640) New %p prompt escape that expands to the user whose password
is being prompted, as specified by the rootpw, targetpw and
runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
+
+Sudo 1.6.9p11 released.
+
+641) Added a configure check for the ber_set_option() function.
+
+642) Fixed a compilation problem with the HP-UX K&R C compiler.
+
+643) Revamped the Kerberos 5 ticket verification code.
+
+644) Added support for the checkpeer ldap.conf variable for
+ netscape-based LDAP SDKs.
+
+645) Fixed a problem where an incomplete password could be echoed
+ to the screen if there was a read timeout.
+
+Sudo 1.6.9p12 released.
#
# @configure_input@
#
-# $Sudo: Makefile.in,v 1.246.2.22 2008/01/05 23:31:51 millert Exp $
+# $Sudo: Makefile.in,v 1.246.2.23 2008/01/14 12:22:57 millert Exp $
#
#### Start of system configuration section. ####
LIBOBJS = @LIBOBJS@ @ALLOCA@
-VERSION = 1.6.9p11
+VERSION = 1.6.9p12
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP \
#uri ldaps://secureldapserver
#uri ldaps://secureldapserver ldap://ldapserver
#
+ # The amount of time, in seconds, to wait while trying to connect to
+ # an LDAP server.
+ bind_timelimit 30
+ #
+ # The amount of time, in seconds, to wait while performing an LDAP query.
+ timelimit 30
+ #
# must be set or sudo will ignore LDAP
sudoers_base ou=SUDOers,dc=example,dc=com
#
#ssl start_tls
#
# Additional TLS options follow that allow tweaking of the
- # SSL/TLS connection. Only supported when using OpenLDAP.
+ # SSL/TLS connection.
#
#tls_checkpeer yes # verify server SSL certificate
#tls_checkpeer no # ignore server SSL certificate
sudoCommand: ALL
Another difference is that negations on the Host, User or Runas are
-currently ignorred. For example, these attributes do not work how they first
-seem. If you desperately want this to be changed, contact Aaron Spangler
-(aaron@spangler.ods.org).
+currently ignorred. For example, these attributes do not work how
+they first seem.
# does not match all but joe
# rather, does not match anyone
#include "sudo_auth.h"
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.23.2.4 2007/06/12 01:28:42 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.23.2.7 2008/01/13 14:54:40 millert Exp $";
#endif /* lint */
#ifdef HAVE_HEIMDAL
#endif
#ifndef HAVE_KRB5_VERIFY_USER
-static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *));
+static int verify_krb_v5_tgt __P((krb5_context, krb5_creds *, char *));
#endif
static struct _sudo_krb5_data {
krb5_context sudo_context;
} sudo_krb5_data = { NULL, NULL, NULL };
typedef struct _sudo_krb5_data *sudo_krb5_datap;
-extern const krb5_cc_ops krb5_mcc_ops;
-
int
kerb5_init(pw, promptp, auth)
struct passwd *pw;
free(pname);
#endif
- /* For CNS compatibility */
- if ((error = krb5_cc_register(sudo_context, &krb5_mcc_ops, FALSE))) {
- if (error != KRB5_CC_TYPE_EXISTS) {
- log_error(NO_EXIT|NO_MAIL,
- "%s: unable to use Memory ccache: %s", auth->name,
- error_message(error));
- return(AUTH_FAILURE);
- }
- }
-
(void) snprintf(cache_name, sizeof(cache_name), "MEMORY:sudocc_%ld",
(long) getpid());
if ((error = krb5_cc_resolve(sudo_context, cache_name,
}
ccache = sudo_krb5_data.ccache;
- if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
- log_error(NO_EXIT|NO_MAIL,
- "%s: unable to initialize ccache: %s", auth->name,
- error_message(error));
- return(AUTH_FAILURE);
- }
-
return(AUTH_SUCCESS);
}
{
krb5_context sudo_context;
krb5_principal princ;
+ krb5_creds credbuf, *creds = NULL;
krb5_ccache ccache;
- krb5_creds creds;
krb5_error_code error;
- krb5_get_init_creds_opt opts;
+ krb5_get_init_creds_opt *opts = NULL;
sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
princ = ((sudo_krb5_datap) auth->data)->princ;
ccache = ((sudo_krb5_datap) auth->data)->ccache;
- /* Initialize options to defaults */
