isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added -S flag (read passwd from stdin) and tgetpass_flags global

Browse Source 
that holds flags to be passed in to tgetpass().  Change echo_off
param to tgetpass() into a flags field.  There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN.  In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
This commit is contained in:
Todd C. Miller
2000-02-27 03:49:07 +00:00
parent de44c711bb
commit 54fbe08545
10 changed files with 92 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CHANGES
View File

@@ -1250,13 +1250,18 @@ Sudo 1.6.2 released.
394) Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson.
395) It is now possible to set the path to the editor for visudo as well
395) Fixed a bug that caused an infinite loop when the password
timeout was disabled.
396) It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
396) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc
397) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc
as the documentation says it ought to.
397) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user's passwords respectively (instead of the invoking user's
password).
399) Added -S flag to force password read from stdin.

40
RUNSON
View File

@@ -6,16 +6,16 @@ the current version of sudo does not mean it won't work...
Name Rev Arch Used Version By Options
======= ======= ======= =============== ======= =============== ===============
Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none
SunOS 4.1.3 sun4 bundled cc 1.6.2p1 Todd Miller none
SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p1 Todd Miller none
SunOS 4.1.3 sun4 bundled cc 1.6.2p2 Todd Miller none
SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller none
SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey
SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none
Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none
Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none
Solaris 2.6 sparc gcc2.9.5.2 1.6.2p1 Todd Miller none
Solaris 2.6 sparc gcc2.9.5.2 1.6.2p1 Todd Miller --with-pam
Solaris 2.6 i386 gcc2.9.5.2 1.6.2p1 Todd Miller none
Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller none
Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller --with-pam
Solaris 2.6 i386 gcc2.9.5.2 1.6.2p2 Todd Miller none
Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none
Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none
Solaris 7 i386 gcc 2.8.1 1.6.1 Ido Dubrawsky none
@@ -32,15 +32,15 @@ HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none
HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2
HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none
HP-UX 10.10 hp700 unbundled cc 1.6.2p1 Todd Miller --with-skey
HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey
HP-UX 10.20 hp700 bundled cc 1.6.2p1 Todd Miller none
HP-UX 10.10 hp700 unbundled cc 1.6.2p2 Todd Miller --with-skey
HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
HP-UX 10.20 hp700 bundled cc 1.6.2p2 Todd Miller none
HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none
HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2
HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none
HP-UX 11.00 hp700 HP C compiler 1.6.2 Jeff Earickson --with-pam
HP-UX 10.20 hp700 gcc 2.95.2 1.6.2 Jeff Earickson --with-DCE
Ultrix 4.3 mips bundled cc 1.6.2p1 Todd Miller none
Ultrix 4.3 mips bundled cc 1.6.2p2 Todd Miller none
Ultrix 4.3 mips gcc2.7.2.1 1.5.9 Todd Miller --with-skey
IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none
IRIX 4.05H mips unbundled cc 1.4 Todd Miller none
@@ -48,8 +48,8 @@ IRIX 5.2 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 5.3 mips unbundled cc 1.6.2p1 Todd Miller none
IRIX 5.3 mips gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey
IRIX 5.3 mips unbundled cc 1.6.2p2 Todd Miller none
IRIX 5.3 mips gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2
IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2
@@ -67,14 +67,14 @@ NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none
NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none
NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none
DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none
DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p1 Todd Miller --with-skey
DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p2 Todd Miller --with-skey
DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4
DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2
DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none
AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none
AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none
AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p1 Todd Miller none
AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p1 Todd Miller --with-authenticate
AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller none
AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller --with-authenticate
AIX 4.1.5 rs6000 gcc-2.7.2.3 1.4.4 Daniel Robitaille none
AIX 4.1.X rs6000 bundled cc 1.5.3 Robin Jackson --with-AFS
AIX 4.1.X PowerPC bundled cc 1.5.3 Robin Jackson --with-AFS
@@ -85,9 +85,9 @@ AIX 4.3.2 rs6000 egcs 1.1.2 1.5.9p4 Scott Kinnane none
ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none
ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none
BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none
OpenBSD 2.X i586 gcc-2.8.1 1.6.2p1 Todd Miller none
OpenBSD 2.X alpha gcc-2.8.1 1.6.2p1 Todd Miller none
OpenBSD 2.X m68k gcc-2.8.1 1.6.2p1 Todd Miller none
OpenBSD 2.X i586 gcc-2.8.1 1.6.2p2 Todd Miller none
OpenBSD 2.X alpha gcc-2.8.1 1.6.2p2 Todd Miller none
OpenBSD 2.X m68k gcc-2.8.1 1.6.2p2 Todd Miller none
OpenBSD 2.X mvme88k gcc-2.8.1 1.5.9 Steve Murphree none
FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none
FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none
@@ -95,12 +95,12 @@ FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none
Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none
Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2
Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none
Linux 2.0.36 i586 gcc-2.95.2 1.6.2p1 Todd Miller none
Linux 2.0.36 i586 gcc-2.95.2 1.6.2p2 Todd Miller none
Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none
Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none
Linux 2.0.34 alpha egcs-2.90.27 1.5.3 Karl Schlitt none
Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none
Linux 2.2.12 i586 gcc-2.95.2 1.6.2p1 Todd Miller --with-pam
Linux 2.2.12 i586 gcc-2.95.2 1.6.2p2 Todd Miller --with-pam
Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none
Linux 2.0.34 mips gcc-2.7.2 1.6 Tristan Roddis none
UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none

