summaryrefslogtreecommitdiff
path: root/gnu/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/usr.bin')
-rw-r--r--gnu/usr.bin/sudo/sudo/Makefile41
-rw-r--r--gnu/usr.bin/sudo/sudo/alloc.c119
-rw-r--r--gnu/usr.bin/sudo/sudo/check.c1297
-rw-r--r--gnu/usr.bin/sudo/sudo/compat.h155
-rw-r--r--gnu/usr.bin/sudo/sudo/config.h452
-rw-r--r--gnu/usr.bin/sudo/sudo/find_path.c175
-rw-r--r--gnu/usr.bin/sudo/sudo/getspwuid.c230
-rw-r--r--gnu/usr.bin/sudo/sudo/goodpath.c100
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_2001.h42
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_classic.h42
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_csops.h43
-rw-r--r--gnu/usr.bin/sudo/sudo/ins_goons.h57
-rw-r--r--gnu/usr.bin/sudo/sudo/insults.h69
-rw-r--r--gnu/usr.bin/sudo/sudo/interfaces.c256
-rw-r--r--gnu/usr.bin/sudo/sudo/logging.c752
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.c443
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.lex356
-rw-r--r--gnu/usr.bin/sudo/sudo/parse.yacc985
-rw-r--r--gnu/usr.bin/sudo/sudo/pathnames.h93
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.8423
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.c1129
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo.h286
-rw-r--r--gnu/usr.bin/sudo/sudo/sudo_setenv.c96
-rw-r--r--gnu/usr.bin/sudo/sudo/sudoers.5503
-rw-r--r--gnu/usr.bin/sudo/sudo/tgetpass.c266
-rw-r--r--gnu/usr.bin/sudo/sudo/version.h31
-rw-r--r--gnu/usr.bin/sudo/visudo/Makefile24
-rw-r--r--gnu/usr.bin/sudo/visudo/visudo.8311
-rw-r--r--gnu/usr.bin/sudo/visudo/visudo.c529
29 files changed, 0 insertions, 9305 deletions
diff --git a/gnu/usr.bin/sudo/sudo/Makefile b/gnu/usr.bin/sudo/sudo/Makefile
deleted file mode 100644
index 225a0c64da1..00000000000
--- a/gnu/usr.bin/sudo/sudo/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# $OpenBSD: Makefile,v 1.6 1999/03/29 20:29:00 millert Exp $
-
-PROG= sudo
-MAN= sudo.8 sudoers.5
-CFLAGS+=-I${.CURDIR} -I.
-SRCS= check.c find_path.c getspwuid.c goodpath.c interfaces.c logging.c parse.c sudo.c sudo_setenv.c tgetpass.c sudo.tab.c lex.yy.c alloc.c
-CLEANFILES+=sudo.tab.c sudo.tab.h lex.yy.c
-
-LDADD= -lcompat
-DPADD= ${LIBCOMPAT}
-
-.include <bsd.own.mk> # For SKEY, KERBEROS and KERBEROS5
-
-.if (${SKEY} == "yes")
-CFLAGS+=-DHAVE_SKEY
-LDADD+= -lskey
-DPADD+= ${LIBSKEY}
-.endif
-
-.if (${KERBEROS5} == "yes")
-CFLAGS+= -DHAVE_KERB5 -I${DESTDIR}/usr/include/kerberosIV
-LDADD+= -lkrb5 -lcrypto
-DPADD+= ${LIBKRB5} ${LIBCRYPTO}
-.elif (${KERBEROS} == "yes")
-CFLAGS+= -DHAVE_KERB4 -I${DESTDIR}/usr/include/kerberosIV
-LDADD+= -lkrb -ldes
-DPADD+= ${LIBKRB} ${LIBDES}
-.endif
-
-BINOWN= root
-BINMODE=4111
-BINDIR?=/usr/bin
-
-.include <bsd.prog.mk>
-
-lex.yy.c: parse.lex
- rm -f lex.yy.c
- $(LEX) ${.CURDIR}/parse.lex
-
-sudo.tab.c sudo.tab.h: parse.yacc
- $(YACC) -b sudo -d ${.CURDIR}/parse.yacc
diff --git a/gnu/usr.bin/sudo/sudo/alloc.c b/gnu/usr.bin/sudo/sudo/alloc.c
deleted file mode 100644
index 09de3570caf..00000000000
--- a/gnu/usr.bin/sudo/sudo/alloc.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* $OpenBSD: alloc.c,v 1.1 1999/03/29 20:29:01 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains memory allocation routines used by sudo.
- *
- * Todd C. Miller <Todd.Miller@courtesan.com> Fri Jun 3 18:32:19 MDT 1994
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-#include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-
-#include "compat.h"
-
-#ifndef STDC_HEADERS
-#ifndef __GNUC__ / *gcc has its own malloc */
-extern VOID *malloc __P((size_t));
-#endif /* __GNUC__ */
-extern char *strdup __P((const char *));
-#endif /* !STDC_HEADERS */
-
-extern char **Argv; /* from sudo.c */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: alloc.c,v 1.2 1999/03/29 04:05:05 millert Exp $";
-#endif /* lint */
-
-
-/**********************************************************************
- *
- * emalloc()
- *
- * emalloc() calls the system malloc(3) and exits with an error if
- * malloc(3) fails.
- */
-
-VOID *emalloc(size)
- size_t size;
-{
- VOID *ret;
-
- if ((ret = malloc(size)) == NULL) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
- return(ret);
-}
-
-/**********************************************************************
- *
- * erealloc()
- *
- * erealloc() calls the system realloc(3) and exits with an error if
- * realloc(3) fails.
- */
-
-VOID *erealloc(ptr, size)
- VOID *ptr;
- size_t size;
-{
-
- if ((ptr = ptr ? realloc(ptr, size) : malloc(size)) == NULL) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
- return(ptr);
-}
-
-/**********************************************************************
- *
- * estrdup()
- *
- * estrdup() calls the system strdup(3) and exits with an error if
- * strdup(3) fails. NOTE: unlike strdup(3), estrdup(NULL) is legal.
- */
-
-char *estrdup(str)
- char *str;
-{
-
- if (str != NULL && (str = (char *)strdup(str)) == NULL) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
- return(str);
-}
diff --git a/gnu/usr.bin/sudo/sudo/check.c b/gnu/usr.bin/sudo/sudo/check.c
deleted file mode 100644
index 85cb409976e..00000000000
--- a/gnu/usr.bin/sudo/sudo/check.c
+++ /dev/null
@@ -1,1297 +0,0 @@
-/* $OpenBSD: check.c,v 1.15 1999/03/29 20:29:02 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9 (based on Root Group sudo version 1.1)
- * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This software comes with no waranty whatsoever, use at your own risk.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- */
-
-/*
- * sudo version 1.1 allows users to execute commands as root
- * Copyright (C) 1991 The Root Group, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- *******************************************************************
- *
- * check.c
- *
- * check_user() only returns if the user's timestamp file
- * is current or if they enter a correct password.
- *
- * Jeff Nieusma Thu Mar 21 22:39:07 MST 1991
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <fcntl.h>
-#include <time.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <netinet/in.h>
-#include <pwd.h>
-#include <grp.h>
-#ifdef HAVE_KERB4
-# include <krb.h>
-#endif /* HAVE_KERB4 */
-#ifdef HAVE_KERB5
-# include <krb5.h>
-#endif /* HAVE_KERB5 */
-#ifdef HAVE_PAM
-# include <security/pam_appl.h>
-#endif /* HAVE_PAM */
-#ifdef HAVE_AFS
-# include <afs/stds.h>
-# include <afs/kautils.h>
-#endif /* HAVE_AFS */
-#ifdef HAVE_SECURID
-# include <sdi_athd.h>
-# include <sdconf.h>
-# include <sdacmvls.h>
-#endif /* HAVE_SECURID */
-#ifdef HAVE_SKEY
-# include <skey.h>
-#endif /* HAVE_SKEY */
-#ifdef HAVE_OPIE
-# include <opie.h>
-#endif /* HAVE_OPIE */
-#ifdef HAVE_AUTHSRV
-# include <firewall.h>
-#endif
-#ifdef HAVE_UTIME
-# ifdef HAVE_UTIME_H
-# include <utime.h>
-# endif /* HAVE_UTIME_H */
-#else
-# include "emul/utime.h"
-#endif /* HAVE_UTIME */
-
-#include "sudo.h"
-#include "insults.h"
-#include "version.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: check.c,v 1.174 1999/03/29 04:05:05 millert Exp $";
-#endif /* lint */
-
-/*
- * Prototypes for local functions
- */
-static int check_timestamp __P((void));
-static void check_passwd __P((void));
-static int touch __P((char *));
-static void update_timestamp __P((void));
-static void reminder __P((void));
-static char *expand_prompt __P((char *, char *, char *));
-#ifdef HAVE_KERB4
-static int sudo_krb_validate_user __P((struct passwd *, char *));
-#endif /* HAVE_KERB4 */
-#ifdef HAVE_KERB5
-static int sudo_krb5_validate_user __P((struct passwd *, char *));
-static int verify_krb_v5_tgt __P((krb5_ccache));
-#endif /* HAVE_KERB5 */
-#ifdef HAVE_PAM
-static void pam_attempt_auth __P((void));
-static int pam_auth __P((char *, char *));
-static int PAM_conv __P((int,
- PAM_CONST struct pam_message **,
- struct pam_response **, void *));
-#endif /* HAVE_PAM */
-#ifdef HAVE_SKEY
-static char *sudo_skeyprompt __P((struct skey *, char *));
-#endif /* HAVE_SKEY */
-#ifdef HAVE_OPIE
-static char *sudo_opieprompt __P((struct opie *, char *));
-#endif /* HAVE_OPIE */
-int user_is_exempt __P((void));
-
-/*
- * Globals
- */
-static int timedir_is_good;
-static char timestampfile[MAXPATHLEN];
-#ifdef HAVE_SECURID
-union config_record configure;
-#endif /* HAVE_SECURID */
-#ifdef HAVE_SKEY
-struct skey skey;
-#endif
-#ifdef HAVE_OPIE
-struct opie opie;
-#endif
-#ifdef HAVE_KERB5
-extern krb5_context sudo_context;
-extern char *realm;
-extern int xrealm;
-#endif /* HAVE_KERB5 */
-
-
-
-/********************************************************************
- *
- * check_user()
- *
- * This function only returns if the user can successfully
- * verify who s/he is.
- */
-
-void check_user()
-{
- register int rtn;
- mode_t oldmask;
-
- if (user_is_exempt()) /* some users don't need to enter a passwd */
- return;
-
- oldmask = umask(077); /* make sure the timestamp files are private */
-
- rtn = check_timestamp();
- if (rtn && user_uid) { /* if timestamp is not current... */
-#ifndef NO_MESSAGE
- if (rtn == 2)
- reminder(); /* do the reminder if ticket file is new */
-#endif /* NO_MESSAGE */
-
- /* expand any escapes in the prompt */
- prompt = expand_prompt(prompt, user_name, shost);
-
-#ifdef HAVE_SIA
- sia_attempt_auth();
-#elif HAVE_PAM
- pam_attempt_auth();
-#else /* !HAVE_SIA && !HAVE_PAM */
- check_passwd();
-#endif /* HAVE_SIA */
- }
-
- update_timestamp();
- (void) umask(oldmask); /* want a real umask to exec() the command */
-
-}
-
-
-
-/********************************************************************
- *
- * user_is_exempt()
- *
- * this function checks the user is exempt from supplying a password.
- */
-
-int user_is_exempt()
-{
-#ifdef EXEMPTGROUP
- struct group *grp;
- char **gr_mem;
-
- if ((grp = getgrnam(EXEMPTGROUP)) == NULL)
- return(FALSE);
-
- if (getgid() == grp->gr_gid)
- return(TRUE);
-
- for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
- if (strcmp(user_name, *gr_mem) == 0)
- return(TRUE);
- }
-
- return(FALSE);
-#else
- return(FALSE);
-#endif
-}
-
-
-
-/********************************************************************
- *
- * check_timestamp()
- *
- * this function checks the timestamp file. If it is within
- * TIMEOUT minutes, no password will be required
- */
-
-static int check_timestamp()
-{
- register char *p;
- struct stat statbuf;
- register int timestamp_is_old = -1;
- time_t now;
-
-#ifdef USE_TTY_TICKETS
- if (p = strrchr(tty, '/'))
- p++;
- else
- p = tty;
-
- if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 >
- sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s:%s\n", Argv[0],
- _PATH_SUDO_TIMEDIR, user_name, p);
- exit(1);
- }
- (void) sprintf(timestampfile, "%s/%s:%s", _PATH_SUDO_TIMEDIR, user_name, p);
-#else
- if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 >
- sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
- _PATH_SUDO_TIMEDIR, user_name);
- exit(1);
- }
- (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
-#endif /* USE_TTY_TICKETS */
-
- timedir_is_good = 1; /* now there's an assumption for ya... */
-
- /* become root */
- set_perms(PERM_ROOT, 0);
-
- /*
- * walk through the path one directory at a time
- */
- for (p = timestampfile + 1; (p = strchr(p, '/')); *p++ = '/') {
- *p = '\0';
- if (stat(timestampfile, &statbuf) < 0) {
- if (strcmp(timestampfile, _PATH_SUDO_TIMEDIR))
- (void) fprintf(stderr, "Cannot stat() %s\n", timestampfile);
- timedir_is_good = 0;
- *p = '/';
- break;
- }
- }
-
- /*
- * if all the directories are stat()able
- */
- if (timedir_is_good) {
- /*
- * last component in _PATH_SUDO_TIMEDIR must be owned by root
- * and mode 0700 or we ignore the timestamps in it.
- */
- if (statbuf.st_uid != 0 || (statbuf.st_mode & 0000077)) {
- timedir_is_good = 0;
- timestamp_is_old = 2;
- log_error(BAD_STAMPDIR);
- inform_user(BAD_STAMPDIR);
- } else if (stat(timestampfile, &statbuf)) {
- /* timestamp file does not exist? */
- timestamp_is_old = 2; /* return (2) */
- } else {
- /* check the time against the timestamp file */
- now = time((time_t *) NULL);
- if (TIMEOUT && now - statbuf.st_mtime < 60 * TIMEOUT) {
- /* check for bogus time on the stampfile */
- if (statbuf.st_mtime > now + 60 * TIMEOUT * 2) {
- timestamp_is_old = 2; /* bogus time value */
- log_error(BAD_STAMPFILE);
- inform_user(BAD_STAMPFILE);
- remove_timestamp();
- } else {
- timestamp_is_old = 0; /* time value is reasonable */
- }
- } else {
- timestamp_is_old = 1; /* else make 'em enter password */
- }
- }
- }
- /*
- * there was a problem stat()ing a directory
- */
- else {
- timestamp_is_old = 2; /* user has to enter password + reminder */
- /* make the TIMEDIR directory */
- if (mkdir(_PATH_SUDO_TIMEDIR, S_IRWXU)) {
- perror("check_timestamp: mkdir");
- timedir_is_good = 0;
- } else {
- timedir_is_good = 1; /* _PATH_SUDO_TIMEDIR now exists */
- }
- }
-
- /* relinquish root */
- set_perms(PERM_USER, 0);
-
- return (timestamp_is_old);
-}
-
-
-
-/********************************************************************
- *
- * touch()
- *
- * This function updates the access and modify times on a file
- * via utime(2).
- */
-
-static int touch(file)
- char *file;
-{
-#if defined(HAVE_UTIME) && !defined(HAVE_UTIME_NULL)
-#ifdef HAVE_UTIME_POSIX
-#define UTP (&ut)
- struct utimbuf ut;
-
- ut.actime = ut.modtime = time(NULL);
-#else
-#define UTP (ut)
- /* old BSD <= 4.3 has no struct utimbuf */
- time_t ut[2];
-
- ut[0] = ut[1] = time(NULL);
-#endif /* HAVE_UTIME_POSIX */
-#else
-#define UTP NULL
-#endif /* HAVE_UTIME && !HAVE_UTIME_NULL */
-
- return(utime(file, UTP));
-}
-#undef UTP
-
-
-
-/********************************************************************
- *
- * update_timestamp()
- *
- * This function changes the timestamp to "now"
- */
-
-static void update_timestamp()
-{
- if (timedir_is_good) {
- /* become root */
- set_perms(PERM_ROOT, 0);
-
- if (touch(timestampfile) < 0) {
- int fd = open(timestampfile, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-
- if (fd < 0)
- perror("update_timestamp: open");
- else
- close(fd);
- }
-
- /* relinquish root */
- set_perms(PERM_USER, 0);
- }
-}
-
-
-
-/********************************************************************
- *
- * remove_timestamp()
- *
- * This function removes the timestamp ticket file
- */
-
-void remove_timestamp()
-{
-#ifdef USE_TTY_TICKETS
- char *p;
-
- if (p = strrchr(tty, '/'))
- p++;
- else
- p = tty;
-
- if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + strlen(p) + 2 >
- sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s:%s\n", Argv[0],
- _PATH_SUDO_TIMEDIR, user_name, p);
- exit(1);
- }
- (void) sprintf(timestampfile, "%s/%s:%s", _PATH_SUDO_TIMEDIR, user_name, p);
-#else
- if (sizeof(_PATH_SUDO_TIMEDIR) + strlen(user_name) + 1 >
- sizeof(timestampfile)) {
- (void) fprintf(stderr, "%s: path too long: %s/%s\n", Argv[0],
- _PATH_SUDO_TIMEDIR, user_name);
- exit(1);
- }
- (void) sprintf(timestampfile, "%s/%s", _PATH_SUDO_TIMEDIR, user_name);
-#endif /* USE_TTY_TICKETS */
-
- /* become root */
- set_perms(PERM_ROOT, 0);
-
- /* remove the ticket file */
- (void) unlink(timestampfile);
-
- /* relinquish root */
- set_perms(PERM_USER, 0);
-}
-
-
-
-/********************************************************************
- *
- * check_passwd()
- *
- * This function grabs the user's password and checks with the password
- * in /etc/passwd (or uses other specified authentication method).
- */
-
-#ifdef HAVE_SECURID
-static void check_passwd()
-{
- struct SD_CLIENT sd_dat, *sd; /* SecurID data block */
- register int counter = TRIES_FOR_PASSWORD;
-
- (void) memset((VOID *)&sd_dat, 0, sizeof(sd_dat));
- sd = &sd_dat;
-
- /* Initialize SecurID. */
- set_perms(PERM_ROOT, 0);
- creadcfg();
- if (sd_init(sd) != 0) {
- (void) fprintf(stderr, "%s: Cannot contact SecurID server\n", Argv[0]);
- exit(1);
- }
-
- /*
- * you get TRIES_FOR_PASSWORD times to guess your password
- */
- while (counter > 0) {
- if (sd_auth(sd) == ACM_OK) {
- set_perms(PERM_USER, 0);
- return;
- }
-
- --counter; /* otherwise, try again */
- pass_warn(stderr);
- }
- set_perms(PERM_USER, 0);
-
- if (counter > 0) {
- log_error(PASSWORD_NOT_CORRECT);
- inform_user(PASSWORD_NOT_CORRECT);
- } else {
- log_error(PASSWORDS_NOT_CORRECT);
- inform_user(PASSWORDS_NOT_CORRECT);
- }
-
- exit(1);
-}
-#else /* !HAVE_SECURID */
-#ifdef HAVE_AUTHSRV
-static void check_passwd()
-{
- char *pass; /* this is what gets entered */
- Cfg *confp;
-
- char cbuf[128];
- char ubuf[128], buf[128];
- register int counter = TRIES_FOR_PASSWORD;
-
- if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
- fprintf(stderr, "Cannot read config.\n");
- exit(1);
- }
-
- /* Initialize Auth Client */
- auth_open(confp);
-
- /* get welcome message from auth server */
- if (auth_recv(buf, sizeof(buf))) {
- sprintf(buf, "Lost connection to server");
- fprintf(stderr, "%s\n", buf);
- exit(1);
- }
-
- if (strncmp(buf, "Authsrv ready", 13)) {
- fprintf(stderr, "Auth server error %s\n", buf);
- auth_close();
- exit(1);
- }
-
- /*
- * you get TRIES_FOR_PASSWORD times to guess your password
- */
- while (counter > 0) {
-
- sprintf(cbuf,"authorize %s sudo",user_name);
-
- auth_send(cbuf);
- auth_recv(cbuf,sizeof(cbuf));
-
- if (!strncmp(cbuf, "challenge ", 10)) {
- sprintf(buf, "Challenge \"%s\": ", &cbuf[10]);
- pass = GETPASS(buf, PASSWORD_TIMEOUT * 60);
- } else if (!strncmp(cbuf, "password", 8)) {
- pass = GETPASS(buf, PASSWORD_TIMEOUT * 60);
- } else {
- fprintf(stderr, "Server sent %s\n", cbuf);
- auth_close();
- exit(1);
- }
-
- sprintf(cbuf, "response '%s'", pass);
- auth_send(cbuf);
- auth_recv(cbuf, sizeof(cbuf));
-
- if (!strncmp(cbuf, "ok", 2)) {
- /* Success */
- /*inform_user(cbuf);*/
- set_perms(PERM_USER, 0);
- auth_close();
- return;
- } else {
- fprintf(stderr, "Server returned %s\n", cbuf);
- }
- pass_warn(stderr);
- --counter; /* otherwise, try again */
- }
-
- set_perms(PERM_USER, 0);
-
- auth_close();
-
- if (counter > 0) {
- log_error(PASSWORD_NOT_CORRECT);
- inform_user(PASSWORD_NOT_CORRECT);
- } else {
- log_error(PASSWORDS_NOT_CORRECT);
- inform_user(PASSWORDS_NOT_CORRECT);
- }
- exit(1);
-}
-#else /* !HAVE_AUTHSRV */
-
-static void check_passwd()
-{
- char *pass; /* this is what gets entered */
- int counter = TRIES_FOR_PASSWORD;
-#if defined(HAVE_KERB4) && defined(USE_GETPASS)
- char kpass[_PASSWD_LEN + 1];
-#endif /* HAVE_KERB4 && USE_GETPASS */
-#ifdef HAVE_AUTHENTICATE
- char *message;
- int reenter;
-#endif /* HAVE_AUTHENTICATE */
-
-#ifdef HAVE_SKEY
- (void) memset((VOID *)&skey, 0, sizeof(skey));
-#endif /* HAVE_SKEY */
-#ifdef HAVE_OPIE
- (void) memset((VOID *)&opie, 0, sizeof(opie));
-#endif /* HAVE_OPIE */
-
- /*
- * you get TRIES_FOR_PASSWORD times to guess your password
- */
- while (counter > 0) {
-
-#ifdef HAVE_AUTHENTICATE
- /* use AIX authenticate() function */
- pass = GETPASS(buf, PASSWORD_TIMEOUT * 60);
- reenter = 1;
- if (authenticate(user_name, pass, &reenter, &message) == 0)
- return; /* valid password */
-#else /* HAVE_AUTHENTICATE */
-# ifdef HAVE_SKEY
- /* rewrite the prompt if using s/key since the challenge can change */
- set_perms(PERM_ROOT, 0);
- prompt = sudo_skeyprompt(&skey, prompt);
- set_perms(PERM_USER, 0);
-# endif /* HAVE_SKEY */
-# ifdef HAVE_OPIE
- /* rewrite the prompt if using OPIE since the challenge can change */
- set_perms(PERM_ROOT, 0);
- prompt = sudo_opieprompt(&opie, prompt);
- set_perms(PERM_USER, 0);
-# endif /* HAVE_OPIE */
-
- /* get a password from the user */
-# if defined(HAVE_KERB4) && defined(USE_GETPASS)
- (void) des_read_pw_string(kpass, sizeof(kpass) - 1, prompt, 0);
- pass = kpass;
-# else
- pass = (char *) GETPASS(prompt, PASSWORD_TIMEOUT * 60);
-# endif /* HAVE_KERB4 */
-
-# ifdef HAVE_SKEY
- /* Only check s/key db if the user exists there */
- if (skey.keyfile) {
- set_perms(PERM_ROOT, 0);
- if (skeyverify(&skey, pass) == 0) {
- set_perms(PERM_USER, 0);
- return; /* if the key is correct return() */
- }
- set_perms(PERM_USER, 0);
- }
-# endif /* HAVE_SKEY */
-# ifdef HAVE_OPIE
- /* Only check OPIE db if the user exists there */
- if (opie.opie_flags) {
- set_perms(PERM_ROOT, 0);
- if (opieverify(&opie, pass) == 0) {
- set_perms(PERM_USER, 0);
- return; /* if the key is correct return() */
- }
- set_perms(PERM_USER, 0);
- }
-# endif /* HAVE_OPIE */
-# if !defined(OTP_ONLY) || (!defined(HAVE_SKEY) && !defined(HAVE_OPIE))
- /*
- * If we use shadow passwords with a different crypt(3)
- * check that here, else use standard crypt(3).
- */
-# ifdef HAVE_GETAUTHUID
- if (!strcmp(user_passwd, (char *) crypt16(pass, user_passwd)))
- return; /* if the passwd is correct return() */
-# endif /* HAVE_GETAUTHUID */
-
-# ifdef HAVE_GETPRPWNAM
- if (check_secureware(pass))
- return; /* if the passwd is correct return() */
-# endif /* HAVE_HAVE_GETPRPWNAM */
-
- /* Normal UN*X password check */
- if (!strcmp(user_passwd, (char *) crypt(pass, user_passwd)))
- return; /* if the passwd is correct return() */
-
-# ifdef HAVE_KERB4
- if (user_uid && sudo_krb_validate_user(user_pw_ent, pass) == 0)
- return;
-# endif /* HAVE_KERB4 */
-
-# ifdef HAVE_KERB5
- if (sudo_krb5_validate_user(user_pw_ent, pass) == 0)
- return;
-# endif /* HAVE_KERB5 */
-
-# ifdef HAVE_AFS
- if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION,
- user_name, /* name */
- NULL, /* instance */
- NULL, /* realm */
- pass, /* password */
- 0, /* lifetime */
- 0, 0, /* spare */
- NULL) == 0) /* reason */
- return;
-# endif /* HAVE_AFS */
-# ifdef HAVE_DCE
- /*
- * consult the DCE registry for password validation
- * note that dce_pwent trashes pass upon return...
- */
- if (dce_pwent(user_name, pass))
- return;
-# endif /* HAVE_DCE */
-# endif /* !OTP_ONLY || (!HAVE_SKEY && !HAVE_OPIE) */
-#endif /* HAVE_AUTHENTICATE */
-
- /* Exit loop on nil password, but give it a chance to match first. */
- if (!pass || *pass == '\0') {
- if (counter == TRIES_FOR_PASSWORD)
- exit(1);
- else
- break;
- }
-
- --counter; /* otherwise, try again */
- pass_warn(stderr);
- }
-
- if (counter > 0) {
- log_error(PASSWORD_NOT_CORRECT);
- inform_user(PASSWORD_NOT_CORRECT);
- } else {
- log_error(PASSWORDS_NOT_CORRECT);
- inform_user(PASSWORDS_NOT_CORRECT);
- }
-
- exit(1);
-}
-#endif /* HAVE_AUTHSRV */
-#endif /* HAVE_SECURID */
-
-
-#ifdef HAVE_KERB4
-/********************************************************************
- *
- * sudo_krb_validate_user()
- *
- * Validate a user via kerberos.
- */
-static int sudo_krb_validate_user(pw, pass)
- struct passwd *pw;
- char *pass;
-{
- char realm[REALM_SZ];
- char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
- int k_errno;
-
- /* Get the local realm, or retrun failure (no krb.conf) */
- if (krb_get_lrealm(realm, 1) != KSUCCESS)
- return(-1);
-
- /*
- * Set the ticket file to be in sudo sudo timedir so we don't
- * wipe out other kerberos tickets.
- */
- (void) sprintf(tkfile, "%s/tkt%ld", _PATH_SUDO_TIMEDIR,
- (long) pw->pw_uid);
- (void) krb_set_tkt_string(tkfile);
-
- /*
- * Update the ticket if password is ok. Kerb4 expects
- * the ruid and euid to be the same here so we setuid to root.
- */
- set_perms(PERM_ROOT, 0);
- k_errno = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
- DEFAULT_TKT_LIFE, pass);
-
- /*
- * If we authenticated, destroy the ticket now that we are done with it.
- * If not, warn on a "real" error.
- */
- if (k_errno == INTK_OK)
- dest_tkt();
- else if (k_errno != INTK_BADPW && k_errno != KDC_PR_UNKNOWN)
- (void) fprintf(stderr, "Warning: Kerberos error: %s\n",
- krb_err_txt[k_errno]);
-
- /* done with rootly stuff */
- set_perms(PERM_USER, 0);
-
- return(!(k_errno == INTK_OK));
-}
-#endif /* HAVE_KERB4 */
-
-
-#ifdef HAVE_KERB5
-/********************************************************************
- *
- * sudo_krb5_validate_user()
- *
- * Validate a user via Kerberos 5. We may lose a bit of memory, but it's
- * OK since we're a short lived program. I'd rather do that than contort
- * the code to handle the cleanup.
- */
-static int sudo_krb5_validate_user(pw, pass)
- struct passwd *pw;
- char *pass;
-{
- krb5_error_code retval;
- krb5_principal princ;
- krb5_creds creds;
- krb5_ccache ccache;
- char cache_name[64];
- char *princ_name;
- krb5_get_init_creds_opt opts;
-
- /* Initialize */
- if (!sudo_context)
- return -1;
- krb5_get_init_creds_opt_init(&opts);
-
- princ_name = emalloc(strlen(pw->pw_name) + strlen(realm) + 2);
-
- sprintf(princ_name, "%s@%s", pw->pw_name, realm);
- if (retval = krb5_parse_name(sudo_context, princ_name, &princ))
- return retval;
-
- /* Set the ticket file to be in /tmp so we don't need to change perms. */
- (void) sprintf(cache_name, "FILE:/tmp/sudocc_%ld", getpid());
- if (retval = krb5_cc_resolve(sudo_context, cache_name, &ccache))
- return retval;
-
- if (retval = krb5_get_init_creds_password(sudo_context, &creds, princ,
- pass, krb5_prompter_posix, NULL,
- 0, NULL, &opts))
- return retval;
-
- /* Stash the TGT so we can verify it. */
- if (retval = krb5_cc_initialize(sudo_context, ccache, princ))
- return retval;
- if (retval = krb5_cc_store_cred(sudo_context, ccache, &creds)) {
- (void) krb5_cc_destroy(sudo_context, ccache);
- return retval;
- }
-
- retval = verify_krb_v5_tgt(ccache);
- (void) krb5_cc_destroy(sudo_context, ccache);
- return (retval == -1);
-}
-
-
-/*
- * This routine with some modification is from the MIT V5B6 appl/bsd/login.c
- *
- * Verify the Kerberos ticket-granting ticket just retrieved for the
- * user. If the Kerberos server doesn't respond, assume the user is
- * trying to fake us out (since we DID just get a TGT from what is
- * supposedly our KDC). If the host/<host> service is unknown (i.e.,
- * the local keytab doesn't have it), let her in.
- *
- * Returns 1 for confirmation, -1 for failure, 0 for uncertainty.
- */
-static int verify_krb_v5_tgt(ccache)
- krb5_ccache ccache;
-{
- char phost[BUFSIZ];
- krb5_error_code retval;
- krb5_principal princ;
- krb5_keyblock * keyblock = 0;
- krb5_data packet;
- krb5_auth_context auth_context = NULL;
-
- packet.data = 0;
-
- /*
- * Get the server principal for the local host.
