isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

o Add a "pedentic" flag to the parser. This makes sudo warn in cases

Browse Source 
where an alias may be used before it is defined.  Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default.  The PASSWD tag can be used to require
authentication for an entry.  We no longer overload --without-passwd.
This commit is contained in:
Todd C. Miller
1999-08-12 14:37:27 +00:00
parent f14dd25b01
commit 2386dc1b45
11 changed files with 608 additions and 501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
INSTALL
View File

@@ -380,9 +380,15 @@ Special features/options:
on some SysV-based OS's using STREAMS.
--without-passwd
This option disables passwd/shadow file authentication. If
no other authentication function is defined, sudo will not
prompt for a password at all.
This option authentication via the the passwd (or shadow) file.
It should only be used when another, alternate, authentication
scheme is in use.
--disable-authentication
By default, sudo requires the user to authenticate via a
password or similar means. This options causes sudo to
*not* require authentication. It is possible to turn
authentication back on in sudoers via the PASSWD attribute.
--disable-shadow
Disable shadow password support. Normally, sudo will compile in shadow

4
auth/sudo_auth.c
View File

@@ -34,8 +34,6 @@
#include "config.h"
#ifndef NO_PASSWD
#include <stdio.h>
#ifdef STDC_HEADERS
#include <stdlib.h>
@@ -210,5 +208,3 @@ pass_warn(fp)
(void) fprintf(fp, "%s\n", INCORRECT_PASSWORD);
#endif /* USE_INSULTS */
}
#endif /* NO_PASSWD */

13
check.c
View File

@@ -74,7 +74,6 @@ static const char rcsid[] = "$Sudo$";
int user_is_exempt __P((void));
static void build_timestamp __P((char **, char **));
static int timestamp_status __P((char *, char *, char *, int));
#ifndef NO_PASSWD
static char *expand_prompt __P((char *, char *, char *));
static void lecture __P((void));
static void update_timestamp __P((char *, char *));
@@ -220,18 +219,6 @@ expand_prompt(old_prompt, user, host)
return(new_prompt);
}
#else /* NO_PASSWD */
/*
* Stub function, just returns.
*/
void
check_user()
{
return;
}
#endif /* NO_PASSWD */
/*
* Checks if the user is exempt from supplying a password.
*/

6
config.h.in
View File

@@ -362,11 +362,11 @@
/* Define if your struct sockadr has an sa_len field. */
#undef HAVE_SA_LEN
/* Define if you want to disable passwd/shadow file authentication. */
/* Define to avoid using the passwd/shadow file for authentication. */
#undef WITHOUT_PASSWD
/* Define if you don't want sudo to prompt for a password at all. */
#undef NO_PASSWD
/* Define if you don't want sudo to prompt for a password by default. */
#undef NO_AUTHENTICATION
/* Define to void if your C compiler fully groks void, else char */
#undef VOID

