sudo 1.5.2

32 files changed, 8665 insertions, 0 deletions

diff --git a/gnu/usr.bin/sudo/COPYING b/gnu/usr.bin/sudo/COPYING
new file mode 100644
index 00000000000..a43ea2126fb
--- /dev/null
+++ b/gnu/usr.bin/sudo/COPYING
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                          675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/gnu/usr.bin/sudo/Makefile b/gnu/usr.bin/sudo/Makefile
new file mode 100644
index 00000000000..7b76abe73aa
--- /dev/null
+++ b/gnu/usr.bin/sudo/Makefile
@@ -0,0 +1,5 @@
+#	$OpenBSD: Makefile,v 1.1 1996/10/14 05:14:41 millert Exp $
+
+SUBDIR+=sudo visudo
+
+.include <bsd.subdir.mk>
diff --git a/gnu/usr.bin/sudo/README b/gnu/usr.bin/sudo/README
new file mode 100644
index 00000000000..c73e4fbce4b
--- /dev/null
+++ b/gnu/usr.bin/sudo/README
@@ -0,0 +1,3 @@
+This is a minimal sudo distribution for OpenBSD.  You can get the
+full package at ftp://ftp.courtesan.com/pub/sudo/.  For info on
+sudo please see http://www.courtesan.com/courtesan/products/sudo/.
diff --git a/gnu/usr.bin/sudo/sudo/Makefile b/gnu/usr.bin/sudo/sudo/Makefile
new file mode 100644
index 00000000000..4770a031d76
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/Makefile
@@ -0,0 +1,41 @@
+#       $OpenBSD: Makefile,v 1.1 1996/10/14 05:14:43 millert Exp $
+
+PROG=	sudo
+MAN=	sudo.8 sudoers.5
+CFLAGS+=-I${.CURDIR} -I.
+SRCS=	check.c find_path.c getspwuid.c goodpath.c interfaces.c logging.c parse.c sudo.c sudo_setenv.c tgetpass.c y.tab.c lex.yy.c
+CLEANFILES+=y.tab.c y.tab.h lex.yy.c
+
+LDADD=  -lcompat
+DPADD=  ${LIBCOMPAT}
+
+.include <bsd.own.mk>   # For SKEY, KERBEROS and KERBEROS5
+
+.if defined(SKEY)
+CFLAGS+=-DHAVE_SKEY
+LDADD+= -lskey
+DPADD+= ${LIBSKEY}
+.endif
+
+.if defined(KERBEROS5)
+CFLAGS+= -DHAVE_KERB5
+LDADD+= -lkrb5 -lcrypto
+DPADD+= ${LIBKRB5} ${LIBCRYPTO}
+.elif defined(KERBEROS)
+CFLAGS+= -DHAVE_KERB4
+LDADD+= -lkrb -ldes
+DPADD+= ${LIBKRB} ${LIBDES}
+.endif
+
+BINOWN=	root
+BINMODE=4111
+BINDIR?=/usr/bin
+
+.include <bsd.prog.mk>
+
+lex.yy.c: parse.lex
+	rm -f lex.yy.c
+	$(LEX) ${.CURDIR}/parse.lex
+
+y.tab.c y.tab.h: parse.yacc
+	$(YACC) -d ${.CURDIR}/parse.yacc
diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c
new file mode 100644
index 00000000000..3c6373252f5
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/check.c
@@ -0,0 +1,860 @@
+/*
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
+ *
+ * This software comes with no waranty whatsoever, use at your own risk.
+ *
+ * Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ */
+
+/*
+ *  sudo version 1.1 allows users to execute commands as root
+ *  Copyright (C) 1991  The Root Group, Inc.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *******************************************************************
+ *
+ *  check.c
+ *
+ *  check_user() only returns if the user's timestamp file
+ *  is current or if they enter a correct password.
+ *
+ *  Jeff Nieusma  Thu Mar 21 22:39:07 MST 1991
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: check.c,v 1.1 1996/10/14 05:14:43 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <fcntl.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/file.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include <grp.h>
+#include "sudo.h"
+#include <options.h>
+#include "insults.h"
+#if (SHADOW_TYPE == SPW_SECUREWARE)
+#  ifdef __hpux
+#    include <hpsecurity.h>
+#  else
+#    include <sys/security.h>
+#  endif /* __hpux */
+#  include <prot.h>
+#endif /* SPW_SECUREWARE */
+#ifdef HAVE_KERB4
+#  include <krb.h>
+#endif /* HAVE_KERB4 */
+#ifdef HAVE_AFS
+#  include <afs/stds.h>
+#  include <afs/kautils.h>
+#endif /* HAVE_AFS */
+#ifdef HAVE_SECURID
+#  include <sdi_athd.h>
+#  include <sdconf.h>
+#  include <sdacmvls.h>
+#endif /* HAVE_SECURID */
+#ifdef HAVE_SKEY
+#  include <skey.h>
+#endif /* HAVE_SKEY */
+#ifdef HAVE_OPIE
+#  include <opie.h>
+#endif /* HAVE_OPIE */
+#ifdef HAVE_UTIME
+#  ifdef HAVE_UTIME_H
+#    include <utime.h>
+#  endif /* HAVE_UTIME_H */
+#else
+#  include "emul/utime.h"
+#endif /* HAVE_UTIME */
+
+
+/*
+ * Prototypes for local functions
+ */
+static int   check_timestamp		__P((void));
+static void  check_passwd		__P((void));
+static int   touch			__P((char *));
+static void  update_timestamp		__P((void));
+static void  reminder			__P((void));
+#ifdef HAVE_KERB4
+static int   sudo_krb_validate_user	__P((struct passwd *, char *));
+#endif /* HAVE_KERB4 */
+#ifdef HAVE_SKEY
+static char *sudo_skeyprompt		__P((struct skey *, char *));
+#endif /* HAVE_SKEY */
+#ifdef HAVE_OPIE
+static char *sudo_opieprompt		__P((struct opie *, char *));
+#endif /* HAVE_OPIE */
+int   user_is_exempt			__P((void));
+
+/*
+ * Globals
+ */
+static int   timedir_is_good;
+static char  timestampfile[MAXPATHLEN + 1];
+#ifdef HAVE_SECURID
+union config_record configure;
+#endif /* HAVE_SECURID */
+#ifdef HAVE_SKEY
+struct skey skey;
+#endif
+#ifdef HAVE_OPIE
+struct opie opie;
+#endif
+#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
+extern uchar_t crypt_type;
+#endif /* SPW_SECUREWARE && __alpha */
+
+
+
+/********************************************************************
+ *
+ *  check_user()
+ *
+ *  This function only returns if the user can successfully
+ *  verify who s/he is.  
+ */
+
+void check_user()
+{
+    register int rtn;
+    mode_t oldmask;
+
+    if (user_is_exempt())	/* some users don't need to enter a passwd */
+	return;
+
+    oldmask = umask(077);	/* make sure the timestamp files are private */
+
+    rtn = check_timestamp();
+    if (rtn && user_uid) {	/* if timestamp is not current... */
+#ifndef NO_MESSAGE
+	if (rtn == 2)
+	    reminder();		/* do the reminder if ticket file is new */
+#endif /* NO_MESSAGE */
+	check_passwd();
+    }
+
+    update_timestamp();
+    (void) umask(oldmask);	/* want a real umask to exec() the command */
+
+}
+
+
+
+/********************************************************************
+ *
+ *  user_is_exempt()
+ *
+ *  this function checks the user is exempt from supplying a password.
+ */
+
+int user_is_exempt()
+{
+#ifdef EXEMPTGROUP
+    struct group *grp;
+    char **gr_mem;
+
+    if ((grp = getgrnam(EXEMPTGROUP)) == NULL)
+	return(FALSE);
+
+    if (getgid() == grp->gr_gid)
+	return(TRUE);
+
+    for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
+	if (strcmp(user_name, *gr_mem) == 0)
+	    return(TRUE);
+    }
+
+    return(FALSE);
+#else
+    return(FALSE);
+#endif
+}
+
+
+
+/********************************************************************
+ *
+ *  check_timestamp()
+ *
+ *  this function checks the timestamp file.  If it is within
+ *  TIMEOUT minutes, no password will be required
+ */
+
+static int check_timestamp()
+{
+    register char *p;
+    struct stat statbuf;
+    register int timestamp_is_old = -1;
+    time_t now;
+
+#ifdef USE_TTY_TICKETS
+    if (p = strrchr(tty, '/'))
+	p++;
+    else
+	p = tty;
+
+    (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p);
+#else
+    (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
+#endif /* USE_TTY_TICKETS */
+
+    timedir_is_good = 1;	/* now there's an assumption for ya... */
+
+    /* become root */
+    set_perms(PERM_ROOT, 0);
+
+    /*
+     * walk through the path one directory at a time
+     */
+    for (p = timestampfile + 1; (p = strchr(p, '/')); *p++ = '/') {
+	*p = '\0';
+	if (stat(timestampfile, &statbuf) < 0) {
+	    if (strcmp(timestampfile, _PATH_SUDO_TIMEDIR))
+		(void) fprintf(stderr, "Cannot stat() %s\n", timestampfile);
+	    timedir_is_good = 0;
+	    *p = '/';
+	    break;
+	}
+    }
+
+    /*
+     * if all the directories are stat()able
+     */
+    if (timedir_is_good) {
+	/*
+	 * last component in _PATH_SUDO_TIMEDIR must be owned by root
+	 * and mode 0700 or we ignore the timestamps in it.
+	 */
+	if (statbuf.st_uid != 0 || (statbuf.st_mode & 0000077)) {
+	    timedir_is_good = 0;
+	    timestamp_is_old = 2;
+	    log_error(BAD_STAMPDIR);
+	    inform_user(BAD_STAMPDIR);
+	} else if (stat(timestampfile, &statbuf)) {
+	    /* timestamp file does not exist? */
+	    timestamp_is_old = 2;	/* return (2)          */
+	} else {
+	    /* check the time against the timestamp file */
+	    now = time((time_t *) NULL);
+	    if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT)
+		/* check for bogus time on the stampfile */
+		if (statbuf.st_mtime > now + 60 * TIMEOUT * 2) {
+		    timestamp_is_old = 2;	/* bogus time value */
+		    log_error(BAD_STAMPFILE);
+		    inform_user(BAD_STAMPFILE);
+		} else {
+		    timestamp_is_old = 0;	/* time value is reasonable */
+		}
+	    else
+		timestamp_is_old = 1;	/* else make 'em enter password */
+	}
+    }
+    /*
+     * there was a problem stat()ing a directory
+     */
+    else {
+	timestamp_is_old = 2;	/* user has to enter password + reminder */
+	/* make the TIMEDIR directory */
+	if (mkdir(_PATH_SUDO_TIMEDIR, S_IRWXU)) {
+	    perror("check_timestamp: mkdir");
+	    timedir_is_good = 0;
+	} else {
+	    timedir_is_good = 1;	/* _PATH_SUDO_TIMEDIR now exists */
+	}
+    }
+
+    /* relinquish root */
+    set_perms(PERM_USER, 0);
+
+    return (timestamp_is_old);
+}
+
+
+
+/********************************************************************
+ *
+ *  touch()
+ *
+ *  This function updates the access and modify times on a file
+ *  via utime(2).
+ */
+
+static int touch(file)
+    char *file;
+{
+#if defined(HAVE_UTIME) && !defined(HAVE_UTIME_NULL)
+#ifdef HAVE_UTIME_POSIX
+#define UTP		(&ut)
+    struct utimbuf ut;
+
+    ut.actime = ut.modtime = time(NULL);
+#else
+#define UTP		(ut)
+    /* old BSD <= 4.3 has no struct utimbuf */
+    time_t ut[2];
+
+    ut[0] = ut[1] = time(NULL);
+#endif /* HAVE_UTIME_POSIX */
+#else
+#define UTP		NULL
+#endif /* HAVE_UTIME && !HAVE_UTIME_NULL */
+
+    return(utime(file, UTP));
+}
+#undef UTP
+
+
+
+/********************************************************************
+ *
+ *  update_timestamp()
+ *
+ *  This function changes the timestamp to "now"
+ */
+
+static void update_timestamp()
+{
+    if (timedir_is_good) {
+	/* become root */
+	set_perms(PERM_ROOT, 0);
+
+	if (touch(timestampfile) < 0) {
+	    int fd = open(timestampfile, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+	    if (fd < 0)
+		perror("update_timestamp: open");
+	    else
+		close(fd);
+	}
+
+	/* relinquish root */
+	set_perms(PERM_USER, 0);
+    }
+}
+
+
+
+/********************************************************************
+ *
+ *  remove_timestamp()
+ *
+ *  This function removes the timestamp ticket file
+ */
+
+void remove_timestamp()
+{
+#ifdef USE_TTY_TICKETS
+    char *p;
+
+    if (p = strrchr(tty, '/'))
+	p++;
+    else
+	p = tty;
+
+    (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p);
+#else
+    (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
+#endif /* USE_TTY_TICKETS */
+
+    /* become root */
+    set_perms(PERM_ROOT, 0);
+
+    /* remove the ticket file */
+    (void) unlink(timestampfile);
+
+    /* relinquish root */
+    set_perms(PERM_USER, 0);
+}
+
+
+
+/********************************************************************
+ *
+ *  check_passwd()
+ *
+ *  This function grabs the user's password and checks with the password
+ *  in /etc/passwd (or uses other specified authentication method).
+ */
+
+#ifdef HAVE_SECURID
+static void check_passwd()
+{
+    struct SD_CLIENT sd_dat, *sd;		/* SecurID data block */
+    register int counter = TRIES_FOR_PASSWORD;
+
+    (void) memset ((VOID *)&sd_dat, 0, sizeof(sd_dat));
+    sd = &sd_dat;
+
+    /* Initialize SecurID. */
+    set_perms(PERM_ROOT, 0);
+    creadcfg();
+    if (sd_init(sd) != 0) {
+	(void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]);
+	exit(1);
+    }
+
+    /*
+     * you get TRIES_FOR_PASSWORD times to guess your password
+     */
+    while (counter > 0) {
+	if (sd_auth(sd) == ACM_OK) {
+	    set_perms(PERM_USER, 0);
+	    return;
+	}
+
+	--counter;		/* otherwise, try again  */
+#ifdef USE_INSULTS
+	(void) fprintf(stderr, "%s\n", INSULT);
+#else
+	(void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
+#endif /* USE_INSULTS */
+    }
+    set_perms(PERM_USER, 0);
+
+    if (counter > 0) {
+	log_error(PASSWORD_NOT_CORRECT);
+	inform_user(PASSWORD_NOT_CORRECT);
+    } else {
+	log_error(PASSWORDS_NOT_CORRECT);
+	inform_user(PASSWORDS_NOT_CORRECT);
+    }
+
+    exit(1);
+}
+#else /* !HAVE_SECURID */
+static void check_passwd()
+{
+    char *pass;			/* this is what gets entered    */
+    register int counter = TRIES_FOR_PASSWORD;
+#if defined(HAVE_KERB4) && defined(USE_GETPASS)
+    char kpass[_PASSWD_LEN + 1];
+#endif /* HAVE_KERB4 && USE_GETPASS */
+
+#ifdef HAVE_SKEY
+    (void) memset((VOID *)&skey, 0, sizeof(skey));
+#endif /* HAVE_SKEY */
+#ifdef HAVE_OPIE
+    (void) memset((VOID *)&opie, 0, sizeof(opie));
+#endif /* HAVE_OPIE */
+
+    /*
+     * you get TRIES_FOR_PASSWORD times to guess your password
+     */
+    while (counter > 0) {
+
+#ifdef HAVE_SKEY
+	/* rewrite the prompt if using s/key since the challenge can change */
+	set_perms(PERM_ROOT, 0);
+	prompt = sudo_skeyprompt(&skey, prompt);
+	set_perms(PERM_USER, 0);
+#endif /* HAVE_SKEY */
+#ifdef HAVE_OPIE
+	/* rewrite the prompt if using OPIE since the challenge can change */
+	set_perms(PERM_ROOT, 0);
+	prompt = sudo_opieprompt(&opie, prompt);
+	set_perms(PERM_USER, 0);
+#endif /* HAVE_OPIE */
+
+	/* get a password from the user */
+#ifdef USE_GETPASS
+#  ifdef HAVE_KERB4
+	(void) des_read_pw_string(kpass, sizeof(kpass) - 1, prompt, 0);
+	pass = kpass;
+#  else
+	pass = (char *) getpass(prompt);
+#  endif /* HAVE_KERB4 */
+#else
+	pass = tgetpass(prompt, PASSWORD_TIMEOUT * 60, user_name, shost);
+#endif /* USE_GETPASS */
+
+	/* Exit loop on nil password */
+	if (!pass || *pass == '\0') {
+	    if (counter == TRIES_FOR_PASSWORD)
+		exit(0);
+	    else
+		break;
+	}
+
+#ifdef HAVE_SKEY
+	/* Only check s/key db if the user exists there */
+	if (skey.keyfile) {
+	    set_perms(PERM_ROOT, 0);
+	    if (skeyverify(&skey, pass) == 0) {
+		set_perms(PERM_USER, 0);
+		return;             /* if the key is correct return() */
+	    }
+	    set_perms(PERM_USER, 0);
+	}
+#endif /* HAVE_SKEY */
+#ifdef HAVE_OPIE
+	/* Only check OPIE db if the user exists there */
+	if (opie.opie_flags) {
+	    set_perms(PERM_ROOT, 0);
+	    if (opieverify(&opie, pass) == 0) {
+		set_perms(PERM_USER, 0);
+		return;             /* if the key is correct return() */
+	    }
+	    set_perms(PERM_USER, 0);
+	}
+#endif /* HAVE_OPIE */
+#if !defined(HAVE_SKEY) || !defined(SKEY_ONLY)
+	/*
+	 * If we use shadow passwords with a different crypt(3)
+	 * check that here, else use standard crypt(3).
+	 */
+#  if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
+#    if (SHADOW_TYPE == SPW_ULTRIX4)
+	if (!strcmp(user_passwd, (char *) crypt16(pass, user_passwd)))
+	    return;		/* if the passwd is correct return() */
+#    endif /* ULTRIX4 */
+#    if (SHADOW_TYPE == SPW_SECUREWARE) && !defined(__alpha)
+#      ifdef HAVE_BIGCRYPT
+	if (strcmp(user_passwd, (char *) bigcrypt(pass, user_passwd)) == 0)
+	    return;           /* if the passwd is correct return() */
+#      else
+	if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0)
+	    return;           /* if the passwd is correct return() */
+#      endif /* HAVE_BIGCRYPT */
+#    endif /* SECUREWARE && !__alpha */
+#    if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
+	if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
+	    if (!strcmp(user_passwd, bigcrypt(pass, user_passwd)))
+		return;             /* if the passwd is correct return() */
+	} else if (crypt_type == AUTH_CRYPT_CRYPT16) {
+	    if (!strcmp(user_passwd, crypt16(pass, user_passwd)))
+		return;             /* if the passwd is correct return() */
+#ifdef AUTH_CRYPT_OLDCRYPT
+	} else if (crypt_type == AUTH_CRYPT_OLDCRYPT ||
+		   crypt_type == AUTH_CRYPT_C1CRYPT) {
+	    if (!strcmp(user_passwd, crypt(pass, user_passwd)))
+		return;             /* if the passwd is correct return() */
+#endif
+	} else {
+	    (void) fprintf(stderr,
+                    "%s: Sorry, I don't know how to deal with crypt type %d.\n",
+                    Argv[0], crypt_type);
+	    exit(1);
+	}
+#    endif /* SECUREWARE && __alpha */
+#  endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+
+	/* Normal UN*X password check */
+	if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd)))
+	    return;		/* if the passwd is correct return() */
+
+#  ifdef HAVE_KERB4
+	if (user_uid && sudo_krb_validate_user(user_pw_ent, pass) == 0)
+	    return;
+#  endif /* HAVE_KERB4 */
+
+#  ifdef HAVE_AFS
+	if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION,
+                                       user_name,	/* name */
+                                       NULL,		/* instance */
+                                       NULL,		/* realm */
+                                       pass,		/* password */
+                                       0,		/* lifetime */
+                                       0, 0,		/* spare */
+                                       NULL) == 0)	/* reason */
+	    return;
+#  endif /* HAVE_AFS */
+#  ifdef HAVE_DCE
+	/* 
+	 * consult the DCE registry for password validation
+	 * note that dce_pwent trashes pass upon return...
+	 */
+	if (dce_pwent(user_name, pass))
+	    return;
+#  endif /* HAVE_DCE */
+#endif /* !HAVE_SKEY || !SKEY_ONLY */
+
+	--counter;		/* otherwise, try again  */
+#ifdef USE_INSULTS
+	(void) fprintf(stderr, "%s\n", INSULT);
+#else
+	(void) fprintf(stderr, "%s\n", INCORRECT_PASSWORD);
+#endif /* USE_INSULTS */
+    }
+
+    if (counter > 0) {
+	log_error(PASSWORD_NOT_CORRECT);
+	inform_user(PASSWORD_NOT_CORRECT);
+    } else {
+	log_error(PASSWORDS_NOT_CORRECT);
+	inform_user(PASSWORDS_NOT_CORRECT);
+    }
+
+    exit(1);
+}
+#endif /* HAVE_SECURID */
+
+
+#ifdef HAVE_KERB4
+/********************************************************************
+ *
+ *  sudo_krb_validate_user()
+ *
+ *  Validate a user via kerberos.
+ */
+static int sudo_krb_validate_user(pw_ent, pass)
+    struct passwd *pw_ent;
+    char *pass;
+{
+    char realm[REALM_SZ];
+    char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
+    int k_errno;
+
+    /* Get the local realm */
+    if (krb_get_lrealm(realm, 1) != KSUCCESS)
+	(void) fprintf(stderr, "Warning: Unable to get local kerberos realm\n");
+
+    /*
+     * Set the ticket file to be in sudo sudo timedir so we don't
+     * wipe out other kerberos tickets.
+     */
+    (void) sprintf(tkfile, "%s/tkt%ld", _PATH_SUDO_TIMEDIR,
+		   (long) pw_ent->pw_uid);
+    (void) krb_set_tkt_string(tkfile);
+
+    /*
+     * Update the ticket if password is ok.  Kerb4 expects
+     * the ruid and euid to be the same here so we setuid to root.
+     */
+    set_perms(PERM_ROOT, 0);
+    k_errno = krb_get_pw_in_tkt(pw_ent->pw_name, "", realm, "krbtgt", realm,
+	DEFAULT_TKT_LIFE, pass);
+
+    /*
+     * If we authenticated, destroy the ticket now that we are done with it.
+     * If not, warn on a "real" error.
+     */
+    if (k_errno == INTK_OK)
+	dest_tkt();
+    else if (k_errno != INTK_BADPW && k_errno != KDC_PR_UNKNOWN)
+	(void) fprintf(stderr, "Warning: Kerberos error: %s\n",
+		       krb_err_txt[k_errno]);
+
+    /* done with rootly stuff */
+    set_perms(PERM_USER, 0);
+
+    return(!(k_errno == INTK_OK));
+}
+#endif /* HAVE_KERB4 */
+
+
+#ifdef HAVE_SKEY
+/********************************************************************
+ *
+ *  sudo_skeyprompt()
+ *
+ *  This function rewrites and return the prompt based the
+ *  s/key challenge *  and fills in the user's skey structure.
+ */
+
+static char *sudo_skeyprompt(user_skey, p)
+    struct skey *user_skey;
+    char *p;
+{
+    char challenge[256];
+    int rval;
+    static char *orig_prompt = NULL, *new_prompt = NULL;
+    static int op_len, np_size;
+
+    /* save the original prompt */
+    if (orig_prompt == NULL) {
+	orig_prompt = p;
+	op_len = strlen(p);
+
+	/* ignore trailing colon */
+	if (p[op_len - 1] == ':')
+	    op_len--;
+    }
+
+    /* close old stream */
+    if (user_skey->keyfile)
+	(void) fclose(user_skey->keyfile);
+
+    /* get the skey part of the prompt */
+    if ((rval = skeychallenge(user_skey, user_name, challenge)) != 0) {
+#ifdef OTP_ONLY
+	(void) fprintf(stderr,
+		       "%s: You do not exist in the s/key database.\n",
+		       Argv[0]);
+	exit(1);
+#else
+	/* return the original prompt if we cannot get s/key info */
+	return(orig_prompt);
+#endif /* OTP_ONLY */
+    }
+
+    /* get space for new prompt with embedded s/key challenge */
+    if (new_prompt == NULL) {
+	/* allocate space for new prompt */
+	np_size = op_len + strlen(challenge) + 7;
+	if (!(new_prompt = (char *) malloc(np_size))) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+    } else {
+	/* already have space allocated, is it enough? */
+	if (np_size < op_len + strlen(challenge) + 7) {
+	    np_size = op_len + strlen(challenge) + 7;
+	    if (!(new_prompt = (char *) realloc(new_prompt, np_size))) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n",
+			       Argv[0]);
+		exit(1);
+	    }
+	}
+    }
+
+    /* embed the s/key challenge into the new password prompt */
+#ifdef LONG_OTP_PROMPT
+    (void) sprintf(new_prompt, "%s\n%s", challenge, orig_prompt);
+#else
+    (void) sprintf(new_prompt, "%.*s [ %s ]:", op_len, orig_prompt, challenge);
+#endif /* LONG_OTP_PROMPT */
+
+    return(new_prompt);
+}
+#endif /* HAVE_SKEY */
+
+
+#ifdef HAVE_OPIE
+/********************************************************************
+ *
+ *  sudo_opieprompt()
+ *
+ *  This function rewrites and return the prompt based the
+ *  OPIE challenge *  and fills in the user's opie structure.
+ */
+
+static char *sudo_opieprompt(user_opie, p)
+    struct opie *user_opie;
+    char *p;
+{
+    char challenge[OPIE_CHALLENGE_MAX];
+    int rval;
+    static char *orig_prompt = NULL, *new_prompt = NULL;
+    static int op_len, np_size;
+
+    /* save the original prompt */
+    if (orig_prompt == NULL) {
+	orig_prompt = p;
+	op_len = strlen(p);
+
+	/* ignore trailing colon */
+	if (p[op_len - 1] == ':')
+	    op_len--;
+    }
+
+    /* get the opie part of the prompt */
+    if ((rval = opiechallenge(user_opie, user_name, challenge)) != 0) {
+#ifdef OTP_ONLY
+	(void) fprintf(stderr,
+		       "%s: You do not exist in the s/key database.\n",
+		       Argv[0]);
+	exit(1);
+#else
+	/* return the original prompt if we cannot get s/key info */
+	return(orig_prompt);
+#endif /* OTP_ONLY */
+    }
+
+    /* get space for new prompt with embedded s/key challenge */
+    if (new_prompt == NULL) {
+	/* allocate space for new prompt */
+	np_size = op_len + strlen(challenge) + 7;
+	if (!(new_prompt = (char *) malloc(np_size))) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+    } else {
+	/* already have space allocated, is it enough? */
+	if (np_size < op_len + strlen(challenge) + 7) {
+	    np_size = op_len + strlen(challenge) + 7;
+	    if (!(new_prompt = (char *) realloc(new_prompt, np_size))) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n",
+			       Argv[0]);
+		exit(1);
+	    }
+	}
+    }
+
+    /* embed the s/key challenge into the new password prompt */
+#ifdef LONG_OTP_PROMPT
+    (void) sprintf(new_prompt, "%s\n%s", challenge, orig_prompt);
+#else
+    (void) sprintf(new_prompt, "%.*s [ %s ]:", op_len, orig_prompt, challenge);
+#endif /* LONG_OTP_PROMPT */
+
+    return(new_prompt);
+}
+#endif /* HAVE_OPIE */
+
+
+#ifndef NO_MESSAGE
+/********************************************************************
+ *
+ *  reminder()
+ *
+ *  this function just prints the the reminder message
+ */
+
+static void reminder()
+{
+#ifdef SHORT_MESSAGE
+    (void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n",
+#else
+    (void) fprintf(stderr, "\n%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n",
+	"    CU sudo version 1.5.2, based on Root Group sudo version 1.1",
+	"    sudo version 1.1, Copyright (C) 1991 The Root Group, Inc.",
+	"    sudo comes with ABSOLUTELY NO WARRANTY.  This is free software,",
+	"    and you are welcome to redistribute it under certain conditions.",
+#endif
+	"We trust you have received the usual lecture from the local System",
+	"Administrator. It usually boils down to these two things:",
+	"        #1) Respect the privacy of others.",
+	"        #2) Think before you type."
