diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 1999-12-10 06:45:13 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 1999-12-10 06:45:13 +0000 |
| commit | f52a0005ece044a50595a03f786d0d29d08b41fb (patch) | |
| tree | 8896ba209bc14900cab276cc4475db6f09d0bbf1 /usr.bin | |
| parent | e3981c5afb17f67e9ac5a94b949bbfac1bcc20b1 (diff) | |
sudo 1.6.1
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/sudo/BUGS | 4 | ||||
| -rw-r--r-- | usr.bin/sudo/CHANGES | 30 | ||||
| -rw-r--r-- | usr.bin/sudo/HISTORY | 2 | ||||
| -rw-r--r-- | usr.bin/sudo/INSTALL | 18 | ||||
| -rw-r--r-- | usr.bin/sudo/LICENSE | 121 | ||||
| -rw-r--r-- | usr.bin/sudo/Makefile.in | 18 | ||||
| -rw-r--r-- | usr.bin/sudo/README | 9 | ||||
| -rw-r--r-- | usr.bin/sudo/RUNSON | 59 | ||||
| -rw-r--r-- | usr.bin/sudo/acsite.m4 | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/API | 2 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/pam.c | 17 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/securid.c | 7 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/sudo_auth.c | 13 | ||||
| -rw-r--r-- | usr.bin/sudo/check.c | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/config.h.in | 8 | ||||
| -rw-r--r-- | usr.bin/sudo/configure | 12 | ||||
| -rw-r--r-- | usr.bin/sudo/configure.in | 8 | ||||
| -rw-r--r-- | usr.bin/sudo/defaults.c | 25 | ||||
| -rw-r--r-- | usr.bin/sudo/defaults.h | 45 | ||||
| -rw-r--r-- | usr.bin/sudo/insults.h | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/parse.c | 9 | ||||
| -rw-r--r-- | usr.bin/sudo/parse.lex | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/parse.yacc | 33 | ||||
| -rw-r--r-- | usr.bin/sudo/sudo.c | 104 | ||||
| -rw-r--r-- | usr.bin/sudo/sudo.h | 3 | ||||
| -rw-r--r-- | usr.bin/sudo/testsudoers.c | 10 | ||||
| -rw-r--r-- | usr.bin/sudo/tgetpass.c | 43 | ||||
| -rw-r--r-- | usr.bin/sudo/version.h | 4 | ||||
| -rw-r--r-- | usr.bin/sudo/visudo.c | 8 |
29 files changed, 365 insertions, 271 deletions
diff --git a/usr.bin/sudo/BUGS b/usr.bin/sudo/BUGS index a7c381f4f16..767c285fe29 100644 --- a/usr.bin/sudo/BUGS +++ b/usr.bin/sudo/BUGS @@ -1,5 +1,5 @@ -Known bugs in sudo version 1.6 -============================== +Known bugs in sudo version 1.6.1 +================================ 1) "make install-man" should substitute correct paths into the man pages themselves. diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 2eb7756f800..979c86b56f6 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -282,7 +282,7 @@ CHANGES from sudo 1.3.1pl4 95) Worked around a bug in AIX's lex in parse.c. AIX lex doesn't seem to handle {x,y} range notation correctly. Bleah. -96) Sudo would not report a failed attempt if the user entered <return> +96) Sudo would not report a failed attempt if the user entered return at the 2nd password: prompt so someone trying to guess a password could just invoked sudo multiple times and try one passwd at a time. Reported by Jonathan Adams <jonathan@smada.com>. @@ -1184,3 +1184,31 @@ Sudo 1.5.9 released. to be character at a time. 372) sudo now turns off core dumps via setrlimit (probably paranoia). + +Sudo 1.6 released. + +373) Better diagnostics on PAM failure. + +374) Killed shell_noargs option, it cannot work since the command needs to + be set before sudoers is parsed. + +375) Fixed the following Defaults options: set_home, fqdn, syslog, tty_tickets, + ticket_dir, insults. + +376) When using select() in tgetpass(), do a separate select before + each read to be sure we can timeout correctly. + +377) SecurID support compiles and works again. + +378) Fixed a bug parsing runas modifiers. If a user spec contained multiple + runas specs, the latter ones may not be applied. + +379) #uid now works in a RunasAlias + +380) Don't ask the user for a password if the user is not allowed to run + the command and the authenticate flag (in sudoers) is false. + +381) Added configure check for initgroups(3). + +382) Use our own fnmatch() if there is no fnmatch.h, even if there is an + fnmatch() in libc. diff --git a/usr.bin/sudo/HISTORY b/usr.bin/sudo/HISTORY index d0c9bf8f511..6c2ea306b60 100644 --- a/usr.bin/sudo/HISTORY +++ b/usr.bin/sudo/HISTORY @@ -11,7 +11,7 @@ with an enhanced sudoers format. This version was bought by a consulting firm called "The Root Group" and released under the GNU public license. -In 1994, after maintaining sudo informally withing CU-Boulder for +In 1994, after maintaining sudo informally within CU-Boulder for some time, Todd Miller made a public release of "CU sudo" (version 1.3) with bug fixes and support for more operating systems. The "CU" was added to differentiate it from the "official" version from diff --git a/usr.bin/sudo/INSTALL b/usr.bin/sudo/INSTALL index a80ff09ea1e..0b4d9862716 100644 --- a/usr.bin/sudo/INSTALL +++ b/usr.bin/sudo/INSTALL @@ -159,7 +159,11 @@ Special features/options: on the machine. --with-pam - Enable PAM support. Tested on Redhat Linux 5.x and Solaris 2.6. + Enable PAM support. Tested on Redhat Linux 5.x, 6.0 and + Solaris 2.6, 7. + NOTE: on RedHat Linux (and perhaps others) you *must* install + an /etc/pam.d/sudo file. You may either use the sample.pam + file included with sudo or use /etc/pam.d/su as a reference. --with-AFS Enable AFS support with kerberos authentication. Should work under @@ -224,6 +228,12 @@ Special features/options: security hole as most editors allow a user to get a shell (which would be a root shell and hence, no logging). + --enable-noargs-shell + If sudo is invoked with no arguments it acts as if the "-s" flag had + been given. That is, it runs