diff options
26 files changed, 317 insertions, 191 deletions
diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c index 3c6373252f5..8a3dd771c13 100644 --- a/gnu/usr.bin/sudo/sudo/check.c +++ b/gnu/usr.bin/sudo/sudo/check.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.3 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -36,7 +36,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: check.c,v 1.1 1996/10/14 05:14:43 millert Exp $"; +static char rcsid[] = "$Id: check.c,v 1.2 1996/11/17 16:33:55 millert Exp $"; #endif /* lint */ #include "config.h" @@ -227,8 +227,20 @@ static int check_timestamp() else p = tty; + if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > + sizeof(timestampfile)) { + (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + _PATH_SUDO_TIMEDIR, user_name, p); + exit(1); + } (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p); #else + if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 > + sizeof(timestampfile)) { + (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], + _PATH_SUDO_TIMEDIR, user_name); + exit(1); + } (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name); #endif /* USE_TTY_TICKETS */ @@ -385,8 +397,20 @@ void remove_timestamp() else p = tty; + if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 > + sizeof(timestampfile)) { + (void) fprintf(stderr, "%s: path too long: %s/%s.%s\n", Argv[0], + _PATH_SUDO_TIMEDIR, user_name, p); + exit(1); + } (void) sprintf(timestampfile, "%s/%s.%s", _PATH_SUDO_TIMEDIR, user_name, p); #else + if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 > + sizeof(timestampfile)) { + (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0], + _PATH_SUDO_TIMEDIR, user_name); + exit(1); + } (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name); #endif /* USE_TTY_TICKETS */ @@ -844,7 +868,7 @@ static void reminder() (void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n", #else (void) fprintf(stderr, "\n%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n", - " CU sudo version 1.5.2, based on Root Group sudo version 1.1", + " CU sudo version 1.5.3, based on Root Group sudo version 1.1", " sudo version 1.1, Copyright (C) 1991 The Root Group, Inc.", " sudo comes with ABSOLUTELY NO WARRANTY. This is free software,", " and you are welcome to redistribute it under certain conditions.", diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h index d2ae270ab64..1afc1012127 100644 --- a/gnu/usr.bin/sudo/sudo/compat.h +++ b/gnu/usr.bin/sudo/sudo/compat.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: compat.h,v 1.1 1996/10/14 05:14:44 millert Exp $ + * $Id: compat.h,v 1.2 1996/11/17 16:33:56 millert Exp $ */ #ifndef _SUDO_COMPAT_H diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c index e0b0b6aa512..dff3d39281f 100644 --- a/gnu/usr.bin/sudo/sudo/find_path.c +++ b/gnu/usr.bin/sudo/sudo/find_path.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: find_path.c,v 1.1 1996/10/14 05:14:45 millert Exp $"; +static char rcsid[] = "$Id: find_path.c,v 1.2 1996/11/17 16:33:56 millert Exp $"; #endif /* lint */ #include "config.h" @@ -160,8 +160,7 @@ char * find_path(file) /* * resolve the path and exit the loop if found */ - if (strlen(path) + strlen(file) >= MAXPATHLEN) { - errno = ENAMETOOLONG; + if (strlen(path) + strlen(file) + 1 >= MAXPATHLEN) { (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], file); exit(1); } diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c index 7ff4a16185c..3bca9997504 100644 --- a/gnu/usr.bin/sudo/sudo/getspwuid.c +++ b/gnu/usr.bin/sudo/sudo/getspwuid.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,7 +28,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: getspwuid.c,v 1.1 1996/10/14 05:14:46 millert Exp $"; +static char rcsid[] = "$Id: getspwuid.c,v 1.2 1996/11/17 16:33:57 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c index 61a19ac84d9..996415a02d7 100644 --- a/gnu/usr.bin/sudo/sudo/goodpath.c +++ b/gnu/usr.bin/sudo/sudo/goodpath.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: goodpath.c,v 1.1 1996/10/14 05:14:46 millert Exp $"; +static char rcsid[] = "$Id: goodpath.c,v 1.2 1996/11/17 16:33:57 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h index b062f17f795..a629778f717 100644 --- a/gnu/usr.bin/sudo/sudo/ins_2001.h +++ b/gnu/usr.bin/sudo/sudo/ins_2001.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: ins_2001.h,v 1.1 1996/10/14 05:14:47 millert Exp $ + * $Id: ins_2001.h,v 1.2 1996/11/17 16:33:57 millert Exp $ */ #ifndef _SUDO_INS_2001_H diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h index 2f395bd6c29..bb53f7a8cd0 100644 --- a/gnu/usr.bin/sudo/sudo/ins_classic.h +++ b/gnu/usr.bin/sudo/sudo/ins_classic.