+    );
+    
+    (void) fflush(stderr);
+}
+#endif /* NO_MESSAGE */
diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h
new file mode 100644
index 00000000000..d2ae270ab64
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/compat.h
@@ -0,0 +1,145 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: compat.h,v 1.1 1996/10/14 05:14:44 millert Exp $
+ */
+
+#ifndef _SUDO_COMPAT_H
+#define _SUDO_COMPAT_H
+
+/*
+ * Macros that may be missing on some Operating Systems
+ */
+
+/* Deal with ansi stuff reasonably.  */
+#ifndef  __P
+#  if defined (__cplusplus) || defined (__STDC__)
+#    define __P(args)		args
+#  else
+#    define __P(args)		()
+#  endif
+#endif /* __P */
+
+/*
+ * Some systems (ie ISC V/386) do not define MAXPATHLEN even in param.h
+ */
+#ifndef MAXPATHLEN
+#  define MAXPATHLEN		1024
+#endif
+
+/*
+ * Some systems do not define MAXHOSTNAMELEN.
+ */
+#ifndef MAXHOSTNAMELEN
+#  define MAXHOSTNAMELEN	64
+#endif
+
+/*
+ * 4.2BSD lacks FD_* macros (we only use FD_SET and FD_ZERO)
+ */
+#ifndef FD_SETSIZE
+#define FD_SET(fd, fds)		((fds) -> fds_bits[0] |= (1 << (fd)))
+#define FD_ZERO(fds)		((fds) -> fds_bits[0] = 0)
+#endif /* !FD_SETSIZE */
+
+/*
+ * Posix versions for those without...
+ */
+#ifndef _S_IFMT
+#  define _S_IFMT		S_IFMT
+#endif /* _S_IFMT */
+#ifndef _S_IFREG
+#  define _S_IFREG		S_IFREG
+#endif /* _S_IFREG */
+#ifndef _S_IFDIR
+#  define _S_IFDIR		S_IFDIR
+#endif /* _S_IFDIR */
+#ifndef S_ISREG
+#  define S_ISREG(m)		(((m) & _S_IFMT) == _S_IFREG)
+#endif /* S_ISREG */
+#ifndef S_ISDIR
+#  define S_ISDIR(m)		(((m) & _S_IFMT) == _S_IFDIR)
+#endif /* S_ISDIR */
+
+/*
+ * Some OS's may not have this.
+ */
+#ifndef S_IRWXU
+#  define S_IRWXU		0000700		/* rwx for owner */
+#endif /* S_IRWXU */
+
+/*
+ * We need to know how long the longest password may be.
+ * For alternate password schemes we need longer passwords.
+ * This is a bit, ummm, gross but necesary.
+ */
+#if defined(HAVE_KERB4) || defined(HAVE_AFS) || defined(HAVE_DCE) || defined(HAVE_SKEY) || defined(HAVE_OPIE)
+#  undef _PASSWD_LEN
+#  define _PASSWD_LEN		256
+#else
+#  if (SHADOW_TYPE == SPW_SECUREWARE)
+#    undef _PASSWD_LEN
+#    define _PASSWD_LEN		AUTH_MAX_PASSWD_LENGTH
+#  else
+#    ifndef _PASSWD_LEN
+#      ifdef PASS_MAX
+#        define _PASSWD_LEN	PASS_MAX
+#      else
+#        if (SHADOW_TYPE != SPW_NONE)
+#          define _PASSWD_LEN	24
+#        else
+#          define _PASSWD_LEN	8
+#        endif /* SHADOW_TYPE != SPW_NONE */
+#      endif /* PASS_MAX */
+#    endif /* !_PASSWD_LEN */
+#  endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
+#endif /* SPW_SECUREWARE */
+
+/*
+ * Some OS's lack these
+ */
+#ifndef UID_NO_CHANGE
+#  define UID_NO_CHANGE		((uid_t) -1)
+#endif /* UID_NO_CHANGE */
+#ifndef GID_NO_CHANGE
+#  define GID_NO_CHANGE		((gid_t) -1)
+#endif /* GID_NO_CHANGE */
+
+/*
+ * Emulate seteuid() for AIX via setuidx() -- needed for some versions of AIX
+ */
+#ifdef _AIX
+#  include <sys/id.h>
+#  define seteuid(_EUID)	(setuidx(ID_EFFECTIVE|ID_REAL, _EUID))
+#  undef HAVE_SETEUID
+#  define HAVE_SETEUID		1
+#endif /* _AIX */
+
+/*
+ * Emulate seteuid() for HP-UX via setresuid(2) and seteuid(2) for others.
+ */
+#ifndef HAVE_SETEUID
+#  ifdef __hpux
+#    define seteuid(_EUID)	(setresuid(UID_NO_CHANGE, _EUID, UID_NO_CHANGE))
+#  else
+#    define seteuid(_EUID)	(setresuid(UID_NO_CHANGE, _EUID))
+#  endif /* __hpux */
+#endif /* HAVE_SETEUID */
+
+#endif /* _SUDO_COMPAT_H */
diff --git a/gnu/usr.bin/sudo/sudo/config.h b/gnu/usr.bin/sudo/sudo/config.h
new file mode 100644
index 00000000000..a9dc67a9ce3
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/config.h
@@ -0,0 +1,304 @@
+/* config.h.  Generated automatically by configure.  */
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: config.h,v 1.1 1996/10/14 05:14:44 millert Exp $
+ */
+
+/*
+ * config.h -- You shouldn't edit this by hand unless you are
+ *             NOT using configure.
+ */
+
+/* New ANSI-style OS defs.  */
+#if defined(hpux) && !defined(__hpux)
+#  define __hpux	1
+#endif /* hpux */
+
+#if defined(convex) && !defined(__convex__)
+#  define __convex__	1
+#endif /* convex */
+
+/* Define if on AIX 3.
+   System headers sometimes define this.
+   We just want to avoid a redefinition error message.  */
+#ifndef _ALL_SOURCE
+/* #undef _ALL_SOURCE */
+#endif
+
+/* Define if on ConvexOs.
+   System headers sometimes define this.
+   We just want to avoid a redefinition error message.  */
+#ifndef _CONVEX_SOURCE
+/* #undef _CONVEX_SOURCE */
+#endif
+
+/* Define if needed to get POSIX functionality.
+   System headers sometimes define this.
+   We just want to avoid a redefinition error message.  */
+#ifndef _POSIX_SOURCE
+/* #undef _POSIX_SOURCE */
+#endif
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+/* #undef uid_t */
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+/* #undef gid_t */
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+/* #undef mode_t */
+
+/* Define to `unsigned' if <sys/types.h> doesn't define.  */
+/* #undef size_t */
+
+/* Define to `int' if <sys/types.h> doesn't define.  */
+/* #undef ssize_t */
+
+/* Define to be nil if C compiler doesn't support "const."  */
+/* #undef const */
+
+/* Define as the return type of signal handlers (int or void).  */
+#define RETSIGTYPE void
+
+/* Define if you have the ANSI C header files.  */
+#define STDC_HEADERS 1
+
+/* Define if you want to use the system getpass().  */
+/* #undef USE_GETPASS */
+
+/* Define if you use S/Key.  */
+/* #undef HAVE_SKEY */
+
+/* Define if you use NRL OPIE.  */
+/* #undef HAVE_OPIE */
+
+/* Define if you use SecurID.  */
+/* #undef HAVE_SECURID */
+
+/* Define if you use Kerberos.  */
+/* #undef HAVE_KERB4 */
+
+/* Define if you use Kerberos.  */
+/* #undef HAVE_KERB5 */
+
+/* Keberos v5 has v4 compatibility */
+#ifdef HAVE_KERB5
+#  define HAVE_KERB4
+#endif /* HAVE_KERB5 */
+
+/* Define if you use AFS.  */
+/* #undef HAVE_AFS */
+
+/* Define if you use OSF DCE.  */
+/* #undef HAVE_DCE */
+
+/* Define if you have POSIX signals.  */
+#define HAVE_SIGACTION 1
+#ifdef HAVE_SIGACTION
+#  define POSIX_SIGNALS
+#endif /* HAVE_SIGACTION */
+
+/* Define if you have tzset(3).  */
+#define HAVE_TZSET 1
+
+/* Define if you have getcwd(3).  */
+/* #undef HAVE_GETCWD */
+
+/* Define if you have getwd(3).  */
+#define HAVE_GETWD 1
+
+/* Define if you have strdup(3).  */
+#define HAVE_STRDUP 1
+
+/* Define if you have fnmatch(3).  */
+#define HAVE_FNMATCH 1
+
+/* Define if you have lsearch(3).  */
+#define HAVE_LSEARCH 1
+
+/* Define if you have strchr(3).  */
+#define HAVE_STRCHR 1
+#if !defined(HAVE_STRCHR) && !defined(strchr)
+#  define strchr	index
+#endif
+
+/* Define if you have strrchr(3).  */
+#define HAVE_STRRCHR 1
+#if !defined(HAVE_STRRCHR) && !defined(strrchr)
+#  define strrchr	rindex
+#endif
+
+/* Define if you have memcpy(3).  */
+#define HAVE_MEMCPY 1
+#if !defined(HAVE_MEMCPY) && !defined(memcpy)
+#  define memcpy(D, S, L)	(bcopy(S, D, L))
+#endif
+
+/* Define if you have memset(3).  */
+#define HAVE_MEMSET 1
+#if !defined(HAVE_MEMSET) && !defined(memset)
+#  define memset(S, X, N)	(bzero(S, N))
+#endif
+
+/* Define if you have sysconf(3c). */
+#define HAVE_SYSCONF 1
+
+/* Define if you have putenv(3). */
+/* #undef HAVE_PUTENV */
+
+/* Define if you have setenv(3). */
+#define HAVE_SETENV 1
+
+/* Define if you have strcasecmp(3). */
+#define HAVE_STRCASECMP 1
+
+/* Define if you have tcgetattr(3). */
+#define HAVE_TCGETATTR 1
+
+/* Define if you have innetgr(3). */
+#define HAVE_INNETGR 1
+
+/* Define if you have getdomainname(2). */
+#define HAVE_GETDOMAINNAME 1
+
+/* Define if you have utime(2). */
+#define HAVE_UTIME 1
+
+/* Define if you have a POSIX utime() (uses struct utimbuf) */
+#define HAVE_UTIME_POSIX 1
+
+/* Define if utime(file, NULL) sets timestamp to current */
+#define HAVE_UTIME_NULL 1
+
+/* Define if you have bigcrypt(3). */
+/* #undef HAVE_BIGCRYPT */
+
+/* Define if you have seteuid(3). */
+#define HAVE_SETEUID 1
+
+/* Define if you have the <malloc.h> header file.  */
+#define HAVE_MALLOC_H 1
+
+/* Define if you have the <alloca.h> header file.  */
+/* #undef HAVE_ALLOCA_H */
+
+/* Define if you have the <paths.h> header file.  */
+#define HAVE_PATHS_H 1
+
+/* Define if you have the <string.h> header file.  */
+#define HAVE_STRING_H 1
+
+/* Define if you have the <strings.h> header file.  */
+#if !defined(__convex__) && !defined(convex)
+#define HAVE_STRINGS_H 1
+#endif /* convex */
+
+/* Define your flavor of dir entry header file.  */
+#define HAVE_DIRENT_H 1
+/* #undef HAVE_SYS_NDIR_H */
+/* #undef HAVE_SYS_DIR_H */
+/* #undef HAVE_NDIR_H */
+
+/* Define if you have the <utime.h> header file.  */
+#define HAVE_UTIME_H 1
+
+/* Define if you have the <unistd.h> header file.  */
+#define HAVE_UNISTD_H 1
+
+/* Define if you have the <fnmatch.h> header file.  */
+#define HAVE_FNMATCH_H 1
+
+/* Define if you have the <netgroup.h> header file.  */
+#define HAVE_NETGROUP_H 1
+
+/* Define if you have the <termio.h> header file.  */
+/* #undef HAVE_TERMIO_H */
+
+/* Define if you have the <termios.h> header file and tcgetattr(3).  */
+#ifdef HAVE_TCGETATTR
+#define HAVE_TERMIOS_H 1
+#endif /* HAVE_TCGETATTR */
+
+/* Define if you have the <sys/sockio.h> header file.  */
+#define HAVE_SYS_SOCKIO_H 1
+
+/* Define if you have the <sys/bsdtypes.h> header file.  */
+/* #undef HAVE_SYS_BSDTYPES_H */
+
+/* Define if you have the <sys/select.h> header file.  */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define if your struct sockadr has an sa_len field. */
+#define HAVE_SA_LEN 1
+
+/* Supported shadow password types */
+#define SPW_NONE		0x00
+#define SPW_SECUREWARE		0x01
+#define SPW_HPUX9		0x02
+#define SPW_SUNOS4		0x03
+#define SPW_SVR4		0x04
+#define SPW_ULTRIX4		0x05
+#define SPW_BSD			0x06
+
+/* Define to the variety of shadow passwords supported on your OS */
+#define SHADOW_TYPE SPW_BSD
+
+/* Define to void if your C compiler fully groks void, else char */
+#define VOID void
+
+/* Define to the max length of a uid_t in string context (excluding the NULL */
+#define MAX_UID_T_LEN 10
+
+/* Define if your syslog(3) does not guarantee the message will be logged */
+/* and syslog(3) returns non-zero to denote failure */
+/* #undef BROKEN_SYSLOG */
+
+/*
+ * Paths to commands used by sudo.  There are used by pathnames.h.
+ * If you want to override these values, do so in pathnames.h, not here!
+ */
+
+#ifndef _CONFIG_PATH_SENDMAIL  
+#define _CONFIG_PATH_SENDMAIL "/usr/sbin/sendmail"
+#endif /* _CONFIG_PATH_SENDMAIL */
+
+#ifndef _CONFIG_PATH_VI
+#define _CONFIG_PATH_VI "/usr/bin/vi"
+#endif /* _CONFIG_PATH_VI */
+  
+#ifndef _CONFIG_PATH_PWD
+#define _CONFIG_PATH_PWD "/bin/pwd"
+#endif /* _CONFIG_PATH_PWD */
+
+#ifndef _CONFIG_PATH_MV
+#define _CONFIG_PATH_MV "/bin/mv"
+#endif /* _CONFIG_PATH_MV */
+
+#ifndef _CONFIG_PATH_BSHELL
+#define _CONFIG_PATH_BSHELL "/bin/sh"
+#endif /* _CONFIG_PATH_BSHELL */
+
+#ifndef _CONFIG_PATH_LOGFILE
+#define _CONFIG_PATH_LOGFILE "/var/log/sudo.log"
+#endif /* _CONFIG_PATH_LOGFILE */
+
+#ifndef _CONFIG_PATH_TIMEDIR
+#define _CONFIG_PATH_TIMEDIR "/var/run/sudo"
+#endif /* _CONFIG_PATH_TIMEDIR */
diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c
new file mode 100644
index 00000000000..e0b0b6aa512
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/find_path.c
@@ -0,0 +1,187 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains the find_path() function that returns
+ *  TRUE if the command was found and FALSE if not.
+ *  If find_path() returns TRUE, the copyin paramters command and
+ *  ocommand contain the resolved and unresolved pathnames respectively.
+ *  NOTE: if "." or "" exists in PATH it will be searched last.
+ *
+ *  Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: find_path.c,v 1.1 1996/10/14 05:14:45 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include "sudo.h"
+#include <options.h>
+
+#ifndef STDC_HEADERS
+#ifndef __GNUC__		/* gcc has its own malloc */
+extern char *malloc	__P((size_t));
+#endif /* __GNUC__ */
+extern char *getenv	__P((const char *));
+extern char *strcpy	__P((char *, const char *));
+extern int fprintf	__P((FILE *, const char *, ...));
+extern ssize_t readlink	__P((const char *, VOID *, size_t));
+extern int stat		__P((const char *, struct stat *));
+extern int lstat	__P((const char *, struct stat *));
+#ifdef HAVE_STRDUP
+extern char *strdup	__P((const char *));
+#endif /* HAVE_STRDUP */
+#endif /* !STDC_HEADERS */
+
+
+#ifndef _S_IFMT
+#define _S_IFMT		S_IFMT
+#endif /* _S_IFMT */
+#ifndef _S_IFLNK
+#define _S_IFLNK	S_IFLNK
+#endif /* _S_IFLNK */
+
+
+/*******************************************************************
+ *
+ *  find_path()
+ *
+ *  this function finds the full pathname for a command and
+ *  stores it in a statically allocated array, returning a pointer
+ *  to the array.
+ */
+
+char * find_path(file)
+    char *file;			/* file to find */
+{
+    static char command[MAXPATHLEN + 1];	/* qualified filename */
+    register char *n;		/* for traversing path */
+    char *path = NULL;		/* contents of PATH env var */
+    char *origpath;		/* so we can free path later */
+    char *result = NULL;	/* result of path/file lookup */
+#ifndef IGNORE_DOT_PATH
+    int checkdot = 0;		/* check current dir? */
+#endif /* IGNORE_DOT_PATH */
+
+    command[0] = '\0';
+
+    if (strlen(file) > MAXPATHLEN) {
+	errno = ENAMETOOLONG;
+	(void) fprintf(stderr, "%s:  path too long:  %s\n", Argv[0], file);
+	exit(1);
+    }
+
+    /*
+     * If we were given a fully qualified or relative path
+     * there is no need to look at PATH.
+     * We really want to fall back if !sudo_goodpath() but then
+     * the error is "not found" -- this way we get the correct error.
+     */
+    if (strchr(file, '/')) {
+	(void) strcpy(command, file);
+	if (sudo_goodpath(command)) {
+	    return(command);
+	} else {
+	    (void) fprintf(stderr, "%s: %s: ", Argv[0], command);
+	    perror("");
+	    exit(1);
+	}
+    }
+
+    /*
+     * grab PATH out of environment and make a local copy
+     */
+    if ((path = getenv("PATH")) == NULL)
+	return(NULL);
+
+    if ((path = (char *) strdup(path)) == NULL) {
+	(void) fprintf(stderr, "%s: out of memory!\n", Argv[0]);
+	exit(1);
+    }
+    origpath=path;
+
+    /* XXX use strtok() */
+    do {
+	if ((n = strchr(path, ':')))
+	    *n = '\0';
+
+	/*
+	 * search current dir last if it is in PATH This will miss sneaky
+	 * things like using './' or './/' 
+	 */
+	if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
+#ifndef IGNORE_DOT_PATH
+	    checkdot = 1;
+#endif /* IGNORE_DOT_PATH */
+	    path = n + 1;
+	    continue;
+	}
+
+	/*
+	 * resolve the path and exit the loop if found
+	 */
+	if (strlen(path) + strlen(file) >= MAXPATHLEN) {
+	    errno = ENAMETOOLONG;
+	    (void) fprintf(stderr, "%s:  path too long:  %s\n", Argv[0], file);
+	    exit(1);
+	}
+	(void) sprintf(command, "%s/%s", path, file);
+	if ((result = sudo_goodpath(command)))
+	    break;
+
+	path = n + 1;
+
+    } while (n);
+
+#ifndef IGNORE_DOT_PATH
+    /*
+     * check current dir if dot was in the PATH
+     */
+    if (!result && checkdot)
+	result = sudo_goodpath(file);
+#endif /* IGNORE_DOT_PATH */
+
+    (void) free(origpath);
+
+    return(result);
+}
diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c
new file mode 100644
index 00000000000..7ff4a16185c
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/getspwuid.c
@@ -0,0 +1,266 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains sudo_getpwuid(), a function that
+ *  Makes a dynamic copy of the struct passwd returned by
+ *  getpwuid() and substitutes the shadow password if
+ *  necesary.
+ *
+ *  Todd C. Miller  Mon Nov 20 13:53:06 MST 1995
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: getspwuid.c,v 1.1 1996/10/14 05:14:46 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>   
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include "sudo.h"
+#include <options.h>
+#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
+#  if (SHADOW_TYPE == SPW_SVR4)
+#    include <shadow.h>
+#  endif /* SVR4 */
+#  if (SHADOW_TYPE == SPW_SECUREWARE)
+#    ifdef __hpux
+#      include <hpsecurity.h>
+#    else
+#      include <sys/security.h>
+#    endif /* __hpux */
+#    include <prot.h>
+#  endif /* SECUREWARE */
+#  if (SHADOW_TYPE == SPW_ULTRIX4)
+#    include <auth.h>
+#  endif /* ULTRIX4 */
+#  if (SHADOW_TYPE == SPW_SUNOS4)
+#    include <sys/label.h>
+#    include <sys/audit.h>
+#    include <pwdadj.h>
+#  endif /* SUNOS4 */
+#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+
+#ifndef STDC_HEADERS
+#ifndef __GNUC__                /* gcc has its own malloc */
+extern char *malloc     __P((size_t));
+#endif /* __GNUC__ */
+extern char *getenv     __P((const char *));
+#ifdef HAVE_STRDUP
+extern char *strdup     __P((const char *));
+#endif /* HAVE_STRDUP */
+#endif /* !STDC_HEADERS */
+
+/*
+ * Global variables (yuck)
+ */
+#if (SHADOW_TYPE == SPW_SECUREWARE) && defined(__alpha)
+uchar_t crypt_type;
+#endif /* SPW_SECUREWARE && __alpha */
+
+
+/*
+ * Local functions not visible outside getspwuid.c
+ */
+static char *sudo_getshell	__P((struct passwd *));
+static char *sudo_getspwd	__P((struct passwd *));
+
+
+
+/**********************************************************************
+ *
+ * sudo_getshell()
+ *
+ *  This function returns the user's shell based on either the
+ *  SHELL evariable or the passwd(5) entry (in that order).
+ */
+
+static char *sudo_getshell(pw_ent)
+    struct passwd *pw_ent;
+{
+    char *pw_shell;
+
+    if ((pw_shell = getenv("SHELL")) == NULL)
+	pw_shell = pw_ent -> pw_shell;
+
+#ifdef _PATH_BSHELL
+    /* empty string "" means bourne shell */
+    if (*pw_shell == '\0')
+	pw_shell = _PATH_BSHELL;
+#endif /* _PATH_BSHELL */
+
+    return(pw_shell);
+}
+
+
+/**********************************************************************
+ *
+ *  sudo_getspwd()
+ *
+ *  This function returns the shadow password for the user described
+ *  by pw_ent.  If there is no shadow password the normal UN*X password
+ *  is returned instead.
+ */
+
+static char *sudo_getspwd(pw_ent)
+    struct passwd *pw_ent;
+#if (SHADOW_TYPE != SPW_NONE) && (SHADOW_TYPE != SPW_BSD)
+#  if (SHADOW_TYPE == SPW_SVR4)
+{
+    struct spwd *spw_ent;
+
+    if ((spw_ent = getspnam(pw_ent -> pw_name)) && spw_ent -> sp_pwdp)
+	return(spw_ent -> sp_pwdp);
+    else
+	return(pw_ent -> pw_passwd);
+}
+#  endif /* SVR4 */
+#  if (SHADOW_TYPE == SPW_HPUX9)
+{
+    struct s_passwd *spw_ent;
+
+    if ((spw_ent = getspwuid(pw_ent -> pw_uid)) && spw_ent -> pw_passwd)
+	return(spw_ent -> pw_passwd);
+    else
+	return(pw_ent -> pw_passwd);
+}
+#  endif /* HPUX9 */
+#  if (SHADOW_TYPE == SPW_SUNOS4)
+{
+    struct passwd_adjunct *spw_ent;
+
+    if ((spw_ent = getpwanam(pw_ent -> pw_name)) && spw_ent -> pwa_passwd)
+	return(spw_ent -> pwa_passwd);
+    else
+	return(pw_ent -> pw_passwd);
+}
+#  endif /* SUNOS4 */
+#  if (SHADOW_TYPE == SPW_ULTRIX4)
+{
+    AUTHORIZATION *spw_ent;
+
+    if ((spw_ent = getauthuid(pw_ent -> pw_uid)) && spw_ent -> a_password)
+	return(spw_ent -> a_password);
+    else
+	return(pw_ent -> pw_passwd);
+}
+#  endif /* ULTRIX4 */
+#  if (SHADOW_TYPE == SPW_SECUREWARE)
+{
+    struct pr_passwd *spw_ent;
+
+    if ((spw_ent = getprpwuid(pw_ent->pw_uid)) && spw_ent->ufld.fd_encrypt) {
+#    ifdef __alpha
+	crypt_type = spw_ent -> ufld.fd_oldcrypt;
+#      ifdef AUTH_CRYPT_C1CRYPT
+        if (crypt_type == AUTH_CRYPT_C1CRYPT)
+	    return(pw_ent -> pw_passwd);
+#      endif /* AUTH_CRYPT_C1CRYPT */
+#    endif /* __alpha */
+	return(spw_ent -> ufld.fd_encrypt);
+    } else
+	return(pw_ent -> pw_passwd);
+}
+#  endif /* SECUREWARE */
+#else
+{
+    return(pw_ent->pw_passwd);
+}
+#endif /* SHADOW_TYPE != SPW_NONE && SHADOW_TYPE != SPW_BSD */
+
+
+/**********************************************************************
+ *
+ *  sudo_getpwuid()
+ *
+ *  This function dynamically allocates space for a struct password
+ *  and the constituent parts that we care about.  If shadow passwords
+ *  are in use, it substitutes the shadow password for pw_passwd.
+ */
+
+struct passwd *sudo_getpwuid(uid)
+    uid_t uid;
+{
+    struct passwd *pw_ent, *local_pw_ent;
+
+    if ((pw_ent = getpwuid(uid)) == NULL)
+	return(NULL);
+
+    /* allocate space for a local copy of pw_ent */
+    local_pw_ent = (struct passwd *) malloc(sizeof(struct passwd));
+    if (local_pw_ent == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /*
+     * Copy the struct passwd and the interesting strings...
+     */
+    (void) memcpy(local_pw_ent, pw_ent, sizeof(struct passwd));
+
+    local_pw_ent->pw_name = (char *) strdup(pw_ent->pw_name);
+    if (local_pw_ent->pw_name == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    local_pw_ent->pw_dir = (char *) strdup(pw_ent->pw_dir);
+    if (local_pw_ent->pw_dir == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* pw_shell is a special case since we overide with $SHELL */
+    local_pw_ent->pw_shell = (char *) strdup(sudo_getshell(pw_ent));
+    if (local_pw_ent->pw_shell == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* pw_passwd gets a shadow password if applicable */
+    local_pw_ent->pw_passwd = (char *) strdup(sudo_getspwd(pw_ent));
+    if (local_pw_ent->pw_passwd == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    return(local_pw_ent);
+}
diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c
new file mode 100644
index 00000000000..61a19ac84d9
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/goodpath.c
@@ -0,0 +1,99 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains sudo_goodpath(3)
+ *
+ *  sudo_goodpath(3) takes a path to check and returns its argument
+ *  if the path is stat(2)'able, a regular file, and executable by
+ *  root.  The string's size should be <= MAXPATHLEN.
+ *
+ *  Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:58:17 MST 1995
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: goodpath.c,v 1.1 1996/10/14 05:14:46 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+
+#include "sudo.h"
+#include <options.h>
+
+#ifndef STDC_HEADERS
+extern int stat		__P((const char *, struct stat *));
+#endif /* !STDC_HEADERS */
+
+
+/******************************************************************
+ *
+ *  sudo_goodpath()
+ *
+ *  this function takes a path and makes sure it describes a a file
+ *  that is a normal file and executable by root.
