diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1999-02-19 04:32:52 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1999-02-19 04:32:52 +0000 |
commit | a438a9f2983f4257e2892566a3717b64e3c01edf (patch) | |
tree | 2fa68a4162cebe6c7ae68aa68fd80d2314b57f9d /gnu/usr.bin | |
parent | edc084fcaab6c1e62c648b0d2975489634e77ff8 (diff) |
sudo 1.5.8
Diffstat (limited to 'gnu/usr.bin')
27 files changed, 543 insertions, 184 deletions
diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c index 0f3be189cdd..aa154058050 100644 --- a/gnu/usr.bin/sudo/sudo/check.c +++ b/gnu/usr.bin/sudo/sudo/check.c @@ -1,7 +1,8 @@ -/* $OpenBSD: check.c,v 1.13 1998/11/21 01:34:51 millert Exp $ */ +/* $OpenBSD: check.c,v 1.14 1999/02/19 04:32:49 millert Exp $ */ /* - * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.8 (based on Root Group sudo version 1.1) + * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This software comes with no waranty whatsoever, use at your own risk. * @@ -64,6 +65,9 @@ #ifdef HAVE_KERB4 # include <krb.h> #endif /* HAVE_KERB4 */ +#ifdef HAVE_KERB5 +# include <krb5.h> +#endif /* HAVE_KERB5 */ #ifdef HAVE_PAM # include <security/pam_appl.h> # include <security/pam_misc.h> @@ -83,6 +87,9 @@ #ifdef HAVE_OPIE # include <opie.h> #endif /* HAVE_OPIE */ +#ifdef HAVE_AUTHSRV +# include <firewall.h> +#endif #ifdef HAVE_UTIME # ifdef HAVE_UTIME_H # include <utime.h> @@ -96,7 +103,7 @@ #include "version.h" #ifndef lint -static const char rcsid[] = "$From: check.c,v 1.163 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.170 1999/02/07 00:43:24 millert Exp $"; #endif /* lint */ /* @@ -111,6 +118,10 @@ static char *expand_prompt __P((char *, char *, char *)); #ifdef HAVE_KERB4 static int sudo_krb_validate_user __P((struct passwd *, char *)); #endif /* HAVE_KERB4 */ +#ifdef HAVE_KERB5 +static int sudo_krb5_validate_user __P((struct passwd *, char *)); +static int verify_krb_v5_tgt __P((krb5_ccache)); +#endif /* HAVE_KERB5 */ #ifdef HAVE_PAM static void pam_attempt_auth __P((void)); #endif /* HAVE_PAM */ @@ -136,6 +147,11 @@ struct skey skey; #ifdef HAVE_OPIE struct opie opie; #endif +#ifdef HAVE_KERB5 +extern krb5_context sudo_context; +extern char *realm; +extern int xrealm; +#endif /* HAVE_KERB5 */ @@ -238,7 +254,7 @@ static int check_timestamp() if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s:%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name, p); exit(1); } @@ -410,11 +426,11 @@ void remove_timestamp() if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > sizeof(timestampfile)) { - (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + (void) fprintf(stderr, "%s: path too long: %s/%s:%s\n", Argv[0], _PATH_SUDO_TIMEDIR, user_name, p); exit(1); } - (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p); + (void) sprintf(timestampfile, "%s/%s:%s", _PATH_SUDO_TIMEDIR, user_name, p); #else if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 > sizeof(timestampfile)) { @@ -487,6 +503,90 @@ static void check_passwd() exit(1); } #else /* !HAVE_SECURID */ +#ifdef HAVE_AUTHSRV +static void check_passwd() +{ + char *pass; /* this is what gets entered */ + Cfg *confp; + + char cbuf[128]; + char ubuf[128], buf[128]; + register int counter = TRIES_FOR_PASSWORD; + + if ((confp = cfg_read("sudo")) == (Cfg *)-1) { + fprintf(stderr, "Cannot read config.\n"); + exit(1); + } + + /* Initialize Auth Client */ + auth_open(confp); + + /* get welcome message from auth server */ + if (auth_recv(buf, sizeof(buf))) { + sprintf(buf, "Lost connection to server"); + fprintf(stderr, "%s\n", buf); + exit(1); + } + + if (strncmp(buf, "Authsrv ready", 13)) { + fprintf(stderr, "Auth server error %s\n", buf); + auth_close(); + exit(1); + } + + /* + * you get TRIES_FOR_PASSWORD times to guess your password + */ + while (counter > 0) { + + sprintf(cbuf,"authorize %s sudo",user_name); + + auth_send(cbuf); + auth_recv(cbuf,sizeof(cbuf)); + + if (!strncmp(cbuf, "challenge ", 10)) { + sprintf(buf, "Challenge \"%s\": ", &cbuf[10]); + pass = GETPASS(buf, PASSWORD_TIMEOUT * 60); + } else if (!strncmp(cbuf, "password", 8)) { + pass = GETPASS(buf, PASSWORD_TIMEOUT * 60); + } else { + fprintf(stderr, "Server sent %s\n", cbuf); + auth_close(); + exit(1); + } + + sprintf(cbuf, "response '%s'", pass); + auth_send(cbuf); + auth_recv(cbuf, sizeof(cbuf)); + + if (!strncmp(cbuf, "ok", 2)) { + /* Success */ + /*inform_user(cbuf);*/ + set_perms(PERM_USER, 0); + auth_close(); + return; + } else { + fprintf(stderr, "Server returned %s\n", cbuf); + } + pass_warn(stderr); + --counter; /* otherwise, try again */ + } + + set_perms(PERM_USER, 0); + + auth_close(); + + if (counter > 0) { + log_error(PASSWORD_NOT_CORRECT); + inform_user(PASSWORD_NOT_CORRECT); + } else { + log_error(PASSWORDS_NOT_CORRECT); + inform_user(PASSWORDS_NOT_CORRECT); + } + exit(1); +} +#else /* !HAVE_AUTHSRV */ + static void check_passwd() { char *pass; /* this is what gets entered */ @@ -513,15 +613,11 @@ static void check_passwd() #ifdef HAVE_AUTHENTICATE /* use AIX authenticate() function */ -# ifdef USE_GETPASS - pass = (char *) getpass(prompt); -# else - pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60); -# endif /* USE_GETPASS */ + pass = GETPASS(buf, PASSWORD_TIMEOUT * 60); reenter = 1; if (authenticate(user_name, pass, &reenter, &message) == 0) return; /* valid password */ -#else +#else /* HAVE_AUTHENTICATE */ # ifdef HAVE_SKEY /* rewrite the prompt if using