isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial bits of sudoers plugin; still needs work.

Browse Source
This commit is contained in:
Todd C. Miller
2010-03-14 19:58:47 -04:00
parent 3116e254b4
commit 9b0205846b
44 changed files with 1030 additions and 1395 deletions
Download Patch File Download Diff File Expand all files Collapse all files

605
plugins/sudoers/Makefile.in
View File

@@ -1,6 +1,5 @@
#
# Copyright (c) 1996, 1998-2005, 2007-2009
# Todd C. Miller <Todd.Miller@courtesan.com>
# Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -15,10 +14,6 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# Sponsored in part by the Defense Advanced Research Projects
# Agency (DARPA) and Air Force Research Laboratory, Air Force
# Materiel Command, USAF, under agreement number F39502-99-1-0512.
#
# @configure_input@
#
@@ -27,34 +22,29 @@
srcdir = @srcdir@
devdir = @devdir@
authdir = $(srcdir)/auth
top_builddir = .
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
incdir = $(top_srcdir)/include
compat = $(top_srcdir)/compat
# Compiler & tools to use
CC = @CC@
FLEX = @FLEX@
YACC = @YACC@
NROFF = nroff -Tascii
LIBTOOL = @LIBTOOL@
AR=@AR@
RANLIB=@RANLIB@
# Our install program supports extra flags...
INSTALL = $(SHELL) $(srcdir)/install-sh -c
INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
# Libraries
LIBS = @LIBS@
NET_LIBS = @NET_LIBS@
SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS)
LIBS =
# C preprocessor flags
CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) @CPPFLAGS@
# Usually -O and/or -g
CFLAGS = @CFLAGS@
# Flags to pass to the link stage
LDFLAGS = -L. @LDFLAGS@
SUDO_LDFLAGS = @SUDO_LDFLAGS@ $(LDFLAGS)
LDFLAGS =
# Where to install things...
prefix = @prefix@
@@ -64,30 +54,11 @@ sbindir = @sbindir@
sysconfdir = @sysconfdir@
libexecdir = @libexecdir@
datarootdir = @datarootdir@
mandir = @mandir@
noexecfile = @NOEXECFILE@
noexecdir = @NOEXECDIR@
# Directory in which to install sudo.
sudodir = $(bindir)
# Directory in which to install visudo
visudodir = $(sbindir)
plugindir = @PLUGINDIR@
# Directory in which to install the sudoers file
sudoersdir = $(sysconfdir)
# Directory in which to install the man page
mantype = @MANTYPE@
mansectsu = @mansectsu@
mansectform = @mansectform@
mandirsu = $(mandir)/$(mantype)$(mansectsu)
mandirform = $(mandir)/$(mantype)$(mansectform)
# User and group ids the installed files should be "owned" by
install_uid = 0
install_gid = 0
# User, group, and mode the sudoers file should be "owned" by (configure)
sudoers_uid = @SUDOERS_UID@
sudoers_gid = @SUDOERS_GID@
@@ -100,86 +71,38 @@ DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -DSUDOERS_UID=$(sudoer
SHELL = /bin/sh
PROGS = @PROGS@
# XXX - configure will substitute in .o files not .lo files
AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
SRCS = aix.c alias.c alloc.c audit.c boottime.c bsm_audit.c check.c \
closefrom.c def_data.c defaults.c env.c error.c fileops.c find_path.c \
fnmatch.c getcwd.c getprogname.c getspwuid.c gettime.c glob.c \
goodpath.c gram.c gram.y interfaces.c isblank.c lbuf.c ldap.c list.c \
logging.c match.c mkstemp.c memrchr.c nanosleep.c parse.c pwutil.c \
pty.c script.c set_perms.c sigaction.c snprintf.c strcasecmp.c \
strerror.c strlcat.c strlcpy.c strsignal.c sudo.c sudo_noexec.c \
sudo_edit.c sudo_nss.c term.c testsudoers.c tgetpass.c toke.c toke.l \
tsgetgrpw.c utimes.c vasgroups.c visudo.c zero_bytes.c redblack.c \
selinux.c sesh.c sudoreplay.c getdate.c getdate.y getline.c \
timestr.c $(AUTH_SRCS)
COMMON_OBJS = alias.lo atobool.lo defaults.lo gram.lo \
list.lo match.lo pwutil.lo timestr.lo toke.lo redblack.lo \
zero_bytes.lo @NONUNIX_GROUPS_IMPL@
AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
auth/secureware.c auth/securid.c auth/securid5.c auth/sia.c \
auth/sudo_auth.c
# XXX - add @SUDOERS_OBJS@ in configure.in
SUDOERS_OBJS = $(AUTH_OBJS) alloc.lo boottime.lo check.lo fmt_string.lo \
error.lo env.lo getspwuid.lo gettime.lo goodpath.lo fileops.lo \
find_path.lo interfaces.lo lbuf.lo logging.lo parse.lo \
set_perms.lo sudoers.lo sudo_nss.lo @SUDOERS_OBJS@
HDRS = alloc.h bsm_audit.h compat.h def_data.h defaults.h error.h ins_2001.h \
ins_classic.h ins_csops.h ins_goons.h insults.h interfaces.h lbuf.h \
list.h logging.h missing.h nonunix.h redblack.h parse.h sudo.h \
sudo_nss.h gram.h auth/sudo_auth.h emul/charclass.h emul/fnmatch.h \
emul/glob.h emul/timespec.h emul/utime.h
LIBOBJDIR = $(top_srcdir)/@ac_config_libobj_dir@/
AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
COMMON_OBJS = alias.o alloc.o defaults.o error.o getline.o gram.o \
list.o match.o pwutil.o timestr.o toke.o redblack.o \
term.o zero_bytes.o @NONUNIX_GROUPS_IMPL@
SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o boottime.o check.o \
env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
interfaces.o lbuf.o logging.o parse.o set_perms.o sudo.o \
sudo_edit.o sudo_nss.o tgetpass.o
VISUDO_OBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o
REPLAY_OBJS = getdate.o sudoreplay.o
TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o
LIB_OBJS = @LIBOBJS@
LTLIBOBJS = $(top_srcdir)/@ac_config_libobj_dir@/libmissing_pic.a
VERSION = @PACKAGE_VERSION@
DISTFILES = $(SRCS) $(HDRS) ChangeLog HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP TROUBLESHOOTING \
UPGRADE WHATSNEW aclocal.m4 acsite.m4 aixcrypt.exp config.guess \
config.h.in config.sub configure configure.in def_data.in \
indent.pro install-sh ltmain.sh mkdefaults mkinstalldirs \
pathnames.h.in sample.pam sample.syslog.conf sample.sudoers \
schema.ActiveDirectory schema.OpenLDAP schema.iPlanet sudo.cat \
sudo.man.in sudo.pod sudo.psf sudo_usage.h.in sudoers sudoers.cat \
sudoers.man.in sudoers.pod sudoers.ldap.cat sudoers.ldap.man.in \
sudoers.ldap.pod sudoers2ldif sudoreplay.cat sudoreplay.man.in \
sudoreplay.pod visudo.cat visudo.man.in visudo.pod auth/API \
sudo.man.pl sudoers.man.pl
BINFILES= ChangeLog HISTORY LICENSE README TROUBLESHOOTING \
UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
sudoers.pod sudoreplay.cat sudoreplay.man sudoreplay.pod \
visudo visudo.cat visudo.man visudo.pod
BINSPECIAL= INSTALL.binary Makefile.binary.in libtool
SUDODEP = $(srcdir)/sudo.h $(srcdir)/alloc.h $(srcdir)/compat.h \
$(srcdir)/defaults.h $(srcdir)/error.h $(srcdir)/list.h \
$(srcdir)/logging.h $(srcdir)/missing.h $(srcdir)/sudo_nss.h \
$(devdir)/def_data.h pathnames.h config.h
SUDODEP = $(srcdir)/sudoers.h $(incdir)/compat.h \
$(srcdir)/defaults.h $(incdir)/error.h $(incdir)/list.h \
$(srcdir)/logging.h $(incdir)/missing.h $(srcdir)/sudo_nss.h \
$(devdir)/def_data.h $(top_builddir)/pathnames.h $(top_builddir)/config.h
AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h
INSDEP = $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \
$(srcdir)/ins_goons.h $(srcdir)/insults.h
all: $(PROGS)
all: sudoers.la
.SUFFIXES: .o .c .h .l .y .man .cat .lo
.SUFFIXES: .o .c .h .lo
.c.o:
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
@@ -187,316 +110,133 @@ all: $(PROGS)
.c.lo:
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
.man.cat:
@rm -f $@
sed '1s/^/.if n .ll 78n/' $< | $(NROFF) -man > $@
sudoers.la: $(SUDOERS_OBJS) $(COMMON_OBJS) $(LTLIBOBJS)
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(SUDOERS_OBJS) $(COMMON_OBJS) $(LTLIBOBJS) -module -avoid-version -rpath $(plugindir)
libsudo.a: $(LIB_OBJS) $(COMMON_OBJS)
$(AR) rv $@ $(LIB_OBJS) $(COMMON_OBJS)
$(RANLIB) $@
# Sudoers dependencies
sudoers.lo: $(srcdir)/sudoers.c $(SUDODEP) $(srcdir)/interfaces.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoers.c
alias.lo: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(srcdir)/redblack.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
check.lo: $(srcdir)/check.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
defaults.lo: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
env.lo: $(srcdir)/env.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
find_path.lo: $(srcdir)/find_path.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
getdate.lo: $(srcdir)/getdate.c $(incdir)/compat.h $(top_builddir)/config.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
getspwuid.lo: $(srcdir)/getspwuid.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
gettime.lo: $(srcdir)/gettime.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
goodpath.lo: $(srcdir)/goodpath.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
gram.lo: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
interfaces.lo: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
ldap.lo: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
logging.lo: $(srcdir)/logging.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
match.lo: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
parse.lo: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
pwutil.lo: $(srcdir)/pwutil.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
redblack.lo: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
set_perms.lo: $(srcdir)/set_perms.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
sudo_nss.lo: $(srcdir)/sudo_nss.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
timestr.lo: $(srcdir)/timestr.c $(incdir)/compat.h $(top_builddir)/config.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
toke.lo: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
tsgetgrpw.lo: $(srcdir)/tsgetgrpw.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
vasgroups.lo: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
error.lo: $(srcdir)/error.c $(incdir)/error.h $(incdir)/compat.h $(top_builddir)/config.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
sudo: libsudo.a $(SUDO_OBJS)
$(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
# Upper level sudo dependencies
alloc.lo: $(top_srcdir)/src/alloc.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/alloc.c
atobool.lo: $(top_srcdir)/src/atobool.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/atobool.c
fileops.lo: $(top_srcdir)/src/fileops.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/fileops.c
fmt_string.lo: $(top_srcdir)/src/fmt_string.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/fmt_string.c
list.lo: $(top_srcdir)/src/list.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/list.c
lbuf.lo: $(top_srcdir)/src/lbuf.c $(SUDODEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/lbuf.c
zero_bytes.lo: $(top_srcdir)/src/zero_bytes.c $(incdir)/compat.h $(top_builddir)/config.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/zero_bytes.c
visudo: libsudo.a $(VISUDO_OBJS)
$(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
# Auth dependencies
sudo_auth.lo: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
afs.lo: $(authdir)/afs.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
aix_auth.lo: $(authdir)/aix_auth.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
bsdauth.lo: $(authdir)/bsdauth.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
dce.lo: $(authdir)/dce.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
fwtk.lo: $(authdir)/fwtk.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
kerb4.lo: $(authdir)/kerb4.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
kerb5.lo: $(authdir)/kerb5.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
pam.lo: $(authdir)/pam.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
passwd.lo: $(authdir)/passwd.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
rfc1938.lo: $(authdir)/rfc1938.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
secureware.lo: $(authdir)/secureware.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
securid.lo: $(authdir)/securid.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
securid5.lo: $(authdir)/securid5.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
sia.lo: $(authdir)/sia.c $(AUTHDEP)
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
sudoreplay: libsudo.a $(REPLAY_OBJS)
$(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) -lsudo $(LIBS) @ZLIB@
testsudoers: $(TEST_OBJS)
$(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
sudo_noexec.lo: $(srcdir)/sudo_noexec.c
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
sudo_noexec.la: sudo_noexec.lo
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
# Uncomment the following if you want "make distclean" to clean the parser
@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
# Uncomment the lines before -@true if you intend to modify gram.y
$(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y
@DEV@ $(YACC) -d $(srcdir)/gram.y
@DEV@ mv -f y.tab.c gram.c
@DEV@ if cmp -s y.tab.h gram.h; then rm -f y.tab.h; else mv -f y.tab.h gram.h; fi
-@true
# Uncomment the lines before -@true if you intend to modify toke.l
$(devdir)/toke.c: $(srcdir)/toke.l
@DEV@ $(FLEX) $(srcdir)/toke.l
@DEV@ mv -f lex.yy.c toke.c
-@true
# Uncomment the lines before -@true if you intend to modify getdate.y
$(devdir)/getdate.c: $(srcdir)/getdate.y
