summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/sudo/CHANGES8
-rw-r--r--usr.bin/sudo/Makefile.in2
-rw-r--r--usr.bin/sudo/auth/kerb5.c2
-rw-r--r--usr.bin/sudo/check.c8
-rw-r--r--usr.bin/sudo/sudo.84
-rw-r--r--usr.bin/sudo/sudo.c6
-rw-r--r--usr.bin/sudo/sudo_noexec.c95
-rw-r--r--usr.bin/sudo/sudoers.54
-rw-r--r--usr.bin/sudo/version.h2
-rw-r--r--usr.bin/sudo/visudo.84
10 files changed, 98 insertions, 37 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES
index 928b09f77dc..a077edf8a56 100644
--- a/usr.bin/sudo/CHANGES
+++ b/usr.bin/sudo/CHANGES
@@ -1778,3 +1778,11 @@ Sudo 1.6.8p6 released.
561) Fixed setting of $USER when env_reset is enabled.
Sudo 1.6.8p7 released.
+
+562) Fixed noexec functionality on Linux.
+
+563) Fixed minor format string mismatches in some error cases.
+
+564) Fixed a bug that prevented Heimdal authentication from working.
+
+Sudo 1.6.8p8 released.
diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in
index 477ad2b7a8a..e47dd5572a7 100644
--- a/usr.bin/sudo/Makefile.in
+++ b/usr.bin/sudo/Makefile.in
@@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
LIBOBJS = @LIBOBJS@ @ALLOCA@
-VERSION = 1.6.8p7
+VERSION = 1.6.8p8
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \
diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c
index 9723020ceeb..07022c50f98 100644
--- a/usr.bin/sudo/auth/kerb5.c
+++ b/usr.bin/sudo/auth/kerb5.c
@@ -55,7 +55,7 @@ static const char rcsid[] = "$Sudo: kerb5.c,v 1.23 2004/06/07 00:02:56 millert E
#endif /* lint */
#ifdef HAVE_HEIMDAL
-# define extract_name(c, p) krb5_principal_get_comp_string(c, p, 0)
+# define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1)
# define krb5_free_data_contents(c, d) krb5_data_free(d)
# define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 /* XXX */
#else
diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c
index c1fa93187d2..b8bd9881d0d 100644
--- a/usr.bin/sudo/check.c
+++ b/usr.bin/sudo/check.c
@@ -316,7 +316,7 @@ build_timestamp(timestampdir, timestampfile)
dirparent = def_timestampdir;
len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
if (len >= PATH_MAX)
- log_error(0, "timestamp path too long: %s", timestampdir);
+ log_error(0, "timestamp path too long: %s", *timestampdir);
/*
* Timestamp file may be a file in the directory or NUL to use
@@ -335,12 +335,12 @@ build_timestamp(timestampdir, timestampfile)
else
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
if (len >= PATH_MAX)
- log_error(0, "timestamp path too long: %s", timestampfile);
+ log_error(0, "timestamp path too long: %s", *timestampfile);
} else if (def_targetpw) {
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
*user_runas);
if (len >= PATH_MAX)
- log_error(0, "timestamp path too long: %s", timestampfile);
+ log_error(0, "timestamp path too long: %s", *timestampfile);
} else
*timestampfile = NULL;
}
@@ -465,7 +465,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
/* If bad uid or file mode, complain and kill the bogus file. */
if (sb.st_uid != timestamp_uid) {
log_error(NO_EXIT,
- "%s owned by uid %ud, should be uid %lu",
+ "%s owned by uid %lu, should be uid %lu",
timestampfile, (unsigned long) sb.st_uid,
(unsigned long) timestamp_uid);
(void) unlink(timestampfile);
diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8
index a0024b61dc7..8c7a35b7cb4 100644
--- a/usr.bin/sudo/sudo.8
+++ b/usr.bin/sudo/sudo.8
@@ -17,7 +17,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudo.man.in,v 1.31 2004/09/08 18:35:53 millert Exp $
+.\" $Sudo: sudo.pod,v 1.73 2004/09/08 18:34:38 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
.\"
.\" Standard preamble:
@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO 8"
-.TH SUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
+.TH SUDO 8 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c
index 31edb653603..858b968a54a 100644
--- a/usr.bin/sudo/sudo.c
+++ b/usr.bin/sudo/sudo.c
@@ -901,10 +901,10 @@ check_sudoers()
(statbuf.st_mode & 07777), SUDOERS_MODE);
else if (statbuf.st_uid != SUDOERS_UID)
log_error(0, "%s is owned by uid %lu, should be %lu", _PATH_SUDOERS,
- (unsigned long) statbuf.st_uid, SUDOERS_UID);
+ (unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
else if (statbuf.st_gid != SUDOERS_GID)
log_error(0, "%s is owned by gid %lu, should be %lu", _PATH_SUDOERS,
- (unsigned long) statbuf.st_gid, SUDOERS_GID);
+ (unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
else {
/* Solaris sometimes returns EAGAIN so try 10 times */
for (i = 0; i < 10 ; i++) {
@@ -1086,7 +1086,7 @@ get_authpw()
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL)
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %lu!",
- runas_pw->pw_uid);