a shell as root (the shell is determined + by the SHELL environment variable, falling back on the shell listed + in the invoking user's /etc/passwd entry). + The following options are also configurable at runtime: --with-otp-only @@ -413,12 +423,6 @@ The following options are also configurable at runtime: --enable-log-host Log the hostname in the log file. - --enable-noargs-shell - If sudo is invoked with no arguments it acts as if the "-s" flag had - been given. That is, it runs a shell as root (the shell is determined - by the SHELL environment variable, falling back on the shell listed - in the invoking user's /etc/passwd entry). - --enable-shell-sets-home If sudo is invoked with the "-s" flag the HOME environment variable will be set to the home directory of the target user (which is root diff --git a/usr.bin/sudo/LICENSE b/usr.bin/sudo/LICENSE index ff1e2a8ed0c..cda1d5bae5e 100644 --- a/usr.bin/sudo/LICENSE +++ b/usr.bin/sudo/LICENSE @@ -1,68 +1,65 @@ Sudo is distributed under the following BSD-style license: -/* - * Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission - * from the author. - * - * 4. Products derived from this software may not be called "Sudo" nor - * may "Sudo" appear in their names without specific prior written - * permission from the author. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ + Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission + from the author. + + 4. Products derived from this software may not be called "Sudo" nor + may "Sudo" appear in their names without specific prior written + permission from the author. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c and fnmatch.3 bear the following UCB license: -/* - * Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ + Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 5e5f55adae7..0070bec9c7b 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -34,7 +34,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.188 1999/11/25 00:43:44 millert Exp $ +# $Sudo: Makefile.in,v 1.190 1999/12/05 02:18:45 millert Exp $ # #### Start of system configuration section. #### @@ -138,7 +138,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6 +VERSION = 1.6.1 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES FAQ HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ @@ -251,30 +251,18 @@ securid.o: $(authdir)/securid.c $(AUTHDEP) sia.o: $(authdir)/sia.c $(AUTHDEP) $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c -sudo.html: $(srcdir)/sudo.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Sudo Manual" --infile=sudo.pod --outfile=$(srcdir)/$@) - sudo.man: $(srcdir)/sudo.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod > $(srcdir)/$@) sudo.cat: sudo.man -visudo.html: $(srcdir)/visudo.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Visudo Manual" --infile=visudo.pod --outfile=$(srcdir)/$@) - visudo.man: $(srcdir)/visudo.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect8) --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod > $(srcdir)/$@) visudo.cat: visudo.man -sudoers.html: $(srcdir)/sudoers.pod - @rm -f $(srcdir)/$@ - (cd $(srcdir); pod2html --title="Sudoers Manual" --infile=sudoers.pod --outfile=$(srcdir)/$@) - sudoers.man: $(srcdir)/sudoers.pod @rm -f $(srcdir)/$@ (cd $(srcdir); pod2man --section=$(mansect5) --release=$(VERSION) --center="FILE FORMATS" sudoers.pod > $(srcdir)/$@) @@ -321,7 +309,7 @@ mostlyclean: clean distclean: clean -rm -f Makefile pathnames.h config.h config.status config.cache \ - config.log pod2html-dircache pod2html-itemcache $(PARSESRCS) + config.log $(PARSESRCS) clobber: distclean diff --git a/usr.bin/sudo/README b/usr.bin/sudo/README index 45f286d5b05..43145d2b16f 100644 --- a/usr.bin/sudo/README +++ b/usr.bin/sudo/README @@ -1,4 +1,4 @@ -This is Sudo version 1.6 +This is Sudo version 1.6.1 The sudo philosophy =================== @@ -35,8 +35,9 @@ NOTE: Starting with sudo 1.5.7 the configuration method has changed System requirements =================== -Sudo requires a machine running UN*X (most flavors of BSD, SYSV, -or POSIX will do), a working C compiler, and the make utility. +To build sudo from the source distribution you need a machine running +UN*X (most flavors of BSD, SYSV, or POSIX will do), a working C +compiler, and the make utility. If you wish to modify the parser then you will need flex version 2.5.2 or later and either bison or byacc (sudo comes with a @@ -69,7 +70,7 @@ sudo-users This list is for questions and general discussion about sudo. sudo-workers This list is for people working on and porting sudo. -To subscribe to a list, send a mail message to "majordomo@cs.colorado.edu" +To subscribe to a list, send a mail message to "majordomo@courtesan.com" with a line in the message body (_not_ the subject) of "subscribe listname" where "listname" is one of sudo-announce, sudo-users, or sudo-workers. diff --git a/usr.bin/sudo/RUNSON b/usr.bin/sudo/RUNSON index b36b4e3d269..a98a9287583 100644 --- a/usr.bin/sudo/RUNSON +++ b/usr.bin/sudo/RUNSON @@ -7,18 +7,18 @@ Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none SunOS 4.1.3 sun4 bundled cc 1.4 Todd Miller none -SunOS 4.1.3 sun4 gcc2.7.2.1 1.6 Todd Miller none +SunOS 4.1.3 sun4 gcc2.7.2.1 1.6.1 Todd Miller none SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 -SunOS 4.1.3 sun4 gcc2.7.2.1 1.6 Todd Miller --with-skey +SunOS 4.1.3 sun4 gcc2.7.2.1 1.6.1 Todd Miller --with-skey Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none -Solaris 2.6 sparc gcc2.7.2.1 1.6 Todd Miller none -Solaris 2.6 i386 gcc2.7.2.1 1.6 Todd Miller none +Solaris 