- krb5_get_init_creds_opt_init(&opts);
+ /* Set default flags based on the local config file. */
+ error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
+ if (error) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to allocate options: %s", auth->name,
+ error_message(error));
+ goto done;
+ }
+ krb5_get_init_creds_opt_set_default_flags(sudo_context, NULL,
+ krb5_principal_get_realm(sudo_context, princ), opts);
/* Note that we always obtain a new TGT to verify the user */
- if ((error = krb5_get_init_creds_password(sudo_context, &creds, princ,
+ if ((error = krb5_get_init_creds_password(sudo_context, &credbuf, princ,
pass, krb5_prompter_posix,
- NULL, 0, NULL, &opts))) {
- if (error == KRB5KRB_AP_ERR_BAD_INTEGRITY) /* Bad password */
- return(AUTH_FAILURE);
- /* Some other error */
- log_error(NO_EXIT|NO_MAIL,
- "%s: unable to get credentials: %s", auth->name,
- error_message(error));
- return(AUTH_FAILURE);
+ NULL, 0, NULL, opts))) {
+ /* Don't print error if just a bad password */
+ if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to get credentials: %s", auth->name,
+ error_message(error));
+ goto done;
}
+ creds = &credbuf;
+
+ /* Verify the TGT to prevent spoof attacks. */
+ if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name)))
+ goto done;
- /* Stash the TGT so we can verify it. */
- if ((error = krb5_cc_store_cred(sudo_context, ccache, &creds))) {
+ /* Store cred in cred cache. */
+ if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
+ log_error(NO_EXIT|NO_MAIL,
+ "%s: unable to initialize ccache: %s", auth->name,
+ error_message(error));
+ } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
log_error(NO_EXIT|NO_MAIL,
- "%s: unable to store credentials: %s", auth->name,
+ "%s: unable to store cred in ccache: %s", auth->name,
error_message(error));
- } else {
- error = verify_krb_v5_tgt(sudo_context, ccache, auth->name);
}
- krb5_free_cred_contents(sudo_context, &creds);
+done:
+ if (opts)
+ krb5_get_init_creds_opt_free(opts);
+ if (creds)
+ krb5_free_cred_contents(sudo_context, creds);
return (error ? AUTH_FAILURE : AUTH_SUCCESS);
}
#endif
#ifndef HAVE_KRB5_VERIFY_USER
/*
- * This routine with some modification is from the MIT V5B6 appl/bsd/login.c
- *
* Verify the Kerberos ticket-granting ticket just retrieved for the
* user. If the Kerberos server doesn't respond, assume the user is
* trying to fake us out (since we DID just get a TGT from what is
- * supposedly our KDC). If the host/<host> service is unknown (i.e.,
- * the local keytab doesn't have it), return success but log the error.
- *
- * This needs to run as root (to read the host service ticket).
+ * supposedly our KDC).
*
* Returns 0 for successful authentication, non-zero for failure.
*/
static int
-verify_krb_v5_tgt(sudo_context, ccache, auth_name)
+verify_krb_v5_tgt(sudo_context, cred, auth_name)
krb5_context sudo_context;
- krb5_ccache ccache;
+ krb5_creds *cred;
char *auth_name; /* For error reporting */
{
- char phost[BUFSIZ];
krb5_error_code error;
- krb5_principal princ;
- krb5_data packet;
- krb5_keyblock *keyblock = 0;
- krb5_auth_context auth_context = NULL;
-
- packet.data = 0;
+ krb5_principal server;
+ krb5_verify_init_creds_opt vopt;
/*
* Get the server principal for the local host.
* (Use defaults of "host" and canonicalized local name.)
*/
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
- KRB5_NT_SRV_HST, &princ))) {
+ KRB5_NT_SRV_HST, &server))) {
log_error(NO_EXIT|NO_MAIL,
"%s: unable to get host principal: %s", auth_name,
error_message(error));
return(-1);
}
- /* Extract the name directly. Yow. */
- strlcpy(phost, extract_name(sudo_context, princ), sizeof(phost));
-
- /*
- * Do we have host/<host> keys?
- * (use default keytab, kvno IGNORE_VNO to get the first match,
- * and enctype is currently ignored anyhow.)