- * (Use defaults of "host" and canonicalized local name.)
- */
- if (krb5_sname_to_principal(sudo_context, NULL, NULL,
- KRB5_NT_SRV_HST, &princ))
- return -1;
-
- /* Extract the name directly. */
- strncpy(phost, krb5_princ_component(c, princ, 1)->data, BUFSIZ);
- phost[BUFSIZ - 1] = '\0';
-
- /*
- * Do we have host/<host> keys?
- * (use default keytab, kvno IGNORE_VNO to get the first match,
- * and enctype is currently ignored anyhow.)
- */
- if (retval = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
- ENCTYPE_DES_CBC_MD5, &keyblock)) {
- /* Keytab or service key does not exist */
- if (xrealm)
- retval = -1;
- else
- retval = 0;
- goto cleanup;
- }
- if (keyblock)
- krb5_free_keyblock(sudo_context, keyblock);
-
- /* Talk to the kdc and construct the ticket. */
- retval = krb5_mk_req(sudo_context, &auth_context, 0, "host", phost,
- NULL, ccache, &packet);
- if (auth_context) {
- krb5_auth_con_free(sudo_context, auth_context);
- auth_context = NULL; /* setup for rd_req */
- }
- if (retval) {
- retval = -1;
- goto cleanup;
- }
-
- /* Try to use the ticket. */
- retval = krb5_rd_req(sudo_context, &auth_context, &packet, princ,
- NULL, NULL, NULL);
- if (retval) {
- retval = -1;
- } else {
- retval = 1;
- }
-
-cleanup:
- if (packet.data)
- krb5_free_data_contents(sudo_context, &packet);
- krb5_free_principal(sudo_context, princ);
- return retval;
-
-}
-#endif /* HAVE_KERB5 */
-
-
-#ifdef HAVE_PAM
-/********************************************************************
- * pam_attempt_auth()
- *
- * Try to authenticate the user using Pluggable Authentication
- * Modules (PAM). Added 9/11/98 by Gary J. Calvin
- * Reworked for stock PAM by Amos Elberg and Todd Miller
- */
-static char *PAM_username;
-static char *PAM_password;
-
-static int PAM_conv(num_msg, msg, resp, appdata_ptr)
- int num_msg;
- PAM_CONST struct pam_message **msg;
- struct pam_response **resp;
- void *appdata_ptr;
-{
- int replies = 0;
- struct pam_response *reply = NULL;
-
- if ((reply = malloc(sizeof(struct pam_response) * num_msg)) == NULL)
- return(PAM_CONV_ERR);
-
- for (replies = 0; replies < num_msg; replies++) {
- switch (msg[replies]->msg_style) {
- case PAM_PROMPT_ECHO_ON:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies].resp = estrdup(PAM_username);
- /* PAM frees resp */
- break;
- case PAM_PROMPT_ECHO_OFF:
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies].resp = estrdup(PAM_password);
- /* PAM frees resp */
- break;
- case PAM_TEXT_INFO:
- /* fall through */
- case PAM_ERROR_MSG:
- /* ignore it... */
- reply[replies].resp_retcode = PAM_SUCCESS;
- reply[replies].resp = NULL;
- break;
- default:
- /* Must be an error of some sort... */
- free(reply);
- return(PAM_CONV_ERR);
- }
- }
- if (reply)
- *resp = reply;
-
- return(PAM_SUCCESS);
-}
-
-static int pam_auth(user, password)
- char *user;
- char *password;
-{
- struct pam_conv PAM_conversation;
- pam_handle_t *pamh;
-
- /* Initialize our variables for PAM */
- PAM_conversation.conv = PAM_conv;
- PAM_conversation.appdata_ptr = NULL;
- PAM_password = password;
- PAM_username = user;
-
- /*
- * Setting PAM_SILENT stops generation of error messages to syslog
- * to enable debugging on Red Hat Linux set:
- * /etc/pam.d/sudo:
- * auth required /lib/security/pam_pwdb.so shadow nullok audit
- * _OR_ change PAM_SILENT to 0 to force detailed reporting (logging)
- */
- if (pam_start("sudo", user, &PAM_conversation, &pamh) != PAM_SUCCESS ||
- pam_authenticate(pamh, PAM_SILENT) != PAM_SUCCESS) {
- pam_end(pamh, 0);
- return(0);
- }
-
- /* User authenticated successfully */
- pam_end(pamh, PAM_SUCCESS);
-
- return(1);
-}
-
-static void pam_attempt_auth()
-{
- int i = TRIES_FOR_PASSWORD;
-
- set_perms(PERM_ROOT, 0);
- while (i > 0) {
- char *pamPass = (char *) GETPASS(prompt, PASSWORD_TIMEOUT * 60);
-
- if (pam_auth(user_name, pamPass)) {
- set_perms(PERM_USER, 0);
- return;
- }
- --i;
- pass_warn(stderr);
- }
- set_perms(PERM_USER, 0);
-
- if (i == 0) {
- log_error(PASSWORD_NOT_CORRECT);
- inform_user(PASSWORD_NOT_CORRECT);
- } else {
- log_error(PASSWORDS_NOT_CORRECT);
- inform_user(PASSWORDS_NOT_CORRECT);
- }
- exit(1);
-}
-#endif /* HAVE_PAM */
-
-#ifdef HAVE_SKEY
-/********************************************************************
- *
- * sudo_skeyprompt()
- *
- * This function rewrites and return the prompt based the
- * s/key challenge * and fills in the user's skey structure.
- */
-
-static char *sudo_skeyprompt(user_skey, p)
- struct skey *user_skey;
- char *p;
-{
- char challenge[256];
- int rval;
- static char *orig_prompt = NULL, *new_prompt = NULL;
- static int op_len, np_size;
-
- /* save the original prompt */
- if (orig_prompt == NULL) {
- orig_prompt = p;
- op_len = strlen(p);
-
- /* ignore trailing colon */
- if (p[op_len - 1] == ':')
- op_len--;
- }
-
- /* close old stream */
- if (user_skey->keyfile)
- (void) fclose(user_skey->keyfile);
-
- /* get the skey part of the prompt */
- if ((rval = skeychallenge(user_skey, user_name, challenge)) != 0) {
-#ifdef OTP_ONLY
- (void) fprintf(stderr,
- "%s: You do not exist in the s/key database.\n",
- Argv[0]);
- exit(1);
-#else
- /* return the original prompt if we cannot get s/key info */
- return(orig_prompt);
-#endif /* OTP_ONLY */
- }
-
- /* get space for new prompt with embedded s/key challenge */
- if (new_prompt == NULL) {
- /* allocate space for new prompt */
- np_size = op_len + strlen(challenge) + 7;
- new_prompt = (char *) emalloc(np_size);
- } else {
- /* already have space allocated, is it enough? */
- if (np_size < op_len + strlen(challenge) + 7) {
- np_size = op_len + strlen(challenge) + 7;
- new_prompt = (char *) erealloc(new_prompt, np_size);
- }
- }
-
- /* embed the s/key challenge into the new password prompt */
-#ifdef LONG_OTP_PROMPT
- (void) sprintf(new_prompt, "%s\n%s", challenge, orig_prompt);
-#else
- (void) sprintf(new_prompt, "%.*s [ %s ]:", op_len, orig_prompt, challenge);
-#endif /* LONG_OTP_PROMPT */
-
- return(new_prompt);
-}
-#endif /* HAVE_SKEY */
-
-
-#ifdef HAVE_OPIE
-/********************************************************************
- *
- * sudo_opieprompt()
- *
- * This function rewrites and return the prompt based the
- * OPIE challenge * and fills in the user's opie structure.
- */
-
-static char *sudo_opieprompt(user_opie, p)
- struct opie *user_opie;
- char *p;
-{
- char challenge[OPIE_CHALLENGE_MAX];
- int rval;
- static char *orig_prompt = NULL, *new_prompt = NULL;
- static int op_len, np_size;
-
- /* save the original prompt */
- if (orig_prompt == NULL) {
- orig_prompt = p;
- op_len = strlen(p);
-
- /* ignore trailing colon */
- if (p[op_len - 1] == ':')
- op_len--;
- }
-
- /* get the opie part of the prompt */
- if ((rval = opiechallenge(user_opie, user_name, challenge)) != 0) {
-#ifdef OTP_ONLY
- (void) fprintf(stderr,
- "%s: You do not exist in the opie database.\n",
- Argv[0]);
- exit(1);
-#else
- /* return the original prompt if we cannot get opie info */
- return(orig_prompt);
-#endif /* OTP_ONLY */
- }
-
- /* get space for new prompt with embedded opie challenge */
- if (new_prompt == NULL) {
- /* allocate space for new prompt */
- np_size = op_len + strlen(challenge) + 7;
- new_prompt = (char *) emalloc(np_size);
- } else {
- /* already have space allocated, is it enough? */
- if (np_size < op_len + strlen(challenge) + 7) {
- np_size = op_len + strlen(challenge) + 7;
- new_prompt = (char *) erealloc(new_prompt, np_size);
- }
- }
-
- /* embed the s/key challenge into the new password prompt */
-#ifdef LONG_OTP_PROMPT
- (void) sprintf(new_prompt, "%s\n%s", challenge, orig_prompt);
-#else
- (void) sprintf(new_prompt, "%.*s [ %s ]:", op_len, orig_prompt, challenge);
-#endif /* LONG_OTP_PROMPT */
-
- return(new_prompt);
-}
-#endif /* HAVE_OPIE */
-
-
-#ifndef NO_MESSAGE
-/********************************************************************
- *
- * reminder()
- *
- * this function just prints the the reminder message
- */
-
-static void reminder()
-{
-#ifdef SHORT_MESSAGE
- (void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n",
-#else
- (void) fprintf(stderr, "\n%s%s%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n",
- " CU Sudo version ", version, ", based on Root Group sudo version 1.1.",
- " sudo version 1.1 is Copyright (C) 1991 The Root Group, Inc.",
- " sudo comes with ABSOLUTELY NO WARRANTY. This is free software,",
- " and you are welcome to redistribute it under certain conditions.",
-#endif
- "We trust you have received the usual lecture from the local System",
- "Administrator. It usually boils down to these two things:",
- " #1) Respect the privacy of others.",
- " #2) Think before you type."
- );
-}
-#endif /* NO_MESSAGE */
-
-
-/********************************************************************
- *
- * pass_warn()
- *
- * warn the user that the password was incorrect
- * (and insult them if insults are configured).
- */
-
-void pass_warn(fp)
- FILE *fp;
-{
-
-#ifdef USE_INSULTS
- (void) fprintf(fp, "%s\n", INSULT);
-#else
- (void) fprintf(fp, "%s\n", INCORRECT_PASSWORD);
-#endif /* USE_INSULTS */
-}
-
-/********************************************************************
- *
- * expand_prompt()
- *
- * expand %h and %u in the prompt and pass back the dynamically
- * allocated result. Returns the same string if no escapes.
- */
-
-static char *expand_prompt(old_prompt, user, host)
- char *old_prompt;
- char *user;
- char *host;
-{
- size_t len;
- int subst;
- char *p, *np, *new_prompt, lastchar;
-
- /* How much space do we need to malloc for the prompt? */
- subst = 0;
- for (p = old_prompt, len = strlen(old_prompt), lastchar = '\0'; *p; p++) {
- if (lastchar == '%') {
- if (*p == 'h') {
- len += strlen(shost) - 2;
- subst = 1;
- } else if (*p == 'u') {
- len += strlen(user_name) - 2;
- subst = 1;
- }
- }
-
- if (lastchar == '%' && *p == '%') {
- lastchar = '\0';
- len--;
- } else
- lastchar = *p;
- }
-
- if (subst) {
- new_prompt = (char *) emalloc(len + 1);
- for (p = prompt, np = new_prompt; *p; p++) {
- if (lastchar == '%' && (*p == 'h' || *p == 'u' || *p == '%')) {
- /* substiture user/host name */
- if (*p == 'h') {
- np--;
- strcpy(np, shost);
- np += strlen(shost);
- } else if (*p == 'u') {
- np--;
- strcpy(np, user_name);
- np += strlen(user_name);
- }
- } else
- *np++ = *p;
-
- if (lastchar == '%' && *p == '%')
- lastchar = '\0';
- else
- lastchar = *p;
- }
- *np = '\0';
- } else
- new_prompt = prompt;
-
- return(new_prompt);
-}
diff --git a/gnu/usr.bin/sudo/sudo/compat.h b/gnu/usr.bin/sudo/sudo/compat.h
deleted file mode 100644
index 7cf12f202c1..00000000000
--- a/gnu/usr.bin/sudo/sudo/compat.h
+++ /dev/null
@@ -1,155 +0,0 @@
-/* $OpenBSD: compat.h,v 1.9 1999/03/29 20:29:02 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: compat.h,v 1.46 1999/03/29 04:05:06 millert Exp $
- */
-
-#ifndef _SUDO_COMPAT_H
-#define _SUDO_COMPAT_H
-
-/*
- * Macros that may be missing on some Operating Systems
- */
-
-/* Deal with ansi stuff reasonably. */
-#ifndef __P
-# if defined (__cplusplus) || defined (__STDC__)
-# define __P(args) args
-# else
-# define __P(args) ()
-# endif
-#endif /* __P */
-
-/*
- * Some systems (ie ISC V/386) do not define MAXPATHLEN even in param.h
- */
-#ifndef MAXPATHLEN
-# define MAXPATHLEN 1024
-#endif
-
-/*
- * Some systems do not define MAXHOSTNAMELEN.
- */
-#ifndef MAXHOSTNAMELEN
-# define MAXHOSTNAMELEN 64
-#endif
-
-/*
- * 4.2BSD lacks FD_* macros (we only use FD_SET and FD_ZERO)
- */
-#ifndef FD_SETSIZE
-#define FD_SET(fd, fds) ((fds) -> fds_bits[0] |= (1 << (fd)))
-#define FD_ZERO(fds) ((fds) -> fds_bits[0] = 0)
-#endif /* !FD_SETSIZE */
-
-/*
- * Posix versions for those without...
- */
-#ifndef _S_IFMT
-# define _S_IFMT S_IFMT
-#endif /* _S_IFMT */
-#ifndef _S_IFREG
-# define _S_IFREG S_IFREG
-#endif /* _S_IFREG */
-#ifndef _S_IFDIR
-# define _S_IFDIR S_IFDIR
-#endif /* _S_IFDIR */
-#ifndef S_ISREG
-# define S_ISREG(m) (((m) & _S_IFMT) == _S_IFREG)
-#endif /* S_ISREG */
-#ifndef S_ISDIR
-# define S_ISDIR(m) (((m) & _S_IFMT) == _S_IFDIR)
-#endif /* S_ISDIR */
-
-/*
- * Some OS's may not have this.
- */
-#ifndef S_IRWXU
-# define S_IRWXU 0000700 /* rwx for owner */
-#endif /* S_IRWXU */
-
-/*
- * Some OS's may not have this.
- */
-#ifndef howmany
-#define howmany(x, y) (((x) + ((y) - 1)) / (y))
-#endif
-
-/*
- * We need to know how long the longest password may be.
- * For alternate password schemes we need longer passwords.
- * This is a bit, ummm, gross but necesary.
- */
-#if defined(HAVE_KERB4) || defined(HAVE_AFS) || defined(HAVE_DCE) || defined(HAVE_SKEY) || defined(HAVE_OPIE)
-# undef _PASSWD_LEN
-# define _PASSWD_LEN 256
-#else
-# ifdef HAVE_GETPRPWNAM
-# undef _PASSWD_LEN
-# define _PASSWD_LEN AUTH_MAX_PASSWD_LENGTH
-# else
-# ifndef _PASSWD_LEN
-# ifdef PASS_MAX
-# define _PASSWD_LEN PASS_MAX
-# else
-# if (SHADOW_TYPE != SPW_NONE)
-# define _PASSWD_LEN 24
-# else
-# define _PASSWD_LEN 8
-# endif /* SHADOW_TYPE != SPW_NONE */
-# endif /* PASS_MAX */
-# endif /* !_PASSWD_LEN */
-# endif /* HAVE_GETPRPWNAM */
-#endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
-
-/*
- * Some OS's lack these
- */
-#ifndef UID_NO_CHANGE
-# define UID_NO_CHANGE ((uid_t) -1)
-#endif /* UID_NO_CHANGE */
-#ifndef GID_NO_CHANGE
-# define GID_NO_CHANGE ((gid_t) -1)
-#endif /* GID_NO_CHANGE */
-
-/*
- * Emulate seteuid() for AIX via setuidx() -- needed for some versions of AIX
- */
-#ifdef _AIX
-# include <sys/id.h>
-# define seteuid(_EUID) (setuidx(ID_EFFECTIVE|ID_REAL, _EUID))
-# undef HAVE_SETEUID
-# define HAVE_SETEUID 1
-#endif /* _AIX */
-
-/*
- * Emulate seteuid() for HP-UX via setresuid(2) and seteuid(2) for others.
- */
-#ifndef HAVE_SETEUID
-# ifdef __hpux
-# define seteuid(_EUID) (setresuid(UID_NO_CHANGE, _EUID, UID_NO_CHANGE))
-# else
-# define seteuid(_EUID) (setreuid(UID_NO_CHANGE, _EUID))
-# endif /* __hpux */
-#endif /* HAVE_SETEUID */
-
-#endif /* _SUDO_COMPAT_H */
diff --git a/gnu/usr.bin/sudo/sudo/config.h b/gnu/usr.bin/sudo/sudo/config.h
deleted file mode 100644
index 42a53679e07..00000000000
--- a/gnu/usr.bin/sudo/sudo/config.h
+++ /dev/null
@@ -1,452 +0,0 @@
-/* $OpenBSD: config.h,v 1.9 1999/03/29 20:29:02 millert Exp $ */
-
-/* config.h. Generated automatically by configure. */
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: config.h.in,v 1.117 1999/03/29 04:05:06 millert Exp $
- */
-
-/*
- * config.h -- You shouldn't edit this by hand unless you are
- * NOT using configure.
- */
-
-#ifndef _SUDO_CONFIG_H
-#define _SUDO_CONFIG_H
-
-/* New ANSI-style OS defs. */
-#if defined(hpux) && !defined(__hpux)
-# define __hpux 1
-#endif /* hpux */
-
-#if defined(convex) && !defined(__convex__)
-# define __convex__ 1
-#endif /* convex */
-
-/* Define if on AIX 3.
- System headers sometimes define this.
- We just want to avoid a redefinition error message. */
-#ifndef _ALL_SOURCE
-/* #undef _ALL_SOURCE */
-#endif
-
-/* Define if on ConvexOs.
- System headers sometimes define this.
- We just want to avoid a redefinition error message. */
-#ifndef _CONVEX_SOURCE
-/* #undef _CONVEX_SOURCE */
-#endif
-
-/* Define if needed to get POSIX functionality.
- System headers sometimes define this.
- We just want to avoid a redefinition error message. */
-#ifndef _POSIX_SOURCE
-/* #undef _POSIX_SOURCE */
-#endif
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef uid_t */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef gid_t */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef mode_t */
-
-/* Define to `unsigned' if <sys/types.h> doesn't define. */
-/* #undef size_t */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef ssize_t */
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef dev_t */
-
-/* Define to `unsigned int' if <sys/types.h> doesn't define. */
-/* #undef ino_t */
-
-/* Define to be nil if C compiler doesn't support "const." */
-/* #undef const */
-
-/* Solaris doesn't use const qualifiers in PAM. */
-#ifdef sun
-#define PAM_CONST
-#else
-#define PAM_CONST const
-#endif
-
-/* Define as the return type of signal handlers (int or void). */
-#define RETSIGTYPE void
-
-/* Define if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Define if you want to use the system getpass(). */
-/* #undef USE_GETPASS */
-
-/* Define if you want to use execv() instead of execvp(). */
-/* #undef USE_EXECV */
-
-/* Define if you a different ticket file for each tty. */
-/* #undef USE_TTY_TICKETS */
-
-/* Define if you want to insult the user for entering an incorrect password. */
-#define USE_INSULTS 1
-
-/* Define if you want the insults from the "classic" version sudo. */
-#define CLASSIC_INSULTS 1
-
-/* Define if you want 2001-like insults. */
-/* #undef HAL_INSULTS */
-
-/* Define if you want insults from the "Goon Show" */
-/* #undef GOONS_INSULTS */
-
-/* Define if you want insults culled from the twisted minds of CSOps. */
-#define CSOPS_INSULTS 1
-
-/* Define to override the user's path with a builtin one. */
-/* #undef SECURE_PATH */
-
-/* Define if you use S/Key. */
-/* #undef HAVE_SKEY */
-
-/* Define if you use NRL OPIE. */
-/* #undef HAVE_OPIE */
-
-/* Define if you want a two line OTP (skey/opie) prompt. */
-/* #undef LONG_OTP_PROMPT */
-
-/* Define if you want to validate users via OTP (skey/opie) only. */
-/* #undef OTP_ONLY */
-
-/* Define if you use SecurID. */
-/* #undef HAVE_SECURID */
-
-/* Define if you use AIX general authentication. */
-/* #undef HAVE_AUTHENTICATE */
-
-/* Define if you use Kerberos. */
-/* #undef HAVE_KERB4 */
-
-/* Define if you use Kerberos. */
-/* #undef HAVE_KERB5 */
-
-/* Define if you use SIA. */
-/* #undef HAVE_SIA */
-
-/* Define if you use PAM. */
-/* #undef HAVE_PAM */
-
-/* Define if you use AFS. */
-/* #undef HAVE_AFS */
-
-/* Define if you use OSF DCE. */
-/* #undef HAVE_DCE */
-
-/* Define if you have POSIX signals. */
-#define HAVE_SIGACTION 1
-#ifdef HAVE_SIGACTION
-# define POSIX_SIGNALS
-#endif /* HAVE_SIGACTION */
-
-/* Define if you have tzset(3). */
-#define HAVE_TZSET 1
-
-/* Define if you have getcwd(3). */
-#define HAVE_GETCWD 1
-
-/* Define if you have strdup(3). */
-#define HAVE_STRDUP 1
-
-/* Define if you have fnmatch(3). */
-#define HAVE_FNMATCH 1
-
-/* Define if you have lsearch(3). */
-#define HAVE_LSEARCH 1
-
-/* Define if you have strchr(3). */
-#define HAVE_STRCHR 1
-#if !defined(HAVE_STRCHR) && !defined(strchr)
-# define strchr index
-#endif
-
-/* Define if you have strrchr(3). */
-#define HAVE_STRRCHR 1
-#if !defined(HAVE_STRRCHR) && !defined(strrchr)
-# define strrchr rindex
-#endif
-
-/* Define if you have memcpy(3). */
-#define HAVE_MEMCPY 1
-#if !defined(HAVE_MEMCPY) && !defined(memcpy)
-# define memcpy(D, S, L) (bcopy(S, D, L))
-#endif
-
-/* Define if you have memset(3). */
-#define HAVE_MEMSET 1
-#if !defined(HAVE_MEMSET) && !defined(memset)
-# define memset(S, X, N) (bzero(S, N))
-#endif
-
-/* Define if you have sysconf(3c). */
-#define HAVE_SYSCONF 1
-
-/* Define if you have putenv(3). */
-/* #undef HAVE_PUTENV */
-
-/* Define if you have setenv(3). */
-#define HAVE_SETENV 1
-
-/* Define if you have strcasecmp(3). */
-#define HAVE_STRCASECMP 1
-
-/* Define if you have tcgetattr(3). */
-#define HAVE_TCGETATTR 1
-
-/* Define if you have innetgr(3). */
-#define HAVE_INNETGR 1
-
-/* Define if you have getdomainname(2). */
-#define HAVE_GETDOMAINNAME 1
-
-/* Define if you have utime(2). */
-#define HAVE_UTIME 1
-
-/* Define if you have a POSIX utime() (uses struct utimbuf) */
-#define HAVE_UTIME_POSIX 1
-
-/* Define if utime(file, NULL) sets timestamp to current */
-#define HAVE_UTIME_NULL 1
-
-/* Define if you have bigcrypt(3). */
-/* #undef HAVE_BIGCRYPT */
-
-/* Define if you have set_auth_parameters(3). */
-/* #undef HAVE_SET_AUTH_PARAMETERS */
-
-/* Define if you have initprivs(3). */
-/* #undef HAVE_INITPRIVS */
-
-/* Define if you have dispcrypt(3). */
-/* #undef HAVE_DISPCRYPT */
-
-/* Define if you have getspnam(3). [SVR4-style shadow passwords] */
-/* #undef HAVE_GETSPNAM */
-
-/* Define if you have getprpwnam(3). [SecureWare-style shadow passwords] */
-/* #undef HAVE_GETPRPWNAM */
-
-/* Define if you have iscomsec(3). [HP-UX >= 10.x check for shadow enabled] */
-/* #undef HAVE_ISCOMSEC */
-
-/* Define if you have getspwuid(3). [HP-UX <= 9.X shadow passwords] */
-/* #undef HAVE_GETSPWUID */
-
-/* Define if you have getpwanam(3). [SunOS 4.x shadow passwords] */
-/* #undef HAVE_GETPWANAM */
-
-/* Define if you have issecure(3). [SunOS 4.x check for shadow enabled] */
-/* #undef HAVE_ISSECURE */
-
-/* Define if you have getauthuid(3). [ULTRIX 4.x shadow passwords] */
-/* #undef HAVE_GETAUTHUID */
-
-/* Define if you have seteuid(3). */
-#define HAVE_SETEUID 1
-
-/* Define if you have waitpid(2). */
-#define HAVE_WAITPID 1
-
-/* Define if you have wait3(2). */
-/* #undef HAVE_WAIT3 */
-
-/* Define if you have the <malloc.h> header file. */
-/* #undef HAVE_MALLOC_H */
-
-/* Define if you have the <alloca.h> header file. */
-/* #undef HAVE_ALLOCA_H */
-
-/* Define if you have the <paths.h> header file. */
-#define HAVE_PATHS_H 1
-
-/* Define if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define if you have the <strings.h> header file but no <string.h>. */
-#ifndef HAVE_STRING_H
-#define HAVE_STRINGS_H 1
-#endif /* !HAVE_STRING_H */
-
-/* Define your flavor of dir entry header file. */
-#define HAVE_DIRENT_H 1
-/* #undef HAVE_SYS_NDIR_H */
-/* #undef HAVE_SYS_DIR_H */
-/* #undef HAVE_NDIR_H */
-
-/* Define if you have the <utime.h> header file. */
-#define HAVE_UTIME_H 1
-
-/* Define if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define if you have the <fnmatch.h> header file. */
-#define HAVE_FNMATCH_H 1
-
-/* Define if you have the <netgroup.h> header file. */
-#define HAVE_NETGROUP_H 1
-
-/* Define if you have the <termio.h> header file. */
-/* #undef HAVE_TERMIO_H */
-
-/* Define if you have the <termios.h> header file and tcgetattr(3). */
-#ifdef HAVE_TCGETATTR
-#define HAVE_TERMIOS_H 1
-#endif /* HAVE_TCGETATTR */
-
-/* Define if you have the <sys/sockio.h> header file. */
-#define HAVE_SYS_SOCKIO_H 1
-
-/* Define if you have the <sys/bsdtypes.h> header file. */
-/* #undef HAVE_SYS_BSDTYPES_H */
-
-/* Define if you have the <sys/select.h> header file. */
-#define HAVE_SYS_SELECT_H 1
-
-/* Define if your struct sockadr has an sa_len field. */
-#define HAVE_SA_LEN 1
-
-/* Define to void if your C compiler fully groks void, else char */
-#define VOID void
-
-/* Define to the max length of a uid_t in string context (excluding the NUL) */
-#define MAX_UID_T_LEN 10
-
-/* Define if your syslog(3) does not guarantee the message will be logged */
-/* and syslog(3) returns non-zero to denote failure */
-/* #undef BROKEN_SYSLOG */
-
-/* The umask that the root-run prog should use */
-#define SUDO_UMASK 0022
-
-/* Define if you want the hostname to be entered into the log file */
-/* #undef HOST_IN_LOG */
-
-/* Define if you want the log file line to be wrapped */
-#define WRAP_LOG 1
-
-/* Define to be the number of minutes before sudo asks for passwd again. */
-#define TIMEOUT 5
-
-/* Define to be the passwd prompt timeout (in minutes). */
-#define PASSWORD_TIMEOUT 5
-
-/* Define to be the number of tries the user gets to enter the passwd. */
-#define TRIES_FOR_PASSWORD 3
-
-/* Define to be the user sudo should run commands as by default. */
-#define RUNAS_DEFAULT "root"
-
-/* Define if you want to require fully qualified hosts in sudoers. */
-/* #undef FQDN */
-
-/* If defined, users in this group need not enter a passwd (ie "sudo"). */
-/* #undef EXEMPTGROUP */
-
-/* Define to the path of the editor visudo should use. */
-#define EDITOR _PATH_VI
-
-/* Define if root should not be allowed to use sudo. */
-/* #undef NO_ROOT_SUDO */
-
-/* Define to be the user that gets sudo mail. */
-#define ALERTMAIL "root"
-
-/* Define to be the subject of the mail sent to ALERTMAIL by sudo. */
-#define MAILSUBJECT "*** SECURITY information for %h ***"
-
-/* Define to be the message given for a bad password. */
-#define INCORRECT_PASSWORD "Sorry, try again."
-
-/* Define to be the password prompt. */
-#define PASSPROMPT "Password:"
-
-/* Define if you want visudo to honor EDITOR and VISUAL env variables. */
-#define ENV_EDITOR 1
-
-/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH */
-#define LOGGING SLOG_SYSLOG
-
-/* Define to be the syslog facility to use. */
-#define LOGFAC LOG_AUTHPRIV
-
-/* Define to be the max chars per log line (for line wrapping). */
-#define MAXLOGFILELEN 80
-
-/* Define if you want to ignore '.' and '' in $PATH */
-/* #undef IGNORE_DOT_PATH */
-
-/* Define if you want "command not allowed" instead of "command not found" */
-#define DONT_LEAK_PATH_INFO 1
-
-/* Define SHORT_MESSAGE for a short lecture or NO_MESSAGE for none. */
-#define SHORT_MESSAGE 1
-/* #undef NO_MESSAGE */
-
-/* Define SEND_MAIL_WHEN_NO_USER to send mail when user not in sudoers file */
-#define SEND_MAIL_WHEN_NO_USER 1
-
-/* Define SEND_MAIL_WHEN_NOT_OK to send mail when not allowed to run command */
-/* #undef SEND_MAIL_WHEN_NOT_OK */
-
-/* Define if you want sudo to start a shell if given no arguments. */
-/* #undef SHELL_IF_NO_ARGS */
-
-/* Define if you want sudo to set $HOME in shell mode. */
-/* #undef SHELL_SETS_HOME */
-
-/* Define if the code in interfaces.c does not compile for you. */
-/* #undef STUB_LOAD_INTERFACES */
-
-/********** You probably don't want to modify anything below here ***********/
-
-/*
- * Emulate a subset of waitpid() if we don't have it.