2.6 sparc gcc2.7.2.1 1.6.1 Todd Miller none +Solaris 2.6 i386 gcc2.7.2.1 1.6.1 Todd Miller none Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none -Solaris 7 i386 gcc 2.8.1 1.58p2 Brian Jackson none -Solaris 7 i386 Workshop 5.0 1.58p2 Brian Jackson none +Solaris 7 i386 gcc 2.8.1 1.6 Brian Jackson none +Solaris 7 i386 Workshop 5.0 1.6 Brian Jackson none Solaris 7 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none Solaris 5.6 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none ISC 4.0 i386 bundled cc 1.4 Andy Smith none @@ -31,14 +31,14 @@ HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.20 hp700 gcc2.7.2.1 1.6 Todd Miller --with-skey +HP-UX 10.20 hp700 gcc2.7.2.1 1.6.1 Todd Miller --with-skey HP-UX 10.10 hp700 unbundled cc 1.5.5b4 Todd Miller --with-skey HP-UX 10.20 PA-RISC1.1 bundled cc 1.5.4 Leon von Stauber none HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2 HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none -HP-UX 10.20 hp700 gcc 2.8.1 1.5.6b2 Jeff Earickson --with-DCE -Ultrix 4.3 mips bundled cc 1.5 Maria Magnusson none +HP-UX 10.20 hp700 gcc 2.8.1 1.5.6b2 Jeff Earickson --with-DCE +Ultrix 4.3 mips bundled cc 1.6.1 Todd Miller none Ultrix 4.3 mips gcc2.7.2.1 1.5.9 Todd Miller --with-skey IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none IRIX 4.05H mips unbundled cc 1.4 Todd Miller none @@ -47,23 +47,25 @@ IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 5.3 mips unbundled cc 1.4 Todd Miller none -IRIX 5.3 mips gcc2.7.2.1 1.6 Todd Miller --with-skey +IRIX 5.3 mips gcc2.7.2.1 1.6.1 Todd Miller --with-skey IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 -IRIX 6.2 mips MipsPro C 1.58p2 Brian Jackson none +IRIX 6.2 mips MipsPro C 1.6 Brian Jackson none +IRIX 6.3 mips MipsPro C 1.6 Brian Jackson none IRIX 6.4 mips MipsPro C 1.58p2 Brian Jackson none IRIX 6.4 mips egcs 1.1.2 1.5.9p4 Scott Kinnane none IRIX 6.5 mips unbundled cc 1.5.4 Brian Jackson --with-C2 +IRIX 6.5 mips MipsPro 7.2.1 1.6 Brian Jackson none IRIX 6.5 mips gcc 2.8.1 1.6rc1 Jordan Baker none IRIX 6.5 mips egcs 1.1.2 1.5.9p4 Scott Kinnane none NEXTSTEP 2.1 m68k bundled cc 1.3.7 Todd Miller none NEXTSTEP 3.2 m68k bundled cc 1.5.5b4 Todd Miller --with-skey NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none -NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none +NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none -DEC UNIX 4.0D alpha gcc-2.7.2.1 1.6 Todd Miller --with-skey +DEC UNIX 4.0D alpha gcc-2.7.2.1 1.6.1 Todd Miller --with-skey DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2 DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none @@ -79,19 +81,21 @@ AIX 4.3.2 rs6000 egcs 1.1.2 1.5.9p4 Scott Kinnane none ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none -OpenBSD 2.X i586 gcc-2.8.1 1.6 Todd Miller none +OpenBSD 2.X i586 gcc-2.8.1 1.6.1 Todd Miller none OpenBSD 2.X alpha gcc-2.8.1 1.5.9 Todd Miller none OpenBSD 2.X m68k gcc-2.8.1 1.5.9 Todd Miller none -FreeBSD 1.1 i386 gcc 1.3.2 Dieter Muller none -FreeBSD 2.0.5 i386 gcc 1.3.4 Dieter Muller none +FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none +FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none +FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2 Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none -Linux 2.0.36 i586 gcc 2.8.1 1.6 Todd Miller none +Linux 2.0.36 i586 gcc 2.8.1 1.6.1 Todd Miller none Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none Linux 2.0.34 alpha egcs-2.90.27 1.5.3 Karl Schlitt none Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none +Linux 2.2.12 i386 pgcc-2.91.66 1.6.1 Todd Miller --with-pam Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none Pyramid DC/OSx 1.1 bundled cc 1.4 Les Schuettpelz none @@ -100,26 +104,29 @@ SINIX 5.42 R4000 bundled cc 1.4 Paul Tuininga none SINIX 5.43 mips PyrC 5.0A00 1.5.6p2 Brian Jackson none SINIX 5.43 mips CDS++ V1 1.58p2 Brian Jackson none SINIX 5.44 mips PyrC 5.0A00 1.5.6p2 Brian Jackson none -ReliantUNIX 5.45 mips CDS++ V1 1.59p4 Brian Jackson none +ReliantUNIX 5.43 mips CDS++ V1 1.6 Brian Jackson none +ReliantUNIX 5.44 mips CDS++ V1 1.6 Brian Jackson none +ReliantUNIX 5.45 mips CDS++ V1 1.6 Brian Jackson none NCR 2.03 3400 bundled cc 1.4 Mark Rauschkolb --with-getpass NCR 3.00 5100 bundled cc 1.4 Mark Rauschkolb --with-getpass -Unicos/mk 2.0.2.19 T3E bundled cc 1.5.3 Mike Kienenberger none -Unicos 9.0.2.2 YMP bundled cc 1.5.4 Mike Kienenberger none -Unicos 10.0.0.1 J90 bundled cc 1.5.4 Mike Kienenberger none +Unicos/mk 2.0.2.19 T3E bundled cc 1.5.3 Mike Kienenberger none +Unicos 9.0.2.2 YMP bundled cc 1.5.4 Mike Kienenberger none +Unicos 10.0.0.1 J90 bundled cc 1.5.4 Mike Kienenberger none DG/UX R4.11MU03 i686 gcc 1.5.3 Ramesh Vasudevan none -DG/UX R4.20MU02 x86 cc v1.5.6p5 Jared Crapo none -NetBSD 1.2[A-G] x86 gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none -NetBSD 1.2[A-G] m68k gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none -NetBSD 1.2[A-G] sparc gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none +DG/UX R4.20MU02 x86 cc v1.5.6p5 Jared Crapo none +NetBSD 1.2[A-G] x86 gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none +NetBSD 1.2[A-G] m68k gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none +NetBSD 1.2[A-G] sparc gcc-2.7.2.