isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add -U option to use in conjunction with -l instead of -u.

Browse Source 
Add support for "sudo -l command" to test a specific command.
This commit is contained in:
Todd C. Miller
2004-11-24 21:31:51 +00:00
parent f75a034f06
commit 5f06b19a6e
6 changed files with 234 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
parse.c
View File

@@ -135,7 +135,7 @@ sudoers_lookup(pwflag)
}
}
}
if (matched == TRUE) {
if (matched == TRUE || user_uid == 0) {
/* User has an entry for this host. */
CLR(validated, VALIDATE_NOT_OK);
SET(validated, VALIDATE_OK);
@@ -238,6 +238,42 @@ display_privs(pw)
}
}
/*
* Check user_cmnd against sudoers and print the matching entry if the
* command is allowed.
*/
int
display_cmnd(pw)
struct passwd *pw;
{
struct cmndspec *cs;
struct member *match, *runas;
struct privilege *priv;
struct userspec *us;
for (match = NULL, us = userspecs; us != NULL; us = us->next) {
if (user_matches(pw, us->user) != TRUE ||
host_matches(us->privileges->hostlist) != TRUE)
continue;
for (priv = us->privileges; priv != NULL; priv = priv->next) {
runas = NULL;
for (cs = priv->cmndlist; cs != NULL; cs = cs->next) {
if (cs->runaslist != NULL)
runas = cs->runaslist;
if (runas_matches(runas) == TRUE &&
cmnd_matches(cs->cmnd) != UNSPEC)
match = cs->cmnd;
}
}
}
if (match == NULL || match->negated)
return(1);
printf("%s%s%s\n", safe_cmnd, user_args ? " " : "",
user_args ? user_args : "");
return(0);
}
/*
* Print the contents of a struct member to stdout
*/

45
sudo.c
View File

@@ -239,6 +239,9 @@ main(argc, argv, envp)
user_cmnd = "list";
pwflag = I_LISTPW;
break;
case MODE_CHECK:
pwflag = I_LISTPW;
break;
}
/* Must have a command to run... */
@@ -361,6 +364,8 @@ main(argc, argv, envp)
log_auth(validated, 1);
if (sudo_mode == MODE_VALIDATE)
exit(0);
else if (sudo_mode == MODE_CHECK)
exit(display_cmnd(list_pw ? list_pw : sudo_user.pw));
else if (sudo_mode == MODE_LIST) {
display_privs(list_pw ? list_pw : sudo_user.pw);
#ifdef HAVE_LDAP
@@ -548,7 +553,7 @@ init_vars(sudo_mode)
/* It is now safe to use log_error() and set_perms() */
#ifdef HAVE_GETGROUPS
if ((user_ngroups = getgroups(0, NULL)) > 0) {
if (list_pw == NULL && (user_ngroups = getgroups(0, NULL)) > 0) {
user_groups = emalloc2(user_ngroups, sizeof(gid_t));
if (getgroups(user_ngroups, user_groups) < 0)
log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
@@ -618,8 +623,8 @@ set_cmnd(sudo_mode)
/* Resolve the path and return. */
rval = FOUND;
user_stat = emalloc(sizeof(struct stat));
if (sudo_mode & (MODE_RUN | MODE_EDIT)) {
if (ISSET(sudo_mode, MODE_RUN)) {
if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
set_perms(PERM_RUNAS);
rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path);
set_perms(PERM_ROOT);
@@ -817,6 +822,15 @@ parse_args(argc, argv)
case 'S':
SET(tgetpass_flags, TGP_STDIN);
break;
case 'U':
/* Must have an associated list user. */
if (NewArgv[1] == NULL)
usage(1);
if ((list_pw = sudo_getpwnam(NewArgv[1])) == NULL)
errorx(1, "unknown user %s", NewArgv[1]);
NewArgc--;
NewArgv++;
break;
case '-':
NewArgc--;
NewArgv++;
@@ -833,19 +847,23 @@ parse_args(argc, argv)
NewArgc--;
NewArgv++;
}
if (NewArgc > 0 && rval == MODE_LIST)
rval = MODE_CHECK;
if (user_runas != NULL) {
if (rval == MODE_LIST) {
if ((list_pw = sudo_getpwnam(*user_runas)) == NULL)
errorx(1, "unknown user %s", *user_runas);
user_runas = NULL;
} else if (!ISSET(rval, (MODE_EDIT|MODE_RUN))) {
warningx("the `-u' and '-%c' options may not be used together", excl);
if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN|MODE_CHECK))) {
if (excl != '\0')
warningx("the `-u' and '-%c' options may not be used together",
excl);
usage(1);
}
if (list_pw != NULL && rval != MODE_LIST && rval != MODE_CHECK) {
if (excl != '\0')
warningx("the `-U' and '-%c' options may not be used together",
excl);
usage(1);
}
if ((NewArgc == 0 && (rval & MODE_EDIT)) ||
(NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT))))
(NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT | MODE_CHECK))))
usage(1);
return(rval);
@@ -1126,7 +1144,10 @@ usage(exit_val)
continue;
*p = " file [...]";
} else {
fprintf(stderr, "usage: %s -K | -L | -V | -h | -k | -l | -v\n",
fprintf(stderr, "usage: %s -K | -L | -V | -h | -k | -v\n",
getprogname());
fprintf(stderr,
"usage: %s [-U username] [-u username|#uid] -l [command]\n",
getprogname());
}