783
configure vendored
View File

File diff suppressed because it is too large Load Diff

50
configure.in
View File

@@ -30,7 +30,7 @@ CPPFLAGS=""
AC_SUBST(CPPFLAGS)dnl
OSDEFS=""
AC_SUBST(OSDEFS)dnl
AUTH_OBJS="passwd.o"
AUTH_OBJS=""
AC_SUBST(AUTH_OBJS)dnl
LIBOBJS=""
AC_SUBST(LIBOBJS)dnl
@@ -141,16 +141,12 @@ AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
;;
esac])
dnl
dnl Must be the first thing to modify ${AUTH_OBJS}
dnl
AC_ARG_WITH(passwd, [ --without-passwd no passwd/shadow file authentication],
AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
[case $with_passwd in
yes) ;;
no) AC_DEFINE(WITHOUT_PASSWD)
AC_MSG_CHECKING(whether to check shadow/passwd file)
AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT(no)
AUTH_OBJS=""
;;
*) echo "Sorry, --with-passwd does not take an argument."
exit 1
@@ -219,6 +215,7 @@ AC_ARG_WITH(SecurID, [ --with-SecurID enable SecurID support],
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
with_passwd=no
AUTH_OBJS="securid.o"
;;
esac])
@@ -228,6 +225,7 @@ AC_ARG_WITH(fwtk, [ --with-fwtk enable FWTK AuthSRV support],
yes) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
with_passwd=no
AUTH_OBJS="fwtk.o"
;;
no) ;;
@@ -236,6 +234,7 @@ AC_ARG_WITH(fwtk, [ --with-fwtk enable FWTK AuthSRV support],
AC_MSG_RESULT(yes)
SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}"
CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
with_passwd=no
AUTH_OBJS="fwtk.o"
with_fwtk=yes
;;
@@ -268,6 +267,7 @@ AC_ARG_WITH(authenticate, [ --with-authenticate enable AIX general authenti
yes) AC_DEFINE(HAVE_AUTHENTICATE)
AC_MSG_CHECKING(whether to use AIX general authentication)
AC_MSG_RESULT(yes)
with_passwd=no
AUTH_OBJS="authenticate.o"
;;
no) ;;
@@ -281,6 +281,7 @@ AC_ARG_WITH(pam, [ --with-pam enable PAM support],
yes) AC_DEFINE(HAVE_PAM)
AC_MSG_CHECKING(whether to use PAM authentication)
AC_MSG_RESULT(yes)
with_passwd=no
AUTH_OBJS="pam.o"
;;
no) ;;
@@ -846,6 +847,22 @@ dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
[ --disable-authentication
Do not require authentication by default],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_AUTHENTICATION)
;;
*) AC_MSG_RESULT(no)
echo "Ignoring unknown argument to --enable-authentication: $enableval"
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[ --disable-shadow Never use shadow passwords],
@@ -1169,7 +1186,6 @@ case "$host" in
fi
if test -n "$SECUREWARE"; then
AUTH_OBJS="${AUTH_OBJS} secureware.o"
AC_DEFINE(HAVE_GETPRPWNAM)
# 4.x and higher need -ldb too...
AC_CHECK_LIB(db, dbopen, [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"], [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"])
@@ -1184,6 +1200,7 @@ case "$host" in
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
else
with_passwd=no
AUTH_OBJS="sia.o"
fi
;;
@@ -1597,12 +1614,19 @@ SUDO_LOGFILE
SUDO_TIMEDIR
dnl
dnl If ${AUTH_OBJS} is empty, define NO_PASSWD
dnl The meaning of --without-passwd is overloaded...
dnl Use passwd (and secureware) auth modules?
dnl
if test -z "$AUTH_OBJS"; then
AC_DEFINE(NO_PASSWD)
AC_MSG_WARN(no user authentication will be performed)
if test "$with_passwd" = "no"; then
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([Error: no authentication methods defined.])
fi
else
if test -n "$SECUREWARE"; then
AUTH_OBJS="${AUTH_OBJS} passwd.o secureware.o"
else
AUTH_OBJS="${AUTH_OBJS} passwd.o"
fi
fi
dnl