- */
- if ((error = krb5_kt_read_service_key(sudo_context, NULL, princ, 0,
- 0, &keyblock))) {
- /* Keytab or service key does not exist. */
- log_error(NO_EXIT,
- "%s: host service key not found: %s", auth_name,
- error_message(error));
- goto cleanup;
- }
- if (keyblock)
- krb5_free_keyblock(sudo_context, keyblock);
-
- /* Talk to the kdc and construct the ticket. */
- error = krb5_mk_req(sudo_context, &auth_context, 0, "host", phost,
- NULL, ccache, &packet);
- if (auth_context) {
- krb5_auth_con_free(sudo_context, auth_context);
- auth_context = NULL; /* setup for rd_req */
- }
-
- /* Try to use the ticket. */
- if (!error)
- error = krb5_rd_req(sudo_context, &auth_context, &packet, princ,
- NULL, NULL, NULL);
-cleanup:
- if (packet.data)
- krb5_free_data_contents(sudo_context, &packet);
- krb5_free_principal(sudo_context, princ);
+ /* Initialize verify opts and set secure mode */
+ krb5_verify_init_creds_opt_init(&vopt);
+ krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1);
+ /* verify the Kerberos ticket-granting ticket we just retrieved */
+ error = krb5_verify_init_creds(sudo_context, cred, server, NULL,
+ NULL, &vopt);
+ krb5_free_principal(sudo_context, server);
if (error)
log_error(NO_EXIT|NO_MAIL,
"%s: Cannot verify TGT! Possible attack!: %s", auth_name,
/* Define to 1 if you have the `ldap_initialize' function. */
#undef HAVE_LDAP_INITIALIZE
+/* Define to 1 if you have the <ldap_ssl.h> header file. */
+#undef HAVE_LDAP_SSL_H
+
/* Define to 1 if you have the `ldap_start_tls_s' function. */
#undef HAVE_LDAP_START_TLS_S
/* Define to 1 if you have the `ldapssl_init' function. */
#undef HAVE_LDAPSSL_INIT
+/* Define to 1 if you have the `ldapssl_set_strength' function. */
+#undef HAVE_LDAPSSL_SET_STRENGTH
+
/* Define to 1 if you have the `lockf' function. */
#undef HAVE_LOCKF
/* Define to 1 if you have the `mkstemp' function. */
#undef HAVE_MKSTEMP
+/* Define to 1 if you have the <mps/ldap_ssl.h> header file. */
+#undef HAVE_MPS_LDAP_SSL_H
+
/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
#undef HAVE_NDIR_H
conftest$ac_exeext conftest.$ac_ext
done
if test "$found" = "no"; then
- LDAP_LIBS=" -lldap"
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
{ echo "$as_me:$LINENO: result: not found, using -lldap" >&5
echo "${ECHO_T}not found, using -lldap" >&6; }
else
{ echo "$as_me:$LINENO: result: $LDAP_LIBS" >&5
echo "${ECHO_T}$LDAP_LIBS" >&6; }
+ fi
+ OLIBS="$LIBS"
+ { echo "$as_me:$LINENO: checking for library containing ber_set_option" >&5
+echo $ECHO_N "checking for library containing ber_set_option... $ECHO_C" >&6; }
+if test "${ac_cv_search_ber_set_option+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ber_set_option ();
+int
+main ()
+{
+return ber_set_option ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' lber; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_search_ber_set_option=$ac_res
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext
+ if test "${ac_cv_search_ber_set_option+set}" = set; then
+ break
+fi
+done
+if test "${ac_cv_search_ber_set_option+set}" = set; then
+ :
+else
+ ac_cv_search_ber_set_option=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_search_ber_set_option" >&5
+echo "${ECHO_T}$ac_cv_search_ber_set_option" >&6; }
+ac_res=$ac_cv_search_ber_set_option
+if test "$ac_res" != no; then
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ found=yes
+else
+ found=no
+fi
+
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
fi
{ echo "$as_me:$LINENO: checking whether lber.h is needed" >&5
echo $ECHO_N "checking whether lber.h is needed... $ECHO_C" >&6; }
-for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init
+
+for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
done
+
+for ac_header in ldap_ssl.h mps/ldap_ssl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+
SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.413.2.36 2008/01/03 16:05:42 millert Exp $
+dnl $Sudo: configure.in,v 1.413.2.42 2008/01/21 16:08:27 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