{1,2} 1.5.3 Jason R. Thorpe none NetBSD 1.3.2 alpha gcc-2.7.2.2 1.5.4p1 Ted Spradley none MacOSX Server ppc cc 1.5.9p4 Matt Warner --with-password-timeout=0 Dynix/ptx 4.1.5 i386 gcc2.7.2 1.5.4 Leon von Stauber none Dynix/ptx 4.4.2 Sequent bundled cc 1.5.4p1 Larry Mascarenhas none Dynix/ptx 4.4.3 Sequent bundled cc 1.5.6p2 Sandra Birgerson none Dynix/ptx 4.4.4 Sequent bundled cc 1.5.9p2 Jason Merritt none +Dynix/ptx 4.4.6 Sequent bundled cc 1.6 Larry Mascarenhase none DC-OSx 1.1-9x mips PyrC 4.0A20 1.5.6p2 Brian Jackson none HI-UX/MPP 02-03 sr2201 bundled cc 1.5.4 Ben Edgington none -SVR4 4.4 m88k bundled gcc 1.5.7p4 Gerry Belanger CFLAGS= +SVR4 4.4 m88k bundled gcc 1.6rc1 Gerry Belanger CFLAGS= NonStop-UX B32 CO-1475 cc 1.5.9p3 Andrei Panfilenko none Systems on which Sudo is expected to run on but hasn't been tested. diff --git a/usr.bin/sudo/acsite.m4 b/usr.bin/sudo/acsite.m4 index f10e261601d..3903c88406e 100644 --- a/usr.bin/sudo/acsite.m4 +++ b/usr.bin/sudo/acsite.m4 @@ -235,9 +235,9 @@ AC_DEFUN(SUDO_FUNC_FNMATCH, [AC_MSG_CHECKING(for working fnmatch) AC_CACHE_VAL(sudo_cv_func_fnmatch, [rm -f conftestdata; > conftestdata -AC_TRY_RUN([main() { -exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); -}], sudo_cv_func_fnmatch=yes, sudo_cv_func_fnmatch=no, +AC_TRY_RUN([#include <fnmatch.h> +main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); } +], sudo_cv_func_fnmatch=yes, sudo_cv_func_fnmatch=no, sudo_cv_func_fnmatch=no) rm -f core core.* *.core])dnl AC_MSG_RESULT($sudo_cv_func_fnmatch) diff --git a/usr.bin/sudo/auth/API b/usr.bin/sudo/auth/API index 4b336cc8c83..d586c640a92 100644 --- a/usr.bin/sudo/auth/API +++ b/usr.bin/sudo/auth/API @@ -7,7 +7,7 @@ Purpose: to provide a simple API for authentication methods that The sudo_auth struct looks like this: typedef struct sudo_auth { - short flags; /* /* various flags, see below */ + short flags; /* various flags, see below */ short status; /* status from verify routine */ char *name; /* name of the method in string form */ VOID *data; /* method-specific data pointer */ diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index 623dcab742d..290eae86c0c 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -57,7 +57,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: pam.c,v 1.10 1999/10/07 21:21:07 millert Exp $"; +static const char rcsid[] = "$Sudo: pam.c,v 1.12 1999/11/23 18:27:00 millert Exp $"; #endif /* lint */ static int sudo_conv __P((int, PAM_CONST struct pam_message **, @@ -90,15 +90,22 @@ pam_verify(pw, prompt, auth) char *prompt; sudo_auth *auth; { + int error; + const char *s; pam_handle_t *pamh = (pam_handle_t *) auth->data; def_prompt = prompt; /* for sudo_conv */ /* PAM_SILENT prevents error messages from going to syslog(3) */ - if (pam_authenticate(pamh, PAM_SILENT) == PAM_SUCCESS) + if ((error = pam_authenticate(pamh, PAM_SILENT)) == PAM_SUCCESS) return(AUTH_SUCCESS); - else - return(AUTH_FAILURE); + + /* Any error other than PAM_PERM_DENIED may indicate a config problem. */ + if (error != PAM_PERM_DENIED && (s = pam_strerror(pamh, error))) { + log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s\n", s); + return(AUTH_FATAL); + } + return(AUTH_FAILURE); } int @@ -125,7 +132,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) VOID *appdata_ptr; { struct pam_response *pr; - struct pam_message *pm; + PAM_CONST struct pam_message *pm; char *p = def_prompt; int echo = 0; extern int nil_pw; diff --git a/usr.bin/sudo/auth/securid.c b/usr.bin/sudo/auth/securid.c index dff22632cca..987862289cd 100644 --- a/usr.bin/sudo/auth/securid.c +++ b/usr.bin/sudo/auth/securid.c @@ -62,7 +62,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: securid.c,v 1.5 1999/08/14 15:36:46 millert Exp $"; +static const char rcsid[] = "$Sudo: securid.c,v 1.6 1999/12/02 20:21:31 millert Exp $"; #endif /* lint */ union config_record configure; @@ -73,7 +73,9 @@ securid_init(pw, promptp, auth) char **promptp; sudo_auth *auth; { + static struct SD_CLIENT sd_dat; /* SecurID data block */ + auth->data = (VOID *) &sd_dat; /* For method-specific data */ creadcfg(); /* Only read config file once */ return(AUTH_SUCCESS); } @@ -84,10 +86,9 @@ securid_setup(pw, promptp, auth) char **promptp; sudo_auth *auth; { - static SD_CLIENT sd_dat; /* SecurID data block */ + struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data; /* Re-initialize SecurID every time. */ - auth->data = (VOID *) &sd_dat; if (sd_init(sd) == 0) return(AUTH_SUCCESS); else { diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c index 74a20ce509b..c9b65e257aa 100644 --- a/usr.bin/sudo/auth/sudo_auth.c +++ b/usr.bin/sudo/auth/sudo_auth.c @@ -57,7 +57,7 @@ #include "insults.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.15 1999/10/13 02:34:55 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.17 1999/12/06 06:47:19 millert Exp $"; #endif /* lint */ sudo_auth auth_switch[] = { @@ -224,11 +224,12 @@ pass_warn(fp) FILE *fp; { -#ifdef USE_INSULTS - (void) fprintf(fp, "%s\n", INSULT); -#else - (void) fprintf(fp, "%s\n", def_str(I_BADPASS_MSG)); -#endif /* USE_INSULTS */ +#ifdef INSULT + if (def_flag(I_INSULTS)) + (void) fprintf(fp, "%s\n", INSULT); + else +#endif + (void) fprintf(fp, "%s\n", def_str(I_BADPASS_MSG)); } void diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index df100afc016..becaadf8e14 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -61,7 +61,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: check.c,v 1.192 1999/10/07 21:20:55 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.193 1999/12/05 02:54:20 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -457,9 +457,9 @@ remove_timestamp(remove) status = unlink(timestampfile); else status = rmdir(timestampdir); - if (status == -1) { + if (status == -1 && errno != ENOENT) { log_error(NO_EXIT, "can't remove %s (%s), will reset to