48
parse.yacc
View File

@@ -88,8 +88,14 @@ static const char rcsid[] = "$Sudo$";
*/
extern int sudolineno, parse_error;
int errorlineno = -1;
int clearaliases = 1;
int clearaliases = TRUE;
int printmatches = FALSE;
int pedantic = FALSE;
#ifdef NO_AUTHENTICATION
int pwdef = TRUE;
#else
int pwdef = -1;
#endif
/*
* Alias types
@@ -115,7 +121,7 @@ int top = 0, stacksize = 0;
match[top].cmnd = -1; \
match[top].host = -1; \
match[top].runas = -1; \
match[top].nopass = -1; \
match[top].nopass = pwdef; \
top++; \
}
@@ -226,14 +232,14 @@ yyerror(s)
%token <tok> CMNDALIAS /* Cmnd_Alias keyword */
%token <tok> USERALIAS /* User_Alias keyword */
%token <tok> RUNASALIAS /* Runas_Alias keyword */
%token <tok> ':' '=' ',' '!' '.' /* union member tokens */
%token <tok> ':' '=' ',' '!' /* union member tokens */
%token <tok> ERROR
/*
* NOTE: these are not true booleans as there are actually 3 possible values:
* 1) TRUE (item matched and user is allowed)
* 0) FALSE (item matched and user is *not* allowed because of '!')
* -1) No change (don't change the value of *_matches)
* 1) TRUE (positive match)
* 0) FALSE (negative match due to a '!' somewhere)
* -1) No match (don't change the value of *_matches)
*/
%type <BOOLEAN> cmnd
%type <BOOLEAN> hostspec
@@ -277,7 +283,7 @@ privilege : hostlist '=' cmndspeclist {
*/
host_matches = -1;
runas_matches = -1;
no_passwd = -1;
no_passwd = pwdef;
}
;
@@ -330,8 +336,12 @@ hostspec : ALL {
$$ = aip->val;
else if (strcasecmp(user_shost, $1) == 0)
$$ = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Host_Alias `%s' referenced near line %d\n", $1, sudolineno);
$$ = -1;
}
free($1);
}
;
@@ -476,8 +486,12 @@ runasuser : NAME {
$$ = aip->val;
else if (strcmp($1, user_runas) == 0)
$$ = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Runas_Alias `%s' referenced near line %d\n", $1, sudolineno);
$$ = -1;
}
free($1);
}
| ALL {
@@ -550,8 +564,12 @@ cmnd : ALL {
if ((aip = find_alias($1, CMND_ALIAS)))
$$ = aip->val;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Cmnd_Alias `%s' referenced near line %d", $1, sudolineno);
$$ = -1;
}
free($1);
}
| COMMAND {
@@ -705,8 +723,12 @@ user : NAME {
$$ = aip->val;
else if (strcmp($1, user_name) == 0)
$$ = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared User_Alias `%s' referenced near line %d\n", $1, sudolineno);
$$ = -1;
}
free($1);
}
| ALL {
@@ -897,8 +919,10 @@ list_matches()
}
/* Is a password required? */
if (cm_list[i].nopasswd == TRUE)
if (cm_list[i].nopasswd == TRUE && pwdef != TRUE)
(void) fputs("NOPASSWD: ", stdout);
else if (cm_list[i].nopasswd == FALSE && pwdef == TRUE)
(void) fputs("PASSWD: ", stdout);
/* Print the actual command or expanded Cmnd_Alias. */
key.alias = cm_list[i].cmnd;