- */
-#ifdef HAVE_WAITPID
-# define sudo_waitpid(p, s, o) waitpid(p, s, o)
-#else
-# ifdef HAVE_WAIT3
-# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
-# endif
-#endif
-
-#ifdef USE_EXECV
-# define EXEC execv
-#else
-# define EXEC execvp
-#endif /* USE_EXECV */
-
-#ifdef __svr4__
-# define BSD_COMP
-#endif /* __svr4__ */
-
-#endif /* _SUDO_CONFIG_H */
diff --git a/gnu/usr.bin/sudo/sudo/find_path.c b/gnu/usr.bin/sudo/sudo/find_path.c
deleted file mode 100644
index 4769065fa58..00000000000
--- a/gnu/usr.bin/sudo/sudo/find_path.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* $OpenBSD: find_path.c,v 1.10 1999/03/29 20:29:02 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains the find_path() function that returns
- * TRUE if the command was found and FALSE if not.
- * If find_path() returns TRUE, the copyin paramters command and
- * ocommand contain the resolved and unresolved pathnames respectively.
- * NOTE: if "." or "" exists in PATH it will be searched last.
- *
- * Todd C. Miller <Todd.Miller@courtesan.com> Sat Mar 25 21:50:36 MST 1995
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include "sudo.h"
-
-#ifndef STDC_HEADERS
-extern char *getenv __P((const char *));
-extern char *strcpy __P((char *, const char *));
-extern int fprintf __P((FILE *, const char *, ...));
-extern ssize_t readlink __P((const char *, VOID *, size_t));
-extern int stat __P((const char *, struct stat *));
-extern int lstat __P((const char *, struct stat *));
-#endif /* !STDC_HEADERS */
-
-#ifndef _S_IFMT
-#define _S_IFMT S_IFMT
-#endif /* _S_IFMT */
-#ifndef _S_IFLNK
-#define _S_IFLNK S_IFLNK
-#endif /* _S_IFLNK */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: find_path.c,v 1.85 1999/03/29 04:05:08 millert Exp $";
-#endif /* lint */
-
-/*******************************************************************
- *
- * find_path()
- *
- * this function finds the full pathname for a command and
- * stores it in a statically allocated array, filling in a pointer
- * to the array. Returns FOUND if the command was found, NOT_FOUND
- * if it was not found, or NOT_FOUND_DOT if it would have been found
- * but it is in '.' and IGNORE_DOT_PATH is in effect.
- */
-
-int find_path(infile, outfile)
- char *infile; /* file to find */
- char **outfile; /* result parameter */
-{
- static char command[MAXPATHLEN]; /* qualified filename */
- register char *n; /* for traversing path */
- char *path = NULL; /* contents of PATH env var */
- char *origpath; /* so we can free path later */
- char *result = NULL; /* result of path/file lookup */
- int checkdot = 0; /* check current dir? */
-
- command[0] = '\0';
-
- if (strlen(infile) >= MAXPATHLEN) {
- errno = ENAMETOOLONG;
- (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
- exit(1);
- }
-
- /*
- * If we were given a fully qualified or relative path
- * there is no need to look at PATH.
- */
- if (strchr(infile, '/')) {
- (void) strcpy(command, infile);
- if (sudo_goodpath(command)) {
- *outfile = command;
- return(FOUND);
- } else
- return(NOT_FOUND);
- }
-
- /*
- * grab PATH out of environment and make a local copy
- */
- if ((path = getenv("PATH")) == NULL)
- return(NOT_FOUND);
-
- path = estrdup(path);
- origpath = path;
-
- /* XXX use strtok() */
- do {
- if ((n = strchr(path, ':')))
- *n = '\0';
-
- /*
- * search current dir last if it is in PATH This will miss sneaky
- * things like using './' or './/'
- */
- if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
- checkdot = 1;
- path = n + 1;
- continue;
- }
-
- /*
- * resolve the path and exit the loop if found
- */
- if (strlen(path) + strlen(infile) + 1 >= MAXPATHLEN) {
- (void) fprintf(stderr, "%s: path too long: %s\n", Argv[0], infile);
- exit(1);
- }
- (void) sprintf(command, "%s/%s", path, infile);
- if ((result = sudo_goodpath(command)))
- break;
-
- path = n + 1;
-
- } while (n);
- (void) free(origpath);
-
- /*
- * Check current dir if dot was in the PATH
- */
- if (!result && checkdot) {
- result = sudo_goodpath(infile);
-#ifdef IGNORE_DOT_PATH
- if (result)
- return(NOT_FOUND_DOT);
-#endif /* IGNORE_DOT_PATH */
- }
-
- if (result) {
- *outfile = result;
- return(FOUND);
- } else
- return(NOT_FOUND);
-}
diff --git a/gnu/usr.bin/sudo/sudo/getspwuid.c b/gnu/usr.bin/sudo/sudo/getspwuid.c
deleted file mode 100644
index 7ed7cd944f1..00000000000
--- a/gnu/usr.bin/sudo/sudo/getspwuid.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* $OpenBSD: getspwuid.c,v 1.10 1999/03/29 20:29:03 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains sudo_getpwuid(), a function that
- * Makes a dynamic copy of the struct passwd returned by
- * getpwuid() and substitutes the shadow password if
- * necesary.
- *
- * Todd C. Miller Mon Nov 20 13:53:06 MST 1995
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <pwd.h>
-#ifdef HAVE_GETSPNAM
-# include <shadow.h>
-#endif /* HAVE_GETSPNAM */
-#ifdef HAVE_GETPRPWNAM
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h>
-#endif /* HAVE_GETPRPWNAM */
-#ifdef HAVE_GETPWANAM
-# include <sys/label.h>
-# include <sys/audit.h>
-# include <pwdadj.h>
-#endif /* HAVE_GETPWANAM */
-#ifdef HAVE_GETAUTHUID
-# include <auth.h>
-#endif /* HAVE_GETAUTHUID */
-
-#include "sudo.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: getspwuid.c,v 1.45 1999/03/29 04:05:08 millert Exp $";
-#endif /* lint */
-
-#ifndef STDC_HEADERS
-extern char *getenv __P((const char *));
-#endif /* !STDC_HEADERS */
-
-/*
- * Global variables (yuck)
- */
-#if defined(HAVE_GETPRPWNAM) && defined(__alpha)
-int crypt_type = INT_MAX;
-#endif /* HAVE_GETPRPWNAM && __alpha */
-
-
-/*
- * Local functions not visible outside getspwuid.c
- */
-static char *sudo_getshell __P((struct passwd *));
-static char *sudo_getepw __P((struct passwd *));
-
-
-
-/**********************************************************************
- *
- * sudo_getshell()
- *
- * This function returns the user's shell based on either the
- * SHELL evariable or the passwd(5) entry (in that order).
- */
-
-static char *sudo_getshell(pw)
- struct passwd *pw;
-{
- char *pw_shell;
-
- if ((pw_shell = getenv("SHELL")) == NULL)
- pw_shell = pw -> pw_shell;
-
-#ifdef _PATH_BSHELL
- /* empty string "" means bourne shell */
- if (*pw_shell == '\0')
- pw_shell = _PATH_BSHELL;
-#endif /* _PATH_BSHELL */
-
- return(pw_shell);
-}
-
-
-/**********************************************************************
- *
- * sudo_getepw()
- *
- * This function returns the encrypted password for the user described
- * by pw. If there is a shadow password it is returned, else the
- * normal UN*X password is returned instead.
- */
-
-static char *sudo_getepw(pw)
- struct passwd *pw;
-{
-
- /* if there is a function to check for shadow enabled, use it... */
-#ifdef HAVE_ISCOMSEC
- if (!iscomsec())
- return(pw->pw_passwd);
-#endif /* HAVE_ISCOMSEC */
-#ifdef HAVE_ISSECURE
- if (!issecure())
- return(pw->pw_passwd);
-#endif /* HAVE_ISSECURE */
-
-#ifdef HAVE_GETPRPWNAM
- {
- struct pr_passwd *spw;
-
- spw = getprpwnam(pw->pw_name);
- if (spw != NULL && spw->ufld.fd_encrypt != NULL) {
-# ifdef __alpha
- crypt_type = spw -> ufld.fd_oldcrypt;
-# endif /* __alpha */
- return(spw -> ufld.fd_encrypt);
- }
- }
-#endif /* HAVE_GETPRPWNAM */
-#ifdef HAVE_GETSPNAM
- {
- struct spwd *spw;
-
- if ((spw = getspnam(pw -> pw_name)) && spw -> sp_pwdp)
- return(spw -> sp_pwdp);
- }
-#endif /* HAVE_GETSPNAM */
-#ifdef HAVE_GETSPWUID
- {
- struct s_passwd *spw;
-
- if ((spw = getspwuid(pw -> pw_uid)) && spw -> pw_passwd)
- return(spw -> pw_passwd);
- }
-#endif /* HAVE_GETSPWUID */
-#ifdef HAVE_GETPWANAM
- {
- struct passwd_adjunct *spw;
-
- if ((spw = getpwanam(pw -> pw_name)) && spw -> pwa_passwd)
- return(spw -> pwa_passwd);
- }
-#endif /* HAVE_GETPWANAM */
-#ifdef HAVE_GETAUTHUID
- {
- AUTHORIZATION *spw;
-
- if ((spw = getauthuid(pw -> pw_uid)) && spw -> a_password)
- return(spw -> a_password);
- }
-#endif /* HAVE_GETAUTHUID */
-
- /* Fall back on normal passwd */
- return(pw->pw_passwd);
-}
-
-
-/**********************************************************************
- *
- * sudo_getpwuid()
- *
- * This function dynamically allocates space for a struct password
- * and the constituent parts that we care about. If shadow passwords
- * are in use, it substitutes the shadow password for pw_passwd.
- */
-
-struct passwd *sudo_getpwuid(uid)
- uid_t uid;
-{
- struct passwd *pw, *local_pw;
-
- if ((pw = getpwuid(uid)) == NULL)
- return(NULL);
-
- /* allocate space for a local copy of pw */
- local_pw = (struct passwd *) emalloc(sizeof(struct passwd));
-
- /*
- * Copy the struct passwd and the interesting strings...
- */
- (void) memcpy(local_pw, pw, sizeof(struct passwd));
- local_pw->pw_name = estrdup(pw->pw_name);
- local_pw->pw_dir = estrdup(pw->pw_dir);
-
- /* pw_shell is a special case since we overide with $SHELL */
- local_pw->pw_shell = estrdup(sudo_getshell(pw));
-
- /* pw_passwd gets a shadow password if applicable */
- local_pw->pw_passwd = estrdup(sudo_getepw(pw));
-
- return(local_pw);
-}
diff --git a/gnu/usr.bin/sudo/sudo/goodpath.c b/gnu/usr.bin/sudo/sudo/goodpath.c
deleted file mode 100644
index ce914d6e10d..00000000000
--- a/gnu/usr.bin/sudo/sudo/goodpath.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: goodpath.c,v 1.9 1999/03/29 20:29:03 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains sudo_goodpath(3)
- *
- * sudo_goodpath(3) takes a path to check and returns its argument
- * if the path is stat(2)'able, a regular file, and executable by
- * root. The string's size should be <= MAXPATHLEN.
- *
- * Todd C. Miller <Todd.Miller@courtesan.com> Sat Mar 25 21:58:17 MST 1995
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-
-#include "sudo.h"
-
-#ifndef STDC_HEADERS
-extern int stat __P((const char *, struct stat *));
-#endif /* !STDC_HEADERS */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: goodpath.c,v 1.31 1999/03/29 04:05:08 millert Exp $";
-#endif /* lint */
-
-/******************************************************************
- *
- * sudo_goodpath()
- *
- * this function takes a path and makes sure it describes a a file
- * that is a normal file and executable by root.
- */
-
-char * sudo_goodpath(path)
- const char * path;
-{
- struct stat statbuf; /* for stat(2) */
- int err; /* if stat(2) got an error */
-
- /* check for brain damage */
- if (path == NULL || path[0] == '\0')
- return(NULL);
-
- /* we need to be root for the stat */
- set_perms(PERM_ROOT, 0);
-
- err = stat(path, &statbuf);
-
- /* discard root perms */
- set_perms(PERM_USER, 0);
-
- /* stat(3) failed */
- if (err)
- return(NULL);
-
- /* make sure path describes an executable regular file */
- if (S_ISREG(statbuf.st_mode) && (statbuf.st_mode & 0000111)) {
- return((char *)path);
- } else {
- /* file is not executable/regular */
- errno = EACCES;
- return(NULL);
- }
-}
diff --git a/gnu/usr.bin/sudo/sudo/ins_2001.h b/gnu/usr.bin/sudo/sudo/ins_2001.h
deleted file mode 100644
index 9ece577ae47..00000000000
--- a/gnu/usr.bin/sudo/sudo/ins_2001.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* $OpenBSD: ins_2001.h,v 1.9 1999/03/29 20:29:03 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: ins_2001.h,v 1.25 1999/03/29 04:05:09 millert Exp $
- */
-
-#ifndef _SUDO_INS_2001_H
-#define _SUDO_INS_2001_H
-
- /*
- * HAL insults (paraphrased) from 2001.
- */
-
- "Just what do you think you're doing Dave?",
- "It can only be attributed to human error.",
- "That's something I cannot allow to happen.",
- "My mind is going. I can feel it.",
- "Sorry about this, I know it's a bit silly.",
- "Take a stress pill and think things over.",
- "This mission is too important for me to allow you to jeopardize it.",
- "I feel much better now.",
-
-#endif /* _SUDO_INS_2001_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_classic.h b/gnu/usr.bin/sudo/sudo/ins_classic.h
deleted file mode 100644
index 03334947d2f..00000000000
--- a/gnu/usr.bin/sudo/sudo/ins_classic.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* $OpenBSD: ins_classic.h,v 1.9 1999/03/29 20:29:03 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: ins_classic.h,v 1.25 1999/03/29 04:05:09 millert Exp $
- */
-
-#ifndef _SUDO_INS_CLASSIC_H
-#define _SUDO_INS_CLASSIC_H
-
- /*
- * Insults from the original sudo(8).
- */
-
- "Wrong! You cheating scum!",
- "No soap, honkie-lips.",
- "Where did you learn to type?",
- "Are you on drugs?",
- "My pet ferret can type better than you!",
- "You type like i drive.",
- "Do you think like you type?",
- "Your mind just hasn't been the same since the electro-shock, has it?",
-
-#endif /* _SUDO_INS_CLASSIC_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_csops.h b/gnu/usr.bin/sudo/sudo/ins_csops.h
deleted file mode 100644
index 884fd6a1ce7..00000000000
--- a/gnu/usr.bin/sudo/sudo/ins_csops.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/* $OpenBSD: ins_csops.h,v 1.9 1999/03/29 20:29:04 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: ins_csops.h,v 1.24 1999/03/29 04:05:09 millert Exp $
- */
-
-#ifndef _SUDO_INS_CSOPS_H
-#define _SUDO_INS_CSOPS_H
-
- /*
- * CSOps insults (may be site dependent).
- */
-
- "Maybe if you used more than just two fingers...",
- "BOB says: You seem to have forgotten your passwd, enter another!",
- "stty: unknown mode: doofus",
- "I can't hear you -- I'm using the scrambler.",
- "The more you drive -- the dumber you get.",
- "Listen, burrito brains, I don't have time to listen to this trash.",
- "I've seen penguins that can type better than that.",
- "Have you considered trying to match wits with a rutabaga?",
- "You speak an infinite deal of nothing",
-
-#endif /* _SUDO_INS_CSOPS_H */
diff --git a/gnu/usr.bin/sudo/sudo/ins_goons.h b/gnu/usr.bin/sudo/sudo/ins_goons.h
deleted file mode 100644
index 99149956050..00000000000
--- a/gnu/usr.bin/sudo/sudo/ins_goons.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* $OpenBSD: ins_goons.h,v 1.9 1999/03/29 20:29:04 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: ins_goons.h,v 1.25 1999/03/29 04:05:09 millert Exp $
- */
-
-#ifndef _SUDO_INS_GOONS_H
-#define _SUDO_INS_GOONS_H
-
- /*
- * Insults from the "Goon Show."
- */
-
- "You silly, twisted boy you.",
- "He has fallen in the water!",
- "We'll all be murdered in our beds!",
- "You can't come in. Our tiger has got flu",
- "I don't wish to know that.",
- "What, what, what, what, what, what, what, what, what, what?",
- "You can't get the wood, you know.",
- "You'll starve!",
- "... and it used to be so popular...",
- "Pauses for audience applause, not a sausage",
- "Hold it up to the light --- not a brain in sight!",
- "Have a gorilla...",
- "There must be cure for it!",
- "There's a lot of it about, you know.",
- "You do that again and see what happens...",
- "Ying Tong Iddle I Po",
- "Harm can come to a young lad like that!",
- "And with that remarks folks, the case of the Crown vs yourself was proven.",
- "Speak English you fool --- there are no subtitles in this scene.",
- "You gotta go owwwww!",
- "I have been called worse.",
- "It's only your word against mine.",
- "I think ... err ... I think ... I think I'll go home",
-
-#endif /* _SUDO_INS_GOONS_H */
diff --git a/gnu/usr.bin/sudo/sudo/insults.h b/gnu/usr.bin/sudo/sudo/insults.h
deleted file mode 100644
index a7085c32d0b..00000000000
--- a/gnu/usr.bin/sudo/sudo/insults.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* $OpenBSD: insults.h,v 1.9 1999/03/29 20:29:04 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: insults.h,v 1.39 1999/03/29 04:05:09 millert Exp $
- */
-
-#ifndef _SUDO_INSULTS_H
-#define _SUDO_INSULTS_H
-
-#ifdef USE_INSULTS
-
-/*
- * Use one or more set of insults as determined by configure
- */
-
-char *insults[] = {
-
-# ifdef HAL_INSULTS
-# include "ins_2001.h"
-# endif
-
-# ifdef GOONS_INSULTS
-# include "ins_goons.h"
-# endif
-
-# ifdef CLASSIC_INSULTS
-# include "ins_classic.h"
-# endif
-
-# ifdef CSOPS_INSULTS
-# include "ins_csops.h"
-# endif
-
- (char *) 0
-
-};
-
-/*
- * How may I insult you? Let me count the ways...
- */
-#define NOFINSULTS (sizeof(insults) / sizeof(insults[0]) - 1)
-
-/*
- * return a pseudo-random insult.
- */
-#define INSULT (insults[time(NULL) % NOFINSULTS])
-
-#endif /* USE_INSULTS */
-
-#endif /* _SUDO_INSULTS_H */
diff --git a/gnu/usr.bin/sudo/sudo/interfaces.c b/gnu/usr.bin/sudo/sudo/interfaces.c
deleted file mode 100644
index 91f89716872..00000000000
--- a/gnu/usr.bin/sudo/sudo/interfaces.c
+++ /dev/null
@@ -1,256 +0,0 @@
-/* $OpenBSD: interfaces.c,v 1.11 1999/03/29 20:29:04 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains load_interfaces() a function that
- * fills the interfaces global with a list of active ip
- * addresses and their associated netmasks.
- *
- * Todd C. Miller Mon May 1 20:48:43 MDT 1995
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <netdb.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/ioctl.h>
-#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF)
-#include <sys/sockio.h>
-#endif
-#ifdef _ISC
-#include <sys/stream.h>
-#include <sys/sioctl.h>
-#include <sys/stropts.h>
-#include <net/errno.h>
-#define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\
- strioctl.ic_dp=(param);\
- strioctl.ic_timout=0;\
- strioctl.ic_len=(len);}
-#endif /* _ISC */
-#ifdef _MIPS
-#include <net/soioctl.h>
-#endif /* _MIPS */
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <net/if.h>
-
-#include "sudo.h"
-#include "version.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: interfaces.c,v 1.52 1999/03/29 04:05:09 millert Exp $";
-#endif /* lint */
-
-/*
- * Globals
- */
-struct interface *interfaces;
-int num_interfaces = 0;
-extern int Argc;
-extern char **Argv;
-
-
-#if defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES)
-/**********************************************************************
- *
- * load_interfaces()
- *
- * This function sets the interfaces global variable
- * and sets the constituent ip addrs and netmasks.
- */
-
-void load_interfaces()
-{
- struct ifconf *ifconf;
- struct ifreq *ifr, ifr_tmp;
- struct sockaddr_in *sin;
- int sock, n, i;
- size_t len = sizeof(struct ifconf) + BUFSIZ;
- char *previfname = "", *ifconf_buf = NULL;
-#ifdef _ISC
- struct strioctl strioctl;
-#endif /* _ISC */
-
- sock = socket(AF_INET, SOCK_DGRAM, 0);
- if (sock < 0) {
- perror("socket");
- exit(1);
- }
-
- /*
- * get interface configuration or return (leaving interfaces NULL)
- */
- for (;;) {
- ifconf_buf = erealloc(ifconf_buf, len);
- ifconf = (struct ifconf *) ifconf_buf;
- ifconf->ifc_len = len - sizeof(struct ifconf);
- ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf));
-
- /* networking may not be installed in kernel */
-#ifdef _ISC
- STRSET(SIOCGIFCONF, (caddr_t) ifconf, len);
- if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) {
-#else
- if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0) {
-#endif /* _ISC */
- (void) free(ifconf_buf);
- (void) close(sock);
- return;
- }
-
- /* break out of loop if we have a big enough buffer */
- if (ifconf->ifc_len + sizeof(struct ifreq) < len)
- break;
- len += BUFSIZ;
- }
-
- /*
- * get the maximum number of interfaces that *could* exist.
- */
- n = ifconf->ifc_len / sizeof(struct ifreq);
-
- /*
- * allocate space for interfaces array
- */
- interfaces = (struct interface *) emalloc(sizeof(struct interface) * n);
-
- /*
- * for each interface, store the ip address and netmask
- */
- for (i = 0; i < ifconf->ifc_len; ) {
- /* get a pointer to the current interface */
- ifr = (struct ifreq *) &ifconf->ifc_buf[i];
-
- /* set i to the subscript of the next interface */
- i += sizeof(struct ifreq);
-#ifdef HAVE_SA_LEN
- if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr))
- i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr);
-#endif /* HAVE_SA_LEN */
-
- /* skip duplicates and interfaces with NULL addresses */
- sin = (struct sockaddr_in *) &ifr->ifr_addr;
- if (sin->sin_addr.s_addr == 0 ||
- strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0)
- continue;
-
- /* skip non-ip things */
- if (ifr->ifr_addr.sa_family != AF_INET)
- continue;
-
- /*
- * make sure the interface is up, skip if not.
- */
-#ifdef SIOCGIFFLAGS
- memset(&ifr_tmp, 0, sizeof(ifr_tmp));
- strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
- if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0)
-#endif
- ifr_tmp = *ifr;
-
- /* skip interfaces marked "down" and "loopback" */
- if (!(ifr_tmp.ifr_flags & IFF_UP) || (ifr_tmp.ifr_flags & IFF_LOOPBACK))
- continue;
-
- /* store the ip address */
- sin = (struct sockaddr_in *) &ifr->ifr_addr;
- interfaces[num_interfaces].addr.s_addr = sin->sin_addr.s_addr;
-
- /* stash the name of the interface we saved */
- previfname = ifr->ifr_name;
-
- /* get the netmask */
- (void) memset(&ifr_tmp, 0, sizeof(ifr_tmp));
- strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
-#ifdef SIOCGIFNETMASK
-#ifdef _ISC
- STRSET(SIOCGIFNETMASK, (caddr_t) &ifr_tmp, sizeof(ifr_tmp));
- if (ioctl(sock, I_STR, (caddr_t) &strioctl) == 0) {
-#else
- if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifr_tmp) == 0) {
-#endif /* _ISC */
- sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr;
-
- /* store the netmask */
- interfaces[num_interfaces].netmask.s_addr = sin->sin_addr.s_addr;
- } else {
-#else
- {
-#endif /* SIOCGIFNETMASK */
- if (IN_CLASSC(interfaces[num_interfaces].addr.s_addr))
- interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSC_NET);
- else if (IN_CLASSB(interfaces[num_interfaces].addr.s_addr))
- interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSB_NET);
- else
- interfaces[num_interfaces].netmask.s_addr = htonl(IN_CLASSA_NET);
- }
-
- /* only now can we be sure it was a good/interesting interface */
- num_interfaces++;
- }
-
- /* if there were bogus entries, realloc the array */
- if (n != num_interfaces) {
- /* it is unlikely that num_interfaces will be 0 but who knows... */
- if (num_interfaces != 0)
- interfaces = (struct interface *) erealloc(interfaces,
- sizeof(struct interface) * num_interfaces);
- else
- (void) free(interfaces);
- }
- (void) free(ifconf_buf);
- (void) close(sock);
-}
-
-#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */
-
-/**********************************************************************
- *
- * load_interfaces()
- *
- * Stub function for those without SIOCGIFCONF
- */
-
-void load_interfaces()
-{
- return;
-}
-
-#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */
diff --git a/gnu/usr.bin/sudo/sudo/logging.c b/gnu/usr.bin/sudo/sudo/logging.c
deleted file mode 100644
index 918abab8618..00000000000
--- a/gnu/usr.bin/sudo/sudo/logging.c
+++ /dev/null
@@ -1,752 +0,0 @@
-/* $OpenBSD: logging.c,v 1.10 1999/03/29 20:29:04 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9 (based on Root Group sudo version 1.1)
- * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This software comes with no waranty whatsoever, use at your own risk.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- */
-
-/*
- * sudo version 1.1 allows users to execute commands as root
- * Copyright (C) 1991 The Root Group, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- ****************************************************************
- *
- * logging.c
- *
- * this file supports the general logging facilities
- * if you want to change any error messages, this is probably
- * the place to be...
- *
- * Jeff Nieusma Thu Mar 21 23:39:04 MST 1991
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <pwd.h>
-#include <signal.h>
-#include <time.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <netinet/in.h>
-
-#include "sudo.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: logging.c,v 1.112 1999/03/29 04:05:10 millert Exp $";
-#endif /* lint */
-
-/*
- * Prototypes for local functions
- */
-static void send_mail __P((void));
-static RETSIGTYPE reapchild __P((int));
-static int appropriate __P((int));
-#ifdef BROKEN_SYSLOG
-static void syslog_wrapper __P((int, char *, char *, char *));
-#endif /* BROKEN_SYSLOG */
-
-/*
- * Globals
- */
-static char *logline;
-extern int errorlineno;
-
-#ifdef BROKEN_SYSLOG
-#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
-#define SYSLOG(a,b,c,d) syslog_wrapper(a,b,c,d)
-
-/****************************************************************
- *
- * syslog_wrapper()
- *
- * This function logs via syslog w/ a priority and 3 strings args.
- * It really shouldn't be necesary but some syslog()'s don't
- * guarantee that the syslog() operation will succeed!
- */
-
-static void syslog_wrapper(pri, fmt, arg1, arg2)
- int pri;
- char *fmt;
- char *arg1;
- char *arg2;
-{
- int i;
-
- for (i = 0; i < MAXSYSLOGTRIES; i++)
- if (syslog(pri, fmt, arg1, arg2) == 0)
- break;
-}
-#else
-#define SYSLOG(a,b,c,d) syslog(a,b,c,d)
-#endif /* BROKEN_SYSLOG */
-
-
-
-/**********************************************************************
- *
- * log_error()
- *
- * This function attempts to deliver mail to ALERTMAIL and either
- * syslogs the error or writes it to the log file
- */
-
-void log_error(code)
- int code;
-{
- char *p;
- int count, header_length;
- time_t now;
-#if (LOGGING & SLOG_FILE)
- mode_t oldmask;
- FILE *fp;
-#endif /* LOGGING & SLOG_FILE */
-#if (LOGGING & SLOG_SYSLOG)
- int pri = Syslog_priority_NO; /* syslog priority, assume the worst */
- char *tmp, save;
-#endif /* LOGGING & SLOG_SYSLOG */
-
- /*
- * length of syslog-like header info used for mail and file logs
- * is len("DDD MM HH:MM:SS : username : ") with an additional
- * len("HOST=hostname : ") if HOST_IN_LOG is defined.
- */
- header_length = 21 + strlen(user_name);
-#ifdef HOST_IN_LOG
- header_length += 8 + strlen(shost);
-#endif
-
- /*
- * Allocate enough memory for logline so we won't overflow it
- */
- count = header_length + 136 + 2 * MAXPATHLEN + strlen(tty) + strlen(cwd) +
- strlen(runas_user);
- if (cmnd_args)
- count += strlen(cmnd_args);
- logline = (char *) emalloc(count);
-
- /*
- * we will skip this stuff when using syslog(3) but it is
- * necesary for mail and file logs.
- */
- now = time((time_t) 0);
- p = ctime(&now) + 4;
-#ifdef HOST_IN_LOG
- (void) sprintf(logline, "%15.15s : %s : HOST=%s : ", p, user_name, shost);
-#else
- (void) sprintf(logline, "%15.15s : %s : ", p, user_name);
-#endif
-
- /*
- * we need a pointer to the end of logline for cheap appends.
- */
- p = logline + header_length;
-
- switch (code) {
-
- case ALL_SYSTEMS_GO:
- (void) sprintf(p, "TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
-#if (LOGGING & SLOG_SYSLOG)
- pri = Syslog_priority_OK;
-#endif /* LOGGING & SLOG_SYSLOG */
- break;
-
- case VALIDATE_NO_USER:
- (void) sprintf(p,
- "user NOT in sudoers ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
- case VALIDATE_NOT_OK:
- (void) sprintf(p,
- "command not allowed ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
- case VALIDATE_ERROR:
- (void) sprintf(p, "error in %s, line %d ; TTY=%s ; PWD=%s ; USER=%s. ",
- _PATH_SUDO_SUDOERS, errorlineno, tty, cwd, runas_user);
- break;
-
- case GLOBAL_NO_PW_ENT:
- (void) sprintf(p,
- "There is no passwd entry for uid %ld (TTY=%s). ",
- (long) user_uid, tty);
- break;
-
- case PASSWORD_NOT_CORRECT:
- (void) sprintf(p,
- "password incorrect ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
- case PASSWORDS_NOT_CORRECT:
- (void) sprintf(p,
- "%d incorrect passwords ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- TRIES_FOR_PASSWORD, tty, cwd, runas_user);
- break;
-
- case GLOBAL_NO_HOSTNAME:
- strcat(p, "This machine does not have a hostname ");
- break;
-
- case NO_SUDOERS_FILE:
- switch (errno) {
- case ENOENT:
- (void) sprintf(p, "There is no %s file. ",
- _PATH_SUDO_SUDOERS);
- break;
- case EACCES:
- (void) sprintf(p, "Can't read %s. ", _PATH_SUDO_SUDOERS);
- break;
- default:
- (void) sprintf(p, "There is a problem opening %s ",
- _PATH_SUDO_SUDOERS);
- break;
- }
- break;
-
- case GLOBAL_HOST_UNREGISTERED:
- (void) sprintf(p, "gethostbyname() cannot find host %s ", host);
- break;
-
- case SUDOERS_NOT_FILE:
- (void) sprintf(p, "%s is not a regular file ", _PATH_SUDO_SUDOERS);
- break;
-
- case SUDOERS_WRONG_OWNER:
- (void) sprintf(p, "%s is not owned by uid %d and gid %d ",
- _PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
- break;
-
- case SUDOERS_WRONG_MODE:
- (void) sprintf(p, "%s is not mode %o ", _PATH_SUDO_SUDOERS,
- SUDOERS_MODE);
- break;
-
- case SPOOF_ATTEMPT:
- (void) sprintf(p,
- "probable spoofing attempt; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
- case BAD_STAMPDIR:
- (void) sprintf(p,
- "%s owned by non-root or not mode 0700; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- _PATH_SUDO_TIMEDIR, tty, cwd, runas_user);
- break;
-
- case BAD_STAMPFILE:
- (void) sprintf(p,
- "preposterous stampfile date; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
- case BAD_ALLOCATION:
- (void) sprintf(p,
- "allocation failure; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=",
- tty, cwd, runas_user);
- break;
-
-#ifdef HAVE_KERB5
- case GLOBAL_KRB5_INIT_ERR:
- (void) sprintf(p, "Could not initialize Kerberos V");
- break;
-#endif /* HAVE_KERB5 */
-
- default:
- strcat(p, "found a weird error : ");
- break;
- }
-
-
- /*
- * If this is a parse error or if the error is from load_globals()
- * don't put argv in the message.