s/key since the challenge can change */ set_perms(PERM_ROOT, 0); @@ -536,24 +632,12 @@ static void check_passwd() # endif /* HAVE_OPIE */ /* get a password from the user */ -# ifdef USE_GETPASS -# ifdef HAVE_KERB4 +# if defined(HAVE_KERB4) && defined(USE_GETPASS) (void) des_read_pw_string(kpass, sizeof(kpass) - 1, prompt, 0); pass = kpass; -# else - pass = (char *) getpass(prompt); -# endif /* HAVE_KERB4 */ # else - pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60); -# endif /* USE_GETPASS */ - - /* Exit loop on nil password */ - if (!pass || *pass == '\0') { - if (counter == TRIES_FOR_PASSWORD) - exit(1); - else - break; - } + pass = (char *) GETPASS(prompt, PASSWORD_TIMEOUT * 60); +# endif /* HAVE_KERB4 */ # ifdef HAVE_SKEY /* Only check s/key db if the user exists there */ @@ -601,6 +685,11 @@ static void check_passwd() return; # endif /* HAVE_KERB4 */ +# ifdef HAVE_KERB5 + if (sudo_krb5_validate_user(user_pw_ent, pass) == 0) + return; +# endif /* HAVE_KERB5 */ + # ifdef HAVE_AFS if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user_name, /* name */ @@ -623,6 +712,14 @@ static void check_passwd() # endif /* !OTP_ONLY || (!HAVE_SKEY && !HAVE_OPIE) */ #endif /* HAVE_AUTHENTICATE */ + /* Exit loop on nil password, but give it a chance to match first. */ + if (!pass || *pass == '\0') { + if (counter == TRIES_FOR_PASSWORD) + exit(1); + else + break; + } + --counter; /* otherwise, try again */ pass_warn(stderr); } @@ -637,6 +734,7 @@ static void check_passwd() exit(1); } +#endif /* HAVE_AUTHSRV */ #endif /* HAVE_SECURID */ @@ -692,6 +790,150 @@ static int sudo_krb_validate_user(pw, pass) } #endif /* HAVE_KERB4 */ + +#ifdef HAVE_KERB5 +/******************************************************************** + * + * sudo_krb5_validate_user() + * + * Validate a user via Kerberos 5. We may lose a bit of memory, but it's + * OK since we're a short lived program. I'd rather do that than contort + * the code to handle the cleanup. + */ +static int sudo_krb5_validate_user(pw, pass) + struct passwd *pw; + char *pass; +{ + krb5_error_code retval; + krb5_principal princ; + krb5_creds creds; + krb5_ccache ccache; + char cache_name[64]; + char *princ_name; + krb5_get_init_creds_opt opts; + + /* Initialize */ + if (!sudo_context) + return -1; + krb5_get_init_creds_opt_init(&opts); + + princ_name = malloc(strlen(pw->pw_name) + strlen(realm) + 2); + if (!princ_name) { + (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); + exit(1); + } + + sprintf(princ_name, "%s@%s", pw->pw_name, realm); + if (retval = krb5_parse_name(sudo_context, princ_name, &princ)) + return retval; + + /* Set the ticket file to be in /tmp so we don't need to change perms. */ + (void) sprintf(cache_name, "FILE:/tmp/sudocc_%ld", getpid()); + if (retval = krb5_cc_resolve(sudo_context, cache_name, &ccache)) + return retval; + + if (retval = krb5_get_init_creds_password(sudo_context, &creds, princ, + pass, krb5_prompter_posix, NULL, + 0, NULL, &opts)) + return retval; + + /* Stash the TGT so we can verify it. */ + if (retval = krb5_cc_initialize(sudo_context, ccache, princ)) + return retval; + if (retval = krb5_cc_store_cred(sudo_context, ccache, &creds)) { + (void) krb5_cc_destroy(sudo_context, ccache); + return retval; + } + + retval = verify_krb_v5_tgt(ccache); + (void) krb5_cc_destroy(sudo_context, ccache); + return (retval == -1); +} + + +/* + * This routine with some modification is from the MIT V5B6 appl/bsd/login.c + * + * Verify the Kerberos ticket-granting ticket just retrieved for the + * user. If the Kerberos server doesn't respond, assume the user is + * trying to fake us out (since we DID just get a TGT from what is + * supposedly our KDC). If the host/<host> service is unknown (i.e., + * the local keytab doesn't have it), let her in. + * + * Returns 1 for confirmation, -1 for failure, 0 for uncertainty. + */ +static int verify_krb_v5_tgt(ccache) + krb5_ccache ccache; +{ + char phost[BUFSIZ]; + krb5_error_code retval; + krb5_principal princ; + krb5_keyblock * keyblock = 0; + krb5_data packet; + krb5_auth_context auth_context = NULL; + + packet.data = 0; + + /* + * Get the server principal for the local host. + * (Use defaults of "host" and canonicalized local name.) + */ + if (krb5_sname_to_principal(sudo_context, NULL, NULL, + KRB5_NT_SRV_HST, &princ)) + return -1; + + /* Extract the name directly. */ + strncpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ); + phost[BUFSIZ - 1] = '\0'; + + /* + * Do we have host/<host> keys? + * (use default keytab, kvno IGNORE_VNO to get the first match, + * and enctype is currently ignored anyhow.) + */ + if (retval = krb5_kt_read_service_key(sudo_context, NULL, princ, 0, + ENCTYPE_DES_CBC_MD5, &keyblock)) { + /* Keytab or service key does not exist */ + if (xrealm) + retval = -1; + else + retval = 0; + goto cleanup; + } + if (keyblock) + krb5_free_keyblock(sudo_context, keyblock); + + /* Talk to the kdc and construct the ticket. */ + retval = krb5_mk_req(sudo_context, &auth_context, 0, "host", phost, + NULL, ccache, &packet); + if (auth_context) { + krb5_auth_con_free(sudo_context, auth_context); + auth_context = NULL; /* setup for rd_req */ + } + if (retval) { + retval = -1; + goto cleanup; + } + + /* Try to use the ticket. */ + retval = krb5_rd_req(sudo_context, &auth_context, &packet, princ, + NULL, NULL, NULL); + if (retval) { + retval = -1; + } else { + retval = 1; + } + +cleanup: + if (packet.data) + krb5_free_data_contents(sudo_context, &packet); + krb5_free_principal(sudo_context, princ); + return retval; + +} +#endif /* HAVE_KERB5 */ + + #ifdef HAVE_PAM /******************************************************************** * pam_attempt_auth() diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h index 6d1b68572fc..7fcfa31df96 100644 --- a/gnu/usr.bin/sudo/sudo/compat.h +++ b/gnu/usr.bin/sudo/sudo/compat.h @@ -1,7 +1,8 @@ -/* $OpenBSD: compat.h,v 1.7 1998/11/21 01:34:51 millert Exp $ */ +/* $OpenBSD: compat.h,v 1.8 1999/02/19 04:32:49 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: compat.h,v 1.42 1998/10/21 23:50:10 millert Exp $ + * $Sudo: compat.h,v 1.45 1999/02/03 04:32:13 millert Exp $ */ #ifndef _SUDO_COMPAT_H diff --git a/gnu/usr.bin/sudo/sudo/config.h b/gnu/usr.bin/sudo/sudo/config.h index 3f67f2be97e..58037534b81 100644 --- a/gnu/usr.bin/sudo/sudo/config.h +++ b/gnu/usr.bin/sudo/sudo/config.h @@ -1,8 +1,9 @@ -/* $OpenBSD: config.h,v 1.6 1998/11/21 01:34:51 millert Exp $ */ +/* $OpenBSD: config.h,v 1.7 1999/02/19 04:32:49 millert Exp $ */ /* config.h. Generated automatically by configure. */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,7 +21,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: config.h.in,v 1.109 1998/11/18 20:31:25 millert Exp $ + * $Sudo: config.h.in,v 1.114 1999/02/03 04:32:13 millert Exp $ */ /* @@ -142,11 +143,6 @@ /* Define if you use Kerberos. */ /* #undef HAVE_KERB5 */ -/* Keberos v5 has v4 compatibility */ -#ifdef HAVE_KERB5 -# define HAVE_KERB4 -#endif /* HAVE_KERB5 */ - /* Define if you use SIA. */ /* #undef HAVE_SIA */ @@ -371,6 +367,9 @@ /* Define to the path of the editor visudo should use. */ #define EDITOR _PATH_VI +/* Define if root should not be allowed to use sudo. */ +/* #undef NO_ROOT_SUDO */ + /* Define to be the user that gets sudo mail. */ #define ALERTMAIL "root" @@ -390,16 +389,16 @@ #define LOGGING SLOG_SYSLOG /* Define to be the syslog facility to use. */ -#define LOGFAC LOG_AUTHPRIV +#define LOGFAC LOG_LOCAL2 /* Define to be the max chars per log line (for line wrapping). */ #define MAXLOGFILELEN 80 /* Define if you want to ignore '.' and '' in $PATH */ -/* #undef IGNORE_DOT_PATH */ +#define IGNORE_DOT_PATH 1 /* Define if you want "command not allowed" instead of "command not found" */ -#define DONT_LEAK_PATH_INFO 1 +/* #undef DONT_LEAK_PATH_INFO */ /* Define SHORT_MESSAGE for a short lecture or NO_MESSAGE for none. */ #define SHORT_MESSAGE 1 diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c index c4e87fdb310..a83aff04e83 100644 --- a/gnu/usr.bin/sudo/sudo/find_path.c +++ b/gnu/usr.bin/sudo/sudo/find_path.c @@ -1,7 +1,8 @@ -/* $OpenBSD: find_path.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: find_path.c,v 1.9 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -78,7 +79,7 @@ extern char *strdup __P((const char *)); #endif /* _S_IFLNK */ #ifndef lint -static const char rcsid[] = "$From: find_path.c,v 1.80 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: find_path.c,v 1.83 1999/02/03 04:32:14 millert Exp $"; #endif /* lint */ /******************************************************************* diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c index 79eabd20631..21b5fca059e 100644 --- a/gnu/usr.bin/sudo/sudo/getspwuid.c +++ b/gnu/usr.bin/sudo/sudo/getspwuid.c @@ -1,7 +1,8 @@ -/* $OpenBSD: getspwuid.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: getspwuid.c,v 1.9 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -72,7 +73,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$From: getspwuid.c,v 1.40 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: getspwuid.c,v 1.43 1999/02/03 04:32:14 millert Exp $"; #endif /* lint */ #ifndef STDC_HEADERS diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c index 31b9383df4b..1e282417528 100644 --- a/gnu/usr.bin/sudo/sudo/goodpath.c +++ b/gnu/usr.bin/sudo/sudo/goodpath.c @@ -1,7 +1,8 @@ -/* $OpenBSD: goodpath.c,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: goodpath.c,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -55,7 +56,7 @@ extern int stat __P((const char *, struct stat *)); #endif /* !STDC_HEADERS */ #ifndef lint -static const char rcsid[] = "$From: goodpath.c,v 1.26 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: goodpath.c,v 1.29 1999/02/03 04:32:14 millert Exp $"; #endif /* lint */ /****************************************************************** diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h index 449dca05245..d2ed9892f08 100644 --- a/gnu/usr.bin/sudo/sudo/ins_2001.h +++ b/gnu/usr.bin/sudo/sudo/ins_2001.h @@ -1,7 +1,8 @@ -/* $OpenBSD: ins_2001.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: ins_2001.h,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_2001.h,v 1.21 1998/09/17 16:27:03 millert Exp $ + * $Sudo: ins_2001.h,v 1.24 1999/02/03 04:32:14 millert Exp $ */ #ifndef _SUDO_INS_2001_H diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h index a1ed8cbe87d..585eb2fe3b9 100644 --- a/gnu/usr.bin/sudo/sudo/ins_classic.h +++ b/gnu/usr.bin/sudo/sudo/ins_classic.h @@ -1,7 +1,8 @@ -/* $OpenBSD: ins_classic.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: ins_classic.h,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_classic.h,v 1.21 1998/09/17 16:27:03 millert Exp $ + * $Sudo: ins_classic.h,v 1.24 1999/02/03 04:32:14 millert Exp $ */ #ifndef _SUDO_INS_CLASSIC_H diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h index a869990b644..16d062ba7c0 100644 --- a/gnu/usr.bin/sudo/sudo/ins_csops.h +++ b/gnu/usr.bin/sudo/sudo/ins_csops.h @@ -1,7 +1,8 @@ -/* $OpenBSD: ins_csops.