174
sudo.tab.c
View File

@@ -106,8 +106,14 @@ static const char rcsid[] = "$Sudo$";
*/
extern int sudolineno, parse_error;
int errorlineno = -1;
int clearaliases = 1;
int clearaliases = TRUE;
int printmatches = FALSE;
int pedantic = FALSE;
#ifdef NO_AUTHENTICATION
int pwdef = TRUE;
#else
int pwdef = -1;
#endif
/*
* Alias types
@@ -133,7 +139,7 @@ int top = 0, stacksize = 0;
match[top].cmnd = -1; \
match[top].host = -1; \
match[top].runas = -1; \
match[top].nopass = -1; \
match[top].nopass = pwdef; \
top++; \
}
@@ -216,14 +222,14 @@ yyerror(s)
#endif
parse_error = TRUE;
}
#line 203 "parse.yacc"
#line 209 "parse.yacc"
typedef union {
char *string;
int BOOLEAN;
struct sudo_command command;
int tok;
} YYSTYPE;
#line 227 "sudo.tab.c"
#line 233 "sudo.tab.c"
#define ALIAS 257
#define NTWKADDR 258
#define FQHOST 259
@@ -530,7 +536,7 @@ short *yyss;
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
#line 719 "parse.yacc"
#line 741 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
@@ -712,8 +718,10 @@ list_matches()
}
/* Is a password required? */
if (cm_list[i].nopasswd == TRUE)
if (cm_list[i].nopasswd == TRUE && pwdef != TRUE)
(void) fputs("NOPASSWD: ", stdout);
else if (cm_list[i].nopasswd == FALSE && pwdef == TRUE)
(void) fputs("PASSWD: ", stdout);
/* Print the actual command or expanded Cmnd_Alias. */
key.alias = cm_list[i].cmnd;
@@ -869,7 +877,7 @@ init_parser()
if (printmatches == TRUE)
expand_match_list();
}
#line 873 "sudo.tab.c"
#line 881 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || __STDC__
static int yygrowstack(void)
@@ -1050,42 +1058,42 @@ yyreduce:
switch (yyn)
{
case 3:
#line 250 "parse.yacc"
#line 256 "parse.yacc"
{ ; }
break;
case 4:
#line 252 "parse.yacc"
#line 258 "parse.yacc"
{ yyerrok; }
break;
case 5:
#line 253 "parse.yacc"
#line 259 "parse.yacc"
{ push; }
break;
case 6:
#line 253 "parse.yacc"
#line 259 "parse.yacc"
{
while (top && user_matches != TRUE)
pop;
}
break;
case 7:
#line 258 "parse.yacc"
{ ; }
break;
case 8:
#line 260 "parse.yacc"
{ ; }
break;
case 9:
#line 262 "parse.yacc"
{ ; }
break;
case 10:
#line 264 "parse.yacc"
{ ; }
break;
case 8:
#line 266 "parse.yacc"
{ ; }
break;
case 9:
#line 268 "parse.yacc"
{ ; }
break;
case 10:
#line 270 "parse.yacc"
{ ; }
break;
case 13:
#line 272 "parse.yacc"
#line 278 "parse.yacc"
{
/*
* We already did a push if necessary in
@@ -1094,32 +1102,32 @@ case 13:
*/
host_matches = -1;
runas_matches = -1;
no_passwd = -1;
no_passwd = pwdef;
}
break;
case 14:
#line 284 "parse.yacc"
#line 290 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = yyvsp[0].BOOLEAN;
}
break;
case 15:
#line 288 "parse.yacc"
#line 294 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = !yyvsp[0].BOOLEAN;
}
break;
case 16:
#line 293 "parse.yacc"
#line 299 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
free(yyvsp[0].string);
}
break;
case 17:
#line 297 "parse.yacc"
#line 303 "parse.yacc"
{
if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE;
@@ -1129,7 +1137,7 @@ case 17:
}
break;
case 18:
#line 304 "parse.yacc"
#line 310 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, user_host, NULL))
yyval.BOOLEAN = TRUE;
@@ -1139,7 +1147,7 @@ case 18:
}
break;
case 19:
#line 311 "parse.yacc"
#line 317 "parse.yacc"
{
if (strcasecmp(user_shost, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
@@ -1149,7 +1157,7 @@ case 19:
}
break;
case 20:
#line 318 "parse.yacc"
#line 324 "parse.yacc"
{
if (strcasecmp(user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
@@ -1159,7 +1167,7 @@ case 20:
}
break;
case 21:
#line 325 "parse.yacc"
#line 331 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
@@ -1168,13 +1176,17 @@ case 21:
yyval.BOOLEAN = aip->val;
else if (strcasecmp(user_shost, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Host_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 24:
#line 343 "parse.yacc"
#line 353 "parse.yacc"
{
/*
* Push the entry onto the stack if it is worth
@@ -1189,14 +1201,14 @@ case 24:
}
break;
case 25:
#line 357 "parse.yacc"
#line 367 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = yyvsp[0].BOOLEAN;
}
break;
case 26:
#line 361 "parse.yacc"
#line 371 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1208,14 +1220,14 @@ case 26:
}
break;
case 27:
#line 369 "parse.yacc"
#line 379 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = !yyvsp[0].BOOLEAN;
}
break;
case 28:
#line 375 "parse.yacc"
#line 385 "parse.yacc"
{
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
@@ -1241,18 +1253,18 @@ case 28:
}
break;
case 29:
#line 398 "parse.yacc"
#line 408 "parse.yacc"
{ ; }
break;
case 32:
#line 405 "parse.yacc"
#line 415 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
runas_matches = yyvsp[0].BOOLEAN;
}
break;
case 33:
#line 409 "parse.yacc"
#line 419 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1264,14 +1276,14 @@ case 33:
