isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move askpass path specification from sudoers to sudo.conf.

Browse Source
This commit is contained in:
Todd C. Miller
2010-06-09 17:40:44 -04:00
parent 34613c8465
commit eec336115a
16 changed files with 243 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
doc/sudo.cat
View File

@@ -86,8 +86,15 @@ OOPPTTIIOONNSS
executed to read the user's password and output the executed to read the user's password and output the
password to the standard output. If the SUDO_ASKPASS password to the standard output. If the SUDO_ASKPASS
environment variable is set, it specifies the path to the environment variable is set, it specifies the path to the
helper program. Otherwise, the value specified by the helper program. Otherwise, if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a
_a_s_k_p_a_s_s option in _s_u_d_o_e_r_s(4) is used. line specifying the askpass program that value will be
used. For example:
# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass
If no askpass program is available, sudo will exit with an
error.
-a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the -a _t_y_p_e The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the
specified authentication type when validating the user, as specified authentication type when validating the user, as
@@ -117,13 +124,6 @@ OOPPTTIIOONNSS
Specifying a _c_l_a_s_s of - indicates that the command should Specifying a _c_l_a_s_s of - indicates that the command should
be run restricted by the default login capabilities for the be run restricted by the default login capabilities for the
user the command is run as. If the _c_l_a_s_s argument user the command is run as. If the _c_l_a_s_s argument
specifies an existing user class, the command must be run
as root, or the ssuuddoo command must be run from a shell that
is already root. This option is only available on systems
with BSD login classes.
-D _l_e_v_e_l Enable debugging of ssuuddoo plugins and ssuuddoo itself. The
_l_e_v_e_l may be a value from 1 through 9.
@@ -136,6 +136,14 @@ OOPPTTIIOONNSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
specifies an existing user class, the command must be run
as root, or the ssuuddoo command must be run from a shell that
is already root. This option is only available on systems
with BSD login classes.
-D _l_e_v_e_l Enable debugging of ssuuddoo plugins and ssuuddoo itself. The
_l_e_v_e_l may be a value from 1 through 9.
-E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the
_e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). It is only available when _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). It is only available when
either the matching command has the SETENV tag or the either the matching command has the SETENV tag or the
@@ -183,14 +191,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
specified in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify specified in _p_a_s_s_w_d(4). By default, ssuuddoo does not modify
HOME (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)). HOME (see _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)).
-h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message
and exit.
-i [command]
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
specified in the _p_a_s_s_w_d(4) entry of the target user as a
login shell. This means that login-specific resource files
1.8.0a2 June 9, 2010 3 1.8.0a2 June 9, 2010 3
@@ -202,6 +202,13 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message
and exit.
-i [command]
The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
specified in the _p_a_s_s_w_d(4) entry of the target user as a
login shell. This means that login-specific resource files
such as .profile or .login will be read by the shell. If a such as .profile or .login will be read by the shell. If a
command is specified, it is passed to the shell for command is specified, it is passed to the shell for
execution. Otherwise, an interactive shell is executed. execution. Otherwise, an interactive shell is executed.
@@ -249,13 +256,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
preserve the invoking user's group vector unaltered. By preserve the invoking user's group vector unaltered. By
default, ssuuddoo will initialize the group vector to the list
of groups the target user is in. The real and effective
group IDs, however, are still set to match the target user.
-p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default
password prompt and use a custom one. The following
percent (`%') escapes are supported:
@@ -268,6 +268,14 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
default, ssuuddoo will initialize the group vector to the list
of groups the target user is in. The real and effective
group IDs, however, are still set to match the target user.
-p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default
password prompt and use a custom one. The following
percent (`%') escapes are supported:
%H expanded to the local host name including the domain %H expanded to the local host name including the domain
name (on if the machine's host name is fully qualified name (on if the machine's host name is fully qualified
or the _f_q_d_n _s_u_d_o_e_r_s option is set) or the _f_q_d_n _s_u_d_o_e_r_s option is set)
@@ -314,14 +322,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
is set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands is set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands
with a uid not listed in the password database. with a uid not listed in the password database.
-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version
number and exit. If the invoking user is already root the
--VV option will print out a list of the defaults ssuuddoo was
compiled with as well as the machine's local network
addresses.
-v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
user's time stamp, prompting for the user's password if
@@ -334,6 +334,14 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version
number and exit. If the invoking user is already root the
--VV option will print out a list of the defaults ssuuddoo was
compiled with as well as the machine's local network
addresses.
-v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
user's time stamp, prompting for the user's password if
necessary. This extends the ssuuddoo timeout for another 5 necessary. This extends the ssuuddoo timeout for another 5
minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but
does not run a command. does not run a command.
@@ -367,6 +375,7 @@ PPLLUUGGIINNSS
# #
# Format: # Format:
# Plugin plugin_name plugin_path # Plugin plugin_name plugin_path
# Path askpass path/to/askpass
# #
# The plugin_path is relative to /usr/local/libexec unless # The plugin_path is relative to /usr/local/libexec unless
# fully qualified. # fully qualified.
@@ -379,15 +388,6 @@ PPLLUUGGIINNSS
A Plugin line consists of the Plugin keyword, followed by the A Plugin line consists of the Plugin keyword, followed by the
_s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin. _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin.
The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored.
For more information, see the "_s_u_d_o___p_l_u_g_i_n(1m) manual."