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: ins_csops.h,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_csops.h,v 1.20 1998/09/17 16:27:04 millert Exp $ + * $Sudo: ins_csops.h,v 1.23 1999/02/03 04:32:14 millert Exp $ */ #ifndef _SUDO_INS_CSOPS_H diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h index 2b24f881d12..c4ddd4fe34a 100644 --- a/gnu/usr.bin/sudo/sudo/ins_goons.h +++ b/gnu/usr.bin/sudo/sudo/ins_goons.h @@ -1,7 +1,8 @@ -/* $OpenBSD: ins_goons.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: ins_goons.h,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: ins_goons.h,v 1.21 1998/09/17 16:27:04 millert Exp $ + * $Sudo: ins_goons.h,v 1.24 1999/02/03 04:32:15 millert Exp $ */ #ifndef _SUDO_INS_GOONS_H diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h index 7e4ba7816c4..4c9c00a516b 100644 --- a/gnu/usr.bin/sudo/sudo/insults.h +++ b/gnu/usr.bin/sudo/sudo/insults.h @@ -1,7 +1,8 @@ -/* $OpenBSD: insults.h,v 1.7 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: insults.h,v 1.8 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,7 +20,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: insults.h,v 1.35 1998/10/18 22:00:50 millert Exp $ + * $Sudo: insults.h,v 1.38 1999/02/03 04:32:15 millert Exp $ */ #ifndef _SUDO_INSULTS_H diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c index 84493a1d87e..be0af7db136 100644 --- a/gnu/usr.bin/sudo/sudo/interfaces.c +++ b/gnu/usr.bin/sudo/sudo/interfaces.c @@ -1,7 +1,8 @@ -/* $OpenBSD: interfaces.c,v 1.8 1998/12/07 21:32:39 millert Exp $ */ +/* $OpenBSD: interfaces.c,v 1.9 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -81,7 +82,7 @@ extern char *realloc __P((VOID *, size_t)); #endif /* !STDC_HEADERS && !__GNUC__ */ #ifndef lint -static const char rcsid[] = "$From: interfaces.c,v 1.46 1998/12/07 21:16:00 millert Exp $"; +static const char rcsid[] = "$Sudo: interfaces.c,v 1.49 1999/02/03 04:32:15 millert Exp $"; #endif /* lint */ /* diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c index 89cb8fb8289..e8064a43632 100644 --- a/gnu/usr.bin/sudo/sudo/logging.c +++ b/gnu/usr.bin/sudo/sudo/logging.c @@ -1,7 +1,8 @@ -/* $OpenBSD: logging.c,v 1.8 1998/11/21 01:34:52 millert Exp $ */ +/* $OpenBSD: logging.c,v 1.9 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.8 (based on Root Group sudo version 1.1) + * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This software comes with no waranty whatsoever, use at your own risk. * @@ -69,7 +70,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$From: logging.c,v 1.106 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: logging.c,v 1.110 1999/02/03 04:32:15 millert Exp $"; #endif /* lint */ /* @@ -290,6 +291,12 @@ void log_error(code) tty, cwd, runas_user); break; +#ifdef HAVE_KERB5 + case GLOBAL_KRB5_INIT_ERR: + (void) sprintf(p, "Could not initialize Kerberos V"); + break; +#endif /* HAVE_KERB5 */ + default: strcat(p, "found a weird error : "); break; diff --git a/gnu/usr.bin/sudo/sudo/options.h b/gnu/usr.bin/sudo/sudo/options.h index f6a06dce073..62f2b31e55d 100644 --- a/gnu/usr.bin/sudo/sudo/options.h +++ b/gnu/usr.bin/sudo/sudo/options.h @@ -1,4 +1,6 @@ -/* $OpenBSD: options.h,v 1.10 1998/09/15 02:42:44 millert Exp $ */ +/* $OpenBSD: options.h,v 1.11 1999/02/19 04:32:50 millert Exp $ */ + +/* $OpenBSD: options.h,v 1.11 1999/02/19 04:32:50 millert Exp $ */ /* * CU sudo version 1.5.6 diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c index 3e87ffd8a86..06c08981e1d 100644 --- a/gnu/usr.bin/sudo/sudo/parse.c +++ b/gnu/usr.bin/sudo/sudo/parse.c @@ -1,7 +1,8 @@ -/* $OpenBSD: parse.c,v 1.9 1998/11/21 01:34:53 millert Exp $ */ +/* $OpenBSD: parse.c,v 1.10 1999/02/19 04:32:50 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -83,7 +84,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$From: parse.c,v 1.97 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.c,v 1.100 1999/02/03 04:32:15 millert Exp $"; #endif /* lint */ /* diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex index 8ed78e5259e..0c6cf71dae3 100644 --- a/gnu/usr.bin/sudo/sudo/parse.lex +++ b/gnu/usr.bin/sudo/sudo/parse.lex @@ -1,8 +1,7 @@ %{ -/* $OpenBSD: parse.lex,v 1.7 1998/11/21 01:34:53 millert Exp $ */ - /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -49,7 +48,7 @@ #include "sudo.tab.h" #ifndef lint -static const char rcsid[] = "$From: parse.lex,v 1.82 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.lex,v 1.85 1999/02/03 04:32:16 millert Exp $"; #endif /* lint */ #undef yywrap /* guard against a yywrap macro */ diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc index ea68760b2ce..fa3960b8798 100644 --- a/gnu/usr.bin/sudo/sudo/parse.yacc +++ b/gnu/usr.bin/sudo/sudo/parse.yacc @@ -1,8 +1,8 @@ %{ -/* $OpenBSD: parse.yacc,v 1.11 1998/11/21 01:34:53 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -63,7 +63,7 @@ #endif /* !HAVE_STRCASECMP */ #ifndef lint -static const char rcsid[] = "$From: parse.yacc,v 1.122 1998/11/20 19:26:16 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.yacc,v 1.127 1999/02/11 06:41:31 millert Exp $"; #endif /* lint */ /* @@ -148,10 +148,10 @@ void yyerror(s) { /* save the line the first error occured on */ if (errorlineno == -1) - errorlineno = sudolineno - 1; + errorlineno = sudolineno ? sudolineno - 1 : 0; #ifndef TRACELEXER (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, - sudolineno - 1); + sudolineno ? sudolineno - 1 : 0); #else (void) fprintf(stderr, "<*> "); #endif @@ -511,7 +511,7 @@ cmndalias : ALIAS { in_alias = TRUE; /* Allocate space for ga_list if necesary. */ expand_ga_list(); - if (!