- */
- if (code != VALIDATE_ERROR && !(code & GLOBAL_PROBLEM)) {
-
- /* stuff the command into the logline */
- p = logline + strlen(logline);
- strcpy(p, cmnd);
-
- /* add a trailing space */
- p += strlen(cmnd);
- *p++ = ' ';
- *p = '\0';
-
- /* cat on command args if they exist */
- if (cmnd_args) {
- (void) strcpy(p, cmnd_args);
- p += strlen(cmnd_args);
- *p++ = ' ';
- *p = '\0';
- }
- }
-
-#if (LOGGING & SLOG_SYSLOG)
-#ifdef Syslog_facility
- openlog(Syslog_ident, Syslog_options, Syslog_facility);
-#else
- openlog(Syslog_ident, Syslog_options);
-#endif /* Syslog_facility */
-
- /*
- * Log the full line, breaking into multiple syslog(3) calls if necesary
- */
- p = &logline[header_length]; /* skip past the date, host, and user */
- for (count = 0; count < strlen(logline) / MAXSYSLOGLEN + 1; count++) {
- if (strlen(p) > MAXSYSLOGLEN) {
- /*
- * Break up the line into what will fit on one syslog(3) line
- * Try to break on a word boundary if possible.
- */
- for (tmp = p + MAXSYSLOGLEN; tmp > p && *tmp != ' '; tmp--)
- ;
- if (tmp <= p)
- tmp = p + MAXSYSLOGLEN;
-
- /* NULL terminate line, but save the char to restore later */
- save = *tmp;
- *tmp = '\0';
-
- if (count == 0)
- SYSLOG(pri, "%8.8s : %s", user_name, p);
- else
- SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
-
- *tmp = save; /* restore saved character */
-
- /* eliminate leading whitespace */
- for (p=tmp; *p != ' '; p++)
- ;
- } else {
- if (count == 0)
- SYSLOG(pri, "%8.8s : %s", user_name, p);
- else
- SYSLOG(pri, "%8.8s : (command continued) %s", user_name, p);
- }
- }
- closelog();
-#endif /* LOGGING & SLOG_SYSLOG */
-#if (LOGGING & SLOG_FILE)
-
- /* become root */
- set_perms(PERM_ROOT, 0);
-
- oldmask = umask(077);
- fp = fopen(_PATH_SUDO_LOGFILE, "a");
- (void) umask(oldmask);
- if (fp == NULL) {
- (void) sprintf(logline, "Can\'t open log file: %s", _PATH_SUDO_LOGFILE);
- send_mail();
- } else {
- char *beg, *oldend, *end;
- int maxlen = MAXLOGFILELEN;
-
-#ifndef WRAP_LOG
- (void) fprintf(fp, "%s\n", logline);
-#else
- /*
- * Print out logline with word wrap
- */
- beg = end = logline;
- while (beg) {
- oldend = end;
- end = strchr(oldend, ' ');
-
- if (maxlen > 0 && end) {
- *end = '\0';
- if (strlen(beg) > maxlen) {
- /* too far, need to back up & print the line */
-
- if (beg == (char *)logline)
- maxlen -= 4; /* don't indent first line */
-
- *end = ' ';
- if (oldend != beg) {
- /* rewind & print */
- end = oldend-1;
- while (*end == ' ')
- --end;
- *(++end) = '\0';
- (void) fprintf(fp, "%s\n ", beg);
- *end = ' ';
- } else {
- (void) fprintf(fp, "%s\n ", beg);
- }
-
- /* reset beg to point to the start of the new substring */
- beg = end;
- while (*beg == ' ')
- ++beg;
- } else {
- /* we still have room */
- *end = ' ';
- }
-
- /* remove leading whitespace */
- while (*end == ' ')
- ++end;
- } else {
- /* final line */
- (void) fprintf(fp, "%s\n", beg);
- beg = NULL; /* exit condition */
- }
- }
-#endif
-
- (void) fclose(fp);
- }
-
- /* relinquish root */
- set_perms(PERM_USER, 0);
-#endif /* LOGGING & SLOG_FILE */
-
- /* send mail if appropriate */
- if (appropriate(code))
- send_mail();
-}
-
-
-
-#ifdef _PATH_SENDMAIL
-/**********************************************************************
- *
- * send_mail()
- *
- * This function attempts to mail to ALERTMAIL about the sudo error
- *
- */
-
-static char *mail_argv[] = { "sendmail", "-t", (char *) NULL };
-
-static void send_mail()
-{
- char *mailer = _PATH_SENDMAIL;
- char *subject = MAILSUBJECT;
- int fd[2];
- char *p;
-#ifdef POSIX_SIGNALS
- struct sigaction action;
-
- (void) memset((VOID *)&action, 0, sizeof(action));
-#endif /* POSIX_SIGNALS */
-
- /* catch children as they die */
-#ifdef POSIX_SIGNALS
- action.sa_handler = reapchild;
- (void) sigaction(SIGCHLD, &action, NULL);
-#else
- (void) signal(SIGCHLD, reapchild);
-#endif /* POSIX_SIGNALS */
-
- if (fork())
- return;
-
- /*
- * we don't want any security problems ...
- */
- set_perms(PERM_FULL_USER, 0);
-
-#ifdef POSIX_SIGNALS
- action.sa_handler = SIG_IGN;
- (void) sigaction(SIGHUP, &action, NULL);
- (void) sigaction(SIGINT, &action, NULL);
- (void) sigaction(SIGQUIT, &action, NULL);
-#else
- (void) signal(SIGHUP, SIG_IGN);
- (void) signal(SIGINT, SIG_IGN);
- (void) signal(SIGQUIT, SIG_IGN);
-#endif /* POSIX_SIGNALS */
-
- if (pipe(fd)) {
- perror("send_mail: pipe");
- exit(1);
- }
- (void) dup2(fd[0], 0);
- (void) dup2(fd[1], 1);
- (void) close(fd[0]);
- (void) close(fd[1]);
-
- if (!fork()) { /* child */
- (void) close(1);
- EXEC(mailer, mail_argv);
-
- /* this should not happen */
- perror(mailer);
- exit(1);
- } else { /* parent */
- (void) close(0);
-
- /* feed the data to sendmail */
- /* XXX - do we need to fdopen this fd #1 to a new stream??? */
- (void) fprintf(stdout, "To: %s\nSubject: ", ALERTMAIL);
- p = subject;
- while (*p) {
- /* expand %h -> hostname in subject */
- if (*p == '%' && *(p+1) == 'h') {
- (void) fputs(host, stdout);
- p++;
- } else
- (void) fputc(*p, stdout);
- p++;
- }
- (void) fprintf(stdout, "\n\n%s : %s\n\n", host, logline);
- fclose(stdout);
-
- exit(0);
- }
-}
-#else
-static void send_mail()
-{
- /* no mailer defined */
- return;
-}
-#endif /* _PATH_SENDMAIL */
-
-
-
-/****************************************************************
- *
- * reapchild()
- *
- * This function gets rid of all the ugly zombies
- */
-
-static RETSIGTYPE reapchild(sig)
- int sig;
-{
- int pid, status, save_errno = errno;
-
-#ifdef sudo_waitpid
- do {
- pid = sudo_waitpid(-1, &status, WNOHANG);
- } while (pid == -1);
-#else
- (void) wait(NULL);
-#endif
-#ifndef POSIX_SIGNALS
- (void) signal(SIGCHLD, reapchild);
-#endif /* POSIX_SIGNALS */
- errno = save_errno;
-}
-
-
-
-/**********************************************************************
- *
- * inform_user ()
- *
- * This function lets the user know what is happening
- * when an error occurs
- */
-
-void inform_user(code)
- int code;
-{
- switch (code) {
- case VALIDATE_NO_USER:
- (void) fprintf(stderr,
- "%s is not in the sudoers file. This incident will be reported.\n\n",
- user_name);
- break;
-
- case VALIDATE_NOT_OK:
- (void) fprintf(stderr,
- "Sorry, user %s is not allowed to execute \"%s",
- user_name, cmnd);
-
- /* print command args if they exist */
- if (cmnd_args) {
- fputc(' ', stderr);
- fputs(cmnd_args, stderr);
- }
-
- (void) fprintf(stderr, "\" as %s on %s.\n\n", runas_user, host);
- break;
-
- case VALIDATE_ERROR:
- (void) fprintf(stderr,
- "Sorry, there is a fatal error in the sudoers file.\n\n");
- break;
-
- case GLOBAL_NO_PW_ENT:
- (void) fprintf(stderr,
- "Intruder Alert! You don't exist in the passwd file\n\n");
- break;
-
- case GLOBAL_NO_SPW_ENT:
- (void) fprintf(stderr,
- "Intruder Alert! You don't exist in the shadow passwd file\n\n");
- break;
-
- case GLOBAL_NO_HOSTNAME:
- (void) fprintf(stderr,
- "This machine does not have a hostname\n\n");
- break;
-
- case GLOBAL_HOST_UNREGISTERED:
- (void) fprintf(stderr,
- "This machine is not available via gethostbyname()\n\n");
- break;
-
- case PASSWORD_NOT_CORRECT:
- (void) fprintf(stderr, "Password not entered correctly\n\n");
- break;
-
- case PASSWORDS_NOT_CORRECT:
- (void) fprintf(stderr, "Password not entered correctly after %d tries\n\n",
- TRIES_FOR_PASSWORD);
- break;
-
- case NO_SUDOERS_FILE:
- switch (errno) {
- case ENOENT:
- (void) fprintf(stderr, "There is no %s file.\n",
- _PATH_SUDO_SUDOERS);
- break;
- default:
- (void) fprintf(stderr, "Can't read %s: ",
- _PATH_SUDO_SUDOERS);
- perror("");
- break;
- }
- break;
-
- case SUDOERS_NOT_FILE:
- (void) fprintf(stderr,
- "%s is not a regular file!\n", _PATH_SUDO_SUDOERS);
- break;
-
- case SUDOERS_WRONG_OWNER:
- (void) fprintf(stderr, "%s is not owned by uid %d and gid %d!\n",
- _PATH_SUDO_SUDOERS, SUDOERS_UID, SUDOERS_GID);
- break;
-
- case SUDOERS_WRONG_MODE:
- (void) fprintf(stderr, "%s must be mode %o!\n", _PATH_SUDO_SUDOERS,
- SUDOERS_MODE);
- break;
-
- case SPOOF_ATTEMPT:
- (void) fprintf(stderr,
- "%s is not the same command that was validated, disallowing.\n",
- cmnd);
- break;
-
- case BAD_STAMPDIR:
- (void) fprintf(stderr,
- "Timestamp directory has wrong permissions, ignoring.\n");
- break;
-
- case BAD_STAMPFILE:
- (void) fprintf(stderr,
- "Your timestamp file has a preposterous date, ignoring.\n");
- break;
-
- case BAD_ALLOCATION:
- (void) fprintf(stderr,
- "Resource allocation failure.\n");
- break;
-
- default:
- (void) fprintf(stderr,
- "Something weird happened.\n\n");
- break;
- }
-}
-
-
-
-/****************************************************************
- *
- * appropriate()
- *
- * This function determines whether to send mail or not...
- */
-
-static int appropriate(code)
- int code;
-{
-
- switch (code) {
-
- /*
- * these will NOT send mail
- */
- case VALIDATE_OK:
- case VALIDATE_OK_NOPASS:
- case PASSWORD_NOT_CORRECT:
- case PASSWORDS_NOT_CORRECT:
-/* case ALL_SYSTEMS_GO: this is the same as OK */
- return (0);
- break;
-
- case VALIDATE_NO_USER:
-#ifdef SEND_MAIL_WHEN_NO_USER
- return (1);
-#else
- return (0);
-#endif
- break;
-
- case VALIDATE_NOT_OK:
-#ifdef SEND_MAIL_WHEN_NOT_OK
- return (1);
-#else
- return (0);
-#endif
- break;
-
- /*
- * these WILL send mail
- */
- case VALIDATE_ERROR:
- case NO_SUDOERS_FILE:
- case SPOOF_ATTEMPT:
- case BAD_STAMPDIR:
- case BAD_STAMPFILE:
- case BAD_ALLOCATION:
- default:
- return (1);
- break;
-
- }
-}
diff --git a/gnu/usr.bin/sudo/sudo/parse.c b/gnu/usr.bin/sudo/sudo/parse.c
deleted file mode 100644
index 50046f9c138..00000000000
--- a/gnu/usr.bin/sudo/sudo/parse.c
+++ /dev/null
@@ -1,443 +0,0 @@
-/* $OpenBSD: parse.c,v 1.12 1999/03/30 17:26:21 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * parse.c -- sudo parser frontend and comparison routines.
- *
- * Chris Jepeway <jepeway@cs.utk.edu>
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H)
-# include <fnmatch.h>
-#else
-# ifndef HAVE_FNMATCH
-# include "emul/fnmatch.h"
-# endif /* HAVE_FNMATCH */
-#endif /* HAVE_FNMATCH_H */
-#ifdef HAVE_NETGROUP_H
-# include <netgroup.h>
-#endif /* HAVE_NETGROUP_H */
-#include <ctype.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <sys/stat.h>
-#if HAVE_DIRENT_H
-# include <dirent.h>
-# define NAMLEN(dirent) strlen((dirent)->d_name)
-#else
-# define dirent direct
-# define NAMLEN(dirent) (dirent)->d_namlen
-# if HAVE_SYS_NDIR_H
-# include <sys/ndir.h>
-# endif
-# if HAVE_SYS_DIR_H
-# include <sys/dir.h>
-# endif
-# if HAVE_NDIR_H
-# include <ndir.h>
-# endif
-#endif
-
-#include "sudo.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: parse.c,v 1.103 1999/03/30 17:17:53 millert Exp $";
-#endif /* lint */
-
-/*
- * Globals
- */
-int parse_error = FALSE;
-extern FILE *yyin, *yyout;
-extern int printmatches;
-
-/*
- * Prototypes
- */
-static int has_meta __P((char *));
- void init_parser __P((void));
-
-/*
- * This routine is called from the sudo.c module and tries to validate
- * the user, host and command triplet.
- */
-int validate(check_cmnd)
- int check_cmnd;
-{
- int return_code;
-
- /* become sudoers file owner */
- set_perms(PERM_SUDOERS, 0);
-
- /* we opened _PATH_SUDO_SUDOERS in check_sudoers() so just rewind it */
- rewind(sudoers_fp);
- yyin = sudoers_fp;
- yyout = stdout;
-
- /*
- * Allocate space for data structures in the parser.
- */
- init_parser();
-
- /*
- * Need to be root while stat'ing things in the parser.
- */
- set_perms(PERM_ROOT, 0);
- return_code = yyparse();
-
- /*
- * Don't need to keep this open...
- */
- (void) fclose(sudoers_fp);
- sudoers_fp = NULL;
-
- /* relinquish extra privs */
- set_perms(PERM_USER, 0);
-
- if (return_code || parse_error)
- return(VALIDATE_ERROR);
-
- /*
- * Nothing on the top of the stack => user doesn't appear in sudoers.
- * Allow anyone to try the psuedo commands "list" and "validate".
- */
- if (top == 0) {
- if (check_cmnd == TRUE)
- return(VALIDATE_NO_USER);
- else
- return(VALIDATE_NOT_OK);
- }
-
- /*
- * Only check the actual command if the check_cmnd
- * flag is set. It is not set for the "validate"
- * and "list" pseudo-commands. Always check the
- * host and user.
- */
- if (check_cmnd == FALSE)
- while (top) {
- if (host_matches == TRUE) {
- /* user may always do validate or list on allowed hosts */
- if (no_passwd == TRUE)
- return(VALIDATE_OK_NOPASS);
- else
- return(VALIDATE_OK);
- }
- top--;
- }
- else
- while (top) {
- if (host_matches == TRUE) {
- if (runas_matches == TRUE) {
- if (cmnd_matches == TRUE) {
- /*
- * User was granted access to cmnd on host.
- * If no passwd required return as such.
- */
- if (no_passwd == TRUE)
- return(VALIDATE_OK_NOPASS);
- else
- return(VALIDATE_OK);
- } else if (cmnd_matches == FALSE) {
- /* User was explicitly denied acces to cmnd on host. */
- return(VALIDATE_NOT_OK);
- }
- }
- }
- top--;
- }
-
- /*
- * we popped everything off the stack =>
- * user was mentioned, but not explicitly
- * granted nor denied access => say no
- */
- return(VALIDATE_NOT_OK);
-}
-
-
-
-/*
- * If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
- * otherwise, return TRUE if cmnd names one of the inodes in path.
- */
-int command_matches(cmnd, user_args, path, sudoers_args)
- char *cmnd;
- char *user_args;
- char *path;
- char *sudoers_args;
-{
- int plen;
- struct stat pst;
- DIR *dirp;
- struct dirent *dent;
- char buf[MAXPATHLEN];
- static char *c;
-
- /* don't bother with pseudo commands like "validate" */
- if (strchr(cmnd, '/') == NULL)
- return(FALSE);
-
- plen = strlen(path);
-
- /* only need to stat cmnd once since it never changes */
- if (cmnd_st.st_dev == 0) {
- if (stat(cmnd, &cmnd_st) < 0)
- return(FALSE);
- if ((c = strrchr(cmnd, '/')) == NULL)
- c = cmnd;
- else
- c++;
- }
-
- /*
- * If the pathname has meta characters in it use fnmatch(3)
- * to do the matching
- */
- if (has_meta(path)) {
- /*
- * Return true if fnmatch(3) succeeds and there are no args
- * (in sudoers or command) or if the args match;
- * else return false.
- */
- if (fnmatch(path, cmnd, FNM_PATHNAME))
- return(FALSE);
- if (!sudoers_args)
- return(TRUE);
- else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
- return(TRUE);
- else if (sudoers_args)
- return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
- else
- return(FALSE);
- } else {
- if (path[plen - 1] != '/') {
- char *p;
-
- /* Only proceed if the basenames of cmnd and path are the same */
- if ((p = strrchr(path, '/')) == NULL)
- p = path;
- else
- p++;
- if (strcmp(c, p))
- return(FALSE);
-
- if (stat(path, &pst) < 0)
- return(FALSE);
-
- /*
- * Return true if inode/device matches and there are no args
- * (in sudoers or command) or if the args match;
- * else return false.
- */
- if (cmnd_st.st_dev != pst.st_dev || cmnd_st.st_ino != pst.st_ino)
- return(FALSE);
- if (!sudoers_args)
- return(TRUE);
- else if (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))
- return(TRUE);
- else if (sudoers_args)
- return((fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0));
- else
- return(FALSE);
- }
-
- /*
- * Grot through path's directory entries, looking for cmnd.
- */
- dirp = opendir(path);
- if (dirp == NULL)
- return(FALSE);
-
- while ((dent = readdir(dirp)) != NULL) {
- /* ignore paths > MAXPATHLEN (XXX - log) */
- if (plen + NAMLEN(dent) >= sizeof(buf))
- continue;
- strcpy(buf, path);
- strcat(buf, dent->d_name);
-
- /* only stat if basenames are not the same */
- if (strcmp(c, dent->d_name))
- continue;
- if (stat(buf, &pst) < 0)
- continue;
- if (cmnd_st.st_dev == pst.st_dev && cmnd_st.st_ino == pst.st_ino)
- break;
- }
-
- closedir(dirp);
- return(dent != NULL);
- }
-}
-
-
-
-/*
- * Returns TRUE if "n" is one of our ip addresses or if
- * "n" is a network that we are on, else returns FALSE.
- */
-int addr_matches(n)
- char *n;
-{
- int i;
- char *m;
- struct in_addr addr, mask;
-
- /* If there's an explicate netmask, use it. */
- if ((m = strchr(n, '/'))) {
- *m++ = '\0';
- mask.s_addr = inet_addr(m);
- addr.s_addr = inet_addr(n);
- *(m - 1) = '/';
-
- for (i = 0; i < num_interfaces; i++)
- if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr)
- return(TRUE);
- } else {
- addr.s_addr = inet_addr(n);
-
- for (i = 0; i < num_interfaces; i++)
- if (interfaces[i].addr.s_addr == addr.s_addr ||
- (interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr)
- == addr.s_addr)
- return(TRUE);
- }
-
- return(FALSE);
-}
-
-
-
-/*
- * Returns TRUE if the given user belongs to the named group,
- * else returns FALSE.
- */
-int usergr_matches(group, user)
- char *group;
- char *user;
-{
- struct group *grp;
- struct passwd *pw;
- char **cur;
-
- /* make sure we have a valid usergroup, sudo style */
- if (*group++ != '%')
- return(FALSE);
-
- if ((grp = getgrnam(group)) == NULL)
- return(FALSE);
-
- /*
- * Check against user's real gid as well as group's user list
- */
- if ((pw = getpwnam(user)) == NULL)
- return(FALSE);
-
- if (grp->gr_gid == pw->pw_gid)
- return(TRUE);
-
- for (cur=grp->gr_mem; *cur; cur++) {
- if (strcmp(*cur, user) == 0)
- return(TRUE);
- }
-
- return(FALSE);
-}
-
-
-
-/*
- * Returns TRUE if "host" and "user" belong to the netgroup "netgr",
- * else return FALSE. Either of "host" or "user" may be NULL
- * in which case that argument is not checked...
- */
-int netgr_matches(netgr, host, user)
- char *netgr;
- char *host;
- char *user;
-{
-#ifdef HAVE_GETDOMAINNAME
- static char *domain = (char *) -1;
-#else
- static char *domain = NULL;
-#endif /* HAVE_GETDOMAINNAME */
-
- /* make sure we have a valid netgroup, sudo style */
- if (*netgr++ != '+')
- return(FALSE);
-
-#ifdef HAVE_GETDOMAINNAME
- /* get the domain name (if any) */
- if (domain == (char *) -1) {
- domain = (char *) emalloc(MAXHOSTNAMELEN);
- if (getdomainname(domain, MAXHOSTNAMELEN) != 0 || *domain == '\0') {
- (void) free(domain);
- domain = NULL;
- }
- }
-#endif /* HAVE_GETDOMAINNAME */
-
-#ifdef HAVE_INNETGR
- return(innetgr(netgr, host, user, domain));
-#else
- return(FALSE);
-#endif /* HAVE_INNETGR */
-}
-
-
-
-/*
- * Returns TRUE if "s" has shell meta characters in it,
- * else returns FALSE.
- */
-static int has_meta(s)
- char *s;
-{
- register char *t;
-
- for (t = s; *t; t++) {
- if (*t == '\\' || *t == '?' || *t == '*' || *t == '[' || *t == ']')
- return(TRUE);
- }
- return(FALSE);
-}
diff --git a/gnu/usr.bin/sudo/sudo/parse.lex b/gnu/usr.bin/sudo/sudo/parse.lex
deleted file mode 100644
index d247beb7e07..00000000000
--- a/gnu/usr.bin/sudo/sudo/parse.lex
+++ /dev/null
@@ -1,356 +0,0 @@
-%{
-/* $OpenBSD: parse.lex,v 1.10 1999/03/29 20:29:05 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * parse.lex -- lexigraphical analyzer for sudo.
- *
- * Chris Jepeway <jepeway@cs.utk.edu>
- */
-
-#include "config.h"
-
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-#include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include "sudo.h"
-#include "sudo.tab.h"
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: parse.lex,v 1.88 1999/03/29 04:05:10 millert Exp $";
-#endif /* lint */
-
-#undef yywrap /* guard against a yywrap macro */
-
-extern YYSTYPE yylval;
-extern int clearaliases;
-int sudolineno = 1;
-static int sawspace = 0;
-static int arg_len = 0;
-static int arg_size = 0;
-
-static void fill __P((char *, int));
-static void fill_cmnd __P((char *, int));
-static void fill_args __P((char *, int, int));
-extern void reset_aliases __P((void));
-extern void yyerror __P((char *));
-
-/* realloc() to size + COMMANDARGINC to make room for command args */
-#define COMMANDARGINC 64
-
-#ifdef TRACELEXER
-#define LEXTRACE(msg) fputs(msg, stderr)
-#else
-#define LEXTRACE(msg)
-#endif
-%}
-
-OCTET [[:digit:]]{1,3}
-DOTTEDQUAD {OCTET}(\.{OCTET}){3}
-WORD [[:alnum:]_-]+
-
-%e 4000
-%p 6000
-%k 3500
-
-%s GOTCMND
-%s GOTRUNAS
-
-%%
-[ \t]+ { /* throw away space/tabs */
- sawspace = TRUE; /* but remember for fill_args */
- }
-
-\\[ \t]*\n {
- sawspace = TRUE; /* remember for fill_args */
- ++sudolineno;
- LEXTRACE("\n\t");
- } /* throw away EOL after \ */
-
-<GOTCMND>\\[:\,=\\ \t] {
- LEXTRACE("QUOTEDCHAR ");
- fill_args(yytext + 1, 1, sawspace);
- sawspace = FALSE;
- }
-
-<GOTCMND>[:\,=\n] {
- BEGIN INITIAL;
- unput(*yytext);
- return(COMMAND);
- } /* end of command line args */
-
-\n {
- ++sudolineno;
- LEXTRACE("\n");
- return(COMMENT);
- } /* return newline */
-
-<INITIAL>#.*\n {
- ++sudolineno;
- LEXTRACE("\n");
- return(COMMENT);
- } /* return comments */
-
-<GOTCMND>[^\\:, \t\n]+ {
- LEXTRACE("ARG ");
- fill_args(yytext, yyleng, sawspace);
- sawspace = FALSE;
- } /* a command line arg */
-
-\, {
- LEXTRACE(", ");
- return(',');
- } /* return ',' */
-
-\! {
- return('!'); /* return '!' */
- }
-
-= {
- LEXTRACE("= ");
- return('=');
- } /* return '=' */
-
-: {
- LEXTRACE(": ");
- return(':');
- } /* return ':' */
-
-\. {
- return('.');
- }
-
-NOPASSWD[[:blank:]]*: {
- /* cmnd does not require passwd for this user */
- LEXTRACE("NOPASSWD ");
- return(NOPASSWD);
- }
-
-\+{WORD} {
- /* netgroup */
- fill(yytext, yyleng);
- return(NETGROUP);
- }
-
-\%{WORD} {
- /* UN*X group */
- fill(yytext, yyleng);
- return(USERGROUP);
- }
-
-{DOTTEDQUAD}(\/{DOTTEDQUAD})? {
- fill(yytext, yyleng);
- LEXTRACE("NTWKADDR ");
- return(NTWKADDR);
- }
-
-[[:alpha:]][[:alnum:]_-]*(\.{WORD})+ {
- fill(yytext, yyleng);
- LEXTRACE("FQHOST ");
- return(FQHOST);
- }
-
-<INITIAL>\( {
- BEGIN GOTRUNAS;
- LEXTRACE("RUNAS ");
- return (RUNAS);
- }
-
-<GOTRUNAS>[[:upper:]][[:upper:][:digit:]_]* {
- /* Runas_Alias that user can run command as or ALL */
- fill(yytext, yyleng);
- if (strcmp(yytext, "ALL") == 0) {
- LEXTRACE("ALL ");
- return(ALL);
- } else {
- LEXTRACE("ALIAS ");
- return(ALIAS);
- }
- }
-
-<GOTRUNAS>#?{WORD} {
- /* username/uid that user can run command as */
- fill(yytext, yyleng);
- LEXTRACE("NAME ");
- return(NAME);
- }
-
-<GOTRUNAS>\) BEGIN INITIAL;
-
-
-\/[^\,:=\\ \t\n#]+ {
- /* directories can't have args... */
- if (yytext[yyleng - 1] == '/') {
- LEXTRACE("COMMAND ");
- fill_cmnd(yytext, yyleng);
- return(COMMAND);
- } else {
- BEGIN GOTCMND;
- LEXTRACE("COMMAND ");
- fill_cmnd(yytext, yyleng);
- }
- } /* a pathname */
-
-[[:upper:]][[:upper:][:digit:]_]* {
- fill(yytext, yyleng);
- if (strcmp(yytext, "ALL") == 0) {
- LEXTRACE("ALL ");
- return(ALL);
- }
- LEXTRACE("ALIAS ");
- return(ALIAS);
- }
-
-[[:alnum:]][[:alnum:]_-]* {
- fill(yytext, yyleng);
- if (strcmp(yytext, "Host_Alias") == 0) {
- LEXTRACE("HOSTALIAS ");
- return(HOSTALIAS);
- }
- if (strcmp(yytext, "Cmnd_Alias") == 0) {
- LEXTRACE("CMNDALIAS ");
- return(CMNDALIAS);
- }
- if (strcmp(yytext, "User_Alias") == 0) {
- LEXTRACE("USERALIAS ");
- return(USERALIAS);
- }
- if (strcmp(yytext, "Runas_Alias") == 0) {
- LEXTRACE("RUNASALIAS ");
- return(RUNASALIAS);
- }
-
- /* NAME is what RFC1034 calls a label */
- LEXTRACE("NAME ");
- return(NAME);
- }
-
-. {
- return(ERROR);
- } /* parse error */
-
-%%
-static void fill(s, len)
- char *s;
- int len;
-{
- yylval.string = (char *) malloc(len + 1);
- if (yylval.string == NULL)
- yyerror("unable to allocate memory");
-
- /* copy the string and NULL-terminate it */
- (void) strncpy(yylval.string, s, len);
- yylval.string[len] = '\0';
-}
-
-
-static void fill_cmnd(s, len)
- char *s;
- int len;
-{
- arg_len = arg_size = 0;
-
- yylval.command.cmnd = (char *) malloc(len + 1);
- if (yylval.command.cmnd == NULL)
- yyerror("unable to allocate memory");
-
- /* copy the string and NULL-terminate it */
- (void) strncpy(yylval.command.cmnd, s, len);
- yylval.command.cmnd[len] = '\0';
-
- yylval.command.args = NULL;
-}
-
-
-static void fill_args(s, len, addspace)
- char *s;
- int len;
- int addspace;
-{
- int new_len;
- char *p;
-
- /*
- * If first arg, malloc() some room, else if we don't
- * have enough space realloc() some more.