@DEV@ echo "expect 10 shift/reduce conflicts"
@DEV@ $(YACC) $(srcdir)/getdate.y
@DEV@ mv -f y.tab.c getdate.c
-@true
# Uncomment the following if you intend to modify def_data.in
@DEV@$(devdir)/def_data.h $(devdir)/def_data.c: $(srcdir)/def_data.in
@DEV@ perl $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in
# Dependencies (not counting auth functions)
aix.o: $(srcdir)/aix.c
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
alias.o: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/redblack.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
alloc.o: $(srcdir)/alloc.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
audit.o: $(srcdir)/audit.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
boottime.o: $(srcdir)/boottime.c config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) bsm_audit.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
check.o: $(srcdir)/check.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
closefrom.o: $(srcdir)/closefrom.c config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
defaults.o: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
env.o: $(srcdir)/env.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
error.o: $(srcdir)/error.c $(srcdir)/compat.h $(srcdir)/error.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
fileops.o: $(srcdir)/fileops.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
find_path.o: $(srcdir)/find_path.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
fnmatch.o: $(srcdir)/fnmatch.c $(srcdir)/emul/fnmatch.h $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
getcwd.o: $(srcdir)/getcwd.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
getdate.o: $(srcdir)/getdate.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
getline.o: $(srcdir)/getline.c config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
getprogname.o: $(srcdir)/getprogname.c config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
getspwuid.o: $(srcdir)/getspwuid.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
gettime.o: $(srcdir)/gettime.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
glob.o: $(srcdir)/glob.c $(srcdir)/emul/glob.h $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
goodpath.o: $(srcdir)/goodpath.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
gram.o: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
interfaces.o: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
isblank.o: $(srcdir)/isblank.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
lbuf.o: $(srcdir)/lbuf.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
ldap.o: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
list.o: $(srcdir)/list.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
logging.o: $(srcdir)/logging.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
match.o: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
memrchr.o: $(srcdir)/memrchr.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
mkstemp.o: $(srcdir)/mkstemp.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemp.c
nanosleep.o: $(srcdir)/nanosleep.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
parse.o: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
pwutil.o: $(srcdir)/pwutil.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
pty.o: $(srcdir)/pty.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pty.c
redblack.o: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
script.o: $(srcdir)/script.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/script.c
set_perms.o: $(srcdir)/set_perms.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
sigaction.o: $(srcdir)/sigaction.c $(srcdir)/compat.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
snprintf.o: $(srcdir)/snprintf.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
strcasecmp.o: $(srcdir)/strcasecmp.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
strerror.o: $(srcdir)/strerror.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
strlcat.o: $(srcdir)/strlcat.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
strlcpy.o: $(srcdir)/strlcpy.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
strsignal.o: $(srcdir)/strsignal.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
selinux.o: $(srcdir)/selinux.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
sudo.o: $(srcdir)/sudo.c $(SUDODEP) sudo_usage.h $(srcdir)/interfaces.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
sudoreplay.o: $(srcdir)/sudoreplay.c $(srcdir)/alloc.h $(srcdir)/compat.h $(srcdir)/error.h $(srcdir)/missing.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
sudo_edit.o: $(srcdir)/sudo_edit.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
sudo_noexec.o: $(srcdir)/sudo_noexec.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
sudo_nss.o: $(srcdir)/sudo_nss.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
term.o: $(srcdir)/term.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
testsudoers.o: $(srcdir)/testsudoers.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
tgetpass.o: $(srcdir)/tgetpass.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
timestr.o: $(srcdir)/timestr.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
toke.o: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
utimes.o: $(srcdir)/utimes.c $(srcdir)/compat.h $(srcdir)/emul/utime.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
vasgroups.o: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
visudo.o: $(srcdir)/visudo.c $(SUDODEP) $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
zero_bytes.o: $(srcdir)/zero_bytes.c $(srcdir)/compat.h config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
sudo_auth.o: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
afs.o: $(authdir)/afs.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
aix_auth.o: $(authdir)/aix_auth.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
bsdauth.o: $(authdir)/bsdauth.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
dce.o: $(authdir)/dce.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
fwtk.o: $(authdir)/fwtk.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
kerb4.o: $(authdir)/kerb4.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
kerb5.o: $(authdir)/kerb5.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
pam.o: $(authdir)/pam.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
passwd.o: $(authdir)/passwd.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
rfc1938.o: $(authdir)/rfc1938.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
secureware.o: $(authdir)/secureware.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
securid.o: $(authdir)/securid.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
securid5.o: $(authdir)/securid5.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
sia.o: $(authdir)/sia.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
sudo.man.in: $(srcdir)/sudo.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudo.man.pl >> $@ )
sudo.man: sudo.man.in
CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
sudo.cat: sudo.man
visudo.man.in: $(srcdir)/visudo.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
visudo.man: visudo.man.in
CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
visudo.cat: visudo.man
sudoers.man.in: $(srcdir)/sudoers.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoers.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoers.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudoers.man.pl >> $@ )
sudoers.man:: sudoers.man.in
CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
sudoers.cat: sudoers.man
sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoers.ldap.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoers.ldap.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
sudoers.ldap.man:: sudoers.ldap.man.in
CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
sudoers.ldap.cat: sudoers.ldap.man
sudoreplay.man.in: $(srcdir)/sudoreplay.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoreplay.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoreplay.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
sudoreplay.man:: sudoreplay.man.in
CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
sudoers.cat: sudoers.man
@DEV@HISTORY: history.pod
@DEV@ pod2text -l -i0 $> > $@
@DEV@
@DEV@LICENSE: license.pod
@DEV@ pod2text -l -i0 $> | sed '1,2d' > $@
ChangeLog:
hg log --style=changelog -b default > $@
install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man
install: install-dirs install-plugin
install-dirs:
$(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
$(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \
$(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
$(DESTDIR)$(noexecdir)
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir)
install-binaries: install-dirs $(PROGS)
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo
rm -f $(DESTDIR)$(sudodir)/sudoedit
ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
if [ -f sudoreplay ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
if [ -f sesh ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh; fi
install-binaries:
install-noexec: install-dirs sudo_noexec.la
if [ -f .libs/$(noexecfile) ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir); fi
install-man:
install-sudoers: install-dirs
test -f $(DESTDIR)$(sudoersdir)/sudoers || \
$(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
$(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers
install-man: install-dirs
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
@REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
@LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
@MAN_POSTINSTALL@
install-plugin: install-dirs sudoers.la
$(LIBTOOL) --mode=install $(INSTALL) sudoers.la $(plugindir)
check:
@echo nothing to check
clean:
-rm -f *.a *.o *.lo stamp-* $(PROGS) testsudoers core *.core core.*
-rm -f *.a *.o *.lo *.la stamp-* core *.core core.*
mostlyclean: clean
distclean: clean
-rm -rf Makefile pathnames.h config.h config.status config.cache \
config.log libtool sudo_noexec.lo .libs $(GENERATED) \
sudo.man sudoers.man sudoers.ldap.man visudo.man sudo_usage.h \
Makefile.binary
-rm -rf Makefile sudoers.lo .libs
clobber: distclean
@@ -504,74 +244,3 @@ realclean: distclean
rm -f TAGS tags
cleandir: realclean
dist: ChangeLog
pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \
$(DISTFILES)
gzip -9f ../sudo-$(VERSION).tar
ls -l ../sudo-$(VERSION).tar.gz
bindist: ChangeLog
( \
ARCH=`uname -m|sed 's:/:_:g'`+`uname -sr|sed 's/ /_/g'` ; \
mkdir tmp.$$ARCH ; \
tdir=tmp.$$ARCH/sudo-$(VERSION) ; \
mkdir $$tdir ; \
for i in $(BINFILES) ; do \
if [ -f $$i ]; then \
cp $$i $$tdir ; \
elif [ -f $(srcdir)/$$i ]; then \
cp $(srcdir)/$$i $$tdir ; \
else \
echo cannot find $$i ; \
exit 1 ; \
fi ; \
done ; \
if [ -f sudo_noexec.la ]; then \
cp libtool $$tdir ; \
$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \
ln $$tdir/sudo_noexec.la $$tdir/sudo_noexec.lai ; \
ln -s . $$tdir/.libs ; \
fi ; \
cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \
sh ./config.status --file=Makefile.binary && cp Makefile.binary $$tdir/Makefile ; \
strip $$tdir/sudo ; \
strip $$tdir/visudo ; \
cd tmp.$$ARCH && tar Ocf ../sudo-$(VERSION)-$$ARCH.tar sudo-$(VERSION) && cd .. ; \
gzip -f --best sudo-$(VERSION)-$$ARCH.tar ; \
rm -rf tmp.$$ARCH ; \
)
depot:
( \
tdir=tmp.depot ; \
mkdir $$tdir ; \
for i in sudo visudo sudo.man visudo.man sudoers.man sudoers ChangeLog HISTORY LICENSE README TROUBLESHOOTING UPGRADE sample.syslog.conf sample.sudoers; do \
if [ -f $$i ]; then \
cp $$i $$tdir ; \
elif [ -f $(srcdir)/$$i ]; then \
cp $(srcdir)/$$i $$tdir ; \
else \
echo cannot find $$i ; \
exit 1 ; \
fi ; \
done ; \
if [ -f sudo_noexec.la ]; then \
cp libtool $$tdir ; \
$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \
fi ; \
sed 's/@VERSION@/$(VERSION)/g' <$(srcdir)/sudo.psf >$$tdir/sudo.psf ; \
printf '#!/sbin/sh\nrm -f /usr/local/bin/sudoedit\nln /usr/local/bin/sudo /usr/local/bin/sudoedit\n' > $$tdir/sudo-exec.postinstall ; \
printf '#!/sbin/sh\nrm -f /usr/local/man/man1m/sudoedit.1m\nln /usr/local/man/man1m/sudo.1m /usr/local/man/man1m/sudoedit.1m\n' > $$tdir/sudo-man.postinstall ; \
printf '#!/sbin/sh\nif [ ! -s /etc/sudoers ]; then\n\techo installing /usr/local/doc/sudo/sudoers as /etc/sudoers\n\techo use /usr/local/sbin/visudo to configure sudo\n\tcp /usr/local/doc/sudo/sudoers /etc/sudoers\n\tchmod 440 /etc/sudoers\n\tchown root:root /etc/sudoers\nfi\n' > $$tdir/sudo-config.postinstall ; \
chmod 755 $$tdir/sudo-exec.postinstall $$tdir/sudo-man.postinstall $$tdir/sudo-config.postinstall ; \
strip $$tdir/sudo ; \
strip $$tdir/visudo ; \
cd $$tdir ; \
swpackage -x target_type=tape -d ../sudo-$(VERSION).depot -s sudo.psf ; \
cd .. ; \
gzip -f --best sudo-$(VERSION).depot; \
rm -rf tmp.depot ; \
)
.PHONY: ChangeLog

