ifdef HAVE_KERB4 "KRB_CONF*", - "KRBCONFDIR" + "KRBCONFDIR", "KRBTKFILE", #endif /* HAVE_KERB4 */ #ifdef HAVE_KERB5 @@ -223,9 +227,8 @@ format_env(var, val) if (strlcpy(estring, var, esize) >= esize || strlcat(estring, "=", esize) >= esize || strlcat(estring, val, esize) >= esize) { - (void) fprintf(stderr, "%s: internal error, format_env() overflow\n", - Argv[0]); - exit(1); + + errx(1, "internal error, format_env() overflow"); } return(estring); diff --git a/usr.bin/sudo/find_path.c b/usr.bin/sudo/find_path.c index 7288b6afa15..205bf77354c 100644 --- a/usr.bin/sudo/find_path.c +++ b/usr.bin/sudo/find_path.c @@ -56,12 +56,16 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ -#include <errno.h> +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: find_path.c,v 1.101 2003/03/15 20:31:02 millert Exp $"; +static const char rcsid[] = "$Sudo: find_path.c,v 1.102 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* @@ -84,10 +88,8 @@ find_path(infile, outfile, path) int checkdot = 0; /* check current dir? */ int len; /* length parameter */ - if (strlen(infile) >= MAXPATHLEN) { - (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile); - exit(1); - } + if (strlen(infile) >= MAXPATHLEN) + errx(1, "%s: File name too long", infile); /* * If we were given a fully qualified or relative path @@ -130,10 +132,8 @@ find_path(infile, outfile, path) * Resolve the path and exit the loop if found. */ len = snprintf(command, sizeof(command), "%s/%s", path, infile); - if (len <= 0 || len >= sizeof(command)) { - (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile); - exit(1); - } + if (len <= 0 || len >= sizeof(command)) + errx(1, "%s: File name too long", infile); if ((result = sudo_goodpath(command))) break; diff --git a/usr.bin/sudo/interfaces.c b/usr.bin/sudo/interfaces.c index f50a0c509cc..9f5c5cf8aa7 100644 --- a/usr.bin/sudo/interfaces.c +++ b/usr.bin/sudo/interfaces.c @@ -73,13 +73,16 @@ struct rtentry; #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <netdb.h> -#include <errno.h> #ifdef _ISC # include <sys/stream.h> # include <sys/sioctl.h> # include <sys/stropts.h> -# include <net/errno.h> # define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\ strioctl.ic_dp=(param);\ strioctl.ic_timout=0;\ @@ -99,7 +102,7 @@ struct rtentry; #include "interfaces.h" #ifndef lint -static const char rcsid[] = "$Sudo: interfaces.c,v 1.68 2003/03/15 20:31:02 millert Exp $"; +static const char rcsid[] = "$Sudo: interfaces.c,v 1.69 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ @@ -186,11 +189,8 @@ load_interfaces() #endif /* _ISC */ sock = socket(AF_INET, SOCK_DGRAM, 0); - if (sock < 0) { - (void) fprintf(stderr, "%s: cannot open socket: %s\n", - Argv[0], strerror(errno)); - exit(1); - } + if (sock < 0) + err(1, "cannot open socket"); /* * Get interface configuration or return (leaving num_interfaces == 0) @@ -324,5 +324,5 @@ dump_interfaces() puts("Local IP address and netmask pairs:"); for (i = 0; i < num_interfaces; i++) printf("\t%s / 0x%x\n", inet_ntoa(interfaces[i].addr), - ntohl(interfaces[i].netmask.s_addr)); + (unsigned int)ntohl(interfaces[i].netmask.s_addr)); } diff --git a/usr.bin/sudo/logging.c b/usr.bin/sudo/logging.c index 6bad51c48d0..429a00850ad 100644 --- a/usr.bin/sudo/logging.c +++ b/usr.bin/sudo/logging.c @@ -57,6 +57,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> #include <signal.h> #include <time.h> @@ -65,7 +70,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: logging.c,v 1.159 2003/03/24 21:09:27 millert Exp $"; +static const char rcsid[] = "$Sudo: logging.c,v 1.160 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -107,9 +112,9 @@ mysyslog(pri, fmt, va_alist) va_start(ap); #endif #ifdef LOG_NFACILITIES - openlog(Argv[0], 0, def_ival(I_LOGFAC)); + openlog("sudo", 0, def_ival(I_LOGFAC)); #else - openlog(Argv[0], 0); + openlog("sudo", 0); #endif vsnprintf(buf, sizeof(buf), fmt, ap); #ifdef BROKEN_SYSLOG @@ -400,10 +405,10 @@ log_error(va_alist) /* * Tell the user. */ - (void) fprintf(stderr, "%s: %s", Argv[0], message); if (flags & USE_ERRNO) - (void) fprintf(stderr, ": %s", strerror(serrno)); - (void) fputc('\n', stderr); + warn("%s", message); + else + warnx("%s", message); /* * Send a copy of the error via mail. @@ -459,18 +464,13 @@ send_mail(line) (void) sigaddset(&set, SIGCHLD); (void) sigprocmask(SIG_BLOCK, &set, &oset); - if (pipe(pfd) == -1) { - (void) fprintf(stderr, "%s: cannot open pipe: %s\n", - Argv[0], strerror(errno)); - exit(1); - } + if (pipe(pfd) == -1) + err(1, "cannot open pipe"); switch (pid = fork()) { case -1: /* Error. */ - (void) fprintf(stderr, "%s: cannot fork: %s\n", - Argv[0], strerror(errno)); - exit(1); + err(1, "cannot fork"); break; case 0: { diff --git a/usr.bin/sudo/mkinstalldirs b/usr.bin/sudo/mkinstalldirs index e3fda0ce98b..ce51f6ebbb0 100644 --- a/usr.bin/sudo/mkinstalldirs +++ b/usr.bin/sudo/mkinstalldirs @@ -4,7 +4,7 @@ # Created: 1993-05-16 # Public domain -# $Sudo: mkinstalldirs,v 1.4 2003/01/20 19:39:04 millert Exp $ +# $Sudo: mkinstalldirs,v 1.5 2003/04/03 15:16:22 millert Exp $ umask 022 errstatus=0 @@ -42,34 +42,6 @@ done for file do - if test -d "$file"; then - shift - else - break - fi -done - -case $# in - 0) exit 0 ;; -esac - -case $dirmode in - '') - if mkdir -p -- . 2>/dev/null; then - echo "mkdir -p -- $*" - exec mkdir -p -- "$@" - fi - ;; - *) - if mkdir -m "$dirmode" -p -- . 2>/dev/null; then - echo "mkdir -m $dirmode -p -- $*" - exec mkdir -m "$dirmode" -p -- "$@" - fi - ;; -esac - -for file -do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c index a30a70b1eea..9e9df1eff6a 100644 --- a/usr.bin/sudo/parse.c +++ b/usr.bin/sudo/parse.c @@ -60,7 +60,7 @@ #endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include <fnmatch.h> -#endif /* HAVE_FNMATCH_H */ +#endif /* HAVE_FNMATCH */ #ifdef HAVE_NETGROUP_H # include <netgroup.h> #endif /* HAVE_NETGROUP_H */ @@ -96,7 +96,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.c,v 1.140 2003/03/15 20:31:02 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.c,v 1.141 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index d053eabadb6..96eaba5f114 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -35,7 +35,7 @@ * with this distribution. */ -#define _SUDO_SUDO_C +#define _SUDO_MAIN #include "config.h" @@ -69,6 +69,11 @@ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <pwd.h> #include <errno.h> #include <fcntl.h> @@ -98,14 +103,14 @@ #include "version.