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the exit status from ssuuddoo will
@@ -400,6 +400,16 @@ RREETTUURRNN VVAALLUUEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored. Lines that don't begin with Plugin or Path are silently
ignored
For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the exit status from ssuuddoo will
simply be the exit status of the program that was executed. simply be the exit status of the program that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is a Otherwise, ssuuddoo quits with an exit value of 1 if there is a
@@ -444,16 +454,6 @@ SSEECCUURRIITTYY NNOOTTEESS
ssuuddoo to preserve them. ssuuddoo to preserve them.
To prevent command spoofing, ssuuddoo checks "." and "" (both denoting To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
current directory) last when searching for a command in the user's PATH
(if one or both are in the PATH). Note, however, that the actual PATH
environment variable is _n_o_t modified and is passed unchanged to the
program that ssuuddoo executes.
ssuuddoo will check the ownership of its time stamp directory
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's contents if it is
not owned by root or if it is writable by a user other than root. On
systems that allow non-root users to give away files via _c_h_o_w_n(2), if
the time stamp directory is located in a directory writable by anyone
@@ -466,6 +466,16 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
current directory) last when searching for a command in the user's PATH
(if one or both are in the PATH). Note, however, that the actual PATH
environment variable is _n_o_t modified and is passed unchanged to the
program that ssuuddoo executes.
ssuuddoo will check the ownership of its time stamp directory
(_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's contents if it is
not owned by root or if it is writable by a user other than root. On
systems that allow non-root users to give away files via _c_h_o_w_n(2), if
the time stamp directory is located in a directory writable by anyone
(e.g., _/_t_m_p), it is possible for a user to create the time stamp (e.g., _/_t_m_p), it is possible for a user to create the time stamp
directory before ssuuddoo is run. However, because ssuuddoo checks the directory before ssuuddoo is run. However, because ssuuddoo checks the
ownership and mode of the directory and its contents, the only damage ownership and mode of the directory and its contents, the only damage
@@ -510,16 +520,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
when giving users access to commands via ssuuddoo to verify that the when giving users access to commands via ssuuddoo to verify that the
command does not inadvertently give the user an effective root shell. command does not inadvertently give the user an effective root shell.
For more information, please see the PREVENTING SHELL ESCAPES section For more information, please see the PREVENTING SHELL ESCAPES section
in _s_u_d_o_e_r_s(4).
EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables:
EDITOR Default editor to use in --ee (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
HOME In --ss or --HH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
@@ -532,6 +532,16 @@ EENNVVIIRROONNMMEENNTT
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
in _s_u_d_o_e_r_s(4).
EENNVVIIRROONNMMEENNTT
ssuuddoo utilizes the following environment variables:
EDITOR Default editor to use in --ee (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
HOME In --ss or --HH mode (or if sudo was configured with the
--enable-shell-sets-home option), set to homedir of the
target user target user
PATH Set to a sane value if the _s_e_c_u_r_e___p_a_t_h sudoers option PATH Set to a sane value if the _s_e_c_u_r_e___p_a_t_h sudoers option
@@ -565,7 +575,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO_EDITOR is not set SUDO_EDITOR is not set
FFIILLEESS FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin configuration _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration
_/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
@@ -577,16 +587,6 @@ FFIILLEESS
EEXXAAMMPPLLEESS EEXXAAMMPPLLEESS
Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries. Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries.
To get a file listing of an unreadable directory:
$ sudo ls /usr/local/protected
To list the home directory of user yaz on a machine where the file
system holding ~yaz is not exported as root:
$ sudo -u yaz ls ~yaz
1.8.0a2 June 9, 2010 9 1.8.0a2 June 9, 2010 9
@@ -598,6 +598,15 @@ EEXXAAMMPPLLEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
To get a file listing of an unreadable directory:
$ sudo ls /usr/local/protected
To list the home directory of user yaz on a machine where the file
system holding ~yaz is not exported as root:
$ sudo -u yaz ls ~yaz
To edit the _i_n_d_e_x_._h_t_m_l file as user www: To edit the _i_n_d_e_x_._h_t_m_l file as user www:
$ sudo -u www vi ~www/htdocs/index.html $ sudo -u www vi ~www/htdocs/index.html
@@ -622,7 +631,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SSEEEE AALLSSOO SSEEEE AALLSSOO
_g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4), _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(4),
"_s_u_d_o___p_l_u_g_i_n(1m), "_s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)"" _s_u_d_o___p_l_u_g_i_n(1m), _s_u_d_o_r_e_p_l_a_y(1m), _v_i_s_u_d_o(1m)
AAUUTTHHOORRSS AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists Many people have worked on ssuuddoo over the years; this version consists
@@ -643,15 +652,6 @@ CCAAVVEEAATTSS
It is not meaningful to run the cd command directly via sudo, e.g., It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
since when the command exits the parent process (your shell) will still
be the same. Please see the EXAMPLES section for more information.
If users have sudo ALL there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
@@ -664,6 +664,15 @@ CCAAVVEEAATTSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
$ sudo cd /usr/local/protected
since when the command exits the parent process (your shell) will still
be the same. Please see the EXAMPLES section for more information.
If users have sudo ALL there is nothing to prevent them from creating
their own program that gives them a root shell regardless of any '!'
elements in the user specification.
Running shell scripts via ssuuddoo can expose the same kernel bugs that Running shell scripts via ssuuddoo can expose the same kernel bugs that
make setuid shell scripts unsafe on some operating systems (if your OS make setuid shell scripts unsafe on some operating systems (if your OS
has a /dev/fd/ directory, setuid shell scripts are generally safe). has a /dev/fd/ directory, setuid shell scripts are generally safe).
@@ -684,15 +693,6 @@ DDIISSCCLLAAIIMMEERR
See the LICENSE file distributed with ssuuddoo or See the LICENSE file distributed with ssuuddoo or
http://www.sudo.ws/sudo/license.html for complete details. http://www.sudo.ws/sudo/license.html for complete details.
PPOODD EERRRROORRSS
Hey! TThhee aabboovvee ddooccuummeenntt hhaadd ssoommee ccooddiinngg eerrrroorrss,, wwhhiicchh aarree eexxppllaaiinneedd
bbeellooww::
Around line 442:
Unterminated L<...> sequence
Around line 678:
Unterminated L<L<...>> sequence