}
break;
case 34:
#line 417 "parse.yacc"
#line 427 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
runas_matches = !yyvsp[0].BOOLEAN;
}
break;
case 35:
#line 422 "parse.yacc"
#line 432 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1288,7 +1300,7 @@ case 35:
}
break;
case 36:
#line 436 "parse.yacc"
#line 446 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1305,7 +1317,7 @@ case 36:
}
break;
case 37:
#line 450 "parse.yacc"
#line 460 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1322,7 +1334,7 @@ case 37:
}
break;
case 38:
#line 464 "parse.yacc"
#line 474 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
@@ -1338,13 +1350,17 @@ case 38:
yyval.BOOLEAN = aip->val;
else if (strcmp(yyvsp[0].string, user_runas) == 0)
yyval.BOOLEAN = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Runas_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 39:
#line 483 "parse.yacc"
#line 497 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1358,7 +1374,7 @@ case 39:
}
break;
case 40:
#line 496 "parse.yacc"
#line 510 "parse.yacc"
{
/* Inherit NOPASSWD/PASSWD status. */
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1371,7 +1387,7 @@ case 40:
}
break;
case 41:
#line 506 "parse.yacc"
#line 520 "parse.yacc"
{
no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1380,7 +1396,7 @@ case 41:
}
break;
case 42:
#line 512 "parse.yacc"
#line 526 "parse.yacc"
{
no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1389,7 +1405,7 @@ case 42:
}
break;
case 43:
#line 520 "parse.yacc"
#line 534 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1410,7 +1426,7 @@ case 43:
}
break;
case 44:
#line 538 "parse.yacc"
#line 552 "parse.yacc"
{
aliasinfo *aip;
@@ -1426,13 +1442,17 @@ case 44:
if ((aip = find_alias(yyvsp[0].string, CMND_ALIAS)))
yyval.BOOLEAN = aip->val;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared Cmnd_Alias `%s' referenced near line %d", yyvsp[0].string, sudolineno);
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 45:
#line 557 "parse.yacc"
#line 575 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
@@ -1461,11 +1481,11 @@ case 45:
}
break;
case 48:
#line 589 "parse.yacc"
#line 607 "parse.yacc"
{ push; }
break;
case 49:
#line 589 "parse.yacc"
#line 607 "parse.yacc"
{
if (host_matches != -1 &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches))
@@ -1474,7 +1494,7 @@ case 49:
}
break;
case 54:
#line 605 "parse.yacc"
#line 623 "parse.yacc"
{
push;
if (printmatches == TRUE) {
@@ -1486,7 +1506,7 @@ case 54:
}
break;
case 55:
#line 613 "parse.yacc"
#line 631 "parse.yacc"
{
if (cmnd_matches != -1 &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches))
@@ -1499,11 +1519,11 @@ case 55:
}
break;
case 56:
#line 625 "parse.yacc"
#line 643 "parse.yacc"
{ ; }
break;
case 60:
#line 633 "parse.yacc"
#line 651 "parse.yacc"
{
push;
if (printmatches == TRUE) {
@@ -1515,7 +1535,7 @@ case 60:
}
break;
case 61:
#line 641 "parse.yacc"
#line 659 "parse.yacc"
{
if (runas_matches != -1 &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, runas_matches))
@@ -1528,11 +1548,11 @@ case 61:
}
break;
case 64:
#line 657 "parse.yacc"
#line 675 "parse.yacc"
{ push; }
break;
case 65:
#line 657 "parse.yacc"
#line 675 "parse.yacc"
{
if (user_matches != -1 &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches))
@@ -1542,25 +1562,25 @@ case 65:
}
break;
case 66:
#line 666 "parse.yacc"
#line 684 "parse.yacc"
{ ; }
break;
case 68:
#line 670 "parse.yacc"
#line 688 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = yyvsp[0].BOOLEAN;
}
break;
case 69:
#line 674 "parse.yacc"
#line 692 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = !yyvsp[0].BOOLEAN;
}
break;
case 70:
#line 679 "parse.yacc"
#line 697 "parse.yacc"
{
if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
@@ -1570,7 +1590,7 @@ case 70:
}
break;
case 71:
#line 686 "parse.yacc"
#line 704 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name))
yyval.BOOLEAN = TRUE;
@@ -1580,7 +1600,7 @@ case 71:
}
break;
case 72:
#line 693 "parse.yacc"
#line 711 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, user_name))
yyval.BOOLEAN = TRUE;
@@ -1590,7 +1610,7 @@ case 72:
}
break;
case 73:
#line 700 "parse.yacc"
#line 718 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
@@ -1599,19 +1619,23 @@ case 73:
yyval.BOOLEAN = aip->val;
else if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
else
else {
if (pedantic)
(void) fprintf(stderr,
"Warning: undeclared User_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
yyval.BOOLEAN = -1;
}
free(yyvsp[0].string);
}
break;
case 74:
#line 712 "parse.yacc"
#line 734 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
free(yyvsp[0].string);
}
break;
#line 1615 "sudo.tab.c"
#line 1639 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;