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.335 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* * Prototypes */ static int init_vars __P((int)); -static int parse_args __P((void)); +static int parse_args __P((int, char **)); static void check_sudoers __P((void)); static void initial_setup __P((void)); static void set_loginclass __P((struct passwd *)); @@ -121,13 +126,11 @@ extern struct passwd *sudo_getpwuid __P((uid_t)); /* * Globals */ -int Argc; -char **Argv; -int NewArgc = 0; -char **NewArgv = NULL; +int Argc, NewArgc; +char **Argv, **NewArgv; struct sudo_user sudo_user; struct passwd *auth_pw; -FILE *sudoers_fp = NULL; +FILE *sudoers_fp; struct interface *interfaces; int num_interfaces; int tgetpass_flags; @@ -161,9 +164,12 @@ main(argc, argv, envp) extern int printmatches; extern char **environ; + Argc = argc; + Argv = argv; + /* Must be done as the first thing... */ #if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS) - (void) set_auth_parameters(argc, argv); + (void) set_auth_parameters(Argc, Argv); # ifdef HAVE_INITPRIVS initprivs(); # endif @@ -172,13 +178,8 @@ main(argc, argv, envp) /* Zero out the environment. */ environ = zero_env(envp); - Argv = argv; - Argc = argc; - - if (geteuid() != 0) { - (void) fprintf(stderr, "Sorry, %s must be setuid root.\n", Argv[0]); - exit(1); - } + if (geteuid() != 0) + errx(1, "must be setuid root"); /* * Signal setup: @@ -202,7 +203,7 @@ main(argc, argv, envp) setpwent(); /* Parse our arguments. */ - sudo_mode = parse_args(); + sudo_mode = parse_args(Argc, Argv); /* Setup defaults data structures. */ init_defaults(); @@ -322,7 +323,7 @@ main(argc, argv, envp) if (user_uid == 0 && !def_flag(I_ROOT_SUDO)) { (void) fprintf(stderr, "Sorry, %s has been configured to not allow root to run it.\n", - Argv[0]); + getprogname()); exit(1); } @@ -360,11 +361,10 @@ main(argc, argv, envp) if (validated & VALIDATE_OK) { /* Finally tell the user if the command did not exist. */ if (cmnd_status == NOT_FOUND_DOT) { - (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], user_cmnd, user_cmnd, user_cmnd); + warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); exit(1); } else if (cmnd_status == NOT_FOUND) { - (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0], - user_cmnd); + warnx("%s: command not found", user_cmnd); exit(1); } @@ -420,8 +420,7 @@ main(argc, argv, envp) /* * If we got here then the exec() failed... */ - (void) fprintf(stderr, "%s: unable to exec %s: %s\n", - Argv[0], safe_cmnd, strerror(errno)); + warn("unable to execute %s", safe_cmnd); exit(127); } else if ((validated & FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { log_auth(validated, 1); @@ -438,10 +437,9 @@ main(argc, argv, envp) log_auth(validated, !(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND)); if (cmnd_status == NOT_FOUND) - (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0], - user_cmnd); + warnx("%s: command not found", user_cmnd); else if (cmnd_status == NOT_FOUND_DOT) - (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], user_cmnd, user_cmnd, user_cmnd); + warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd); } else { /* Just tell the user they are not allowed to run foo. */ log_auth(validated, 1); @@ -467,11 +465,8 @@ init_vars(sudo_mode) int nohostname, rval; /* Sanity check command from user. */ - if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) { - (void) fprintf(stderr, "%s: %s: Pathname too long\n", Argv[0], - NewArgv[0]); - exit(1); - } + if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) + errx(1, "%s: File name too long", NewArgv[0]); #ifdef HAVE_TZSET (void) tzset(); /* set the timezone if applicable */ @@ -554,8 +549,7 @@ init_vars(sudo_mode) if (!getcwd(user_cwd, sizeof(user_cwd))) { set_perms(PERM_ROOT); if (!getcwd(user_cwd, sizeof(user_cwd))) { - (void) fprintf(stderr, "%s: Can't get working directory!