212
sudo.cat
View File

@@ -8,7 +8,9 @@ NNAAMMEE
sudo, sudoedit - execute a command as another user
SSYYNNOOPPSSIISS
ssuuddoo --KK | --LL | --VV | --hh | --kk | --ll | --vv
ssuuddoo --KK | --LL | --VV | --hh | --kk | --vv
ssuuddoo [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] --ll [_c_o_m_m_a_n_d]
ssuuddoo [--HHPPSSbb] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t]
[--uu _u_s_e_r_n_a_m_e|_#_u_i_d] {--ee file [...] | --ii | --ss | _c_o_m_m_a_n_d}
@@ -56,12 +58,10 @@ DDEESSCCRRIIPPTTIIOONN
mands through sudo even when a root shell has been
invoked. It also allows the --ee flag to remain useful even
when being run via a sudo-run script or program. Note
however, that the sudoers lookup is still done for root,
not the user specified by SUDO_USER.
1.6.9 November 11, 2004 1
1.6.9 November 24, 2004 1
@@ -70,6 +70,9 @@ DDEESSCCRRIIPPTTIIOONN
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
however, that the sudoers lookup is still done for root,
not the user specified by SUDO_USER.
ssuuddoo can log both successful and unsuccessful attempts (as
well as errors) to _s_y_s_l_o_g(3), a log file, or both. By
default ssuuddoo will log via _s_y_s_l_o_g(3) but this is changeable
@@ -104,6 +107,11 @@ OOPPTTIIOONNSS
from the standard input instead of the terminal
device.
-U The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with
the --ll option to specify the user whose privileges
should be listed. Only root or a user with ssuuddoo ALL
on the current host may use this option.
-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the ver<65>
sion number and exit. If the invoking user is already
root the --VV option will print out a list of the
@@ -116,18 +124,10 @@ OOPPTTIIOONNSS
administrator may specify a list of sudo-specific
authentication methods by adding an "auth-sudo" entry
in /etc/login.conf. This option is only available on
systems that support BSD authentication where ssuuddoo has
been configured with the --with-bsdauth option.
-b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
command in the background. Note that if you use the
--bb option you cannot use shell job control to manipu<70>
late the process.
1.6.9 November 11, 2004 2
1.6.9 November 24, 2004 2
@@ -136,6 +136,14 @@ OOPPTTIIOONNSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
systems that support BSD authentication where ssuuddoo has
been configured with the --with-bsdauth option.
-b The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
command in the background. Note that if you use the
--bb option you cannot use shell job control to manipu<70>
late the process.
-c The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
command with resources limited by the specified login
class. The _c_l_a_s_s argument can be either a class name
@@ -182,6 +190,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
sage and exit.
-i The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
1.6.9 November 24, 2004 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
specified in the passwd(4) entry of the user that the
command is being run as. The command name argument
given to the shell begins with a `-' to tell the shell
@@ -191,17 +211,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and
_P_A_T_H, and unsetting all other environment variables.
1.6.9 November 11, 2004 3
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's
timestamp by setting the time on it to the epoch. The
next time ssuuddoo is run a password will be required.
@@ -209,11 +218,15 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
to allow a user to revoke ssuuddoo permissions from a
.logout file.
-l The --ll (_l_i_s_t) option will list out the allowed (and
forbidden) commands for the user on the current host.
If the --uu flag is specified and the invoking user has
ssuuddoo ALL on the current host, the information listed
will be for the user specified by the --uu flag.
-l [_c_o_m_m_a_n_d]
If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will
list the allowed (and forbidden) commands for the
invoking user (or the user specified by the --UU option)
on the current host. If a _c_o_m_m_a_n_d is specified and is
permitted by _s_u_d_o_e_r_s, the fully-qualified path to the
command is displayed along with any command line argu<67>
ments. If _c_o_m_m_a_n_d is not allowed, ssuuddoo will exit with
a return value of 1.
-p The --pp (_p_r_o_m_p_t) option allows you to override the
default password prompt and use a custom one. The
@@ -243,6 +256,18 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
command as a user other than _r_o_o_t. To specify a _u_i_d
instead of a _u_s_e_r_n_a_m_e, use _#_u_i_d. Note that if the
_t_a_r_g_e_t_p_w Defaults option is set (see sudoers(4)) it is
1.6.9 November 24, 2004 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
not possible to run commands with a uid not listed in
the password database.
@@ -256,18 +281,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
command line arguments. It is most useful in conjunc<6E>
tion with the --ss flag.
1.6.9 November 11, 2004 4
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value
from ssuuddoo will simply be the return value of the program
@@ -309,6 +322,18 @@ SSEECCUURRIITTYY NNOOTTEESS
as root.
To prevent command spoofing, ssuuddoo checks "." and "" (both
1.6.9 November 24, 2004 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
denoting current directory) last when searching for a com<6F>
mand in the user's PATH (if one or both are in the PATH).
Note, however, that the actual PATH environment variable
@@ -322,18 +347,6 @@ SSEECCUURRIITTYY NNOOTTEESS
cally.
ssuuddoo will check the ownership of its timestamp directory
1.6.9 November 11, 2004 5
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con<6F>
tents if it is not owned by root and only writable by
root. On systems that allow non-root users to give away
@@ -374,6 +387,19 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables:
1.6.9 November 24, 2004 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
EDITOR Default editor to use in -e (sudoedit) mode if
VISUAL is not set
@@ -388,18 +414,6 @@ EENNVVIIRROONNMMEENNTT
SUDO_PROMPT Used as the default password prompt
1.6.9 November 11, 2004 6
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO_COMMAND Set to the command run by sudo
SUDO_USER Set to the login of the user who invoked sudo
@@ -441,6 +455,17 @@ EEXXAAMMPPLLEESS
$ sudo shutdown -r +15 "quick reboot"
1.6.9 November 24, 2004 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
To make a usage listing of the directories in the /home
partition. Note that this runs the commands in a sub-
shell to make the cd and file redirection work.
@@ -455,17 +480,6 @@ AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this ver<65>
sion consists of code written primarily by:
1.6.9 November 11, 2004 7
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Todd Miller
Chris Jepeway
@@ -505,6 +519,19 @@ BBUUGGSS
If you feel you have found a bug in ssuuddoo, please submit a
bug report at http://www.sudo.ws/sudo/bugs/
1.6.9 November 24, 2004 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SSUUPPPPOORRTT
Commercial support is available for ssuuddoo, see
http://www.sudo.ws/sudo/support.html for details.
@@ -519,20 +546,18 @@ DDIISSCCLLAAIIMMEERR
ranties, including, but not limited to, the implied war<61>
ranties of merchantability and fitness for a particular
purpose are disclaimed. See the LICENSE file distributed
with ssuuddoo or http://www.sudo.ws/sudo/license.html for
with ssuuddoo or http://www.sudo.ws/sudo/license.html for com<6F>
plete details.
1.6.9 November 11, 2004 8
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
complete details.
@@ -564,31 +589,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.6.9 November 11, 2004 9
1.6.9 November 24, 2004 9