done
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
- LDAP_LIBS=" -lldap"
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
AC_MSG_RESULT([not found, using -lldap])
else
AC_MSG_RESULT([$LDAP_LIBS])
fi
- dnl try again w/o explicitly including lber.h
+ dnl check if we need to link with -llber for ber_set_option
+ OLIBS="$LIBS"
+ AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
+ fi
+ dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init)
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
+ AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break])
SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
LIBS="$_LIBS"
+sudo (1.6.9p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #464890
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
+
sudo (1.6.9p11-3) unstable; urgency=low
* patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
# include <lber.h>
#endif
#include <ldap.h>
+#if defined(HAVE_LDAP_SSL_H)
+# include <ldap_ssl.h>
+#elif defined(HAVE_MPS_LDAP_SSL_H)
+# include <mps/ldap_ssl.h>
+#endif
#include "sudo.h"
#include "parse.h"
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.32 2008/01/05 23:27:10 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.36 2008/01/21 16:08:26 millert Exp $";
#endif /* lint */
#ifndef LINE_MAX
#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
{ "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT,
&ldap_conf.tls_checkpeer },
+#else
+ { "tls_checkpeer", CONF_BOOL, FALSE, -1, &ldap_conf.tls_checkpeer },
#endif
#ifdef LDAP_OPT_X_TLS_CACERTFILE
{ "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
* Interpret SSL option
*/
if (ldap_conf.ssl != NULL) {
- if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
- ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
- else if (_atobool(ldap_conf.ssl))
- ldap_conf.ssl_mode = SUDO_LDAP_SSL;
+ if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
+ ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
+ else if (_atobool(ldap_conf.ssl))
+ ldap_conf.ssl_mode = SUDO_LDAP_SSL;
}
+#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+ if (ldap_conf.tls_checkpeer != -1) {
+ ldapssl_set_strength(NULL,
+ ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK);
+ }
+#endif
+
#ifndef HAVE_LDAP_INITIALIZE
/* Convert uri list to host list if no ldap_initialize(). */
if (ldap_conf.uri) {
#ifdef HAVE_LSEARCH
# include <search.h>
#endif /* HAVE_LSEARCH */
+#include <limits.h>
#include "sudo.h"
#include "parse.h"
#endif /* HAVE_LSEARCH */
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.9 2007/11/21 18:15:49 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.10 2008/01/16 23:20:53 millert Exp $";
#endif /* lint */
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
/*
* Globals
*/
-1.6.9p11 January 5, 2008 1
+1.6.9p12 January 14, 2008 1
-1.6.9p11 January 5, 2008 2
+1.6.9p12 January 14, 2008 2
-1.6.9p11 January 5, 2008 3
+1.6.9p12 January 14, 2008 3
-1.6.9p11 January 5, 2008 4
+1.6.9p12 January 14, 2008 4
-1.6.9p11 January 5, 2008 5
+1.6.9p12 January 14, 2008 5
-1.6.9p11 January 5, 2008 6
+1.6.9p12 January 14, 2008 6
-1.6.9p11 January 5, 2008 7
+1.6.9p12 January 14, 2008 7
-1.6.9p11 January 5, 2008 8
+1.6.9p12 January 14, 2008 8
-1.6.9p11 January 5, 2008 9
+1.6.9p12 January 14, 2008 9
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudo.man.in,v 1.29.2.19 2008/01/05 23:59:42 millert Exp $
+.\" $Sudo: sudo.man.in,v 1.29.2.20 2008/01/14 12:22:57 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "January 14, 2008" "1.6.9p12" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
#ifdef HAVE_LSEARCH
# include <search.h>
#endif /* HAVE_LSEARCH */
+#include <limits.h>
#include "sudo.h"
#include "parse.h"
#endif /* HAVE_LSEARCH */
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.8 2007/11/21 18:15:49 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.11 2008/01/16 23:20:54 millert Exp $";
#endif /* lint */
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
/*
* Globals
*/
}
parse_error = TRUE;
}