\n", - Argv[0]); + warnx("cannot get working directory"); (void) strlcpy(user_cwd, "unknown", sizeof(user_cwd)); } } else @@ -571,12 +565,10 @@ init_vars(sudo_mode) NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *)); if (user_shell && *user_shell) { NewArgv[0] = user_shell; - } else { - (void) fprintf(stderr, "%s: Unable to determine shell.", Argv[0]); - exit(1); - } + } else + errx(1, "unable to determine shell"); - /* copy the args from Argv */ + /* copy the args from NewArgv */ for (dst = NewArgv + 1; (*dst = *src) != NULL; ++src, ++dst) ; } @@ -613,11 +605,8 @@ init_vars(sudo_mode) user_args = (char *) emalloc(size); for (to = user_args, from = NewArgv + 1; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); - if (n >= size - (to - user_args)) { - (void) fprintf(stderr, - "%s: internal error, init_vars() overflow\n", Argv[0]); - exit(1); - } + if (n >= size - (to - user_args)) + errx(1, "internal error, init_vars() overflow"); to += n; *to++ = ' '; } @@ -633,13 +622,15 @@ init_vars(sudo_mode) * Command line argument parsing, can't use getopt(3). */ static int -parse_args() +parse_args(argc, argv) + int argc; + char **argv; { int rval = MODE_RUN; /* what mode is sudo to be run in? */ int excl = 0; /* exclusive arg, no others allowed */ - NewArgv = Argv + 1; - NewArgc = Argc - 1; + NewArgv = argv + 1; + NewArgc = argc - 1; if (NewArgc == 0) { /* no options and no command */ rval |= (MODE_IMPLIED_SHELL | MODE_SHELL); @@ -647,11 +638,8 @@ parse_args() } while (NewArgc > 0 && NewArgv[0][0] == '-') { - if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') { - (void) fprintf(stderr, "%s: Please use single character options\n", - Argv[0]); - usage(1); - } + if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') + warnx("please use single character options"); switch (NewArgv[0][1]) { case 'p': @@ -661,7 +649,6 @@ parse_args() user_prompt = NewArgv[1]; - /* Shift Argv over and adjust Argc. */ NewArgc--; NewArgv++; break; @@ -672,7 +659,6 @@ parse_args() user_runas = &NewArgv[1]; - /* Shift Argv over and adjust Argc. */ NewArgc--; NewArgv++; break; @@ -684,7 +670,6 @@ parse_args() login_style = NewArgv[1]; - /* Shift Argv over and adjust Argc. */ NewArgc--; NewArgv++; break; @@ -698,7 +683,6 @@ parse_args() login_class = NewArgv[1]; def_flag(I_USE_LOGINCLASS) = TRUE; - /* Shift Argv over and adjust Argc. */ NewArgc--; NewArgv++; break; @@ -770,12 +754,10 @@ parse_args() rval |= (MODE_IMPLIED_SHELL | MODE_SHELL); return(rval); case '\0': - (void) fprintf(stderr, "%s: '-' requires an argument\n", - Argv[0]); + warnx("'-' requires an argument"); usage(1); default: - (void) fprintf(stderr, "%s: Illegal option %s\n", Argv[0], - NewArgv[0]); + warnx("illegal option `%s'", NewArgv[0]); usage(1); } NewArgc--; @@ -808,23 +790,17 @@ check_sudoers() (statbuf.st_mode & 0007777) == 0400) { if (chmod(_PATH_SUDOERS, SUDOERS_MODE) == 0) { - (void) fprintf(stderr, "%s: fixed mode on %s\n", - Argv[0], _PATH_SUDOERS); + warnx("fixed mode on %s", _PATH_SUDOERS); statbuf.st_mode |= SUDOERS_MODE; if (statbuf.st_gid != SUDOERS_GID) { if (!chown(_PATH_SUDOERS,(uid_t) -1,SUDOERS_GID)) { - (void) fprintf(stderr, "%s: set group on %s\n", - Argv[0], _PATH_SUDOERS); + warnx("set group on %s", _PATH_SUDOERS); statbuf.st_gid = SUDOERS_GID; - } else { - (void) fprintf(stderr,"%s: Unable to set group on %s: %s\n", - Argv[0], _PATH_SUDOERS, strerror(errno)); - } + } else + warn("unable to set group on %s", _PATH_SUDOERS); } - } else { - (void) fprintf(stderr, "%s: Unable to fix mode on %s: %s\n", - Argv[0], _PATH_SUDOERS, strerror(errno)); - } + } else + warn("unable to fix mode on %s", _PATH_SUDOERS); } /* @@ -945,11 +921,8 @@ set_loginclass(pw) errflags = NO_MAIL|MSG_ONLY|NO_EXIT; if (login_class && strcmp(login_class, "-") != 0) { - if (strcmp(*user_runas, "root") != 0 && user_uid != 0) { - (void) fprintf(stderr, "%s: only root can use -c %s\n", - Argv[0], login_class); - exit(1); - } + if (strcmp(*user_runas, "root") != 0 && user_uid != 0) + errx(1, "only root can use -c %s", login_class); } else { login_class = pw->pw_class; if (!login_class || !*login_class) diff --git a/usr.bin/sudo/sudo.h b/usr.bin/sudo/sudo.h index 406d22a9e94..9b92f56458d 100644 --- a/usr.bin/sudo/sudo.h +++ b/usr.bin/sudo/sudo.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo.h,v 1.192 2003/03/15 20:31:02 millert Exp $ + * $Sudo: sudo.h,v 1.193 2003/04/02 18:25:19 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -236,12 +236,10 @@ int pam_prep_user __P((struct passwd *)); YY_DECL; /* Only provide extern declarations outside of sudo.c. */ -#ifndef _SUDO_SUDO_C +#ifndef _SUDO_MAIN extern struct sudo_user sudo_user; extern struct passwd *auth_pw; -extern int Argc; -extern char **Argv; extern FILE *sudoers_fp; extern int tgetpass_flags; extern uid_t timestamp_uid; diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c index 4d6be8ea9f6..0797082e2d0 100644 --- a/usr.bin/sudo/testsudoers.c +++ b/usr.bin/sudo/testsudoers.c @@ -34,6 +34,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#define _SUDO_MAIN + #include "config.h" #include <sys/param.h> @@ -61,10 +63,15 @@ #endif /* HAVE_UNISTD_H */ #ifdef HAVE_FNMATCH # include <fnmatch.h> -#endif /* HAVE_FNMATCH_H */ +#endif /* HAVE_FNMATCH */ #ifdef HAVE_NETGROUP_H # include <netgroup.h> #endif /* HAVE_NETGROUP_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <ctype.h> #include <pwd.h> #include <grp.h> @@ -82,7 +89,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: testsudoers.c,v 1.80 2003/04/01 15:02:49 millert Exp $"; +static const char rcsid[] = "$Sudo: testsudoers.c,v 1.81 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ @@ -96,15 +103,15 @@ void set_perms_dummy __P((int)); /* * Globals */ -char **Argv, **NewArgv; int Argc, NewArgc; +char **Argv, **NewArgv; int parse_error = FALSE; int num_interfaces; struct interface *interfaces; struct sudo_user sudo_user; -void (*set_perms) __P((int)) = set_perms_dummy; extern int clearaliases; extern int pedantic; +void (*set_perms) __P((int)) = set_perms_dummy; /* * Returns TRUE if "s" has shell meta characters