- */
- if (yylval.command.args == NULL) {
- addspace = 0;
- new_len = len;
-
- while (new_len >= (arg_size += COMMANDARGINC))
- ;
-
- yylval.command.args = (char *) malloc(arg_size);
- if (yylval.command.args == NULL)
- yyerror("unable to allocate memory");
- } else {
- new_len = arg_len + len + addspace;
-
- if (new_len >= arg_size) {
- /* Allocate more space than we need for subsequent args */
- while (new_len >= (arg_size += COMMANDARGINC))
- ;
-
- if ((p = (char *) realloc(yylval.command.args, arg_size)) == NULL) {
- (void) free(yylval.command.args);
- yyerror("unable to allocate memory");
- } else
- yylval.command.args = p;
- }
- }
-
- /* Efficiently append the arg (with a leading space if needed). */
- p = yylval.command.args + arg_len;
- if (addspace)
- *p++ = ' ';
- (void) strcpy(p, s);
- arg_len = new_len;
-}
-
-
-int yywrap()
-{
-#ifdef YY_NEW_FILE
- YY_NEW_FILE;
-#endif /* YY_NEW_FILE */
-
- /* don't reset the aliases if called by testsudoers */
- if (clearaliases)
- reset_aliases();
-
- return(TRUE);
-}
diff --git a/gnu/usr.bin/sudo/sudo/parse.yacc b/gnu/usr.bin/sudo/sudo/parse.yacc
deleted file mode 100644
index 4131e01a973..00000000000
--- a/gnu/usr.bin/sudo/sudo/parse.yacc
+++ /dev/null
@@ -1,985 +0,0 @@
-%{
-/* $OpenBSD: parse.yacc,v 1.15 1999/03/30 17:26:21 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * parse.yacc -- yacc parser and alias manipulation routines for sudo.
- *
- * Chris Jepeway <jepeway@cs.utk.edu>
- */
-
-#include "config.h"
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <pwd.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-#include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
-#include <alloca.h>
-#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
-#ifdef HAVE_LSEARCH
-#include <search.h>
-#endif /* HAVE_LSEARCH */
-
-#include "sudo.h"
-
-#ifndef HAVE_LSEARCH
-#include "emul/search.h"
-#endif /* HAVE_LSEARCH */
-
-#ifndef HAVE_STRCASECMP
-#define strcasecmp(a,b) strcmp(a,b)
-#endif /* !HAVE_STRCASECMP */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: parse.yacc,v 1.135 1999/03/30 17:17:53 millert Exp $";
-#endif /* lint */
-
-/*
- * Globals
- */
-extern int sudolineno, parse_error;
-int errorlineno = -1;
-int clearaliases = 1;
-int printmatches = FALSE;
-
-/*
- * Alias types
- */
-#define HOST_ALIAS 1
-#define CMND_ALIAS 2
-#define USER_ALIAS 3
-#define RUNAS_ALIAS 4
-
-/*
- * The matching stack, initial space allocated in init_parser().
- */
-struct matchstack *match;
-int top = 0, stacksize = 0;
-
-#define push \
- { \
- if (top >= stacksize) { \
- while ((stacksize += STACKINCREMENT) < top); \
- match = (struct matchstack *) erealloc(match, sizeof(struct matchstack) * stacksize); \
- } \
- match[top].user = -1; \
- match[top].cmnd = -1; \
- match[top].host = -1; \
- match[top].runas = -1; \
- match[top].nopass = -1; \
- top++; \
- }
-
-#define pop \
- { \
- if (top == 0) \
- yyerror("matching stack underflow"); \
- else \
- top--; \
- }
-
-/*
- * The stack for printmatches. A list of allowed commands for the user.
- */
-static struct command_match *cm_list = NULL;
-static size_t cm_list_len = 0, cm_list_size = 0;
-
-/*
- * List of Cmnd_Aliases and expansions for `sudo -l'
- */
-static int in_alias = FALSE;
-static size_t ga_list_len = 0, ga_list_size = 0;
-static struct generic_alias *ga_list = NULL;
-
-/*
- * Protoypes
- */
-extern int command_matches __P((char *, char *, char *, char *));
-extern int addr_matches __P((char *));
-extern int netgr_matches __P((char *, char *, char *));
-extern int usergr_matches __P((char *, char *));
-static int find_alias __P((char *, int));
-static int add_alias __P((char *, int));
-static int more_aliases __P((void));
-static void append __P((char *, char **, size_t *, size_t *, int));
-static void expand_ga_list __P((void));
-static void expand_match_list __P((void));
- void init_parser __P((void));
- void yyerror __P((char *));
-
-void yyerror(s)
- char *s;
-{
- /* save the line the first error occured on */
- if (errorlineno == -1)
- errorlineno = sudolineno ? sudolineno - 1 : 0;
-#ifndef TRACELEXER
- (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
- sudolineno ? sudolineno - 1 : 0);
-#else
- (void) fprintf(stderr, "<*> ");
-#endif
- parse_error = TRUE;
-}
-%}
-
-%union {
- char *string;
- int BOOLEAN;
- struct sudo_command command;
- int tok;
-}
-
-
-%start file /* special start symbol */
-%token <string> ALIAS /* an UPPERCASE alias name */
-%token <string> NTWKADDR /* w.x.y.z */
-%token <string> FQHOST /* foo.bar.com */
-%token <string> NETGROUP /* a netgroup (+NAME) */
-%token <string> USERGROUP /* a usergroup (%NAME) */
-%token <string> NAME /* a mixed-case name */
-%token <tok> RUNAS /* a mixed-case runas name */
-%token <tok> NOPASSWD /* no passwd req for command*/
-%token <command> COMMAND /* an absolute pathname */
-%token <tok> COMMENT /* comment and/or carriage return */
-%token <tok> ALL /* ALL keyword */
-%token <tok> HOSTALIAS /* Host_Alias keyword */
-%token <tok> CMNDALIAS /* Cmnd_Alias keyword */
-%token <tok> USERALIAS /* User_Alias keyword */
-%token <tok> RUNASALIAS /* Runas_Alias keyword */
-%token <tok> ':' '=' ',' '!' '.' /* union member tokens */
-%token <tok> ERROR
-
-%type <BOOLEAN> cmnd
-%type <BOOLEAN> opcmnd
-%type <BOOLEAN> runasspec
-%type <BOOLEAN> runaslist
-%type <BOOLEAN> runasuser
-%type <BOOLEAN> nopasswd
-
-%%
-
-file : entry
- | file entry
- ;
-
-entry : COMMENT
- { ; }
- | error COMMENT
- { yyerrok; }
- | { push; } user privileges {
- while (top && user_matches != TRUE) {
- pop;
- }
- }
- | USERALIAS useraliases
- { ; }
- | HOSTALIAS hostaliases
- { ; }
- | CMNDALIAS cmndaliases
- { ; }
- | RUNASALIAS runasaliases
- { ; }
- ;
-
-
-privileges : privilege
- | privileges ':' privilege
- ;
-
-privilege : hostspec '=' cmndspeclist {
- if (user_matches == TRUE) {
- push;
- user_matches = TRUE;
- } else {
- no_passwd = -1;
- runas_matches = -1;
- }
- }
- ;
-
-hostspec : ALL {
- host_matches = TRUE;
- }
- | NTWKADDR {
- if (addr_matches($1))
- host_matches = TRUE;
- (void) free($1);
- }
- | NETGROUP {
- if (netgr_matches($1, host, NULL))
- host_matches = TRUE;
- (void) free($1);
- }
- | NAME {
- if (strcasecmp(shost, $1) == 0)
- host_matches = TRUE;
- (void) free($1);
- }
- | FQHOST {
- if (strcasecmp(host, $1) == 0)
- host_matches = TRUE;
- (void) free($1);
- }
- | ALIAS {
- /* could be an all-caps hostname */
- if (find_alias($1, HOST_ALIAS) == TRUE ||
- strcasecmp(shost, $1) == 0)
- host_matches = TRUE;
- (void) free($1);
- }
- ;
-
-cmndspeclist : cmndspec
- | cmndspeclist ',' cmndspec
- ;
-
-cmndspec : { /* Push a new entry onto the stack if needed */
- if (user_matches == TRUE && host_matches == TRUE &&
- cmnd_matches != -1 && runas_matches == TRUE) {
- push;
- user_matches = TRUE;
- host_matches = TRUE;
- } else {
- cmnd_matches = -1;
- runas_matches = -1;
- no_passwd = -1;
- }
- } runasspec nopasswd opcmnd {
- if ($2 > 0)
- runas_matches = TRUE;
- if ($3 == TRUE)
- no_passwd = TRUE;
- if (($2 == -1 || $4 == -1) && printmatches == TRUE) {
- cm_list[cm_list_len].runas_len = 0;
- cm_list[cm_list_len].cmnd_len = 0;
- cm_list[cm_list_len].nopasswd = FALSE;
- }
- }
- ;
-
-opcmnd : cmnd { ; }
- | '!' {
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append("!", &cm_list[cm_list_len].cmnd,
- &cm_list[cm_list_len].cmnd_len,
- &cm_list[cm_list_len].cmnd_size, 0);
- push;
- user_matches = TRUE;
- host_matches = TRUE;
- } else {
- push;
- }
- } opcmnd {
- int cmnd_matched = cmnd_matches;
- pop;
- if (cmnd_matched == TRUE)
- cmnd_matches = FALSE;
- else if (cmnd_matched == FALSE)
- cmnd_matches = TRUE;
- $$ = cmnd_matches;
- }
- ;
-
-runasspec : /* empty */ {
- $$ = (strcmp(RUNAS_DEFAULT, runas_user) == 0);
- }
- | RUNAS runaslist {
- $$ = $2;
- }
- ;
-
-runaslist : runasuser {
- $$ = $1;
- }
- | runaslist ',' runasuser {
- $$ = $1 + $3;
- }
- ;
-
-
-runasuser : NAME {
- $$ = (strcmp($1, runas_user) == 0);
- if (printmatches == TRUE && in_alias == TRUE)
- append($1, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE)
- append($1, &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, ':');
- (void) free($1);
- }
- | USERGROUP {
- $$ = usergr_matches($1, runas_user);
- if (printmatches == TRUE && in_alias == TRUE)
- append($1, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append("%", &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, ':');
- append($1, &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, 0);
- }
- (void) free($1);
- }
- | NETGROUP {
- $$ = netgr_matches($1, NULL, runas_user);
- if (printmatches == TRUE && in_alias == TRUE)
- append($1, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append("+", &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, ':');
- append($1, &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, 0);
- }
- (void) free($1);
- }
- | ALIAS {
- /* could be an all-caps username */
- if (find_alias($1, RUNAS_ALIAS) == TRUE ||
- strcmp($1, runas_user) == 0)
- $$ = TRUE;
- else
- $$ = FALSE;
- if (printmatches == TRUE && in_alias == TRUE)
- append($1, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE)
- append($1, &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, ':');
- (void) free($1);
- }
- | ALL {
- $$ = TRUE;
- if (printmatches == TRUE && in_alias == TRUE)
- append("ALL", &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE)
- append("ALL", &cm_list[cm_list_len].runas,
- &cm_list[cm_list_len].runas_len,
- &cm_list[cm_list_len].runas_size, ':');
- }
- ;
-
-nopasswd : /* empty */ {
- $$ = FALSE;
- }
- | NOPASSWD {
- $$ = TRUE;
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE)
- cm_list[cm_list_len].nopasswd = TRUE;
- }
- ;
-
-cmnd : ALL {
- if (printmatches == TRUE && in_alias == TRUE) {
- append("ALL", &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- }
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append("ALL", &cm_list[cm_list_len].cmnd,
- &cm_list[cm_list_len].cmnd_len,
- &cm_list[cm_list_len].cmnd_size, 0);
- expand_match_list();
- }
-
- cmnd_matches = TRUE;
- $$ = TRUE;
- }
- | ALIAS {
- if (printmatches == TRUE && in_alias == TRUE) {
- append($1, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- }
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append($1, &cm_list[cm_list_len].cmnd,
- &cm_list[cm_list_len].cmnd_len,
- &cm_list[cm_list_len].cmnd_size, 0);
- expand_match_list();
- }
- if (find_alias($1, CMND_ALIAS) == TRUE) {
- cmnd_matches = TRUE;
- $$ = TRUE;
- }
- (void) free($1);
- }
- | COMMAND {
- if (printmatches == TRUE && in_alias == TRUE) {
- append($1.cmnd, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ',');
- if ($1.args)
- append($1.args, &ga_list[ga_list_len-1].entries,
- &ga_list[ga_list_len-1].entries_len,
- &ga_list[ga_list_len-1].entries_size, ' ');
- }
- if (printmatches == TRUE && host_matches == TRUE &&
- user_matches == TRUE) {
- append($1.cmnd, &cm_list[cm_list_len].cmnd,
- &cm_list[cm_list_len].cmnd_len,
- &cm_list[cm_list_len].cmnd_size, 0);
- if ($1.args)
- append($1.args, &cm_list[cm_list_len].cmnd,
- &cm_list[cm_list_len].cmnd_len,
- &cm_list[cm_list_len].cmnd_size, ' ');
- expand_match_list();
- }
-
- /* if NewArgc > 1 pass ptr to 1st arg, else NULL */
- if (command_matches(cmnd, (NewArgc > 1) ?
- cmnd_args : NULL, $1.cmnd, $1.args)) {
- cmnd_matches = TRUE;
- $$ = TRUE;
- }
-
- (void) free($1.cmnd);
- if ($1.args)
- (void) free($1.args);
- }
- ;
-
-hostaliases : hostalias
- | hostaliases ':' hostalias
- ;
-
-hostalias : ALIAS { push; } '=' hostlist {
- if (host_matches == TRUE &&
- add_alias($1, HOST_ALIAS) == FALSE)
- YYERROR;
- pop;
- }
- ;
-
-hostlist : hostspec
- | hostlist ',' hostspec
- ;
-
-cmndaliases : cmndalias
- | cmndaliases ':' cmndalias
- ;
-
-cmndalias : ALIAS {
- push;
- if (printmatches == TRUE) {
- in_alias = TRUE;
- /* Allocate space for ga_list if necesary. */
- expand_ga_list();
- ga_list[ga_list_len-1].alias = estrdup($1);
- }
- } '=' cmndlist {
- if (cmnd_matches == TRUE &&
- add_alias($1, CMND_ALIAS) == FALSE)
- YYERROR;
- pop;
- (void) free($1);
-
- if (printmatches == TRUE)
- in_alias = FALSE;
- }
- ;
-
-cmndlist : cmnd
- { ; }
- | cmndlist ',' cmnd
- ;
-
-runasaliases : runasalias
- | runasaliases ':' runasalias
- ;
-
-runasalias : ALIAS {
- push;
- if (printmatches == TRUE) {
- in_alias = TRUE;
- /* Allocate space for ga_list if necesary. */
- expand_ga_list();
- ga_list[ga_list_len-1].alias = estrdup($1);
- }
- } '=' runaslist {
- if ($4 > 0 && add_alias($1, RUNAS_ALIAS) == FALSE)
- YYERROR;
- pop;
- (void) free($1);
-
- if (printmatches == TRUE)
- in_alias = FALSE;
- }
- ;
-
-useraliases : useralias
- | useraliases ':' useralias
- ;
-
-useralias : ALIAS { push; } '=' userlist {
- if (user_matches == TRUE &&
- add_alias($1, USER_ALIAS) == FALSE)
- YYERROR;
- pop;
- (void) free($1);
- }
- ;
-
-userlist : user
- { ; }
- | userlist ',' user
- ;
-
-user : NAME {
- if (strcmp($1, user_name) == 0)
- user_matches = TRUE;
- (void) free($1);
- }
- | USERGROUP {
- if (usergr_matches($1, user_name))
- user_matches = TRUE;
- (void) free($1);
- }
- | NETGROUP {
- if (netgr_matches($1, NULL, user_name))
- user_matches = TRUE;
- (void) free($1);
- }
- | ALIAS {
- /* could be an all-caps username */
- if (find_alias($1, USER_ALIAS) == TRUE ||
- strcmp($1, user_name) == 0)
- user_matches = TRUE;
- (void) free($1);
- }
- | ALL {
- user_matches = TRUE;
- }
- ;
-
-%%
-
-
-typedef struct {
- int type;
- char name[BUFSIZ];
-} aliasinfo;
-
-#define MOREALIASES (32)
-aliasinfo *aliases = NULL;
-size_t naliases = 0;
-size_t nslots = 0;
-
-
-/**********************************************************************
- *
- * aliascmp()
- *
- * This function compares two aliasinfo structures.
- */
-
-static int aliascmp(a1, a2)
- const VOID *a1, *a2;
-{
- int r;
- aliasinfo *ai1, *ai2;
-
- ai1 = (aliasinfo *) a1;
- ai2 = (aliasinfo *) a2;
- r = strcmp(ai1->name, ai2->name);
- if (r == 0)
- r = ai1->type - ai2->type;
-
- return(r);
-}
-
-
-/**********************************************************************
- *
- * genaliascmp()
- *
- * This function compares two generic_alias structures.
- */
-
-static int genaliascmp(entry, key)
- const VOID *entry, *key;
-{
- struct generic_alias *ga1 = (struct generic_alias *) key;
- struct generic_alias *ga2 = (struct generic_alias *) entry;
-
- return(strcmp(ga1->alias, ga2->alias));
-}
-
-
-/**********************************************************************
- *
- * add_alias()
- *
- * This function adds the named alias of the specified type to the
- * aliases list.
- */
-
-static int add_alias(alias, type)
- char *alias;
- int type;
-{
- aliasinfo ai, *aip;
- char s[512];
- int ok;
-
- ok = FALSE; /* assume failure */
- ai.type = type;
- (void) strcpy(ai.name, alias);
- if (lfind((VOID *)&ai, (VOID *)aliases, &naliases, sizeof(ai),
- aliascmp) != NULL) {
- (void) sprintf(s, "Alias `%.*s' already defined", (int) sizeof(s) - 25,
- alias);
- yyerror(s);
- } else {
- if (naliases >= nslots && !more_aliases()) {
- (void) sprintf(s, "Out of memory defining alias `%.*s'",
- (int) sizeof(s) - 32, alias);
- yyerror(s);
- }
-
- aip = (aliasinfo *) lsearch((VOID *)&ai, (VOID *)aliases,
- &naliases, sizeof(ai), aliascmp);
-
- if (aip != NULL) {
- ok = TRUE;
- } else {
- (void) sprintf(s, "Aliases corrupted defining alias `%.*s'",
- (int) sizeof(s) - 36, alias);
- yyerror(s);
- }
- }
-
- return(ok);
-}
-
-
-/**********************************************************************
- *
- * find_alias()
- *
- * This function searches for the named alias of the specified type.
- */
-
-static int find_alias(alias, type)
- char *alias;
- int type;
-{
- aliasinfo ai;
-
- (void) strcpy(ai.name, alias);
- ai.type = type;
-
- return(lfind((VOID *)&ai, (VOID *)aliases, &naliases,
- sizeof(ai), aliascmp) != NULL);
-}
-
-
-/**********************************************************************
- *
- * more_aliases()
- *
- * This function allocates more space for the aliases list.
- */
-
-static int more_aliases()
-{
- nslots += MOREALIASES;
- if (nslots == MOREALIASES)
- aliases = (aliasinfo *) malloc(nslots * sizeof(aliasinfo));
- else
- aliases = (aliasinfo *) realloc(aliases, nslots * sizeof(aliasinfo));
-
- return(aliases != NULL);
-}
-
-
-/**********************************************************************
- *
- * dumpaliases()
- *
- * This function lists the contents of the aliases list.
- */
-
-void dumpaliases()
-{
- size_t n;
-
- for (n = 0; n < naliases; n++) {
- switch (aliases[n].type) {
- case HOST_ALIAS:
- (void) puts("HOST_ALIAS");
- break;
-
- case CMND_ALIAS:
- (void) puts("CMND_ALIAS");
- break;
-
- case USER_ALIAS:
- (void) puts("USER_ALIAS");
- break;
-
- case RUNAS_ALIAS:
- (void) puts("RUNAS_ALIAS");
- break;
- }
- (void) printf("\t%s\n", aliases[n].name);
- }
-}
-
-
-/**********************************************************************
- *
- * list_matches()
- *
- * This function lists the contents of cm_list and ga_list for
- * `sudo -l'.
- */
-
-void list_matches()
-{
- int i;
- char *p;
- struct generic_alias *ga, key;
-
- (void) puts("You may run the following commands on this host:");
- for (i = 0; i < cm_list_len; i++) {
-
- /* Print the runas list. */
- (void) fputs(" ", stdout);
- if (cm_list[i].runas) {
- (void) putchar('(');
- p = strtok(cm_list[i].runas, ":");
- do {
- if (p != cm_list[i].runas)
- (void) fputs(", ", stdout);
-
- key.alias = p;
- if ((ga = (struct generic_alias *) lfind((VOID *) &key,
- (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp)))
- (void) fputs(ga->entries, stdout);
- else
- (void) fputs(p, stdout);
- } while ((p = strtok(NULL, ":")));
- (void) fputs(") ", stdout);
- } else {
- (void) fputs("(root) ", stdout);
- }
-
- /* Is a password required? */
- if (cm_list[i].nopasswd == TRUE)
- (void) fputs("NOPASSWD: ", stdout);
-
- /* Print the actual command or expanded Cmnd_Alias. */
- key.alias = cm_list[i].cmnd;
- if ((ga = (struct generic_alias *) lfind((VOID *) &key,
- (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp)))
- (void) puts(ga->entries);
- else
- (void) puts(cm_list[i].cmnd);
- }
-
- /* Be nice and free up space now that we are done. */
- for (i = 0; i < ga_list_len; i++) {
- (void) free(ga_list[i].alias);
- (void) free(ga_list[i].entries);
- }
- (void) free(ga_list);
- ga_list = NULL;
-
- for (i = 0; i < cm_list_len; i++) {
- (void) free(cm_list[i].runas);
- (void) free(cm_list[i].cmnd);
- }
- (void) free(cm_list);
- cm_list = NULL;
- cm_list_len = 0;
- cm_list_size = 0;
-}
-
-
-/**********************************************************************
- *
- * append()
- *
- * This function appends a source string to the destination prefixing
- * a separator if one is given.
- */
-
-static void append(src, dstp, dst_len, dst_size, separator)
- char *src, **dstp;
- size_t *dst_len, *dst_size;
- int separator;
-{
- /* Only add the separator if *dstp is non-NULL. */
- size_t src_len = strlen(src) + ((separator && *dstp) ? 1 : 0);
- char *dst = *dstp;
-
- /* Assumes dst will be NULL if not set. */
- if (dst == NULL) {
- dst = (char *) emalloc(BUFSIZ);
- *dst_size = BUFSIZ;
- *dst_len = 0;
- *dstp = dst;
- }
-
- /* Allocate more space if necesary. */
- if (*dst_size <= *dst_len + src_len) {
- while (*dst_size <= *dst_len + src_len)
- *dst_size += BUFSIZ;
-
- dst = (char *) erealloc(dst, *dst_size);
- *dstp = dst;
- }
-
- /* Copy src -> dst adding a separator char if appropriate and adjust len. */
- dst += *dst_len;
- if (separator && *dst_len)
- *dst++ = (char) separator;
- (void) strcpy(dst, src);
- *dst_len += src_len;
-}
-
-
-/**********************************************************************
- *
- * reset_aliases()
- *
- * This function frees up space used by the aliases list and resets
- * the associated counters.
- */
-
-void reset_aliases()
-{
- if (aliases) {
- (void) free(aliases);
- aliases = NULL;
- }
- naliases = nslots = 0;
-}
-
-
-/**********************************************************************
- *
- * expand_ga_list()
- *
- * This function increments ga_list_len, allocating more space as necesary.
- */
-
-static void expand_ga_list()
-{
- if (++ga_list_len >= ga_list_size) {
- while ((ga_list_size += STACKINCREMENT) < ga_list_len)
- ;
- ga_list = (struct generic_alias *)
- erealloc(ga_list, sizeof(struct generic_alias) * ga_list_size);
- }
-
- ga_list[ga_list_len - 1].entries = NULL;
-}
-
-
-/**********************************************************************
- *
- * expand_match_list()
- *
- * This function increments cm_list_len, allocating more space as necesary.
- */
-
-static void expand_match_list()
-{
- if (++cm_list_len >= cm_list_size) {
- while ((cm_list_size += STACKINCREMENT) < cm_list_len)
- ;
- if (cm_list == NULL)
- cm_list_len = 0; /* start at 0 since it is a subscript */
- cm_list = (struct command_match *)
- erealloc(cm_list, sizeof(struct command_match) * cm_list_size);
- }
-
- cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL;
- cm_list[cm_list_len].nopasswd = FALSE;
-}
-
-
-/**********************************************************************
- *
- * init_parser()
- *
- * This function frees up spaced used by a previous parse and
- * allocates new space for various data structures.
- */
-
-void init_parser()
-{
- /* Free up old data structures if we run the parser more than once. */
- if (match) {
- (void) free(match);
- match = NULL;
- top = 0;
- parse_error = FALSE;
- errorlineno = -1;
- sudolineno = 1;
- }
-
- /* Allocate space for the matching stack. */
- stacksize = STACKINCREMENT;
- match = (struct matchstack *) emalloc(sizeof(struct matchstack) * stacksize);
-
- /* Allocate space for the match list (for `sudo -l'). */
- if (printmatches == TRUE)
- expand_match_list();
-}
diff --git a/gnu/usr.bin/sudo/sudo/pathnames.h b/gnu/usr.bin/sudo/sudo/pathnames.h
deleted file mode 100644
index 4b8b739c6a2..00000000000
--- a/gnu/usr.bin/sudo/sudo/pathnames.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: pathnames.h,v 1.9 1999/03/29 20:29:05 millert Exp $ */
-
-/* pathnames.h. Generated automatically by configure. */
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: pathnames.h.in,v 1.38 1999/03/29 04:05:11 millert Exp $
- */
-
-/*
- * Pathnames to programs and files used by sudo.
- */
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif /* HAVE_PATHS_H */
-
-#ifndef _PATH_DEV
-#define _PATH_DEV "/dev/"
-#endif /* _PATH_DEV */
-
-#ifndef _PATH_TTY
-#define _PATH_TTY "/dev/tty"
-#endif /* _PATH_TTY */
-
-/*
- * NOTE: _PATH_SUDO_SUDOERS is usually overriden by the Makefile.
- */
-#ifndef _PATH_SUDO_SUDOERS
-#define _PATH_SUDO_SUDOERS "/etc/sudoers"
-#endif /* _PATH_SUDO_SUDOERS */
-
-/*
- * NOTE: _PATH_SUDO_STMP is usually overriden by the Makefile.
- * _PATH_SUDO_STMP *MUST* be on the same partition
- * as _PATH_SUDO_SUDOERS!
- */
-#ifndef _PATH_SUDO_STMP
-#define _PATH_SUDO_STMP "/etc/stmp"
-#endif /* _PATH_SUDO_STMP */
-
-/*
- * The following paths are controlled via the configure script.
- */
-
-/*
- * Where to put the timestamp files. Defaults to /var/run/sudo if
- * /var/run exists, else /tmp/.odus.
- */
-#ifndef _PATH_SUDO_TIMEDIR
-#define _PATH_SUDO_TIMEDIR "/var/run/sudo"
-#endif /* _PATH_SUDO_TIMEDIR */
-
-/*
- * Where to put the sudo log file when logging to a file. Defaults to
- * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log.
- */
-#ifndef _PATH_SUDO_LOGFILE
-#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
-#endif /* _PATH_SUDO_LOGFILE */
-
-#ifndef _PATH_SENDMAIL
-#define _PATH_SENDMAIL "/usr/sbin/sendmail"
-#endif /* _PATH_SENDMAIL */
-
-#ifndef _PATH_VI
-#define _PATH_VI "/usr/bin/vi"
-#endif /* _PATH_VI */
-
-#ifndef _PATH_MV
-#define _PATH_MV "/bin/mv"
-#endif /* _PATH_MV */
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif /* _PATH_BSHELL */
diff --git a/gnu/usr.bin/sudo/sudo/sudo.8 b/gnu/usr.bin/sudo/sudo/sudo.8
deleted file mode 100644
index 19600ce1825..00000000000
--- a/gnu/usr.bin/sudo/sudo/sudo.8
+++ /dev/null
@@ -1,423 +0,0 @@
-.rn '' }`
-''' $OpenBSD: sudo.8,v 1.11 1999/03/29 20:29:06 millert Exp $
-'''
-.de Sh
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp
-.if t .sp .5v
-.if n .sp
-..
-.de Ip
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve
-.ft R
-
-.fi
-..
-'''
-'''
-''' Set up \*(-- to give an unbreakable dash;
-''' string Tr holds user defined translation string.
-''' Bell System Logo is used as a dummy character.
-'''
-.tr \(*W-|\(bv\*(Tr
-.ie n \{\
-.ds -- \(*W-
-.ds PI pi
-.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-.ds L" ""
-.ds R" ""
-''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
-''' \*(L" and \*(R", except that they are used on ".xx" lines,
-''' such as .IP and .SH, which do another additional levels of
-''' double-quote interpretation
-.ds M" """
-.ds S" """
-.ds N" """""
-.ds T" """""
-.ds L' '
-.ds R' '
-.ds M' '
-.ds S' '
-.ds N' '
-.ds T' '
-'br\}
-.el\{\
-.ds -- \(em\|
-.tr \*(Tr
-.ds L" ``
-.ds R" ''
-.ds M" ``
-.ds S" ''
-.ds N" ``
-.ds T" ''
-.ds L' `
-.ds R' '
-.ds M' `
-.ds S' '
-.ds N' `
-.ds T' '
-.ds PI \(*p
-'br\}
-.\" If the F register is turned on, we'll generate
-.\" index entries out stderr for the following things:
-.\" TH Title
-.\" SH Header
-.\" Sh Subsection
-.\" Ip Item
-.\" X<> Xref (embedded
-.\" Of course, you have to process the output yourself
-.\" in some meaninful fashion.
-.if \nF \{
-.de IX
-.tm Index:\\$1\t\\n%\t"\\$2"
-..
-.nr % 0
-.rr F
-.\}
-.TH sudo 8 "1.5.9" "17/Feb/99" "MAINTENANCE COMMANDS"
-.UC
-.if n .hy 0
-.if n .na
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.de CQ \" put $1 in typewriter font
-.ft CW
-'if n "\c
-'if t \\&\\$1\c
-'if n \\&\\$1\c
-'if n \&"
-\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
-'.ft R
-..
-.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
-. \" AM - accent mark definitions
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds ? ?
-. ds ! !
-. ds /
-. ds q
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
-. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
-.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
-.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
-.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.ds oe o\h'-(\w'o'u*4/10)'e
-.ds Oe O\h'-(\w'O'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds v \h'-1'\o'\(aa\(ga'
-. ds _ \h'-1'^
-. ds . \h'-1'.
-. ds 3 3
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-. ds oe oe
-. ds Oe OE
-.\}
-.rm #[ #] #H #V #F C
-.SH "NAME"
-sudo \- execute a command as the superuser
-.SH "SYNOPSIS"
-\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-v\fR | \fB\-k\fR | \fB\-s\fR | \fB\-H\fR |
-[ \fB\-b\fR ] | [ \fB\-r\fR realm ] | [ \fB\-p\fR prompt ] [ \fB\-u\fR username/#uid] \fIcommand\fR
-.SH "DESCRIPTION"
-\fBsudo\fR allows a permitted user to execute a \fIcommand\fR
-as the superuser (real and effective uid and gid are set
-to \f(CW0\fR and root's group as set in the passwd file respectively).
-.PP
-\fBsudo\fR determines who is an authorized user by consulting the
-file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user
-can update the time stamp without running a \fIcommand.\fR
-The password prompt itself will also time out if the user's password is
-not entered with N minutes (again, this is defined at installation
-time and defaults to 5 minutes).
-.PP
-If an unauthorized user executes \fBsudo\fR, mail will be sent from the
-user to the local authorities (defined at installation time).
-.PP
-\fBsudo\fR was designed to log via the 4.3 BSD \fIsyslog\fR\|(3) facility but
-can log to a file instead if so desired (or to both syslog and a file).