39
doc/sudo.man.in
View File

@@ -241,11 +241,19 @@ or via the \fIsudoers\fR file.
.IX Item "-A" .IX Item "-A"
Normally, if \fBsudo\fR requires a password, it will read it from the Normally, if \fBsudo\fR requires a password, it will read it from the
current terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified, current terminal. If the \fB\-A\fR (\fIaskpass\fR) option is specified,
a (possibly graphical) helper program is executed to read the a (possibly graphical) helper program is executed to read the user's
user's password and output the password to the standard output. If password and output the password to the standard output. If the
the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the \&\f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the path
path to the helper program. Otherwise, the value specified by the to the helper program. Otherwise, if \fI@sysconfdir@/sudo.conf\fR
\&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used. contains a line specifying the askpass program that value will be
used. For example:
.Sp
.Vb 2
\& # Path to askpass helper program
\& Path askpass /usr/X11R6/bin/ssh\-askpass
.Ve
.Sp
If no askpass program is available, sudo will exit with an error.
.if \n(BA \{\ .if \n(BA \{\
.IP "\-a \fItype\fR" 12 .IP "\-a \fItype\fR" 12
.IX Item "-a type" .IX Item "-a type"
@@ -521,6 +529,7 @@ policy and I/O logging, which corresponds to the following
\& # \& #
\& # Format: \& # Format:
\& # Plugin plugin_name plugin_path \& # Plugin plugin_name plugin_path
\& # Path askpass path/to/askpass
\& # \& #
\& # The plugin_path is relative to @prefix@/libexec unless \& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified. \& # fully qualified.
@@ -536,10 +545,11 @@ A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is may be fully qualified or relative. If not fully qualified it is
relative to the \fI@prefix@/libexec\fR directory. Any additional parameters relative to the \fI@prefix@/libexec\fR directory. Any additional
after the \fIpath\fR are ignored. parameters after the \fIpath\fR are ignored. Lines that don't begin
with \f(CW\*(C`Plugin\*(C'\fR or \f(CW\*(C`Path\*(C'\fR are silently ignored
.PP .PP
For more information, see the \*(L"\fIsudo_plugin\fR\|(@mansectsu@) manual.\*(R" For more information, see the \fIsudo_plugin\fR\|(@mansectsu@) manual.
.SH "RETURN VALUES" .SH "RETURN VALUES"
.IX Header "RETURN VALUES" .IX Header "RETURN VALUES"
Upon successful execution of a program, the exit status from \fBsudo\fR Upon successful execution of a program, the exit status from \fBsudo\fR
@@ -713,7 +723,7 @@ is not set
.ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24 .ie n .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.el .IP "\fI@sysconfdir@/sudo.conf\fR" 24 .el .IP "\fI@sysconfdir@/sudo.conf\fR" 24
.IX Item "@sysconfdir@/sudo.conf" .IX Item "@sysconfdir@/sudo.conf"
\&\fBsudo\fR plugin configuration \&\fBsudo\fR plugin and path configuration
.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 .ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .el .IP "\fI@sysconfdir@/sudoers\fR" 24
.IX Item "@sysconfdir@/sudoers" .IX Item "@sysconfdir@/sudoers"
@@ -777,7 +787,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.IX Header "SEE ALSO" .IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2), \&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
.if \n(LC \&\fIlogin_cap\fR\|(3), .if \n(LC \&\fIlogin_cap\fR\|(3),
\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), "\fIsudo_plugin\fR\|(@mansectsu@), "\fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)"" \&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(@mansectform@), \fIsudo_plugin\fR\|(@mansectsu@), \fIsudoreplay\fR\|(@mansectsu@), \fIvisudo\fR\|(@mansectsu@)
.SH "AUTHORS" .SH "AUTHORS"
.IX Header "AUTHORS" .IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years; this Many people have worked on \fBsudo\fR over the years; this
@@ -832,12 +842,3 @@ including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0 and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
for complete details. for complete details.
.SH "POD ERRORS"
.IX Header "POD ERRORS"
Hey! \fBThe above document had some coding errors, which are explained below:\fR
.IP "Around line 442:" 4
.IX Item "Around line 442:"
Unterminated L<...> sequence
.IP "Around line 678:" 4
.IX Item "Around line 678:"
Unterminated L<L<...>> sequence