2
plugins/sudoers/alias.c
View File

@@ -41,7 +41,7 @@
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include "sudo.h"
#include "sudoers.h"
#include "parse.h"
#include "redblack.h"
#include <gram.h>

2
plugins/sudoers/auth/afs.c
View File

@@ -44,7 +44,7 @@
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
#include <afs/stds.h>

4
plugins/sudoers/auth/aix_auth.c
View File

@@ -43,7 +43,7 @@
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
/*
@@ -61,7 +61,7 @@ aixauth_verify(pw, prompt, auth)
int reenter = 1;
int rval = AUTH_FAILURE;
pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass) {
/* XXX - should probably print message on failure. */
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)

10
plugins/sudoers/auth/bsdauth.c
View File

@@ -48,7 +48,7 @@
#include <login_cap.h>
#include <bsd_auth.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
extern char *login_style; /* from sudo.c */
@@ -114,9 +114,9 @@ bsdauth_verify(pw, prompt, auth)
* S/Key.
*/
if ((s = auth_challenge(as)) == NULL) {
pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
} else {
pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
@@ -131,8 +131,8 @@ bsdauth_verify(pw, prompt, auth)
while (isspace(prompt[len]) || prompt[len] == ':')
prompt[len--] = '\0';
easprintf(&s, "%s [echo on]: ", prompt);
pass = tgetpass(s, def_passwd_timeout * 60,
tgetpass_flags | TGP_ECHO);
pass = auth_getpass(prompt, def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_ON);
free(s);
}
}

2
plugins/sudoers/auth/dce.c
View File

@@ -61,7 +61,7 @@
#include <dce/sec_login.h>
#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
static int check_dce_status __P((error_status_t, char *));