+ */
+
+char * sudo_goodpath(path)
+    const char * path;
+{
+    struct stat statbuf;		/* for stat(2) */
+    int err;				/* if stat(2) got an error */
+
+    /* check for brain damage */
+    if (path == NULL || path[0] == '\0')
+	return(NULL);
+
+    /* we need to be root for the stat */
+    set_perms(PERM_ROOT, 0);
+
+    err = stat(path, &statbuf);
+
+    /* discard root perms */
+    set_perms(PERM_USER, 0);
+
+    /* stat(3) failed */
+    if (err)
+	return(NULL);
+
+    /* make sure path describes an executable regular file */
+    if (S_ISREG(statbuf.st_mode) && (statbuf.st_mode & 0000111)) {
+	return((char *)path);
+    } else {
+	/* file is not executable/regular */
+	errno = EACCES;
+	return(NULL);
+    }
+}
diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h
new file mode 100644
index 00000000000..b062f17f795
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/ins_2001.h
@@ -0,0 +1,39 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: ins_2001.h,v 1.1 1996/10/14 05:14:47 millert Exp $
+ */
+
+#ifndef _SUDO_INS_2001_H
+#define _SUDO_INS_2001_H
+
+    /*
+     * HAL insults (paraphrased) from 2001.
+     */
+
+    "Just what do you think you're doing Dave?",
+    "It can only be attributed to human error.",
+    "That's something I cannot allow to happen.",
+    "My mind is going. I can feel it.",
+    "Sorry about this, I know it's a bit silly.",
+    "Take a stress pill and think things over.",
+    "This mission is too important for me to allow you to jeopardize it.",
+    "I feel much better now.",
+
+#endif /* _SUDO_INS_2001_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h
new file mode 100644
index 00000000000..2f395bd6c29
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/ins_classic.h
@@ -0,0 +1,39 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: ins_classic.h,v 1.1 1996/10/14 05:14:47 millert Exp $
+ */
+
+#ifndef _SUDO_INS_CLASSIC_H
+#define _SUDO_INS_CLASSIC_H
+
+    /*
+     * Insults from the original sudo(8).
+     */
+
+    "Wrong!  You cheating scum!",
+    "No soap, honkie-lips.",
+    "Where did you learn to type?",
+    "Are you on drugs?",
+    "My pet ferret can type better than you!",
+    "You type like i drive.",
+    "Do you think like you type?",
+    "Your mind just hasn't been the same since the electro-shock, has it?",
+
+#endif /* _SUDO_INS_CLASSIC_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h
new file mode 100644
index 00000000000..b948e0bb447
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/ins_csops.h
@@ -0,0 +1,40 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: ins_csops.h,v 1.1 1996/10/14 05:14:48 millert Exp $
+ */
+
+#ifndef _SUDO_INS_CSOPS_H
+#define _SUDO_INS_CSOPS_H
+
+    /*
+     * CSOps insults (may be site dependent).
+     */
+
+    "Maybe if you used more than just two fingers...",
+    "BOB says:  You seem to have forgotten your passwd, enter another!",
+    "stty: unknown mode: doofus",
+    "I can't hear you -- I'm using the scrambler.",
+    "The more you drive -- the dumber you get.",
+    "Listen, burrito brains, I don't have time to listen to this trash.",
+    "I've seen penguins that can type better than that.",
+    "Have you considered trying to match wits with a rutabaga?",
+    "You speak an infinite deal of nothing",
+
+#endif /* _SUDO_INS_CSOPS_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h
new file mode 100644
index 00000000000..3fade04a3d1
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/ins_goons.h
@@ -0,0 +1,54 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: ins_goons.h,v 1.1 1996/10/14 05:14:48 millert Exp $
+ */
+
+#ifndef _SUDO_INS_GOONS_H
+#define _SUDO_INS_GOONS_H
+
+    /*
+     * Insults from the "Goon Show."
+     */
+
+    "You silly, twisted boy you.",
+    "He has fallen in the water!",
+    "We'll all be murdered in our beds!",
+    "You can't come in. Our tiger has got flu",
+    "I don't wish to know that.",
+    "What, what, what, what, what, what, what, what, what, what?",
+    "You can't get the wood, you know.",
+    "You'll starve!",
+    "... and it used to be so popular...",
+    "Pauses for audience applause, not a sausage",
+    "Hold it up to the light --- not a brain in sight!",
+    "Have a gorilla...",
+    "There must be cure for it!",
+    "There's a lot of it about, you know.",
+    "You do that again and see what happens...",
+    "Ying Tong Iddle I Po",
+    "Harm can come to a young lad like that!",
+    "And with that remarks folks, the case of the Crown vs yourself was proven.",
+    "Speak English you fool --- there are no subtitles in this scene.",
+    "You gotta go owwwww!",
+    "I have been called worse.",
+    "It's only your word against mine.",
+    "I think ... err ... I think ... I think I'll go home",
+
+#endif /* _SUDO_INS_GOONS_H */
diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h
new file mode 100644
index 00000000000..013d05b50ba
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/insults.h
@@ -0,0 +1,71 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: insults.h,v 1.1 1996/10/14 05:14:49 millert Exp $
+ */
+
+#ifndef _SUDO_INSULTS_H
+#define _SUDO_INSULTS_H
+
+#ifdef USE_INSULTS
+
+#if !defined(HAL_INSULTS) && !defined(GOONS_INSULTS) && !defined(CLASSIC_INSULTS)
+#  define CLASSIC_INSULTS
+#  define CSOPS_INSULTS
+#endif
+
+/*
+ * Use one or more set of insults as defined in options.h.
+ */
+
+char *insults[] = {
+
+# ifdef HAL_INSULTS
+#  include "ins_2001.h"
+# endif
+
+# ifdef GOONS_INSULTS
+#  include "ins_goons.h"
+# endif
+
+# ifdef CLASSIC_INSULTS
+#  include "ins_classic.h"
+# endif
+
+# ifdef CSOPS_INSULTS
+#  include "ins_csops.h"
+# endif
+
+    (char *) 0
+
+};
+
+/*
+ * How may I insult you?  Let me count the ways...
+ */
+#define NOFINSULTS (sizeof(insults) / sizeof(insults[0]) - 1)
+
+/*
+ * return a pseudo-random insult.
+ */
+#define INSULT		(insults[time(NULL) % NOFINSULTS])
+
+#endif /* USE_INSULTS */
+
+#endif /* _SUDO_INSULTS_H */
diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c
new file mode 100644
index 00000000000..a2a12773150
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/interfaces.c
@@ -0,0 +1,264 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains load_interfaces() a function that
+ *  fills the interfaces global with a list of active ip
+ *  addresses and their associated netmasks.
+ *
+ *  Todd C. Miller  Mon May  1 20:48:43 MDT 1995
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: interfaces.c,v 1.1 1996/10/14 05:14:49 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>   
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <netdb.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/param.h>
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#else
+#include <sys/ioctl.h>
+#endif /* HAVE_SYS_SOCKIO_H */
+#ifdef _ISC
+#include <sys/stream.h>
+#include <sys/sioctl.h>
+#include <sys/stropts.h>
+#include <net/errno.h>
+#define STRSET(cmd, param, len)	{strioctl.ic_cmd=(cmd);\
+				 strioctl.ic_dp=(param);\
+				 strioctl.ic_timout=0;\
+				 strioctl.ic_len=(len);}
+#endif /* _ISC */
+#ifdef _MIPS
+#include <net/soioctl.h>
+#endif /* _MIPS */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#include <net/if.h>
+
+#include "sudo.h"
+#include <options.h>
+#include "version.h"
+
+#if !defined(STDC_HEADERS) && !defined(__GNUC__)
+extern char *malloc	__P((size_t));
+#endif /* !STDC_HEADERS && !__GNUC__ */
+
+/*
+ * Globals
+ */
+struct interface *interfaces;
+int num_interfaces = 0;
+extern int Argc;
+extern char **Argv;
+
+
+#if defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES)
+/**********************************************************************
+ *
+ *  load_interfaces()
+ *
+ *  This function sets the interfaces global variable
+ *  and sets the constituent ip addrs and netmasks.
+ */
+
+void load_interfaces()
+{
+    struct ifconf *ifconf;
+    char ifconf_buf[sizeof(struct ifconf) + BUFSIZ];
+    struct ifreq ifreq, *ifr;
+    struct sockaddr_in *sin;
+    unsigned long localhost_mask;
+    int sock, n, i;
+#ifdef _ISC
+    struct strioctl strioctl;
+#endif /* _ISC */
+
+    /* so we can skip localhost and its ilk */
+    localhost_mask = inet_addr("127.0.0.0");
+
+    sock = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0) {
+	perror("socket");
+	exit(1);
+    }
+
+    /*
+     * get interface configuration or return (leaving interfaces NULL)
+     */
+    ifconf = (struct ifconf *) ifconf_buf;
+    ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf));
+    ifconf->ifc_len = sizeof(ifconf_buf) - sizeof(struct ifconf);
+
+    /* networking may not be installed in kernel */
+#ifdef _ISC
+    STRSET(SIOCGIFCONF, (caddr_t) ifconf, sizeof(ifconf_buf));
+    if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0)
+#else
+    if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0)
+#endif /* _ISC */
+	return;
+
+    /*
+     * get the maximum number of interfaces that *could* exist.
+     */
+    n = ifconf->ifc_len / sizeof(struct ifreq);
+
+    /*
+     * malloc() space for interfaces array
+     */
+    interfaces = (struct interface *) malloc(sizeof(struct interface) * n);
+    if (interfaces == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /*
+     * for each interface, get the ip address and netmask
+     */
+    for (ifreq.ifr_name[0] = '\0', i = 0; i < ifconf->ifc_len; ) {
+	/* get a pointer to the current interface */
+	ifr = (struct ifreq *) ((caddr_t) ifconf->ifc_req + i);
+
+	/* set i to the subscript of the next interface */
+#ifdef HAVE_SA_LEN
+	if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr))
+	    i += sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len;
+	else
+#endif /* HAVE_SA_LEN */
+	    i += sizeof(struct ifreq);
+
+	/* skip duplicates and interfaces with NULL addresses */
+	sin = (struct sockaddr_in *) &ifr->ifr_addr;
+	if (sin->sin_addr.s_addr == 0 ||
+	    strncmp(ifr->ifr_name, ifreq.ifr_name, sizeof(ifr->ifr_name)) == 0)
+	    continue;
+
+	/* make a working copy... */
+	ifreq = *ifr;
+
+	/* get the ip address */
+#ifdef _ISC
+	STRSET(SIOCGIFADDR, (caddr_t) &ifreq, sizeof(ifreq));
+	if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) {
+#else
+	if (ioctl(sock, SIOCGIFADDR, (caddr_t) &ifreq)) {
+#endif /* _ISC */
+	    /* non-fatal error if interface is down or not supported */
+	    if (errno == EADDRNOTAVAIL || errno == ENXIO || errno == EAFNOSUPPORT)
+		continue;
+
+	    (void) fprintf(stderr, "%s: Error, ioctl: SIOCGIFADDR ", Argv[0]);
+	    perror("");
+	    exit(1);
+	}
+	sin = (struct sockaddr_in *) &ifreq.ifr_addr;
+
+	/* store the ip address */
+	interfaces[num_interfaces].addr.s_addr = sin->sin_addr.s_addr;
+
+	/* get the netmask */
+#ifdef SIOCGIFNETMASK
+#ifdef _ISC
+	STRSET(SIOCGIFNETMASK, (caddr_t) &ifreq, sizeof(ifreq));
+	if (ioctl(sock, I_STR, (caddr_t) &strioctl) == 0) {
+#else
+	if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifreq) == 0) {
+#endif /* _ISC */
+	    sin = (struct sockaddr_in *) &ifreq.ifr_addr;
+
+	    /* store the netmask */
+	    interfaces[num_interfaces].netmask.s_addr = sin->sin_addr.s_addr;
+	} else {
+#else
+	{
+#endif /* SIOCGIFNETMASK */
+	    if (IN_CLASSC(interfaces[num_interfaces].addr.s_addr))
+		interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSC_NET);
+	    else if (IN_CLASSB(interfaces[num_interfaces].addr.s_addr))
+		interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSB_NET);
+	    else
+		interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSA_NET);
+	}
+
+	/* avoid localhost and friends */
+	if ((interfaces[num_interfaces].addr.s_addr &
+	    interfaces[num_interfaces].netmask.s_addr) == localhost_mask)
+	    continue;
+
+	num_interfaces++;
+    }
+
+    /* if there were bogus entries, realloc the array */
+    if (n != num_interfaces) {
+	/* it is unlikely that num_interfaces will be 0 but who knows... */
+	if (num_interfaces != 0) {
+	    interfaces = (struct interface *) realloc(interfaces,
+		sizeof(struct interface) * num_interfaces);
+	    if (interfaces == NULL) {
+		perror("realloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+		exit(1);
+	    }
+	} else {
+	    (void) free(interfaces);
+	}
+    }
+}
+
+#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */
+
+/**********************************************************************
+ *
+ *  load_interfaces()
+ *
+ *  Stub function for those without SIOCGIFCONF
+ */
+
+void load_interfaces()
+{
+    return;
+}
+
+#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */
diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c
new file mode 100644
index 00000000000..85cc707a80a
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/logging.c
@@ -0,0 +1,709 @@
+/*
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
+ *
+ * This software comes with no waranty whatsoever, use at your own risk.
+ *
+ * Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ */
+
+/*
+ *  sudo version 1.1 allows users to execute commands as root
+ *  Copyright (C) 1991  The Root Group, Inc.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ ****************************************************************
+ *
+ *  logging.c
+ *
+ *  this file supports the general logging facilities
+ *  if you want to change any error messages, this is probably
+ *  the place to be...
+ *
+ *  Jeff Nieusma   Thu Mar 21 23:39:04 MST 1991
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: logging.c,v 1.1 1996/10/14 05:14:50 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>   
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <pwd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <sys/errno.h>
+#include <netinet/in.h>
+
+#include "sudo.h"
+#include <options.h>
+
+/*
+ * Prototypes for local functions
+ */
+static void send_mail		__P((void));
+static RETSIGTYPE reapchild	__P((int));
+static int appropriate		__P((int));
+#ifdef BROKEN_SYSLOG
+static void syslog_wrapper	__P((int, char *, char *, char *));
+#endif /* BROKEN_SYSLOG */
+
+/*
+ * Globals
+ */
+static char *logline;
+extern int errorlineno;
+
+/*
+ * length of syslog-like header info used for mail and file logs
+ * is len("Mon MM HH:MM:SS : username : ")
+ */
+#define LOG_HEADER_LEN		29
+
+#ifdef BROKEN_SYSLOG
+#define MAXSYSLOGTRIES		16	/* num of retries for broken syslogs */
+#define SYSLOG(a,b,c,d)		syslog_wrapper(a,b,c,d)
+
+/****************************************************************
+ *
+ *  syslog_wrapper()
+ *
+ *  This function logs via syslog w/ a priority and 3 strings args.
+ *  It really shouldn't be necesary but some syslog()'s don't
+ *  guarantee that the syslog() operation will succeed!
+ */
+
+static void syslog_wrapper(pri, fmt, arg1, arg2)
+    int pri;
+    char *fmt;
+    char *arg1;
+    char *arg2;
+{
+    int i;
+
+    for (i = 0; i < MAXSYSLOGTRIES; i++)
+	if (syslog(pri, fmt, arg1, arg2) == 0)
+	    break;
+}
+#else
+#define SYSLOG(a,b,c,d)		syslog(a,b,c,d)
+#endif /* BROKEN_SYSLOG */
+
+
+
+/**********************************************************************
+ *
+ *  log_error()
+ *
+ *  This function attempts to deliver mail to ALERTMAIL and either
+ *  syslogs the error or writes it to the log file
+ */
+
+void log_error(code)
+    int code;
+{
+    char *p;
+    int count;
+    time_t now;
+#if (LOGGING & SLOG_FILE)
+    mode_t oldmask;
+    FILE *fp;
+#endif /* LOGGING & SLOG_FILE */
+#if (LOGGING & SLOG_SYSLOG)
+    int pri = Syslog_priority_NO;	/* syslog priority, assume the worst */
+    char *tmp, save;
+#endif /* LOGGING & SLOG_SYSLOG */
+
+    /*
+     * Allocate enough memory for logline so we won't overflow it
+     */
+    count = LOG_HEADER_LEN + 136 + 2 * MAXPATHLEN + strlen(tty) + strlen(cwd) +
+	    strlen(runas_user);
+    if (cmnd_args)
+	count += strlen(cmnd_args);
+
+    logline = (char *) malloc(count);
+    if (logline == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /*
+     * we will skip this stuff when using syslog(3) but it is
+     * necesary for mail and file logs.
+     */
+    now = time((time_t) 0);
+    p = ctime(&now) + 4;
+    (void) sprintf(logline, "%15.15s : %8.8s : ", p, user_name);
+
+    /*
+     * we need a pointer to the end of logline for cheap appends.
+     */
+    p = logline + LOG_HEADER_LEN;
+
+    switch (code) {
+
+	case ALL_SYSTEMS_GO:
+	    (void) sprintf(p, "TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+	    tty, cwd, runas_user);
+#if (LOGGING & SLOG_SYSLOG)
+	    pri = Syslog_priority_OK;
+#endif /* LOGGING & SLOG_SYSLOG */
+	    break;
+
+	case VALIDATE_NO_USER:
+	    (void) sprintf(p,
+		"user NOT in sudoers ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		tty, cwd, runas_user);
+	    break;
+
+	case VALIDATE_NOT_OK:
+	    (void) sprintf(p,
+		"command not allowed ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		tty, cwd, runas_user);
+	    break;
+
+	case VALIDATE_ERROR:
+	    (void) sprintf(p, "error in %s, line %d ; TTY=%s ; PWD=%s ; USER=%s.  ",
+		_PATH_SUDO_SUDOERS, errorlineno, tty, cwd, runas_user);
+	    break;
+
+	case GLOBAL_NO_PW_ENT:
+	    (void) sprintf(p,
+		"There is no passwd entry for uid %ld (TTY=%s).  ",
+		(long) user_uid, tty);
+	    break;
+
+	case PASSWORD_NOT_CORRECT:
+	    (void) sprintf(p,
+		"password incorrect ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		tty, cwd, runas_user);
+	    break;
+
+	case PASSWORDS_NOT_CORRECT:
+	    (void) sprintf(p,
+		"%d incorrect passwords ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		TRIES_FOR_PASSWORD, tty, cwd, runas_user);
+	    break;
+
+	case GLOBAL_NO_HOSTNAME:
+	    strcat(p, "This machine does not have a hostname ");
+	    break;
+
+	case NO_SUDOERS_FILE:
+	    switch (errno) {
+		case ENOENT:
+		    (void) sprintf(p, "There is no %s file.  ",
+			_PATH_SUDO_SUDOERS);
+		    break;
+		case EACCES:
+		    (void) sprintf(p, "Can't read %s.  ", _PATH_SUDO_SUDOERS);
+		    break;
+		default:
+		    (void) sprintf(p, "There is a problem opening %s ",
+			_PATH_SUDO_SUDOERS);
+		    break;
+	    }
+	    break;
+
+	case GLOBAL_HOST_UNREGISTERED:
+	    (void) sprintf(p, "gethostbyname() cannot find host %s ", host);
+	    break;
+
+	case SUDOERS_NOT_FILE:
+	    (void) sprintf(p, "%s is not a regular file ", _PATH_SUDO_SUDOERS);
+	    break;
+
+	case SUDOERS_WRONG_OWNER:
+	    (void) sprintf(p, "%s is not owned by uid %d and gid %d ",
+		_PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
+	    break;
+
+	case SUDOERS_WRONG_MODE:
+	    (void) sprintf(p, "%s is not mode %o ", _PATH_SUDO_SUDOERS,
+		SUDOERS_MODE);
+	    break;
+
+	case SPOOF_ATTEMPT:
+	    (void) sprintf(p,
+		"probable spoofing attempt; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		tty, cwd, runas_user);
+	    break;
+
+	case BAD_STAMPDIR:
+	    (void) sprintf(p,
+	    "%s owned by non-root or not mode 0700; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+	    _PATH_SUDO_TIMEDIR, tty, cwd, runas_user);
+	    break;
+
+	case BAD_STAMPFILE:
+	    (void) sprintf(p,
+		"preposterous stampfile date; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
+		tty, cwd, runas_user);
+	    break;
+
+	default:
+	    strcat(p, "found a wierd error : ");
+	    break;
+    }
+
+
+    /*
+     * If this is a parse error or if the error is from load_globals()
+     * don't put  argv in the message.
+     */
+    if (code != VALIDATE_ERROR && !(code & GLOBAL_PROBLEM)) {
+
+	/* stuff the command into the logline */
+	p = logline + strlen(logline);
+	strcpy(p, cmnd);
+
+	/* add a trailing space */
+	p += strlen(cmnd);
+	*p++ = ' ';
+	*p = '\0';
+
+	/* cat on command args if they exist */
+	if (cmnd_args) {
+	    (void) strcpy(p, cmnd_args);
+	    p += strlen(cmnd_args);
+	    *p++ = ' ';
+	    *p = '\0';
+	}
+    }
+
+#if (LOGGING & SLOG_SYSLOG)
+#ifdef Syslog_facility
+    openlog(Syslog_ident, Syslog_options, Syslog_facility);
+#else
+    openlog(Syslog_ident, Syslog_options);
+#endif /* Syslog_facility */
+
+    /*
+     * Log the full line, breaking into multiple syslog(3) calls if necesary
+     */
+    p = &logline[LOG_HEADER_LEN];	/* skip past the date and user */
+    for (count = 0; count < strlen(logline) / MAXSYSLOGLEN + 1; count++) {
+	if (strlen(p) > MAXSYSLOGLEN) {
+	    /*
+	     * Break up the line into what will fit on one syslog(3) line
+	     * Try to break on a word boundary if possible.
+	     */
+	    for (tmp = p + MAXSYSLOGLEN; tmp > p && *tmp != ' '; tmp--)
+		;
+	    if (tmp <= p)
+		tmp = p + MAXSYSLOGLEN;
+
+	    /* NULL terminate line, but save the char to restore later */
+	    save = *tmp;
+	    *tmp = '\0';
+
+	    if (count == 0)
+		SYSLOG(pri, "%8.8s : %s", user_name, p);
+	    else
+		SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
+
+	    *tmp = save;			/* restore saved character */
+
+	    /* eliminate leading whitespace */
+	    for (p=tmp; *p != ' '; p++)
+		;
+	} else {
+	    if (count == 0)
+		SYSLOG(pri, "%8.8s : %s", user_name, p);
+	    else
+		SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
+	}
+    }
+    closelog();
+#endif /* LOGGING & SLOG_SYSLOG */
+#if (LOGGING & SLOG_FILE)
+
+    /* become root */
+    set_perms(PERM_ROOT, 0);
+
+    oldmask = umask(077);
+    fp = fopen(_PATH_SUDO_LOGFILE, "a");
+    (void) umask(oldmask);
+    if (fp == NULL) {
+	(void) sprintf(logline, "Can\'t open log file: %s", _PATH_SUDO_LOGFILE);
+	send_mail();
+    } else {
+	char *beg, *oldend, *end;
+	int maxlen = MAXLOGFILELEN;
+
+	/*
+	 * Print out logline with word wrap
+	 */
+	beg = end = logline;
+	while (beg) {
+	    oldend = end;
+	    end = strchr(oldend, ' ');
+
+	    if (end) {
+		*end = '\0';
+		if (strlen(beg) > maxlen) {
+		    /* too far, need to back up & print the line */
+
+		    if (beg == (char *)logline)
+			maxlen -= 4;		/* don't indent first line */
+
+		    *end = ' ';
+		    if (oldend != beg) {
+			/* rewind & print */
+		    	end = oldend-1;
+			while (*end == ' ')
+			    --end;
+			*(++end) = '\0';
+			(void) fprintf(fp, "%s\n    ", beg);
+			*end = ' ';
+		    } else {
+			(void) fprintf(fp, "%s\n    ", beg);
+		    }
+
+		    /* reset beg to point to the start of the new substring */
+		    beg = end;
+		    while (*beg == ' ')
+			++beg;
+		} else {
+		    /* we still have room */
+		    *end = ' ';
+		}
+
+		/* remove leading whitespace */
+		while (*end == ' ')
+		    ++end;
+	    } else {
+		/* final line */
+		(void) fprintf(fp, "%s\n", beg);
+		beg = NULL;			/* exit condition */
+	    }
+	}
+
+	(void) fclose(fp);
+    }
+
+    /* relinquish root */
+    set_perms(PERM_USER, 0);
+#endif /* LOGGING & SLOG_FILE */
+
+    /* send mail if appropriate */
+    if (appropriate(code))
+	send_mail();
+}
+
+
+
+#ifdef MAILER
+/**********************************************************************
+ *
+ *  send_mail()
+ *
+ *  This function attempts to mail to ALERTMAIL about the sudo error
+ *
+ */
+
+static char *mail_argv[] = { "sendmail", "-t", (char *) NULL };
+
+static void send_mail()
+{
+    char *mailer = MAILER;
+    char *subject = MAILSUBJECT;
+    int fd[2];
+#ifdef POSIX_SIGNALS
+    struct sigaction action;
+
+    (void) memset((VOID *)&action, 0, sizeof(action));
+#endif /* POSIX_SIGNALS */
+
+    /* catch children as they die */
+#ifdef POSIX_SIGNALS
+    action.sa_handler = reapchild;
+    (void) sigaction(SIGCHLD, &action, NULL);
+#else
+    (void) signal(SIGCHLD, reapchild);
+#endif /* POSIX_SIGNALS */
+
+    if (fork())
+	return;
+
+    /*
+     * we don't want any security problems ...