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: ins_classic.h,v 1.1 1996/10/14 05:14:47 millert Exp $ + * $Id: ins_classic.h,v 1.2 1996/11/17 16:33:58 millert Exp $ */ #ifndef _SUDO_INS_CLASSIC_H diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h index b948e0bb447..bf92a84e7b0 100644 --- a/gnu/usr.bin/sudo/sudo/ins_csops.h +++ b/gnu/usr.bin/sudo/sudo/ins_csops.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: ins_csops.h,v 1.1 1996/10/14 05:14:48 millert Exp $ + * $Id: ins_csops.h,v 1.2 1996/11/17 16:33:58 millert Exp $ */ #ifndef _SUDO_INS_CSOPS_H diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h index 3fade04a3d1..58114c8ad4a 100644 --- a/gnu/usr.bin/sudo/sudo/ins_goons.h +++ b/gnu/usr.bin/sudo/sudo/ins_goons.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: ins_goons.h,v 1.1 1996/10/14 05:14:48 millert Exp $ + * $Id: ins_goons.h,v 1.2 1996/11/17 16:33:59 millert Exp $ */ #ifndef _SUDO_INS_GOONS_H diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h index 013d05b50ba..f633bd553f2 100644 --- a/gnu/usr.bin/sudo/sudo/insults.h +++ b/gnu/usr.bin/sudo/sudo/insults.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: insults.h,v 1.1 1996/10/14 05:14:49 millert Exp $ + * $Id: insults.h,v 1.2 1996/11/17 16:33:59 millert Exp $ */ #ifndef _SUDO_INSULTS_H diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c index a2a12773150..fb38b53fa9d 100644 --- a/gnu/usr.bin/sudo/sudo/interfaces.c +++ b/gnu/usr.bin/sudo/sudo/interfaces.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: interfaces.c,v 1.1 1996/10/14 05:14:49 millert Exp $"; +static char rcsid[] = "$Id: interfaces.c,v 1.2 1996/11/17 16:34:00 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c index 85cc707a80a..0feb8d9cccc 100644 --- a/gnu/usr.bin/sudo/sudo/logging.c +++ b/gnu/usr.bin/sudo/sudo/logging.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.3 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -37,7 +37,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: logging.c,v 1.1 1996/10/14 05:14:50 millert Exp $"; +static char rcsid[] = "$Id: logging.c,v 1.2 1996/11/17 16:34:00 millert Exp $"; #endif /* lint */ #include "config.h" @@ -444,6 +444,7 @@ static void send_mail() char *mailer = MAILER; char *subject = MAILSUBJECT; int fd[2]; + char *p; #ifdef POSIX_SIGNALS struct sigaction action; @@ -498,8 +499,18 @@ static void send_mail() /* feed the data to sendmail */ /* XXX - do we need to fdopen this fd #1 to a new stream??? */ - (void) fprintf(stdout, "To: %s\nSubject: %s\n\n%s : %s\n\n", - ALERTMAIL, subject, host, logline); + (void) fprintf(stdout, "To: %s\nSubject: ", ALERTMAIL); + p = subject; + while (*p) { + /* expand %h -> hostname in subject */ + if (*p == '%' && *(p+1) == 'h') { + (void) fputs(host, stdout); + p++; + } else + (void) fputc(*p, stdout); + p++; + } + (void) fprintf(stdout, "\n\n%s : %s\n\n", host, logline); fclose(stdout); exit(0); diff --git a/gnu/usr.bin/sudo/sudo/options.h b/gnu/usr.bin/sudo/sudo/options.h index 47b7ceb3ea5..b9ec48b01be 100644 --- a/gnu/usr.bin/sudo/sudo/options.h +++ b/gnu/usr.bin/sudo/sudo/options.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: options.h,v 1.1 1996/10/14 05:14:50 millert Exp $ + * $Id: options.h,v 1.2 1996/11/17 16:34:01 millert Exp $ */ #ifndef _SUDO_OPTIONS_H @@ -55,7 +55,7 @@ #define MAILER _PATH_SENDMAIL /* what mailer to use */ #define UMASK 0022 /* umask that the root-run prog should use */ #define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */ -#define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */ +#define MAILSUBJECT "*** SECURITY information for %h ***" /* mail subject */ #define PASSPROMPT "Password:" /* default password prompt */ /*#define IGNORE_DOT_PATH /* ignore '.' in $PATH if it exists */ /*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */ diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c index 1e09e3eacf9..cfd71ea0638 100644 --- a/gnu/usr.bin/sudo/sudo/parse.c +++ b/gnu/usr.bin/sudo/sudo/parse.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,7 +25,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: parse.c,v 1.1 1996/10/14 05:14:51 millert Exp $"; +static char rcsid[] = "$Id: parse.c,v 1.2 1996/11/17 16:34:01 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex index b2b541a4909..4a891e61caf 100644 --- a/gnu/usr.bin/sudo/sudo/parse.lex +++ b/gnu/usr.bin/sudo/sudo/parse.lex @@ -1,6 +1,6 @@ %{ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: parse.lex,v 1.1 1996/10/14 05:14:51 millert Exp $"; +static char rcsid[] = "$Id: parse.lex,v 1.2 1996/11/17 16:34:02 millert Exp $"; #endif /* lint */ #include "config.h" @@ -92,7 +92,7 @@ WORD [[:alnum:]_-]+ sawspace = TRUE; /* but remember for fill_args */ } -\\\n { +\\[ \t]*\n { sawspace = TRUE; /* remember for fill_args */ ++sudolineno; LEXTRACE("\n\t"); @@ -188,7 +188,7 @@ NOPASSWD[[:blank:]]*: { } <GOTRUNAS>[[:upper:]][[:upper:][:digit:]_]* { - /* User_Alias that user can run command as or ALL */ + /* Runas_Alias that user can run command as or ALL */ fill(yytext, yyleng); if (strcmp(yytext, "ALL") == 0) { LEXTRACE("ALL "); @@ -233,8 +233,6 @@ NOPASSWD[[:blank:]]*: { } [[:alnum:]][[:alnum:]_-]* { - int l; - fill(yytext, yyleng); if (strcmp(yytext, "Host_Alias") == 0) { LEXTRACE("HOSTALIAS "); @@ -248,14 +246,14 @@ NOPASSWD[[:blank:]]*: { LEXTRACE("USERALIAS "); return(USERALIAS); } - l = yyleng - 1; - if (isalpha(yytext[l]) || isdigit(yytext[l])) { - /* NAME is what RFC1034 calls a label */ - LEXTRACE("NAME "); - return(NAME); + if (strcmp(yytext, "Runas_Alias") == 0) { + LEXTRACE("RUNASALIAS "); + return(RUNASALIAS); } - return(ERROR); + /* NAME is what RFC1034 calls a label */ + LEXTRACE("NAME "); + return(NAME); } . { diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc index c98d7c347b2..ab82de64862 100644 --- a/gnu/usr.bin/sudo/sudo/parse.yacc +++ b/gnu/usr.bin/sudo/sudo/parse.yacc @@ -1,7 +1,7 @@ %{ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: parse.yacc,v 1.4 1996/11/12 07:23:22 millert Exp $"; +static char rcsid[] = "$Id: parse.yacc,v 1.5 1996/11/17 16:34:03 millert Exp $"; #endif /* lint */ #include "config.h" @@ -74,9 +74,10 @@ int printmatches = FALSE; /* * Alias types */ -#define HOST 1 -#define CMND 2 -#define USER 3 +#define HOST_ALIAS 1 +#define CMND_ALIAS 2 +#define USER_ALIAS 3 +#define RUNAS_ALIAS 4 /* * The matching stack, initial space allocated in init_parser(). @@ -121,8 +122,8 @@ static size_t cm_list_len = 0, cm_list_size = 0; * List of Cmnd_Aliases and expansions for `sudo -l' */ static int in_alias = FALSE; -static size_t ca_list_len = 0, ca_list_size = 0; -static struct command_alias *ca_list = NULL; +static size_t ga_list_len = 0, ga_list_size = 0; +static struct generic_alias *ga_list = NULL; /* * Protoypes @@ -135,7 +136,7 @@ static int find_alias __P((char *, int)); static int add_alias __P((char *, int)); static int more_aliases __P((void)); static void append __P((char *, char **, size_t *, size_t *, int)); -static void expand_ca_list __P((void)); +static void expand_ga_list __P((void)); static void expand_match_list __P((void)); void init_parser __P((void)); void yyerror __P((char *)); @@ -178,6 +179,7 @@ void yyerror(s) %token <tok> HOSTALIAS /* Host_Alias keyword */ %token <tok> CMNDALIAS /* Cmnd_Alias keyword */ %token <tok> USERALIAS /* User_Alias keyword */ +%token <tok> RUNASALIAS /* Runas_Alias keyword */ %token <tok> ':' '=' ',' '!' '.' /* union member tokens */ %token <tok> ERROR @@ -209,6 +211,8 @@ entry : COMMENT { ; } | CMNDALIAS cmndaliases { ; } + | RUNASALIAS runasaliases + { ; } ; @@ -252,7 +256,8 @@ hostspec : ALL { } | ALIAS { /* could be an all-caps hostname */ - if (find_alias($1, HOST) || !strcasecmp(shost, $1)) + if (find_alias($1, HOST_ALIAS) == TRUE || + strcasecmp(shost, $1) == 0) host_matches = TRUE; (void) free($1); } @@ -318,6 +323,10 @@ runaslist : runasuser { runasuser : NAME { $$ = (strcmp($1, runas_user) == 0); + if (printmatches == TRUE && in_alias == TRUE) + append($1, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) append($1, &cm_list[cm_list_len].runas, @@ -327,6 +336,10 @@ runasuser : NAME { } | USERGROUP { $$ = usergr_matches($1, runas_user); + if (printmatches == TRUE && in_alias == TRUE) + append($1, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { append("%", &cm_list[cm_list_len].runas, @@ -340,6 +353,10 @@ runasuser : NAME { } | NETGROUP { $$ = netgr_matches($1, NULL, runas_user); + if (printmatches == TRUE && in_alias == TRUE) + append($1, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { append("+", &cm_list[cm_list_len].runas, @@ -353,10 +370,15 @@ runasuser : NAME { } | ALIAS { /* could be an all-caps username */ - if (find_alias($1, USER) || !strcmp($1, runas_user)) + if (find_alias($1, RUNAS_ALIAS) == TRUE || + strcmp($1, runas_user) == 0) $$ = TRUE; else $$ = FALSE; + if (printmatches == TRUE && in_alias == TRUE) + append($1, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) append($1, &cm_list[cm_list_len].runas, @@ -366,6 +388,10 @@ runasuser : NAME { } | ALL { $$ = TRUE; + if (printmatches == TRUE && in_alias == TRUE) + append("ALL", &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) append("ALL", &cm_list[cm_list_len].runas, @@ -387,9 +413,9 @@ nopasswd : /* empty */ { cmnd : ALL { if (printmatches == TRUE && in_alias == TRUE) { - append("ALL", &ca_list[ca_list_len-1].entries, - &ca_list[ca_list_len-1].entries_len, - &ca_list[ca_list_len-1].entries_size, ','); + append("ALL", &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); } if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { @@ -404,9 +430,9 @@ cmnd : ALL { } | ALIAS { if (printmatches == TRUE && in_alias == TRUE) { - append($1, &ca_list[ca_list_len-1].entries, - &ca_list[ca_list_len-1].entries_len, - &ca_list[ca_list_len-1].entries_size, ','); + append($1, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); } if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { @@ -415,7 +441,7 @@ cmnd : ALL { &cm_list[cm_list_len].cmnd_size, 0); expand_match_list(); } - if (find_alias($1, CMND)) { + if (find_alias($1, CMND_ALIAS) == TRUE) { cmnd_matches = TRUE; $$ = TRUE; } @@ -423,13 +449,13 @@ cmnd : ALL { } | COMMAND { if (printmatches == TRUE && in_alias == TRUE) { - append($1.cmnd, &ca_list[ca_list_len-1].entries, - &ca_list[ca_list_len-1].entries_len, - &ca_list[ca_list_len-1].entries_size, ','); + append($1.cmnd, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ','); if ($1.args) - append($1.args, &ca_list[ca_list_len-1].entries, - &ca_list[ca_list_len-1].entries_len, - &ca_list[ca_list_len-1].entries_size, ' '); + append($1.args, &ga_list[ga_list_len-1].entries, + &ga_list[ga_list_len-1].entries_len, + &ga_list[ga_list_len-1].entries_size, ' '); } if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { @@ -461,7 +487,8 @@ hostaliases : hostalias ; hostalias : ALIAS { push; } '=' hostlist { - if (host_matches == TRUE && !add_alias($1, HOST)) + if (host_matches == TRUE && + add_alias($1, HOST_ALIAS) == FALSE) YYERROR; pop; } @@ -479,9 +506,9 @@ cmndalias : ALIAS { push; if (printmatches == TRUE) { in_alias = TRUE; - /* Allocate space for ca_list if necesary. */ - expand_ca_list(); - if (!(ca_list[ca_list_len-1].alias = strdup($1))){ + /* Allocate space for ga_list if necesary. */ + expand_ga_list(); + if (!(ga_list[ga_list_len-1].alias = strdup($1))){ perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); @@ -489,7 +516,8 @@ cmndalias : ALIAS { } } } '=' cmndlist { - if (cmnd_matches == TRUE && !add_alias($1, CMND)) + if (cmnd_matches == TRUE && + add_alias($1, CMND_ALIAS) == FALSE) YYERROR; pop; (void) free($1); @@ -504,12 +532,41 @@ cmndlist : cmnd | cmndlist ',' cmnd ; +runasaliases : runasalias + | runasaliases ':' runasalias + ; + +runasalias : ALIAS { + push; + if (printmatches == TRUE) { + in_alias = TRUE; + /* Allocate space for ga_list if necesary. */ + expand_ga_list(); + if (!(ga_list[ga_list_len-1].alias = strdup($1))){ + perror("malloc"); + (void) fprintf(stderr, + "%s: cannot allocate memory!\n", Argv[0]); + exit(1); + } + } + } '=' runaslist { + if ($4 > 0 && add_alias($1, RUNAS_ALIAS) == FALSE) + YYERROR; + pop; + (void) free($1); + + if (printmatches == TRUE) + in_alias = FALSE; + } + ; + useraliases : useralias | useraliases ':' useralias ; useralias : ALIAS { push; } '=' userlist { - if (user_matches == TRUE && !add_alias($1, USER)) + if (user_matches == TRUE && + add_alias($1, USER_ALIAS) == FALSE) YYERROR; pop; (void) free($1); @@ -538,7 +595,8 @@ user : NAME { } | ALIAS { /* could be an all-caps username */ - if (find_alias($1, USER) || !strcmp($1, user_name)) + if (find_alias($1, USER_ALIAS) == TRUE || + strcmp($1, user_name) == 0) user_matches = TRUE; (void) free($1); } @@ -586,18 +644,18 @@ static int aliascmp(a1, a2) /********************************************************************** * - * cmndaliascmp() + * genaliascmp() * - * This function compares two command_alias structures. + * This function compares two generic_alias structures. */ -static int cmndaliascmp(entry, key) +static int genaliascmp(entry, key) const VOID *entry, *key; { - struct command_alias *ca1 = (struct command_alias *) key; - struct command_alias *ca2 = (struct command_alias *) entry; + struct generic_alias *ga1 = (struct generic_alias *) key; + struct generic_alias *ga2 = (struct generic_alias *) entry; - return(strcmp(ca1->alias, ca2->alias)); + return(strcmp(ga1->alias, ga2->alias)); } @@ -622,11 +680,13 @@ static int add_alias(alias, type) (void) strcpy(ai.name, alias); if (lfind((VOID *)&ai, (VOID *)aliases, &naliases, sizeof(ai), aliascmp) != NULL) { - (void) sprintf(s, "Alias `%s' already defined", alias); + (void) sprintf(s, "Alias `%.*s' already defined", sizeof(s) - 25, + alias); yyerror(s); } else { - if (naliases == nslots && !more_aliases()) { - (void) sprintf(s, "Out of memory defining alias `%s'", alias); + if (naliases >= nslots && !more_aliases()) { + (void) sprintf(s, "Out of memory defining alias `%.*s'", + sizeof(s) - 32, alias); yyerror(s); } @@ -636,7 +696,8 @@ static int add_alias(alias, type) if (aip != NULL) { ok = TRUE; } else { - (void) sprintf(s, "Aliases corrupted defining alias `%s'", alias); + (void) sprintf(s, "Aliases corrupted defining alias `%.