(ga_list[ga_list_len-1].alias = strdup($1))){ + if (!(ga_list[ga_list_len-1].alias = (char *) strdup($1))){ (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -544,7 +544,7 @@ runasalias : ALIAS { in_alias = TRUE; /* Allocate space for ga_list if necesary. */ expand_ga_list(); - if (!(ga_list[ga_list_len-1].alias = strdup($1))){ + if (!(ga_list[ga_list_len-1].alias = (char *) strdup($1))){ (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h index cd21b73cfed..bff7ae3d7c1 100644 --- a/gnu/usr.bin/sudo/sudo/pathnames.h +++ b/gnu/usr.bin/sudo/sudo/pathnames.h @@ -1,8 +1,9 @@ -/* $OpenBSD: pathnames.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */ +/* $OpenBSD: pathnames.h,v 1.8 1999/02/19 04:32:51 millert Exp $ */ /* pathnames.h. Generated automatically by configure. */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,7 +21,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: pathnames.h.in,v 1.34 1998/09/20 23:10:04 millert Exp $ + * $Sudo: pathnames.h.in,v 1.37 1999/02/03 04:32:16 millert Exp $ */ /* diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8 index 23e3cfecdcf..68aba170d85 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.8 +++ b/gnu/usr.bin/sudo/sudo/sudo.8 @@ -1,14 +1,14 @@ .rn '' }` -''' $OpenBSD: sudo.8,v 1.8 1999/02/17 13:02:06 espie Exp $ +''' $OpenBSD: sudo.8,v 1.9 1999/02/19 04:32:51 millert Exp $ ''' -''' $RCSfile: sudo.8,v $$Revision: 1.8 $$Date: 1999/02/17 13:02:06 $ +''' $RCSfile: sudo.8,v $$Revision: 1.9 $$Date: 1999/02/19 04:32:51 $ ''' ''' $Log: sudo.8,v $ -''' Revision 1.8 1999/02/17 13:02:06 espie -''' Grammar +''' Revision 1.9 1999/02/19 04:32:51 millert +''' sudo 1.5.8 ''' -''' Revision 1.7 1998/11/21 01:34:53 millert -''' sudo 1.5.7 +''' Revision 1.30 1999/02/17 16:40:55 millert +''' fix grammar; espie@openbsd.org ''' ''' .de Sh @@ -101,7 +101,7 @@ .nr % 0 .rr F .\} -.TH sudo 8 "1.5.7" "5/Nov/98" "MAINTENANCE COMMANDS" +.TH sudo 8 "1.5.8" "17/Feb/99" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na @@ -199,7 +199,7 @@ sudo \- execute a command as the superuser .SH "SYNOPSIS" \fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-s\fR | \fB\-H\fR | -[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR +[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR .SH "DESCRIPTION" \fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the superuser (real and effective uid and gid are set @@ -208,7 +208,7 @@ to \f(CW0\fR and root's group as set in the passwd file respectively). \fBsudo\fR determines who is an authorized user by consulting the file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user can update the time stamp without running a \fIcommand.\fR -The password prompt itself will also time out if the password is +The password prompt itself will also time out if the user's password is not entered with N minutes (again, this is defined at installation time and defaults to 5 minutes). .PP @@ -230,19 +230,24 @@ The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print the version of \fBsudo\fR and a usage message before exiting. .Ip "-v" 4 If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the -user's timestamp file, prompting for a password if necessary. +user's timestamp file, prompting for the user's password if necessary. This extends the \fBsudo\fR timeout to for another N minutes (where N is defined at installation time and defaults to 5 minutes) but does not run a command. .Ip "-k" 4 The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp -file, thus requiring a password the next time \fBsudo\fR is run. +file, thus requiring the user's password the next time \fBsudo\fR is run. This option does not require a password and was added to allow a user to revoke \fBsudo\fR permissions from a .logout file. .Ip "-b" 4 The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given command in the background. Note that if you use the \f(CW-b\fR option you cannot use shell job control to manipulate the command. +.Ip "-r" 4 +The \f(CW-r\fR (\fIrealm\fR) option is only available if \fBsudo\fR was configured +with \fBKerberos\fR version 5 support. It allows the user to specify a +\fBKerberos\fR realm other than the system default to use when authenticating +the user via \fBKerberos\fR. .Ip "-p" 4 The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default password prompt and use a custom one. If the password prompt @@ -266,62 +271,58 @@ The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command line arguments. It is most useful in conjunction with the \f(CW-s\fR flag. .SH "RETURN VALUES" \fBsudo\fR quits with an exit value of 1 if there is a -configuration/permission problem or if \fBsudo\fR cannot execute -the given command. In the latter case the error string is -printed to stderr via \fIperror\fR\|(3). If \fBsudo\fR cannot \fIstat\fR\|(2) -one or more entries in the user's PATH the error is printed -on stderr via \fIperror\fR\|(3). (If the directory does not exist -or if it is not really a directory, the entry is ignored and -no error is printed.) This should not happen under normal -circumstances. The most common reason for \fIstat\fR\|(3) to return -\*(L"permission denied\*(R" is if you are running an automounter and -one of the directories in your PATH is on a machine that is -currently unreachable. +configuration/permission problem or if \fBsudo\fR cannot execute the +given command. In the latter case the error string is printed to +stderr via \fIperror\fR\|(3). If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries +in the user's PATH the error is printed on stderr via \fIperror\fR\|(3). +(If the directory does not exist or if it is not really a directory, +the entry is ignored and no error is printed.) This should not +happen under normal circumstances. The most common reason for +\fIstat\fR\|(3) to return \*(L"permission denied\*(R" is if you are running an +automounter and one of the directories in your PATH is on a machine +that is currently unreachable. .SH "SECURITY NOTES" -\fBsudo\fR tries to be safe when executing external commands. -Variables that control how dynamic loading and binding is -done can be used to subvert the program that \fBsudo\fR runs. -To combat this the \f(CWLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), -\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environment variables are -removed from the environment passed on to all commands executed. -\fBsudo\fR will also remove the \f(CWIFS\fR, \f(CWENV\fR, \f(CWBASH_ENV\fR -and \f(CWKRB_CONF\fR variables as they too can pose a threat. +\fBsudo\fR tries to be safe when executing external commands. Variables +that control how dynamic loading and binding is done can be used +to subvert the program that \fBsudo\fR runs. To combat this the +\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX +only) environment variables are removed from the environment passed +on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR, +\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR and \f(CWKRB5_CONFIG\fR variables as +they too can pose a threat. .PP -To prevent command spoofing, \fBsudo\fR checks "." and "" (both -denoting current directory) last when searching for a command -in the user's PATH (if one or both are in the PATH). -Note, however, that the actual PATH environment variable -is \fInot\fR modified and is passed unchanged to the program that -\fBsudo\fR executes. +To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting +current directory) last when searching for a command in the user's +PATH (if one or both are in the PATH). Note, however, that the +actual PATH environment variable is \fInot\fR modified and is passed +unchanged to the program that \fBsudo\fR executes. .PP -For security reasons, if your OS supports shared libraries, -\fBsudo\fR should always be statically linked unless the -dynamic loader disables user-defined library search paths -for setuid programs. (Most modern dynamic loaders do this.) +For security reasons, if your OS supports shared libraries, \fBsudo\fR +should always be statically linked unless the dynamic loader disables +user-defined library search paths for setuid programs. (Most modern +dynamic loaders do this.) .PP \fBsudo\fR will check the ownership of its timestamp directory -(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore -the directory's contents if it is not owned by root and -only read, writable, and executable by root. On systems -that allow users to give files away to root (via chown), -if the timestamp directory is located in a directory writable -by anyone (ie: \fI/tmp\fR), it is possible for a user to create -the timestamp directory before \fBsudo\fR is run. -However, because \fBsudo\fR checks the ownership and mode of -the directory, the only damage that can be done is to \*(L"hide\*(R" -files by putting them in the timestamp dir. This is unlikely -to happen since once the timestamp dir is owned by root and -inaccessible by any other user the user placing files there -would be unable to get them back out. To get around this -issue you can use a directory that is not world-writable -for the timestamps (\fI/var/adm/sudo\fR for instance). +(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the +directory's contents if it is not owned by root and only read, +writable, and executable by root. On systems that allow users to +give files away to root (via chown), if the timestamp directory is +located in a directory writable by anyone (ie: \fI/tmp\fR), it is +possible for a user to create the timestamp directory before \fBsudo\fR +is run. However, because \fBsudo\fR checks the ownership and mode of +the directory, the only damage that can be done is to \*(L"hide\*(R" files +by putting them in the timestamp dir. This is unlikely to happen +since once the timestamp dir is owned by root and inaccessible by +any other user the user placing files there would be unable to get +them back out. To get around this issue you can use a directory +that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for +instance). .PP -\f(CWsudo\fR will not honor timestamp files set far in the -future. Timestamp files with a date greater than -current_time + 2 * \f(CWTIMEOUT\fR will be ignored and -sudo will log the anomaly. This is done to keep a user -from creating his/her own timestamp file with a bogus -date. +\f(CWsudo\fR will not honor timestamp files set far in the future. +Timestamp files with a date greater than current_time + 2 * \f(CWTIMEOUT\fR +will be ignored and