+ (unsigned long) runas_pw->pw_uid);
pw = runas_pw;
} else
pw = sudo_user.pw;
diff --git a/usr.bin/sudo/sudo_noexec.c b/usr.bin/sudo/sudo_noexec.c
index f06f03f53a3..bce1a922772 100644
--- a/usr.bin/sudo/sudo_noexec.c
+++ b/usr.bin/sudo/sudo_noexec.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +17,14 @@
#include "config.h"
#include <errno.h>
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
#ifndef lint
-static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.5 2004/02/13 21:36:43 millert Exp $";
+static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.11 2005/03/10 15:09:28 millert Exp $";
#endif /* lint */
/*
@@ -34,24 +39,72 @@ static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.5 2004/02/13 21:36:43 mill
extern int errno;
#endif
-#define DUMMY(fn, args, atypes) \
-int \
-fn args \
- atypes \
-{ \
- errno = EACCES; \
- return(-1); \
+#define DUMMY_BODY \
+{ \
+ errno = EACCES; \
+ return(-1); \
}
-DUMMY(execve, (path, argv, envp),
- const char *path; char *const argv[]; char *const envp[];)
-DUMMY(_execve, (path, argv, envp),
- const char *path; char *const argv[]; char *const envp[];)
-DUMMY(execv, (path, argv, envp),
- const char *path; char *const argv[];)
-DUMMY(_execv, (path, argv, envp),
- const char *path; char *const argv[];)
-DUMMY(fexecve, (fd, argv, envp),
- int fd; char *const argv[]; char *const envp[];)
-DUMMY(_fexecve, (fd, argv, envp),
- int fd; char *const argv[]; char *const envp[];)
+#ifdef __STDC__
+
+#define DUMMY2(fn, t1, t2) \
+int \
+fn(t1 a1, t2 a2) \
+DUMMY_BODY
+
+#define DUMMY3(fn, t1, t2, t3) \
+int \
+fn(t1 a1, t2 a2, t3 a3) \
+DUMMY_BODY
+
+#define DUMMY_VA(fn, t1, t2) \
+int \
+fn(t1 a1, t2 a2, ...) \
+DUMMY_BODY
+
+#else /* !__STDC__ */
+
+#define DUMMY2(fn, t1, t2) \
+int \
+fn(a1, a2) \
+t1 a1; t2 a2; \
+DUMMY_BODY
+
+#define DUMMY3(fn, t1, t2, t3) \
+int \
+fn(a1, a2, a3) \
+t1 a1; t2 a2; t3 a3; \
+DUMMY_BODY
+
+#define DUMMY_VA(fn, t1, t2) \
+int \
+fn(a1, a2, va_alist) \
+t1 a1; t2 a2; va_dcl \
+DUMMY_BODY
+
+#endif /* !__STDC__ */
+
+DUMMY_VA(execl, const char *, const char *)
+DUMMY_VA(_execl, const char *, const char *)
+DUMMY_VA(__execl, const char *, const char *)
+DUMMY_VA(execle, const char *, const char *)
+DUMMY_VA(_execle, const char *, const char *)
+DUMMY_VA(__execle, const char *, const char *)
+DUMMY_VA(execlp, const char *, const char *)
+DUMMY_VA(_execlp, const char *, const char *)
+DUMMY_VA(__execlp, const char *, const char *)
+DUMMY2(execv, const char *, char * const *)
+DUMMY2(_execv, const char *, char * const *)
+DUMMY2(__execv, const char *, char * const *)
+DUMMY2(execvp, const char *, char * const *)
+DUMMY2(_execvp, const char *, char * const *)
+DUMMY2(__execvp, const char *, char * const *)
+DUMMY3(execvP, const char *, const char *, char * const *)
+DUMMY3(_execvP, const char *, const char *, char * const *)
+DUMMY3(__execvP, const char *, const char *, char * const *)
+DUMMY3(execve, const char *, char * const *, char * const *)
+DUMMY3(_execve, const char *, char * const *, char * const *)
+DUMMY3(__execve, const char *, char * const *, char * const *)
+DUMMY3(fexecve, int , char * const *, char * const *)
+DUMMY3(_fexecve, int , char * const *, char * const *)
+DUMMY3(__fexecve, int , char * const *, char * const *)
diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5
index e5d381eccf2..1b7bfd2d3a1 100644
--- a/usr.bin/sudo/sudoers.5
+++ b/usr.bin/sudo/sudoers.5
@@ -17,7 +17,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudoers.man.in,v 1.46 2004/09/06 20:46:28 millert Exp $
+.\" $Sudo: sudoers.pod,v 1.96 2004/09/06 20:45:27 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
.\"
.\" Standard preamble:
@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS 5"
-.TH SUDOERS 5 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
+.TH SUDOERS 5 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h
index 9ac1b0773c7..634ef596736 100644
--- a/usr.bin/sudo/version.h
+++ b/usr.bin/sudo/version.h
@@ -23,6 +23,6 @@
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.8p6";
+static const char version[] = "1.6.8p8";
#endif /* _SUDO_VERSION_H */
diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8
index bfbfcae2678..fb7b8f74ce4 100644
--- a/usr.bin/sudo/visudo.8
+++ b/usr.bin/sudo/visudo.8
@@ -17,7 +17,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: visudo.man.in,v 1.21 2004/09/06 20:46:28 millert Exp $
+.\" $Sudo: visudo.pod,v 1.39 2004/09/06 20:45:27 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
.\"
.\" Standard preamble:
@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "VISUDO 8"
-.TH VISUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"