*s'", + sizeof(s) - 36, alias); yyerror(s); } } @@ -698,16 +759,20 @@ void dumpaliases() for (n = 0; n < naliases; n++) { switch (aliases[n].type) { - case HOST: - (void) puts("HOST"); + case HOST_ALIAS: + (void) puts("HOST_ALIAS"); break; - case CMND: - (void) puts("CMND"); + case CMND_ALIAS: + (void) puts("CMND_ALIAS"); break; - case USER: - (void) puts("USER"); + case USER_ALIAS: + (void) puts("USER_ALIAS"); + break; + + case RUNAS_ALIAS: + (void) puts("RUNAS_ALIAS"); break; } (void) printf("\t%s\n", aliases[n].name); @@ -719,7 +784,7 @@ void dumpaliases() * * list_matches() * - * This function lists the contents of cm_list and ca_list for + * This function lists the contents of cm_list and ga_list for * `sudo -l'. */ @@ -727,7 +792,7 @@ void list_matches() { int i; char *p; - struct command_alias *ca, key; + struct generic_alias *ga, key; (void) puts("You may run the following commands on this host:"); for (i = 0; i < cm_list_len; i++) { @@ -736,12 +801,18 @@ void list_matches() (void) fputs(" ", stdout); if (cm_list[i].runas) { (void) putchar('('); - if ((p = strtok(cm_list[i].runas, ":"))) - (void) fputs(p, stdout); - while ((p = strtok(NULL, ":"))) { - (void) fputs(", ", stdout); - (void) fputs(p, stdout); - } + p = strtok(cm_list[i].runas, ":"); + do { + if (p != cm_list[i].runas) + (void) fputs(", ", stdout); + + key.alias = p; + if ((ga = (struct generic_alias *) lfind((VOID *) &key, + (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) + (void) fputs(ga->entries, stdout); + else + (void) fputs(p, stdout); + } while ((p = strtok(NULL, ":"))); (void) fputs(") ", stdout); } else { (void) fputs("(root) ", stdout); @@ -753,20 +824,20 @@ void list_matches() /* Print the actual command or expanded Cmnd_Alias. */ key.alias = cm_list[i].cmnd; - if ((ca = (struct command_alias *) lfind((VOID *) &key, - (VOID *) &ca_list[0], &ca_list_len, sizeof(key), cmndaliascmp))) - (void) puts(ca->entries); + if ((ga = (struct generic_alias *) lfind((VOID *) &key, + (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) + (void) puts(ga->entries); else (void) puts(cm_list[i].cmnd); } /* Be nice and free up space now that we are done. */ - for (i = 0; i < ca_list_len; i++) { - (void) free(ca_list[i].alias); - (void) free(ca_list[i].entries); + for (i = 0; i < ga_list_len; i++) { + (void) free(ga_list[i].alias); + (void) free(ga_list[i].entries); } - (void) free(ca_list); - ca_list = NULL; + (void) free(ga_list); + ga_list = NULL; for (i = 0; i < cm_list_len; i++) { (void) free(cm_list[i].runas); @@ -847,25 +918,25 @@ void reset_aliases() /********************************************************************** * - * expand_ca_list() + * expand_ga_list() * - * This function increments ca_list_len, allocating more space as necesary. + * This function increments ga_list_len, allocating more space as necesary. */ -static void expand_ca_list() +static void expand_ga_list() { - if (++ca_list_len > ca_list_size) { - while ((ca_list_size += STACKINCREMENT) < ca_list_len); - if (ca_list == NULL) { - if ((ca_list = (struct command_alias *) - malloc(sizeof(struct command_alias) * ca_list_size)) == NULL) { + if (++ga_list_len > ga_list_size) { + while ((ga_list_size += STACKINCREMENT) < ga_list_len); + if (ga_list == NULL) { + if ((ga_list = (struct generic_alias *) + malloc(sizeof(struct generic_alias) * ga_list_size)) == NULL) { perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } } else { - if ((ca_list = (struct command_alias *) realloc(ca_list, - sizeof(struct command_alias) * ca_list_size)) == NULL) { + if ((ga_list = (struct generic_alias *) realloc(ga_list, + sizeof(struct generic_alias) * ga_list_size)) == NULL) { perror("malloc"); (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); @@ -873,7 +944,7 @@ static void expand_ca_list() } } - ca_list[ca_list_len - 1].entries = NULL; + ga_list[ga_list_len - 1].entries = NULL; } diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h index 0f4355ac896..ff35eaa87e8 100644 --- a/gnu/usr.bin/sudo/sudo/pathnames.h +++ b/gnu/usr.bin/sudo/sudo/pathnames.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: pathnames.h,v 1.1 1996/10/14 05:14:53 millert Exp $ + * $Id: pathnames.h,v 1.2 1996/11/17 16:34:03 millert Exp $ */ /* diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8 index 77e6fdc4525..1056d0f717d 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.8 +++ b/gnu/usr.bin/sudo/sudo/sudo.8 @@ -1,9 +1,9 @@ .rn '' }` -''' $RCSfile: sudo.8,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:53 $ +''' $RCSfile: sudo.8,v $$Revision: 1.2 $$Date: 1996/11/17 16:34:04 $ ''' ''' $Log: sudo.8,v $ -''' Revision 1.1 1996/10/14 05:14:53 millert -''' sudo 1.5.2 +''' Revision 1.2 1996/11/17 16:34:04 millert +''' Updated to sudo 1.5.3 ''' ''' .de Sh @@ -76,7 +76,7 @@ .nr % 0 .rr F .