-.SH "OPTIONS"
-\fBsudo\fR accepts the following command line options:
-.Ip "-V" 4
-The \f(CW-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the
-version number and exit.
-.Ip "-l" 4
-The \f(CW-l\fR (\fIlist\fR) option will list out the allowed and
-forbidden commands for the user on the current host.
-.Ip "-h" 4
-The \f(CW-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print the version
-of \fBsudo\fR and a usage message before exiting.
-.Ip "-v" 4
-If given the \f(CW-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
-user's timestamp file, prompting for the user's password if necessary.
-This extends the \fBsudo\fR timeout to for another N minutes
-(where N is defined at installation time and defaults to 5
-minutes) but does not run a command.
-.Ip "-k" 4
-The \f(CW-k\fR (\fIkill\fR) option to \fBsudo\fR removes the user's timestamp
-file, thus requiring the user's password the next time \fBsudo\fR is run.
-This option does not require a password and was added to
-allow a user to revoke \fBsudo\fR permissions from a .logout file.
-.Ip "-b" 4
-The \f(CW-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
-command in the background. Note that if you use the \f(CW-b\fR
-option you cannot use shell job control to manipulate the command.
-.Ip "-r" 4
-The \f(CW-r\fR (\fIrealm\fR) option is only available if \fBsudo\fR was configured
-with \fBKerberos\fR version 5 support. It allows the user to specify a
-\fBKerberos\fR realm other than the system default to use when authenticating
-the user via \fBKerberos\fR.
-.Ip "-p" 4
-The \f(CW-p\fR (\fIprompt\fR) option allows you to override the default
-password prompt and use a custom one. If the password prompt
-contains the \f(CW%u\fR escape, \f(CW%u\fR will be replaced by the user's
-login name. Similarly, \f(CW%h\fR will be replaced by the local
-hostname.
-.Ip "-u" 4
-The \f(CW-u\fR (\fIuser\fR) option causes sudo to run the specified command
-as a user other than \fIroot\fR. To specify a \fIuid\fR instead of a
-\fIusername\fR, use \*(L"#uid\*(R".
-.Ip "-s" 4
-The \f(CW-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
-environment variable if it is set or the shell as specified
-in \fIpasswd\fR\|(5).
-.Ip "-H" 4
-The \f(CW-H\fR (\fI\s-1HOME\s0\fR) option sets the \fI\s-1HOME\s0\fR environment variable
-to the homedir of the target user (root by default) as specified
-in \fIpasswd\fR\|(5).
-.Ip "--" 4
-The \f(CW--\fR flag indicates that \fBsudo\fR should stop processing command
-line arguments. It is most useful in conjunction with the \f(CW-s\fR flag.
-.SH "RETURN VALUES"
-\fBsudo\fR quits with an exit value of 1 if there is a
-configuration/permission problem or if \fBsudo\fR cannot execute the
-given command. In the latter case the error string is printed to
-stderr via \fIperror\fR\|(3). If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries
-in the user's PATH the error is printed on stderr via \fIperror\fR\|(3).
-(If the directory does not exist or if it is not really a directory,
-the entry is ignored and no error is printed.) This should not
-happen under normal circumstances. The most common reason for
-\fIstat\fR\|(3) to return \*(L"permission denied\*(R" is if you are running an
-automounter and one of the directories in your PATH is on a machine
-that is currently unreachable.
-.SH "SECURITY NOTES"
-\fBsudo\fR tries to be safe when executing external commands. Variables
-that control how dynamic loading and binding is done can be used
-to subvert the program that \fBsudo\fR runs. To combat this the
-\f(CWLD_*\fR, \f(CW_RLD_*\fR, \f(CWSHLIB_PATH\fR (HP\-UX only), and \f(CWLIBPATH\fR (AIX
-only) environment variables are removed from the environment passed
-on to all commands executed. \fBsudo\fR will also remove the \f(CWIFS\fR,
-\f(CWENV\fR, \f(CWBASH_ENV\fR, \f(CWKRB_CONF\fR and \f(CWKRB5_CONFIG\fR variables as
-they too can pose a threat.
-.PP
-To prevent command spoofing, \fBsudo\fR checks "." and "" (both denoting
-current directory) last when searching for a command in the user's
-PATH (if one or both are in the PATH). Note, however, that the
-actual PATH environment variable is \fInot\fR modified and is passed
-unchanged to the program that \fBsudo\fR executes.
-.PP
-For security reasons, if your OS supports shared libraries, \fBsudo\fR
-should always be statically linked unless the dynamic loader disables
-user-defined library search paths for setuid programs. (Most modern
-dynamic loaders do this.)
-.PP
-\fBsudo\fR will check the ownership of its timestamp directory
-(\fI/var/run/sudo\fR or \fI/tmp/.odus\fR by default) and ignore the
-directory's contents if it is not owned by root and only read,
-writable, and executable by root. On systems that allow users to
-give files away to root (via chown), if the timestamp directory is
-located in a directory writable by anyone (ie: \fI/tmp\fR), it is
-possible for a user to create the timestamp directory before \fBsudo\fR
-is run. However, because \fBsudo\fR checks the ownership and mode of
-the directory, the only damage that can be done is to \*(L"hide\*(R" files
-by putting them in the timestamp dir. This is unlikely to happen
-since once the timestamp dir is owned by root and inaccessible by
-any other user the user placing files there would be unable to get
-them back out. To get around this issue you can use a directory
-that is not world-writable for the timestamps (\fI/var/adm/sudo\fR for
-instance).
-.PP
-\f(CWsudo\fR will not honor timestamp files set far in the future.
-Timestamp files with a date greater than current_time + 2 * \f(CWTIMEOUT\fR
-will be ignored and sudo complain about a \*(L"preposterous stampfile
-date\*(R". This is done to keep a user from creating his/her own
-timestamp file with a bogus date.
-.SH "FILES"
-.PP
-.Vb 1
-\& /etc/sudoers file of authorized users.
-.Ve
-.SH "ENVIRONMENT VARIABLES"
-.PP
-.Vb 12
-\& PATH Set to a sane value if SECURE_PATH is set
-\& SHELL Used to determine shell to run with -s option
-\& USER Set to the target user (root unless the -u option
-\& is specified)
-\& HOME In -s mode, set to homedir of root (or runas user)
-\& if built with the SHELL_SETS_HOME option
-\& SUDO_PROMPT Replaces the default password prompt
-\& SUDO_COMMAND Set to the command run by sudo
-\& SUDO_USER Set to the login of the user who invoked sudo
-\& SUDO_UID Set to the uid of the user who invoked sudo
-\& SUDO_GID Set to the gid of the user who invoked sudo
-\& SUDO_PS1 If set, PS1 will be set to its value
-.Ve
-.SH "AUTHORS"
-Many people have worked on \fBsudo\fR over the years, this
-version consists of code written primarily by:
-.PP
-.Vb 4
-\& Jeff Nieusma
-\& David Hieb
-\& Todd Miller
-\& Chris Jepeway
-.Ve
-See the HISTORY file in the \fBsudo\fR distribution for more details.
-.PP
-Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
-.SH "DISCLAIMER"
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-.PP
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-675 Mass Ave, Cambridge, MA 02139, USA.
-.SH "CAVEATS"
-There is no easy way to prevent a user from gaining a root shell if
-that user has access to commands allowing shell escapes.
-.PP
-If users have sudo ALL there is nothing to prevent them from creating
-their own program that gives them a root shell regardless of any \*(L'!\*(R'
-elements in the user specification.
-.PP
-Running shell scripts via \fBsudo\fR can expose the same kernel bugs
-that make setuid shell scripts unsafe on some operating systems.
-.SH "SEE ALSO"
-\fIsudoers\fR\|(5), \fIvisudo\fR\|(8), \fIsu\fR\|(1).
-
-.rn }` ''
-.IX Title "sudo 8"
-.IX Name "sudo - execute a command as the superuser"
-
-.IX Header "NAME"
-
-.IX Header "SYNOPSIS"
-
-.IX Header "DESCRIPTION"
-
-.IX Header "OPTIONS"
-
-.IX Item "-V"
-
-.IX Item "-l"
-
-.IX Item "-h"
-
-.IX Item "-v"
-
-.IX Item "-k"
-
-.IX Item "-b"
-
-.IX Item "-r"
-
-.IX Item "-p"
-
-.IX Item "-u"
-
-.IX Item "-s"
-
-.IX Item "-H"
-
-.IX Item "--"
-
-.IX Header "RETURN VALUES"
-
-.IX Header "SECURITY NOTES"
-
-.IX Header "FILES"
-
-.IX Header "ENVIRONMENT VARIABLES"
-
-.IX Header "AUTHORS"
-
-.IX Header "DISCLAIMER"
-
-.IX Header "CAVEATS"
-
-.IX Header "SEE ALSO"
-
diff --git a/gnu/usr.bin/sudo/sudo/sudo.c b/gnu/usr.bin/sudo/sudo/sudo.c
deleted file mode 100644
index 2edf4d00310..00000000000
--- a/gnu/usr.bin/sudo/sudo/sudo.c
+++ /dev/null
@@ -1,1129 +0,0 @@
-/* $OpenBSD: sudo.c,v 1.14 1999/03/30 06:25:25 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9 (based on Root Group sudo version 1.1)
- * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This software comes with no waranty whatsoever, use at your own risk.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- */
-
-/*
- * sudo version 1.1 allows users to execute commands as root
- * Copyright (C) 1991 The Root Group, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- **************************************************************************
- *
- * sudo.c
- *
- * This is the main() routine for sudo
- *
- * sudo is a program to allow users to execute commands
- * as root. The commands are defined in a global network-
- * wide file and can be distributed.
- *
- * sudo has been hacked far and wide. Too many people to
- * know about. It's about time to come up with a secure
- * version that will work well in a network.
- *
- * This most recent version is done by:
- *
- * Jeff Nieusma <nieusma@rootgroup.com>
- * Dave Hieb <davehieb@rootgroup.com>
- *
- * However, due to the fact that both of the above are no longer
- * working at Root Group, I am maintaining the "CU version" of
- * sudo.
- * Todd Miller <Todd.Miller@courtesan.com>
- */
-
-#define MAIN
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <pwd.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#ifdef HAVE_DCE
-#include <pthread.h>
-#endif /* HAVE_DCE */
-#ifdef HAVE_KERB5
-#include <krb5.h>
-#endif /* HAVE_KERB5 */
-
-#include "sudo.h"
-#include "version.h"
-
-#ifndef STDC_HEADERS
-extern char *getenv __P((char *));
-#endif /* STDC_HEADERS */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: sudo.c,v 1.223 1999/03/30 06:01:46 millert Exp $";
-#endif /* lint */
-
-
-/*
- * Local type declarations
- */
-struct env_table {
- char *name;
- int len;
-};
-
-
-/*
- * Prototypes
- */
-static int parse_args __P((void));
-static void usage __P((int));
-static void usage_excl __P((int));
-static void load_globals __P((int));
-static int check_sudoers __P((void));
-static int load_cmnd __P((int));
-static void add_env __P((int));
-static void clean_env __P((char **, struct env_table *));
-extern int user_is_exempt __P((void));
-extern struct passwd *sudo_getpwuid __P((uid_t));
-extern void list_matches __P((void));
-
-/*
- * Globals
- */
-int Argc;
-char **Argv;
-int NewArgc = 0;
-char **NewArgv = NULL;
-struct passwd *user_pw_ent;
-char *runas_user = RUNAS_DEFAULT;
-char *cmnd = NULL;
-char *cmnd_args = NULL;
-char *tty = "unknown";
-char *prompt;
-char host[MAXHOSTNAMELEN];
-char *shost;
-char cwd[MAXPATHLEN];
-FILE *sudoers_fp = NULL;
-struct stat cmnd_st;
-static char *runas_homedir = NULL;
-extern struct interface *interfaces;
-extern int num_interfaces;
-extern int printmatches;
-int arg_prompt = 0; /* was -p used? */
-#ifdef HAVE_KERB5
-krb5_context sudo_context = NULL;
-char *realm = NULL;
-int xrealm = 0;
-#endif /* HAVE_KERB5 */
-
-/*
- * Table of "bad" envariables to remove and len for strncmp()
- */
-struct env_table badenv_table[] = {
- { "IFS=", 4 },
- { "LD_", 3 },
- { "_RLD", 4 },
-#ifdef __hpux
- { "SHLIB_PATH=", 11 },
-#endif /* __hpux */
-#ifdef _AIX
- { "LIBPATH=", 8 },
-#endif /* _AIX */
-#ifdef HAVE_KERB4
- { "KRB_CONF", 8 },
-#endif /* HAVE_KERB4 */
-#ifdef HAVE_KERB5
- { "KRB5_CONFIG", 11 },
-#endif /* HAVE_KERB5 */
- { "ENV=", 4 },
- { "BASH_ENV=", 9 },
- { (char *) NULL, 0 }
-};
-
-
-/********************************************************************
- *
- * main()
- *
- * the driving force behind sudo...
- */
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- int rtn, serrno;
- int cmnd_status = FOUND;
- int sudo_mode = MODE_RUN;
- extern char ** environ;
-
-#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
- (void) set_auth_parameters(argc, argv);
-# ifdef HAVE_INITPRIVS
- initprivs();
-# endif
-#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
-
- Argv = argv;
- Argc = argc;
-
- if (geteuid() != 0) {
- (void) fprintf(stderr, "Sorry, %s must be setuid root.\n", Argv[0]);
- exit(1);
- }
-
- /*
- * Close all file descriptors to make sure we have a nice
- * clean slate from which to work.
- */
-#ifdef HAVE_SYSCONF
- for (rtn = sysconf(_SC_OPEN_MAX) - 1; rtn > 2; rtn--)
- (void) close(rtn);
-#else
- for (rtn = getdtablesize() - 1; rtn > 2; rtn--)
- (void) close(rtn);
-#endif /* HAVE_SYSCONF */
-
- /*
- * set the prompt based on $SUDO_PROMPT (can be overridden by `-p')
- */
- if ((prompt = getenv("SUDO_PROMPT")) == NULL)
- prompt = PASSPROMPT;
-
- /*
- * parse our arguments
- */
- sudo_mode = parse_args();
-
- switch (sudo_mode) {
- case MODE_VERSION:
- case MODE_HELP:
- (void) printf("CU Sudo version %s\n", version);
- if (sudo_mode == MODE_VERSION)
- exit(0);
- else
- usage(0);
- break;
- case MODE_VALIDATE:
- cmnd = "validate";
- break;
- case MODE_KILL:
- cmnd = "kill";
- break;
- case MODE_LIST:
- cmnd = "list";
- printmatches = 1;
- break;
- }
-
- /* must have a command to run unless got -s */
- if (cmnd == NULL && NewArgc == 0 && !(sudo_mode & MODE_SHELL))
- usage(1);
-
- clean_env(environ, badenv_table);
-
- load_globals(sudo_mode); /* load global variables used throughout sudo */
-
- /*
- * If we got the '-s' option (run shell) we need to redo NewArgv
- * and NewArgc. This can only be done after load_globals().
- */
- if ((sudo_mode & MODE_SHELL)) {
- char **dst, **src = NewArgv;
-
- NewArgv = (char **) emalloc (sizeof(char *) * (++NewArgc + 1));
-
- /* add the shell as argv[0] */
- if (user_shell && *user_shell) {
- NewArgv[0] = user_shell;
- } else {
- (void) fprintf(stderr, "%s: Unable to determine shell.", Argv[0]);
- exit(1);
- }
-
- /* copy the args from Argv */
- for (dst = NewArgv + 1; (*dst = *src) != NULL; ++src, ++dst)
- ;
- }
-
- rtn = check_sudoers(); /* check mode/owner on _PATH_SUDO_SUDOERS */
- if (rtn != ALL_SYSTEMS_GO) {
- serrno = errno;
- log_error(rtn);
- set_perms(PERM_FULL_USER, sudo_mode);
- errno = serrno;
- inform_user(rtn);
- exit(1);
- }
-
-#ifdef SECURE_PATH
- /* replace the PATH envariable with a secure one */
- if (!user_is_exempt() && sudo_setenv("PATH", SECURE_PATH)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
-#endif /* SECURE_PATH */
-
- if ((sudo_mode & MODE_RUN)) {
- cmnd_status = load_cmnd(sudo_mode); /* load the cmnd global variable */
- } else if (sudo_mode == MODE_KILL) {
- remove_timestamp(); /* remove the timestamp ticket file */
- exit(0);
- }
-
- add_env(!(sudo_mode & MODE_SHELL)); /* add in SUDO_* envariables */
-
- /* validate the user but don't search for pseudo-commands */
- rtn = validate((sudo_mode != MODE_VALIDATE && sudo_mode != MODE_LIST));
-
- switch (rtn) {
-
- case VALIDATE_OK:
- check_user();
- /* fallthrough */
-
- case VALIDATE_OK_NOPASS:
- /* finally tell the user if the command did not exist */
- if (cmnd_status == NOT_FOUND_DOT) {
- (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd);
- exit(1);
- } else if (cmnd_status == NOT_FOUND) {
- (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0],
- cmnd);
- exit(1);
- }
-
- log_error(ALL_SYSTEMS_GO);
- if (sudo_mode == MODE_VALIDATE)
- exit(0);
- else if (sudo_mode == MODE_LIST) {
- list_matches();
- exit(0);
- }
-
- /* become specified user or root */
- set_perms(PERM_RUNAS, sudo_mode);
-
- /* set $HOME for `sudo -H' */
- if ((sudo_mode & MODE_RESET_HOME) && runas_homedir)
- (void) sudo_setenv("HOME", runas_homedir);
-
-#ifndef PROFILING
- if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) {
- exit(0);
- } else {
- /*
- * Make sure we are not being spoofed. The stat should
- * be cheap enough to make this almost bulletproof.
- */
- if (cmnd_st.st_dev) {
- struct stat st;
-
- if (stat(cmnd, &st) < 0) {
- (void) fprintf(stderr, "%s: unable to stat %s: ",
- Argv[0], cmnd);
- perror("");
- exit(1);
- }
-
- if (st.st_dev != cmnd_st.st_dev ||
- st.st_ino != cmnd_st.st_ino) {
- /* log and send mail, then bitch */
- log_error(SPOOF_ATTEMPT);
- inform_user(SPOOF_ATTEMPT);
- exit(1);
- }
- }
- EXEC(cmnd, NewArgv); /* run the command */
- }
-#else
- exit(0);
-#endif /* PROFILING */
- /*
- * If we got here then the exec() failed...
- */
- (void) fprintf(stderr, "%s: ", Argv[0]);
- perror(cmnd);
- exit(-1);
- break;
-
- case VALIDATE_NOT_OK:
- check_user();
-
-#ifndef DONT_LEAK_PATH_INFO
- log_error(rtn);
- if (cmnd_status == NOT_FOUND_DOT)
- (void) fprintf(stderr, "%s: ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.\n", Argv[0], cmnd, cmnd, cmnd);
- else if (cmnd_status == NOT_FOUND)
- (void) fprintf(stderr, "%s: %s: command not found\n", Argv[0],
- cmnd);
- else
- inform_user(rtn);
- exit(1);
- break;
-#endif /* DONT_LEAK_PATH_INFO */
-
- default:
- log_error(rtn);
- inform_user(rtn);
- exit(1);
- break;
- }
-}
-
-
-
-/**********************************************************************
- *
- * load_globals()
- *
- * This function primes these important global variables:
- * user_pw_ent, host, cwd, interfaces.
- */
-
-static void load_globals(sudo_mode)
- int sudo_mode;
-{
- char *p;
-#ifdef FQDN
- struct hostent *h_ent;
-#endif /* FQDN */
-#ifdef HAVE_KERB5
- krb5_error_code retval;
- char *lrealm;
-#endif /* HAVE_KERB5 */
-
-#ifdef HOST_IN_LOG
- /*
- * Logging routines may use shost so set to a dummy value for now.
- */
- shost = strcpy(host, "localhost");
-#endif
-
- /*
- * Get a local copy of the user's struct passwd with the shadow password
- * if necesary. It is assumed that euid is 0 at this point so we
- * can read the shadow passwd file if necesary.
- */
- if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) {
- /* need to make a fake user_pw_ent */
- struct passwd pw;
- char pw_name[MAX_UID_T_LEN + 1];
-
- /* fill in uid and name fields with the uid */
- pw.pw_uid = getuid();
- (void) sprintf(pw_name, "%ld", (long) pw.pw_uid);
- pw.pw_name = pw_name;
- user_pw_ent = &pw;
-
- /* complain, log, and die */
- log_error(GLOBAL_NO_PW_ENT);
- inform_user(GLOBAL_NO_PW_ENT);
- exit(1);
- }
-
-#ifdef HAVE_KERB5
- if (retval = krb5_init_context(&sudo_context)) {
- log_error(GLOBAL_KRB5_INIT_ERR);
- inform_user(GLOBAL_KRB5_INIT_ERR);
- exit(1);
- }
- krb5_init_ets(sudo_context);
-
- if (retval = krb5_get_default_realm(sudo_context, &lrealm)) {
- log_error(GLOBAL_KRB5_INIT_ERR);
- inform_user(GLOBAL_KRB5_INIT_ERR);
- exit(1);
- }
-
- if (realm) {
- if (strcmp(realm, lrealm) != 0)
- xrealm = 1; /* User supplied realm is not the system default */
- free(lrealm);
- } else
- realm = lrealm;
-
- if (!arg_prompt) {
- p = emalloc(strlen(user_name) + strlen(realm) + 17);
- sprintf(p, "Password for %s@%s: ", user_name, realm);
- prompt = p;
- }
-#endif /* HAVE_KERB5 */
-
- /* Set euid == user and ruid == root */
- set_perms(PERM_ROOT, sudo_mode);
- set_perms(PERM_USER, sudo_mode);
-
-#ifdef HAVE_TZSET
- (void) tzset(); /* set the timezone if applicable */
-#endif /* HAVE_TZSET */
-
- /*
- * Need to get tty early since it's used for logging
- */
- if ((p = (char *) ttyname(0)) || (p = (char *) ttyname(1))) {
- if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
- p += sizeof(_PATH_DEV) - 1;
- tty = estrdup(p);
- }
-
-#ifdef SUDO_UMASK
- (void) umask((mode_t)SUDO_UMASK);
-#endif /* SUDO_UMASK */
-
-#ifdef NO_ROOT_SUDO
- if (user_uid == 0) {
- (void) fprintf(stderr,
- "You are already root, you don't need to use sudo.\n");
- exit(1);
- }
-#endif
-
- /*
- * so we know where we are... (do as user)
- */
- if (!getcwd(cwd, sizeof(cwd))) {
- /* try as root... */
- set_perms(PERM_ROOT, sudo_mode);
- if (!getcwd(cwd, sizeof(cwd))) {
- (void) fprintf(stderr, "%s: Can't get working directory!\n",
- Argv[0]);
- (void) strcpy(cwd, "unknown");
- }
- set_perms(PERM_USER, sudo_mode);
- }
-
- /*
- * load the host global variable from gethostname() and use
- * gethostbyname() if we want to be sure it is fully qualified.
- */
- if ((gethostname(host, sizeof(host)))) {
- strcpy(host, "localhost");
- log_error(GLOBAL_NO_HOSTNAME);
- inform_user(GLOBAL_NO_HOSTNAME);
- exit(2);
- }
-#ifdef FQDN
- if ((h_ent = gethostbyname(host)) == NULL)
- log_error(GLOBAL_HOST_UNREGISTERED);
- else
- strcpy(host, h_ent -> h_name);
-#endif /* FQDN */
-
- /*
- * "host" is the (possibly fully-qualified) hostname and
- * "shost" is the unqualified form of the hostname.
- */
- if ((p = strchr(host, '.'))) {
- *p = '\0';
- shost = estrdup(host);
- *p = '.';
- } else {
- shost = &host[0];
- }
-
- /*
- * load a list of ip addresses and netmasks into
- * the interfaces array.
- */
- load_interfaces();
-}
-
-
-
-/**********************************************************************
- *
- * parse_args()
- *
- * this function parses the arguments to sudo
- */
-
-static int parse_args()
-{
- int ret = MODE_RUN; /* what mode is suod to be run in? */
- int excl = 0; /* exclusive arg, no others allowed */
-
- NewArgv = Argv + 1;
- NewArgc = Argc - 1;
-
-#ifdef SHELL_IF_NO_ARGS
- if (Argc < 2) { /* no options and no command */
- ret |= MODE_SHELL;
- return(ret);
- }
-#else
- if (Argc < 2) /* no options and no command */
- usage(1);
-#endif /* SHELL_IF_NO_ARGS */
-
- while (NewArgc > 0 && NewArgv[0][0] == '-') {
- if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
- (void) fprintf(stderr, "%s: Please use single character options\n",
- Argv[0]);
- usage(1);
- }
-
- switch (NewArgv[0][1]) {
-#ifdef HAVE_KERB5
- case 'r':
- /* must have an associated realm */
- if (NewArgv[1] == NULL)
- usage(1);
-
- realm = NewArgv[1];
-
- /* shift Argv over and adjust Argc */
- NewArgc--;
- NewArgv++;
- break;
-#endif /* HAVE_KERB5 */
- case 'p':
- /* must have an associated prompt */
- if (NewArgv[1] == NULL)
- usage(1);
-
- prompt = NewArgv[1];
- arg_prompt = 1;
-
- /* shift Argv over and adjust Argc */
- NewArgc--;
- NewArgv++;
- break;
- case 'u':
- /* must have an associated runas user */
- if (NewArgv[1] == NULL)
- usage(1);
-
- runas_user = NewArgv[1];
-
- /* shift Argv over and adjust Argc */
- NewArgc--;
- NewArgv++;
- break;
- case 'b':
- ret |= MODE_BACKGROUND;
- break;
- case 'v':
- ret = MODE_VALIDATE;
- if (excl && excl != 'v')
- usage_excl(1);
- excl = 'v';
- break;
- case 'k':
- ret = MODE_KILL;
- if (excl && excl != 'k')
- usage_excl(1);
- excl = 'k';
- break;
- case 'l':
- ret = MODE_LIST;
- if (excl && excl != 'l')
- usage_excl(1);
- excl = 'l';
- break;
- case 'V':
- ret = MODE_VERSION;
- if (excl && excl != 'V')
- usage_excl(1);
- excl = 'V';
- break;
- case 'h':
- ret = MODE_HELP;
- if (excl && excl != 'h')
- usage_excl(1);
- excl = 'h';
- break;
- case 's':
- ret |= MODE_SHELL;
-#ifdef SHELL_SETS_HOME
- ret |= MODE_RESET_HOME;
-#endif /* SHELL_SETS_HOME */
- break;
- case 'H':
- ret |= MODE_RESET_HOME;
- break;
- case '-':
- NewArgc--;
- NewArgv++;
-#ifdef SHELL_IF_NO_ARGS
- if (ret == MODE_RUN)
- ret |= MODE_SHELL;
-#endif /* SHELL_IF_NO_ARGS */
- return(ret);
- case '\0':
- (void) fprintf(stderr, "%s: '-' requires an argument\n",
- Argv[0]);
- usage(1);
- default:
- (void) fprintf(stderr, "%s: Illegal option %s\n", Argv[0],
- NewArgv[0]);
- usage(1);
- }
- NewArgc--;
- NewArgv++;
- }
-
- if (NewArgc > 0 && (ret == MODE_VALIDATE || ret == MODE_KILL ||
- ret == MODE_LIST))
- usage(1);
-
- return(ret);
-}
-
-
-
-/**********************************************************************
- *
- * usage_excl()
- *
- * Tell which options are mutually exclusive and exit
- */
-
-static void usage_excl(exit_val)
- int exit_val;
-{
- (void) fprintf(stderr, "Only one of the -v, -k, -l, -V and -h options may be used\n");
- usage(exit_val);
-}
-
-/**********************************************************************
- *
- * usage()
- *
- * this function just gives you instructions and exits
- */
-
-static void usage(exit_val)
- int exit_val;
-{
- (void) fprintf(stderr,
- "usage: %s -V | -h | -l | -v | -k | -H | [-b] [-p prompt] ",
- Argv[0]);
-#ifdef HAVE_KERB5
- (void) fprintf(stderr, "[-r realm] ");
-#endif /* HAVE_KERB5 */
- (void) fprintf(stderr, "[-u username/#uid] -s | <command>\n");
- exit(exit_val);
-}
-
-
-
-/**********************************************************************
- *
- * add_env()
- *
- * this function adds sudo-specific variables into the environment
- */
-
-static void add_env(contiguous)
- int contiguous;
-{
- char idstr[MAX_UID_T_LEN + 1];
- size_t size;
- char *buf;
-
- /* add the SUDO_COMMAND envariable (cmnd + args) */
- size = strlen(cmnd) + 1;
- if (NewArgc > 1) {
- char *to, **from;
-
- if (contiguous) {
- size += (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) +
- strlen(NewArgv[NewArgc-1]) + 1;
- } else {
- for (from = &NewArgv[1]; *from; from++)
- size += strlen(*from) + 1;
- }
-
- buf = (char *) emalloc(size);
-
- /*
- * Copy the command and it's arguments info buf
- */
- (void) strcpy(buf, cmnd);
- to = buf + strlen(cmnd);
- for (from = &NewArgv[1]; *from; from++) {
- *to++ = ' ';
- (void) strcpy(to, *from);
- to += strlen(*from);
- }
- } else {
- buf = cmnd;
- }
- if (sudo_setenv("SUDO_COMMAND", buf)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
- if (NewArgc > 1)
- (void) free(buf);
-
- /* grab a pointer to the flat arg string from the environment */
- if (NewArgc > 1 && (cmnd_args = getenv("SUDO_COMMAND"))) {
- if ((cmnd_args = strchr(cmnd_args, ' ')))
- cmnd_args++;
- else
- cmnd_args = NULL;
- }
-
- /* add the SUDO_USER envariable */
- if (sudo_setenv("SUDO_USER", user_name)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
-
- /* add the SUDO_UID envariable */
- (void) sprintf(idstr, "%ld", (long) user_uid);
- if (sudo_setenv("SUDO_UID", idstr)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
-
- /* add the SUDO_GID envariable */
- (void) sprintf(idstr, "%ld", (long) user_gid);
- if (sudo_setenv("SUDO_GID", idstr)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
-
- /* set PS1 if SUDO_PS1 is set */
- if ((buf = getenv("SUDO_PS1")))
- if (sudo_setenv("PS1", buf)) {
- (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]);
- exit(1);
- }
-}
-
-
-
-/**********************************************************************
- *
- * load_cmnd()
- *
- * This function sets the cmnd global variable
- * Returns 1 on success, 0 on failure.
- */
-
-static int load_cmnd(sudo_mode)
- int sudo_mode;
-{
- int retval;
-
- if (strlen(NewArgv[0]) >= MAXPATHLEN) {
- errno = ENAMETOOLONG;
- (void) fprintf(stderr, "%s: %s: Pathname too long\n", Argv[0],
- NewArgv[0]);
- exit(1);
- }
-
- /*
- * Resolve the path
- */
- if ((retval = find_path(NewArgv[0], &cmnd)) != FOUND)
- cmnd = NewArgv[0];
- return(retval);
-}
-
-
-
-/**********************************************************************
- *
- * check_sudoers()
- *
- * This function check to see that the sudoers file is owned by
- * uid SUDOERS_UID, gid SUDOERS_GID and is mode SUDOERS_MODE.
