update to sudo 1.6.8p5

16 files changed, 129 insertions, 110 deletions

diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES
index 2cad65eb6c1..d4d5ab765d5 100644
--- a/usr.bin/sudo/CHANGES
+++ b/usr.bin/sudo/CHANGES
@@ -1751,3 +1751,16 @@ Sudo 1.6.8p3 released.
      execution for password lookups that use GSSAPI.
 
 Sudo 1.6.8p4 released.
+
+553) Added a configure check for systems with a 2-argument version of
+     timespecsub (like BSD/OS).
+
+554) Added stub struct defintions to sudo.h to quiet compiler warnings
+     on some systems.
+
+555) In sudoers Defaults lines, tuples like "lecture" may now be used
+     without a value, restoring their old boolean-like nature.
+
+556) Invalid values for a tuple are now handled correctly.
+
+Sudo 1.6.8p5 released.
diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in
index 93a8db2f3e4..b5585b65a94 100644
--- a/usr.bin/sudo/Makefile.in
+++ b/usr.bin/sudo/Makefile.in
@@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
 
 LIBOBJS = @LIBOBJS@ @ALLOCA@
 
-VERSION = 1.6.8p4
+VERSION = 1.6.8p5
 
 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
 	    LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \
diff --git a/usr.bin/sudo/config.h b/usr.bin/sudo/config.h
index 56608f4e786..cfdc91667e0 100644
--- a/usr.bin/sudo/config.h
+++ b/usr.bin/sudo/config.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: config.h,v 1.2 2004/09/28 15:10:51 millert Exp $	*/
+/*	$OpenBSD: config.h,v 1.3 2004/11/29 17:29:04 millert Exp $	*/
 
 #ifndef _SUDO_CONFIG_H
 #define _SUDO_CONFIG_H
@@ -20,7 +20,7 @@
 #define HAVE_GETCWD
 #define HAVE_GETDOMAINNAME
 #define HAVE_GETIFADDRS
-#define HAVE_GETTTIMEOFDAY
+#define HAVE_GETTIMEOFDAY
 #define HAVE_INITGROUPS
 #define HAVE_INNETGR
 #define HAVE_INTTYPES_H
diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in
index 4d0c77329f6..5decf693e97 100644
--- a/usr.bin/sudo/config.h.in
+++ b/usr.bin/sudo/config.h.in
@@ -144,8 +144,8 @@
    passwords) */
 #undef HAVE_GETSPWUID
 
-/* Define to 1 if you have the `getttimeofday' function. */
-#undef HAVE_GETTTIMEOFDAY
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
 
 /* Define to 1 if your Kerberos is Heimdal. */
 #undef HAVE_HEIMDAL
@@ -353,6 +353,10 @@
 /* Define to 1 if you have struct timespec in sys/time.h */
 #undef HAVE_TIMESPEC
 
+/* Define to 1 if you have a timespecsub macro or function that takes
+   two arguments (not three) */
+#undef HAVE_TIMESPECSUB2
+
 /* Define to 1 if you have the `tzset' function. */
 #undef HAVE_TZSET
 
diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure
index 5331165f422..710fa2ab07e 100644
--- a/usr.bin/sudo/configure
+++ b/usr.bin/sudo/configure
@@ -24675,8 +24675,9 @@ esac
 
 
 
+
 for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
-	       strftime setrlimit initgroups fstat
+	       strftime setrlimit initgroups fstat gettimeofday
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -26442,87 +26443,8 @@ else
 fi
 done
 
-
-for ac_func in getttimeofday
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func (); below.
-    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
-    <limits.h> exists even on freestanding compilers.  */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-char (*f) () = $ac_func;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != $ac_func;
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  eval "$as_ac_var=yes"
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
- echo "$as_me:$LINENO: checking for struct stat.st_mtim" >&5
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+    echo "$as_me:$LINENO: checking for struct stat.st_mtim" >&5
 echo $ECHO_N "checking for struct stat.st_mtim... $ECHO_C" >&6
 if test "${ac_cv_member_struct_stat_st_mtim+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -26703,9 +26625,57 @@ fi
 
 fi
 
-fi
-done
+    echo "$as_me:$LINENO: checking for two-parameter timespecsub" >&5
+echo $ECHO_N "checking for two-parameter timespecsub... $ECHO_C" >&6
+    cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+int
+main ()
+{
+struct timespec ts1, ts2;
+ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
+#ifndef timespecsub
+#error missing timespecsub
+#endif
+timespecsub(&ts1, &ts2);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  cat >>confdefs.h <<\_ACEOF
+#define HAVE_TIMESPECSUB2 1
+_ACEOF
+
+	echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
 