\} -.TH sudo 8 "1.5.2" "6/Oct/96" "MAINTENANCE COMMANDS" +.TH sudo 8 "1.5.3" "6/Oct/96" "MAINTENANCE COMMANDS" .IX Title "sudo 8" .UC .IX Name "sudo - execute a command as the superuser" diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c index 7e17f18c944..c735f8c116c 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.c +++ b/gnu/usr.bin/sudo/sudo/sudo.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.3 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -51,7 +51,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: sudo.c,v 1.1 1996/10/14 05:14:54 millert Exp $"; +static char rcsid[] = "$Id: sudo.c,v 1.2 1996/11/17 16:34:04 millert Exp $"; #endif /* lint */ #define MAIN @@ -939,13 +939,14 @@ void set_perms(perm, sudo_mode) } /* - * If SUDOERS_UID == 0 we need to use - * a different uid in order to avoid - * NFS lossage. Using uid 1 is a bit - * bogus but should be safe. + * If SUDOERS_UID == 0 and SUDOERS_MODE + * is group readable we use a non-zero + * uid in order to avoid NFS lossage. + * Using uid 1 is a bit bogus but should + * work on all OS's. */ if (SUDOERS_UID == 0) { - if (seteuid(1)) { + if ((SUDOERS_MODE & 040) && seteuid(1)) { perror("seteuid(1)"); exit(1); } diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h index 99e1f755255..575fe030e49 100644 --- a/gnu/usr.bin/sudo/sudo/sudo.h +++ b/gnu/usr.bin/sudo/sudo/sudo.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 (based on Root Group sudo version 1.1) + * CU sudo version 1.5.3 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -25,7 +25,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * - * $Id: sudo.h,v 1.1 1996/10/14 05:14:54 millert Exp $ + * $Id: sudo.h,v 1.2 1996/11/17 16:34:05 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -92,7 +92,7 @@ struct command_match { /* * Structure containing Cmnd_Alias's if "sudo -l" is used. */ -struct command_alias { +struct generic_alias { char *alias; char *entries; size_t entries_size; diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c index bcfca6be3df..585ae4f7dd1 100644 --- a/gnu/usr.bin/sudo/sudo/sudo_setenv.c +++ b/gnu/usr.bin/sudo/sudo/sudo_setenv.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: sudo_setenv.c,v 1.1 1996/10/14 05:14:55 millert Exp $"; +static char rcsid[] = "$Id: sudo_setenv.c,v 1.2 1996/11/17 16:34:05 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5 index bcc6137b366..2ffa5e469e2 100644 --- a/gnu/usr.bin/sudo/sudo/sudoers.5 +++ b/gnu/usr.bin/sudo/sudo/sudoers.5 @@ -1,9 +1,9 @@ .rn '' }` -''' $RCSfile: sudoers.5,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:55 $ +''' $RCSfile: sudoers.5,v $$Revision: 1.2 $$Date: 1996/11/17 16:34:06 $ ''' ''' $Log: sudoers.5,v $ -''' Revision 1.1 1996/10/14 05:14:55 millert -''' sudo 1.5.2 +''' Revision 1.2 1996/11/17 16:34:06 millert +''' Updated to sudo 1.5.3 ''' ''' .de Sh @@ -76,7 +76,7 @@ .nr % 0 .rr F .\} -.TH sudoers 5 "1.5.2" "7/Sep/96" "FILE FORMATS" +.TH sudoers 5 "1.5.3" "13/Nov/96" "FILE FORMATS" .IX Title "sudoers 5" .UC .IX Name "sudoers - list of which users may execute what as root" @@ -180,7 +180,7 @@ sudoers \- list of which users may execute what as root The \fIsudoers\fR file is composed of an optional host alias section, an optional command alias section and the user specification section. All command or host aliases need to start with their respective keywords -(ie: Host_Alias, User_Alias, or Cmnd_Alias). +(ie: Host_Alias, User_Alias, Runas_Alias or Cmnd_Alias). If there are multiple occurrences of a user, the union of the entries will be used. .Sh "user specification format:" @@ -190,14 +190,14 @@ will be used. \& user access_group [: access_group] ... .Ve .Vb 10 -\& access_group ::= host_type = [(user_list)] [NOPASSWD:] [op]cmnd_type +\& access_group ::= host_type = [(runas_list)] [NOPASSWD:] [op]cmnd_type \& [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ... \& host_type ::= a lower-case hostname, netgroup, ip address, \& network number, network number/netmask, \& or host alias. -\& user_list ::= comma-separated list of users, uids, or -\& User_Aliases the user may run commands as -\& (default is root). +\& runas_list ::= comma-separated list of users, groups, +\& netgroups or Runas_Aliases the user may run +\& commands as (default is root). \& cmnd_type ::= a command OR a command alias. \& op ::= the logical "!" NOT operator. .Ve @@ -224,6 +224,17 @@ will be used. \& USERALIAS ::= an upper-case alias name. \& user-list ::= a comma separated list of