34
sudo.h
View File

@@ -83,23 +83,24 @@ struct sudo_user {
#define NOT_FOUND_DOT -1
/*
* Various modes sudo can be in (based on arguments) in octal
* Various modes sudo can be in (based on arguments) in hex
*/
#define MODE_RUN 000001
#define MODE_VALIDATE 000002
#define MODE_INVALIDATE 000004
#define MODE_KILL 000010
#define MODE_VERSION 000020
#define MODE_HELP 000040
#define MODE_LIST 000100
#define MODE_LISTDEFS 000200
#define MODE_BACKGROUND 000400
#define MODE_SHELL 001000
#define MODE_LOGIN_SHELL 002000
#define MODE_IMPLIED_SHELL 004000
#define MODE_RESET_HOME 010000
#define MODE_PRESERVE_GROUPS 020000
#define MODE_EDIT 040000
#define MODE_RUN 0x0001
#define MODE_EDIT 0x0002
#define MODE_VALIDATE 0x0004
#define MODE_INVALIDATE 0x0008
#define MODE_KILL 0x0010
#define MODE_VERSION 0x0020
#define MODE_HELP 0x0040
#define MODE_LIST 0x0080
#define MODE_CHECK 0x0100
#define MODE_LISTDEFS 0x0200
#define MODE_BACKGROUND 0x0400
#define MODE_SHELL 0x0800
#define MODE_LOGIN_SHELL 0x1000
#define MODE_IMPLIED_SHELL 0x2000
#define MODE_RESET_HOME 0x4000
#define MODE_PRESERVE_GROUPS 0x8000
/*
* Used with set_perms()
@@ -239,6 +240,7 @@ void zero_bytes __P((volatile VOID *, size_t));
int gettime __P((struct timespec *));
FILE *open_sudoers __P((const char *, int *));
void display_privs __P((struct passwd *));
int display_cmnd __P((struct passwd *));
void sudo_setpwent __P((void));
void sudo_endpwent __P((void));
void sudo_setgrent __P((void));