sudo complain about a \*(L"preposterous stampfile +date\*(R". This is done to keep a user from creating his/her own +timestamp file with a bogus date. .SH "FILES" .PP .Vb 1 @@ -402,6 +403,8 @@ that make setuid shell scripts unsafe on some operating systems. .IX Item "-b" +.IX Item "-r" + .IX Item "-p" .IX Item "-u" diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c index d7dd2a44888..0802c519b91 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.c +++ b/gnu/usr.bin/sudo/sudo/sudo.c @@ -1,7 +1,8 @@ -/* $OpenBSD: sudo.c,v 1.11 1998/11/21 01:34:53 millert Exp $ */ +/* $OpenBSD: sudo.c,v 1.12 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.8 (based on Root Group sudo version 1.1) + * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This software comes with no waranty whatsoever, use at your own risk. * @@ -83,6 +84,9 @@ #ifdef HAVE_DCE #include <pthread.h> #endif /* HAVE_DCE */ +#ifdef HAVE_KERB5 +#include <krb5.h> +#endif /* HAVE_KERB5 */ #include "sudo.h" #include "version.h" @@ -98,7 +102,7 @@ extern char *getenv __P((char *)); #endif /* STDC_HEADERS */ #ifndef lint -static const char rcsid[] = "$From: sudo.c,v 1.213 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.219 1999/02/11 06:41:31 millert Exp $"; #endif /* lint */ @@ -147,6 +151,12 @@ static char *runas_homedir = NULL; extern struct interface *interfaces; extern int num_interfaces; extern int printmatches; +int arg_prompt = 0; /* was -p used? */ +#ifdef HAVE_KERB5 +krb5_context sudo_context = NULL; +char *realm = NULL; +int xrealm = 0; +#endif /* HAVE_KERB5 */ /* * Table of "bad" envariables to remove and len for strncmp() @@ -163,7 +173,10 @@ struct env_table badenv_table[] = { #endif /* _AIX */ #ifdef HAVE_KERB4 { "KRB_CONF", 8 }, -#endif +#endif /* HAVE_KERB4 */ +#ifdef HAVE_KERB5 + { "KRB5_CONFIG", 11 }, +#endif /* HAVE_KERB5 */ { "ENV=", 4 }, { "BASH_ENV=", 9 }, { (char *) NULL, 0 } @@ -181,7 +194,8 @@ int main(argc, argv) int argc; char **argv; { - int rtn, cmnd_status = FOUND; + int rtn, serrno; + int cmnd_status = FOUND; int sudo_mode = MODE_RUN; extern char ** environ; @@ -280,8 +294,10 @@ int main(argc, argv) rtn = check_sudoers(); /* check mode/owner on _PATH_SUDO_SUDOERS */ if (rtn != ALL_SYSTEMS_GO) { + serrno = errno; log_error(rtn); set_perms(PERM_FULL_USER, sudo_mode); + errno = serrno; inform_user(rtn); exit(1); } @@ -418,6 +434,10 @@ static void load_globals(sudo_mode) #ifdef FQDN struct hostent *h_ent; #endif /* FQDN */ +#ifdef HAVE_KERB5 + krb5_error_code retval; + char *lrealm; +#endif /* HAVE_KERB5 */ /* * Get a local copy of the user's struct passwd with the shadow password @@ -441,6 +461,38 @@ static void load_globals(sudo_mode) exit(1); } +#ifdef HAVE_KERB5 + if (retval = krb5_init_context(&sudo_context)) { + log_error(GLOBAL_KRB5_INIT_ERR); + inform_user(GLOBAL_KRB5_INIT_ERR); + exit(1); + } + krb5_init_ets(sudo_context); + + if (retval = krb5_get_default_realm(sudo_context, &lrealm)) { + log_error(GLOBAL_KRB5_INIT_ERR); + inform_user(GLOBAL_KRB5_INIT_ERR); + exit(1); + } + + if (realm) { + if (strcmp(realm, lrealm) != 0) + xrealm = 1; /* User supplied realm is not the system default */ + free(lrealm); + } else + realm = lrealm; + + if (!arg_prompt) { + p = malloc(strlen(user_name) + strlen(realm) + 17); + if (p == NULL) { + (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); + exit(1); + } + sprintf(p, "Password for %s@%s: ", user_name, realm); + prompt = p; + } +#endif /* HAVE_KERB5 */ + /* Set euid == user and ruid == root */ set_perms(PERM_ROOT, sudo_mode); set_perms(PERM_USER, sudo_mode); @@ -510,7 +562,7 @@ static void load_globals(sudo_mode) */ if ((p = strchr(host, '.'))) { *p = '\0'; - if ((shost = strdup(host)) == NULL) { + if ((shost = (char *) strdup(host)) == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -564,12 +616,26 @@ static int parse_args() usage(1); /* only one -? option allowed */ switch (NewArgv[0][1]) { +#ifdef HAVE_KERB5 + case 'r': + /* must have an associated realm */ + if (NewArgv[1] == NULL) + usage(1); + + realm = NewArgv[1]; + + /* shift Argv over and adjust Argc */ + NewArgc--; + NewArgv++; + break; +#endif /* HAVE_KERB5 */ case 'p': /* must have an associated prompt */ if (NewArgv[1] == NULL) usage(1); prompt = NewArgv[1]; + arg_prompt = 1; /* shift Argv over and adjust Argc */ NewArgc--; @@ -658,7 +724,13 @@ static int parse_args() static void usage(exit_val) int exit_val; { - (void) fprintf(stderr, "usage: %s -V | -h | -l | -v | -k | -H | [-b] [-p prompt] [-u username/#uid] -s | <command>\n", Argv[0]); + (void) fprintf(stderr, + "usage: %s -V | -h | -l | -v | -k | -H | [-b] [-p prompt] ", + Argv[0]); +#ifdef HAVE_KERB5 + (void) fprintf(stderr, "[-r realm] "); +#endif /* HAVE_KERB5 */ + (void) fprintf(stderr, "[-u username/#uid] -s | <command>\n"); exit(exit_val); } @@ -836,7 +908,7 @@ static int check_sudoers() */ set_perms(PERM_SUDOERS, 0); - if (lstat(_PATH_SUDO_SUDOERS, &statbuf) != 0 && rootstat != 0) + if (rootstat != 0 && lstat(_PATH_SUDO_SUDOERS, &statbuf) != 0) rtn = NO_SUDOERS_FILE; else if (!S_ISREG(statbuf.st_mode)) rtn = SUDOERS_NOT_FILE; diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h index beb860b4500..769252dc88d 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.h +++ b/gnu/usr.bin/sudo/sudo/sudo.h @@ -1,7 +1,8 @@ -/* $OpenBSD: sudo.h,v 1.7 1998/11/21 01:34:53 millert Exp $ */ +/* $OpenBSD: sudo.h,v 1.8 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.8 (based on Root Group sudo version 1.1) + * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This software comes with no waranty whatsoever, use at your own risk. * @@ -27,7 +28,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * - * $From: sudo.h,v 1.133 1998/11/08 20:56:52 millert Exp $ + * $Sudo: sudo.h,v 1.138 1999/02/07 00:43:24 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -165,6 +166,9 @@ struct generic_alias { #define BAD_STAMPDIR 0x0E #define BAD_STAMPFILE 0x0F #define BAD_ALLOCATION 0x10 +#ifdef HAVE_KERB5 +#define GLOBAL_KRB5_INIT_ERR ( 0x11 | GLOBAL_PROBLEM ) +#endif /* HAVE_KERB5 */ /* * Boolean values @@ -214,6 +218,15 @@ struct generic_alias { #define user_dir (user_pw_ent -> pw_dir) /* + * Use either tgetpass() or system getpass() + */ +#ifdef USE_GETPASS +#define GETPASS(p, t) getpass(p) +#else +#define GETPASS(p, t) tgetpass(p, t) +#endif + +/* * Function prototypes */ #define YY_DECL int yylex __P((void)) diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c index d5dbdee5097..de361c20dea 100644 --- a/gnu/usr.bin/sudo/sudo/sudo_setenv.c +++ b/gnu/usr.bin/sudo/sudo/sudo_setenv.c @@ -1,7 +1,8 @@ -/* $OpenBSD: sudo_setenv.c,v 1.7 1998/11/21 01:34:53 millert Exp $ */ +/* $OpenBSD: sudo_setenv.c,v 1.8 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -55,7 +56,7 @@ extern int setenv __P((char *, char *, int)); #endif /* !STDC_HEADERS */ #ifndef lint -static const char rcsid[] = "$From: sudo_setenv.c,v 1.30 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo_setenv.c,v 1.33 1999/02/03 04:32:17 millert Exp $"; #endif /* lint */ diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5 index 6c40a2dfad7..94ad0bb6df9 100644 --- a/gnu/usr.bin/sudo/sudo/sudoers.5 +++ b/gnu/usr.bin/sudo/sudo/sudoers.5 @@ -1,11 +1,14 @@ .rn '' }` -''' $OpenBSD: sudoers.5,v 1.7 1998/11/21 01:34:53 millert Exp $ +''' $OpenBSD: sudoers.5,v 1.8 1999/02/19 04:32:51 millert Exp $ ''' -''' $RCSfile: sudoers.5,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:53 $ +''' $RCSfile: sudoers.5,v $$Revision: 1.8 $$Date: 1999/02/19 04:32:51 $ ''' ''' $Log: sudoers.5,v $ -''' Revision 1.7 1998/11/21 01:34:53 millert -''' sudo 1.5.7 +''' Revision 1.8 1999/02/19 04:32:51 millert +''' sudo 1.5.8 +''' +''' Revision 1.5 1999/01/17 22:40:53 millert +''' crank version and regen files ''' ''' .de Sh @@ -98,7 +101,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.5.7" "17/Oct/98" "FILE FORMATS" +.TH sudoers 5 "1.5.8" "6/Feb/98" "FILE FORMATS" .UC .if n .hy 0 .if n .na diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c index 020f1df5e98..496045ee3f0 100644 --- a/gnu/usr.bin/sudo/sudo/tgetpass.c +++ b/gnu/usr.bin/sudo/sudo/tgetpass.c @@ -1,7 +1,8 @@ -/* $OpenBSD: tgetpass.c,v 1.12 1998/11/21 01:34:54 millert Exp $ */ +/* $OpenBSD: tgetpass.c,v 1.13 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -84,7 +85,7 @@ #endif /* TCSASOFT */ #ifndef lint -static const char rcsid[] = "$From: tgetpass.c,v 1.72 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: tgetpass.c,v 1.75 1999/02/03 04:32:18 millert Exp $"; #endif /* lint */ diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h index d24caab62ee..91c832f31ec 100644 --- a/gnu/usr.bin/sudo/sudo/version.h +++ b/gnu/usr.bin/sudo/sudo/version.h @@ -1,7 +1,8 @@ -/* $OpenBSD: version.h,v 1.8 1998/11/21 01:34:54 millert Exp $ */ +/* $OpenBSD: version.h,v 1.9 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,12 +20,12 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $From: version.h,v 1.47 1998/11/20 23:33:52 millert Exp $ + * $Sudo: version.h,v 1.50 1999/02/03 04:32:18 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.5.7"; +static const char version[] = "1.5.8"; #endif /* _SUDO_VERSION_H */ diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8 index 61d8166133a..388a879bf6a 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.8 +++ b/gnu/usr.bin/sudo/visudo/visudo.8 @@ -1,11 +1,14 @@ .rn '' }` -''' $OpenBSD: visudo.8,v 1.7 1998/11/21 01:34:54 millert Exp $ +''' $OpenBSD: visudo.8,v 1.8 1999/02/19 04:32:51 millert Exp $ ''' -''' $RCSfile: visudo.8,v $$Revision: 1.7 $$Date: 1998/11/21 01:34:54 $ +''' $RCSfile: visudo.8,v $$Revision: 1.8 $$Date: 1999/02/19 04:32:51 $ ''' ''' $Log: visudo.8,v $ -''' Revision 1.7 1998/11/21 01:34:54 millert -''' sudo 1.5.7 +''' Revision 1.8 1999/02/19 04:32:51 millert +''' sudo 1.5.8 +''' +''' Revision 1.4 1999/01/17 22:40:55 millert +''' crank version and regen files ''' ''' .de Sh @@ -98,7 +101,7 @@ .nr % 0 .rr F .\} -.TH visudo 8 "1.5.7" "17/Oct/98" "MAINTENANCE COMMANDS" +.TH visudo 8 "1.5.8" "17/Oct/98" "MAINTENANCE COMMANDS" .UC .if n .hy 0 .if n .na diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c index d88537cb660..a030d9bf037 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.c +++ b/gnu/usr.bin/sudo/visudo/visudo.c @@ -1,7 +1,8 @@ -/* $OpenBSD: visudo.c,v 1.9 1998/11/21 01:34:54 millert Exp $ */ +/* $OpenBSD: visudo.c,v 1.10 1999/02/19 04:32:51 millert Exp $ */ /* - * CU sudo version 1.5.7 + * CU sudo version 1.5.8 + * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -72,7 +73,7 @@ extern int stat __P((const char *, struct stat *)); #endif /* POSIX_SIGNALS && !SA_RESETHAND */ #ifndef lint -static const char rcsid[] = "$From: visudo.c,v 1.95 1998/11/18 04:16:13 millert Exp $"; +static const char rcsid[] = "$Sudo: visudo.c,v 1.98 1999/02/03 04:32:18 millert Exp $"; #endif /* lint */ /* |