+     */
+    set_perms(PERM_FULL_USER, 0);
+    
+#ifdef POSIX_SIGNALS
+    action.sa_handler = SIG_IGN;
+    (void) sigaction(SIGHUP, &action, NULL);
+    (void) sigaction(SIGINT, &action, NULL);
+    (void) sigaction(SIGQUIT, &action, NULL);
+#else
+    (void) signal(SIGHUP, SIG_IGN);
+    (void) signal(SIGINT, SIG_IGN);
+    (void) signal(SIGQUIT, SIG_IGN);
+#endif /* POSIX_SIGNALS */
+
+    if (pipe(fd)) {
+	perror("send_mail: pipe");
+	exit(1);
+    }
+    (void) dup2(fd[0], 0);
+    (void) dup2(fd[1], 1);
+    (void) close(fd[0]);
+    (void) close(fd[1]);
+
+    if (!fork()) {		/* child */
+	(void) close(1);
+	EXEC(mailer, mail_argv);
+
+	/* this should not happen */
+	perror(mailer);
+	exit(1);
+    } else {			/* parent */
+	(void) close(0);
+
+	/* feed the data to sendmail */
+	/* XXX - do we need to fdopen this fd #1 to a new stream??? */
+	(void) fprintf(stdout, "To: %s\nSubject: %s\n\n%s : %s\n\n",
+		ALERTMAIL, subject, host, logline);
+	fclose(stdout);
+
+	exit(0);
+    }
+}
+#else
+static void send_mail()
+{
+    /* no mailer defined */
+    return;
+}
+#endif /* MAILER */
+
+
+
+/****************************************************************
+ *
+ *  reapchild()
+ *
+ *  This function gets rid of all the ugly zombies
+ */
+
+static RETSIGTYPE reapchild(sig)
+    int sig;
+{
+    (void) wait(NULL);
+#ifndef POSIX_SIGNALS
+    (void) signal(SIGCHLD, reapchild);
+#endif /* POSIX_SIGNALS */
+}
+
+
+
+/**********************************************************************
+ *
+ *  inform_user ()
+ *
+ *  This function lets the user know what is happening 
+ *  when an error occurs
+ */
+
+void inform_user(code)
+    int code;
+{
+    switch (code) {
+	case VALIDATE_NO_USER:
+	    (void) fprintf(stderr,
+		"%s is not in the sudoers file.  This incident will be reported.\n\n",
+		user_name);
+	    break;
+
+	case VALIDATE_NOT_OK:
+	    (void) fprintf(stderr,
+		"Sorry, user %s is not allowed to execute \"%s",
+		user_name, cmnd);
+	
+	    /* print command args if they exist */
+	    if (cmnd_args) {
+		fputc(' ', stderr);
+		fputs(cmnd_args, stderr);
+	    }
+
+	    (void) fprintf(stderr, "\" as %s on %s.\n\n", runas_user, host);
+	    break;
+
+	case VALIDATE_ERROR:
+	    (void) fprintf(stderr,
+		"Sorry, there is a fatal error in the sudoers file.\n\n");
+	    break;
+
+	case GLOBAL_NO_PW_ENT:
+	    (void) fprintf(stderr,
+		"Intruder Alert!  You don't exist in the passwd file\n\n");
+	    break;
+
+	case GLOBAL_NO_SPW_ENT:
+	    (void) fprintf(stderr,
+		"Intruder Alert!  You don't exist in the shadow passwd file\n\n");
+	    break;
+
+	case GLOBAL_NO_HOSTNAME:
+	    (void) fprintf(stderr,
+		"This machine does not have a hostname\n\n");
+	    break;
+
+	case GLOBAL_HOST_UNREGISTERED:
+	    (void) fprintf(stderr,
+		"This machine is not available via gethostbyname()\n\n");
+	    break;
+
+	case PASSWORD_NOT_CORRECT:
+	    (void) fprintf(stderr, "Password not entered correctly\n\n");
+	    break;
+
+	case PASSWORDS_NOT_CORRECT:
+	    (void) fprintf(stderr, "Password not entered correctly after %d tries\n\n",
+		TRIES_FOR_PASSWORD);
+	    break;
+
+	case NO_SUDOERS_FILE:
+	    switch (errno) {
+		case ENOENT:
+		    (void) fprintf(stderr, "There is no %s file.\n",
+			_PATH_SUDO_SUDOERS);
+		    break;
+		default:
+		    (void) fprintf(stderr, "Can't read %s: ",
+			_PATH_SUDO_SUDOERS);
+		    perror("");
+		    break;
+	    }
+	    break;
+
+	case SUDOERS_NOT_FILE:
+	    (void) fprintf(stderr,
+		"%s is not a regular file!\n", _PATH_SUDO_SUDOERS);
+	    break;
+
+	case SUDOERS_WRONG_OWNER:
+	    (void) fprintf(stderr, "%s is not owned by uid %d and gid %d!\n",
+		_PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
+	    break;
+
+	case SUDOERS_WRONG_MODE:
+	    (void) fprintf(stderr, "%s must be mode %o!\n", _PATH_SUDO_SUDOERS,
+		SUDOERS_MODE);
+	    break;
+
+	case SPOOF_ATTEMPT:
+	    (void) fprintf(stderr,
+		"%s is not the same command that was validated, disallowing.\n",
+		cmnd);
+	    break;
+
+	case BAD_STAMPDIR:
+	    (void) fprintf(stderr,
+		"Timestamp directory has wrong permissions, ignoring.\n");
+	    break;
+
+	case BAD_STAMPFILE:
+	    (void) fprintf(stderr,
+		"Your timestamp file has a preposterous date, ignoring.\n");
+	    break;
+
+	default:
+	    (void) fprintf(stderr,
+		"Something wierd happened.\n\n");
+	    break;
+    }
+}
+
+
+
+/****************************************************************
+ *
+ *  appropriate()
+ *
+ *  This function determines whether to send mail or not...
+ */
+
+static int appropriate(code)
+    int code;
+{
+
+    switch (code) {
+
+    /* 
+     * these will NOT send mail
+     */
+    case VALIDATE_OK:
+    case VALIDATE_OK_NOPASS:
+    case PASSWORD_NOT_CORRECT:
+    case PASSWORDS_NOT_CORRECT:
+/*  case ALL_SYSTEMS_GO:               this is the same as OK */
+	return (0);
+	break;
+
+    case VALIDATE_NO_USER:
+#ifdef SEND_MAIL_WHEN_NO_USER
+	return (1);
+#else
+	return (0);
+#endif
+	break;
+
+    case VALIDATE_NOT_OK:
+#ifdef SEND_MAIL_WHEN_NOT_OK
+	return (1);
+#else
+	return (0);
+#endif
+	break;
+
+    /*
+     * these WILL send mail
+     */
+    case VALIDATE_ERROR:
+    case NO_SUDOERS_FILE:
+    case SPOOF_ATTEMPT:
+    case BAD_STAMPDIR:
+    case BAD_STAMPFILE:
+    default:
+	return (1);
+	break;
+
+    }
+}
diff --git a/gnu/usr.bin/sudo/sudo/options.h b/gnu/usr.bin/sudo/sudo/options.h
new file mode 100644
index 00000000000..47b7ceb3ea5
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/options.h
@@ -0,0 +1,110 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: options.h,v 1.1 1996/10/14 05:14:50 millert Exp $
+ */
+
+#ifndef _SUDO_OPTIONS_H
+#define _SUDO_OPTIONS_H
+
+/*
+ * DANGER DANGER DANGER!
+ * Before you change anything here read through the OPTIONS file
+ * for a description of what this stuff does.
+ */
+
+/* User-configurable Sudo runtime options */
+
+/*#define FQDN			/* expect fully qualified hosts in sudoers */
+#define LOGGING SLOG_SYSLOG	/* log via SLOG_SYSLOG, SLOG_FILE, SLOG_BOTH */
+#define LOGFAC LOG_LOCAL2	/* syslog facility for sudo to use */
+#define MAXLOGFILELEN 80	/* max chars per log line (for line wrapping) */
+/*#define NO_ROOT_SUDO		/* root is not allowed to use sudo */
+#define ALERTMAIL "root"	/* user that gets sudo mail */
+#define SEND_MAIL_WHEN_NO_USER	/* send mail when user not in sudoers file */
+/*#define SEND_MAIL_WHEN_NOT_OK	/* send mail if no permissions to run command */
+/*#define EXEMPTGROUP "sudo"	/* no passwd needed for users in this group */
+#define ENV_EDITOR		/* visudo honors EDITOR and VISUAL envars */
+#define SHORT_MESSAGE		/* short sudo message, no copyright printed */
+/*#define NO_MESSAGE		/* no sudo "lecture" message */
+#define TIMEOUT 5		/* minutes before sudo asks for passwd again */
+#define PASSWORD_TIMEOUT 0	/* passwd prompt timeout (in minutes) */
+#define TRIES_FOR_PASSWORD 3	/* number of tries to enter passwd correctly */
+#define USE_INSULTS		/* insult the user for incorrect passwords */
+#define CLASSIC_INSULTS		/* sudo "classic" insults--need USE_INSULTS */
+/*#define HAL_INSULTS		/* 2001-like insults--must define USE_INSULTS */
+/*#define GOONS_INSULTS		/* Goon Show insults--must define USE_INSULTS */
+#define CSOPS_INSULTS		/* CSOps insults--must define USE_INSULTS */
+#define EDITOR _PATH_VI		/* default editor to use */
+#define MAILER _PATH_SENDMAIL	/* what mailer to use */
+#define UMASK 0022		/* umask that the root-run prog should use */
+#define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */
+#define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */
+#define PASSPROMPT "Password:"	/* default password prompt */
+/*#define IGNORE_DOT_PATH	/* ignore '.' in $PATH if it exists */
+/*#define SECURE_PATH	"/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
+/*#define USE_EXECV		/* use execv() instead of execvp() */
+/*#define SHELL_IF_NO_ARGS	/* if sudo is given no arguments run a shell */
+/*#define SHELL_SETS_HOME	/* -s sets $HOME to runas user's homedir */
+/*#define USE_TTY_TICKETS	/* have a different ticket file for each tty */
+/*#define OTP_ONLY		/* validate user via OTP (skey/opie) only */
+/*#define LONG_OTP_PROMPT	/* use a two line OTP (skey/opie) prompt */
+#define FAST_MATCH		/* command check fails if basenames not same */
+#ifndef SUDOERS_MODE
+#define SUDOERS_MODE 0440	/* file mode for sudoers (octal) */
+#endif /* SUDOERS_MODE */
+#ifndef SUDOERS_UID
+#define SUDOERS_UID 0		/* user id that owns sudoers (*not* a name) */
+#endif /* SUDOERS_UID */
+#ifndef SUDOERS_GID
+#define SUDOERS_GID 0		/* group id that owns sudoers (*not* a name) */
+#endif /* SUDOERS_GID */
+
+/**********  You probably don't want to modify anything below here  ***********/
+
+#ifdef USE_EXECV
+#  define EXEC	execv
+#else
+#  define EXEC	execvp
+#endif /* USE_EXECV */
+
+/*
+ * syslog(3) parameters
+ */
+
+#if (LOGGING & SLOG_SYSLOG)
+#  include <syslog.h>
+#  ifndef Syslog_ident
+#    define Syslog_ident	"sudo"
+#  endif
+#  ifndef Syslog_options
+#    define Syslog_options	0
+#  endif
+#  if !defined(Syslog_facility) && defined(LOG_NFACILITIES)
+#    define Syslog_facility	LOGFAC
+#  endif
+#  ifndef Syslog_priority_OK
+#    define Syslog_priority_OK	LOG_NOTICE
+#  endif
+#  ifndef Syslog_priority_NO
+#    define Syslog_priority_NO	LOG_ALERT
+#  endif
+#endif	/* LOGGING & SLOG_SYSLOG */
+
+#endif /* _SUDO_OPTIONS_H */
diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c
new file mode 100644
index 00000000000..1e09e3eacf9
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/parse.c
@@ -0,0 +1,446 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ * parse.c -- sudo parser frontend and comparison routines.
+ *
+ * Chris Jepeway <jepeway@cs.utk.edu>
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: parse.c,v 1.1 1996/10/14 05:14:51 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#  include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#  include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#  include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H)
+#  include <fnmatch.h>
+#else
+#  ifndef HAVE_FNMATCH
+#    include "emul/fnmatch.h"
+#  endif /* HAVE_FNMATCH */
+#endif /* HAVE_FNMATCH_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#  include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_NETGROUP_H
+#  include <netgroup.h>
+#endif /* HAVE_NETGROUP_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <sys/stat.h>
+#if HAVE_DIRENT_H
+#  include <dirent.h>
+#  define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+#  define dirent direct
+#  define NAMLEN(dirent) (dirent)->d_namlen
+#  if HAVE_SYS_NDIR_H
+#    include <sys/ndir.h>
+#  endif
+#  if HAVE_SYS_DIR_H
+#    include <sys/dir.h>
+#  endif
+#  if HAVE_NDIR_H
+#    include <ndir.h>
+#  endif
+#endif
+
+#include "sudo.h"
+#include <options.h>
+
+/*
+ * Globals
+ */
+int parse_error = FALSE;
+extern FILE *yyin, *yyout;
+extern int printmatches;
+
+/*
+ * Prototypes
+ */
+static int has_meta	__P((char *));
+       void init_parser	__P((void));
+
+/*
+ * This routine is called from the sudo.c module and tries to validate
+ * the user, host and command triplet.
+ */
+int validate(check_cmnd)
+    int check_cmnd;
+{
+    FILE *sudoers_fp;
+    int return_code;
+
+    /* become sudoers file owner */
+    set_perms(PERM_SUDOERS, 0);
+
+    if ((sudoers_fp = fopen(_PATH_SUDO_SUDOERS, "r")) == NULL) {
+	perror(_PATH_SUDO_SUDOERS);
+	log_error(NO_SUDOERS_FILE);
+	exit(1);
+    }
+    yyin = sudoers_fp;
+    yyout = stdout;
+
+    /*
+     * Allocate space for data structures in the parser.
+     */
+    init_parser();
+
+    /*
+     * Need to be root while stat'ing things in the parser.
+     */
+    set_perms(PERM_ROOT, 0);
+    return_code = yyparse();
+
+    /*
+     * Don't need to keep this open...
+     */
+    (void) fclose(sudoers_fp);
+
+    /* relinquish extra privs */
+    set_perms(PERM_USER, 0);
+
+    if (return_code || parse_error)
+	return(VALIDATE_ERROR);
+
+    /*
+     * Nothing on the top of the stack => user doesn't appear in sudoers.
+     * Allow anyone to try the psuedo commands "list" and "validate".
+     */
+    if (top == 0) {
+	if (check_cmnd == TRUE)
+	    return(VALIDATE_NO_USER);
+	else
+	    return(VALIDATE_NOT_OK);
+    }
+
+    /*
+     * Only check the actual command if the check_cmnd
+     * flag is set.  It is not set for the "validate"
+     * and "list" pseudo-commands.  Always check the
+     * host and user.
+     */
+    if (check_cmnd == FALSE)
+	while (top) {
+	    if (host_matches == TRUE)
+		/* user may always do validate or list on allowed hosts */
+		if (no_passwd == TRUE)
+		    return(VALIDATE_OK_NOPASS);
+		else
+		    return(VALIDATE_OK);
+	    top--;
+	}
+    else
+	while (top) {
+	    if (host_matches == TRUE) {
+		if (cmnd_matches == TRUE) {
+		   if (runas_matches == TRUE) {
+		    	/*
+			 * User was granted access to cmnd on host.
+		    	 * If no passwd required return as such.
+			 */
+		    	if (no_passwd == TRUE)
+			    return(VALIDATE_OK_NOPASS);
+		    	else
+			    return(VALIDATE_OK);
+		    }
+		} else if (cmnd_matches == FALSE) {
+		    /* User was explicitly denied acces to cmnd on host. */
+		    return(VALIDATE_NOT_OK);
+		}
+	    }
+	    top--;
+	}
+
+    /*
+     * we popped everything off the stack =>
+     * user was mentioned, but not explicitly
+     * granted nor denied access => say no
+     */
+    return(VALIDATE_NOT_OK);
+}
+
+
+
+/*
+ * If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
+ * otherwise, return TRUE if cmnd names one of the inodes in path.
+ */
+int command_matches(cmnd, user_args, path, sudoers_args)
+    char *cmnd;
+    char *user_args;
+    char *path;
+    char *sudoers_args;
+{
+    int plen;
+    struct stat pst;
+    DIR *dirp;
+    struct dirent *dent;
+    char buf[MAXPATHLEN+1];
+    static char *c;
+
+    /* don't bother with pseudo commands like "validate" */
+    if (*cmnd != '/')
+	return(FALSE);
+
+    /* only need to stat cmnd once since it never changes */
+    if (cmnd_st.st_dev == 0) {
+	if (stat(cmnd, &cmnd_st) < 0)
+	    return(FALSE);
+	if ((c = strrchr(cmnd, '/')) == NULL)
+	    c = cmnd;
+	else
+	    c++;
+    }
+
+    /*
+     * If the pathname has meta characters in it use fnmatch(3)
+     * to do the matching
+     */
+    if (has_meta(path)) {
+	/*
+	 * Return true if fnmatch(3) succeeds and there are no args
+	 * (in sudoers or command) or if the args match;
+	 * else return false.
+	 */
+	if (fnmatch(path, cmnd, FNM_PATHNAME))
+	    return(FALSE);
+	if (!sudoers_args)
+	    return(TRUE);
+	else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
+	    return(TRUE);
+	else if (sudoers_args)
+	    return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
+	else
+	    return(FALSE);
+    } else {
+	plen = strlen(path);
+	if (path[plen - 1] != '/') {
+#ifdef FAST_MATCH
+	    char *p;
+
+	    /* Only proceed if the basenames of cmnd and path are the same */
+	    if ((p = strrchr(path, '/')) == NULL)
+		p = path;
+	    else
+		p++;
+	    if (strcmp(c, p))
+		return(FALSE);
+#endif /* FAST_MATCH */
+
+	    if (stat(path, &pst) < 0)
+		return(FALSE);
+
+	    /*
+	     * Return true if inode/device matches and there are no args
+	     * (in sudoers or command) or if the args match;
+	     * else return false.
+	     */
+	    if (cmnd_st.st_dev != pst.st_dev || cmnd_st.st_ino != pst.st_ino)
+		return(FALSE);
+	    if (!sudoers_args)
+		return(TRUE);
+	    else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
+		return(TRUE);
+	    else if (sudoers_args)
+		return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
+	    else
+		return(FALSE);
+	}
+
+	/*
+	 * Grot through path's directory entries, looking for cmnd.
+	 */
+	dirp = opendir(path);
+	if (dirp == NULL)
+	    return(FALSE);
+
+	while ((dent = readdir(dirp)) != NULL) {
+	    strcpy(buf, path);
+	    strcat(buf, dent->d_name);
+#ifdef FAST_MATCH
+	    /* only stat if basenames are not the same */
+	    if (strcmp(c, dent->d_name))
+		continue;
+#endif /* FAST_MATCH */
+	    if (stat(buf, &pst) < 0)
+		continue;
+	    if (cmnd_st.st_dev == pst.st_dev && cmnd_st.st_ino == pst.st_ino)
+		break;
+	}
+
+	closedir(dirp);
+	return(dent != NULL);
+    }
+}
+
+
+
+/*
+ * Returns TRUE if "n" is one of our ip addresses or if
+ * "n" is a network that we are on, else returns FALSE.
+ */
+int addr_matches(n)
+    char *n;
+{
+    int i;
+    char *m;
+    struct in_addr addr, mask;
+
+    /* If there's an explicate netmask, use it. */
+    if ((m = strchr(n, '/'))) {
+	*m++ = '\0';
+	mask.s_addr = inet_addr(m);
+	addr.s_addr = inet_addr(n);
+	*(m - 1) = '/';
+
+	for (i = 0; i < num_interfaces; i++)
+	    if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr)
+		return(TRUE);
+    } else {
+	addr.s_addr = inet_addr(n);
+
+	for (i = 0; i < num_interfaces; i++)
+	    if (interfaces[i].addr.s_addr == addr.s_addr ||
+		(interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr)
+		== addr.s_addr)
+		return(TRUE);
+    }
+
+    return(FALSE);
+}
+
+
+
+/*
+ *  Returns TRUE if the given user belongs to the named group,
+ *  else returns FALSE.
+ */
+int usergr_matches(group, user)
+    char *group;
+    char *user;
+{
+    struct group *grpent;
+    char **cur;
+
+    /* make sure we have a valid usergroup, sudo style */
+    if (*group++ != '%')
+	return(FALSE);
+
+    if ((grpent = getgrnam(group)) == NULL) 
+	return(FALSE);
+
+    /*
+     * Check against user's real gid as well as group's user list
+     */
+    if (grpent->gr_gid == user_gid)
+	return(TRUE);
+
+    for (cur=grpent->gr_mem; *cur; cur++) {
+	if (strcmp(*cur, user) == 0)
+	    return(TRUE);
+    }
+
+    return(FALSE);
+}
+
+
+
+/*
+ * Returns TRUE if "host" and "user" belong to the netgroup "netgr",
+ * else return FALSE.  Either of "host" or "user" may be NULL
+ * in which case that argument is not checked...
+ */
+int netgr_matches(netgr, host, user)
+    char *netgr;
+    char *host;
+    char *user;
+{
+#ifdef HAVE_GETDOMAINNAME
+    static char *domain = (char *) -1;
+#else
+    static char *domain = NULL;
+#endif /* HAVE_GETDOMAINNAME */
+
+    /* make sure we have a valid netgroup, sudo style */
+    if (*netgr++ != '+')
+	return(FALSE);
+
+#ifdef HAVE_GETDOMAINNAME
+    /* get the domain name (if any) */
+    if (domain == (char *) -1) {
+	if ((domain = (char *) malloc(MAXHOSTNAMELEN + 1)) == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+
+	if (getdomainname(domain, MAXHOSTNAMELEN + 1) != 0 || *domain == '\0') {
+	    (void) free(domain);
+	    domain = NULL;
+	}
+    }
+#endif /* HAVE_GETDOMAINNAME */
+
+#ifdef HAVE_INNETGR
+    return(innetgr(netgr, host, user, domain));
+#else
+    return(FALSE);
+#endif /* HAVE_INNETGR */
+}
+
+
+
+/*
+ * Returns TRUE if "s" has shell meta characters in it,
+ * else returns FALSE.
+ */
+static int has_meta(s)
+    char *s;
+{
+    register char *t;
+    
+    for (t = s; *t; t++) {
+	if (*t == '\\' || *t == '?' || *t == '*' || *t == '[' || *t == ']')
+	    return(TRUE);
+    }
+    return(FALSE);
+}
diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex
new file mode 100644
index 00000000000..b2b541a4909
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/parse.lex
@@ -0,0 +1,354 @@
+%{
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ * parse.lex -- lexigraphical analyzer for sudo.
+ *
+ * Chris Jepeway <jepeway@cs.utk.edu>
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: parse.lex,v 1.1 1996/10/14 05:14:51 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include "sudo.h"
+#include <options.h>
+#include "y.tab.h"
+
+#undef yywrap		/* guard against a yywrap macro */
+
+extern YYSTYPE yylval;
+extern int clearaliases;
+int sudolineno = 1;
+static int sawspace = 0;
+static int arg_len = 0;
+static int arg_size = 0;
+
+static void fill		__P((char *, int));
+static void fill_cmnd		__P((char *, int));
+static void fill_args		__P((char *, int, int));
+extern void reset_aliases	__P((void));
+extern void yyerror		__P((char *));
+
+/* realloc() to size + COMMANDARGINC to make room for command args */
+#define COMMANDARGINC	64
+
+#ifdef TRACELEXER
+#define LEXTRACE(msg)	fputs(msg, stderr)
+#else
+#define LEXTRACE(msg)
+#endif
+%}
+
+OCTET			[[:digit:]]{1,3}
+DOTTEDQUAD		{OCTET}(\.{OCTET}){3}
+WORD			[[:alnum:]_-]+
+
+%e	4000
+%p	6000
+%k	3500
+
+%s	GOTCMND
+%s	GOTRUNAS
+
+%%
+[ \t]+			{			/* throw away space/tabs */
+			    sawspace = TRUE;	/* but remember for fill_args */
+			}
+
+\\\n			{ 
+			    sawspace = TRUE;	/* remember for fill_args */
+			    ++sudolineno;
+			    LEXTRACE("\n\t");
+			}			/* throw away EOL after \ */
+
+<GOTCMND>\\[:\,=\\ \t] {
+			    LEXTRACE("QUOTEDCHAR ");
+			    fill_args(yytext + 1, 1, sawspace);
+			    sawspace = FALSE;
+			}
+
+<GOTCMND>[:\,=\n]	{
+			    BEGIN INITIAL;
+			    unput(*yytext);
+			    return(COMMAND);
+			}			/* end of command line args */
+
+\n			{ 
+			    ++sudolineno; 
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* return newline */
+
+<INITIAL>#.*\n		{
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* return comments */
+
+<GOTCMND>[^:\,= \t\n]+ {
+			    LEXTRACE("ARG ");
+			    fill_args(yytext, yyleng, sawspace);
+			    sawspace = FALSE;
+			  }			/* a command line arg */
+
+\,			{
+			    LEXTRACE(", ");
+			    return(',');
+			}			/* return ',' */
+
+\!			{
+			    return('!');		/* return '!' */
+			}
+
+=			{
+			    LEXTRACE("= ");
+			    return('=');
+			}			/* return '=' */
+
+:			{
+			    LEXTRACE(": ");
+			    return(':');
+			}			/* return ':' */
+
+\.			{
+			    return('.');
+			}
+
+NOPASSWD[[:blank:]]*:	{ 
+				/* cmnd does not require passwd for this user */
+			    	LEXTRACE("NOPASSWD ");
+			    	return(NOPASSWD);
+			}
+
+\+{WORD}		{
+			    /* netgroup */
+			    fill(yytext, yyleng);
+			    return(NETGROUP);
+			}
+
+\%{WORD}		{
+			    /* UN*X group */
+			    fill(yytext, yyleng);
+			    return(USERGROUP);
+			}
+
+{DOTTEDQUAD}(\/{DOTTEDQUAD})? {
+			    fill(yytext, yyleng);
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+
+[[:alpha:]][[:alnum:]_-]*(\.{WORD})+ {
+			    fill(yytext, yyleng);
+			    LEXTRACE("FQHOST ");
+			    return(FQHOST);
+			}
+
+<INITIAL>\(		{
+				BEGIN GOTRUNAS;
+				LEXTRACE("RUNAS ");
+				return (RUNAS);
+			}
+
+<GOTRUNAS>[[:upper:]][[:upper:][:digit:]_]* {
+			    /* User_Alias that user can run command as or ALL */
+			    fill(yytext, yyleng);
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    } else {
+				LEXTRACE("ALIAS ");
+				return(ALIAS);
+			    }
+			}
+
+<GOTRUNAS>#?{WORD}	{
+			    /* username/uid that user can run command as */
+			    fill(yytext, yyleng);
+			    LEXTRACE("NAME ");
+			    return(NAME);
+			}
+
+<GOTRUNAS>\)		BEGIN INITIAL;
+
+
+\/[^\,:=\\ \t\n#]+	{
+			    /* directories can't have args... */
+			    if (yytext[yyleng - 1] == '/') {
+				LEXTRACE("COMMAND ");
+				fill_cmnd(yytext, yyleng);
+				return(COMMAND);
+			    } else {
+				BEGIN GOTCMND;
+				LEXTRACE("COMMAND ");
+				fill_cmnd(yytext, yyleng);
+			    }
+			}			/* a pathname */
+
+[[:upper:]][[:upper:][:digit:]_]*	{
+			    fill(yytext, yyleng);
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    }
+			    LEXTRACE("ALIAS ");
+			    return(ALIAS);
+			}
+
+[[:alnum:]][[:alnum:]_-]*	{
+			    int l;
+
+			    fill(yytext, yyleng);
+			    if (strcmp(yytext, "Host_Alias") == 0) {
+				LEXTRACE("HOSTALIAS ");
+				return(HOSTALIAS);
+			    }
+			    if (strcmp(yytext, "Cmnd_Alias") == 0) {
+				LEXTRACE("CMNDALIAS ");
+				return(CMNDALIAS);
+			    }
+			    if (strcmp(yytext, "User_Alias") == 0) {
+				LEXTRACE("USERALIAS ");
+				return(USERALIAS);
+			    }
+			    l = yyleng - 1;
+			    if (isalpha(yytext[l]) || isdigit(yytext[l])) {
+				/* NAME is what RFC1034 calls a label */
+				LEXTRACE("NAME ");
+				return(NAME);
+			    }
+
+			    return(ERROR);
+			}
+
+.			{
+			    return(ERROR);
+			}	/* parse error */
+
+%%
+static void fill(s, len)
+    char *s;
+    int len;
+{
+    yylval.string = (char *) malloc(len + 1);
+    if (yylval.string == NULL)
+	yyerror("unable to allocate memory");
+
+    /* copy the string and NULL-terminate it */
+    (void) strncpy(yylval.string, s, len);
+    yylval.string[len] = '\0';
+}
+
+
+static void fill_cmnd(s, len)
+    char *s;
+    int len;
+{
+    arg_len = arg_size = 0;
+
+    yylval.command.cmnd = (char *) malloc(len + 1);
+    if (yylval.command.cmnd == NULL)
+	yyerror("unable to allocate memory");
+
+    /* copy the string and NULL-terminate it */
+    (void) strncpy(yylval.command.cmnd, s, len);
+    yylval.command.cmnd[len] = '\0';
+
+    yylval.command.args = NULL;
+}
+
+
+static void fill_args(s, len, addspace)
+    char *s;
+    int len;
+    int addspace;
+{
+    int new_len;
+    char *p;
+
+    /*
+     * If first arg, malloc() some room, else if we don't
+     * have enough space realloc() some more.