28
doc/sudo.pod
View File

@@ -115,11 +115,17 @@ B<sudo> accepts the following command line options:
Normally, if B<sudo> requires a password, it will read it from the Normally, if B<sudo> requires a password, it will read it from the
current terminal. If the B<-A> (I<askpass>) option is specified, current terminal. If the B<-A> (I<askpass>) option is specified,
a (possibly graphical) helper program is executed to read the a (possibly graphical) helper program is executed to read the user's
user's password and output the password to the standard output. If password and output the password to the standard output. If the
the C<SUDO_ASKPASS> environment variable is set, it specifies the C<SUDO_ASKPASS> environment variable is set, it specifies the path
path to the helper program. Otherwise, the value specified by the to the helper program. Otherwise, if F<@sysconfdir@/sudo.conf>
I<askpass> option in L<sudoers(5)> is used. contains a line specifying the askpass program that value will be
used. For example:
# Path to askpass helper program
Path askpass /usr/X11R6/bin/ssh-askpass
If no askpass program is available, sudo will exit with an error.
=item -a I<type> =item -a I<type>
@@ -422,6 +428,7 @@ F<@sysconfdir@/sudo.conf> file.
# #
# Format: # Format:
# Plugin plugin_name plugin_path # Plugin plugin_name plugin_path
# Path askpass path/to/askpass
# #
# The plugin_path is relative to @prefix@/libexec unless # The plugin_path is relative to @prefix@/libexec unless
# fully qualified. # fully qualified.
@@ -436,10 +443,11 @@ I<symbol_name> and the I<path> to the shared object containing the
plugin. The I<symbol_name> is the name of the C<struct policy_plugin> plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path> or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is may be fully qualified or relative. If not fully qualified it is
relative to the F<@prefix@/libexec> directory. Any additional parameters relative to the F<@prefix@/libexec> directory. Any additional
after the I<path> are ignored. parameters after the I<path> are ignored. Lines that don't begin
with C<Plugin> or C<Path> are silently ignored
For more information, see the L<sudo_plugin(8) manual. For more information, see the L<sudo_plugin(8)> manual.
=head1 RETURN VALUES =head1 RETURN VALUES
@@ -622,7 +630,7 @@ is not set
=item F<@sysconfdir@/sudo.conf> =item F<@sysconfdir@/sudo.conf>
B<sudo> plugin configuration B<sudo> plugin and path configuration
=item F<@sysconfdir@/sudoers> =item F<@sysconfdir@/sudoers>
@@ -677,7 +685,7 @@ to make the C<cd> and file redirection work.
L<grep(1)>, L<su(1)>, L<stat(2)>, L<grep(1)>, L<su(1)>, L<stat(2)>,
L<login_cap(3)>, L<login_cap(3)>,
L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8), L<sudoreplay(8), L<visudo(8)> L<passwd(5)>, L<sudoers(5)>, L<sudo_plugin(8)>, L<sudoreplay(8)>, L<visudo(8)>
=head1 AUTHORS =head1 AUTHORS