4
TODO
View File

@@ -81,6 +81,4 @@ TODO list (most will be addressed in sudo 2.0)
30) Add support for: Default:user@host
31) Add -S flag to force password read from stdin
32) Do login-style -sh hack for sudo -s?
31) Do login-style -sh hack for sudo -s?

2
auth/aix_auth.c
View File

@@ -67,7 +67,7 @@ aixauth_verify(pw, prompt, auth)
char *message, *pass;
int reenter = 1;
pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags);
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
return(AUTH_SUCCESS);
else

5
auth/fwtk.c
View File

@@ -118,9 +118,10 @@ fwtk_verify(pw, prompt, auth)
/* Get the password/response from the user. */
if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, 0);
pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60,
tgetpass_flags | TGP_ECHO);
} else if (strncmp(resp, "password", 8) == 0) {
pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags);
} else {
(void) fprintf(stderr, "%s: %s\n", Argv[0], resp);
return(AUTH_FATAL);

5
auth/pam.c
View File

@@ -135,7 +135,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
struct pam_response *pr;
PAM_CONST struct pam_message *pm;
const char *p = def_prompt;
int echo = 0;
extern int nil_pw;
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
@@ -145,7 +144,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
for (pr = *response, pm = *msg; num_msg--; pr++, pm++) {
switch (pm->msg_style) {
case PAM_PROMPT_ECHO_ON:
echo = 1;
tgetpass_flags |= TGP_ECHO;
case PAM_PROMPT_ECHO_OFF:
/* Only override PAM prompt if it matches /^Password: ?/ */
if (strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
@@ -153,7 +152,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
p = pm->msg;
/* Read the password. */
pr->resp = estrdup((char *) tgetpass(p,
def_ival(I_PW_TIMEOUT) * 60, !echo));
def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags));
if (*pr->resp == '\0')
nil_pw = 1; /* empty password */
break;

3
auth/sudo_auth.c
View File

@@ -155,7 +155,8 @@ verify_user(prompt)
#ifdef AUTH_STANDALONE
p = prompt;
#else
p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60,
tgetpass_flags);
if (!p || *p == '\0')
nil_pw = 1;
#endif /* AUTH_STANDALONE */

6
sudo.c
View File

@@ -124,6 +124,7 @@ FILE *sudoers_fp = NULL;
static char *runas_homedir = NULL; /* XXX */
struct interface *interfaces;
int num_interfaces;
int tgetpass_flags;
extern int errorlineno;
/*
@@ -639,6 +640,9 @@ parse_args()
case 'H':
rval |= MODE_RESET_HOME;
break;
case 'S':
tgetpass_flags |= TGP_STDIN;
break;
case '-':
NewArgc--;
NewArgv++;
@@ -1122,7 +1126,7 @@ usage(exit_val)
int exit_val;
{
(void) fprintf(stderr,
"usage: %s -V | -h | -L | -l | -v | -k | -K | -H | [-b] [-p prompt]\n%*s",
"usage: %s -V | -h | -L | -l | -v | -k | -K | -H | [-S] [-b] [-p prompt]\n%*s",
Argv[0], (int) strlen(Argv[0]) + 8, " ");
(void) fprintf(stderr, "[-u username/#uid] -s | <command>\n");
exit(exit_val);