in it, @@ -361,7 +368,7 @@ main(argc, argv) NewArgc = Argc - 3; } else { (void) fprintf(stderr, - "usage: %s [-u user] <user> <host> <command> [args]\n", Argv[0]); + "usage: sudo [-u user] <user> <host> <command> [args]\n"); exit(1); } @@ -385,11 +392,8 @@ main(argc, argv) user_args = (char *) emalloc(size); for (to = user_args, from = NewArgv + 1; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); - if (n >= size - (to - user_args)) { - (void) fprintf(stderr, - "%s: internal error, init_vars() overflow\n", Argv[0]); - exit(1); - } + if (n >= size - (to - user_args)) + errx(1, "internal error, init_vars() overflow"); to += n; *to++ = ' '; } diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index a5b80a5d031..6fb72bff8a9 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -37,6 +37,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.7p1"; +static const char version[] = "1.6.7p2"; #endif /* _SUDO_VERSION_H */ diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c index faccead96d5..e7c1b3c83ae 100644 --- a/usr.bin/sudo/visudo.c +++ b/usr.bin/sudo/visudo.c @@ -36,6 +36,8 @@ * Lock the sudoers file for safe editing (ala vipw) and check for parse errors. */ +#define _SUDO_MAIN + #include "config.h" #include <sys/types.h> @@ -62,6 +64,11 @@ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_ERR_H +# include <err.h> +#else +# include "emul/err.h" +#endif /* HAVE_ERR_H */ #include <ctype.h> #include <pwd.h> #include <time.h> @@ -73,7 +80,7 @@ #include "version.h" #ifndef lint -static const char rcsid[] = "$Sudo: visudo.c,v 1.149 2003/03/15 20:31:02 millert Exp $"; +static const char rcsid[] = "$Sudo: visudo.c,v 1.150 2003/04/02 18:25:19 millert Exp $"; #endif /* lint */ /* @@ -135,10 +142,7 @@ main(argc, argv) /* Warn about aliases that are used before being defined. */ pedantic = 1; - /* - * Parse command line options - */ - Argv = argv; + Argv = argv; /* for warn/err */ /* * Arg handling. @@ -147,7 +151,7 @@ main(argc, argv) while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) { switch (ch) { case 'V': - (void) printf("visudo version %s\n", version); + (void) printf("%s version %s\n", getprogname(), version); exit(0); case 'c': checkonly++; /* check mode */ @@ -173,11 +177,8 @@ main(argc, argv) /* Mock up a fake sudo_user struct. */ user_host = user_shost = user_cmnd = ""; - if ((sudo_user.pw = getpwuid(getuid())) == NULL) { - (void) fprintf(stderr, "%s: Can't find you in the passwd database.\n", - Argv[0]); - exit(1); - } + if ((sudo_user.pw = getpwuid(getuid())) == NULL) + errx(1, "you don't exist in the passwd database"); /* Setup defaults data structures. */ init_defaults(); @@ -190,34 +191,23 @@ main(argc, argv) * sudoers_fd must remain open throughout in order to hold the lock. */ sudoers_fd = open(sudoers, O_RDWR | O_CREAT, SUDOERS_MODE); - if (sudoers_fd == -1) { - (void) fprintf(stderr, "%s: %s: %s\n", Argv[0], sudoers, - strerror(errno)); - exit(1); - } - if (!lock_file(sudoers_fd, SUDO_TLOCK)) { - (void) fprintf(stderr, "%s: sudoers file busy, try again later.