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
 cat >conftest.$ac_ext <<_ACEOF
 #line $LINENO "configure"
 /* confdefs.h.  */
@@ -31604,3 +31574,7 @@ fi
 
 
 
+
+
+
+
diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in
index c569f154998..a963b487475 100644
--- a/usr.bin/sudo/configure.in
+++ b/usr.bin/sudo/configure.in
@@ -1683,7 +1683,7 @@ dnl
 dnl Function checks
 dnl
 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
-	       strftime setrlimit initgroups fstat)
+	       strftime setrlimit initgroups fstat gettimeofday)
 AC_CHECK_FUNCS(seteuid, , [AC_DEFINE(NO_SAVED_IDS)])
 if test -z "$SKIP_SETRESUID"; then
     AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
@@ -1709,7 +1709,19 @@ SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), AC_LIBOBJ(fnmatch))
 SUDO_FUNC_ISBLANK
 AC_REPLACE_FUNCS(strerror strcasecmp sigaction strlcpy strlcat closefrom)
 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
-AC_CHECK_FUNCS(getttimeofday, [AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])])
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+    AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
+    AC_MSG_CHECKING([for two-parameter timespecsub])
+    AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/time.h>], [struct timespec ts1, ts2;
+ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
+#ifndef timespecsub
+#error missing timespecsub
+#endif
+timespecsub(&ts1, &ts2);],
+	[AC_DEFINE(HAVE_TIMESPECSUB2)
+	AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
+fi
 dnl
 dnl Check for the dirfd function/macro.  If not found, look for dd_fd in DIR.
 dnl
@@ -2257,6 +2269,7 @@ AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member
 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
+AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
diff --git a/usr.bin/sudo/def_data.c b/usr.bin/sudo/def_data.c
index b54f262a27a..698934f29df 100644
--- a/usr.bin/sudo/def_data.c
+++ b/usr.bin/sudo/def_data.c
@@ -15,8 +15,8 @@ static struct def_values def_data_listpw[] = {
 
 static struct def_values def_data_verifypw[] = {
     { "never", never },
-    { "any", any },
     { "all", all },
+    { "any", any },
     { "always", always },
     { NULL, 0 },
 };
diff --git a/usr.bin/sudo/def_data.in b/usr.bin/sudo/def_data.in
index 2c1b7a4f206..c6e19b21fe3 100644
--- a/usr.bin/sudo/def_data.in
+++ b/usr.bin/sudo/def_data.in
@@ -166,7 +166,7 @@ listpw
 verifypw
 	T_TUPLE|T_BOOL
 	"When to require a password for 'verify' pseudocommand: %s"
-	never any all always
+	never all any always
 noexec
 	T_FLAG
 	"Preload the dummy exec functions contained in 'noexec_file'"
diff --git a/usr.bin/sudo/defaults.c b/usr.bin/sudo/defaults.c
index 7839a67c050..667f44a4a5f 100644
--- a/usr.bin/sudo/defaults.c
+++ b/usr.bin/sudo/defaults.c
@@ -345,13 +345,10 @@ set_default(var, val, op)
 	    }
 	    break;
 	case T_TUPLE:
-	    if (!val) {
-		/* Check for bogus boolean usage or lack of a value. */
-		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
-		    warnx("no value specified for `%s' on line %d",
-			var, sudolineno);
-		    return(FALSE);
-		}
+	    if (!val && !ISSET(cur->type, T_BOOL)) {
+		warnx("no value specified for `%s' on line %d",
+		    var, sudolineno);
+		return(FALSE);
 	    }
 	    if (!store_tuple(val, cur, op)) {
 		warnx("value `%s' is invalid for option `%s'", val, var);
@@ -564,16 +561,16 @@ store_tuple(val, def, op)
      * This does assume that the first entry in the tuple enum will
      * be the equivalent to a boolean "false".
      */
-    if (op == FALSE) {
-	def->sd_un.ival = 0;
+    if (!val) {
+	def->sd_un.ival = (op == FALSE) ? 0 : 1;
     } else {
-	for (v = def->values; v != NULL; v++) {
+	for (v = def->values; v->sval != NULL; v++) {
 	    if (strcmp(v->sval, val) == 0) {
 		def->sd_un.ival = v->ival;
 		break;
 	    }
 	}
-	if (v == NULL)
+	if (v->sval == NULL)
 	    return(FALSE);
     }
     if (def->callback)
diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8
index 43daf487c27..e0400a3e17b 100644
--- a/usr.bin/sudo/sudo.8
+++ b/usr.bin/sudo/sudo.8
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO 8"
-.TH SUDO 8 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudo, sudoedit \- execute a command as another user
 .SH "SYNOPSIS"
diff --git a/usr.bin/sudo/sudo.h b/usr.bin/sudo/sudo.h
index 9e073b16d9b..51dc51fc8ad 100644
--- a/usr.bin/sudo/sudo.h
+++ b/usr.bin/sudo/sudo.h
@@ -161,6 +161,10 @@ struct sudo_user {
 #define TGP_ECHO	0x01		/* leave echo on when reading passwd */
 #define TGP_STDIN	0x02		/* read from stdin, not /dev/tty */
 