15
plugins/sudoers/auth/fwtk.c
View File

@@ -46,7 +46,7 @@
#include <auth.h>
#include <firewall.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
int
@@ -103,16 +103,17 @@ restart:
/* Get the password/response from the user. */
if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = tgetpass(buf, def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass && *pass == '\0') {
pass = tgetpass("Response [echo on]: ",
def_passwd_timeout * 60, tgetpass_flags | TGP_ECHO);
pass = auth_getpass("Response [echo on]: ",
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON);
}
} else if (strncmp(resp, "chalnecho ", 10) == 0) {
pass = tgetpass(&resp[10], def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass(&resp[10], def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_OFF);
} else if (strncmp(resp, "password", 8) == 0) {
pass = tgetpass(prompt, def_passwd_timeout * 60,
tgetpass_flags);
pass = auth_getpass(prompt, def_passwd_timeout * 60,
SUDO_CONV_PROMPT_ECHO_OFF);
} else if (strncmp(resp, "display ", 8) == 0) {
fprintf(stderr, "%s\n", &resp[8]);
strlcpy(buf, "response dummy", sizeof(buf));

2
plugins/sudoers/auth/kerb4.c
View File

@@ -44,7 +44,7 @@
#include <pwd.h>
#include <krb.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
int

2
plugins/sudoers/auth/kerb5.c
View File

@@ -50,7 +50,7 @@
#include <com_err.h>
#endif
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
#ifdef HAVE_HEIMDAL

10
plugins/sudoers/auth/pam.c
View File

@@ -62,7 +62,7 @@
# endif
#endif
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
/* Only OpenPAM and Linux PAM use const qualifiers. */
@@ -257,17 +257,17 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
PAM_CONST struct pam_message *pm;
const char *prompt;
char *pass;
int n, flags, std_prompt;
int n, type, std_prompt;
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
return(PAM_SYSTEM_ERR);
zero_bytes(*response, num_msg * sizeof(struct pam_response));
for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
flags = tgetpass_flags;
type = SUDO_CONV_PROMPT_ECHO_OFF;
switch (pm->msg_style) {
case PAM_PROMPT_ECHO_ON:
SET(flags, TGP_ECHO);
type = SUDO_CONV_PROMPT_ECHO_ON;
case PAM_PROMPT_ECHO_OFF:
prompt = def_prompt;
@@ -289,7 +289,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
prompt = pm->msg;
#endif
/* Read the password unless interrupted. */
pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
pass = auth_getpass(prompt, def_passwd_timeout * 60, type);
if (pass == NULL) {
/* We got ^C instead of a password; abort quickly. */
if (errno == EINTR)

2
plugins/sudoers/auth/passwd.c
View File

@@ -43,7 +43,7 @@
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
#define DESLEN 13

2
plugins/sudoers/auth/rfc1938.c
View File

@@ -60,7 +60,7 @@
# define rfc1938verify(a,b) opieverify((a),(b))
#endif
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
int

2
plugins/sudoers/auth/secureware.c
View File

@@ -50,7 +50,7 @@
#endif /* __hpux */
#include <prot.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
int

2
plugins/sudoers/auth/securid.c
View File

@@ -50,7 +50,7 @@
#include <sdconf.h>
#include <sdacmvls.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
union config_record configure;

10
plugins/sudoers/auth/securid5.c
View File

@@ -52,7 +52,7 @@
#include <acexport.h>
#include <sdacmvls.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
/*
@@ -160,8 +160,8 @@ securid_verify(pw, pass, auth)
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
int rval;
pass = (char *) tgetpass("Enter your PASSCODE: ",
def_passwd_timeout * 60, tgetpass_flags);
pass = auth_getpass("Enter your PASSCODE: ",
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
/* Have ACE verify password */
switch (SD_Check(*sd, pass, pw->pw_name)) {
@@ -192,11 +192,11 @@ securid_verify(pw, pass, auth)
/* Sometimes (when current token close to expire?)
ACE challenges for the next token displayed
(entered without the PIN) */
pass = (char *) tgetpass("\
pass = auth_getpass("\
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
then enter the new token code.\n", \
def_passwd_timeout * 60, tgetpass_flags);
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (SD_Next(*sd, pass) == ACM_OK) {
rval = AUTH_SUCCESS;

2
plugins/sudoers/auth/sia.c
View File

@@ -46,7 +46,7 @@
#include <pwd.h>
#include <siad.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *));

91
plugins/sudoers/auth/sudo_auth.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1999-2005, 2008-2009 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -48,10 +48,12 @@
#include <time.h>
#include <signal.h>
#include "sudo.h"
#include "sudoers.h"
#include "sudo_auth.h"
#include "insults.h"
sudo_conv_t sudo_conv;
sudo_auth auth_switch[] = {
#ifdef AUTH_STANDALONE
AUTH_STANDALONE
@@ -84,15 +86,12 @@ sudo_auth auth_switch[] = {
AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
};
void
verify_user(pw, prompt)
struct passwd *pw;
char *prompt;
int
verify_user(struct passwd *pw, char *prompt)
{
int counter = def_passwd_tries + 1;
int success = AUTH_FAILURE;
int status;
int flags;
int flags, status, rval;
char *p;
sudo_auth *auth;
sigaction_t sa, osa;
@@ -115,6 +114,7 @@ verify_user(pw, prompt)
"There are no authentication methods compiled into sudo!",
"If you want to turn off authentication, use the",
"--disable-authentication configure option.");
return -1;
}
/* Set FLAG_ONEANDONLY if there is only one auth method. */
@@ -134,7 +134,7 @@ verify_user(pw, prompt)
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
exit(1); /* assume error msg already printed */
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
@@ -156,7 +156,7 @@ verify_user(pw, prompt)
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
exit(1); /* assume error msg already printed */
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
@@ -168,8 +168,7 @@ verify_user(pw, prompt)
#ifdef AUTH_STANDALONE
p = prompt;
#else
p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
tgetpass_flags);
p = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
#endif /* AUTH_STANDALONE */
/* Call authentication functions. */
@@ -189,11 +188,12 @@ verify_user(pw, prompt)
goto cleanup;
}
#ifndef AUTH_STANDALONE
if (p)
zero_bytes(p, strlen(p));
if (repl.reply)
zero_bytes(p, strlen(repl.reply));
#endif
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
pass_warn(stderr);
/* XXX - need way to know if askpass was used */
//if (!ISSET(tgetpass_flags, TGP_ASKPASS))
pass_warn();
}
cleanup:
@@ -208,7 +208,7 @@ cleanup:
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
exit(1); /* assume error msg already printed */
return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
@@ -219,7 +219,8 @@ cleanup:
switch (success) {
case AUTH_SUCCESS:
(void) sigaction(SIGTSTP, &osa, NULL);
return;
rval = TRUE;
break;
case AUTH_INTR:
case AUTH_FAILURE:
if (counter != def_passwd_tries) {
@@ -227,43 +228,73 @@ cleanup:
flags = 0;
else
flags = NO_MAIL;
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
log_error(flags, "%d incorrect password attempt%s",
def_passwd_tries - counter,
(def_passwd_tries - counter == 1) ? "" : "s");
}
/* FALLTHROUGH */
case AUTH_FATAL:
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
exit(1);
rval = FALSE;
break;
case AUTH_FATAL:
default:
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
rval = -1;
break;
}
/* NOTREACHED */
return rval;
}
void
pass_warn(fp)
FILE *fp;
pass_warn(void)
{
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
/* Call conversation function */
memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_ERROR_MSG;
#ifdef INSULT
if (def_insults)
(void) fprintf(fp, "%s\n", INSULT);
msg.msg = INSULT;
else
#endif
(void) fprintf(fp, "%s\n", def_badpass_message);
msg.msg = def_badpass_message;
memset(&repl, 0, sizeof(repl));
sudo_conv(1, &msg, &repl);
}
char *
auth_getpass(const char *prompt, int timeout, int type)
{
struct sudo_conv_message msg;
struct sudo_conv_reply repl;
/* Call conversation function */
memset(&msg, 0, sizeof(msg));
msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF;
msg.timeout = def_passwd_timeout * 60;
msg.msg = prompt;
memset(&repl, 0, sizeof(repl));
sudo_conv(1, &msg, &repl);
/* XXX - check for ENOTTY? */
return repl.reply;
}
#ifdef notyet
void
dump_auth_methods()
dump_auth_methods(void)
{
sudo_auth *auth;
/* XXX - conversation function */
(void) fputs("Authentication methods:", stdout);
for (auth = auth_switch; auth->name; auth++)
(void) printf(" '%s'", auth->name);
(void) putchar('\n');
}
#endif