epoch", - strerror(errno), ts); + ts, strerror(errno)); remove = FALSE; } } diff --git a/usr.bin/sudo/config.h.in b/usr.bin/sudo/config.h.in index 4511cb086a4..d419c2329ae 100644 --- a/usr.bin/sudo/config.h.in +++ b/usr.bin/sudo/config.h.in @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: config.h.in,v 1.139 1999/11/04 19:01:08 millert Exp $ + * $Sudo: config.h.in,v 1.141 1999/12/09 04:04:42 millert Exp $ */ /* @@ -188,6 +188,9 @@ /* Define if you have innetgr(3). */ #undef HAVE_INNETGR +/* Define if you have initgroups(3). */ +#undef HAVE_INITGROUPS + /* Define if you have getdomainname(2). */ #undef HAVE_GETDOMAINNAME @@ -298,9 +301,6 @@ /* Define if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H -/* Define if you have the <fnmatch.h> header file. */ -#undef HAVE_FNMATCH_H - /* Define if you have the <netgroup.h> header file. */ #undef HAVE_NETGROUP_H diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index a46383dbfaa..e3240583453 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -657,7 +657,7 @@ fi -echo "Configuring Sudo version 1.6" +echo "Configuring Sudo version 1.6.1" PROGS="sudo visudo" CPPFLAGS="" LDFLAGS="" @@ -4807,7 +4807,7 @@ fi fi -for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h fnmatch.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h +for ac_hdr in string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 @@ -5403,7 +5403,7 @@ EOF ;; esac -for ac_func in strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid ftruncate strftime setrlimit +for ac_func in strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid ftruncate strftime setrlimit initgroups do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 echo "configure:5410: checking for $ac_func" >&5 @@ -6339,9 +6339,9 @@ else cat > conftest.$ac_ext <<EOF #line 6341 "configure" #include "confdefs.h" -main() { -exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); -} +#include <fnmatch.h> +main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", 0)); } + EOF if { (eval echo configure:6347: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index 1cc2c9b9ed6..7eca0dc25b1 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.291 1999/11/08 22:45:42 millert Exp $ +dnl $Sudo: configure.in,v 1.294 1999/12/09 04:04:45 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com> dnl @@ -9,7 +9,7 @@ AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -echo "Configuring Sudo version 1.6" +echo "Configuring Sudo version 1.6.1" dnl dnl Variables that get substituted in the Makefile dnl @@ -1304,7 +1304,7 @@ dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT -AC_CHECK_HEADERS(string.h strings.h unistd.h malloc.h paths.h utime.h fnmatch.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) +AC_CHECK_HEADERS(string.h strings.h unistd.h malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) dnl ultrix termio/termios are broken if test "$OS" != "ultrix"; then AC_CHECK_HEADERS(termio.h) @@ -1333,7 +1333,7 @@ esac dnl dnl Function checks dnl -AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid ftruncate strftime setrlimit) +AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf sigaction tzset seteuid ftruncate strftime setrlimit initgroups) if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt) AC_CHECK_FUNCS(set_auth_parameters) diff --git a/usr.bin/sudo/defaults.c b/usr.bin/sudo/defaults.c index 11b57d6cc11..a62daadbf95 100644 --- a/usr.bin/sudo/defaults.c +++ b/usr.bin/sudo/defaults.c @@ -53,7 +53,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: defaults.c,v 1.12 1999/11/05 22:11:55 millert Exp $"; +static const char rcsid[] = "$Sudo: defaults.c,v 1.13 1999/12/02 20:31:24 millert Exp $"; #endif /* lint */ /* @@ -166,9 +166,6 @@ struct sudo_defs_types sudo_defs_table[] = { "log_year", T_FLAG, { 0 }, "Log the year in the (non-syslog) log file" }, { - "shell_noargs", T_FLAG, { 0 }, - "If sudo is invoked with no arguments, start a shell" - }, { "set_home", T_FLAG, { 0 }, "Set $HOME to the target user when starting a shell with -s" }, { @@ -321,8 +318,9 @@ set_default(var, val, op) int op; /* TRUE or FALSE */ { struct sudo_defs_types *cur; + int num; - for (cur = sudo_defs_table; cur->name; cur++) { + for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) { if (strcmp(var, cur->name) == 0) break; } @@ -425,6 +423,10 @@ set_default(var, val, op) return(FALSE); } cur->sd_un.flag = op; + + /* Special action for I_FQDN. Move to own switch if we get more */ + if (num == I_FQDN && op) + set_fqdn(); break; } @@ -490,9 +492,6 @@ init_defaults() #ifdef HOST_IN_LOG def_flag(I_LOG_HOST) = TRUE; #endif -#ifdef SHELL_IF_NO_ARGS - def_flag(I_SHELL_NOARGS) = TRUE; -#endif #ifdef SHELL_SETS_HOME def_flag(I_SET_HOME) = TRUE; #endif @@ -615,13 +614,19 @@ store_syslogfac(val, def, op) return(FALSE); /* not found */ /* Store both name and number. */ - if (def->sd_un.str) + if (def->sd_un.str) { free(def->sd_un.str); + closelog(); + } + openlog("sudo", 0, fac->num); def->sd_un.str = estrdup(fac->name); sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num; #else - if (def->sd_un.str) + if (def->sd_un.str) { free(def->sd_un.str); + closelog(); + } + openlog("sudo", 0); def->sd_un.str = estrdup("default"); #endif /* LOG_NFACILITIES */ return(TRUE); diff --git a/usr.bin/sudo/defaults.h b/usr.bin/sudo/defaults.h index 386a7e2be9b..f532606ea12 100644 --- a/usr.bin/sudo/defaults.h +++ b/usr.bin/sudo/defaults.