- */
-
-static int check_sudoers()
-{
- struct stat statbuf;
- int rootstat, i;
- char c;
- int rtn = ALL_SYSTEMS_GO;
-
- /*
- * Fix the mode and group on sudoers file from old default.
- * Only works if filesystem is readable/writable by root.
- */
- set_perms(PERM_ROOT, 0);
- if ((rootstat = lstat(_PATH_SUDO_SUDOERS, &statbuf)) == 0 &&
- SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 &&
- (statbuf.st_mode & 0007777) == 0400) {
-
- if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
- (void) fprintf(stderr, "%s: fixed mode on %s\n",
- Argv[0], _PATH_SUDO_SUDOERS);
- if (statbuf.st_gid != SUDOERS_GID) {
- if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
- (void) fprintf(stderr, "%s: set group on %s\n",
- Argv[0], _PATH_SUDO_SUDOERS);
- statbuf.st_gid = SUDOERS_GID;
- } else {
- (void) fprintf(stderr,"%s: Unable to set group on %s: ",
- Argv[0], _PATH_SUDO_SUDOERS);
- perror("");
- }
- }
- } else {
- (void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
- Argv[0], _PATH_SUDO_SUDOERS);
- perror("");
- }
- }
-
- /*
- * Sanity checks on sudoers file. Must be done as sudoers
- * file owner. We already did a stat as root, so use that
- * data if we can't stat as sudoers file owner.
- */
- set_perms(PERM_SUDOERS, 0);
-
- if (rootstat != 0 && lstat(_PATH_SUDO_SUDOERS, &statbuf) != 0)
- rtn = NO_SUDOERS_FILE;
- else if (!S_ISREG(statbuf.st_mode))
- rtn = SUDOERS_NOT_FILE;
- else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE)
- rtn = SUDOERS_WRONG_MODE;
- else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID)
- rtn = SUDOERS_WRONG_OWNER;
- else {
- /* Solaris sometimes returns EAGAIN so try 10 times */
- for (i = 0; i < 10 ; i++) {
- errno = 0;
- if ((sudoers_fp = fopen(_PATH_SUDO_SUDOERS, "r")) == NULL ||
- fread(&c, sizeof(c), 1, sudoers_fp) != 1) {
- sudoers_fp = NULL;
- if (errno != EAGAIN && errno != EWOULDBLOCK)
- break;
- } else
- break;
- sleep(1);
- }
- if (sudoers_fp == NULL) {
- fprintf(stderr, "%s: cannot open %s: ", Argv[0], _PATH_SUDO_SUDOERS);
- perror("");
- rtn = NO_SUDOERS_FILE;
- }
- }
-
- set_perms(PERM_ROOT, 0);
- set_perms(PERM_USER, 0);
-
- return(rtn);
-}
-
-
-
-/**********************************************************************
- *
- * set_perms()
- *
- * this function sets real and effective uids and gids based on perm.
- */
-
-void set_perms(perm, sudo_mode)
- int perm;
- int sudo_mode;
-{
- struct passwd *pw;
-
- switch (perm) {
- case PERM_ROOT:
- if (setuid(0)) {
- perror("setuid(0)");
- exit(1);
- }
- break;
-
- case PERM_USER:
- (void) setgid(user_gid);
-
- if (seteuid(user_uid)) {
- perror("seteuid(user_uid)");
- exit(1);
- }
- break;
-
- case PERM_FULL_USER:
- if (setuid(0)) {
- perror("setuid(0)");
- exit(1);
- }
-
- (void) setgid(user_gid);
-
- if (setuid(user_uid)) {
- perror("setuid(user_uid)");
- exit(1);
- }
-
- break;
- case PERM_RUNAS:
- if (setuid(0)) {
- perror("setuid(0)");
- exit(1);
- }
-
- /* XXX - add group/gid support */
- if (*runas_user == '#') {
- if (setuid(atoi(runas_user + 1))) {
- (void) fprintf(stderr,
- "%s: cannot set uid to %s: ",
- Argv[0], runas_user);
- perror("");
- exit(1);
- }
- } else {
- if (!(pw = getpwnam(runas_user))) {
- (void) fprintf(stderr,
- "%s: no passwd entry for %s!\n",
- Argv[0], runas_user);
- exit(1);
- }
-
- /* Set $USER to match target user */
- if (sudo_setenv("USER", pw->pw_name)) {
- (void) fprintf(stderr,
- "%s: cannot allocate memory!\n",
- Argv[0]);
- exit(1);
- }
-
- if (setgid(pw->pw_gid)) {
- (void) fprintf(stderr,
- "%s: cannot set gid to %d: ",
- Argv[0], pw->pw_gid);
- perror("");
- exit(1);
- }
-
- /*
- * Initialize group vector only if are
- * going to run as a non-root user.
- */
- if (strcmp(runas_user, "root") != 0 &&
- initgroups(runas_user, pw->pw_gid)
- == -1) {
- (void) fprintf(stderr,
- "%s: cannot set group vector ",
- Argv[0]);
- perror("");
- exit(1);
- }
-
- if (setuid(pw->pw_uid)) {
- (void) fprintf(stderr,
- "%s: cannot set uid to %d: ",
- Argv[0], pw->pw_uid);
- perror("");
- exit(1);
- }
- if (sudo_mode & MODE_RESET_HOME)
- runas_homedir = pw->pw_dir;
- }
-
- break;
- case PERM_SUDOERS:
- if (setuid(0)) {
- perror("setuid(0)");
- exit(1);
- }
-
- if (setgid(SUDOERS_GID)) {
- perror("setgid(SUDOERS_GID)");
- exit(1);
- }
-
- /*
- * If SUDOERS_UID == 0 and SUDOERS_MODE
- * is group readable we use a non-zero
- * uid in order to avoid NFS lossage.
- * Using uid 1 is a bit bogus but should
- * work on all OS's.
- */
- if (SUDOERS_UID == 0) {
- if ((SUDOERS_MODE & 040) && seteuid(1)) {
- perror("seteuid(1)");
- exit(1);
- }
- } else {
- if (seteuid(SUDOERS_UID)) {
- perror("seteuid(SUDOERS_UID)");
- exit(1);
- }
- }
-
- break;
- }
-}
-
-
-
-/**********************************************************************
- *
- * clean_env()
- *
- * This function removes things from the environment that match the
- * entries in badenv_table. It would be nice to add in the SUDO_*
- * variables here as well but cmnd has not been defined at this point.
- */
-
-static void clean_env(envp, badenv_table)
- char **envp;
- struct env_table *badenv_table;
-{
- struct env_table *bad;
- char **cur;
-
- /*
- * Remove any envars that match entries in badenv_table
- */
- for (cur = envp; *cur; cur++) {
- for (bad = badenv_table; bad -> name; bad++) {
- if (strncmp(*cur, bad -> name, bad -> len) == 0) {
- /* got a match so remove it */
- char **move;
-
- for (move = cur; *move; move++)
- *move = *(move + 1);
-
- cur--;
-
- break;
- }
- }
- }
-}
diff --git a/gnu/usr.bin/sudo/sudo/sudo.h b/gnu/usr.bin/sudo/sudo/sudo.h
deleted file mode 100644
index ea04d9e5a36..00000000000
--- a/gnu/usr.bin/sudo/sudo/sudo.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/* $OpenBSD: sudo.h,v 1.9 1999/03/29 20:29:06 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9 (based on Root Group sudo version 1.1)
- * Copyright (c) 1994,1996,1998,1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This software comes with no waranty whatsoever, use at your own risk.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- */
-
-/*
- * sudo version 1.1 allows users to execute commands as root
- * Copyright (C) 1991 The Root Group, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * $Sudo: sudo.h,v 1.140 1999/03/29 04:05:12 millert Exp $
- */
-
-#ifndef _SUDO_SUDO_H
-#define _SUDO_SUDO_H
-
-#include <pathnames.h>
-#include "compat.h"
-
-/*
- * IP address and netmask pairs for checking against local interfaces.
- */
-struct interface {
- struct in_addr addr;
- struct in_addr netmask;
-};
-
-/*
- * Data structure used in parsing sudoers;
- * top of stack values are the ones that
- * apply when parsing is done & can be
- * accessed by *_matches macros
- */
-#define STACKINCREMENT (32)
-struct matchstack {
- int user;
- int cmnd;
- int host;
- int runas;
- int nopass;
-};
-
-/*
- * Data structure describing a command in the
- * sudoers file.
- */
-struct sudo_command {
- char *cmnd;
- char *args;
-};
-
-
-extern struct matchstack *match;
-extern int top;
-
-#define user_matches (match[top-1].user)
-#define cmnd_matches (match[top-1].cmnd)
-#define host_matches (match[top-1].host)
-#define runas_matches (match[top-1].runas)
-#define no_passwd (match[top-1].nopass)
-
-/*
- * Structure containing command matches if "sudo -l" is used.
- */
-struct command_match {
- char *runas;
- size_t runas_len;
- size_t runas_size;
- char *cmnd;
- size_t cmnd_len;
- size_t cmnd_size;
- int nopasswd;
-};
-
-/*
- * Structure containing Cmnd_Alias's if "sudo -l" is used.
- */
-struct generic_alias {
- char *alias;
- char *entries;
- size_t entries_size;
- size_t entries_len;
-};
-
-/*
- * Maximum number of characters to log per entry. The syslogger
- * will log this much, after that, it truncates the log line.
- * We need this here to make sure that we continue with another
- * syslog(3) call if the internal buffer is moe than 1023 characters.
- */
-#ifndef MAXSYSLOGLEN
-# define MAXSYSLOGLEN 960
-#endif
-
-/*
- * syslog(3) parameters
- */
-
-#define SLOG_SYSLOG 0x01
-#define SLOG_FILE 0x02
-#define SLOG_BOTH 0x03
-
-#if (LOGGING & SLOG_SYSLOG)
-# include <syslog.h>
-# ifndef Syslog_ident
-# define Syslog_ident "sudo"
-# endif
-# ifndef Syslog_options
-# define Syslog_options 0
-# endif
-# if !defined(Syslog_facility) && defined(LOG_NFACILITIES)
-# define Syslog_facility LOGFAC
-# endif
-# ifndef Syslog_priority_OK
-# define Syslog_priority_OK LOG_NOTICE
-# endif
-# ifndef Syslog_priority_NO
-# define Syslog_priority_NO LOG_ALERT
-# endif
-#endif /* LOGGING & SLOG_SYSLOG */
-
-#define VALIDATE_OK 0x00
-#define VALIDATE_NO_USER 0x01
-#define VALIDATE_NOT_OK 0x02
-#define VALIDATE_OK_NOPASS 0x03
-#define VALIDATE_ERROR -1
-
-/*
- * the arguments passed to log_error() are ANDed with GLOBAL_PROBLEM
- * If the result is TRUE, the argv is NOT logged with the error message
- */
-#define GLOBAL_PROBLEM 0x20
-#define ALL_SYSTEMS_GO 0x00
-#define GLOBAL_NO_PW_ENT ( 0x01 | GLOBAL_PROBLEM )
-#define GLOBAL_NO_SPW_ENT ( 0x02 | GLOBAL_PROBLEM )
-#define GLOBAL_NO_HOSTNAME ( 0x03 | GLOBAL_PROBLEM )
-#define GLOBAL_HOST_UNREGISTERED ( 0x04 | GLOBAL_PROBLEM )
-#define PASSWORD_NOT_CORRECT 0x05
-#define PASSWORDS_NOT_CORRECT 0x06
-#define NO_SUDOERS_FILE ( 0x07 | GLOBAL_PROBLEM )
-#define BAD_SUDOERS_FILE ( 0x08 | GLOBAL_PROBLEM )
-#define SUDOERS_WRONG_OWNER ( 0x09 | GLOBAL_PROBLEM )
-#define SUDOERS_WRONG_MODE ( 0x0A | GLOBAL_PROBLEM )
-#define SUDOERS_NOT_FILE ( 0x0B | GLOBAL_PROBLEM )
-#define SPOOF_ATTEMPT 0x0D
-#define BAD_STAMPDIR 0x0E
-#define BAD_STAMPFILE 0x0F
-#define BAD_ALLOCATION 0x10
-#ifdef HAVE_KERB5
-#define GLOBAL_KRB5_INIT_ERR ( 0x11 | GLOBAL_PROBLEM )
-#endif /* HAVE_KERB5 */
-
-/*
- * Boolean values
- */
-#undef TRUE
-#define TRUE 1
-#undef FALSE
-#define FALSE 0
-
-/*
- * find_path()/load_cmnd() return values
- */
-#define FOUND 1
-#define NOT_FOUND 0
-#define NOT_FOUND_DOT -1
-
-/*
- * Various modes sudo can be in (based on arguments) in octal
- */
-#define MODE_RUN 00001
-#define MODE_VALIDATE 00002
-#define MODE_KILL 00004
-#define MODE_VERSION 00010
-#define MODE_HELP 00020
-#define MODE_LIST 00040
-#define MODE_BACKGROUND 00100
-#define MODE_SHELL 00200
-#define MODE_RESET_HOME 00400
-
-/*
- * Used with set_perms()
- */
-#define PERM_ROOT 0x00
-#define PERM_USER 0x01
-#define PERM_FULL_USER 0x02
-#define PERM_SUDOERS 0x03
-#define PERM_RUNAS 0x04
-
-/*
- * Shortcuts for user_pw_ent
- */
-#define user_name (user_pw_ent -> pw_name)
-#define user_passwd (user_pw_ent -> pw_passwd)
-#define user_uid (user_pw_ent -> pw_uid)
-#define user_gid (user_pw_ent -> pw_gid)
-#define user_shell (user_pw_ent -> pw_shell)
-#define user_dir (user_pw_ent -> pw_dir)
-
-/*
- * Use either tgetpass() or system getpass()
- */
-#ifdef USE_GETPASS
-#define GETPASS(p, t) getpass(p)
-#else
-#define GETPASS(p, t) tgetpass(p, t)
-#endif
-
-/*
- * Function prototypes
- */
-#define YY_DECL int yylex __P((void))
-
-#ifndef HAVE_GETCWD
-char *getcwd __P((char *, size_t size));
-#endif
-#if !defined(HAVE_PUTENV) && !defined(HAVE_SETENV)
-int putenv __P((const char *));
-#endif
-char *sudo_goodpath __P((const char *));
-int sudo_setenv __P((char *, char *));
-char *tgetpass __P((char *, int));
-int find_path __P((char *, char **));
-void log_error __P((int));
-void inform_user __P((int));
-void check_user __P((void));
-int validate __P((int));
-void set_perms __P((int, int));
-void remove_timestamp __P((void));
-void load_interfaces __P((void));
-int check_secureware __P((char *));
-void sia_attempt_auth __P((void));
-int yyparse __P((void));
-void pass_warn __P((FILE *));
-VOID *emalloc __P((size_t));
-VOID *erealloc __P((VOID *, size_t));
-VOID *estrdup __P((char *));
-YY_DECL;
-
-
-/*
- * Most of these variables are declared in main() so they don't need
- * to be extern'ed here if this is main...
- */
-#ifndef MAIN
-extern char host[];
-extern char *shost;
-extern char cwd[];
-extern struct interface *interfaces;
-extern int num_interfaces;
-extern struct passwd *user_pw_ent;
-extern char *runas_user;
-extern char *tty;
-extern char *cmnd;
-extern char *cmnd_args;
-extern char *prompt;
-extern struct stat cmnd_st;
-extern int Argc;
-extern char **Argv;
-extern int NewArgc;
-extern char **NewArgv;
-extern FILE *sudoers_fp;
-#endif
-extern int errno;
-
-#endif /* _SUDO_SUDO_H */
diff --git a/gnu/usr.bin/sudo/sudo/sudo_setenv.c b/gnu/usr.bin/sudo/sudo/sudo_setenv.c
deleted file mode 100644
index 22680412df3..00000000000
--- a/gnu/usr.bin/sudo/sudo/sudo_setenv.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: sudo_setenv.c,v 1.9 1999/03/29 20:29:07 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains sudo_setenv().
- * sudo_setenv(3) adds a string of the form "var=val" to the environment.
- *
- * Todd C. Miller <Todd.Miller@courtesan.com> Fri Jun 3 18:32:19 MDT 1994
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-#include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-
-#include "sudo.h"
-
-#ifndef STDC_HEADERS
-#ifdef HAVE_PUTENV
-extern int putenv __P((const char *));
-#endif /* HAVE_PUTENV */
-#ifdef HAVE_SETENV
-extern int setenv __P((char *, char *, int));
-#endif /* HAVE_SETENV */
-#endif /* !STDC_HEADERS */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: sudo_setenv.c,v 1.35 1999/03/29 04:05:13 millert Exp $";
-#endif /* lint */
-
-
-/**********************************************************************
- *
- * sudo_setenv()
- *
- * sudo_setenv() adds a string of the form "var=val" to the environment.
- * If it is unable to expand the current environent it returns -1,
- * else it returns 0.
- */
-
-int sudo_setenv(var, val)
- char *var;
- char *val;
-{
-
-#ifdef HAVE_SETENV
- return(setenv(var, val, 1));
-#else
- char *envstring, *tmp;
-
- envstring = tmp = (char *) malloc(strlen(var) + strlen(val) + 2);
- if (envstring == NULL)
- return(-1);
-
- while ((*tmp++ = *var++))
- ;
-
- *(tmp-1) = '=';
-
- while ((*tmp++ = *val++))
- ;
-
- return(putenv(envstring));
-#endif /* HAVE_SETENV */
-}
diff --git a/gnu/usr.bin/sudo/sudo/sudoers.5 b/gnu/usr.bin/sudo/sudo/sudoers.5
deleted file mode 100644
index 911879e3c7b..00000000000
--- a/gnu/usr.bin/sudo/sudo/sudoers.5
+++ /dev/null
@@ -1,503 +0,0 @@
-.rn '' }`
-''' $OpenBSD: sudoers.5,v 1.11 1999/09/23 04:11:59 alex Exp $
-'''
-.de Sh
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp
-.if t .sp .5v
-.if n .sp
-..
-.de Ip
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve
-.ft R
-
-.fi
-..
-'''
-'''
-''' Set up \*(-- to give an unbreakable dash;
-''' string Tr holds user defined translation string.
-''' Bell System Logo is used as a dummy character.
-'''
-.tr \(*W-|\(bv\*(Tr
-.ie n \{\
-.ds -- \(*W-
-.ds PI pi
-.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-.ds L" ""
-.ds R" ""
-''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
-''' \*(L" and \*(R", except that they are used on ".xx" lines,
-''' such as .IP and .SH, which do another additional levels of
-''' double-quote interpretation
-.ds M" """
-.ds S" """
-.ds N" """""
-.ds T" """""
-.ds L' '
-.ds R' '
-.ds M' '
-.ds S' '
-.ds N' '
-.ds T' '
-'br\}
-.el\{\
-.ds -- \(em\|
-.tr \*(Tr
-.ds L" ``
-.ds R" ''
-.ds M" ``
-.ds S" ''
-.ds N" ``
-.ds T" ''
-.ds L' `
-.ds R' '
-.ds M' `
-.ds S' '
-.ds N' `
-.ds T' '
-.ds PI \(*p
-'br\}
-.\" If the F register is turned on, we'll generate
-.\" index entries out stderr for the following things:
-.\" TH Title
-.\" SH Header
-.\" Sh Subsection
-.\" Ip Item
-.\" X<> Xref (embedded
-.\" Of course, you have to process the output yourself
-.\" in some meaninful fashion.
-.if \nF \{
-.de IX
-.tm Index:\\$1\t\\n%\t"\\$2"
-..
-.nr % 0
-.rr F
-.\}
-.TH sudoers 5 "1.5.9" "17/Jan/99" "FILE FORMATS"
-.UC
-.if n .hy 0
-.if n .na
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.de CQ \" put $1 in typewriter font
-.ft CW
-'if n "\c
-'if t \\&\\$1\c
-'if n \\&\\$1\c
-'if n \&"
-\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
-'.ft R
-..
-.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
-. \" AM - accent mark definitions
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds ? ?
-. ds ! !
-. ds /
-. ds q
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
-. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
-.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
-.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
-.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.ds oe o\h'-(\w'o'u*4/10)'e
-.ds Oe O\h'-(\w'O'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds v \h'-1'\o'\(aa\(ga'
-. ds _ \h'-1'^
-. ds . \h'-1'.
-. ds 3 3
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-. ds oe oe
-. ds Oe OE
-.\}
-.rm #[ #] #H #V #F C
-.SH "NAME"
-sudoers \- list of which users may execute what as root
-.SH "DESCRIPTION"
-The \fIsudoers\fR file is composed of an optional host alias section,
-an optional command alias section and the user specification section.
-All command or host aliases need to start with their respective keywords
-(ie: Host_Alias, User_Alias, Runas_Alias or Cmnd_Alias).
-If there are multiple occurrences of a user, the union of the entries
-will be used.
-.Sh "user specification format:"
-.PP
-.Vb 1
-\& user access_group [: access_group] ...
-.Ve
-.Vb 10
-\& access_group ::= host_type = [(runas_list)] [NOPASSWD:] [op]cmnd_type
-\& [,[(user_list)] [NOPASSWD:] [op]cmnd_type] ...
-\& host_type ::= a lower-case hostname, netgroup, ip address,
-\& network number, network number/netmask,
-\& or host alias.
-\& runas_list ::= comma-separated list of users, groups,
-\& netgroups or Runas_Aliases the user may run
-\& commands as (default is root).
-\& cmnd_type ::= a command OR a command alias.
-\& op ::= the logical "!" NOT operator.
-.Ve
-.Sh "host alias section format:"
-.PP
-.Vb 1
-\& Host_Alias HOSTALIAS = host-list
-.Ve
-.Vb 4
-\& Host_Alias ::= a keyword.
-\& HOSTALIAS ::= an upper-case alias name.
-\& host-list ::= a comma separated list of hosts, netgroups,
-\& ip addresses, networks.
-.Ve
-.Sh "user alias section format:"
-.PP
-.Vb 1
-\& User_Alias USERALIAS = user-list
-.Ve
-.Vb 3
-\& User_Alias ::= a keyword.
-\& USERALIAS ::= an upper-case alias name.
-\& user-list ::= a comma separated list of users, groups, netgroups.
-.Ve
-.Sh "runas alias section format:"
-.PP
-.Vb 1
-\& Runas_Alias RUNASALIAS = runas-list
-.Ve
-.Vb 3
-\& Runas_Alias ::= a keyword.
-\& RUNASALIAS ::= an upper-case alias name.
-\& runas-list ::= a comma separated list of users, groups, netgroups.
-.Ve
-.Sh "command alias section format:"
-.PP
-.Vb 1
-\& Cmnd_Alias CMNDALIAS = cmnd-list
-.Ve
-.Vb 3
-\& Cmnd_Alias ::= a keyword.
-\& CMNDALIAS ::= an upper-case alias name.
-\& cmnd-list ::= a comma separated list commands.
-.Ve
-.Sh "command specification:"
-.PP
-.Vb 1
-\& path arg1 arg2 .. argn = command
-.Ve
-.Vb 2
-\& path ::= a fully qualified pathname.
-\& arg[1..n] ::= optional command line arguments.
-.Ve
-.Sh "wildcards (aka meta characters):"
-\fBsudo\fR allows shell-style \fIwildcards\fR along with command arguments
-in the \fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR
-\f(CWfnmatch(3)\fR routine.
-.Ip "\f(CW*\fR" 8
-Matches any set of zero or more characters.
-.Ip "\f(CW?\fR" 8
-Matches any single character.
-.Ip "\f(CW[...]\fR" 8
-Matches any character in the specified range.
-.Ip "\f(CW[!...]\fR" 8
-Matches any character \fBnot\fR in the specified range.
-.Ip "\f(CW\ex\fR" 8
-For any character \*(L"x\*(R", evaluates to \*(L"x\*(R". This is used to
-escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
-.Sh "exceptions to wildcard rules:"
-The following exceptions apply to the above rules:
-.Ip "\f(CW""\fR" 8
-If the empty string \f(CW""\fR is the only command line argument in the
-\fIsudoers\fR entry it means that command may take \fBno\fR arguments.
-.Sh "other special characters and reserved words:"
-Text after a pound sign (\fB#\fR) is considered a comment.
-Words that begin with a percent sign (\fB%\fR) are assumed to
-be \s-1UN\s0*X groups (%staff refers to users in the group \fIstaff\fR).
-Words that begin with a plus sign (\fB+\fR) are assumed to
-be netgroups (\fB+cshosts\fR refers to the netgroup \fIcshosts\fR).
-Long lines can be newline escaped with the backslash \fB\e\fR character.
-The reserved word \fB\s-1NOPASSWD\s0\fR indicates that a user need not
-enter a password for the command listed in that entry.
-.PP
-The reserved alias \fI\s-1ALL\s0\fR can be used for both {Host,User,Cmnd}_Alias.
-\fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used.
-Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands.
-You can subtract elements from the universe by using the syntax:
- user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt...
-Note that the \*(L"!\*(R" notation only works in a user's command list. You
-may not use it to subtract elements in a User_Alias, Host_Alias,
-Cmnd_Alias or user list.
-.PP
-Commands may have optional command line arguments. If they do,
-then the arguments in the \fIsudoers\fR file must exactly match those
-on the command line. It is also possible to have a command's
-arguments span multiple lines as long as the line continuance
-character \*(L"\e\*(R" is used. The following characters must be escaped
-with a \*(L"\e\*(R" if used in command arguments: \*(L",\*(R", \*(L":\*(R", \*(L"=\*(R", \*(L"\e\*(R".
-.SH "EXAMPLES"
-.PP
-.Vb 7
-\& # Host alias specification
-\& Host_Alias HUB=houdini:\e
-\& REMOTE=merlin,kodiakthorn,spirit
-\& Host_Alias SERVERS=houdini,merlin,kodiakthorn,spirit
-\& Host_Alias CUNETS=128.138.0.0/255.255.0.0
-\& Host_Alias CSNETS=128.138.243.0,128.138.204.0,\e
-\& 128.138.205.192
-.Ve
-.Vb 3
-\& # User alias specification
-\& User_Alias FULLTIME=millert,dowdy,mikef
-\& User_Alias PARTTIME=juola,mccreary,tor
-.Ve
-.Vb 2
-\& # Runas alias specification
-\& Runas_Alias OP=root,operator
-.Ve
-.Vb 6
-\& # Command alias specification
-\& Cmnd_Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm
-\& Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
-\& Cmnd_Alias SU=/bin/su
-\& Cmnd_Alias MISC=/bin/rm,/bin/cat:\e
-\& SHUTDOWN=/etc/halt,/etc/shutdown
-.Ve
-.Vb 14
-\& # User specification
-\& FULLTIME ALL=(ALL) NOPASSWD: ALL
-\& %wheel ALL=ALL
-\& PARTTIME ALL=ALL,!SHELLS,!SU
-\& +interns +openlabs=ALL,!SHELLS,!SU
-\& britt REMOTE=SHUTDOWN:ALL=LPCS
-\& jimbo CUNETS=/bin/su ?*,!/bin/su *root*
-\& nieusma SERVERS=SHUTDOWN,/etc/reboot:\e
-\& HUB=ALL,!SHELLS
-\& jill houdini=/etc/shutdown -[hr] now,MISC
-\& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
-\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e
-\& kodiakthorn=NOPASSWD: ALL
-\& steve CSNETS=(operator) /usr/op_commands/
-.Ve
-.Sh "Host Alias specifications:"
-The are four \fIhost aliases\fR. The first actually contains
-two \fIaliases\fR. It sets \f(CWHUB\fR to be \f(CWhoudini\fR and \f(CWREMOTE\fR
-to the three machines \f(CWmerlin\fR, \f(CWkodiakthorn\fR and \f(CWspirit\fR.
-Similarly, \f(CWSERVERS\fR is set to the machines \f(CWhoudini\fR, \f(CWmerlin\fR,
-\f(CWkodiakthorn\fR and \f(CWspirit\fR. The \f(CWCSNETS\fR alias will match
-any host on the 128.138.243.0, 128.138.204.0, or 128.138.205.192
-nets. The \f(CWCUNETS\fR alias will match any host on the 128.138.0.0
-(class B) network. Note that these are \fBnetwork\fR addresses, not ip
-addresses. Unless an explicate netmask is given, the local \fInetmask\fR
-is used to determine whether or not the current host belongs to a network.
-.Sh "User Alias specifications:"
-The two \fIuser aliases\fR simply groups the \f(CWFULLTIME\fR and
-\f(CWPARTTIME\fR folks into two separate aliases.
-.Sh "Command alias specifications:"
-Command aliases are lists of commands with or without associated
-command line arguments. The entries above should be self-explanatory.
-.Sh "User specifications:"
-.Ip "\s-1FULLTIME\s0" 16
-Full-time sysadmins in the \f(CWFULLTIME\fR alias may run any
-command on any host as any user without a password.
-.Ip "%wheel" 16
-Any user in the \s-1UN\s0*X group \f(CWwheel\fR may run any
-command on any host.
-.Ip "\s-1PARTTIME\s0" 16
-Part-time sysadmins in the \f(CWPARTTIME\fR alias may run any
-command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
-on any host.
-.Ip "+interns" 16
-Any user in the netgroup \f(CWinterns\fR may run any
-command except those in the \f(CWSHELLS\fR and \f(CWSU\fR aliases
-on any host that is in the \f(CWopenlabs\fR netgroup.
-.Ip "britt" 16
-The user \f(CWbritt\fR may run commands in the \f(CWSHUTDOWN\fR alias
-on the \f(CWREMOTE\fR machines and commands in the \f(CWLPCS\fR alias
-on any machine.
-.Ip "jimbo" 16
-The user \f(CWjimbo\fR may \f(CWsu\fR to any user save root on the
-machines on \f(CWCUNETS\fR (which is explicitly listed as a class
-B network).
-.Ip "nieusma" 16
-The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias
-as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and
-any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR
-machines.
-.Ip "jill" 16
-The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or
-\f(CW/etc/shutdown -r now\fR as well as the commands in the
-\f(CWMISC\fR alias on houdini.
-.Ip "markm" 16
-The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines
-except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed
-in the \f(CWMISC\fR alias.
-.Ip "davehieb" 16
-The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any
-user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may
-also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command
-on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR).
-.Ip "steve" 16
-The user \f(CWsteve\fR may run any command in the \fI/usr/op_commands/\fR
-directory as user \f(CWoperator\fR on the machines on \f(CWCSNETS\fR.
-.SH "CAVEATS"
-The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
-command which locks the file and does grammatical checking. It is
-imperative that the \fIsudoers\fR be free of syntax errors since sudo
-will not run with a syntactically incorrect \fIsudoers\fR file.
-.SH "FILES"
-.PP
-.Vb 2
-\& /etc/sudoers file of authorized users.
-\& /etc/netgroup list of network groups.
-.Ve
-.SH "SEE ALSO"
-\fIsudo\fR\|(8), \fIvisudo\fR\|(8), \fIsu\fR\|(1), \fIfnmatch\fR\|(3).