6
plugins/sudoers/auth/sudo_auth.h
View File

@@ -45,6 +45,12 @@ typedef struct sudo_auth {
#define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED)
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
/* Like tgetpass() but uses conversation function */
char *auth_getpass(const char *prompt, int timeout, int type);
/* Pointer to conversation function to use with auth_getpass(). */
extern sudo_conv_t sudo_conv;
/* Prototypes for standalone methods */
int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));

49
plugins/sudoers/check.c
View File

@@ -56,7 +56,7 @@
# include <compat/timespec.h>
#endif
#include "sudo.h"
#include "sudoers.h"
/* Status codes for timestamp_status() */
#define TS_CURRENT 0
@@ -69,7 +69,7 @@
#define TS_MAKE_DIRS 1
#define TS_REMOVE 2
static void build_timestamp __P((char **, char **));
static int build_timestamp __P((char **, char **));
static int timestamp_status __P((char *, char *, char *, int));
static char *expand_prompt __P((char *, char *, char *));
static void lecture __P((int));
@@ -78,8 +78,9 @@ static void update_timestamp __P((char *, char *));
/*
* This function only returns if the user can successfully
* verify who he/she is.
* XXX - check return values
*/
void
int
check_user(validated, mode)
int validated;
int mode;
@@ -87,25 +88,30 @@ check_user(validated, mode)
char *timestampdir = NULL;
char *timestampfile = NULL;
char *prompt;
int status;
int status, rval = TRUE;
/* Always prompt for a password when -k was specified with the command. */
if (ISSET(mode, MODE_INVALIDATE)) {
SET(validated, FLAG_CHECK_USER);
} else {
if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
return;
return TRUE;
}
build_timestamp(&timestampdir, &timestampfile);
if (build_timestamp(&timestampdir, &timestampfile) == -1)
return -1;
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_MAKE_DIRS);
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
/* Bail out if we are non-interactive and a password is required */
if (ISSET(mode, MODE_NONINTERACTIVE))
errorx(1, "sorry, a password is required to run %s", getprogname());
if (ISSET(mode, MODE_NONINTERACTIVE)) {
warningx("sorry, a password is required to run %s", getprogname());
return -1;
}
#if 0 /* XXX - checks need to be done in main driver */
/* If user specified -A, make sure we have an askpass helper. */
if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
if (user_askpass == NULL)
@@ -124,19 +130,22 @@ check_user(validated, mode)
}
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
#endif
lecture(status);
/* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
user_name, user_shost);
verify_user(auth_pw, prompt);
rval = verify_user(auth_pw, prompt);
}
/* Only update timestamp if user was validated. */
if (ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_INVALIDATE) && status != TS_ERROR)
update_timestamp(timestampdir, timestampfile);
efree(timestampdir);
efree(timestampfile);
return rval;
}
/*
@@ -258,7 +267,7 @@ expand_prompt(old_prompt, user, host)
}
if (subst) {
new_prompt = (char *) emalloc(++len);
new_prompt = emalloc(++len);
endp = new_prompt + len;
for (p = old_prompt, np = new_prompt; *p; p++) {
if (p[0] =='%') {
@@ -341,7 +350,7 @@ user_is_exempt()
/*
* Fills in timestampdir as well as timestampfile if using tty tickets.
*/
static void
static int
build_timestamp(timestampdir, timestampfile)
char **timestampdir;
char **timestampfile;
@@ -351,8 +360,10 @@ build_timestamp(timestampdir, timestampfile)
dirparent = def_timestampdir;
len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
if (len >= PATH_MAX)
if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampdir);
return -1;
}
/*
* Timestamp file may be a file in the directory or NUL to use
@@ -370,15 +381,21 @@ build_timestamp(timestampdir, timestampfile)
p, runas_pw->pw_name);
else
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
if (len >= PATH_MAX)
if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampfile);
return -1;
}
} else if (def_targetpw) {
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
runas_pw->pw_name);
if (len >= PATH_MAX)
if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampfile);
return -1;
}
} else
*timestampfile = NULL;
return len;
}
/*
@@ -578,7 +595,9 @@ remove_timestamp(remove)
char *timestampdir, *timestampfile, *path;
int status;
build_timestamp(&timestampdir, &timestampfile);
if (build_timestamp(&timestampdir, &timestampfile) == -1)
return;
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_REMOVE);
if (status == TS_OLD || status == TS_CURRENT) {

2
plugins/sudoers/defaults.c
View File

@@ -45,7 +45,7 @@
#include <pwd.h>
#include <ctype.h>
#include "sudo.h"
#include "sudoers.h"
#include "parse.h"
#include <gram.h>

52
plugins/sudoers/env.c
View File

@@ -47,7 +47,7 @@
#include <errno.h>
#include <pwd.h>
#include "sudo.h"
#include "sudoers.h"
/*
* Flags used in rebuild_env()
@@ -209,6 +209,31 @@ static const char *initial_keepenv_table[] = {
NULL
};
/*
* Initialize env based on envp.
*/
int
env_init(char * const envp[])
{
char * const *ep;
size_t len;
int rval = -1;
for (ep = envp; *ep != NULL; ep++)
continue;
len = (size_t)(ep - envp);
env.env_size = len + 1 + 128;
env.envp = emalloc2(env.env_size, sizeof(char *));
#ifdef ENV_DEBUG
memset(env.envp, 0, env.env_size * sizeof(char *));
#endif
memcpy(env.envp, envp, len * sizeof(char *));
env.envp[len] = '\0';
rval = 0;
return rval;
}
/*
* Similar to setenv(3) but operates on sudo's private copy of the environment
* (not environ) and it always overwrites. The dupcheck param determines
@@ -250,8 +275,10 @@ setenv(var, val, overwrite)
const char *cp;
size_t esize;
if (!var || *var == '\0')
return(EINVAL);
if (!var || *var == '\0') {
errno = EINVAL;
return -1;
}
/*
* POSIX says a var name with '=' is an error but BSD
@@ -302,7 +329,7 @@ setenv(var, val, overwrite)
#endif
}
sudo_putenv(estring, TRUE, overwrite);
return(0);
return 0;
}
/*
@@ -325,7 +352,7 @@ unsetenv(var)
#ifdef UNSETENV_VOID
return;
#else
return(-1);
return -1;
#endif
}
@@ -365,7 +392,7 @@ unsetenv(var)
}
}
#ifndef UNSETENV_VOID
return(0);
return 0;
#endif
}
@@ -383,7 +410,7 @@ putenv(string)
{
if (strchr(string, '=') == NULL) {
errno = EINVAL;
return(-1);
return -1;
}
/* Sync env.envp with environ as needed. */
if (env.envp != environ) {
@@ -412,7 +439,7 @@ putenv(string)
#endif
}
sudo_putenv((char *)string, TRUE, TRUE);
return(0);
return 0;
}
/*
@@ -490,7 +517,7 @@ matches_env_delete(var)
break;
}
}
return(match);
return match;
}
/*
@@ -520,7 +547,7 @@ matches_env_check(var)
break;
}
}
return(keepit);
return keepit;
}
/*
@@ -549,7 +576,7 @@ matches_env_keep(var)
break;
}
}
return(keepit);
return keepit;
}
/*
@@ -760,8 +787,9 @@ rebuild_env(sudo_mode, noexec)
easprintf(&cp, "%s %s", user_cmnd, user_args);
sudo_setenv("SUDO_COMMAND", cp, TRUE);
efree(cp);
} else
} else {
sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
}
/* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
sudo_setenv("SUDO_USER", user_name, TRUE);

93
plugins/sudoers/error.c Normal file
View File

@@ -0,0 +1,93 @@
/*
* Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <setjmp.h>
#include <config.h>
#include <compat.h>
#include "error.h"
static void _warning(int, const char *, va_list);
void cleanup(int);
sigjmp_buf error_jmp;
void
error(int eval, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
_warning(1, fmt, ap);
va_end(ap);
cleanup(0);
if (error_jmp)
siglongjmp(error_jmp, 1);
else
exit(eval);
}
void
errorx(int eval, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
_warning(0, fmt, ap);
va_end(ap);
cleanup(0);
if (error_jmp)
siglongjmp(error_jmp, 1);
else
exit(eval);
}
void
warning(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
_warning(1, fmt, ap);
va_end(ap);
}
void
warningx(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
_warning(0, fmt, ap);
va_end(ap);
}
static void
_warning(int use_errno, const char *fmt, va_list ap)
{
int serrno = errno;
fputs(getprogname(), stderr);
if (fmt != NULL) {
fputs(": ", stderr);
vfprintf(stderr, fmt, ap);
}
if (use_errno) {
fputs(": ", stderr);
fputs(strerror(serrno), stderr);
}
putc('\n', stderr);
}