74
doc/sudo_plugin.cat
View File

@@ -31,7 +31,8 @@ SSuuddoo PPlluuggiinn AAPPII
io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified
or relative. If not fully qualified it is relative to the or relative. If not fully qualified it is relative to the
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. Any additional parameters after the _p_a_t_h
are ignored. are ignored. Lines that don't begin with Plugin or Path are silently
ignored.
The same shared object may contain multiple plugins, each with a The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid 0 different symbol name. The shared object file must be owned by uid 0
@@ -44,6 +45,7 @@ SSuuddoo PPlluuggiinn AAPPII
# #
# Format: # Format:
# Plugin plugin_name plugin_path # Plugin plugin_name plugin_path
# Path askpass /path/to/askpass
# #
# The plugin_path is relative to /usr/local/libexec unless # The plugin_path is relative to /usr/local/libexec unless
# fully qualified. # fully qualified.
@@ -56,8 +58,6 @@ SSuuddoo PPlluuggiinn AAPPII
PPoolliiccyy PPlluuggiinn AAPPII PPoolliiccyy PPlluuggiinn AAPPII
A policy plugin must declare and populate a policy_plugin struct in the A policy plugin must declare and populate a policy_plugin struct in the
global scope. This structure contains pointers to the functions that global scope. This structure contains pointers to the functions that
implement the ssuuddoo policy checks. The name of the symbol should be
specified in _/_e_t_c_/_s_u_d_o_._c_o_n_f along with a path to the plugin so that
@@ -70,6 +70,8 @@ SSuuddoo PPlluuggiinn AAPPII
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
implement the ssuuddoo policy checks. The name of the symbol should be
specified in _/_e_t_c_/_s_u_d_o_._c_o_n_f along with a path to the plugin so that
ssuuddoo can load it. ssuuddoo can load it.
struct policy_plugin { struct policy_plugin {
@@ -121,9 +123,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
the major and minor version number of the plugin API supported the major and minor version number of the plugin API supported
by ssuuddoo. by ssuuddoo.
conversation
A pointer to the conversation function that can be used by the
plugin to interact with the user (see below).
@@ -136,6 +136,10 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
conversation
A pointer to the conversation function that can be used by the
plugin to interact with the user (see below).
plugin_printf plugin_printf
A pointer to a printf-style function that may be used to A pointer to a printf-style function that may be used to
display informational or error messages (see below). display informational or error messages (see below).
@@ -186,10 +190,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
set _i_m_p_l_i_e_d___s_h_e_l_l to true. This allows ssuuddoo with no set _i_m_p_l_i_e_d___s_h_e_l_l to true. This allows ssuuddoo with no
arguments to be used similarly to _s_u(1). If the plugin arguments to be used similarly to _s_u(1). If the plugin
does not to support this usage, it may return a value of -2 does not to support this usage, it may return a value of -2
from the check_policy function, which will cause ssuuddoo to
print a usage message and exit.
@@ -202,6 +202,9 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
from the check_policy function, which will cause ssuuddoo to
print a usage message and exit.
preserve_groups=bool preserve_groups=bool
Set to true if the user specified the -P flag, indicating Set to true if the user specified the -P flag, indicating
that the user wishes to preserve the group vector instead that the user wishes to preserve the group vector instead
@@ -254,9 +257,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
Additional settings may be added in the future so the plugin Additional settings may be added in the future so the plugin
should silently ignore settings that it does not recognize. should silently ignore settings that it does not recognize.
user_info
A vector of information about the user running the command in
1.8.0a2 June 9, 2010 4 1.8.0a2 June 9, 2010 4
@@ -268,6 +268,8 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
user_info
A vector of information about the user running the command in
the form of "name=value" strings. The vector is terminated by the form of "name=value" strings. The vector is terminated by
a NULL pointer. a NULL pointer.
@@ -321,8 +323,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
close close
void (*close)(int exit_status, int error); void (*close)(int exit_status, int error);
The close function is called when the command being run by ssuuddoo
1.8.0a2 June 9, 2010 5 1.8.0a2 June 9, 2010 5
@@ -334,6 +334,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
The close function is called when the command being run by ssuuddoo
finishes. finishes.
The function arguments are as follows: The function arguments are as follows:
@@ -387,7 +388,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
not allowed, -1 for a general error, or -2 for a usage error or if not allowed, -1 for a general error, or -2 for a usage error or if
ssuuddooeeddiitt was specified but is unsupported by the plugin. In the ssuuddooeeddiitt was specified but is unsupported by the plugin. In the
latter case, ssuuddoo will print a usage message before it exits. If latter case, ssuuddoo will print a usage message before it exits. If
an error occurs, the plugin may optionally call the conversation or
@@ -400,6 +400,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
an error occurs, the plugin may optionally call the conversation or
plugin_printf function with SUDO_CONF_ERROR_MSG to present plugin_printf function with SUDO_CONF_ERROR_MSG to present
additional error information to the user. additional error information to the user.
@@ -453,7 +454,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
runas_groups=list runas_groups=list
The supplementary group vector to use for the command in The supplementary group vector to use for the command in
the form of a comma-separated list of group IDs. If the form of a comma-separated list of group IDs. If
_p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, this option is ignored.
@@ -466,6 +466,8 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
_p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, this option is ignored.
login_class=login_class login_class=login_class
BSD login class to use when setting resource limits and BSD login class to use when setting resource limits and
nice value (optional). This option is only set on systems nice value (optional). This option is only set on systems
@@ -518,8 +520,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
argv_out argv_out
The NULL-terminated argument vector to pass to the _e_x_e_c_v_e_(_) The NULL-terminated argument vector to pass to the _e_x_e_c_v_e_(_)
system call when executing the command. The plugin is
responsible for allocating and populating the vector.
@@ -532,6 +532,9 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
system call when executing the command. The plugin is
responsible for allocating and populating the vector.
user_env_out user_env_out
The NULL-terminated environment vector to use when executing The NULL-terminated environment vector to use when executing
the command. The plugin is responsible for allocating and the command. The plugin is responsible for allocating and
@@ -583,9 +586,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
Returns 1 on success, 0 on failure and -1 on error. On error, the Returns 1 on success, 0 on failure and -1 on error. On error, the
plugin may optionally call the conversation or plugin_printf plugin may optionally call the conversation or plugin_printf
function with SUDO_CONF_ERROR_MSG to present additional error function with SUDO_CONF_ERROR_MSG to present additional error
information to the user.
@@ -598,6 +598,8 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
information to the user.
invalidate invalidate
void (*invalidate)(int remove); void (*invalidate)(int remove);
@@ -651,8 +653,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
const char *msg; const char *msg;
}; };
struct sudo_conv_reply {
1.8.0a2 June 9, 2010 10 1.8.0a2 June 9, 2010 10
@@ -664,6 +664,8 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
struct sudo_conv_reply {
char *reply; char *reply;
}; };
@@ -716,8 +718,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
I/O for logging before passing it on. I/O for logging before passing it on.
The log_ttyin function receives the raw user input from the terminal The log_ttyin function receives the raw user input from the terminal
device (note that this will include input even when echo is disabled,
such as when a password is read). The log_ttyout function receives
@@ -730,6 +730,8 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
device (note that this will include input even when echo is disabled,
such as when a password is read). The log_ttyout function receives
output from the pseudo-tty that is suitable for replaying the user's output from the pseudo-tty that is suitable for replaying the user's
session at a later time. The log_stdin, log_stdout and log_stderr session at a later time. The log_stdin, log_stdout and log_stderr
functions are only called if the standard input, standard output or functions are only called if the standard input, standard output or
@@ -782,8 +784,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
plugin_printf plugin_printf
A pointer to a printf-style function that may be used by the A pointer to a printf-style function that may be used by the
_s_h_o_w___v_e_r_s_i_o_n function to display version information (see _s_h_o_w___v_e_r_s_i_o_n function to display version information (see
show_version below). The plugin_printf function may also be
used to display additional error message to the user.
@@ -796,6 +796,9 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
show_version below). The plugin_printf function may also be
used to display additional error message to the user.
settings settings
A vector of user-supplied ssuuddoo settings in the form of A vector of user-supplied ssuuddoo settings in the form of
"name=value" strings. The vector is terminated by a NULL "name=value" strings. The vector is terminated by a NULL
@@ -847,9 +850,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
The function arguments are as follows: The function arguments are as follows:
exit_status
The command's exit status, as returned by the _w_a_i_t(2) system
call. The value of exit_status is undefined if error is non-
@@ -862,6 +862,9 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
exit_status
The command's exit status, as returned by the _w_a_i_t(2) system
call. The value of exit_status is undefined if error is non-
zero. zero.
error error
@@ -913,9 +916,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
log_stdin log_stdin
int (*log_stdin)(const char *buf, unsigned int len); int (*log_stdin)(const char *buf, unsigned int len);
The _l_o_g___s_t_d_i_n function is only used if the standard input does not
correspond to a tty device. It is called whenever data can be read
from the standard input but before it is passed to the running
@@ -928,6 +928,9 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m) SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
The _l_o_g___s_t_d_i_n function is only used if the standard input does not
correspond to a tty device. It is called whenever data can be read
from the standard input but before it is passed to the running
command. This allows the plugin to reject data if it chooses to command. This allows the plugin to reject data if it chooses to
(for instance if the input contains banned content). Returns 1 if (for instance if the input contains banned content). Returns 1 if
the data should be passed to the command, 0 if the data is rejected the data should be passed to the command, 0 if the data is rejected
@@ -982,9 +985,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0a2 June 9, 2010 15 1.8.0a2 June 9, 2010 15