+     */
+    if (yylval.command.args == NULL) {
+	addspace = 0;
+	new_len = len;
+
+	while (new_len >= (arg_size += COMMANDARGINC))
+	    ;
+
+	yylval.command.args = (char *) malloc(arg_size);
+	if (yylval.command.args == NULL)
+	    yyerror("unable to allocate memory");
+    } else {
+	new_len = arg_len + len + addspace;
+
+	if (new_len >= arg_size) {
+	    /* Allocate more space than we need for subsequent args */
+	    while (new_len >= (arg_size += COMMANDARGINC))
+		;
+
+	    yylval.command.args = (char *) realloc(yylval.command.args, arg_size);
+	    if (yylval.command.args == NULL)
+		yyerror("unable to allocate memory");
+	}
+    }
+
+    /* Efficiently append the arg (with a leading space if needed). */
+    p = yylval.command.args + arg_len;
+    if (addspace)
+	*p++ = ' ';
+    (void) strcpy(p, s);
+    arg_len = new_len;
+}
+
+
+int yywrap()
+{
+#ifdef YY_NEW_FILE
+    YY_NEW_FILE;
+#endif /* YY_NEW_FILE */
+
+    /* don't reset the aliases if called by testsudoers */
+    if (clearaliases)
+	reset_aliases();
+
+    return(TRUE);
+}
diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc
new file mode 100644
index 00000000000..4508a99a411
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/parse.yacc
@@ -0,0 +1,954 @@
+%{
+
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ * parse.yacc -- yacc parser and alias manipulation routines for sudo.
+ *
+ * Chris Jepeway <jepeway@cs.utk.edu>
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: parse.yacc,v 1.1 1996/10/14 05:14:52 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_LSEARCH
+#include <search.h>
+#endif /* HAVE_LSEARCH */
+
+#include <options.h>
+#include "sudo.h"
+
+#ifndef HAVE_LSEARCH
+#include "emul/search.h"
+#endif /* HAVE_LSEARCH */
+
+#ifndef HAVE_STRCASECMP
+#define strcasecmp(a,b)		strcmp(a,b)
+#endif /* !HAVE_STRCASECMP */
+
+/*
+ * Globals
+ */
+extern int sudolineno, parse_error;
+int errorlineno = -1;
+int clearaliases = 1;
+int printmatches = FALSE;
+
+/*
+ * Alias types
+ */
+#define HOST			 1
+#define CMND			 2
+#define USER			 3
+
+/*
+ * The matching stack, initial space allocated in init_parser().
+ */
+struct matchstack *match;
+int top = 0, stacksize = 0;
+
+#define push \
+    { \
+	if (top > stacksize) { \
+	    while ((stacksize += STACKINCREMENT) < top); \
+	    match = (struct matchstack *) realloc(match, sizeof(struct matchstack) * stacksize); \
+	    if (match == NULL) { \
+		perror("malloc"); \
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); \
+		exit(1); \
+	    } \
+	} \
+	match[top].user   = -1; \
+	match[top].cmnd   = -1; \
+	match[top].host   = -1; \
+	match[top].runas  = -1; \
+	match[top].nopass = -1; \
+	top++; \
+    }
+
+#define pop \
+    { \
+	if (top == 0) \
+	    yyerror("matching stack underflow"); \
+	else \
+	    top--; \
+    }
+
+/*
+ * The stack for printmatches.  A list of allowed commands for the user.
+ */
+static struct command_match *cm_list = NULL;
+static size_t cm_list_len = 0, cm_list_size = 0;
+
+/*
+ * List of Cmnd_Aliases and expansions for `sudo -l'
+ */
+static int in_alias = FALSE;
+static size_t ca_list_len = 0, ca_list_size = 0;
+static struct command_alias *ca_list = NULL;
+
+/*
+ * Protoypes
+ */
+extern int  command_matches	__P((char *, char *, char *, char *));
+extern int  addr_matches	__P((char *));
+extern int  netgr_matches	__P((char *, char *, char *));
+extern int  usergr_matches	__P((char *, char *));
+static int  find_alias		__P((char *, int));
+static int  add_alias		__P((char *, int));
+static int  more_aliases	__P((size_t));
+static void append		__P((char *, char **, size_t *, size_t *, int));
+static void expand_ca_list	__P((void));
+static void expand_match_list	__P((void));
+       void init_parser		__P((void));
+       void yyerror		__P((char *));
+
+void yyerror(s)
+    char *s;
+{
+    /* save the line the first error occured on */
+    if (errorlineno == -1)
+	errorlineno = sudolineno;
+#ifndef TRACELEXER
+    (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s, sudolineno);
+#else
+    (void) fprintf(stderr, "<*> ");
+#endif
+    parse_error = TRUE;
+}
+%}
+
+%union {
+    char *string;
+    int BOOLEAN;
+    struct sudo_command command;
+    int tok;
+}
+
+
+%start file				/* special start symbol */
+%token <string>  ALIAS			/* an UPPERCASE alias name */
+%token <string>  NTWKADDR		/* w.x.y.z */
+%token <string>  FQHOST			/* foo.bar.com */
+%token <string>  NETGROUP		/* a netgroup (+NAME) */
+%token <string>  USERGROUP		/* a usergroup (%NAME) */
+%token <string>  NAME			/* a mixed-case name */
+%token <tok> 	 RUNAS			/* a mixed-case runas name */
+%token <tok> 	 NOPASSWD		/* no passwd req for command*/
+%token <command> COMMAND		/* an absolute pathname */
+%token <tok>	 COMMENT		/* comment and/or carriage return */
+%token <tok>	 ALL			/* ALL keyword */
+%token <tok>	 HOSTALIAS		/* Host_Alias keyword */
+%token <tok>	 CMNDALIAS		/* Cmnd_Alias keyword */
+%token <tok>	 USERALIAS		/* User_Alias keyword */
+%token <tok>	 ':' '=' ',' '!' '.'	/* union member tokens */
+%token <tok>	 ERROR
+
+%type <BOOLEAN>	 cmnd
+%type <BOOLEAN>	 opcmnd
+%type <BOOLEAN>	 runasspec
+%type <BOOLEAN>	 runaslist
+%type <BOOLEAN>	 runasuser
+%type <BOOLEAN>	 nopasswd
+
+%%
+
+file		:	entry
+		|	file entry
+		;
+
+entry		:	COMMENT
+			    { ; }
+                |       error COMMENT
+			    { yyerrok; }
+		|	{ push; } user privileges {
+			    while (top && user_matches != TRUE) {
+				pop;
+			    }
+			}
+		|	USERALIAS useraliases
+			    { ; }
+		|	HOSTALIAS hostaliases
+			    { ; }
+		|	CMNDALIAS cmndaliases
+			    { ; }
+		;
+		
+
+privileges	:	privilege
+		|	privileges ':' privilege
+		;
+
+privilege	:	hostspec '=' cmndspeclist {
+			    if (user_matches == TRUE) {
+				push;
+				user_matches = TRUE;
+			    } else {
+				no_passwd = -1;
+				runas_matches = -1;
+			    }
+			}
+		;
+
+hostspec	:	ALL {
+			    host_matches = TRUE;
+			}
+		|	NTWKADDR {
+			    if (addr_matches($1))
+				host_matches = TRUE;
+			    (void) free($1);
+			}
+		|	NETGROUP {
+			    if (netgr_matches($1, host, NULL))
+				host_matches = TRUE;
+			    (void) free($1);
+			}
+		|	NAME {
+			    if (strcasecmp(shost, $1) == 0)
+				host_matches = TRUE;
+			    (void) free($1);
+			}
+		|	FQHOST {
+			    if (strcasecmp(host, $1) == 0)
+				host_matches = TRUE;
+			    (void) free($1);
+			}
+		|	ALIAS {
+			    /* could be an all-caps hostname */
+			    if (find_alias($1, HOST) || !strcasecmp(shost, $1))
+				host_matches = TRUE;
+			    (void) free($1);
+			}
+		;
+
+cmndspeclist	:	cmndspec
+		|	cmndspeclist ',' cmndspec
+		;
+
+cmndspec	:	runasspec nopasswd opcmnd {
+			    if ($1 > 0 && $3 == TRUE) {
+				runas_matches = TRUE;
+				if ($2 == TRUE)
+				    no_passwd = TRUE;
+			    } else if (printmatches == TRUE) {
+				cm_list[cm_list_len].runas_len = 0;
+				cm_list[cm_list_len].cmnd_len = 0;
+				cm_list[cm_list_len].nopasswd = FALSE;
+			    }
+			}
+		;
+
+opcmnd		:	cmnd { ; }
+		|	'!' {
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE) {
+				append("!", &cm_list[cm_list_len].cmnd,
+				       &cm_list[cm_list_len].cmnd_len,
+				       &cm_list[cm_list_len].cmnd_size, 0);
+				push;
+				user_matches = TRUE;
+				host_matches = TRUE;
+			    } else {
+				push;
+			    }
+			} opcmnd {
+			    int cmnd_matched = cmnd_matches;
+			    pop;
+			    if (cmnd_matched == TRUE)
+				cmnd_matches = FALSE;
+			    else if (cmnd_matched == FALSE)
+				cmnd_matches = TRUE;
+			    $$ = cmnd_matches;
+			}
+		;
+
+runasspec	:	/* empty */ {
+			    $$ = (strcmp("root", runas_user) == 0);
+			}
+		|	RUNAS runaslist {
+			    $$ = $2;
+			}
+		;
+
+runaslist	:	runasuser {
+			    $$ = $1;
+			}
+		|	runaslist ',' runasuser	{
+			    $$ = $1 + $3;
+			}
+		;
+
+
+runasuser	:	NAME {
+			    $$ = (strcmp($1, runas_user) == 0);
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE)
+				append($1, &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, ':');
+			    (void) free($1);
+			}
+		|	USERGROUP {
+			    $$ = usergr_matches($1, runas_user);
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE) {
+				append("%", &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, ':');
+				append($1, &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, 0);
+			    }
+			    (void) free($1);
+			}
+		|	NETGROUP {
+			    $$ = netgr_matches($1, NULL, runas_user);
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE) {
+				append("+", &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, ':');
+				append($1, &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, 0);
+			    }
+			    (void) free($1);
+			}
+		|	ALIAS {
+			    /* could be an all-caps username */
+			    if (find_alias($1, USER) || !strcmp($1, runas_user))
+				$$ = TRUE;
+			    else
+				$$ = FALSE;
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE)
+				append($1, &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, ':');
+			    (void) free($1);
+			}
+		|	ALL {
+			    $$ = TRUE;
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE)
+				append("ALL", &cm_list[cm_list_len].runas,
+				       &cm_list[cm_list_len].runas_len,
+				       &cm_list[cm_list_len].runas_size, ':');
+			}
+		;
+
+nopasswd	:	/* empty */ {
+			    $$ = FALSE;
+			}
+		|	NOPASSWD {
+			    $$ = TRUE;
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE)
+				cm_list[cm_list_len].nopasswd = TRUE;
+			}
+		;
+
+cmnd		:	ALL {
+			    if (printmatches == TRUE && in_alias == TRUE) {
+				append("ALL", &ca_list[ca_list_len-1].entries,
+				       &ca_list[ca_list_len-1].entries_len,
+				       &ca_list[ca_list_len-1].entries_size, ',');
+			    }
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE) {
+				append("ALL", &cm_list[cm_list_len].cmnd,
+				       &cm_list[cm_list_len].cmnd_len,
+				       &cm_list[cm_list_len].cmnd_size, 0);
+				expand_match_list();
+			    }
+
+			    cmnd_matches = TRUE;
+			    $$ = TRUE;
+			}
+		|	ALIAS {
+			    if (printmatches == TRUE && in_alias == TRUE) {
+				append($1, &ca_list[ca_list_len-1].entries,
+				       &ca_list[ca_list_len-1].entries_len,
+				       &ca_list[ca_list_len-1].entries_size, ',');
+			    }
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE) {
+				append($1, &cm_list[cm_list_len].cmnd,
+				       &cm_list[cm_list_len].cmnd_len,
+				       &cm_list[cm_list_len].cmnd_size, 0);
+				expand_match_list();
+			    }
+			    if (find_alias($1, CMND)) {
+				cmnd_matches = TRUE;
+				$$ = TRUE;
+			    }
+			    (void) free($1);
+			}
+		|	 COMMAND {
+			    if (printmatches == TRUE && in_alias == TRUE) {
+				append($1.cmnd, &ca_list[ca_list_len-1].entries,
+				       &ca_list[ca_list_len-1].entries_len,
+				       &ca_list[ca_list_len-1].entries_size, ',');
+				if ($1.args)
+				    append($1.args, &ca_list[ca_list_len-1].entries,
+					&ca_list[ca_list_len-1].entries_len,
+					&ca_list[ca_list_len-1].entries_size, ' ');
+			    }
+			    if (printmatches == TRUE && host_matches == TRUE &&
+				user_matches == TRUE)  {
+				append($1.cmnd, &cm_list[cm_list_len].cmnd,
+				       &cm_list[cm_list_len].cmnd_len,
+				       &cm_list[cm_list_len].cmnd_size, 0);
+				if ($1.args)
+				    append($1.args, &cm_list[cm_list_len].cmnd,
+					   &cm_list[cm_list_len].cmnd_len,
+					   &cm_list[cm_list_len].cmnd_size, ' ');
+				expand_match_list();
+			    }
+
+			    /* if NewArgc > 1 pass ptr to 1st arg, else NULL */
+			    if (command_matches(cmnd, (NewArgc > 1) ?
+				    cmnd_args : NULL, $1.cmnd, $1.args)) {
+				cmnd_matches = TRUE;
+				$$ = TRUE;
+			    }
+
+			    (void) free($1.cmnd);
+			    if ($1.args)
+				(void) free($1.args);
+			}
+		;
+
+hostaliases	:	hostalias
+		|	hostaliases ':' hostalias
+		;
+
+hostalias	:	ALIAS { push; } '=' hostlist {
+			    if (host_matches == TRUE && !add_alias($1, HOST))
+				YYERROR;
+			    pop;
+			}
+		;
+
+hostlist	:	hostspec
+		|	hostlist ',' hostspec
+		;
+
+cmndaliases	:	cmndalias
+		|	cmndaliases ':' cmndalias
+		;
+
+cmndalias	:	ALIAS {
+			    push;
+			    if (printmatches == TRUE) {
+				in_alias = TRUE;
+				/* Allocate space for ca_list if necesary. */
+				expand_ca_list();
+				if (!(ca_list[ca_list_len-1].alias = strdup($1))){
+				    perror("malloc");
+				    (void) fprintf(stderr,
+				      "%s: cannot allocate memory!\n", Argv[0]);
+				    exit(1);
+				 }
+			     }
+			} '=' cmndlist {
+			    if (cmnd_matches == TRUE && !add_alias($1, CMND))
+				YYERROR;
+			    pop;
+			    (void) free($1);
+
+			    if (printmatches == TRUE)
+				in_alias = FALSE;
+			}
+		;
+
+cmndlist	:	cmnd
+			    { ; }
+		|	cmndlist ',' cmnd
+		;
+
+useraliases	:	useralias
+		|	useraliases ':' useralias
+		;
+
+useralias	:	ALIAS { push; }	'=' userlist {
+			    if (user_matches == TRUE && !add_alias($1, USER))
+				YYERROR;
+			    pop;
+			    (void) free($1);
+			}
+		;
+
+userlist	:	user
+			    { ; }
+		|	userlist ',' user
+		;
+
+user		:	NAME {
+			    if (strcmp($1, user_name) == 0)
+				user_matches = TRUE;
+			    (void) free($1);
+			}
+		|	USERGROUP {
+			    if (usergr_matches($1, user_name))
+				user_matches = TRUE;
+			    (void) free($1);
+			}
+		|	NETGROUP {
+			    if (netgr_matches($1, NULL, user_name))
+				user_matches = TRUE;
+			    (void) free($1);
+			}
+		|	ALIAS {
+			    /* could be an all-caps username */
+			    if (find_alias($1, USER) || !strcmp($1, user_name))
+				user_matches = TRUE;
+			    (void) free($1);
+			}
+		|	ALL {
+			    user_matches = TRUE;
+			}
+		;
+
+%%
+
+
+typedef struct {
+    int type;
+    char name[BUFSIZ];
+} aliasinfo;
+
+#define MOREALIASES (32)
+aliasinfo *aliases = NULL;
+size_t naliases = 0;
+size_t nslots = 0;
+
+
+/**********************************************************************
+ *
+ * aliascmp()
+ *
+ *  This function compares two aliasinfo structures.
+ */
+
+static int aliascmp(a1, a2)
+    const VOID *a1, *a2;
+{
+    int r;
+    aliasinfo *ai1, *ai2;
+
+    ai1 = (aliasinfo *) a1;
+    ai2 = (aliasinfo *) a2;
+    r = strcmp(ai1->name, ai2->name);
+    if (r == 0)
+	r = ai1->type - ai2->type;
+
+    return(r);
+}
+
+
+/**********************************************************************
+ *
+ * cmndaliascmp()
+ *
+ *  This function compares two command_alias structures.
+ */
+
+static int cmndaliascmp(entry, key)
+    const VOID *entry, *key;
+{
+    struct command_alias *ca1 = (struct command_alias *) key;
+    struct command_alias *ca2 = (struct command_alias *) entry;
+
+    return(strcmp(ca1->alias, ca2->alias));
+}
+
+
+/**********************************************************************
+ *
+ * add_alias()
+ *
+ *  This function adds the named alias of the specified type to the
+ *  aliases list.
+ */
+
+static int add_alias(alias, type)
+    char *alias;
+    int type;
+{
+    aliasinfo ai, *aip;
+    char s[512];
+    int ok;
+
+    ok = FALSE;			/* assume failure */
+    ai.type = type;
+    (void) strcpy(ai.name, alias);
+    if (lfind((VOID *)&ai, (VOID *)aliases, &naliases, sizeof(ai),
+	aliascmp) != NULL) {
+	(void) sprintf(s, "Alias `%s' already defined", alias);
+	yyerror(s);
+    } else {
+	if (naliases == nslots && !more_aliases(nslots)) {
+	    (void) sprintf(s, "Out of memory defining alias `%s'", alias);
+	    yyerror(s);
+	}
+
+	aip = (aliasinfo *) lsearch((VOID *)&ai, (VOID *)aliases,
+				    &naliases, sizeof(ai), aliascmp);
+
+	if (aip != NULL) {
+	    ok = TRUE;
+	} else {
+	    (void) sprintf(s, "Aliases corrupted defining alias `%s'", alias);
+	    yyerror(s);
+	}
+    }
+
+    return(ok);
+}
+
+
+/**********************************************************************
+ *
+ * find_alias()
+ *
+ *  This function searches for the named alias of the specified type.
+ */
+
+static int find_alias(alias, type)
+    char *alias;
+    int type;
+{
+    aliasinfo ai;
+
+    (void) strcpy(ai.name, alias);
+    ai.type = type;
+
+    return(lfind((VOID *)&ai, (VOID *)aliases, &naliases,
+		 sizeof(ai), aliascmp) != NULL);
+}
+
+
+/**********************************************************************
+ *
+ * more_aliases()
+ *
+ *  This function allocates more space for the aliases list.
+ */
+
+static int more_aliases(nslots)
+    size_t nslots;
+{
+    aliasinfo *aip;
+
+    if (nslots == 0)
+	aip = (aliasinfo *) malloc(MOREALIASES * sizeof(*aip));
+    else
+	aip = (aliasinfo *) realloc(aliases,
+				    (nslots + MOREALIASES) * sizeof(*aip));
+
+    if (aip != NULL) {
+	aliases = aip;
+	nslots += MOREALIASES;
+    }
+
+    return(aip != NULL);
+}
+
+
+/**********************************************************************
+ *
+ * dumpaliases()
+ *
+ *  This function lists the contents of the aliases list.
+ */
+
+void dumpaliases()
+{
+    size_t n;
+
+    for (n = 0; n < naliases; n++) {
+	switch (aliases[n].type) {
+	case HOST:
+	    (void) puts("HOST");
+	    break;
+
+	case CMND:
+	    (void) puts("CMND");
+	    break;
+
+	case USER:
+	    (void) puts("USER");
+	    break;
+	}
+	(void) printf("\t%s\n", aliases[n].name);
+    }
+}
+
+
+/**********************************************************************
+ *
+ * list_matches()
+ *
+ *  This function lists the contents of cm_list and ca_list for
+ *  `sudo -l'.
+ */
+
+void list_matches()
+{
+    int i; 
+    char *p;
+    struct command_alias *ca, key;
+
+    (void) puts("You may run the following commands on this host:");
+    for (i = 0; i < cm_list_len; i++) {
+
+	/* Print the runas list. */
+	(void) fputs("    ", stdout);
+	if (cm_list[i].runas) {
+	    (void) putchar('(');
+	    if ((p = strtok(cm_list[i].runas, ":")))
+		(void) fputs(p, stdout);
+	    while ((p = strtok(NULL, ":"))) {
+		(void) fputs(", ", stdout);
+		(void) fputs(p, stdout);
+	    }
+	    (void) fputs(") ", stdout);
+	} else {
+	    (void) fputs("(root) ", stdout);
+	}
+
+	/* Is a password required? */
+	if (cm_list[i].nopasswd == TRUE)
+	    (void) fputs("NOPASSWD: ", stdout);
+
+	/* Print the actual command or expanded Cmnd_Alias. */
+	key.alias = cm_list[i].cmnd;
+	if ((ca = (struct command_alias *) lfind((VOID *) &key,
+	    (VOID *) &ca_list[0], &ca_list_len, sizeof(key), cmndaliascmp)))
+	    (void) puts(ca->entries);
+	else
+	    (void) puts(cm_list[i].cmnd);
+    }
+
+    /* Be nice and free up space now that we are done. */
+    for (i = 0; i < ca_list_len; i++) {
+	(void) free(ca_list[i].alias);
+	(void) free(ca_list[i].entries);
+    }
+    (void) free(ca_list);
+    ca_list = NULL;
+
+    for (i = 0; i < cm_list_len; i++) {
+	(void) free(cm_list[i].runas);
+	(void) free(cm_list[i].cmnd);
+    }
+    (void) free(cm_list);
+    cm_list = NULL;
+}
+
+
+/**********************************************************************
+ *
+ * append()
+ *
+ *  This function appends a source string to the destination prefixing
+ *  a separator if one is given.
+ */
+
+static void append(src, dstp, dst_len, dst_size, separator)
+    char *src, **dstp;
+    size_t *dst_len, *dst_size;
+    int separator;
+{
+    /* Only add the separator if *dstp is non-NULL. */
+    size_t src_len = strlen(src) + ((separator && *dstp) ? 1 : 0);
+    char *dst = *dstp;
+
+    /* Assumes dst will be NULL if not set. */
+    if (dst == NULL) {
+	if ((dst = (char *) malloc(BUFSIZ)) == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+
+	*dst_size = BUFSIZ;
+	*dst_len = 0;
+	*dstp = dst;
+    }
+
+    /* Allocate more space if necesary. */
+    if (*dst_size <= *dst_len + src_len) {
+	while (*dst_size <= *dst_len + src_len)
+	    *dst_size += BUFSIZ;
+
+	if (!(dst = (char *) realloc(dst, *dst_size))) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+	*dstp = dst;
+    }
+
+    /* Copy src -> dst adding a separator char if appropriate and adjust len. */
+    dst += *dst_len;
+    if (separator && *dst_len)
+	*dst++ = (char) separator;
+    (void) strcpy(dst, src);
+    *dst_len += src_len;
+}
+
+
+/**********************************************************************
+ *
+ * reset_aliases()
+ *
+ *  This function frees up space used by the aliases list and resets
+ *  the associated counters.
+ */
+
+void reset_aliases()
+{
+    if (aliases)
+	(void) free(aliases);
+    naliases = nslots = 0;
+}
+
+
+/**********************************************************************
+ *
+ * expand_ca_list()
+ *
+ *  This function increments ca_list_len, allocating more space as necesary.
+ */
+
+static void expand_ca_list()
+{
+    if (++ca_list_len > ca_list_size) {
+	while ((ca_list_size += STACKINCREMENT) < ca_list_len);
+	if (ca_list == NULL) {
+	    if ((ca_list = (struct command_alias *)
+		malloc(sizeof(struct command_alias) * ca_list_size)) == NULL) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+		exit(1);
+	    }
+	} else {
+	    if ((ca_list = (struct command_alias *) realloc(ca_list,
+		sizeof(struct command_alias) * ca_list_size)) == NULL) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+		exit(1);
+	    }
+	}
+    }
+
+    ca_list[ca_list_len - 1].entries = NULL;
+}
+
+
+/**********************************************************************
+ *
+ * expand_match_list()
+ *
+ *  This function increments cm_list_len, allocating more space as necesary.
+ */
+
+static void expand_match_list()
+{
+    if (++cm_list_len > cm_list_size) {
+	while ((cm_list_size += STACKINCREMENT) < cm_list_len);
+	if (cm_list == NULL) {
+	    if ((cm_list = (struct command_match *)
+		malloc(sizeof(struct command_match) * cm_list_size)) == NULL) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+		exit(1);
+	    }
+	    cm_list_len = 0;
+	} else {
+	    if ((cm_list = (struct command_match *) realloc(cm_list,
+		sizeof(struct command_match) * cm_list_size)) == NULL) {
+		perror("malloc");
+		(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+		exit(1);
+	    }
+	}
+    }
+
+    cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL;
+    cm_list[cm_list_len].nopasswd = FALSE;
+}
+
+
+/**********************************************************************
+ *
+ * init_parser()
+ *
+ *  This function frees up spaced used by a previous parse and
+ *  allocates new space for various data structures.
+ */
+
+void init_parser()
+{
+    /* Free up old data structures if we run the parser more than once. */
+    if (match) {
+	(void) free(match);
+	match = NULL;
+	top = 0;
+	parse_error = FALSE;
+	errorlineno = -1;   
+	sudolineno = 1;     
+    }
+
+    /* Allocate space for the matching stack. */
+    stacksize = STACKINCREMENT;
+    match = (struct matchstack *) malloc(sizeof(struct matchstack) * stacksize);
+    if (match == NULL) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* Allocate space for the match list (for `sudo -l'). */
+    if (printmatches == TRUE)
+	expand_match_list();
+}
diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h
new file mode 100644
index 00000000000..0f4355ac896
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/pathnames.h
@@ -0,0 +1,90 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: pathnames.h,v 1.1 1996/10/14 05:14:53 millert Exp $
+ */
+
+/*
+ *  Pathnames to programs and files used by sudo.
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif /* HAVE_PATHS_H */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV		"/dev/"
+#endif /* _PATH_DEV */
+
+/*
+ * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile
+ */
+#ifndef _PATH_SUDO_SUDOERS
+#define _PATH_SUDO_SUDOERS	"/etc/sudoers"
+#endif /* _PATH_SUDO_SUDOERS */
+
+/*
+ * NOTE:  _PATH_SUDO_STMP is usually overriden by the Makefile.
+ *        _PATH_SUDO_STMP *MUST* be on the same partition
+ *        as _PATH_SUDO_SUDOERS!
+ */
+#ifndef _PATH_SUDO_STMP
+#define _PATH_SUDO_STMP		"/etc/stmp"
+#endif /* _PATH_SUDO_STMP */
+
+#ifndef _PATH_SUDO_TIMEDIR
+#define _PATH_SUDO_TIMEDIR	_CONFIG_PATH_TIMEDIR
+#endif /* _PATH_SUDO_TIMEDIR */
+
+#ifndef _PATH_TTY
+#define _PATH_TTY		"/dev/tty"
+#endif /* _PATH_TTY */
+
+/*
+ * The following paths are gleaned via configure but you can override
+ * configure's values here if you want.