2
plugins/sudoers/find_path.c
View File

@@ -43,7 +43,7 @@
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include "sudo.h"
#include "sudoers.h"
/*
* This function finds the full pathname for a command and

36
plugins/sudoers/getspwuid.c
View File

@@ -68,7 +68,7 @@
# include <auth.h>
#endif /* HAVE_GETAUTHUID */
#include "sudo.h"
#include "sudoers.h"
/*
* Exported for auth/secureware.c
@@ -85,19 +85,18 @@ char *
sudo_getepw(pw)
const struct passwd *pw;
{
char *epw;
char *epw = NULL;
/* If there is a function to check for shadow enabled, use it... */
#ifdef HAVE_ISCOMSEC
if (!iscomsec())
return(estrdup(pw->pw_passwd));
goto done;
#endif /* HAVE_ISCOMSEC */
#ifdef HAVE_ISSECURE
if (!issecure())
return(estrdup(pw->pw_passwd));
goto done;
#endif /* HAVE_ISSECURE */
epw = NULL;
#ifdef HAVE_GETPRPWNAM
{
struct pr_passwd *spw;
@@ -106,10 +105,8 @@ sudo_getepw(pw)
# ifdef __alpha
crypt_type = spw->ufld.fd_oldcrypt;
# endif /* __alpha */
epw = estrdup(spw->ufld.fd_encrypt);
epw = spw->ufld.fd_encrypt;
}
if (epw)
return(epw);
}
#endif /* HAVE_GETPRPWNAM */
#ifdef HAVE_GETSPNAM
@@ -117,9 +114,7 @@ sudo_getepw(pw)
struct spwd *spw;
if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
epw = estrdup(spw->sp_pwdp);
if (epw)
return(epw);
epw = spw->sp_pwdp;
}
#endif /* HAVE_GETSPNAM */
#ifdef HAVE_GETSPWUID
@@ -127,9 +122,7 @@ sudo_getepw(pw)
struct s_passwd *spw;
if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
epw = estrdup(spw->pw_passwd);
if (epw)
return(epw);
epw = spw->pw_passwd;
}
#endif /* HAVE_GETSPWUID */
#ifdef HAVE_GETPWANAM
@@ -137,9 +130,7 @@ sudo_getepw(pw)
struct passwd_adjunct *spw;
if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
epw = estrdup(spw->pwa_passwd);
if (epw)
return(epw);
epw = spw->pwa_passwd;
}
#endif /* HAVE_GETPWANAM */
#ifdef HAVE_GETAUTHUID
@@ -147,14 +138,15 @@ sudo_getepw(pw)
AUTHORIZATION *spw;
if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
epw = estrdup(spw->a_password);
if (epw)
return(epw);
epw = spw->a_password;
}
#endif /* HAVE_GETAUTHUID */
/* Fall back on normal password. */
return(estrdup(pw->pw_passwd));
#if defined(HAVE_ISCOMSEC) || defined(HAVE_ISSECURE)
done:
#endif
/* If no shadow password, fall back on regular password. */
return estrdup(epw ? epw : pw->pw_passwd);
}
void

2
plugins/sudoers/goodpath.c
View File

@@ -36,7 +36,7 @@
#endif /* HAVE_UNISTD_H */
#include <errno.h>
#include "sudo.h"
#include "sudoers.h"
/*
* Verify that path is a normal file and executable by root.

175
plugins/sudoers/gram.c
View File

@@ -1,11 +1,3 @@
#ifndef lint
/*static char yysccsid[] = "from: @(#)yaccpar 1.9 (Berkeley) 02/21/93";*/
static char yyrcsid[]
#if __GNUC__ >= 2
__attribute__ ((unused))
#endif /* __GNUC__ >= 2 */
= "$OpenBSD: skeleton.c,v 1.29 2008/07/08 15:06:50 otto Exp $";
#endif
#include <stdlib.h>
#include <string.h>
#define YYBYACC 1
@@ -17,7 +9,7 @@ static char yyrcsid[]
#define yyerrok (yyerrflag=0)
#define YYRECOVERING() (yyerrflag!=0)
#define YYPREFIX "yy"
#line 2 "gram.y"
#line 2 "./gram.y"
/*
* Copyright (c) 1996, 1998-2005, 2007-2009
* Todd C. Miller <Todd.Miller@courtesan.com>
@@ -69,7 +61,7 @@ static char yyrcsid[]
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
#include <limits.h>
#include "sudo.h"
#include "sudoers.h" /* XXX */
#include "parse.h"
/*
@@ -118,6 +110,7 @@ yyerror(s)
errorfile = estrdup(sudoers);
}
if (verbose && s != NULL) {
/* XXX - conversation function when called via plugin */
#ifndef TRACELEXER
(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
sudolineno ? sudolineno - 1 : 0);
@@ -127,7 +120,7 @@ yyerror(s)
}
parse_error = TRUE;
}
#line 117 "gram.y"
#line 114 "./gram.y"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
@@ -143,7 +136,7 @@ typedef union {
int tok;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
#line 151 "y.tab.c"
#line 140 "y.tab.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
@@ -625,7 +618,7 @@ short *yyss;
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
#line 600 "gram.y"
#line 597 "./gram.y"
static struct defaults *
new_default(var, val, op)
char *var;
@@ -816,7 +809,7 @@ init_parser(path, quiet)
sudolineno = 1;
verbose = !quiet;
}
#line 772 "y.tab.c"
#line 761 "y.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
@@ -1022,127 +1015,127 @@ yyreduce:
switch (yyn)
{
case 1:
#line 190 "gram.y"
#line 187 "./gram.y"
{ ; }
break;
case 5:
#line 198 "gram.y"
#line 195 "./gram.y"
{
;
}
break;
case 6:
#line 201 "gram.y"
#line 198 "./gram.y"
{
yyerrok;
}
break;
case 7:
#line 204 "gram.y"
#line 201 "./gram.y"
{
add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
}
break;
case 8:
#line 207 "gram.y"
#line 204 "./gram.y"
{
;
}
break;
case 9:
#line 210 "gram.y"
#line 207 "./gram.y"
{
;
}
break;
case 10:
#line 213 "gram.y"
#line 210 "./gram.y"
{
;
}
break;
case 11:
#line 216 "gram.y"
#line 213 "./gram.y"
{
;
}
break;
case 12:
#line 219 "gram.y"
#line 216 "./gram.y"
{
add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
}
break;
case 13:
#line 222 "gram.y"
#line 219 "./gram.y"
{
add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 14:
#line 225 "gram.y"
#line 222 "./gram.y"
{
add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 15:
#line 228 "gram.y"
#line 225 "./gram.y"
{
add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 16:
#line 231 "gram.y"
#line 228 "./gram.y"
{
add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 18:
#line 237 "gram.y"
#line 234 "./gram.y"
{
list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
yyval.defaults = yyvsp[-2].defaults;
}
break;
case 19:
#line 243 "gram.y"
#line 240 "./gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
}
break;
case 20:
#line 246 "gram.y"
#line 243 "./gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
}
break;
case 21:
#line 249 "gram.y"
#line 246 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
}
break;
case 22:
#line 252 "gram.y"
#line 249 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
}
break;
case 23:
#line 255 "gram.y"
#line 252 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
}
break;
case 25:
#line 261 "gram.y"
#line 258 "./gram.y"
{
list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
yyval.privilege = yyvsp[-2].privilege;
}
break;
case 26:
#line 267 "gram.y"
#line 264 "./gram.y"
{
struct privilege *p = emalloc(sizeof(*p));
list2tq(&p->hostlist, yyvsp[-2].member);
@@ -1153,51 +1146,51 @@ case 26:
}
break;
case 27:
#line 277 "gram.y"
#line 274 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 28:
#line 281 "gram.y"
#line 278 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 29:
#line 287 "gram.y"
#line 284 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 30:
#line 290 "gram.y"
#line 287 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 31:
#line 293 "gram.y"
#line 290 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
case 32:
#line 296 "gram.y"
#line 293 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NTWKADDR);
}
break;
case 33:
#line 299 "gram.y"
#line 296 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
case 35:
#line 305 "gram.y"
#line 302 "./gram.y"
{
list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
#ifdef HAVE_SELINUX
@@ -1228,7 +1221,7 @@ case 35:
}
break;
case 36:
#line 335 "gram.y"
#line 332 "./gram.y"
{
struct cmndspec *cs = emalloc(sizeof(*cs));
if (yyvsp[-3].runas != NULL) {
@@ -1255,80 +1248,80 @@ case 36:
}
break;
case 37:
#line 361 "gram.y"
#line 358 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 38:
#line 365 "gram.y"
#line 362 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 39:
#line 371 "gram.y"
#line 368 "./gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 40:
#line 376 "gram.y"
#line 373 "./gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 41:
#line 381 "gram.y"
#line 378 "./gram.y"
{
yyval.seinfo.role = NULL;
yyval.seinfo.type = NULL;
}
break;
case 42:
#line 385 "gram.y"
#line 382 "./gram.y"
{
yyval.seinfo.role = yyvsp[0].string;
yyval.seinfo.type = NULL;
}
break;
case 43:
#line 389 "gram.y"
#line 386 "./gram.y"
{
yyval.seinfo.type = yyvsp[0].string;
yyval.seinfo.role = NULL;
}
break;
case 44:
#line 393 "gram.y"
#line 390 "./gram.y"
{
yyval.seinfo.role = yyvsp[-1].string;
yyval.seinfo.type = yyvsp[0].string;
}
break;
case 45:
#line 397 "gram.y"
#line 394 "./gram.y"
{
yyval.seinfo.type = yyvsp[-1].string;
yyval.seinfo.role = yyvsp[0].string;
}
break;
case 46:
#line 403 "gram.y"
#line 400 "./gram.y"
{
yyval.runas = NULL;
}
break;
case 47:
#line 406 "gram.y"
#line 403 "./gram.y"
{
yyval.runas = yyvsp[-1].runas;
}
break;
case 48:
#line 411 "gram.y"
#line 408 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[0].member;
@@ -1336,7 +1329,7 @@ case 48:
}
break;
case 49:
#line 416 "gram.y"
#line 413 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[-2].member;
@@ -1344,7 +1337,7 @@ case 49:
}
break;
case 50:
#line 421 "gram.y"
#line 418 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = NULL;
@@ -1352,73 +1345,73 @@ case 50:
}
break;
case 51:
#line 428 "gram.y"
#line 425 "./gram.y"
{
yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.transcript = UNSPEC;
}
break;
case 52:
#line 431 "gram.y"
#line 428 "./gram.y"
{
yyval.tag.nopasswd = TRUE;
}
break;
case 53:
#line 434 "gram.y"
#line 431 "./gram.y"
{
yyval.tag.nopasswd = FALSE;
}
break;
case 54:
#line 437 "gram.y"
#line 434 "./gram.y"
{
yyval.tag.noexec = TRUE;
}
break;
case 55:
#line 440 "gram.y"
#line 437 "./gram.y"
{
yyval.tag.noexec = FALSE;
}
break;
case 56:
#line 443 "gram.y"
#line 440 "./gram.y"
{
yyval.tag.setenv = TRUE;
}
break;
case 57:
#line 446 "gram.y"
#line 443 "./gram.y"
{
yyval.tag.setenv = FALSE;
}
break;
case 58:
#line 449 "gram.y"
#line 446 "./gram.y"
{
yyval.tag.transcript = TRUE;
}
break;
case 59:
#line 452 "gram.y"
#line 449 "./gram.y"
{
yyval.tag.transcript = FALSE;
}
break;
case 60:
#line 457 "gram.y"
#line 454 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 61:
#line 460 "gram.y"
#line 457 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 62:
#line 463 "gram.y"
#line 460 "./gram.y"
{
struct sudo_command *c = emalloc(sizeof(*c));
c->cmnd = yyvsp[0].command.cmnd;
@@ -1427,7 +1420,7 @@ case 62:
}
break;
case 65:
#line 475 "gram.y"
#line 472 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
@@ -1437,14 +1430,14 @@ case 65:
}
break;
case 67:
#line 485 "gram.y"
#line 482 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 70:
#line 495 "gram.y"
#line 492 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
@@ -1454,14 +1447,14 @@ case 70:
}
break;
case 72:
#line 505 "gram.y"
#line 502 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 75:
#line 515 "gram.y"
#line 512 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
@@ -1471,7 +1464,7 @@ case 75:
}
break;
case 78:
#line 528 "gram.y"
#line 525 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
@@ -1481,96 +1474,96 @@ case 78:
}
break;
case 80:
#line 538 "gram.y"
#line 535 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 81:
#line 544 "gram.y"
#line 541 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 82:
#line 548 "gram.y"
#line 545 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 83:
#line 554 "gram.y"
#line 551 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 84:
#line 557 "gram.y"
#line 554 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 85:
#line 560 "gram.y"
#line 557 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
case 86:
#line 563 "gram.y"
#line 560 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, USERGROUP);
}
break;
case 87:
#line 566 "gram.y"
#line 563 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
case 89:
#line 572 "gram.y"
#line 569 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 90:
#line 578 "gram.y"
#line 575 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 91:
#line 582 "gram.y"
#line 579 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 92:
#line 588 "gram.y"
#line 585 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 93:
#line 591 "gram.y"
#line 588 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 94:
#line 594 "gram.y"
#line 591 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
#line 1526 "y.tab.c"
#line 1515 "y.tab.c"
}
yyssp -= yym;
yystate = *yyssp;