-
-.rn }` ''
-.IX Title "sudoers 5"
-.IX Name "sudoers - list of which users may execute what as root"
-
-.IX Header "NAME"
-
-.IX Header "DESCRIPTION"
-
-.IX Subsection "user specification format:"
-
-.IX Subsection "host alias section format:"
-
-.IX Subsection "user alias section format:"
-
-.IX Subsection "runas alias section format:"
-
-.IX Subsection "command alias section format:"
-
-.IX Subsection "command specification:"
-
-.IX Subsection "wildcards (aka meta characters):"
-
-.IX Item "\f(CW*\fR"
-
-.IX Item "\f(CW?\fR"
-
-.IX Item "\f(CW[...]\fR"
-
-.IX Item "\f(CW[!...]\fR"
-
-.IX Item "\f(CW\ex\fR"
-
-.IX Subsection "exceptions to wildcard rules:"
-
-.IX Item "\f(CW""\fR"
-
-.IX Subsection "other special characters and reserved words:"
-
-.IX Header "EXAMPLES"
-
-.IX Subsection "Host Alias specifications:"
-
-.IX Subsection "User Alias specifications:"
-
-.IX Subsection "Command alias specifications:"
-
-.IX Subsection "User specifications:"
-
-.IX Item "\s-1FULLTIME\s0"
-
-.IX Item "%wheel"
-
-.IX Item "\s-1PARTTIME\s0"
-
-.IX Item "+interns"
-
-.IX Item "britt"
-
-.IX Item "jimbo"
-
-.IX Item "nieusma"
-
-.IX Item "jill"
-
-.IX Item "markm"
-
-.IX Item "davehieb"
-
-.IX Item "steve"
-
-.IX Header "CAVEATS"
-
-.IX Header "FILES"
-
-.IX Header "SEE ALSO"
-
diff --git a/gnu/usr.bin/sudo/sudo/tgetpass.c b/gnu/usr.bin/sudo/sudo/tgetpass.c
deleted file mode 100644
index e33b2f63da7..00000000000
--- a/gnu/usr.bin/sudo/sudo/tgetpass.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/* $OpenBSD: tgetpass.c,v 1.14 1999/03/29 20:29:07 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * This module contains tgetpass(), getpass(3) with a timeout.
- * It should work on any OS that supports sgtty (4BSD), termio (SYSV),
- * or termios (POSIX) line disciplines.
- *
- * Todd C. Miller Sun Jun 5 17:22:31 MDT 1994
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <limits.h>
-#include <pwd.h>
-#include <sys/param.h>
-#include <sys/types.h>
-#ifdef HAVE_SYS_BSDTYPES_H
-#include <sys/bsdtypes.h>
-#endif /* HAVE_SYS_BSDTYPES_H */
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif /* HAVE_SYS_SELECT_H */
-#include <sys/time.h>
-#include <errno.h>
-#include <signal.h>
-#include <fcntl.h>
-#ifdef HAVE_TERMIOS_H
-#include <termios.h>
-#else
-#ifdef HAVE_TERMIO_H
-#include <termio.h>
-#else
-#include <sgtty.h>
-#include <sys/ioctl.h>
-#endif /* HAVE_TERMIO_H */
-#endif /* HAVE_TERMIOS_H */
-#ifdef HAVE_GETPRPWNAM
-# ifdef __hpux
-# include <hpsecurity.h>
-# else
-# include <sys/security.h>
-# endif /* __hpux */
-# include <prot.h> /* for AUTH_MAX_PASSWD_LENGTH */
-#endif /* HAVE_GETPRPWNAM */
-
-#include <pathnames.h>
-#include "compat.h"
-
-#ifndef TCSASOFT
-#define TCSASOFT 0
-#endif /* TCSASOFT */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: tgetpass.c,v 1.76 1999/03/29 04:05:13 millert Exp $";
-#endif /* lint */
-
-
-/******************************************************************
- *
- * tgetpass()
- *
- * this function prints a prompt and gets a password from /dev/tty
- * or stdin. Echo is turned off (if possible) during password entry
- * and input will time out based on the value of timeout.
- */
-
-char * tgetpass(prompt, timeout)
- const char *prompt;
- int timeout;
-{
-#ifdef HAVE_TERMIOS_H
- struct termios term;
-#else
-#ifdef HAVE_TERMIO_H
- struct termio term;
-#else
- struct sgttyb ttyb;
-#endif /* HAVE_TERMIO_H */
-#endif /* HAVE_TERMIOS_H */
-#ifdef POSIX_SIGNALS
- sigset_t oldmask;
- sigset_t mask;
-#else
- int oldmask;
-#endif /* POSIX_SIGNALS */
- int n, echo;
- FILE *input, *output;
- static char buf[_PASSWD_LEN + 1];
- fd_set *readfds;
- struct timeval tv;
-
- /*
- * mask out SIGINT and SIGTSTP, should probably just catch and deal.
- */
-#ifdef POSIX_SIGNALS
- (void) sigemptyset(&mask);
- (void) sigaddset(&mask, SIGINT);
- (void) sigaddset(&mask, SIGTSTP);
- (void) sigprocmask(SIG_BLOCK, &mask, &oldmask);
-#else
- oldmask = sigblock(sigmask(SIGINT)|sigmask(SIGTSTP));
-#endif
-
- /*
- * open /dev/tty for reading/writing if possible or use
- * stdin and stderr instead.
- */
- if ((input = fopen(_PATH_TTY, "r+")) == NULL) {
- input = stdin;
- output = stderr;
- } else {
- output = input;
- setbuf(output, NULL);
- }
-
- /* print the prompt */
- if (prompt)
- fputs(prompt, output);
-
- /* rewind if necesary */
- if (input == output) {
- (void) fflush(output);
- (void) rewind(output);
- }
-
- /*
- * turn off echo
- */
-#ifdef HAVE_TERMIOS_H
- (void) tcgetattr(fileno(input), &term);
- if ((echo = (term.c_lflag & ECHO))) {
- term.c_lflag &= ~ECHO;
- (void) tcsetattr(fileno(input), TCSAFLUSH|TCSASOFT, &term);
- }
-#else
-#ifdef HAVE_TERMIO_H
- (void) ioctl(fileno(input), TCGETA, &term);
- if ((echo = (term.c_lflag & ECHO))) {
- term.c_lflag &= ~ECHO;
- (void) ioctl(fileno(input), TCSETA, &term);
- }
-#else
- (void) ioctl(fileno(input), TIOCGETP, &ttyb);
- if ((echo = (ttyb.sg_flags & ECHO))) {
- ttyb.sg_flags &= ~ECHO;
- (void) ioctl(fileno(input), TIOCSETP, &ttyb);
- }
-#endif /* HAVE_TERMIO_H */
-#endif /* HAVE_TERMIOS_H */
-
- /*
- * Timeout of <= 0 means no timeout
- */
- if (timeout > 0) {
- /* setup for select(2) */
- n = howmany(fileno(input) + 1, NFDBITS) * sizeof(fd_mask);
- if ((readfds = (fd_set *) malloc(n)) == NULL) {
- (void) fprintf(stderr, "Cannot allocate memory: ");
- perror("");
- return(NULL);
- }
- (void) memset((VOID *)readfds, 0, n);
- FD_SET(fileno(input), readfds);
-
- /* set timeout for select */
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
-
- /*
- * get password or return empty string if nothing to read by timeout
- */
- buf[0] = '\0';
- while ((n = select(fileno(input) + 1, readfds, 0, 0, &tv)) == -1 &&
- errno == EINTR)
- ;
- if (n != 0 && fgets(buf, sizeof(buf), input)) {
- n = strlen(buf);
- if (buf[n - 1] == '\n')
- buf[n - 1] = '\0';
- }
- (void) free(readfds);
- } else {
- buf[0] = '\0';
- if (fgets(buf, sizeof(buf), input)) {
- n = strlen(buf);
- if (buf[n - 1] == '\n')
- buf[n - 1] = '\0';
- }
- }
-
- /* turn on echo */
-#ifdef HAVE_TERMIOS_H
- if (echo) {
- term.c_lflag |= ECHO;
- (void) tcsetattr(fileno(input), TCSAFLUSH|TCSASOFT, &term);
- }
-#else
-#ifdef HAVE_TERMIO_H
- if (echo) {
- term.c_lflag |= ECHO;
- (void) ioctl(fileno(input), TCSETA, &term);
- }
-#else
- if (echo) {
- ttyb.sg_flags |= ECHO;
- (void) ioctl(fileno(input), TIOCSETP, &ttyb);
- }
-#endif /* HAVE_TERMIO_H */
-#endif /* HAVE_TERMIOS_H */
-
- /* rewind if necesary */
- if (input == output) {
- (void) fflush(output);
- (void) rewind(output);
- }
-
- /* print a newline since echo is turned off */
- (void) fputc('\n', output);
-
- /* restore old signal mask */
-#ifdef POSIX_SIGNALS
- (void) sigprocmask(SIG_SETMASK, &oldmask, NULL);
-#else
- (void) sigsetmask(oldmask);
-#endif
-
- /* close /dev/tty if that's what we opened */
- if (input != stdin)
- (void) fclose(input);
-
- return(buf);
-}
diff --git a/gnu/usr.bin/sudo/sudo/version.h b/gnu/usr.bin/sudo/sudo/version.h
deleted file mode 100644
index 260cd1f7a3e..00000000000
--- a/gnu/usr.bin/sudo/sudo/version.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* $OpenBSD: version.h,v 1.11 1999/03/29 20:29:07 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- * $Sudo: version.h,v 1.51 1999/03/29 04:05:14 millert Exp $
- */
-
-#ifndef _SUDO_VERSION_H
-#define _SUDO_VERSION_H
-
-static const char version[] = "1.5.9";
-
-#endif /* _SUDO_VERSION_H */
diff --git a/gnu/usr.bin/sudo/visudo/Makefile b/gnu/usr.bin/sudo/visudo/Makefile
deleted file mode 100644
index b0f774af0f0..00000000000
--- a/gnu/usr.bin/sudo/visudo/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
-# $OpenBSD: Makefile,v 1.3 1999/03/29 20:29:08 millert Exp $
-
-PROG= visudo
-MAN= visudo.8
-CFLAGS+=-I${.CURDIR}/../sudo -I.
-SRCS= sudo.tab.c lex.yy.c visudo.c alloc.c
-CLEANFILES+=sudo.tab.c sudo.tab.h lex.yy.c
-.PATH: ${.CURDIR}/../sudo
-
-LDADD= -lcompat
-DPADD= ${LIBCOMPAT}
-
-BINOWN= root
-BINMODE=111
-BINDIR?=/usr/sbin
-
-.include <bsd.prog.mk>
-
-lex.yy.c: ${.CURDIR}/../sudo/parse.lex
- rm -f lex.yy.c
- $(LEX) ${.CURDIR}/../sudo/parse.lex
-
-sudo.tab.c sudo.tab.h: ${.CURDIR}/../sudo/parse.yacc
- $(YACC) -b sudo -d ${.CURDIR}/../sudo/parse.yacc
diff --git a/gnu/usr.bin/sudo/visudo/visudo.8 b/gnu/usr.bin/sudo/visudo/visudo.8
deleted file mode 100644
index 7443749bef6..00000000000
--- a/gnu/usr.bin/sudo/visudo/visudo.8
+++ /dev/null
@@ -1,311 +0,0 @@
-.rn '' }`
-''' $OpenBSD: visudo.8,v 1.10 1999/03/29 20:29:08 millert Exp $
-'''
-.de Sh
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp
-.if t .sp .5v
-.if n .sp
-..
-.de Ip
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve
-.ft R
-
-.fi
-..
-'''
-'''
-''' Set up \*(-- to give an unbreakable dash;
-''' string Tr holds user defined translation string.
-''' Bell System Logo is used as a dummy character.
-'''
-.tr \(*W-|\(bv\*(Tr
-.ie n \{\
-.ds -- \(*W-
-.ds PI pi
-.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-.ds L" ""
-.ds R" ""
-''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
-''' \*(L" and \*(R", except that they are used on ".xx" lines,
-''' such as .IP and .SH, which do another additional levels of
-''' double-quote interpretation
-.ds M" """
-.ds S" """
-.ds N" """""
-.ds T" """""
-.ds L' '
-.ds R' '
-.ds M' '
-.ds S' '
-.ds N' '
-.ds T' '
-'br\}
-.el\{\
-.ds -- \(em\|
-.tr \*(Tr
-.ds L" ``
-.ds R" ''
-.ds M" ``
-.ds S" ''
-.ds N" ``
-.ds T" ''
-.ds L' `
-.ds R' '
-.ds M' `
-.ds S' '
-.ds N' `
-.ds T' '
-.ds PI \(*p
-'br\}
-.\" If the F register is turned on, we'll generate
-.\" index entries out stderr for the following things:
-.\" TH Title
-.\" SH Header
-.\" Sh Subsection
-.\" Ip Item
-.\" X<> Xref (embedded
-.\" Of course, you have to process the output yourself
-.\" in some meaninful fashion.
-.if \nF \{
-.de IX
-.tm Index:\\$1\t\\n%\t"\\$2"
-..
-.nr % 0
-.rr F
-.\}
-.TH visudo 8 "1.5.9" "17/Jan/99" "MAINTENANCE COMMANDS"
-.UC
-.if n .hy 0
-.if n .na
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.de CQ \" put $1 in typewriter font
-.ft CW
-'if n "\c
-'if t \\&\\$1\c
-'if n \\&\\$1\c
-'if n \&"
-\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
-'.ft R
-..
-.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
-. \" AM - accent mark definitions
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds ? ?
-. ds ! !
-. ds /
-. ds q
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
-. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
-.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
-.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
-.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.ds oe o\h'-(\w'o'u*4/10)'e
-.ds Oe O\h'-(\w'O'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds v \h'-1'\o'\(aa\(ga'
-. ds _ \h'-1'^
-. ds . \h'-1'.
-. ds 3 3
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-. ds oe oe
-. ds Oe OE
-.\}
-.rm #[ #] #H #V #F C
-.SH "NAME"
-visudo \- edit the sudoers file
-.SH "SYNOPSIS"
-\fBvisudo\fR [ \fB\-V\fR ]
-.SH "DESCRIPTION"
-\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
-\fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
-simultaneous edits, provides basic sanity checks, and checks
-for parse errors. If the \fIsudoers\fR file is currently being
-edited you will receive a message to try again later. In the
-default configuration, the \fIvi\fR\|(1) editor is used, but there is
-a compile time option to allow use of whatever editor the
-environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
-.PP
-\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
-not save the changes if there is a syntax error. Upon finding
-an error, a message will be printed stating the line \fInumber\fR\|(s)
-that the error occurred on and the user will receive the
-\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
-to re-edit the \fIsudoers\fR file, enter \*(L"x\*(R" to exit without
-saving the changes, or \*(L"Q\*(R" to quit and save changes. The
-\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
-believes there to be a parse error, so will \fBsudo\fR and no one
-will be able to execute \fBsudo\fR again until the error is fixed.
-Any other command at this prompt will print a short help message.
-When editing the \fIsudoers\fR file after a parse error has been
-detected the cursor will be placed on the line where the error
-occurred (if the editor supports this feature).
-.SH "OPTIONS"
-\fBvisudo\fR accepts the following command line option:
-.Ip "-V" 4
-The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
-and exit.
-.SH "ERRORS"
-.Ip "sudoers file busy, try again later." 4
-Either someone is currently editing the \fIsudoers\fR file
-or there is a stale sudoers lock file (/etc/stmp by default)
-that you need to delete.
-.Ip "/etc/stmp: Permission denied" 4
-You didn't run \fBvisudo\fR as root.
-.Ip "Can't find you in the passwd database" 4
-Your userid does not appear in the passwd file.
-.SH "FILES"
-.Sp
-.Vb 2
-\& /etc/sudoers file of authorized users.
-\& /etc/stmp lock file for visudo.
-.Ve
-.SH "ENVIRONMENT VARIABLES"
-The following are used only if \fBvisudo\fR was compiled with the
-\fIENV_EDITOR\fR option:
-.Sp
-.Vb 2
-\& EDITOR Used by visudo as the editor to use.
-\& VISUAL Used by visudo if EDITOR is not set.
-.Ve
-.SH "AUTHOR"
-Many people have worked on \fIsudo\fR over the years, this version of
-\fBvisudo\fR was written by:
-.Sp
-.Vb 1
-\& Todd Miller <Todd.Miller@courtesan.com>
-.Ve
-See the HISTORY file in the sudo distribution for more details.
-.Sp
-Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
-.SH "DISCLAIMER"
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-.Sp
-You should have received a copy of the GNU General Public License along
-with this program; if not, write to the Free Software Foundation, Inc.,
-675 Mass Ave, Cambridge, MA 02139, USA.
-.SH "CAVEATS"
-Due to the syntax of the \fIsudoers\fR file, there is no way
-for \fBvisudo\fR to tell the difference between a mistyped
-{Host,User,Cmnd}_Alias and a user or host name.
-.Sp
-There is no easy way to prevent a user from gaining a root shell if
-the editor used by \fBvisudo\fR allows shell escapes.
-.SH "BUGS"
-The \fI\-V\fR flag gives the version of the \fIsudo\fR package rather than
-the individual \fBvisudo\fR program.
-.SH "SEE ALSO"
-\fIsudo\fR\|(8), \fIvipw\fR\|(8).
-
-.rn }` ''
-.IX Title "visudo 8"
-.IX Name "visudo - edit the sudoers file"
-
-.IX Header "NAME"
-
-.IX Header "SYNOPSIS"
-
-.IX Header "DESCRIPTION"
-
-.IX Header "OPTIONS"
-
-.IX Item "-V"
-
-.IX Header "ERRORS"
-
-.IX Item "sudoers file busy, try again later."
-
-.IX Item "/etc/stmp: Permission denied"
-
-.IX Item "Can't find you in the passwd database"
-
-.IX Header "FILES"
-
-.IX Header "ENVIRONMENT VARIABLES"
-
-.IX Header "AUTHOR"
-
-.IX Header "DISCLAIMER"
-
-.IX Header "CAVEATS"
-
-.IX Header "BUGS"
-
-.IX Header "SEE ALSO"
-
diff --git a/gnu/usr.bin/sudo/visudo/visudo.c b/gnu/usr.bin/sudo/visudo/visudo.c
deleted file mode 100644
index e6a54cf064d..00000000000
--- a/gnu/usr.bin/sudo/visudo/visudo.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/* $OpenBSD: visudo.c,v 1.11 1999/03/29 20:29:08 millert Exp $ */
-
-/*
- * CU sudo version 1.5.9
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * visudo.c -- locks the sudoers file for safe editing and check
- * for parse errors.
- *
- * Todd C. Miller <Todd.Miller@courtesan.com> Sat Mar 25 21:50:36 MST 1995
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-#include <stdlib.h>
-#endif /* STDC_HEADERS */
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-#include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
-#include <ctype.h>
-#include <pwd.h>
-#include <signal.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/file.h>
-#include <netinet/in.h>
-
-#include "sudo.h"
-#include "version.h"
-
-#ifndef STDC_HEADERS
-#ifndef __GNUC__ /* gcc has its own malloc */
-extern char *malloc __P((size_t));
-#endif /* __GNUC__ */
-extern char *getenv __P((const char *));
-extern int stat __P((const char *, struct stat *));
-#endif /* !STDC_HEADERS */
-
-#if defined(POSIX_SIGNALS) && !defined(SA_RESETHAND)
-#define SA_RESETHAND 0
-#endif /* POSIX_SIGNALS && !SA_RESETHAND */
-
-#ifndef lint
-static const char rcsid[] = "$Sudo: visudo.c,v 1.100 1999/03/29 04:05:14 millert Exp $";
-#endif /* lint */
-
-/*
- * Function prototypes
- */
-static void usage __P((void));
-static char whatnow __P((void));
-static void whatnow_help __P((void));
-static RETSIGTYPE Exit __P((int));
-static void setup_signals __P((void));
-int command_matches __P((char *, char *, char *, char *));
-int addr_matches __P((char *));
-int netgr_matches __P((char *, char *, char *));
-int usergr_matches __P((char *, char *));
-void init_parser __P((void));
-
-
-/*
- * External globals
- */
-extern FILE *yyin, *yyout;
-extern int errorlineno, sudolineno;
-
-
-/*
- * Globals
- */
-char **Argv;
-char **NewArgv = NULL;
-int NewArgc = 0;
-char *sudoers = _PATH_SUDO_SUDOERS;
-char *stmp = _PATH_SUDO_STMP;
-int parse_error = FALSE;
-char *runas_user = RUNAS_DEFAULT;
-
-/*
- * For the parsing routines
- */
-char host[] = "";
-char *shost = "";
-char *cmnd = "";
-char *cmnd_args = NULL;
-struct passwd *user_pw_ent;
-
-
-/********************************************************************
- *
- * main()
- *
- * where it all begins...
- */
-
-int main(argc, argv)
- int argc;
- char **argv;
-{
- char buf[MAXPATHLEN*2]; /* buffer used for copying files */
- char * Editor = EDITOR; /* editor to use (default is EDITOR */
- int sudoers_fd; /* sudoers file descriptor */
- int stmp_fd; /* stmp file descriptor */
- int n; /* length parameter */
-
- (void) setbuf(stderr, (char *)NULL); /* unbuffered stderr */
-
- /*
- * Parse command line options
- */
- Argv = argv;
-
- /*
- * If passesd -V then print version, else print usage
- * if any other option...
- */
- if (argc == 2) {
- if (!strcmp(Argv[1], "-V")) {
- (void) printf("visudo version %s\n", version);
- exit(0);
- } else {
- usage();
- }
- } else if (argc != 1) {
- usage();
- }
-
- /* user_pw_ent needs to point to something... */
- if ((user_pw_ent = getpwuid(getuid())) == NULL) {
- (void) fprintf(stderr, "%s: Can't find you in the passwd database: ",
- Argv[0]);
- perror(stmp);
- exit(1);
- }
-
-#ifdef ENV_EDITOR
- /*
- * If we are allowing EDITOR and VISUAL envariables set Editor
- * base on whichever exists...
- */
- if (!(Editor = getenv("EDITOR")))
- if (!(Editor = getenv("VISUAL")))
- Editor = EDITOR;
-#endif /* ENV_EDITOR */
-
- /*
- * Copy sudoers file to stmp
- */
- stmp_fd = open(stmp, O_WRONLY | O_CREAT | O_EXCL, 0600);
- if (stmp_fd < 0) {
- if (errno == EEXIST) {
- (void) fprintf(stderr, "%s: sudoers file busy, try again later.\n",
- Argv[0]);
- exit(1);
- }
- (void) fprintf(stderr, "%s: ", Argv[0]);
- perror(stmp);
- Exit(-1);
- }
-
- /* install signal handler to clean up stmp */
- setup_signals();
-
- sudoers_fd = open(sudoers, O_RDONLY);
- if (sudoers_fd < 0 && errno != ENOENT) {
- (void) fprintf(stderr, "%s: ", Argv[0]);
- perror(sudoers);
- Exit(-1);
- }
-
- /*
- * Copy the data
- */
- if (sudoers_fd >= 0) {
- while ((n = read(sudoers_fd, buf, sizeof(buf))) > 0)
- if (write(stmp_fd, buf, n) != n) {
- (void) fprintf(stderr, "%s: Write failed: ", Argv[0]);
- perror("");
- Exit(-1);
- }
-
- (void) close(sudoers_fd);
- }
- (void) close(stmp_fd);
-
- /*
- * Edit the temp file and parse it (for sanity checking)
- */
- do {
- /*
- * Build up a buffer to execute
- */
- if (strlen(Editor) + strlen(stmp) + 30 > sizeof(buf)) {
- (void) fprintf(stderr, "%s: Buffer too short (line %d).\n",
- Argv[0], __LINE__);
- Exit(-1);
- }
- if (parse_error == TRUE)
- (void) sprintf(buf, "%s +%d %s", Editor, errorlineno, stmp);
- else
- (void) sprintf(buf, "%s %s", Editor, stmp);
-
- /* do the edit -- some SYSV editors return 256 instead of 0 */
- n = system(buf);
- if (n == 0 || n == 256) {
- struct stat statbuf; /* for sanity checking */
-
- /* make sure stmp exists */
- if (stat(stmp, &statbuf) < 0) {
- (void) fprintf(stderr,
- "%s: Can't stat temporary file (%s), %s unchanged.\n",
- Argv[0], stmp, sudoers);
- Exit(-1);
- }
-
- /* check for zero length file */
- if (statbuf.st_size == 0) {
- (void) fprintf(stderr,
- "%s: Zero length temporary file (%s), %s unchanged.\n",
- Argv[0], stmp, sudoers);
- Exit(-1);
- }
-
- /*
- * passed sanity checks so reopen stmp file and check
- * for parse errors.
- */
- yyout = stdout;
- if (parse_error)
- yyin = freopen(stmp, "r", yyin);
- else
- yyin = fopen(stmp, "r");
- if (yyin == NULL) {
- (void) fprintf(stderr,
- "%s: Can't re-open temporary file (%s), %s unchanged.\n",
- Argv[0], stmp, sudoers);
- Exit(-1);
- }
-
- /* clean slate for each parse */
- init_parser();
-
- /* parse the sudoers file */
- if (yyparse() && parse_error != TRUE) {
- (void) fprintf(stderr,
- "%s: Failed to parse temporary file (%s), unknown error.\n",
- Argv[0], stmp);
- parse_error = TRUE;
- }
- } else {
- (void) fprintf(stderr, "%s: Editor (%s) failed, %s unchanged.\n",
- Argv[0], Editor, sudoers);
- Exit(-1);
- }
-
- /*
- * Prompt the user for what to do now
- */
- if (parse_error == TRUE) {
- switch (whatnow()) {
- case 'q' : parse_error = FALSE; /* ignore parse error */
- break;
- case 'x' : Exit(0);
- break;
- }
- }
- } while (parse_error == TRUE);
-
- /*
- * Change mode and ownership of temp file so when
- * we move it to sudoers things are kosher.
- */
- if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
- (void) fprintf(stderr,
- "%s: Unable to set (uid, gid) of %s to (%d, %d): ",
- Argv[0], stmp, SUDOERS_UID, SUDOERS_GID);
- perror("");
- Exit(-1);
- }
- if (chmod(stmp, SUDOERS_MODE)) {
- (void) fprintf(stderr,
- "%s: Unable to change mode of %s to %o: ",
- Argv[0], stmp, SUDOERS_MODE);
- perror("");
- Exit(-1);
- }
-
- /*
- * Now that we have a sane stmp file (parse ok) it needs to be
- * rename(2)'d to sudoers. If the rename(2) fails we try using
- * mv(1) in case stmp and sudoers are on different filesystems.
- */
- if (rename(stmp, sudoers)) {
- if (errno == EXDEV) {
- char *tmpbuf;
-
- (void) fprintf(stderr,
- "%s: %s and %s not on the same filesystem, using mv to rename.\n",
- Argv[0], stmp, sudoers);
-
- /* Allocate just enough space for tmpbuf */
- n = sizeof(char) * (strlen(_PATH_MV) + strlen(stmp) +
- strlen(sudoers) + 4);
- if ((tmpbuf = (char *) malloc(n)) == NULL) {
- (void) fprintf(stderr,
- "%s: Cannot alocate memory, %s unchanged: ",
- Argv[0], sudoers);
- perror("");
- Exit(-1);
- }
-
- /* Build up command and execute it */
- (void) sprintf(tmpbuf, "%s %s %s", _PATH_MV, stmp, sudoers);
- if (system(tmpbuf)) {
- (void) fprintf(stderr,
- "%s: Command failed: '%s', %s unchanged.\n",
- Argv[0], tmpbuf, sudoers);
- Exit(-1);
- }
- (void) free(tmpbuf);
- } else {
- (void) fprintf(stderr, "%s: Error renaming %s, %s unchanged: ",
- Argv[0], stmp, sudoers);
- perror("");
- Exit(-1);
- }
- }
-
- return(0);
-}
-
-
-/********************************************************************
- *
- * dummy *_matches routines
- *
- * These exist to allow us to use the same parser as sudo(8).
- */
-
-int command_matches(cmnd, user_args, path, sudoers_args)
- char *cmnd;
- char *user_args;
- char *path;
- char *sudoers_args;
-{
- return(TRUE);
-}
-
-
-int addr_matches(n)
- char *n;
-{
- return(TRUE);
-}
-
-int usergr_matches(g, u)
- char *g, *u;
-{
- return(TRUE);
-}
-
-
-int netgr_matches(n, h, u)
- char *n, *h, *u;
-{
- return(TRUE);
-}
-
-
-/********************************************************************
- *
- * usage()
- *
- * Prints a help message and exits w/ exit value of 1.
- */
-
-static void usage()
-{
- (void) fprintf(stderr, "usage: %s [-V]\n", Argv[0]);
- Exit(-1);
-}
-
-
-/********************************************************************
- *
- * Exit()
- *
- * Unlinks the sudoers temp file (if it exists) and exits.
- * Used in place of a normal exit() and as a signal handler.
- * A positive parameter is considered to be a signal and is reported.
- */
-
-static RETSIGTYPE Exit(sig)
- int sig;
-{
- (void) unlink(stmp);
-
- if (sig > 0)
- (void) fprintf(stderr, "%s exiting, caught signal %d.\n", Argv[0], sig);
-
- exit(-sig);
-}
-
-
-/********************************************************************
- *
- * whatnow()
- *
- * Assuming a parse error occurred, prompt the user for what they want
- * to do now. Returns first letter of their choice (always lowercase).
- */
-
-static char whatnow()
-{
- char choice;
- int ok;
-
- do {
- ok = FALSE;
- (void) fputs("What now? ", stdout);
- if ((choice = getchar()) != '\n')
- while (getchar() != '\n')
- ;
-
- if (choice == 'e' || choice == 'x' || choice == 'Q')
- ok = TRUE;
-
- /* help message if they gavce us garbage */
- if (!ok)
- whatnow_help();
-
- } while (!ok);
-
- return(choice);
-}
-
-
-/********************************************************************
- *
- * whatnow_help()
- *
- * Print out a help message for whatnow().
- */
-
-static void whatnow_help()
-{
- (void) printf("Options are:\n");
- (void) printf(" (e)dit sudoers file again\n");
- (void) printf(" e(x)it without saving changes to sudoers file\n");
- (void) printf(" (Q)uit and save changes to sudoers file (DANGER!)\n\n");
-}
-
-
-/********************************************************************
- *
- * setup_signals()
- *
- * Install signal handlers for visudo.
- */
-
-static void setup_signals()
-{
-#ifdef POSIX_SIGNALS
- struct sigaction action; /* posix signal structure */
-#endif /* POSIX_SIGNALS */
-
- /*
- * Setup signal handlers
- */
-#ifdef POSIX_SIGNALS
- (void) memset((VOID *)&action, 0, sizeof(action));
- action.sa_handler = Exit;
- action.sa_flags = SA_RESETHAND;
- (void) sigaction(SIGILL, &action, NULL);
- (void) sigaction(SIGTRAP, &action, NULL);
- (void) sigaction(SIGBUS, &action, NULL);
- (void) sigaction(SIGSEGV, &action, NULL);
- (void) sigaction(SIGTERM, &action, NULL);
-
- action.sa_handler = SIG_IGN;
- action.sa_flags = 0;
- (void) sigaction(SIGHUP, &action, NULL);
- (void) sigaction(SIGINT, &action, NULL);
- (void) sigaction(SIGQUIT, &action, NULL);
-#else
- (void) signal(SIGILL, Exit);
- (void) signal(SIGTRAP, Exit);
- (void) signal(SIGBUS, Exit);
- (void) signal(SIGSEGV, Exit);
- (void) signal(SIGTERM, Exit);
-
- (void) signal(SIGHUP, SIG_IGN);
- (void) signal(SIGINT, SIG_IGN);
- (void) signal(SIGQUIT, SIG_IGN);
-#endif /* POSIX_SIGNALS */
-}