-#line 224 "parse.yacc"
+#line 238 "parse.yacc"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
int tok;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
-#line 251 "sudo.tab.c"
+#line 265 "sudo.tab.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 911 "parse.yacc"
+#line 925 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
if (printmatches == TRUE)
expand_match_list();
}
-#line 983 "sudo.tab.c"
+#line 997 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
#ifdef SIZE_MAX
#define YY_SIZE_MAX SIZE_MAX
#else
-#define YY_SIZE_MAX 0xffffffffU
+#define YY_SIZE_MAX 0x7fffffff
#endif
if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
goto bail;
switch (yyn)
{
case 3:
-#line 280 "parse.yacc"
+#line 294 "parse.yacc"
{ ; }
break;
case 4:
-#line 282 "parse.yacc"
+#line 296 "parse.yacc"
{ yyerrok; }
break;
case 5:
-#line 283 "parse.yacc"
+#line 297 "parse.yacc"
{ push; }
break;
case 6:
-#line 283 "parse.yacc"
+#line 297 "parse.yacc"
{
while (top && user_matches != TRUE)
pop;
}
break;
case 7:
-#line 288 "parse.yacc"
+#line 302 "parse.yacc"
{ ; }
break;
case 8:
-#line 290 "parse.yacc"
+#line 304 "parse.yacc"
{ ; }
break;
case 9:
-#line 292 "parse.yacc"
+#line 306 "parse.yacc"
{ ; }
break;
case 10:
-#line 294 "parse.yacc"
+#line 308 "parse.yacc"
{ ; }
break;
case 11:
-#line 296 "parse.yacc"
+#line 310 "parse.yacc"
{ ; }
break;
case 13:
-#line 302 "parse.yacc"
+#line 316 "parse.yacc"
{
defaults_matches = TRUE;
}
break;
case 14:
-#line 305 "parse.yacc"
+#line 319 "parse.yacc"
{ push; }
break;
case 15:
-#line 305 "parse.yacc"
+#line 319 "parse.yacc"
{
defaults_matches = user_matches;
pop;
}
break;
case 16:
-#line 309 "parse.yacc"
+#line 323 "parse.yacc"
{ push; }
break;
case 17:
-#line 309 "parse.yacc"
+#line 323 "parse.yacc"
{
defaults_matches = yyvsp[0].BOOLEAN == TRUE;
pop;
}
break;
case 18:
-#line 313 "parse.yacc"
+#line 327 "parse.yacc"
{ push; }
break;
case 19:
-#line 313 "parse.yacc"
+#line 327 "parse.yacc"
{
defaults_matches = host_matches;
pop;
}
break;
case 22:
-#line 323 "parse.yacc"
+#line 337 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, TRUE)) {
}
break;
case 23:
-#line 331 "parse.yacc"
+#line 345 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, FALSE)) {
}
break;
case 24:
-#line 339 "parse.yacc"
+#line 353 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, TRUE)) {
}
break;
case 25:
-#line 348 "parse.yacc"
+#line 362 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '+')) {
}
break;
case 26:
-#line 357 "parse.yacc"
+#line 371 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '-')) {
}
break;
case 29:
-#line 372 "parse.yacc"
+#line 386 "parse.yacc"
{
/*
* We already did a push if necessary in
}
break;
case 30:
-#line 386 "parse.yacc"
+#line 400 "parse.yacc"
{
SETMATCH(host_matches, yyvsp[0].BOOLEAN);
}
break;
case 31:
-#line 389 "parse.yacc"
+#line 403 "parse.yacc"
{
SETNMATCH(host_matches, yyvsp[0].BOOLEAN);
}
break;
case 32:
-#line 394 "parse.yacc"
+#line 408 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
case 33:
-#line 397 "parse.yacc"
+#line 411 "parse.yacc"
{
if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE;
}
break;
case 34:
-#line 404 "parse.yacc"
+#line 418 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, user_host, user_shost, NULL))
yyval.BOOLEAN = TRUE;
}
break;
case 35:
-#line 411 "parse.yacc"
+#line 425 "parse.yacc"
{
if (hostname_matches(user_shost, user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
}
break;
case 36:
-#line 418 "parse.yacc"
+#line 432 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
}
break;
case 39:
-#line 446 "parse.yacc"
+#line 460 "parse.yacc"
{ SETENV_RESET; }
break;
case 40:
-#line 446 "parse.yacc"
+#line 460 "parse.yacc"
{
/*
* Push the entry onto the stack if it is worth
}
break;
case 41:
-#line 475 "parse.yacc"
+#line 489 "parse.yacc"
{
SETMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
}
break;
case 42:
-#line 478 "parse.yacc"
+#line 492 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 43:
-#line 486 "parse.yacc"