6
doc/sudo_plugin.man.in
View File

@@ -171,8 +171,9 @@ A \f(CW\*(C`Plugin\*(C'\fR line consists of the \f(CW\*(C`Plugin\*(C'\fR keyword
plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR plugin. The \fIsymbol_name\fR is the name of the \f(CW\*(C`struct policy_plugin\*(C'\fR
or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR or \f(CW\*(C`struct io_plugin\*(C'\fR in the plugin shared object. The \fIpath\fR
may be fully qualified or relative. If not fully qualified it is may be fully qualified or relative. If not fully qualified it is
relative to the \fI@prefix@/libexec\fR directory. Any additional parameters relative to the \fI@prefix@/libexec\fR directory. Any additional
after the \fIpath\fR are ignored. parameters after the \fIpath\fR are ignored. Lines that don't begin
with \f(CW\*(C`Plugin\*(C'\fR or \f(CW\*(C`Path\*(C'\fR are silently ignored.
.PP .PP
The same shared object may contain multiple plugins, each with a The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid different symbol name. The shared object file must be owned by uid
@@ -186,6 +187,7 @@ This limitation does not apply to I/O plugins.
\& # \& #
\& # Format: \& # Format:
\& # Plugin plugin_name plugin_path \& # Plugin plugin_name plugin_path
\& # Path askpass /path/to/askpass
\& # \& #
\& # The plugin_path is relative to @prefix@/libexec unless \& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified. \& # fully qualified.

6
doc/sudo_plugin.pod
View File

@@ -43,8 +43,9 @@ I<symbol_name> and the I<path> to the shared object containing the
plugin. The I<symbol_name> is the name of the C<struct policy_plugin> plugin. The I<symbol_name> is the name of the C<struct policy_plugin>
or C<struct io_plugin> in the plugin shared object. The I<path> or C<struct io_plugin> in the plugin shared object. The I<path>
may be fully qualified or relative. If not fully qualified it is may be fully qualified or relative. If not fully qualified it is
relative to the F<@prefix@/libexec> directory. Any additional parameters relative to the F<@prefix@/libexec> directory. Any additional
after the I<path> are ignored. parameters after the I<path> are ignored. Lines that don't begin
with C<Plugin> or C<Path> are silently ignored.
The same shared object may contain multiple plugins, each with a The same shared object may contain multiple plugins, each with a
different symbol name. The shared object file must be owned by uid different symbol name. The shared object file must be owned by uid
@@ -57,6 +58,7 @@ This limitation does not apply to I/O plugins.
# #
# Format: # Format:
# Plugin plugin_name plugin_path # Plugin plugin_name plugin_path
# Path askpass /path/to/askpass
# #
# The plugin_path is relative to @prefix@/libexec unless # The plugin_path is relative to @prefix@/libexec unless
# fully qualified. # fully qualified.