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: defaults.h,v 1.7 1999/10/11 16:24:02 millert Exp $ + * $Sudo: defaults.h,v 1.8 1999/12/02 20:31:24 millert Exp $ */ #ifndef _SUDO_DEFAULTS_H @@ -103,32 +103,31 @@ struct sudo_defs_types { #define I_ROOT_SUDO 15 #define I_LOG_HOST 16 #define I_LOG_YEAR 17 -#define I_SHELL_NOARGS 18 -#define I_SET_HOME 19 -#define I_PATH_INFO 20 -#define I_FQDN 21 -#define I_INSULTS 22 -#define I_REQUIRETTY 23 +#define I_SET_HOME 18 +#define I_PATH_INFO 19 +#define I_FQDN 20 +#define I_INSULTS 21 +#define I_REQUIRETTY 22 /* Integer values */ -#define I_LOGLEN 24 /* wrap log file line after N chars */ -#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */ -#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */ -#define I_PW_TRIES 27 /* exit after N bad password tries */ -#define I_UMASK 28 /* umask to use or 0777 to use user's */ +#define I_LOGLEN 23 /* wrap log file line after N chars */ +#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */ +#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */ +#define I_PW_TRIES 26 /* exit after N bad password tries */ +#define I_UMASK 27 /* umask to use or 0777 to use user's */ /* Strings */ -#define I_LOGFILE 29 /* path to logfile (or NULL for none) */ -#define I_MAILERPATH 30 /* path to sendmail or other mailer */ -#define I_MAILERFLAGS 31 /* flags to pass to the mailer */ -#define I_MAILTO 32 /* who to send bitch mail to */ -#define I_MAILSUB 33 /* subject line of mail msg */ -#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */ -#define I_TIMESTAMPDIR 35 /* path to timestamp dir */ -#define I_EXEMPT_GRP 36 /* no password or PATH override for these */ -#define I_PASSPROMPT 37 /* password prompt */ -#define I_RUNAS_DEF 38 /* default user to run commands as */ -#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */ +#define I_LOGFILE 28 /* path to logfile (or NULL for none) */ +#define I_MAILERPATH 29 /* path to sendmail or other mailer */ +#define I_MAILERFLAGS 30 /* flags to pass to the mailer */ +#define I_MAILTO 31 /* who to send bitch mail to */ +#define I_MAILSUB 32 /* subject line of mail msg */ +#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */ +#define I_TIMESTAMPDIR 34 /* path to timestamp dir */ +#define I_EXEMPT_GRP 35 /* no password or PATH override for these */ +#define I_PASSPROMPT 36 /* password prompt */ +#define I_RUNAS_DEF 37 /* default user to run commands as */ +#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */ /* * Macros for accessing sudo_defs_table. diff --git a/usr.bin/sudo/insults.h b/usr.bin/sudo/insults.h index 59b2e8a814c..69271a62548 100644 --- a/usr.bin/sudo/insults.h +++ b/usr.bin/sudo/insults.h @@ -31,13 +31,13 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: insults.h,v 1.43 1999/07/31 16:19:46 millert Exp $ + * $Sudo: insults.h,v 1.45 1999/12/06 06:47:13 millert Exp $ */ #ifndef _SUDO_INSULTS_H #define _SUDO_INSULTS_H -#ifdef USE_INSULTS +#if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS) /* * Use one or more set of insults as determined by configure @@ -75,6 +75,6 @@ char *insults[] = { */ #define INSULT (insults[time(NULL) % NOFINSULTS]) -#endif /* USE_INSULTS */ +#endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */ #endif /* _SUDO_INSULTS_H */ diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c index 7d709f70af7..4df2821e331 100644 --- a/usr.bin/sudo/parse.c +++ b/usr.bin/sudo/parse.c @@ -50,7 +50,7 @@ #ifdef HAVE_STRINGS_H # include <strings.h> #endif /* HAVE_STRINGS_H */ -#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H) +#ifdef HAVE_FNMATCH # include <fnmatch.h> #endif /* HAVE_FNMATCH_H */ #ifdef HAVE_NETGROUP_H @@ -91,7 +91,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.c,v 1.121 1999/08/28 10:00:22 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.c,v 1.123 1999/12/09 03:54:57 millert Exp $"; #endif /* lint */ /* @@ -142,7 +142,10 @@ sudoers_lookup(check_cmnd) * Assume the worst. If the stack is empty the user was * not mentioned at all. */ - error = VALIDATE_NOT_OK; + if (def_flag(I_AUTHENTICATE)) + error = VALIDATE_NOT_OK; + else + error = VALIDATE_NOT_OK | FLAG_NOPASS; if (check_cmnd == TRUE) { error |= FLAG_NO_HOST; if (!top) diff --git a/usr.bin/sudo/parse.lex b/usr.bin/sudo/parse.lex index 722e5097fd5..e9ed49b3a19 100644 --- a/usr.bin/sudo/parse.lex +++ b/usr.bin/sudo/parse.lex @@ -62,7 +62,7 @@ #include "sudo.tab.h" #ifndef lint -static const char rcsid[] = "$Sudo: parse.lex,v 1.109 1999/11/09 20:06:52 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.lex,v 1.110 1999/12/06 00:05:53 millert Exp $"; #endif /* lint */ #undef yywrap /* guard against a yywrap macro */ @@ -138,6 +138,7 @@ WORD ([^@!=:,\(\) \t\n\\]|\\[^\n])+ \n { ++sudolineno; LEXTRACE("\n"); + BEGIN INITIAL; return(COMMENT); } /* return newline */ @@ -257,7 +258,7 @@ PASSWD[[:blank:]]*: { } } -<GOTDEFS>{WORD} { +<GOTDEFS>{WORD} { LEXTRACE("WORD(3) "); fill(yytext, yyleng); return(WORD); @@ -296,6 +297,7 @@ PASSWD[[:blank:]]*: { } if (*yytext == 'R') { LEXTRACE("RUNASALIAS "); + BEGIN GOTRUNAS; return(RUNASALIAS); } } diff --git a/usr.bin/sudo/parse.yacc b/usr.bin/sudo/parse.yacc index 4dccccf2352..445fe793e16 100644 --- a/usr.bin/sudo/parse.yacc +++ b/usr.bin/sudo/parse.yacc @@ -79,7 +79,7 @@ #endif /* HAVE_LSEARCH */ #ifndef lint -static const char rcsid[] = "$Sudo: parse.yacc,v 1.166 1999/10/07 21:20:57 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.yacc,v 1.167 1999/12/05 19:06:09 millert Exp $"; #endif /* lint */ /* @@ -242,6 +242,8 @@ yyerror(s) %type <BOOLEAN> cmnd %type <BOOLEAN> host %type <BOOLEAN> runasuser +%type <BOOLEAN> oprunasuser +%type <BOOLEAN> runaslist %type <BOOLEAN> user %% @@ -462,17 +464,22 @@ runasspec : /* empty */ { runas_matches = (strcmp(*user_runas, def_str(I_RUNAS_DEF)) == 0); } - | RUNAS runaslist { ; } + | RUNAS runaslist { + runas_matches = ($2 == TRUE ? TRUE : FALSE); + } ; -runaslist : oprunasuser - | runaslist ',' oprunasuser +runaslist : oprunasuser { ; } + | runaslist ',' oprunasuser { + /* Later entries override earlier ones. */ + if ($3 != -1) + $$ = $3; + else + $$ = $1; + } ; -oprunasuser : runasuser { - if ($1 != -1) - runas_matches = $1; - } +oprunasuser : runasuser { ; } | '!' { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -482,8 +489,8 @@ oprunasuser : runasuser { append_runas("!", ", "); } } runasuser { - if ($3 != -1) - runas_matches = ! $3; + /* Set $$ to the negation of runasuser */ + $$ = ($3 == -1 ? -1 : ! $3); } runasuser : WORD { @@ -717,7 +724,6 @@ runasaliases : runasalias ; runasalias : ALIAS { - push; if (printmatches == TRUE) { in_alias = TRUE; /* Allocate space for ga_list if necessary. */ @@ -726,10 +732,9 @@ runasalias : ALIAS { ga_list[ga_list_len-1].alias = estrdup($1); } } '=' runaslist { - if ((runas_matches != -1 || pedantic) && - !add_alias($1, RUNAS_ALIAS, runas_matches)) + if (($4 != -1 || pedantic) && + !add_alias($1, RUNAS_ALIAS, $4)) YYERROR; - pop; free($1); if (printmatches == TRUE) diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index 0a4c908f6ee..44016b74256 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -86,7 +86,7 @@ extern char *getenv __P((char *)); #endif /* STDC_HEADERS */ #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.258 1999/11/16 06:09:23 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.262 1999/12/09 04:04:47 millert Exp $"; #endif /* lint */ /* @@ -163,6 +163,7 @@ main(argc, argv) int fd; int cmnd_status; int sudo_mode; + int check_cmnd; #ifdef POSIX_SIGNALS sigset_t set, oset; #else @@ -217,15 +218,7 @@ main(argc, argv) /* Setup defaults data structures. */ init_defaults(); - /* Initialize syslog(3) if we are using it. */ - if (def_str(I_LOGFACSTR)) { -#ifdef LOG_NFACILITIES - openlog("sudo", 0, def_ival(I_LOGFAC)); -#else - openlog("sudo", 0); -#endif /* LOG_NFACILITIES */ - } - + check_cmnd = 1; if (sudo_mode & MODE_SHELL) user_cmnd = "shell"; else @@ -244,10 +237,12 @@ main(argc, argv) break; case MODE_VALIDATE: user_cmnd = "validate"; + check_cmnd = 0; break; case MODE_KILL: case MODE_INVALIDATE: user_cmnd = "kill"; + check_cmnd = 0; break; case MODE_LISTDEFS: list_options(); @@ -256,6 +251,7 @@ main(argc, argv) case MODE_LIST: user_cmnd = "list"; printmatches = 1; + check_cmnd = 0; break; } @@ -271,17 +267,17 @@ main(argc, argv) check_sudoers(); /* check mode/owner on _PATH_SUDOERS */ + add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ + + /* Validate the user but don't search for pseudo-commands. */ + validated = sudoers_lookup(check_cmnd); + + /* This goes after the sudoers parse since we honor sudoers options. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { remove_timestamp((sudo_mode == MODE_KILL)); exit(0); } - add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */ - - /* Validate the user but don't search for pseudo-commands. */ - validated = - sudoers_lookup((sudo_mode != MODE_VALIDATE && sudo_mode != MODE_LIST)); - if (validated & VALIDATE_ERROR) log_error(0, "parse error in %s near line %d", _PATH_SUDOERS, errorlineno); @@ -293,6 +289,10 @@ main(argc, argv) exit(1); } + /* May need to set $HOME to target user. */ + if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME)) + sudo_mode |= MODE_RESET_HOME; + /* Bail if a tty is required and we don't have one. */ if (def_flag(I_REQUIRETTY)) { if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) @@ -416,7 +416,6 @@ init_vars(sudo_mode) int sudo_mode; { char *p, thost[MAXHOSTNAMELEN]; - struct hostent *hp; /* Sanity check command from user. */ if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) { @@ -445,22 +444,17 @@ init_vars(sudo_mode) log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); } else user_host = estrdup(thost); - if (def_flag(I_FQDN)) { - if (!(hp = gethostbyname(user_host))) { - log_error(USE_ERRNO|MSG_ONLY|NO_EXIT, - "unable to lookup %s via gethostbyname()", user_host); + if (def_flag(I_FQDN)) + set_fqdn(); + else { + if ((p = strchr(user_host, '.'))) { + *p = '\0'; + user_shost = estrdup(user_host); + *p = '.'; } else { - free(user_host); - user_host = estrdup(hp->h_name); + user_shost = user_host; } } - if ((p = strchr(user_host, '.'))) { - *p = '\0'; - user_shost = estrdup(user_host); - *p = '.'; - } else { - user_shost = user_host; - } if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO))) { if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -549,12 +543,12 @@ parse_args() NewArgv = Argv + 1; NewArgc = Argc - 1; - if (Argc < 2) { /* no options and no command */ - if (!def_flag(I_SHELL_NOARGS)) - usage(1); +#ifdef SHELL_IF_NO_ARGS + if (NewArgc == 0) { /* no options and no command */ rval |= MODE_SHELL; return(rval); } +#endif while (NewArgc > 0 && NewArgv[0][0] == '-') { if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') { @@ -633,8 +627,9 @@ parse_args() break; case 's': rval |= MODE_SHELL; - if (def_flag(I_SET_HOME)) - rval |= MODE_RESET_HOME; + if (excl && excl != 's') + usage_excl(1); + excl = 's'; break; case 'H': rval |= MODE_RESET_HOME; @@ -642,8 +637,10 @@ parse_args() case '-': NewArgc--; NewArgv++; - if (def_flag(I_SHELL_NOARGS) && rval == MODE_RUN) +#ifdef SHELL_IF_NO_ARGS + if (rval == MODE_RUN) rval |= MODE_SHELL; +#endif return(rval); case '\0': (void) fprintf(stderr, "%s: '-' requires an argument\n", @@ -932,7 +929,7 @@ set_perms(perm, sudo_mode) strerror(errno)); exit(1); } - +#ifdef HAVE_INITGROUPS /* * Initialize group vector only if are * going to run as a non-root user. @@ -945,7 +942,7 @@ set_perms(perm, sudo_mode) Argv[0], strerror(errno)); exit(1); } - +#endif /* HAVE_INITGROUPS */ if (setuid(pw->pw_uid)) { (void) fprintf(stderr, "%s: cannot set uid to %ld: %s\n", @@ -1036,6 +1033,35 @@ initial_setup() } /* + * Look up the fully qualified domain name and set user_host and user_shost. + */ +void +set_fqdn() +{ + struct hostent *hp; + char *p; + + if (def_flag(I_FQDN)) { + if (!