+struct passwd;
+struct timespec;
+struct timeval;
+
 /*
  * Function prototypes
  */
diff --git a/usr.bin/sudo/sudo_edit.c b/usr.bin/sudo/sudo_edit.c
index 93cf275a0a4..f765e8a0a7d 100644
--- a/usr.bin/sudo/sudo_edit.c
+++ b/usr.bin/sudo/sudo_edit.c
@@ -293,7 +293,11 @@ int sudo_edit(argc, argv)
 		 * If mtime and size match but the user spent no measurable
 		 * time in the editor we can't tell if the file was changed.
 		 */
+#ifdef HAVE_TIMESPECSUB2
+		timespecsub(&ts1, &ts2);
+#else
 		timespecsub(&ts1, &ts2, &ts2);
+#endif
 		if (timespecisset(&ts2)) {
 		    warnx("%s unchanged", tf[i].ofile);
 		    unlink(tf[i].tfile);
diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5
index a7d68d71050..3fc10e1a7be 100644
--- a/usr.bin/sudo/sudoers.5
+++ b/usr.bin/sudo/sudoers.5
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS 5"
-.TH SUDOERS 5 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
+.TH SUDOERS 5 "November 28, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
 .SH "NAME"
 sudoers \- list of which users may execute what
 .SH "DESCRIPTION"
@@ -728,6 +728,8 @@ Always lecture the user.
 .RE
 .RS 12
 .Sp
+If no value is specified, a value of \fIonce\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
 The default value is \fIonce\fR.
 .RE
 .IP "lecture_file" 12
@@ -780,7 +782,9 @@ The user must always enter a password to use the \fB\-v\fR flag.
 .RE
 .RS 12
 .Sp
-The default value is `all'.
+If no value is specified, a value of \fIall\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIall\fR.
 .RE
 .IP "listpw" 12
 .IX Item "listpw"
@@ -804,7 +808,9 @@ The user must always enter a password to use the \fB\-l\fR flag.
 .RE
 .RS 12
 .Sp
-The default value is `any'.
+If no value is specified, a value of \fIany\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIany\fR.
 .RE
 .PP
 \&\fBLists that can be used in a boolean context\fR:
diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h
index 44b5b9cd792..3f06dfbc986 100644
--- a/usr.bin/sudo/version.h
+++ b/usr.bin/sudo/version.h
@@ -23,6 +23,6 @@
 #ifndef _SUDO_VERSION_H
 #define _SUDO_VERSION_H
 
-static const char version[] = "1.6.8p4";
+static const char version[] = "1.6.8p5";
 
 #endif /* _SUDO_VERSION_H */
diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8
index 5d99ce0d241..d871eb4ec87 100644
--- a/usr.bin/sudo/visudo.8
+++ b/usr.bin/sudo/visudo.8
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VISUDO 8"
-.TH VISUDO 8 "November 17, 2004" "1.6.8p4" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS"
 .SH "NAME"
 visudo \- edit the sudoers file
 .SH "SYNOPSIS"
diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c
index bafe08e8b08..5d500065a2c 100644
--- a/usr.bin/sudo/visudo.c
+++ b/usr.bin/sudo/visudo.c
@@ -437,7 +437,11 @@ main(argc, argv)
 	 * If mtime and size match but the user spent no measurable
 	 * time in the editor we can't tell if the file was changed.
 	 */
+#ifdef HAVE_TIMESPECSUB2
+	timespecsub(&ts1, &ts2);
+#else
 	timespecsub(&ts1, &ts2, &ts2);
+#endif
 	if (timespecisset(&ts2)) {
 	    warnx("sudoers file unchanged");
 	    Exit(0);