+ */
+
+/*
+ * Where to put the sudo log file when logging to a file this
+ * is /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log
+ */
+#ifndef _PATH_SUDO_LOGFILE
+#define _PATH_SUDO_LOGFILE	_CONFIG_PATH_LOGFILE
+#endif /* _PATH_SUDO_LOGFILE */
+
+#ifndef _PATH_SENDMAIL
+#define _PATH_SENDMAIL		_CONFIG_PATH_SENDMAIL
+#endif /* _PATH_SENDMAIL */
+
+#ifndef _PATH_VI
+#define _PATH_VI		_CONFIG_PATH_VI
+#endif /* _PATH_VI */
+
+#ifndef _PATH_PWD
+#define _PATH_PWD		_CONFIG_PATH_PWD
+#endif /* _PATH_PWD */
+
+#ifndef _PATH_MV
+#define _PATH_MV		_CONFIG_PATH_MV
+#endif /* _PATH_MV */
+
+#ifndef _PATH_BSHELL
+#define _PATH_BSHELL		_CONFIG_PATH_BSHELL
+#endif /* _PATH_BSHELL */
diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8
new file mode 100644
index 00000000000..77e6fdc4525
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/sudo.8
@@ -0,0 +1,378 @@
+.rn '' }`
+''' $RCSfile: sudo.8,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:53 $
+'''
+''' $Log: sudo.8,v $
+''' Revision 1.1  1996/10/14 05:14:53  millert
+''' sudo 1.5.2
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+.ds L' '
+.ds R' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds L' `
+.ds R' '
+.ds PI \(*p
+'br\}
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudo 8 "1.5.2" "6/Oct/96" "MAINTENANCE COMMANDS"
+.IX Title "sudo 8"
+.UC
+.IX Name "sudo - execute a command as the superuser"
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
+.if n \{\
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
+.\}
+.if t \{\
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
+.\}
+.	\" simple accents for nroff and troff
+.if n \{\
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
+.\}
+.if t \{\
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.	\" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.	\" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+.IX Header "NAME"
+sudo \- execute a command as the superuser
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-s\fR | \fB\-H\fR |
+[ \fB\-b\fR ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\fBsudo\fR allows a permitted user to execute a \fIcommand\fR 
+as the superuser (real and effective uid and gid are set
+to \f(CW0\fR and root's group as set in the passwd file respectively).
+.PP
+\fBsudo\fR determines who is an authorized user by consulting the
+file \fI/etc/sudoers\fR.  By giving \fBsudo\fR the \f(CW-v\fR flag a user
+can update the time stamp without running a \fIcommand.\fR
+The password prompt itself will also time out if the password is
+not entered with N minutes (again, this is defined at installation
+time and defaults to 5 minutes).
+.PP
+If an unauthorized user executes \fBsudo\fR, mail will be sent from the
+user to the local authorities (defined at installation time).
+.PP
+\fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but
+can log to a file instead if so desired (or to both syslog and a file).
+.PP
+All preferences are defined at installation time and are derived from
+the options.h and pathnames.h include files as well as as well as the
+Makefile.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\fBsudo\fR accepts the following command line options:
+.Ip "-V" 4
+.IX Item "-V"
+The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
+version number and exit.
+.Ip "-l" 4
+.IX Item "-l"
+The \f(CW-l\fR (\fIlist\fR) option will list out the allowed and
+forbidden commands for the user on the current host.
+.Ip "-h" 4
+.IX Item "-h"
+The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print the version
+of \fBsudo\fR and a usage message before exiting.
+.Ip "-v" 4
+.IX Item "-v"
+If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
+user's timestamp file, prompting for a password if necessary.
+This extends the \fBsudo\fR timeout to for another N minutes
+(where N is defined at installation time and defaults to 5
+minutes) but does not run a command.
+.Ip "-k" 4
+.IX Item "-k"
+The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp
+file, thus requiring a password the next time \fBsudo\fR is run.
+This option does not require a password and was added to
+allow a user to revoke \fBsudo\fR permissions from a .logout file.
+.Ip "-b" 4
+.IX Item "-b"
+The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
+command in the background.  Note that if you use the \f(CW-b\fR
+option you cannot use shell job control to manipulate the command.
+.Ip "-p" 4
+.IX Item "-p"
+The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
+password prompt and use a custom one.  If the password prompt
+contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced by the user's
+login name.  Similarly, \f(CW%h\fR will be replaced by the local
+hostname.
+.Ip "-u" 4
+.IX Item "-u"
+The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command
+as a user other than \fIroot\fR.  To specify a \fIuid\fR instead of a
+\fIusername\fR, use \*(L"#uid\*(R".
+.Ip "-s" 4
+.IX Item "-s"
+The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
+environmental variable if it is set or the shell as specified
+in \fIpasswd\fR\|(5).
+.Ip "-H" 4
+.IX Item "-H"
+The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environmental variable
+to the homedir of the target user (root by default) as specified 
+in \fIpasswd\fR\|(5).
+.Ip "--" 4
+.IX Item "--"
+The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
+line arguments.  It is most useful in conjunction with the \f(CW-s\fR flag.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\fBsudo\fR quits with an exit value of 1 if there is a
+configuration/permission problem or if \fBsudo\fR cannot execute
+the given command.  In the latter case the error string is
+printed to stderr via \fIperror\fR\|(3).  If \fBsudo\fR cannot \fIstat\fR\|(2)
+one or more entries in the user's PATH the error is printed
+on stderr via \fIperror\fR\|(3).  (If the directory does not exist
+or if it is not really a directory, the entry is ignored and
+no error is printed.)  This should not happen under normal
+circumstances.  The most common reason for \fIstat\fR\|(3) to return
+\*(L"permission denied\*(R" is if you are running an automounter and
+one of the directories in your PATH is on a machine that is
+currently unreachable.
+.SH "SECURITY NOTES"
+.IX Header "SECURITY NOTES"
+\fBsudo\fR tries to be safe when executing external commands.
+Variables that control how dynamic loading and binding is
+done can be used to subvert the program that \fBsudo\fR runs.
+To combat this the \f(CWLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only),
+\f(CWLIBPATH\fR (AIX only), and \f(CW_RLD_*\fR environmental variables are
+removed from the environment passed on to all commands executed.
+\fBsudo\fR will also remove the \f(CWIFS\fR, \f(CWENV\fR, \f(CWBASH_ENV\fR
+and \f(CWKRB_CONF\fR variables as they too can pose a threat.
+.PP
+To prevent command spoofing, \fBsudo\fR checks "." and "" (both
+denoting current directory) last when searching for a command
+in the user's PATH (if one or both are in the PATH).
+Note, however, that the actual PATH environmental variable
+is \fInot\fR modified and is passed unchanged to the program that
+\fBsudo\fR executes.
+.PP
+For security reasons, if your OS supports shared libraries,
+\fBsudo\fR should always be statically linked unless the
+dynamic loader disables user-defined library search paths
+for setuid programs.  (Most modern dynamic loaders do this.)
+.PP
+\fBsudo\fR will check the ownership of its timestamp directory
+(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore
+the directory's contents if it is not owned by root and
+only read, writable, and executable by root.  On systems
+that allow users to give files away to root (via chown),
+if the timestamp directory is located in a directory writable
+by anyone (ie: \fI/tmp\fR), it is possible for a user to create
+the timestamp directory before \fBsudo\fR is run.
+However, because \fBsudo\fR checks the ownership and mode of
+the directory, the only damage that can be done is to \*(L"hide\*(R"
+files by putting them in the timestamp dir.  This is unlikely
+to happen since once the timestamp dir is owned by root and
+inaccessible by any other user the user placing files there
+would be unable to get them back out.  To get around this
+issue you can use a directory that is not world-writable
+for the timestamps (\fI/var/adm/sudo\fR for instance).
+.PP
+\f(CWsudo\fR will not honor timestamp files set far in the
+future.  Timestamp files with a date greater than
+current_time + 2 * \f(CWTIMEOUT\fR will be ignored and
+sudo will log the anomaly.  This is done to keep a user
+from creating his/her own timestamp file with a bogus
+date.
+.SH "FILES"
+.IX Header "FILES"
+.PP
+.Vb 1
+\& /etc/sudoers           file of authorized users.
+.Ve
+.SH "ENVIRONMENT VARIABLES"
+.IX Header "ENVIRONMENT VARIABLES"
+.PP
+.Vb 10
+\& PATH                   Set to a sane value if SECURE_PATH is set
+\& SHELL                  Used to determine shell to run with -s option
+\& HOME                   In -s mode, set to homedir of root (or runas user)
+\&                        if built with the SHELL_SETS_HOME option
+\& SUDO_PROMPT            Replaces the default password prompt
+\& SUDO_COMMAND           Set to the command run by sudo
+\& SUDO_USER              Set to the login of the user who invoked sudo
+\& SUDO_UID               Set to the uid of the user who invoked sudo
+\& SUDO_GID               Set to the gid of the user who invoked sudo
+\& SUDO_PS1               If set, PS1 will be set to its value
+.Ve
+.SH "AUTHORS"
+.IX Header "AUTHORS"
+Many people have worked on \fBsudo\fR over the years, this
+version consists of code written primarily by:
+.PP
+.Vb 4
+\& Jeff Nieusma           <nieusma@FirstLink.com>
+\& David Hieb             <davehieb@internetone.com>
+\& Todd Miller            <Todd.Miller@courtesan.com>
+\& Chris Jepeway          <jepeway@cs.utk.edu>
+.Ve
+See the HISTORY file in the \fBsudo\fR distribution for more details.
+.PP
+Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+.PP
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+675 Mass Ave, Cambridge, MA 02139, USA.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if 
+that user has access to commands allow shell escapes.
+Running shell scripts via \fBsudo\fR can expose the same kernel bugs
+that make setuid shell scripts unsafe on some operating systems.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
+
+.rn }` ''
diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c
new file mode 100644
index 00000000000..7e17f18c944
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/sudo.c
@@ -0,0 +1,999 @@
+/*
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
+ *
+ * This software comes with no waranty whatsoever, use at your own risk.
+ *
+ * Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ */
+
+/*
+ *  sudo version 1.1 allows users to execute commands as root
+ *  Copyright (C) 1991  The Root Group, Inc.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ **************************************************************************
+ *
+ *   sudo.c
+ *
+ *   This is the main() routine for sudo
+ *
+ *   sudo is a program to allow users to execute commands 
+ *   as root.  The commands are defined in a global network-
+ *   wide file and can be distributed.
+ *
+ *   sudo has been hacked far and wide.  Too many people to
+ *   know about.  It's about time to come up with a secure
+ *   version that will work well in a network.
+ *
+ *   This most recent version is done by:
+ *
+ *              Jeff Nieusma <nieusma@rootgroup.com>
+ *              Dave Hieb    <davehieb@rootgroup.com>
+ *
+ *   However, due to the fact that both of the above are no longer
+ *   working at Root Group, I am maintaining the "CU version" of
+ *   sudo.
+ *		Todd Miller  <Todd.Miller@courtesan.com>
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: sudo.c,v 1.1 1996/10/14 05:14:54 millert Exp $";
+#endif /* lint */
+
+#define MAIN
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>   
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <pwd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#if (SHADOW_TYPE == SPW_SECUREWARE)
+#  ifdef __hpux
+#    include <hpsecurity.h>
+#  else
+#    include <sys/security.h>
+#  endif /* __hpux */
+#  include <prot.h>
+#endif /* SPW_SECUREWARE */
+#ifdef HAVE_DCE
+#include <pthread.h>
+#endif /* HAVE_DCE */
+
+#include "sudo.h"
+#include <options.h>
+#include "version.h"
+
+#ifndef STDC_HEADERS
+#ifndef __GNUC__		/* gcc has its own malloc */
+extern char *malloc	__P((size_t));
+#endif /* __GNUC__ */
+#ifdef HAVE_STRDUP
+extern char *strdup	__P((const char *));
+#endif /* HAVE_STRDUP */
+extern char *getenv	__P((char *));
+#endif /* STDC_HEADERS */
+
+
+/*
+ * Local type declarations
+ */
+struct env_table {
+    char *name;
+    int len;
+};
+
+
+/*
+ * Prototypes
+ */
+static int  parse_args			__P((void));
+static void usage			__P((int));
+static void load_globals		__P((int));
+static int check_sudoers		__P((void));
+static void load_cmnd			__P((int));
+static void add_env			__P((int));
+static void clean_env			__P((char **, struct env_table *));
+extern int  user_is_exempt		__P((void));
+extern struct passwd *sudo_getpwuid	__P((uid_t));
+extern void list_matches		__P((void));
+
+/*
+ * Globals
+ */
+int Argc;
+char **Argv;
+int NewArgc = 0;
+char **NewArgv = NULL;
+struct passwd *user_pw_ent;
+char *runas_user = "root";
+char *cmnd = NULL;
+char *cmnd_args = NULL;
+char *tty = NULL;
+char *prompt;
+char host[MAXHOSTNAMELEN + 1];
+char *shost;
+char cwd[MAXPATHLEN + 1];
+struct stat cmnd_st;
+static char *runas_homedir = NULL;
+extern struct interface *interfaces;
+extern int num_interfaces;
+extern int printmatches;
+
+/*
+ * Table of "bad" envariables to remove and len for strncmp()
+ */
+struct env_table badenv_table[] = {
+    { "IFS=", 4 },
+    { "LD_", 3 },
+    { "_RLD_", 5 },
+#ifdef __hpux
+    { "SHLIB_PATH=", 11 },
+#endif /* __hpux */
+#ifdef _AIX
+    { "LIBPATH=", 8 },
+#endif /* _AIX */
+#ifdef HAVE_KERB4
+    { "KRB_CONF", 8 },
+#endif
+    { "ENV=", 4 },
+    { "BASH_ENV=", 9 },
+    { (char *) NULL, 0 }
+};
+
+
+/********************************************************************
+ *
+ *  main()
+ *
+ *  the driving force behind sudo...
+ */
+
+int main(argc, argv)
+    int argc;
+    char **argv;
+{
+    int rtn;
+    int sudo_mode = MODE_RUN;
+    extern char ** environ;
+
+#if (SHADOW_TYPE == SPW_SECUREWARE)
+    (void) set_auth_parameters(argc, argv);
+#endif /* SPW_SECUREWARE */
+
+    Argv = argv;
+    Argc = argc;
+
+    if (geteuid() != 0) {
+	(void) fprintf(stderr, "Sorry, %s must be setuid root.\n", Argv[0]);
+	exit(1);
+    }
+
+    /*
+     * set the prompt based on $SUDO_PROMPT (can be overridden by `-p')
+     */
+    if ((prompt = getenv("SUDO_PROMPT")) == NULL)
+	prompt = PASSPROMPT;
+
+    /*
+     * parse our arguments
+     */
+    sudo_mode = parse_args();
+ 
+    switch (sudo_mode) {
+	case MODE_VERSION:
+	case MODE_HELP:
+	    (void) printf("CU Sudo version %s\n", version);
+	    if (sudo_mode == MODE_VERSION)
+		exit(0);
+	    else
+		usage(0);
+	    break;
+	case MODE_VALIDATE:
+	    cmnd = "validate";
+	    break;
+    	case MODE_KILL:
+	    cmnd = "kill";
+	    break;
+	case MODE_LIST:
+	    cmnd = "list";
+	    printmatches = 1;
+	    break;
+    }
+
+    /* must have a command to run unless got -s */
+    if (cmnd == NULL && NewArgc == 0 && !(sudo_mode & MODE_SHELL))
+	usage(1);
+
+    /*
+     * Close all file descriptors to make sure we have a nice
+     * clean slate from which to work.  
+     */
+#ifdef HAVE_SYSCONF
+    for (rtn = sysconf(_SC_OPEN_MAX) - 1; rtn > 3; rtn--)
+	(void) close(rtn);
+#else
+    for (rtn = getdtablesize() - 1; rtn > 3; rtn--)
+	(void) close(rtn);
+#endif /* HAVE_SYSCONF */
+
+    clean_env(environ, badenv_table);
+
+    load_globals(sudo_mode);	/* load global variables used throughout sudo */
+
+    /*
+     * If we got the '-s' option (run shell) we need to redo NewArgv
+     * and NewArgc.  This can only be done after load_globals().
+     */
+    if ((sudo_mode & MODE_SHELL)) {
+	char **dst, **src = NewArgv;
+
+	NewArgv = (char **) malloc (sizeof(char *) * (++NewArgc + 1));
+	if (NewArgv == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+
+	/* add the shell as argv[0] */
+	if (user_shell && *user_shell) {
+	    if ((NewArgv[0] = strrchr(user_shell, '/') + 1) == (char *) 1)
+		NewArgv[0] = user_shell;
+	} else {
+	    (void) fprintf(stderr, "%s: Unable to determine shell.", Argv[0]);
+	    exit(1);
+	}
+
+	/* copy the args from Argv */
+	for (dst = NewArgv + 1; (*dst = *src) != NULL; ++src, ++dst)
+	    ;
+    }
+
+    rtn = check_sudoers();	/* check mode/owner on _PATH_SUDO_SUDOERS */
+    if (rtn != ALL_SYSTEMS_GO) {
+	log_error(rtn);
+	set_perms(PERM_FULL_USER, sudo_mode);
+	inform_user(rtn);
+	exit(1);
+    }
+
+#ifdef SECURE_PATH
+    /* replace the PATH envariable with a secure one */
+    if (!user_is_exempt() && sudo_setenv("PATH", SECURE_PATH)) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+#endif /* SECURE_PATH */
+
+    if ((sudo_mode & MODE_RUN)) {
+	load_cmnd(sudo_mode);	/* load the cmnd global variable */
+    } else if (sudo_mode == MODE_KILL) {
+	remove_timestamp();	/* remove the timestamp ticket file */
+	exit(0);
+    }
+
+    add_env(!(sudo_mode & MODE_SHELL));	/* add in SUDO_* envariables */
+
+    /* validate the user but don't search for "validate" */
+    rtn = validate((sudo_mode != MODE_VALIDATE && sudo_mode != MODE_LIST));
+
+    switch (rtn) {
+
+	case VALIDATE_OK:
+	case VALIDATE_OK_NOPASS:
+	    if (rtn != VALIDATE_OK_NOPASS) 
+		check_user();
+	    log_error(ALL_SYSTEMS_GO);
+	    if (sudo_mode == MODE_VALIDATE)
+		exit(0);
+	    else if (sudo_mode == MODE_LIST) {
+		list_matches();
+		exit(0);
+	    }
+
+	    /* become specified user or root */
+	    set_perms(PERM_RUNAS, sudo_mode);
+
+	    /* set $HOME for `sudo -H' */
+	    if ((sudo_mode & MODE_RESET_HOME) && runas_homedir)
+		(void) sudo_setenv("HOME", runas_homedir);
+
+#ifndef PROFILING
+	    if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) {
+		exit(0);
+	    } else {
+		/*
+		 * Make sure we are not being spoofed.  The stat should
+		 * be cheap enough to make this almost bulletproof.
+		 */
+		if (cmnd_st.st_dev) {
+		    struct stat st;
+
+		    if (stat(cmnd, &st) < 0) {
+			(void) fprintf(stderr, "%s: unable to stat %s: ",
+					Argv[0], cmnd);
+			perror("");
+			exit(1);
+		    }
+
+		    if (st.st_dev != cmnd_st.st_dev ||
+			st.st_ino != cmnd_st.st_ino) {
+			/* log and send mail, then bitch */
+			log_error(SPOOF_ATTEMPT);
+			inform_user(SPOOF_ATTEMPT);
+			exit(1);
+		    }
+		}
+		EXEC(cmnd, NewArgv);	/* run the command */
+	    }
+#else
+	    exit(0);
+#endif /* PROFILING */
+	    /*
+	     * If we got here then the exec() failed...
+	     */
+	    (void) fprintf(stderr, "%s: ", Argv[0]);
+	    perror(cmnd);
+	    exit(-1);
+	    break;
+
+	default:
+	    log_error(rtn);
+	    set_perms(PERM_FULL_USER, sudo_mode);
+	    inform_user(rtn);
+	    exit(1);
+	    break;
+    }
+}
+
+
+
+/**********************************************************************
+ *
+ *  load_globals()
+ *
+ *  This function primes these important global variables:
+ *  user_pw_ent, host, cwd, interfaces.
+ */
+
+static void load_globals(sudo_mode)
+    int sudo_mode;
+{
+    char *p;
+#ifdef FQDN
+    struct hostent *h_ent;
+#endif /* FQDN */
+
+    /*
+     * Get a local copy of the user's struct passwd with the shadow password
+     * if necesary.  It is assumed that euid is 0 at this point so we
+     * can read the shadow passwd file if necesary.
+     */
+    user_pw_ent = sudo_getpwuid(getuid());
+    set_perms(PERM_ROOT, sudo_mode);
+    set_perms(PERM_USER, sudo_mode);
+    if (user_pw_ent == NULL) {
+	/* need to make a fake user_pw_ent */
+	struct passwd pw_ent;
+	char pw_name[MAX_UID_T_LEN+1];
+
+	/* fill in uid and name fields with the uid */
+	pw_ent.pw_uid = getuid();
+	(void) sprintf(pw_name, "%ld", (long) pw_ent.pw_uid);
+	pw_ent.pw_name = pw_name;
+	user_pw_ent = &pw_ent;
+
+	/* complain, log, and die */
+	log_error(GLOBAL_NO_PW_ENT);
+	inform_user(GLOBAL_NO_PW_ENT);
+	exit(1);
+    }
+
+#ifdef HAVE_TZSET
+    (void) tzset();		/* set the timezone if applicable */
+#endif /* HAVE_TZSET */
+
+    /*
+     * Need to get tty early since it's used for logging
+     */
+    if ((tty = (char *) ttyname(0)) || (tty = (char *) ttyname(1))) {
+	if (strncmp(tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+	    tty += sizeof(_PATH_DEV) - 1;
+	if ((tty = (char *) strdup(tty)) == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+    } else
+	tty = "none";
+
+#ifdef UMASK
+    (void) umask((mode_t)UMASK);
+#endif /* UMASK */
+
+#ifdef NO_ROOT_SUDO
+    if (user_uid == 0) {
+	(void) fprintf(stderr,
+		       "You are already root, you don't need to use sudo.\n");
+	exit(1);
+    }
+#endif
+
+    /*
+     * so we know where we are... (do as user)
+     */
+    if (!getwd(cwd)) {
+	/* try as root... */
+	set_perms(PERM_ROOT, sudo_mode);
+	if (!getwd(cwd)) {
+	    (void) fprintf(stderr, "%s:  Can't get working directory!\n",
+			   Argv[0]);
+	    (void) strcpy(cwd, "unknown");
+	}
+	set_perms(PERM_USER, sudo_mode);
+    }
+
+    /*
+     * load the host global variable from gethostname() and use
+     * gethostbyname() if we want to be sure it is fully qualified.
+     */
+    if ((gethostname(host, MAXHOSTNAMELEN))) {
+	strcpy(host, "localhost");
+	log_error(GLOBAL_NO_HOSTNAME);
+	inform_user(GLOBAL_NO_HOSTNAME);
+	exit(2);
+    }
+#ifdef FQDN
+    if ((h_ent = gethostbyname(host)) == NULL)
+	log_error(GLOBAL_HOST_UNREGISTERED);
+    else
+	strcpy(host, h_ent -> h_name);
+#endif /* FQDN */
+
+    /*
+     * "host" is the (possibly fully-qualified) hostname and
+     * "shost" is the unqualified form of the hostname.
+     */
+    if ((p = strchr(host, '.'))) {
+	*p = '\0';
+	if ((shost = strdup(host)) == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+	*p = '.';
+    } else {
+	shost = &host[0];
+    }
+
+    /*
+     * load a list of ip addresses and netmasks into
+     * the interfaces array.
+     */
+    load_interfaces();
+}
+
+
+
+/**********************************************************************
+ *
+ * parse_args()
+ *
+ *  this function parses the arguments to sudo
+ */
+
+static int parse_args()
+{
+    int ret = MODE_RUN;			/* what mode is suod to be run in? */
+    int excl = 0;			/* exclusive arg, no others allowed */
+
+    NewArgv = Argv + 1;
+    NewArgc = Argc - 1;
+
+#ifdef SHELL_IF_NO_ARGS
+    if (Argc < 2) {			/* no options and no command */
+	ret |= MODE_SHELL;
+	return(ret);
+    }
+#else
+    if (Argc < 2)			/* no options and no command */
+	usage(1);
+#endif /* SHELL_IF_NO_ARGS */
+
+    while (NewArgc > 0 && NewArgv[0][0] == '-') {
+	if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
+	    (void) fprintf(stderr, "%s: Please use single character options\n",
+		Argv[0]);
+	    usage(1);
+	}
+
+	if (excl)
+	    usage(1);			/* only one -? option allowed */
+
+	switch (NewArgv[0][1]) {
+	    case 'p':
+		/* must have an associated prompt */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		prompt = NewArgv[1];
+
+		/* shift Argv over and adjust Argc */
+		NewArgc--;
+		NewArgv++;
+		break;
+	    case 'u':
+		/* must have an associated runas user */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		runas_user = NewArgv[1];
+
+		/* shift Argv over and adjust Argc */
+		NewArgc--;
+		NewArgv++;
+		break;
+	    case 'b':
+		ret |= MODE_BACKGROUND;
+		break;
+	    case 'v':
+		ret = MODE_VALIDATE;
+		excl++;
+		break;
+	    case 'k':
+		ret = MODE_KILL;
+		excl++;
+		break;
+	    case 'l':
+		ret = MODE_LIST;
+		excl++;
+		break;
+	    case 'V':
+		ret = MODE_VERSION;
+		excl++;
+		break;
+	    case 'h':
+		ret = MODE_HELP;
+		excl++;
+		break;
+	    case 's':
+		ret |= MODE_SHELL;
+#ifdef SHELL_SETS_HOME
+		ret |= MODE_RESET_HOME;
+#endif /* SHELL_SETS_HOME */
+		break;
+	    case 'H':
+		ret |= MODE_RESET_HOME;
+		break;
+	    case '-':
+		NewArgc--;
+		NewArgv++;
+#ifdef SHELL_IF_NO_ARGS
+		if (ret == MODE_RUN)
+		    ret |= MODE_SHELL;
+#endif /* SHELL_IF_NO_ARGS */
+		return(ret);
+	    case '\0':
+		(void) fprintf(stderr, "%s: '-' requires an argument\n",
+		    Argv[0]);
+		usage(1);
+	    default:
+		(void) fprintf(stderr, "%s: Illegal option %s\n", Argv[0],
+		    NewArgv[0]);
+		usage(1);
+	}
+	NewArgc--;
+	NewArgv++;
+    }
+
+    if (NewArgc > 0 && (ret == MODE_VALIDATE || ret == MODE_KILL ||
+			ret == MODE_LIST))
+	usage(1);
+
+    return(ret);
+}
+
+
+
+/**********************************************************************
+ *
+ * usage()
+ *
+ *  this function just gives you instructions and exits
+ */
+
+static void usage(exit_val)
+    int exit_val;
+{
+    (void) fprintf(stderr, "usage: %s -V | -h | -l | -v | -k | -H | [-b] [-p prompt] [-u username/#uid] -s | <command>\n", Argv[0]);
+    exit(exit_val);
+}
+
+
+
+/**********************************************************************
+ *
+ * add_env()
+ *
+ *  this function adds sudo-specific variables into the environment
+ */
+
+static void add_env(contiguous)
+    int contiguous;
+{
+    char idstr[MAX_UID_T_LEN + 1];
+    size_t size;
+    char *buf;
+
+    /* add the SUDO_COMMAND envariable (cmnd + args) */
+    size = strlen(cmnd) + 1;
+    if (NewArgc > 1) {
+	char *to, **from;
+
+	if (contiguous) {
+	    size += (size_t) NewArgv[NewArgc-1] + strlen(NewArgv[NewArgc-1]) -
+		    (size_t) NewArgv[1] + 1;
+	} else {
+	    for (from = &NewArgv[1]; *from; from++)
+		size += strlen(*from) + 1;
+	}
+
+	if ((buf = (char *) malloc(size)) == NULL) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+
+	/*
+	 * Copy the command and it's arguments info buf
+	 */
+	(void) strcpy(buf, cmnd);
+	to = buf + strlen(cmnd);
+	for (from = &NewArgv[1]; *from; from++) {
+	    *to++ = ' ';
+	    (void) strcpy(to, *from);
+	    to += strlen(*from);
+	}
+    } else {
+	buf = cmnd;
+    }
+    if (sudo_setenv("SUDO_COMMAND", buf)) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+    if (NewArgc > 1)
+	(void) free(buf);
+
+    /* grab a pointer to the flat arg string from the environment */
+    if (NewArgc > 1 && (cmnd_args = getenv("SUDO_COMMAND"))) {
+	if ((cmnd_args = strchr(cmnd_args, ' ')))
+	    cmnd_args++;
+	else
+	    cmnd_args = NULL;
+    }
+
+    /* add the SUDO_USER envariable */
+    if (sudo_setenv("SUDO_USER", user_name)) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* add the SUDO_UID envariable */
+    (void) sprintf(idstr, "%ld", (long) user_uid);
+    if (sudo_setenv("SUDO_UID", idstr)) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* add the SUDO_GID envariable */
+    (void) sprintf(idstr, "%ld", (long) user_gid);
+    if (sudo_setenv("SUDO_GID", idstr)) {
+	perror("malloc");
+	(void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	exit(1);
+    }
+
+    /* set PS1 if SUDO_PS1 is set */
+    if ((buf = getenv("SUDO_PS1")))
+	if (sudo_setenv("PS1", buf)) {
+	    perror("malloc");
+	    (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
+	    exit(1);
+	}
+}
+
+
+
+/**********************************************************************
+ *
+ *  load_cmnd()
+ *
+ *  This function sets the cmnd global variable
+ */
+
+static void load_cmnd(sudo_mode)
+    int sudo_mode;
+{
+    if (strlen(NewArgv[0]) > MAXPATHLEN) {
+	errno = ENAMETOOLONG;
+	(void) fprintf(stderr, "%s: %s: Pathname too long\n", Argv[0],
+		       NewArgv[0]);
+	exit(1);
+    }
+
+    /*
+     * Resolve the path
+     */
+    if ((cmnd = find_path(NewArgv[0])) == NULL) {
+	(void) fprintf(stderr, "%s: %s: command not found\n", Argv[0],
+		       NewArgv[0]);
+	exit(1);
+    }
+}
+
+
+
+/**********************************************************************
+ *
+ *  check_sudoers()
+ *
+ *  This function check to see that the sudoers file is owned by
+ *  uid SUDOERS_UID, gid SUDOERS_GID and is mode SUDOERS_MODE.