(hp = gethostbyname(user_host))) { + log_error(USE_ERRNO|MSG_ONLY|NO_EXIT, + "unable to lookup %s via gethostbyname()", user_host); + } else { + free(user_host); + user_host = estrdup(hp->h_name); + } + } + if (user_shost != user_host) + free(user_shost); + if ((p = strchr(user_host, '.'))) { + *p = '\0'; + user_shost = estrdup(user_host); + *p = '.'; + } else { + user_shost = user_host; + } +} + +/* * Tell which options are mutually exclusive and exit. */ static void @@ -1043,7 +1069,7 @@ usage_excl(exit_val) int exit_val; { (void) fprintf(stderr, - "Only one of the -v, -k, -K, -l, -V and -h options may be used\n"); + "Only one of the -h, -k, -K, -l, -s, -v or -V options may be used\n"); usage(exit_val); } diff --git a/usr.bin/sudo/sudo.h b/usr.bin/sudo/sudo.h index e0ee04f7019..93527a475ca 100644 --- a/usr.bin/sudo/sudo.h +++ b/usr.bin/sudo/sudo.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo.h,v 1.163 1999/09/08 08:06:17 millert Exp $ + * $Sudo: sudo.h,v 1.164 1999/12/02 20:31:24 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -193,6 +193,7 @@ void dump_defaults __P((void)); void dump_auth_methods __P((void)); int lock_file __P((int, int)); int touch __P((char *, time_t)); +void set_fqdn __P((void)); YY_DECL; /* Only provide extern declarations outside of sudo.c. */ diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c index ee4d2fe1c39..0a5485e13dc 100644 --- a/usr.bin/sudo/testsudoers.c +++ b/usr.bin/sudo/testsudoers.c @@ -50,7 +50,7 @@ #ifdef HAVE_STRINGS_H # include <strings.h> #endif /* HAVE_STRINGS_H */ -#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H) +#ifdef HAVE_FNMATCH # include <fnmatch.h> #endif /* HAVE_FNMATCH_H */ #ifdef HAVE_NETGROUP_H @@ -77,7 +77,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: testsudoers.c,v 1.64 1999/09/08 08:06:19 millert Exp $"; +static const char rcsid[] = "$Sudo: testsudoers.c,v 1.66 1999/12/09 03:54:57 millert Exp $"; #endif /* lint */ /* @@ -281,6 +281,12 @@ set_perms(i, j) return; } +void +set_fqdn() +{ + return; +} + int main(argc, argv) int argc; diff --git a/usr.bin/sudo/tgetpass.c b/usr.bin/sudo/tgetpass.c index 786106b2970..ba6c5d3d78a 100644 --- a/usr.bin/sudo/tgetpass.c +++ b/usr.bin/sudo/tgetpass.c @@ -78,7 +78,7 @@ #endif /* TCSASOFT */ #ifndef lint -static const char rcsid[] = "$Sudo: tgetpass.c,v 1.90 1999/11/01 15:58:46 millert Exp $"; +static const char rcsid[] = "$Sudo: tgetpass.c,v 1.91 1999/12/05 02:18:47 millert Exp $"; #endif /* lint */ static char *tgetline __P((int, char *, size_t, int)); @@ -188,6 +188,9 @@ tgetline(fd, buf, bufsiz, timeout) if (bufsiz == 0) return(NULL); /* sanity */ + cp = buf; + left = bufsiz; + /* * Timeout of <= 0 means no timeout. */ @@ -196,29 +199,33 @@ tgetline(fd, buf, bufsiz, timeout) n = howmany(fd + 1, NFDBITS) * sizeof(fd_mask); readfds = (fd_set *) emalloc(n); (void) memset((VOID *)readfds, 0, n); - FD_SET(fd, readfds); /* Set timeout for select */ tv.tv_sec = timeout; tv.tv_usec = 0; - /* - * Make sure there is something to read or timeout - */ - while ((n = select(fd + 1, readfds, 0, 0, &tv)) == -1 && - errno == EINTR) - ; - if (n == 0) - return(NULL); /* timeout */ - } - if (readfds) + while (--left) { + FD_SET(fd, readfds); + + /* Make sure there is something to read (or timeout) */ + while ((n = select(fd + 1, readfds, 0, 0, &tv)) == -1 && + errno == EINTR) + ; + if (n == 0) + return(NULL); /* timeout */ + + /* Read a character, exit loop on error, EOF or EOL */ + n = read(fd, &c, 1); + if (n != 1 || c == '\n') + break; + *cp++ = c; + } free(readfds); - - /* Keep reading until out of space, EOF, error, or newline */ - cp = buf; - left = bufsiz; - while (--left && (n = read(fd, &c, 1)) == 1 && c != '\n') - *cp++ = c; + } else { + /* Keep reading until out of space, EOF, error, or newline */ + while (--left && (n = read(fd, &c, 1)) == 1 && c != '\n') + *cp++ = c; + } *cp = '\0'; return(cp == buf ? NULL : buf); diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 6799a10c1b9..07475e22bf4 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -31,12 +31,12 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: version.h,v 1.54 1999/07/31 16:19:48 millert Exp $ + * $Sudo: version.h,v 1.55 1999/12/05 02:18:47 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6"; +static const char version[] = "1.6.1"; #endif /* _SUDO_VERSION_H */ diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c index ee064c92162..6a16082623c 100644 --- a/usr.bin/sudo/visudo.c +++ b/usr.bin/sudo/visudo.c @@ -81,7 +81,7 @@ extern int stat __P((const char *, struct stat *)); #endif /* POSIX_SIGNALS && !SA_RESETHAND */ #ifndef lint -static const char rcsid[] = "$Sudo: visudo.c,v 1.116 1999/11/09 20:12:20 millert Exp $"; +static const char rcsid[] = "$Sudo: visudo.c,v 1.117 1999/12/02 20:31:25 millert Exp $"; #endif /* lint */ /* @@ -407,6 +407,12 @@ netgr_matches(n, h, u) return(TRUE); } +void +set_fqdn() +{ + return; +} + /* * Assuming a parse error occurred, prompt the user for what they want * to do now. Returns the first letter of their choice. |