23
plugins/sudoers/check.c
View File

@@ -136,27 +136,8 @@ check_user(int validated, int mode)
return -1; return -1;
} }
#if 0 /* XXX - checks need to be done in main driver */ /* XXX - should not lecture if askpass help is being used. */
/* If user specified -A, make sure we have an askpass helper. */ lecture(status);
if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
if (user_askpass == NULL)
log_error(NO_MAIL,
"no askpass program specified, try setting SUDO_ASKPASS");
} else if (!ISSET(tgetpass_flags, TGP_STDIN)) {
/* If no tty but DISPLAY is set, use askpass if we have it. */
if (!user_ttypath && !tty_present()) {
if (user_askpass && user_display && *user_display != '\0') {
SET(tgetpass_flags, TGP_ASKPASS);
} else if (!def_visiblepw) {
log_error(NO_MAIL,
"no tty present and no askpass program specified");
}
}
}
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
#endif
lecture(status);
/* Expand any escapes in the prompt. */ /* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt, prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,

4
plugins/sudoers/def_data.c
View File

@@ -286,10 +286,6 @@ struct sudo_defs_types sudo_defs_table[] = {
"type", T_STR, "type", T_STR,
"SELinux type to use in the new security context: %s", "SELinux type to use in the new security context: %s",
NULL, NULL,
}, {
"askpass", T_STR|T_PATH|T_BOOL,
"Path to the askpass helper program: %s",
NULL,
}, { }, {
"env_file", T_STR|T_PATH|T_BOOL, "env_file", T_STR|T_PATH|T_BOOL,
"Path to the sudo-specific environment file: %s", "Path to the sudo-specific environment file: %s",

42
plugins/sudoers/def_data.h
View File

@@ -130,28 +130,26 @@
#define I_ROLE 64 #define I_ROLE 64
#define def_type (sudo_defs_table[65].sd_un.str) #define def_type (sudo_defs_table[65].sd_un.str)
#define I_TYPE 65 #define I_TYPE 65
#define def_askpass (sudo_defs_table[66].sd_un.str) #define def_env_file (sudo_defs_table[66].sd_un.str)
#define I_ASKPASS 66 #define I_ENV_FILE 66
#define def_env_file (sudo_defs_table[67].sd_un.str) #define def_sudoers_locale (sudo_defs_table[67].sd_un.str)
#define I_ENV_FILE 67 #define I_SUDOERS_LOCALE 67
#define def_sudoers_locale (sudo_defs_table[68].sd_un.str) #define def_visiblepw (sudo_defs_table[68].sd_un.flag)
#define I_SUDOERS_LOCALE 68 #define I_VISIBLEPW 68
#define def_visiblepw (sudo_defs_table[69].sd_un.flag) #define def_pwfeedback (sudo_defs_table[69].sd_un.flag)
#define I_VISIBLEPW 69 #define I_PWFEEDBACK 69
#define def_pwfeedback (sudo_defs_table[70].sd_un.flag) #define def_fast_glob (sudo_defs_table[70].sd_un.flag)
#define I_PWFEEDBACK 70 #define I_FAST_GLOB 70
#define def_fast_glob (sudo_defs_table[71].sd_un.flag) #define def_umask_override (sudo_defs_table[71].sd_un.flag)
#define I_FAST_GLOB 71 #define I_UMASK_OVERRIDE 71
#define def_umask_override (sudo_defs_table[72].sd_un.flag) #define def_log_input (sudo_defs_table[72].sd_un.flag)
#define I_UMASK_OVERRIDE 72 #define I_LOG_INPUT 72
#define def_log_input (sudo_defs_table[73].sd_un.flag) #define def_log_output (sudo_defs_table[73].sd_un.flag)
#define I_LOG_INPUT 73 #define I_LOG_OUTPUT 73
#define def_log_output (sudo_defs_table[74].sd_un.flag) #define def_compress_io (sudo_defs_table[74].sd_un.flag)
#define I_LOG_OUTPUT 74 #define I_COMPRESS_IO 74
#define def_compress_io (sudo_defs_table[75].sd_un.flag) #define def_use_pty (sudo_defs_table[75].sd_un.flag)
#define I_COMPRESS_IO 75 #define I_USE_PTY 75
#define def_use_pty (sudo_defs_table[76].sd_un.flag)
#define I_USE_PTY 76
enum def_tupple { enum def_tupple {
never, never,

3
plugins/sudoers/def_data.in
View File

@@ -211,9 +211,6 @@ role
type type
T_STR T_STR
"SELinux type to use in the new security context: %s" "SELinux type to use in the new security context: %s"
askpass
T_STR|T_PATH|T_BOOL
"Path to the askpass helper program: %s"
env_file env_file
T_STR|T_PATH|T_BOOL T_STR|T_PATH|T_BOOL
"Path to the sudo-specific environment file: %s" "Path to the sudo-specific environment file: %s"

3
plugins/sudoers/defaults.c
View File

@@ -444,9 +444,6 @@ init_defaults(void)
#endif #endif
#ifdef ENV_EDITOR #ifdef ENV_EDITOR
def_env_editor = TRUE; def_env_editor = TRUE;
#endif
#ifdef _PATH_SUDO_ASKPASS
def_askpass = estrdup(_PATH_SUDO_ASKPASS);
#endif #endif
def_sudoers_locale = estrdup("C"); def_sudoers_locale = estrdup("C");
def_env_reset = TRUE; def_env_reset = TRUE;