+ */
+
+static int check_sudoers()
+{
+    struct stat statbuf;
+    int fd = -1;
+    char c;
+    int rtn = ALL_SYSTEMS_GO;
+
+    /*
+     * Fix the mode and group on sudoers file from old default.
+     * Only works if filesystem is readable/writable by root.
+     */
+    set_perms(PERM_ROOT, 0);
+    if (!lstat(_PATH_SUDO_SUDOERS, &statbuf) && SUDOERS_UID == statbuf.st_uid) {
+	if (SUDOERS_MODE != 0400 && (statbuf.st_mode & 0007777) == 0400) {
+	    if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
+		(void) fprintf(stderr, "%s: fixed mode on %s\n",
+		    Argv[0], _PATH_SUDO_SUDOERS);
+		if (statbuf.st_gid != SUDOERS_GID) {
+		    if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
+			(void) fprintf(stderr, "%s: set group on %s\n",
+			    Argv[0], _PATH_SUDO_SUDOERS);
+			statbuf.st_gid = SUDOERS_GID;
+		    } else {
+			(void) fprintf(stderr,"%s: Unable to set group on %s: ",
+			    Argv[0], _PATH_SUDO_SUDOERS);
+			perror("");
+		    }
+		}
+	    } else {
+		(void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
+		    Argv[0], _PATH_SUDO_SUDOERS);
+		perror("");
+	    }
+	}
+    }
+
+    set_perms(PERM_SUDOERS, 0);
+
+    if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1)
+	rtn = NO_SUDOERS_FILE;
+    else if (lstat(_PATH_SUDO_SUDOERS, &statbuf))
+	rtn = NO_SUDOERS_FILE;
+    else if (!S_ISREG(statbuf.st_mode))
+	rtn = SUDOERS_NOT_FILE;
+    else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE)
+	rtn = SUDOERS_WRONG_MODE;
+    else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID)
+	rtn = SUDOERS_WRONG_OWNER;
+
+    if (fd != -1)
+	(void) close(fd);
+
+    set_perms(PERM_ROOT, 0);
+    set_perms(PERM_USER, 0);
+
+    return(rtn);
+}
+
+
+
+/**********************************************************************
+ *
+ * set_perms()
+ *
+ *  this function sets real and effective uids and gids based on perm.
+ */
+
+void set_perms(perm, sudo_mode)
+    int perm;
+    int sudo_mode;
+{
+    struct passwd *pw_ent;
+
+    switch (perm) {
+	case PERM_ROOT:
+				if (setuid(0)) {
+				    perror("setuid(0)");
+				    exit(1);
+				}
+			      	break;
+
+	case PERM_USER: 
+    	    	    	        (void) setgid(user_gid);
+
+    	    	    	        if (seteuid(user_uid)) {
+    	    	    	            perror("seteuid(user_uid)");
+    	    	    	            exit(1); 
+    	    	    	        }
+			      	break;
+				
+	case PERM_FULL_USER: 
+				if (setuid(0)) {
+				    perror("setuid(0)");
+				    exit(1);
+				}
+
+    	    	    	        (void) setgid(user_gid);
+
+				if (setuid(user_uid)) {
+				    perror("setuid(user_uid)");
+				    exit(1);
+				}
+
+			      	break;
+	case PERM_RUNAS:
+				if (setuid(0)) {
+				    perror("setuid(0)");
+				    exit(1);
+				}
+				
+				/* XXX - add group/gid support */
+				if (*runas_user == '#') {
+				    if (setuid(atoi(runas_user + 1))) {
+					(void) fprintf(stderr,
+					    "%s: cannot set uid to %s: ",
+					    Argv[0], runas_user);
+					perror("");
+					exit(1);
+				    }
+				} else {
+				    if (!(pw_ent = getpwnam(runas_user))) {
+					(void) fprintf(stderr,
+					    "%s: no passwd entry for %s!\n",
+					    Argv[0], runas_user);
+					exit(1);
+				    }
+
+				    if (setgid(pw_ent->pw_gid)) {
+					(void) fprintf(stderr,
+					    "%s: cannot set gid to %d: ",  
+					    Argv[0], pw_ent->pw_gid);
+					perror("");
+					exit(1);
+				    }
+
+				    if (setuid(pw_ent->pw_uid)) {
+					(void) fprintf(stderr,
+					    "%s: cannot set uid to %d: ",  
+					    Argv[0], pw_ent->pw_uid);
+					perror("");
+					exit(1);
+				    }
+				    if (sudo_mode & MODE_RESET_HOME)
+					runas_homedir = pw_ent->pw_dir;
+				}
+
+				break;
+	case PERM_SUDOERS: 
+				if (setuid(0)) {
+				    perror("setuid(0)");
+				    exit(1);
+				}
+
+				if (setgid(SUDOERS_GID)) {
+				    perror("setgid(SUDOERS_GID)");
+				    exit(1);
+				}
+
+				/*
+				 * If SUDOERS_UID == 0 we need to use
+				 * a different uid in order to avoid
+				 * NFS lossage.  Using uid 1 is a bit
+				 * bogus but should be safe.
+				 */
+				if (SUDOERS_UID == 0) {
+				    if (seteuid(1)) {
+					perror("seteuid(1)");
+					exit(1);
+				    }
+				} else {
+				    if (seteuid(SUDOERS_UID)) {
+					perror("seteuid(SUDOERS_UID)");
+					exit(1);
+				    }
+				}
+
+			      	break;
+    }
+}
+
+
+
+/**********************************************************************
+ *
+ * clean_env()
+ *
+ *  This function removes things from the environment that match the
+ *  entries in badenv_table.  It would be nice to add in the SUDO_*
+ *  variables here as well but cmnd has not been defined at this point.
+ */
+
+static void clean_env(envp, badenv_table)
+    char **envp;
+    struct env_table *badenv_table;
+{
+    struct env_table *bad;
+    char **cur;
+
+    /*
+     * Remove any envars that match entries in badenv_table
+     */
+    for (cur = envp; *cur; cur++) {
+	for (bad = badenv_table; bad -> name; bad++) {
+	    if (strncmp(*cur, bad -> name, bad -> len) == 0) {
+		/* got a match so remove it */
+		char **move;
+
+		for (move = cur; *move; move++)
+		    *move = *(move + 1);
+
+		cur--;
+
+		break;
+	    }
+	}
+    }
+}
diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h
new file mode 100644
index 00000000000..99e1f755255
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/sudo.h
@@ -0,0 +1,236 @@
+/*
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
+ *
+ * This software comes with no waranty whatsoever, use at your own risk.
+ *
+ * Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ */
+
+/*
+ *  sudo version 1.1 allows users to execute commands as root
+ *  Copyright (C) 1991  The Root Group, Inc.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  $Id: sudo.h,v 1.1 1996/10/14 05:14:54 millert Exp $
+ */
+
+#ifndef _SUDO_SUDO_H
+#define _SUDO_SUDO_H
+
+#include <pathnames.h>
+#include "compat.h"
+
+/*
+ * IP address and netmask pairs for checking against local interfaces.
+ */
+struct interface {
+    struct in_addr addr;
+    struct in_addr netmask;
+};
+
+/*
+ * Data structure used in parsing sudoers;
+ * top of stack values are the ones that
+ * apply when parsing is done & can be
+ * accessed by *_matches macros
+ */
+#define STACKINCREMENT (32)
+struct matchstack {
+	int user;
+	int cmnd;
+	int host;
+	int runas;
+	int nopass;
+};
+
+/*
+ * Data structure describing a command in the
+ * sudoers file.
+ */
+struct sudo_command {
+    char *cmnd;
+    char *args;
+};
+
+
+extern struct matchstack *match;
+extern int top;
+
+#define user_matches	(match[top-1].user)
+#define cmnd_matches	(match[top-1].cmnd)
+#define host_matches	(match[top-1].host)
+#define runas_matches	(match[top-1].runas)
+#define no_passwd	(match[top-1].nopass)
+
+/*
+ * Structure containing command matches if "sudo -l" is used.
+ */
+struct command_match {
+    char *runas;
+    size_t runas_len;
+    size_t runas_size;
+    char *cmnd;
+    size_t cmnd_len;
+    size_t cmnd_size;
+    int nopasswd;
+};
+
+/*
+ * Structure containing Cmnd_Alias's if "sudo -l" is used.
+ */
+struct command_alias {
+    char *alias;
+    char *entries;
+    size_t entries_size;
+    size_t entries_len;
+};
+
+/*
+ * Maximum number of characters to log per entry.  The syslogger
+ * will log this much, after that, it truncates the log line.
+ * We need this here to make sure that we continue with another
+ * syslog(3) call if the internal buffer is moe than 1023 characters.
+ */
+#ifndef MAXSYSLOGLEN
+#  define MAXSYSLOGLEN		960
+#endif
+
+#define SLOG_SYSLOG              0x01
+#define SLOG_FILE                0x02
+#define SLOG_BOTH                0x03
+
+#define VALIDATE_OK              0x00
+#define VALIDATE_NO_USER         0x01
+#define VALIDATE_NOT_OK          0x02
+#define VALIDATE_OK_NOPASS       0x03
+#define VALIDATE_ERROR          -1
+
+/*
+ *  the arguments passed to log_error() are ANDed with GLOBAL_PROBLEM
+ *  If the result is TRUE, the argv is NOT logged with the error message
+ */
+#define GLOBAL_PROBLEM           0x20
+#define ALL_SYSTEMS_GO           0x00
+#define GLOBAL_NO_PW_ENT         ( 0x01 | GLOBAL_PROBLEM )
+#define GLOBAL_NO_SPW_ENT        ( 0x02 | GLOBAL_PROBLEM )
+#define GLOBAL_NO_HOSTNAME       ( 0x03 | GLOBAL_PROBLEM )
+#define GLOBAL_HOST_UNREGISTERED ( 0x04 | GLOBAL_PROBLEM )
+#define PASSWORD_NOT_CORRECT     0x05
+#define PASSWORDS_NOT_CORRECT    0x06
+#define NO_SUDOERS_FILE          ( 0x07 | GLOBAL_PROBLEM )
+#define BAD_SUDOERS_FILE         ( 0x08 | GLOBAL_PROBLEM )
+#define SUDOERS_WRONG_OWNER      ( 0x09 | GLOBAL_PROBLEM )
+#define SUDOERS_WRONG_MODE       ( 0x0A | GLOBAL_PROBLEM )
+#define SUDOERS_NOT_FILE         ( 0x0B | GLOBAL_PROBLEM )
+#define SPOOF_ATTEMPT            0x0D
+#define BAD_STAMPDIR             0x0E
+#define BAD_STAMPFILE            0x0F
+
+/*
+ * Boolean values
+ */
+#undef TRUE
+#define TRUE                     0x01
+#undef FALSE
+#define FALSE                    0x00
+
+/*
+ * Various modes sudo can be in (based on arguments) in octal
+ */
+#define MODE_RUN                 00001
+#define MODE_VALIDATE            00002
+#define MODE_KILL                00004
+#define MODE_VERSION             00010
+#define MODE_HELP                00020
+#define MODE_LIST                00040
+#define MODE_BACKGROUND          00100
+#define MODE_SHELL               00200
+#define MODE_RESET_HOME          00400
+
+/*
+ * Used with set_perms()
+ */
+#define PERM_ROOT                0x00
+#define PERM_USER                0x01
+#define PERM_FULL_USER           0x02
+#define PERM_SUDOERS             0x03
+#define PERM_RUNAS	         0x04
+
+/*
+ * Shortcuts for user_pw_ent
+ */
+#define user_name		(user_pw_ent -> pw_name)
+#define user_passwd		(user_pw_ent -> pw_passwd)
+#define user_uid		(user_pw_ent -> pw_uid)
+#define user_gid		(user_pw_ent -> pw_gid)
+#define user_shell		(user_pw_ent -> pw_shell)
+#define user_dir		(user_pw_ent -> pw_dir)
+
+/*
+ * Function prototypes
+ */
+#define YY_DECL int yylex __P((void))
+
+#ifndef HAVE_STRDUP
+char *strdup		__P((const char *));
+#endif
+#ifndef HAVE_GETWD
+char *getwd		__P((char *));
+#endif
+#if !defined(HAVE_PUTENV) && !defined(HAVE_SETENV)
+int putenv		__P((const char *));
+#endif
+char *sudo_goodpath	__P((const char *));
+int sudo_setenv		__P((char *, char *));
+char *tgetpass		__P((char *, int, char *, char *));
+char * find_path	__P((char *));
+void log_error		__P((int));
+void inform_user	__P((int));
+void check_user		__P((void));
+int validate		__P((int));
+void set_perms		__P((int, int));
+void remove_timestamp	__P((void));
+void load_interfaces	__P((void));
+int yyparse		__P((void));
+YY_DECL;
+
+
+/*
+ * Most of these variables are declared in main() so they don't need
+ * to be extern'ed here if this is main...
+ */
+#ifndef MAIN
+extern char host[];
+extern char *shost;
+extern char cwd[];
+extern struct interface *interfaces;
+extern int num_interfaces;
+extern struct passwd *user_pw_ent;
+extern char *runas_user;
+extern char *tty;
+extern char *cmnd;
+extern char *cmnd_args;
+extern char *prompt;
+extern struct stat cmnd_st;
+extern int Argc;
+extern char **Argv;
+extern int NewArgc;
+extern char **NewArgv;
+#endif
+extern int errno;
+
+#endif /* _SUDO_SUDO_H */
diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c
new file mode 100644
index 00000000000..bcfca6be3df
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/sudo_setenv.c
@@ -0,0 +1,94 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains sudo_setenv().
+ *  sudo_setenv(3) adds a string of the form "var=val" to the environment.
+ *
+ *  Todd C. Miller (millert@colorado.edu) Fri Jun  3 18:32:19 MDT 1994
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: sudo_setenv.c,v 1.1 1996/10/14 05:14:55 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+
+#include "sudo.h"
+#include <options.h>
+
+#ifndef STDC_HEADERS
+#ifdef HAVE_PUTENV
+extern int putenv	__P((const char *));
+#endif /* HAVE_PUTENV */
+#ifdef HAVE_SETENV
+extern int setenv	__P((char *, char *, int));
+#endif /* HAVE_SETENV */
+#endif /* !STDC_HEADERS */
+
+
+/**********************************************************************
+ *
+ * sudo_setenv()
+ *
+ *  sudo_setenv() adds a string of the form "var=val" to the environment.
+ *  If it is unable to expand the current environent it returns -1,
+ *  else it returns 0.
+ */
+
+int sudo_setenv(var, val)
+    char *var;
+    char *val;
+{
+
+#ifdef HAVE_SETENV
+    return(setenv(var, val, 1));
+#else
+    char *envstring, *tmp;
+
+    envstring = tmp = (char *) malloc(strlen(var) + strlen(val) + 2);
+    if (envstring == NULL)
+	return(-1);
+
+    while ((*tmp++ = *var++))
+	;
+
+    *(tmp-1) = '=';
+
+    while ((*tmp++ = *val++))
+	;
+
+    return(putenv(envstring));
+#endif /* HAVE_SETENV */
+}
diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5
new file mode 100644
index 00000000000..bcc6137b366
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/sudoers.5
@@ -0,0 +1,435 @@
+.rn '' }`
+''' $RCSfile: sudoers.5,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:55 $
+'''
+''' $Log: sudoers.5,v $
+''' Revision 1.1  1996/10/14 05:14:55  millert
+''' sudo 1.5.2
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+.ds L' '
+.ds R' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds L' `
+.ds R' '
+.ds PI \(*p
+'br\}
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH sudoers 5 "1.5.2" "7/Sep/96" "FILE FORMATS"
+.IX Title "sudoers 5"
+.UC
+.IX Name "sudoers - list of which users may execute what as root"
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
+.if n \{\
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
+.\}
+.if t \{\
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
+.\}
+.	\" simple accents for nroff and troff
+.if n \{\
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
+.\}
+.if t \{\
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.	\" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.	\" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+.IX Header "NAME"
+sudoers \- list of which users may execute what as root
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIsudoers\fR file is composed of an optional host alias section,
+an optional command alias section and the user specification section.
+All command or host aliases need to start with their respective keywords
+(ie: Host_Alias, User_Alias, or Cmnd_Alias).
+If there are multiple occurrences of a user, the union of the entries
+will be used.
+.Sh "user specification format:"
+.IX Subsection "user specification format:"
+.PP
+.Vb 1
+\&  user access_group [: access_group] ...
+.Ve
+.Vb 10
+\&    access_group ::= host_type = [(user_list)] [NOPASSWD:] [op]cmnd_type
+\&                     [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ... 
+\&       host_type ::= a lower-case hostname, netgroup, ip address,
+\&                     network number, network number/netmask,
+\&                     or host alias.
+\&       user_list ::= comma-separated list of users, uids, or
+\&                     User_Aliases the user may run commands as
+\&                     (default is root).
+\&       cmnd_type ::= a command OR a command alias.
+\&              op ::= the logical "!" NOT operator.
+.Ve
+.Sh "host alias section format:"
+.IX Subsection "host alias section format:"
+.PP
+.Vb 1
+\&  Host_Alias HOSTALIAS = host-list
+.Ve
+.Vb 4
+\&      Host_Alias ::= a keyword.
+\&       HOSTALIAS ::= an upper-case alias name.
+\&       host-list ::= a comma separated list of hosts, netgroups,
+\&                     ip addresses, networks.
+.Ve
+.Sh "user alias section format:"
+.IX Subsection "user alias section format:"
+.PP
+.Vb 1
+\&  User_Alias USERALIAS = user-list
+.Ve
+.Vb 3
+\&      User_Alias ::= a keyword.
+\&       USERALIAS ::= an upper-case alias name.
+\&       user-list ::= a comma separated list of users, groups, netgroups.
+.Ve
+.Sh "command alias section format:"
+.IX Subsection "command alias section format:"
+.PP
+.Vb 1
+\&  Cmnd_Alias CMNDALIAS = cmnd-list
+.Ve
+.Vb 3
+\&      Cmnd_Alias ::= a keyword.
+\&       CMNDALIAS ::= an upper-case alias name.
+\&       cmnd-list ::= a comma separated list commands.
+.Ve
+.Sh "command specification:"
+.IX Subsection "command specification:"
+.PP
+.Vb 1
+\&  path arg1 arg2 .. argn = command
+.Ve
+.Vb 2
+\&            path ::= a fully qualified pathname.
+\&       arg[1..n] ::= optional command line arguments.
+.Ve
+.Sh "wildcards (aka meta characters):"
+.IX Subsection "wildcards (aka meta characters):"
+\fBsudo\fR allows shell-style \fIwildcards\fR along with command arguments
+in the \fIsudoers\fR file.  Wildcard matching is done via the \fB\s-1POSIX\s0\fR
+\f(CWfnmatch(3)\fR routine.
+.Ip "\f(CW*\fR" 8
+.IX Item "\f(CW*\fR"
+Matches any set of zero or more characters.
+.Ip "\f(CW?\fR" 8
+.IX Item "\f(CW?\fR"
+Matches any single character.
+.Ip "\f(CW[...]\fR" 8
+.IX Item "\f(CW[...]\fR"
+Matches any character in the specified range.
+.Ip "\f(CW[!...]\fR" 8
+.IX Item "\f(CW[!...]\fR"
+Matches any character \fBnot\fR in the specified range.
+.Ip "\f(CW\ex\fR" 8
+.IX Item "\f(CW\ex\fR"
+For any character \*(L"x\*(R", evaluates to \*(L"x\*(R".  This is used to
+escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
+.Sh "exceptions to wildcard rules:"
+.IX Subsection "exceptions to wildcard rules:"
+The following exceptions apply to the above rules:
+.Ip "\f(CW""\fR" 8
+.IX Item "\f(CW""\fR"
+If the empty string \f(CW""\fR is the only command line argument in the
+\fIsudoers\fR entry it means that command may take \fBno\fR arguments.
+.Sh "other special characters and reserved words:"
+.IX Subsection "other special characters and reserved words:"
+Text after a pound sign (\fB#\fR) is considered a comment.
+Words that begin with a percent sign (\fB%\fR) are assumed to
+be \s-1UN\s0*X groups (%staff refers to users in the group \fIstaff\fR).
+Words that begin with a plus sign (\fB+\fR) are assumed to
+be netgroups (\fB+cshosts\fR refers to the netgroup \fIcshosts\fR).
+Long lines can be newline escaped with the backslash \fB\e\fR character.
+The reserved word \fB\s-1NOPASSWD\s0\fR indicates that a user need not
+enter a password for the command listed in that entry.
+.PP
+The reserved alias \fI\s-1ALL\s0\fR can be used for both {Host,User,Cmnd}_Alias.
+\fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used.
+Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands.
+You can subtract elements from the universe by using the syntax:
+   user  host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt...
+Note that the \*(L"!\*(R" notation only works in a user's command list.  You
+may not use it to subtract elements in a User_Alias, Host_Alias,
+Cmnd_Alias or user list.
+.PP
+Commands may have optional command line arguments.  If they do,
+then the arguments in the \fIsudoers\fR file must exactly match those
+on the command line.  It is also possible to have a command's
+arguments span multiple lines as long as the line continuance
+character \*(L"\e\*(R" is used.  The following characters must be escaped
+with a \*(L"\e\*(R" if used in command arguments: \*(L",\*(R", \*(L":\*(R", \*(L"=\*(R", \*(L"\e\*(R".
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+.PP
+.Vb 7
+\&    # Host alias specification
+\&    Host_Alias  HUB=houdini:\e
+\&                REMOTE=merlin,kodiakthorn,spirit
+\&    Host_Alias  SERVERS=houdini,merlin,kodiakthorn,spirit
+\&    Host_Alias  CUNETS=128.138.0.0/255.255.0.0
+\&    Host_Alias  CSNETS=128.138.243.0,128.138.204.0,\e
+\&                       128.138.205.192
+.Ve
+.Vb 3
+\&    # User alias specification
+\&    User_Alias  FULLTIME=millert,dowdy,mikef
+\&    User_Alias  PARTTIME=juola,mccreary,tor
+.Ve
+.Vb 6
+\&    # Command alias specification
+\&    Cmnd_Alias  LPCS=/usr/etc/lpc,/usr/ucb/lprm
+\&    Cmnd_Alias  SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
+\&    Cmnd_Alias  SU=/bin/su
+\&    Cmnd_Alias  MISC=/bin/rm,/bin/cat:\e
+\&                SHUTDOWN=/etc/halt,/etc/shutdown
+.Ve
+.Vb 14
+\&    # User specification
+\&    FULLTIME    ALL=(ALL) NOPASSWD: ALL
+\&    %wheel      ALL=ALL
+\&    PARTTIME    ALL=ALL,!SHELLS,!SU
+\&    +interns    +openlabs=ALL,!SHELLS,!SU
+\&    britt       REMOTE=SHUTDOWN:ALL=LPCS
+\&    jimbo       CUNETS=/bin/su ?*,!/bin/su root
+\&    nieusma     SERVERS=SHUTDOWN,/etc/reboot:\e
+\&                HUB=ALL,!SHELLS
+\&    jill        houdini=/etc/shutdown -[hr] now,MISC
+\&    markm       HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
+\&    davehieb    merlin=ALL:SERVERS=/etc/halt:\e
+\&                kodiakthorn=NOPASSWD: ALL
+\&    steve       CSNETS= (operator) /usr/op_commands/
+.Ve
+.Sh "Host Alias specifications:"
+.IX Subsection "Host Alias specifications:"
+The are four \fIhost aliases\fR.  The first actually contains
+two \fIaliases\fR.  It sets \f(CWHUB\fR to be \f(CWhoudini\fR and \f(CWREMOTE\fR
+to the three machines \f(CWmerlin\fR, \f(CWkodiakthorn\fR and \f(CWspirit\fR.
+Similarly, \f(CWSERVERS\fR is set to the machines \f(CWhoudini\fR, \f(CWmerlin\fR,
+\f(CWkodiakthorn\fR and \f(CWspirit\fR.  The \f(CWCSNETS\fR alias will match
+any host on the 128.138.243.0, 128.138.204.0, or 128.138.205.192
+nets.  The \f(CWCUNETS\fR alias will match any host on the 128.138.0.0
+(class B) network.  Note that these are \fBnetwork\fR addresses, not ip
+addresses.  Unless an explicate netmask is given, the local \fInetmask\fR
+is used to determine whether or not the current host belongs to a network.
+.Sh "User Alias specifications:"
+.IX Subsection "User Alias specifications:"
+The two \fIuser aliases\fR simply groups the \f(CWFULLTIME\fR and
+\f(CWPARTTIME\fR folks into two separate aliases.
+.Sh "Command alias specifications:"
+.IX Subsection "Command alias specifications:"
+Command aliases are lists of commands with or without associated
+command line arguments.  The entries above should be self-explanatory.
+.Sh "User specifications:"
+.IX Subsection "User specifications:"
+.Ip "\s-1FULLTIME\s0" 16
+.IX Item "\s-1FULLTIME\s0"
+Full-time sysadmins in the \f(CWFULLTIME\fR alias may run any
+command on any host as any user without a password.
+.Ip "%wheel" 16
+.IX Item "%wheel"
+Any user in the \s-1UN\s0*X group \f(CWwheel\fR may run any
+command on any host.
+.Ip "\s-1PARTTIME\s0" 16
+.IX Item "\s-1PARTTIME\s0"
+Part-time sysadmins in the \f(CWPARTTIME\fR alias may run any
+command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
+on any host.
+.Ip "+interns" 16
+.IX Item "+interns"
+Any user in the netgroup \f(CWinterns\fR may run any
+command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
+on any host that is in the \f(CWopenlabs\fR netgroup.
+.Ip "britt" 16
+.IX Item "britt"
+The user \f(CWbritt\fR may run commands in the \f(CWSHUTDOWN\fR alias
+on the \f(CWREMOTE\fR machines and commands in the \f(CWLPCS\fR alias
+on any machine.
+.Ip "jimbo" 16
+.IX Item "jimbo"
+The user \f(CWjimbo\fR may \f(CWsu\fR to any user save root on the
+machines on \f(CWCUNETS\fR (which is explicately listed as a class
+B network).
+.Ip "nieusma" 16
+.IX Item "nieusma"
+The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias
+as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and
+any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR
+machines.
+.Ip "jill" 16
+.IX Item "jill"
+The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or
+\f(CW/etc/shutdown -r now\fR as well as the commands in the
+\f(CWMISC\fR alias on houdini.