6
testsudoers.c
View File

@@ -90,6 +90,7 @@ int num_interfaces;
struct interface *interfaces;
struct sudo_user sudo_user;
extern int clearaliases;
extern int pedantic;
/*
* Prototypes for external functions
@@ -339,8 +340,11 @@ main(argc, argv)
}
}
/* Warn about aliases that are used before being defined. */
pedantic = TRUE;
/* Need to keep aliases around for dumpaliases(). */
clearaliases = 0;
clearaliases = FALSE;
/* Load ip addr/mask for each interface. */
load_interfaces();

8
version.c
View File

@@ -85,16 +85,16 @@ print_version()
_PATH_SUDOERS, SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID);
(void) printf("Sudoers temp file: %s\n", _PATH_SUDOERS_TMP);
#ifdef WITHOUT_PASSWD
(void) puts("No Authentication configured\n");
#else
#ifdef NO_AUTHENTICATION
(void) puts("No Authentication required by default.\n");
#endif
(void) fputs("Authentication methods:", stdout);
for (auth = auth_switch; auth->name; auth++) {
(void) putchar(' ');
(void) fputs(auth->name, stdout);
}
(void) putchar('\n');
#endif
(void) fputs("Logging:\n", stdout);
#if (LOGGING & SLOG_SYSLOG)

5
visudo.c
View File

@@ -102,6 +102,7 @@ void init_parser __P((void));
*/
extern FILE *yyin, *yyout;
extern int errorlineno;
extern int pedantic;
/*
* Globals
@@ -128,7 +129,6 @@ main(argc, argv)
time_t now; /* time now */
struct stat stmp_sb, sudoers_sb; /* to check for changes */
/*
* Parse command line options
*/
@@ -157,6 +157,9 @@ main(argc, argv)
exit(1);
}
/* Warn about aliases that are used before being defined. */
pedantic = TRUE;
#ifdef ENV_EDITOR
/*
* If we are allowing EDITOR and VISUAL envariables set Editor