27
sudo.man.in
View File

@@ -149,12 +149,14 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "November 11, 2004" "1.6.9" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "November 24, 2004" "1.6.9" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
\&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-v\fR
.PP
\&\fBsudo\fR [\fB\-U\fR\ \fIusername\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] \fB\-l\fR [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
@@ -239,6 +241,12 @@ still set to match the target user.
.IX Item "-S"
The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
the standard input instead of the terminal device.
.IP "\-U" 4
.IX Item "-U"
The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
option to specify the user whose privileges should be listed. Only
root or a user with \fBsudo\fR \f(CW\*(C`ALL\*(C'\fR on the current host may use this
option.
.IP "\-V" 4
.IX Item "-V"
The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version
@@ -320,12 +328,15 @@ by setting the time on it to the epoch. The next time \fBsudo\fR is
run a password will be required. This option does not require a password
and was added to allow a user to revoke \fBsudo\fR permissions from a .logout
file.
.IP "\-l" 4
.IX Item "-l"
The \fB\-l\fR (\fIlist\fR) option will list out the allowed (and forbidden)
commands for the user on the current host. If the \fB\-u\fR flag is
specified and the invoking user has \fBsudo\fR \f(CW\*(C`ALL\*(C'\fR on the current host,
the information listed will be for the user specified by the \fB\-u\fR flag.
.IP "\-l [\fIcommand\fR]" 4
.IX Item "-l [command]"
If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list
the allowed (and forbidden) commands for the invoking user (or the
user specified by the \fB\-U\fR option) on the current host. If a
\&\fIcommand\fR is specified and is permitted by \fIsudoers\fR, the
fully-qualified path to the command is displayed along with any
command line arguments. If \fIcommand\fR is not allowed, \fBsudo\fR will
exit with a return value of 1.
.IP "\-p" 4
.IX Item "-p"
The \fB\-p\fR (\fIprompt\fR) option allows you to override the default

24
sudo.pod
View File

@@ -27,7 +27,9 @@ sudo, sudoedit - execute a command as another user
=head1 SYNOPSIS
B<sudo> B<-K> | B<-L> | B<-V> | B<-h> | B<-k> | B<-l> | B<-v>
B<sudo> B<-K> | B<-L> | B<-V> | B<-h> | B<-k> | B<-v>
B<sudo> S<[B<-U> I<username>]> S<[B<-u> I<username>|I<#uid>]> B<-l> [I<command>]
B<sudo> [B<-HPSb>] S<[B<-a> I<auth_type>]> S<[B<-c> I<class>|I<->]>
S<[B<-p> I<prompt>]> S<[B<-u> I<username>|I<#uid>]>
@@ -122,6 +124,13 @@ still set to match the target user.
The B<-S> (I<stdin>) option causes B<sudo> to read the password from
the standard input instead of the terminal device.
=item -U
The B<-U> (I<other user>) option is used in conjunction with the B<-l>
option to specify the user whose privileges should be listed. Only
root or a user with B<sudo> C<ALL> on the current host may use this
option.
=item -V
The B<-V> (I<version>) option causes B<sudo> to print the version
@@ -217,12 +226,15 @@ run a password will be required. This option does not require a password
and was added to allow a user to revoke B<sudo> permissions from a .logout
file.
=item -l
=item -l [I<command>]
The B<-l> (I<list>) option will list out the allowed (and forbidden)
commands for the user on the current host. If the B<-u> flag is
specified and the invoking user has B<sudo> C<ALL> on the current host,
the information listed will be for the user specified by the B<-u> flag.
If no I<command> is specified, the B<-l> (I<list>) option will list
the allowed (and forbidden) commands for the invoking user (or the
user specified by the B<-U> option) on the current host. If a
I<command> is specified and is permitted by I<sudoers>, the
fully-qualified path to the command is displayed along with any
command line arguments. If I<command> is not allowed, B<sudo> will
exit with a return value of 1.
=item -p