+.Ip "markm" 16
+.IX Item "markm"
+The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines
+except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed
+in the \f(CWMISC\fR alias.
+.Ip "davehieb" 16
+.IX Item "davehieb"
+The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR,
+\fI/etc/halt\fR on the \f(CWSERVERS\fR.  He may also run any command
+on \f(CWkodiakthorn\fR without giving a password.
+.Ip "steve" 16
+.IX Item "steve"
+The user \f(CWsteve\fR may run any command in the \fI/usr/op_commands/\fR
+directory as user \f(CWoperator\fR on the machines on \f(CWCSNETS\fR.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
+command which locks the file and does grammatical checking. It is
+imperative that the \fIsudoers\fR be free of syntax errors since sudo
+will not run with a syntactically incorrect \fIsudoers\fR file.
+.SH "FILES"
+.IX Header "FILES"
+.PP
+.Vb 2
+\& /etc/sudoers           file of authorized users.
+\& /etc/netgroup          list of network groups.
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3).
+
+.rn }` ''
diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c
new file mode 100644
index 00000000000..b8a198d7adc
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/tgetpass.c
@@ -0,0 +1,275 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  This module contains tgetpass(), getpass(3) with a timeout.
+ *  It should work on any OS that supports sgtty (4BSD), termio (SYSV),
+ *  or termios (POSIX) line disciplines.
+ *
+ *  Todd C. Miller  Sun Jun  5 17:22:31 MDT 1994
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: tgetpass.c,v 1.1 1996/10/14 05:14:56 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <limits.h>
+#include <pwd.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_BSDTYPES_H
+#include <sys/bsdtypes.h>
+#endif /* HAVE_SYS_BSDTYPES_H */
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <sys/time.h>
+#include <signal.h>
+#include <fcntl.h>
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#else
+#ifdef HAVE_TERMIO_H
+#include <termio.h>
+#else
+#include <sgtty.h>
+#include <sys/ioctl.h>
+#endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+#if (SHADOW_TYPE == SPW_SECUREWARE)
+#  ifdef __hpux
+#    include <hpsecurity.h>
+#  else
+#    include <sys/security.h>
+#  endif /* __hpux */ 
+#  include <prot.h>
+#endif /* SPW_SECUREWARE */
+
+#include <pathnames.h>
+#include "compat.h"
+
+#ifndef TCSASOFT
+#define TCSASOFT	0
+#endif /* TCSASOFT */
+
+
+/******************************************************************
+ *
+ *  tgetpass()
+ *
+ *  this function prints a prompt and gets a password from /dev/tty
+ *  or stdin.  Echo is turned off (if possible) during password entry
+ *  and input will time out based on the value of timeout.
+ */
+
+char * tgetpass(prompt, timeout, user, host)
+    const char *prompt;
+    int timeout;
+    char *user;
+    char *host;
+{
+#ifdef HAVE_TERMIOS_H
+    struct termios term;
+#else
+#ifdef HAVE_TERMIO_H
+    struct termio term;
+#else
+    struct sgttyb ttyb;
+#endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+#ifdef POSIX_SIGNALS
+    sigset_t oldmask;
+    sigset_t mask;
+#else
+    int oldmask;
+#endif /* POSIX_SIGNALS */
+    int n, echo;
+    FILE *input, *output;
+    static char buf[_PASSWD_LEN + 1];
+    fd_set readfds;
+    struct timeval tv;
+    char *p;
+
+    /*
+     * mask out SIGINT and SIGTSTP, should probably just catch and deal.
+     */
+#ifdef POSIX_SIGNALS
+    (void) sigemptyset(&mask);
+    (void) sigaddset(&mask, SIGINT);
+    (void) sigaddset(&mask, SIGTSTP);
+    (void) sigprocmask(SIG_BLOCK, &mask, &oldmask);
+#else
+    oldmask = sigblock(sigmask(SIGINT)|sigmask(SIGTSTP));
+#endif
+
+    /*
+     * open /dev/tty for reading/writing if possible or use
+     * stdin and stderr instead.
+     */
+    if ((input = fopen(_PATH_TTY, "r+")) == NULL) {
+	input = stdin;
+	output = stderr;
+	(void) fflush(output);
+    } else {
+	output = input;
+    }
+
+    /*
+     * turn off echo
+     */
+#ifdef HAVE_TERMIOS_H
+    (void) tcgetattr(fileno(input), &term);
+    if ((echo = (term.c_lflag & ECHO))) {
+	term.c_lflag &= ~ECHO;
+	(void) tcsetattr(fileno(input), TCSAFLUSH|TCSASOFT, &term);
+    }
+#else
+#ifdef HAVE_TERMIO_H
+    (void) ioctl(fileno(input), TCGETA, &term);
+    if ((echo = (term.c_lflag & ECHO))) {
+	term.c_lflag &= ~ECHO;
+	(void) ioctl(fileno(input), TCSETA, &term);
+    }
+#else
+    (void) ioctl(fileno(input), TIOCGETP, &ttyb);
+    if ((echo = (ttyb.sg_flags & ECHO))) {
+	ttyb.sg_flags &= ~ECHO;
+	(void) ioctl(fileno(input), TIOCSETP, &ttyb);
+    }
+#endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+
+    /* print the prompt */
+    if (prompt) {
+	p = (char *) prompt;
+	do {
+	    /* expand %u -> username, %h -> host */
+	    switch (*p) {
+		case '%':   if (user && *(p+1) == 'u') {
+				(void) fputs(user, output);
+				p++;
+				break;
+			    } else if (host && *(p+1) == 'h') {
+				(void) fputs(host, output);
+				p++;
+				break;
+			    }
+
+		default:    (void) fputc(*p, output);
+	    }
+	} while (*(++p));
+    }
+
+    /* rewind if necesary */
+    if (input == output) {
+	(void) fflush(output);
+	(void) rewind(output);
+    }
+
+    /*
+     * Timeout of <= 0 means no timeout
+     */
+    if (timeout > 0) {
+	/* setup for select(2) */
+	FD_ZERO(&readfds);
+	FD_SET(fileno(input), &readfds);
+
+	/* set timeout for select */
+	tv.tv_sec = timeout;
+	tv.tv_usec = 0;
+
+	/* how many file descriptors may we have? */
+#ifdef HAVE_SYSCONF
+	n = sysconf(_SC_OPEN_MAX);
+#else
+	n = getdtablesize();
+#endif /* HAVE_SYSCONF */
+
+	/*
+	 * get password or return empty string if nothing to read by timeout
+	 */
+	buf[0] = '\0';
+	if (select(n, &readfds, 0, 0, &tv) > 0 && fgets(buf, sizeof(buf), input)) {
+	    n = strlen(buf);
+	    if (buf[n - 1] == '\n')
+		buf[n - 1] = '\0';
+	}
+    } else {
+	buf[0] = '\0';
+	if (fgets(buf, sizeof(buf), input)) {
+	    n = strlen(buf);
+	    if (buf[n - 1] == '\n')
+		buf[n - 1] = '\0';
+	}
+    }
+
+     /* turn on echo */
+#ifdef HAVE_TERMIOS_H
+    if (echo) {
+	term.c_lflag |= ECHO;
+	(void) tcsetattr(fileno(input), TCSAFLUSH|TCSASOFT, &term);
+    }
+#else
+#ifdef HAVE_TERMIO_H
+    if (echo) {
+	term.c_lflag |= ECHO;
+	(void) ioctl(fileno(input), TCSETA, &term);
+    }
+#else
+    if (echo) {
+	ttyb.sg_flags |= ECHO;
+	(void) ioctl(fileno(input), TIOCSETP, &ttyb);
+    }
+#endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+
+    /* rewind if necesary */
+    if (input == output) {
+	(void) fflush(output);
+	(void) rewind(output);
+    }
+
+    /* print a newline since echo is turned off */
+    (void) fputc('\n', output);
+
+    /* restore old signal mask */
+#ifdef POSIX_SIGNALS
+    (void) sigprocmask(SIG_SETMASK, &oldmask, NULL);
+#else
+    (void) sigsetmask(oldmask);
+#endif
+
+    /* close /dev/tty if that's what we opened */
+    if (input != stdin)
+	(void) fclose(input);
+
+    return(buf);
+}
diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h
new file mode 100644
index 00000000000..6cb682af53c
--- /dev/null
+++ b/gnu/usr.bin/sudo/sudo/version.h
@@ -0,0 +1,28 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *  $Id: version.h,v 1.1 1996/10/14 05:14:56 millert Exp $
+ */
+
+#ifndef _SUDO_VERSION_H
+#define _SUDO_VERSION_H
+
+static char version[] = "1.5.2";
+
+#endif /* _SUDO_VERSION_H */
diff --git a/gnu/usr.bin/sudo/visudo/Makefile b/gnu/usr.bin/sudo/visudo/Makefile
new file mode 100644
index 00000000000..c19e408ed38
--- /dev/null
+++ b/gnu/usr.bin/sudo/visudo/Makefile
@@ -0,0 +1,23 @@
+#       $OpenBSD: Makefile,v 1.1 1996/10/14 05:14:57 millert Exp $
+
+PROG=	visudo
+MAN=	visudo.8
+CFLAGS+=-I${.CURDIR}/../sudo -I.
+SRCS=	y.tab.c lex.yy.c visudo.c
+CLEANFILES+=y.tab.c y.tab.h lex.yy.c
+
+LDADD=  -lcompat
+DPADD=  ${LIBCOMPAT}
+
+BINOWN=	root
+BINMODE=111
+BINDIR?=/usr/sbin
+
+.include <bsd.prog.mk>
+
+lex.yy.c: ${.CURDIR}/../sudo/parse.lex
+	rm -f lex.yy.c
+	$(LEX) ${.CURDIR}/../sudo/parse.lex
+
+y.tab.c y.tab.h: ${.CURDIR}/../sudo/parse.yacc
+	$(YACC) -d ${.CURDIR}/../sudo/parse.yacc
diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8
new file mode 100644
index 00000000000..1a976177f42
--- /dev/null
+++ b/gnu/usr.bin/sudo/visudo/visudo.8
@@ -0,0 +1,266 @@
+.rn '' }`
+''' $RCSfile: visudo.8,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:58 $
+'''
+''' $Log: visudo.8,v $
+''' Revision 1.1  1996/10/14 05:14:58  millert
+''' sudo 1.5.2
+'''
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \(*W-|\(bv\*(Tr
+.ie n \{\
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+.ds L' '
+.ds R' '
+'br\}
+.el\{\
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds L' `
+.ds R' '
+.ds PI \(*p
+'br\}
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+.TH visudo 8 "1.5.2" "7/Sep/96" "MAINTENANCE COMMANDS"
+.IX Title "visudo 8"
+.UC
+.IX Name "visudo - edit the sudoers file"
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
+.if n \{\
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
+.\}
+.if t \{\
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
+.\}
+.	\" simple accents for nroff and troff
+.if n \{\
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
+.\}
+.if t \{\
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.	\" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.	\" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+.SH "NAME"
+.IX Header "NAME"
+visudo \- edit the sudoers file
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\fBvisudo\fR [ \fB\-V\fR ]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
+\fIvipw\fR\|(8).  \fBvisudo\fR locks the \fIsudoers\fR file against multiple
+simultaneous edits, provides basic sanity checks, and checks
+for parse errors.  If the \fIsudoers\fR file is currently being
+edited you will receive a message to try again later.  In the
+default configuration, the \fIvi\fR\|(1) editor is used, but there is
+a compile time option to allow use of whatever editor the
+environmental variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
+.PP
+\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
+not save the changes if there is a syntax error.  Upon finding
+an error, a message will be printed stating the line \fInumber\fR\|(s)
+that the error occurred on and the user will receive the
+\*(L"What now?\*(R" prompt.  At this point the user may enter \*(L"e\*(R"
+to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
+saving the changes, or \*(L"q\*(R" to quit and save changes.  The
+\*(L"q\*(R" option should be used with extreme care because if \fBvisudo\fR
+believes there to be a parse error, so will \fBsudo\fR and no one
+will be able to execute \fBsudo\fR again until the error is fixed.
+Any other command at this prompt will print a short help message.
+When editing the \fIsudoers\fR file after a parse error has been
+detected the cursor will be placed on the line where the error
+occurred (if the editor supports this feature).
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\fBvisudo\fR accepts the following command line option:
+.Ip "-V" 4
+.IX Item "-V"
+The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
+and exit.
+.SH "FILES"
+.IX Header "FILES"
+.PP
+.Vb 2
+\& /etc/sudoers           file of authorized users.
+\& /etc/stmp              lock file for visudo.
+.Ve
+.SH "ENVIRONMENT VARIABLES"
+.IX Header "ENVIRONMENT VARIABLES"
+The following are used only if \fBvisudo\fR was compiled with the
+\fIENV_EDITOR\fR option:
+.PP
+.Vb 2
+\& EDITOR                 Used by visudo as the editor to use.
+\& VISUAL                 Used by visudo if EDITOR is not set.
+.Ve
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Many people have worked on \fIsudo\fR over the years, this version of
+\fBvisudo\fR was written by:
+.PP
+.Vb 1
+\& Todd Miller            <Todd.Miller@courtesan.com>
+.Ve
+See the HISTORY file in the sudo distribution for more details.
+.PP
+Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+.PP
+You should have received a copy of the GNU General Public License along
+with this program; if not, write to the Free Software Foundation, Inc.,
+675 Mass Ave, Cambridge, MA 02139, USA.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+Due to the syntax of the \fIsudoers\fR file, there is no way
+for \fBvisudo\fR to tell the difference between a mistyped
+{Host,User,Cmnd}_Alias and a user or host name.
+.PP
+There is no easy way to prevent a user from gaining a root shell if 
+the editor used by \fBvisudo\fR allows shell escapes.
+.SH "BUGS"
+.IX Header "BUGS"
+The \fI\-V\fR flag gives the version of the \fIsudo\fR package rather than
+the individual \fBvisudo\fR program.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\fIsudo\fR\|(8), \fIvipw\fR\|(8).
+
+.rn }` ''
diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c
new file mode 100644
index 00000000000..85099e75715
--- /dev/null
+++ b/gnu/usr.bin/sudo/visudo/visudo.c
@@ -0,0 +1,512 @@
+/*
+ *  CU sudo version 1.5.2
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 1, or (at your option)
+ *  any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *  Please send bugs, changes, problems to sudo-bugs@courtesan.com
+ *
+ *******************************************************************
+ *
+ *  visudo.c -- locks the sudoers file for safe editing and check
+ *  for parse errors.
+ *
+ *  Todd C. Miller (millert@colorado.edu) Sat Mar 25 21:50:36 MST 1995
+ */
+
+#ifndef lint
+static char rcsid[] = "$Id: visudo.c,v 1.1 1996/10/14 05:14:58 millert Exp $";
+#endif /* lint */
+
+#include "config.h"
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+#include <stdlib.h>
+#endif /* STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+#include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <ctype.h>
+#include <pwd.h>
+#include <signal.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <netinet/in.h>
+
+#include "sudo.h"
+#include <options.h>
+#include "version.h"
+
+#ifndef STDC_HEADERS
+#ifndef __GNUC__	/* gcc has its own malloc */
+extern char *malloc	__P((size_t));
+#endif /* __GNUC__ */
+extern char *getenv	__P((const char *));
+extern int stat		__P((const char *, struct stat *));
+#endif /* !STDC_HEADERS */
+
+#if defined(POSIX_SIGNALS) && !defined(SA_RESETHAND)
+#define SA_RESETHAND    0
+#endif /* POSIX_SIGNALS && !SA_RESETHAND */
+
+/*
+ * Function prototypes
+ */
+static void usage		__P((void));
+static char whatnow		__P((void));
+static void whatnow_help	__P((void));
+static RETSIGTYPE Exit		__P((int));
+static void setup_signals	__P((void));
+int command_matches		__P((char *, char *, char *, char *));
+int addr_matches		__P((char *));
+int netgr_matches		__P((char *, char *, char *));
+int usergr_matches		__P((char *, char *));
+void init_parser		__P((void));
+
+
+/*
+ * External globals
+ */
+extern FILE *yyin, *yyout;
+extern int errorlineno, sudolineno;
+
+
+/*
+ * Globals
+ */
+char **Argv;
+char **NewArgv = NULL;
+int NewArgc = 0;
+char *sudoers = _PATH_SUDO_SUDOERS;
+char *stmp = _PATH_SUDO_STMP;
+int parse_error = FALSE;
+char *runas_user = "root";
+
+/*
+ * For the parsing routines
+ */
+char host[] = "";
+char *shost = "";
+char *cmnd = "";
+char *cmnd_args = NULL;
+struct passwd *user_pw_ent;
+
+
+/********************************************************************
+ *
+ *  main()
+ *
+ *  where it all begins...
+ */
+
+int main(argc, argv)
+    int argc;
+    char **argv;
+{
+    char buf[BUFSIZ];			/* buffer used for copying files */
+    char * Editor = EDITOR;		/* editor to use (default is EDITOR */
+    int sudoers_fd;			/* sudoers file descriptor */
+    int stmp_fd;			/* stmp file descriptor */
+    int n;				/* length parameter */
+
+    (void) setbuf(stderr, (char *)NULL);	/* unbuffered stderr */
+
+    /*
+     * Parse command line options
+     */
+    Argv = argv;
+
+    /*
+     * If passesd -V then print version, else print usage
+     * if any other option...
+     */
+    if (argc == 2)
+	if (!strcmp(Argv[1], "-V")) {
+	    (void) printf("visudo version %s\n", version);
+	    exit(0);
+	} else {
+	    usage();
+	}
+    else if (argc != 1)
+	usage();
+
+    /* user_pw_ent needs to point to something... */
+    user_pw_ent = getpwuid(getuid());
+
+#ifdef ENV_EDITOR
+    /*
+     * If we are allowing EDITOR and VISUAL envariables set Editor
+     * base on whichever exists...
+     */
+    if (!(Editor = getenv("EDITOR")))
+	if (!(Editor = getenv("VISUAL")))
+	    Editor = EDITOR;
+#endif /* ENV_EDITOR */
+
+    /*
+     * Copy sudoers file to stmp
+     */
+    stmp_fd = open(stmp, O_WRONLY | O_CREAT | O_EXCL, 0600);
+    if (stmp_fd < 0) {
+	if (errno == EEXIST) {
+	    (void) fprintf(stderr, "%s: sudoers file busy, try again later.\n",
+		Argv[0]);
+	    exit(1);
+	}
+	(void) fprintf(stderr, "%s: ", Argv[0]);
+	perror(stmp);
+	Exit(1);
+    }
+
+    /* install signal handler to clean up stmp */
+    setup_signals();
+
+    sudoers_fd = open(sudoers, O_RDONLY);
+    if (sudoers_fd < 0) {
+	(void) fprintf(stderr, "%s: ", Argv[0]);
+	perror(sudoers);
+	Exit(1);
+    }
+
+    /*
+     * Copy the data
+     */
+    while ((n = read(sudoers_fd, buf, sizeof(buf))) > 0)
+	if (write(stmp_fd, buf, n) != n) {
+	    (void) fprintf(stderr, "%s: Write failed: ", Argv[0]);
+	    perror("");
+	    Exit(1);
+	}
+
+    (void) close(sudoers_fd);
+    (void) close(stmp_fd);
+
+    /*
+     * Edit the temp file and parse it (for sanity checking)
+     */
+    do {
+	/*
+	 * Build up a buffer to execute
+	 */
+	if (parse_error == TRUE)
+	    (void) sprintf(buf, "%s +%d %s", Editor, errorlineno, stmp);
+	else
+	    (void) sprintf(buf, "%s %s", Editor, stmp);
+
+	/* do the edit -- some SYSV editors return 256 instead of 0 */
+	n = system(buf);
+	if (n == 0 || n == 256) {
+	    struct stat statbuf;	/* for sanity checking */
+
+	    /* make sure stmp exists */
+	    if (stat(stmp, &statbuf) < 0) {
+		(void) fprintf(stderr,
+		    "%s: Can't stat temporary file (%s), %s unchanged.\n",
+		    Argv[0], stmp, sudoers);
+		Exit(1);
+	    }
+
+	    /* check for zero length file */
+	    if (statbuf.st_size == 0) {
+		(void) fprintf(stderr,
+		    "%s: Zero length temporary file (%s), %s unchanged.\n",
+		    Argv[0], stmp, sudoers);
+		Exit(1);
+	    }
+
+	    /*
+	     * passed sanity checks so reopen stmp file and check
+	     * for parse errors.
+	     */
+	    yyout = stdout;
+	    if (parse_error)
+		yyin = freopen(stmp, "r", yyin);
+	    else
+		yyin = fopen(stmp, "r");
+	    if (yyin == NULL) {
+		(void) fprintf(stderr,
+		    "%s: Can't re-open temporary file (%s), %s unchanged.\n",
+		    Argv[0], stmp, sudoers);
+		Exit(1);
+	    }
+
+	    /* clean slate for each parse */
+	    init_parser();
+
+	    /* parse the sudoers file */
+	    if (yyparse()) {
+		(void) fprintf(stderr,
+		    "%s: Failed to parse temporary file (%s), %s unchanged.\n",
+		    Argv[0], stmp, sudoers);
+		Exit(1);
+	    }
+	} else {
+	    (void) fprintf(stderr, "%s: Editor (%s) failed, %s unchanged.\n",
+		Argv[0], Editor, sudoers);
+	    Exit(1);
+	}
+
+	/*
+	 * Prompt the user for what to do now
+	 */
+	if (parse_error == TRUE) {
+	    switch (whatnow()) {
+		case 'q' :	parse_error = FALSE;	/* ignore parse error */
+				break;
+		case 'x' :	Exit(0);
+				break;
+	    }
+	}
+    } while (parse_error == TRUE);
+
+    /*
+     * Change mode and ownership of temp file so when
+     * we move it to sudoers things are kosher.
+     */
+    if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
+	(void) fprintf(stderr,
+	    "%s: Unable to set (uid, gid) of %s to (%d, %d): ",
+	    Argv[0], stmp, SUDOERS_UID, SUDOERS_GID);
+	perror("");
+	Exit(1);
+    }
+    if (chmod(stmp, SUDOERS_MODE)) {
+	(void) fprintf(stderr,
+	    "%s: Unable to change mode of %s to %o: ",
+	    Argv[0], stmp, SUDOERS_MODE);
+	perror("");
+	Exit(1);
+    }
+
+    /*
+     * Now that we have a sane stmp file (parse ok) it needs to be
+     * rename(2)'d to sudoers.  If the rename(2) fails we try using
+     * mv(1) in case stmp and sudoers are on different filesystems.
+     */
+    if (rename(stmp, sudoers))
+	if (errno == EXDEV) {
+	    char *tmpbuf;
+
+	    (void) fprintf(stderr,
+	      "%s: %s and %s not on the same filesystem, using mv to rename.\n",
+	      Argv[0], stmp, sudoers);
+
+	    /* Allocate just enough space for tmpbuf */
+	    n = sizeof(char) * (strlen(_PATH_MV) + strlen(stmp) +
+		  strlen(sudoers) + 4);
+	    if ((tmpbuf = (char *) malloc(n)) == NULL) {
+		(void) fprintf(stderr,
+			      "%s: Cannot alocate memory, %s unchanged: ",
+			      Argv[0], sudoers);
+		perror("");
+		Exit(1);
+	    }
+
+	    /* Build up command and execute it */
+	    (void) sprintf(tmpbuf, "%s %s %s", _PATH_MV, stmp, sudoers);
+	    if (system(tmpbuf)) {
+		(void) fprintf(stderr,
+			       "%s: Command failed: '%s', %s unchanged.\n",
+			       Argv[0], tmpbuf, sudoers);
+		Exit(1);
+	    }
+	    (void) free(tmpbuf);
+	} else {
+	    (void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: ",
+				   Argv[0], stmp, sudoers);
+	    perror("");
+	    Exit(1);
+	}
+
+    return(0);
+}
+
+
+/********************************************************************
+ *
+ *  dummy *_matches routines
+ *
+ *  These exist to allow us to use the same parser as sudo(8).
+ */
+
+int command_matches(cmnd, user_args, path, sudoers_args)
+    char *cmnd;
+    char *user_args;
+    char *path;
+    char *sudoers_args;
+{
+    return(TRUE);
+}
+
+
+int addr_matches(n)
+    char *n;
+{
+    return(TRUE);
+}
+
+int usergr_matches(g, u)
+    char *g, *u;
+{
+    return(TRUE);
+}
+
+
+int netgr_matches(n, h, u)
+    char *n, *h, *u;
+{
+    return(TRUE);
+}
+
+
+/********************************************************************
+ *
+ *  usage()
+ *
+ *  Prints a help message and exits w/ exit value of 1.
+ */
+
+static void usage()
+{
+    (void) fprintf(stderr, "usage: %s [-V]\n", Argv[0]);
+    Exit(1);
+}
+
+
+/********************************************************************
+ *
+ *  Exit()
+ *
+ *  Unlinks the sudoers temp file (if it exists) and exits.
+ *  Used in place of a normal exit() and as a signal handler.
+ */
+
+static RETSIGTYPE Exit(sig)
+    int sig;
+{
+    (void) unlink(stmp);
+    exit(sig);
+}
+
+
+/********************************************************************
+ *
+ *  whatnow()
+ *
+ *  Assuming a parse error occurred, prompt the user for what they want
+ *  to do now.  Returns first letter of their choice (always lowercase).
+ */
+
+static char whatnow()
+{
+    char choice;
+    int ok;
+
+    do {
+	ok = FALSE;
+	(void) printf("What now? ");
+	if ((choice = fgetc(stdin)) != '\n')
+	    while (fgetc(stdin) != '\n')
+		;
+
+	/* safely force to lower case */
+	if (isupper(choice))
+	    choice = tolower(choice);
+
+	if (choice == 'e' || choice == 'x' || choice == 'q')
+	    ok = TRUE;
+
+	/* help message if they gavce us garbage */
+	if (!ok)
+	    whatnow_help();
+
+    } while (!ok);
+
+    return(choice);
+}
+
+
+/********************************************************************
+ *
+ *  whatnow_help()
+ *
+ *  Print out a help message for whatnow().
+ */
+
+static void whatnow_help()
+{
+    (void) printf("Options are:\n");
+    (void) printf("  (e)dit sudoers file again\n");
+    (void) printf("  e(x)it without saving changes to sudoers file\n");
+    (void) printf("  (q)uit and save changes to sudoers file (DANGER!)\n\n");
+}
+
+
+/********************************************************************
+ *
+ *  setup_signals()
+ *
+ *  Install signal handlers for visudo.
+ */
+
+static void setup_signals()
+{
+#ifdef POSIX_SIGNALS
+	struct sigaction action;		/* posix signal structure */
+#endif /* POSIX_SIGNALS */
+
+	/*
+	 * Setup signal handlers
+	 */
+#ifdef POSIX_SIGNALS
+	(void) memset((VOID *)&action, 0, sizeof(action));
+	action.sa_handler = Exit;
+	action.sa_flags = SA_RESETHAND;
+	(void) sigaction(SIGILL, &action, NULL);
+	(void) sigaction(SIGTRAP, &action, NULL);
+	(void) sigaction(SIGBUS, &action, NULL);
+	(void) sigaction(SIGSEGV, &action, NULL);
+	(void) sigaction(SIGTERM, &action, NULL);
+
+	action.sa_handler = SIG_IGN;
+	action.sa_flags = 0;
+	(void) sigaction(SIGHUP, &action, NULL);
+	(void) sigaction(SIGINT, &action, NULL);
+	(void) sigaction(SIGQUIT, &action, NULL);
+#else
+	(void) signal(SIGILL, Exit);
+	(void) signal(SIGTRAP, Exit);
+	(void) signal(SIGBUS, Exit);
+	(void) signal(SIGSEGV, Exit);
+	(void) signal(SIGTERM, Exit);
+
+	(void) signal(SIGHUP, SIG_IGN);
+	(void) signal(SIGINT, SIG_IGN);
+	(void) signal(SIGQUIT, SIG_IGN);
+#endif /* POSIX_SIGNALS */
+}