3
plugins/sudoers/gram.y
View File

@@ -50,7 +50,7 @@
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
#include <limits.h>
#include "sudo.h"
#include "sudoers.h" /* XXX */
#include "parse.h"
/*
@@ -99,6 +99,7 @@ yyerror(s)
errorfile = estrdup(sudoers);
}
if (verbose && s != NULL) {
/* XXX - conversation function when called via plugin */
#ifndef TRACELEXER
(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
sudolineno ? sudolineno - 1 : 0);

2
plugins/sudoers/interfaces.c
View File

@@ -81,7 +81,7 @@ struct rtentry;
# include <ifaddrs.h>
#endif
#include "sudo.h"
#include "sudoers.h"
#include "interfaces.h"
/* Minix apparently lacks IFF_LOOPBACK */

2
plugins/sudoers/ldap.c
View File

@@ -77,7 +77,7 @@
# endif
#endif
#include "sudo.h"
#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"

63
plugins/sudoers/logging.c
View File

@@ -55,11 +55,11 @@
#include <errno.h>
#include <fcntl.h>
#include "sudo.h"
#include "sudoers.h"
static void do_syslog __P((int, char *));
static void do_logfile __P((char *));
static void send_mail __P((char *));
static void send_mail __P((const char *fmt, ...));
static int should_mail __P((int));
static void mysyslog __P((int, const char *, ...));
static char *new_logline __P((const char *, int));
@@ -184,15 +184,9 @@ do_logfile(msg)
fp = fopen(def_logfile, "a");
(void) umask(oldmask);
if (fp == NULL) {
easprintf(&full_line, "Can't open log file: %s: %s",
def_logfile, strerror(errno));
send_mail(full_line);
efree(full_line);
send_mail("Can't open log file: %s: %s", def_logfile, strerror(errno));
} else if (!lock_file(fileno(fp), SUDO_LOCK)) {
easprintf(&full_line, "Can't lock log file: %s: %s",
def_logfile, strerror(errno));
send_mail(full_line);
efree(full_line);
send_mail("Can't lock log file: %s: %s", def_logfile, strerror(errno));
} else {
time_t now;
@@ -369,13 +363,14 @@ log_error(flags, fmt, va_alist)
va_start(ap);
#endif
/* Become root if we are not already to avoid user interference */
set_perms(PERM_ROOT|PERM_NOEXIT);
/* Expand printf-style format + args. */
evasprintf(&message, fmt, ap);
va_end(ap);
/* Become root if we are not already to avoid user interference */
/* XXX - could longjmp back with wrong uid */
set_perms(PERM_ROOT|PERM_NOEXIT);
if (ISSET(flags, MSG_ONLY))
logline = message;
else
@@ -409,10 +404,14 @@ log_error(flags, fmt, va_alist)
efree(logline);
#if 0 /* XXX - longjmp instead */
if (!ISSET(flags, NO_EXIT)) {
cleanup(0);
exit(1);
}
#endif
set_perms(PERM_USER);
}
#define MAX_MAILFLAGS 63
@@ -421,14 +420,14 @@ log_error(flags, fmt, va_alist)
* Send a message to MAILTO user
*/
static void
send_mail(line)
char *line;
send_mail(const char *fmt, ...)
{
FILE *mail;
char *p;
int fd, pfd[2], status;
pid_t pid, rv;
sigaction_t sa;
va_list ap;
#ifndef NO_ROOT_MAILER
static char *root_envp[] = {
"HOME=/",
@@ -589,8 +588,14 @@ send_mail(line)
} else
(void) fputc(*p, mail);
}
(void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host,
get_timestr(time(NULL), def_log_year), user_name, line);
(void) fprintf(mail, "\n\n%s : %s : %s : ", user_host,
get_timestr(time(NULL), def_log_year), user_name);
va_start(ap, fmt);
(void) vfprintf(mail, fmt, ap);
va_end(ap);
fputs("\n\n", mail);
fclose(mail);
do {
#ifdef HAVE_WAITPID
@@ -667,9 +672,11 @@ new_logline(message, serrno)
}
len += sizeof(LL_ENV_STR) + 2 + evlen;
}
len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
if (user_args != NULL)
len += strlen(user_args) + 1;
if (user_cmnd != NULL) {
len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
if (user_args != NULL)
len += strlen(user_args) + 1;
}
/*
* Allocate and build up the line.
@@ -720,16 +727,18 @@ new_logline(message, serrno)
goto toobig;
efree(evstr);
}
if (strlcat(line, LL_CMND_STR, len) >= len ||
strlcat(line, user_cmnd, len) >= len)
goto toobig;
if (user_args != NULL) {
if (strlcat(line, " ", len) >= len ||
strlcat(line, user_args, len) >= len)
if (user_cmnd != NULL) {
if (strlcat(line, LL_CMND_STR, len) >= len ||
strlcat(line, user_cmnd, len) >= len)
goto toobig;
if (user_args != NULL) {
if (strlcat(line, " ", len) >= len ||
strlcat(line, user_args, len) >= len)
goto toobig;
}
}
return (line);
return line;
toobig:
errorx(1, "internal error: insufficient space for log line");
}