6
plugins/sudoers/sudoers.c
View File

@@ -718,10 +718,6 @@ init_vars(char * const envp[])
for (ep = envp; *ep; ep++) { for (ep = envp; *ep; ep++) {
/* XXX - don't fill in if empty string */ /* XXX - don't fill in if empty string */
switch (**ep) { switch (**ep) {
case 'D':
if (strncmp("DISPLAY=", *ep, 8) == 0)
user_display = *ep + 8;
break;
case 'K': case 'K':
if (strncmp("KRB5CCNAME=", *ep, 11) == 0) if (strncmp("KRB5CCNAME=", *ep, 11) == 0)
user_ccname = *ep + 11; user_ccname = *ep + 11;
@@ -735,8 +731,6 @@ init_vars(char * const envp[])
user_prompt = *ep + 12; user_prompt = *ep + 12;
else if (strncmp("SUDO_USER=", *ep, 10) == 0) else if (strncmp("SUDO_USER=", *ep, 10) == 0)
prev_user = *ep + 10; prev_user = *ep + 10;
else if (strncmp("SUDO_ASKPASS=", *ep, 13) == 0)
user_askpass = *ep + 13;
break; break;
} }
} }

4
plugins/sudoers/sudoers.h
View File

@@ -60,8 +60,6 @@ struct sudo_user {
char *cmnd_safe; char *cmnd_safe;
char *class_name; char *class_name;
char *krb5_ccname; char *krb5_ccname;
char *display;
char *askpass;
int closefrom; int closefrom;
int ngroups; int ngroups;
uid_t uid; uid_t uid;
@@ -171,8 +169,6 @@ struct sudo_user {
#define user_host (sudo_user.host) #define user_host (sudo_user.host)
#define user_shost (sudo_user.shost) #define user_shost (sudo_user.shost)
#define user_ccname (sudo_user.krb5_ccname) #define user_ccname (sudo_user.krb5_ccname)
#define user_display (sudo_user.display)
#define user_askpass (sudo_user.askpass)
#define safe_cmnd (sudo_user.cmnd_safe) #define safe_cmnd (sudo_user.cmnd_safe)
#define login_class (sudo_user.class_name) #define login_class (sudo_user.class_name)
#define runas_pw (sudo_user._runas_pw) #define runas_pw (sudo_user._runas_pw)

39
src/load_plugins.c
View File

@@ -82,22 +82,35 @@ sudo_read_conf(const char *conf_file)
if (*cp == '\0') if (*cp == '\0')
continue; continue;
/* Look for a line starting with "Plugin" */ /* Look for a line starting with "Path" */
if (strncasecmp(cp, "Plugin", 6) != 0) if (strncasecmp(cp, "Path", 4) == 0) {
continue; /* Parse line */
if ((name = strtok(cp + 4, " \t")) == NULL ||
/* Parse line */ (path = strtok(NULL, " \t")) == NULL) {
if ((name = strtok(cp + 6, " \t")) == NULL || continue;
(path = strtok(NULL, " \t")) == NULL) { }
if (strcasecmp(name, "askpass") != 0)
continue;
/* XXX - Just set in environment for now */
setenv("SUDO_ASKPASS", path, 0);
continue; continue;
} }
info = emalloc(sizeof(*info)); /* Look for a line starting with "Plugin" */
info->symbol_name = estrdup(name); if (strncasecmp(cp, "Plugin", 6) == 0) {
info->path = estrdup(path); /* Parse line */
info->prev = info; if ((name = strtok(cp + 6, " \t")) == NULL ||
info->next = NULL; (path = strtok(NULL, " \t")) == NULL) {
tq_append(&pil, info); continue;
}
info = emalloc(sizeof(*info));
info->symbol_name = estrdup(name);
info->path = estrdup(path);
info->prev = info;
info->next = NULL;
tq_append(&pil, info);
continue;
}
} }
fclose(fp); fclose(fp);

5
src/parse_args.c
View File

@@ -367,6 +367,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
sudo_settings[ARG_IMPLIED_SHELL].value = "true"; sudo_settings[ARG_IMPLIED_SHELL].value = "true";
} }
#ifndef _PATH_SUDO_ASKPASS
if (ISSET(tgetpass_flags, TGP_ASKPASS) && !getenv("SUDO_ASKPASS"))
errorx(1, "no askpass program specified, try setting SUDO_ASKPASS");
#endif
if (mode == MODE_HELP) if (mode == MODE_HELP)
usage(0); usage(0);

23
src/tgetpass.c
View File

@@ -79,16 +79,25 @@ tgetpass(const char *prompt, int timeout, int flags)
(void) fflush(stdout); (void) fflush(stdout);
/* If using a helper program to get the password, run it instead. */ if (askpass == NULL) {
/* XXX - askpass may be set by policy */ askpass = getenv("SUDO_ASKPASS");
if (ISSET(flags, TGP_ASKPASS)) {
if (!askpass) {
askpass = getenv("SUDO_ASKPASS");
#ifdef _PATH_SUDO_ASKPASS #ifdef _PATH_SUDO_ASKPASS
if (!askpass) if (askpass == NULL)
askpass = _PATH_SUDO_ASKPASS; askpass = _PATH_SUDO_ASKPASS;
#endif #endif
}
/* If no tty present and we need to disable echo, try askpass. */
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS) && !tty_present()) {
if (askpass == NULL || getenv("DISPLAY") == NULL) {
warningx("no tty present and no askpass program specified");
return(NULL);
} }
SET(flags, TGP_ASKPASS);
}
/* If using a helper program to get the password, run it instead. */
if (ISSET(flags, TGP_ASKPASS)) {
if (askpass && *askpass) if (askpass && *askpass)
return(sudo_askpass(askpass, prompt)); return(sudo_askpass(askpass, prompt));
} }