7
sudo.h
View File

@@ -157,6 +157,12 @@ struct sudo_user {
#define PWCHECK_ANY 0x04
#define PWCHECK_ALWAYS 0x08
/*
* Flags for tgetpass()
*/
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
/*
* Function prototypes
*/
@@ -218,6 +224,7 @@ extern struct sudo_user sudo_user;
extern int Argc;
extern char **Argv;
extern FILE *sudoers_fp;
extern int tgetpass_flags;
#endif
extern int errno;

100
tgetpass.c
View File

@@ -73,13 +73,37 @@
#include "sudo.h"
#ifndef lint
static const char rcsid[] = "$Sudo$";
#endif /* lint */
#ifndef TCSASOFT
#define TCSASOFT 0
#endif /* TCSASOFT */
#ifndef lint
static const char rcsid[] = "$Sudo$";
#endif /* lint */
/*
* Abstract method of getting at the term flags.
*/
#undef TERM
#undef tflags
#ifdef HAVE_TERMIOS_H
# define TERM termios
# define tflags c_lflag
# define term_getattr(f, t) tcgetattr(f, t)
# define term_setattr(f, t) tcsetattr(f, TCSAFLUSH|TCSASOFT, t)
#else
# ifdef HAVE_TERMIO_H
# define TERM termio
# define tflags c_lflag
# define term_getattr(f, t) ioctl(f, TCGETA, t)
# define term_setattr(f, t) ioctl(f, TCSETA, t)
# else
# define TERM sgttyb
# define tflags sg_flags
# define term_getattr(f, t) ioctl(f, TIOCGETP, t)
# define term_setattr(f, t) ioctl(f, TIOCSETP, t)
# endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
static char *tgetline __P((int, char *, size_t, int));
@@ -87,25 +111,18 @@ static char *tgetline __P((int, char *, size_t, int));
* Like getpass(3) but with timeout and echo flags.
*/
char *
tgetpass(prompt, timeout, echo_off)
tgetpass(prompt, timeout, flags)
const char *prompt;
int timeout;
int echo_off;
int flags;
{
#ifdef HAVE_TERMIOS_H
struct termios term;
#else
#ifdef HAVE_TERMIO_H
struct termio term;
#else
struct sgttyb ttyb;
#endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
struct TERM term, oterm;
int input, output;
static char buf[SUDO_PASS_MAX + 1];
/* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
if ((input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
if ((flags & TGP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
input = STDIN_FILENO;
output = STDERR_FILENO;
}
@@ -113,53 +130,22 @@ tgetpass(prompt, timeout, echo_off)
if (prompt)
(void) write(output, prompt, strlen(prompt) + 1);
if (echo_off) {
#ifdef HAVE_TERMIOS_H
(void) tcgetattr(input, &term);
if ((echo_off = (term.c_lflag & ECHO))) {
term.c_lflag &= ~ECHO;
(void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
}
#else
#ifdef HAVE_TERMIO_H
(void) ioctl(input, TCGETA, &term);
if ((echo_off = (term.c_lflag & ECHO))) {
term.c_lflag &= ~ECHO;
(void) ioctl(input, TCSETA, &term);
}
#else
(void) ioctl(input, TIOCGETP, &ttyb);
if ((echo_off = (ttyb.sg_flags & ECHO))) {
ttyb.sg_flags &= ~ECHO;
(void) ioctl(input, TIOCSETP, &ttyb);
}
#endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
}
/* Turn echo off/on as specified by flags. */
(void) term_getattr(input, &oterm);
(void) memcpy(&term, &oterm, sizeof(term));
if ((flags & TGP_ECHO) && !(term.tflags & ECHO))
term.tflags |= ECHO;
else if (!(flags & TGP_ECHO) && (term.tflags & ECHO))
term.tflags &= ~ECHO;
(void) term_setattr(input, &term);
buf[0] = '\0';
tgetline(input, buf, sizeof(buf), timeout);
#ifdef HAVE_TERMIOS_H
if (echo_off) {
term.c_lflag |= ECHO;
(void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
}
#else
#ifdef HAVE_TERMIO_H
if (echo_off) {
term.c_lflag |= ECHO;
(void) ioctl(input, TCSETA, &term);
}
#else
if (echo_off) {
ttyb.sg_flags |= ECHO;
(void) ioctl(input, TIOCSETP, &ttyb);
}
#endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
/* Restore old tty flags. */
(void) term_setattr(input, &oterm);
if (echo_off)
if (!(flags & TGP_ECHO))
(void) write(output, "\n", 1);
if (input != STDIN_FILENO)