\n", - Argv[0]); - exit(1); - } + if (sudoers_fd == -1) + err(1, "%s", sudoers); + if (!lock_file(sudoers_fd, SUDO_TLOCK)) + errx(1, "sudoers file busy, try again later"); #ifdef HAVE_FSTAT - if (fstat(sudoers_fd, &sudoers_sb) == -1) { + if (fstat(sudoers_fd, &sudoers_sb) == -1) #else - if (stat(sudoers, &sudoers_sb) == -1) { + if (stat(sudoers, &sudoers_sb) == -1) #endif - (void) fprintf(stderr, "%s: can't stat %s: %s\n", - Argv[0], sudoers, strerror(errno)); - exit(1); - } + err(1, "can't stat %s", sudoers); /* * Open sudoers temp file. */ stmp_fd = open(stmp, O_WRONLY | O_CREAT | O_TRUNC, 0600); - if (stmp_fd < 0) { - (void) fprintf(stderr, "%s: %s: %s\n", Argv[0], stmp, strerror(errno)); - exit(1); - } + if (stmp_fd < 0) + err(1, "%s", stmp); /* Install signal handlers to clean up stmp if we are killed. */ setup_signals(); @@ -225,11 +215,8 @@ main(argc, argv) /* Copy sudoers -> stmp and reset the mtime */ if (sudoers_sb.st_size) { while ((n = read(sudoers_fd, buf, sizeof(buf))) > 0) - if (write(stmp_fd, buf, n) != n) { - (void) fprintf(stderr, "%s: Write failed: %s\n", Argv[0], - strerror(errno)); - Exit(-1); - } + if (write(stmp_fd, buf, n) != n) + err(1, "write error"); /* Add missing newline at EOF if needed. */ if (n > 0 && buf[n - 1] != '\n') { @@ -270,9 +257,7 @@ main(argc, argv) } else { if (def_flag(I_ENV_EDITOR)) { /* If we are honoring $EDITOR this is a fatal error. */ - (void) fprintf(stderr, - "%s: specified editor (%s) doesn't exist!\n", - Argv[0], UserEditor); + warnx("specified editor (%s) doesn't exist!", UserEditor); Exit(-1); } else { /* Otherwise, just ignore $EDITOR. */ @@ -295,8 +280,7 @@ main(argc, argv) if (stat(UserEditor, &user_editor_sb) != 0) { /* Should never happen since we already checked above. */ - (void) fprintf(stderr, "%s: unable to stat editor (%s): %s\n", - Argv[0], UserEditor, strerror(errno)); + warn("unable to stat editor (%s)", UserEditor); Exit(-1); } EditorPath = estrdup(def_str(I_EDITOR)); @@ -344,8 +328,7 @@ main(argc, argv) /* Bleah, none of the editors existed! */ if (Editor == NULL || *Editor == '\0') { - (void) fprintf(stderr, "%s: no editor found (editor path = %s)\n", - Argv[0], def_str(I_EDITOR)); + warnx("no editor found (editor path = %s)", def_str(I_EDITOR)); Exit(-1); } } @@ -381,15 +364,13 @@ main(argc, argv) * Sanity checks. */ if (stat(stmp, &stmp_sb) < 0) { - (void) fprintf(stderr, - "%s: Can't stat temporary file (%s), %s unchanged.\n", - Argv[0], stmp, sudoers); + warnx("cannot stat temporary file (%s), %s unchanged", + stmp, sudoers); Exit(-1); } if (stmp_sb.st_size == 0) { - (void) fprintf(stderr, - "%s: Zero length temporary file (%s), %s unchanged.\n", - Argv[0], stmp, sudoers); + warnx("zero length temporary file (%s), %s unchanged", + stmp, sudoers); Exit(-1); } @@ -400,9 +381,8 @@ main(argc, argv) yyout = stdout; yyin = fopen(stmp, "r+"); if (yyin == NULL) { - (void) fprintf(stderr, - "%s: Can't re-open temporary file (%s), %s unchanged.\n", - Argv[0], stmp, sudoers); + warnx("can't re-open temporary file (%s), %s unchanged.", + stmp, sudoers); Exit(-1); } @@ -419,16 +399,13 @@ main(argc, argv) /* Parse the sudoers temp file */ yyrestart(yyin); if (yyparse() && parse_error != TRUE) { - (void) fprintf(stderr, - "%s: Failed to parse temporary file (%s), unknown error.\n", - Argv[0], stmp); + warnx("unabled to parse temporary file (%s), unknown error", + stmp); parse_error = TRUE; } fclose(yyin); } else { - (void) fprintf(stderr, - "%s: Editor (%s) failed, %s unchanged.