2
plugins/sudoers/match.c
View File

@@ -78,7 +78,7 @@
# endif
#endif
#include "sudo.h"
#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include <gram.h>

2
plugins/sudoers/mon_systrace.c
View File

@@ -41,7 +41,7 @@
# endif
#endif
#include "sudo.h"
#include "sudoers.h"
#include "mon_systrace.h"
/*

2
plugins/sudoers/parse.c
View File

@@ -43,7 +43,7 @@
#include <pwd.h>
#include <grp.h>
#include "sudo.h"
#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"
#include <gram.h>

2
plugins/sudoers/pwutil.c
View File

@@ -49,7 +49,7 @@
#include <pwd.h>
#include <grp.h>
#include "sudo.h"
#include "sudoers.h"
#include "redblack.h"
/*

2
plugins/sudoers/redblack.c
View File

@@ -54,7 +54,7 @@
# endif
#endif /* STDC_HEADERS */
#include "sudo.h"
#include "sudoers.h"
#include "redblack.h"
static void rbrepair __P((struct rbtree *, struct rbnode *));

2
plugins/sudoers/set_perms.c
View File

@@ -49,7 +49,7 @@
# include <login_cap.h>
#endif
#include "sudo.h"
#include "sudoers.h"
#ifdef __TANDEM
# define ROOT_UID 65535

2
plugins/sudoers/sudo_nss.c
View File

@@ -41,7 +41,7 @@
#include <grp.h>
#include <ctype.h>
#include "sudo.h"
#include "sudoers.h"
#include "lbuf.h"
extern struct sudo_nss sudo_nss_file;

1107
plugins/sudoers/sudoers.c
View File

File diff suppressed because it is too large Load Diff

42
plugins/sudoers/sudoers.h
View File

@@ -19,19 +19,20 @@
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#ifndef _SUDO_SUDO_H
#define _SUDO_SUDO_H
#ifndef _SUDO_SUDOERS_H
#define _SUDO_SUDOERS_H
#include <pathnames.h>
#include <limits.h>
#include "compat.h"
#include "alloc.h"
#include "defaults.h"
#include "error.h"
#include "error.h" /* XXX */
#include "alloc.h" /* XXX */
#include "list.h"
#include "logging.h"
#include "missing.h"
#include "sudo_nss.h"
#include "sudo_plugin.h"
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
# include <membership.h>
@@ -45,6 +46,7 @@ struct sudo_user {
struct passwd *_runas_pw;
struct group *_runas_gr;
struct stat *cmnd_stat;
char *name;
char *path;
char *shell;
char *tty;
@@ -61,13 +63,15 @@ struct sudo_user {
char *display;
char *askpass;
int ngroups;
uid_t uid;
uid_t gid;
GETGROUPS_T *groups;
struct list_member *env_vars;
#ifdef HAVE_SELINUX
char *role;
char *type;
#endif
char cwd[PATH_MAX];
char *cwd;
char sessid[7];
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
uuid_t uuid;
@@ -98,9 +102,9 @@ struct sudo_user {
/*
* find_path()/load_cmnd() return values
*/
#define FOUND 1
#define NOT_FOUND 0
#define NOT_FOUND_DOT -1
#define FOUND 0
#define NOT_FOUND 1
#define NOT_FOUND_DOT 2
/*
* Various modes sudo can be in (based on arguments) in hex
@@ -143,11 +147,11 @@ struct sudo_user {
/*
* Shortcuts for sudo_user contents.
*/
#define user_name (sudo_user.pw->pw_name)
#define user_name (sudo_user.name)
#define user_uid (sudo_user.uid)
#define user_gid (sudo_user.gid)
#define user_passwd (sudo_user.pw->pw_passwd)
#define user_uid (sudo_user.pw->pw_uid)
#define user_uuid (sudo_user.uuid)
#define user_gid (sudo_user.pw->pw_gid)
#define user_dir (sudo_user.pw->pw_dir)
#define user_shell (sudo_user.shell)
#define user_ngroups (sudo_user.ngroups)
@@ -188,12 +192,14 @@ struct sudo_user {
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
#define SUDO_UNLOCK 4 /* unlock a file */
#if 0 /* XXX */
/*
* Flags for tgetpass()
*/
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
#define TGP_ASKPASS 0x04 /* read from askpass helper program */
#endif
struct lbuf;
struct passwd;
@@ -204,11 +210,10 @@ struct passwd;
#define YY_DECL int yylex __P((void))
char *sudo_goodpath __P((const char *, struct stat *));
char *tgetpass __P((const char *, int, int));
int find_path __P((char *, char **, struct stat *, char *));
int tty_present __P((void));
void check_user __P((int, int));
void verify_user __P((struct passwd *, char *));
int check_user __P((int, int));
int verify_user __P((struct passwd *, char *));
#ifdef HAVE_LDAP
int sudo_ldap_open __P((struct sudo_nss *));
int sudo_ldap_close __P((struct sudo_nss *));
@@ -235,7 +240,7 @@ int check_secureware __P((char *));
void sia_attempt_auth __P((void));
void pam_attempt_auth __P((void));
int yyparse __P((void));
void pass_warn __P((FILE *));
void pass_warn __P((void));
void dump_defaults __P((void));
void dump_auth_methods __P((void));
void init_envtables __P((void));
@@ -288,12 +293,15 @@ time_t get_boottime __P((void));
int user_in_group __P((struct passwd *, const char *));
YY_DECL;
/* atobool.c */
int atobool(const char *str);
/* Only provide extern declarations outside of sudo.c. */
#ifndef _SUDO_MAIN
extern struct sudo_user sudo_user;
extern struct passwd *auth_pw, *list_pw;
extern int tgetpass_flags;
extern int tgetpass_flags; /* XXX */
extern int long_list;
extern uid_t timestamp_uid;
#endif
@@ -301,4 +309,4 @@ extern uid_t timestamp_uid;
extern int errno;
#endif
#endif /* _SUDO_SUDO_H */
#endif /* _SUDO_SUDOERS_H */

2
plugins/sudoers/testsudoers.c
View File

@@ -61,7 +61,7 @@
#include <arpa/inet.h>
#include <netdb.h>
#include "sudo.h"
#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include <gram.h>

2
plugins/sudoers/toke.c
View File

@@ -1412,7 +1412,7 @@ char *yytext;
# endif
#endif
#include <ctype.h>
#include "sudo.h"
#include "sudoers.h"
#include "parse.h"
#include <gram.h>

2
plugins/sudoers/tsgetgrpw.c
View File

@@ -47,7 +47,7 @@
#include <pwd.h>
#include <grp.h>
#include "sudo.h"
#include "sudoers.h"
#ifndef LINE_MAX
# define LINE_MAX 2048

2
plugins/sudoers/vasgroups.c
View File

@@ -44,7 +44,7 @@
#include "logging.h"
#include "nonunix.h"
#include "parse.h"
#include "sudo.h"
#include "sudoers.h"
/* Pseudo-boolean types */

2
plugins/sudoers/visudo.c
View File

@@ -80,7 +80,7 @@
# include <compat/timespec.h>
#endif
#include "sudo.h"
#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include "redblack.h"