users, groups, netgroups. .Ve +.Sh "runas alias section format:" +.IX Subsection "runas alias section format:" +.PP +.Vb 1 +\& Runas_Alias RUNASALIAS = runas-list +.Ve +.Vb 3 +\& Runas_Alias ::= a keyword. +\& RUNASALIAS ::= an upper-case alias name. +\& runas-list ::= a comma separated list of users, groups, netgroups. +.Ve .Sh "command alias section format:" .IX Subsection "command alias section format:" .PP @@ -316,6 +327,10 @@ with a \*(L"\e\*(R" if used in command arguments: \*(L",\*(R", \*(L":\*(R", \*(L \& User_Alias FULLTIME=millert,dowdy,mikef \& User_Alias PARTTIME=juola,mccreary,tor .Ve +.Vb 2 +\& # Runas alias specification +\& Runas_Alias OP=root,operator +.Ve .Vb 6 \& # Command alias specification \& Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm @@ -336,9 +351,9 @@ with a \*(L"\e\*(R" if used in command arguments: \*(L",\*(R", \*(L":\*(R", \*(L \& HUB=ALL,!SHELLS \& jill houdini=/etc/shutdown -[hr] now,MISC \& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt -\& davehieb merlin=ALL:SERVERS=/etc/halt:\e +\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e \& kodiakthorn=NOPASSWD: ALL -\& steve CSNETS= (operator) /usr/op_commands/ +\& steve CSNETS=(operator) /usr/op_commands/ .Ve .Sh "Host Alias specifications:" .IX Subsection "Host Alias specifications:" @@ -408,9 +423,10 @@ except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed in the \f(CWMISC\fR alias. .Ip "davehieb" 16 .IX Item "davehieb" -The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR, -\fI/etc/halt\fR on the \f(CWSERVERS\fR. He may also run any command -on \f(CWkodiakthorn\fR without giving a password. +The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any +user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may +also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command +on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR). .Ip "steve" 16 .IX Item "steve" The user \f(CWsteve\fR may run any command in the \fI/usr/op_commands/\fR diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c index b8a198d7adc..e92178517ba 100644 --- a/gnu/usr.bin/sudo/sudo/tgetpass.c +++ b/gnu/usr.bin/sudo/sudo/tgetpass.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: tgetpass.c,v 1.1 1996/10/14 05:14:56 millert Exp $"; +static char rcsid[] = "$Id: tgetpass.c,v 1.2 1996/11/17 16:34:06 millert Exp $"; #endif /* lint */ #include "config.h" diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h index 6cb682af53c..35fd0054a35 100644 --- a/gnu/usr.bin/sudo/sudo/version.h +++ b/gnu/usr.bin/sudo/sudo/version.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,12 +17,12 @@ * * Please send bugs, changes, problems to sudo-bugs@courtesan.com * - * $Id: version.h,v 1.1 1996/10/14 05:14:56 millert Exp $ + * $Id: version.h,v 1.2 1996/11/17 16:34:07 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static char version[] = "1.5.2"; +static char version[] = "1.5.3"; #endif /* _SUDO_VERSION_H */ diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8 index 1a976177f42..df5b6481cd1 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.8 +++ b/gnu/usr.bin/sudo/visudo/visudo.8 @@ -1,9 +1,9 @@ .rn '' }` -''' $RCSfile: visudo.8,v $$Revision: 1.1 $$Date: 1996/10/14 05:14:58 $ +''' $RCSfile: visudo.8,v $$Revision: 1.2 $$Date: 1996/11/17 16:34:08 $ ''' ''' $Log: visudo.8,v $ -''' Revision 1.1 1996/10/14 05:14:58 millert -''' sudo 1.5.2 +''' Revision 1.2 1996/11/17 16:34:08 millert +''' Updated to sudo 1.5.3 ''' ''' .de Sh @@ -76,7 +76,7 @@ .nr % 0 .rr F .\} -.TH visudo 8 "1.5.2" "7/Sep/96" "MAINTENANCE COMMANDS" +.TH visudo 8 "1.5.3" "13/Nov/96" "MAINTENANCE COMMANDS" .IX Title "visudo 8" .UC .IX Name "visudo - edit the sudoers file" @@ -195,8 +195,8 @@ an error, a message will be printed stating the line \fInumber\fR\|(s) that the error occurred on and the user will receive the \*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R" to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without -saving the changes, or \*(L"q\*(R" to quit and save changes. The -\*(L"q\*(R" option should be used with extreme care because if \fBvisudo\fR +saving the changes, or \*(L"Q\*(R" to quit and save changes. The +\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR believes there to be a parse error, so will \fBsudo\fR and no one will be able to execute \fBsudo\fR again until the error is fixed. Any other command at this prompt will print a short help message. diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c index 55202a64925..45d446172e2 100644 --- a/gnu/usr.bin/sudo/visudo/visudo.c +++ b/gnu/usr.bin/sudo/visudo/visudo.