\n", Argv[0], - Editor, sudoers); + warnx("editor (%s) failed, %s unchanged", Editor, sudoers); Exit(-1); } @@ -452,7 +429,7 @@ main(argc, argv) */ if (sudoers_sb.st_mtime != now && sudoers_sb.st_mtime == stmp_sb.st_mtime && sudoers_sb.st_size == stmp_sb.st_size) { - (void) fprintf(stderr, "%s: sudoers file unchanged.\n", Argv[0]); + warnx("sudoers file unchanged"); Exit(0); } @@ -461,15 +438,12 @@ main(argc, argv) * we move it to sudoers things are kosher. */ if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) { - (void) fprintf(stderr, - "%s: Unable to set (uid, gid) of %s to (%d, %d): %s\n", - Argv[0], stmp, SUDOERS_UID, SUDOERS_GID, strerror(errno)); + warn("unable to set (uid, gid) of %s to (%d, %d)", + stmp, SUDOERS_UID, SUDOERS_GID); Exit(-1); } if (chmod(stmp, SUDOERS_MODE)) { - (void) fprintf(stderr, - "%s: Unable to change mode of %s to %o: %s\n", - Argv[0], stmp, SUDOERS_MODE, strerror(errno)); + warn("unable to change mode of %s to 0%o", stmp, SUDOERS_MODE); Exit(-1); } @@ -480,9 +454,8 @@ main(argc, argv) */ if (rename(stmp, sudoers)) { if (errno == EXDEV) { - (void) fprintf(stderr, - "%s: %s and %s not on the same filesystem, using mv to rename.\n", - Argv[0], stmp, sudoers); + warnx("%s and %s not on the same filesystem, using mv to rename", + stmp, sudoers); /* Build up argument vector for the command */ if ((av[0] = strrchr(_PATH_MV, '/')) != NULL) @@ -495,14 +468,12 @@ main(argc, argv) /* And run it... */ if (run_command(_PATH_MV, av)) { - (void) fprintf(stderr, - "%s: Command failed: '%s %s %s', %s unchanged.\n", - Argv[0], _PATH_MV, stmp, sudoers, sudoers); + warnx("command failed: '%s %s %s', %s unchanged", + _PATH_MV, stmp, sudoers, sudoers); Exit(-1); } } else { - (void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: %s\n", - Argv[0], stmp, sudoers, strerror(errno)); + warn("error renaming %s, %s unchanged", stmp, sudoers); Exit(-1); } } @@ -637,15 +608,13 @@ run_command(path, argv) switch (pid = fork()) { case -1: - (void) fprintf(stderr, - "%s: unable to run %s: %s\n", Argv[0], path, strerror(errno)); + warn("unable to run %s", path); Exit(-1); break; /* NOTREACHED */ case 0: (void) sigprocmask(SIG_SETMASK, &oset, NULL); execv(path, argv); - (void) fprintf(stderr, - "%s: unable to run %s: %s\n", Argv[0], path, strerror(errno)); + warn("unable to run %s", path); _exit(127); break; /* NOTREACHED */ } @@ -669,17 +638,14 @@ check_syntax(quiet) if ((yyin = fopen(sudoers, "r")) == NULL) { if (!quiet) - (void) fprintf(stderr, "%s: unable to open %s: %s\n", Argv[0], - sudoers, strerror(errno)); + warn("unable to open %s", sudoers); exit(1); } yyout = stdout; init_parser(); if (yyparse() && parse_error != TRUE) { if (!quiet) - (void) fprintf(stderr, - "%s: failed to parse %s file, unknown error.\n", - Argv[0], sudoers); + warnx("failed to parse %s file, unknown error", sudoers); parse_error = TRUE; } if (!quiet){ @@ -707,7 +673,7 @@ Exit(sig) (void) unlink(stmp); if (sig > 0) { - write(STDERR_FILENO, Argv[0], strlen(Argv[0])); + write(STDERR_FILENO, getprogname(), strlen(getprogname())); write(STDERR_FILENO, emsg, sizeof(emsg) - 1); _exit(-sig); } @@ -718,6 +684,6 @@ static void usage() { (void) fprintf(stderr, "usage: %s [-c] [-f sudoers] [-q] [-s] [-V]\n", - Argv[0]); + getprogname()); exit(1); } |