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.5.2 + * CU sudo version 1.5.3 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: visudo.c,v 1.2 1996/10/30 23:10:25 millert Exp $"; +static char rcsid[] = "$Id: visudo.c,v 1.3 1996/11/17 16:34:08 millert Exp $"; #endif /* lint */ #include "config.h" @@ -128,7 +128,7 @@ int main(argc, argv) int argc; char **argv; { - char buf[BUFSIZ]; /* buffer used for copying files */ + char buf[MAXPATHLEN*2]; /* buffer used for copying files */ char * Editor = EDITOR; /* editor to use (default is EDITOR */ int sudoers_fd; /* sudoers file descriptor */ int stmp_fd; /* stmp file descriptor */ @@ -180,7 +180,7 @@ int main(argc, argv) } (void) fprintf(stderr, "%s: ", Argv[0]); perror(stmp); - Exit(1); + Exit(-1); } /* install signal handler to clean up stmp */ @@ -190,7 +190,7 @@ int main(argc, argv) if (sudoers_fd < 0 && errno != ENOENT) { (void) fprintf(stderr, "%s: ", Argv[0]); perror(sudoers); - Exit(1); + Exit(-1); } /* @@ -201,7 +201,7 @@ int main(argc, argv) if (write(stmp_fd, buf, n) != n) { (void) fprintf(stderr, "%s: Write failed: ", Argv[0]); perror(""); - Exit(1); + Exit(-1); } (void) close(sudoers_fd); @@ -215,6 +215,11 @@ int main(argc, argv) /* * Build up a buffer to execute */ + if (strlen(Editor) + strlen(stmp) + 30 > sizeof(buf)) { + (void) fprintf(stderr, "%s: Buffer too short (line %d).\n", + __LINE__, Argv[0]); + Exit(-1); + } if (parse_error == TRUE) (void) sprintf(buf, "%s +%d %s", Editor, errorlineno, stmp); else @@ -230,7 +235,7 @@ int main(argc, argv) (void) fprintf(stderr, "%s: Can't stat temporary file (%s), %s unchanged.\n", Argv[0], stmp, sudoers); - Exit(1); + Exit(-1); } /* check for zero length file */ @@ -238,7 +243,7 @@ int main(argc, argv) (void) fprintf(stderr, "%s: Zero length temporary file (%s), %s unchanged.\n", Argv[0], stmp, sudoers); - Exit(1); + Exit(-1); } /* @@ -254,23 +259,23 @@ int main(argc, argv) (void) fprintf(stderr, "%s: Can't re-open temporary file (%s), %s unchanged.\n", Argv[0], stmp, sudoers); - Exit(1); + Exit(-1); } /* clean slate for each parse */ init_parser(); /* parse the sudoers file */ - if (yyparse()) { + if (yyparse() && parse_error != TRUE) { (void) fprintf(stderr, - "%s: Failed to parse temporary file (%s), %s unchanged.\n", + "%s: Failed to parse temporary file (%s), unknown error.\n", Argv[0], stmp, sudoers); - Exit(1); + parse_error = TRUE; } } else { (void) fprintf(stderr, "%s: Editor (%s) failed, %s unchanged.\n", Argv[0], Editor, sudoers); - Exit(1); + Exit(-1); } /* @@ -295,14 +300,14 @@ int main(argc, argv) "%s: Unable to set (uid, gid) of %s to (%d, %d): ", Argv[0], stmp, SUDOERS_UID, SUDOERS_GID); perror(""); - Exit(1); + Exit(-1); } if (chmod(stmp, SUDOERS_MODE)) { (void) fprintf(stderr, "%s: Unable to change mode of %s to %o: ", Argv[0], stmp, SUDOERS_MODE); perror(""); - Exit(1); + Exit(-1); } /* @@ -326,7 +331,7 @@ int main(argc, argv) "%s: Cannot alocate memory, %s unchanged: ", Argv[0], sudoers); perror(""); - Exit(1); + Exit(-1); } /* Build up command and execute it */ @@ -335,14 +340,14 @@ int main(argc, argv) (void) fprintf(stderr, "%s: Command failed: '%s', %s unchanged.\n", Argv[0], tmpbuf, sudoers); - Exit(1); + Exit(-1); } (void) free(tmpbuf); } else { (void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: ", Argv[0], stmp, sudoers); perror(""); - Exit(1); + Exit(-1); } return(0); @@ -396,7 +401,7 @@ int netgr_matches(n, h, u) static void usage() { (void) fprintf(stderr, "usage: %s [-V]\n", Argv[0]); - Exit(1); + Exit(-1); } @@ -406,13 +411,18 @@ static void usage() * * Unlinks the sudoers temp file (if it exists) and exits. * Used in place of a normal exit() and as a signal handler. + * A positive parameter is considered to be a signal and is reported. */ static RETSIGTYPE Exit(sig) int sig; { (void) unlink(stmp); - exit(sig); + + if (sig > 0) + (void) fprintf(stderr, "%s exiting, caught signal %d.\n", Argv[0], sig); + + exit(-sig); } @@ -431,16 +441,12 @@ static char whatnow() do { ok = FALSE; - (void) printf("What now? "); - if ((choice = fgetc(stdin)) != '\n') - while (fgetc(stdin) != '\n') + (void) fputs("What now? ", stdout); + if ((choice = getchar()) != '\n') + while (getchar() != '\n') ; - /* safely force to lower case */ - if (isupper(choice)) - choice = tolower(choice); - - if (choice == 'e' || choice == 'x' || choice == 'q') + if (choice == 'e' || choice == 'x' || choice == 'Q') ok = TRUE; /* help message if they gavce us garbage */ @@ -465,7 +471,7 @@ static void whatnow_help() (void) printf("Options are:\n"); (void) printf(" (e)dit sudoers file again\n"); (void) printf(" e(x)it without saving changes to sudoers file\n"); - (void) printf(" (q)uit and save changes to sudoers file (DANGER!)\n\n"); + (void) printf(" (Q)uit and save changes to sudoers file (DANGER!)\n\n"); } |