+#line 500 "parse.yacc"
{
SETNMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
}
break;
case 44:
-#line 491 "parse.yacc"
+#line 505 "parse.yacc"
{
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
}
break;
case 45:
-#line 515 "parse.yacc"
+#line 529 "parse.yacc"
{
runas_matches = yyvsp[0].BOOLEAN;
}
break;
case 46:
-#line 520 "parse.yacc"
+#line 534 "parse.yacc"
{ ; }
break;
case 47:
-#line 521 "parse.yacc"
+#line 535 "parse.yacc"
{
/* Later entries override earlier ones. */
if (yyvsp[0].BOOLEAN != NOMATCH)
}
break;
case 48:
-#line 530 "parse.yacc"
+#line 544 "parse.yacc"
{ ; }
break;
case 49:
-#line 531 "parse.yacc"
+#line 545 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 50:
-#line 539 "parse.yacc"
+#line 553 "parse.yacc"
{
/* Set $$ to the negation of runasuser */
yyval.BOOLEAN = (yyvsp[0].BOOLEAN == NOMATCH ? NOMATCH : ! yyvsp[0].BOOLEAN);
}
break;
case 51:
-#line 545 "parse.yacc"
+#line 559 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 52:
-#line 560 "parse.yacc"
+#line 574 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 53:
-#line 575 "parse.yacc"
+#line 589 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 54:
-#line 590 "parse.yacc"
+#line 604 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
}
break;
case 55:
-#line 620 "parse.yacc"
+#line 634 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 56:
-#line 632 "parse.yacc"
+#line 646 "parse.yacc"
{
/* Inherit {NO,}{PASSWD,EXEC,SETENV} status. */
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 57:
-#line 650 "parse.yacc"
+#line 664 "parse.yacc"
{
no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 58:
-#line 656 "parse.yacc"
+#line 670 "parse.yacc"
{
no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 59:
-#line 662 "parse.yacc"
+#line 676 "parse.yacc"
{
no_execve = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 60:
-#line 668 "parse.yacc"
+#line 682 "parse.yacc"
{
no_execve = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 61:
-#line 674 "parse.yacc"
+#line 688 "parse.yacc"
{
setenv_ok = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 62:
-#line 680 "parse.yacc"
+#line 694 "parse.yacc"
{
setenv_ok = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
}
break;
case 63:
-#line 688 "parse.yacc"
+#line 702 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
break;
case 64:
-#line 706 "parse.yacc"
+#line 720 "parse.yacc"
{
aliasinfo *aip;
}
break;
case 65:
-#line 735 "parse.yacc"
+#line 749 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
}
break;
case 68:
-#line 765 "parse.yacc"
+#line 779 "parse.yacc"
{ push; }
break;
case 69:
-#line 765 "parse.yacc"
+#line 779 "parse.yacc"
{
if ((MATCHED(host_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
}
break;
case 74:
-#line 783 "parse.yacc"
+#line 797 "parse.yacc"
{
push;
if (printmatches == TRUE) {
}
break;
case 75:
-#line 792 "parse.yacc"
+#line 806 "parse.yacc"
{
if ((MATCHED(cmnd_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
}
break;
case 76:
-#line 806 "parse.yacc"
+#line 820 "parse.yacc"
{ ; }
break;
case 80:
-#line 814 "parse.yacc"
+#line 828 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
}
break;
case 81:
-#line 822 "parse.yacc"
+#line 836 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
}
break;
case 84:
-#line 839 "parse.yacc"
+#line 853 "parse.yacc"
{ push; }
break;
case 85:
-#line 839 "parse.yacc"
+#line 853 "parse.yacc"
{
if ((MATCHED(user_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
}
break;
case 88:
-#line 854 "parse.yacc"
+#line 868 "parse.yacc"
{
SETMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 89:
-#line 857 "parse.yacc"
+#line 871 "parse.yacc"
{
SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 90:
-#line 862 "parse.yacc"
+#line 876 "parse.yacc"
{
if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
}
break;
case 91:
-#line 869 "parse.yacc"
+#line 883 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
}
break;
case 92:
-#line 876 "parse.yacc"
+#line 890 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
}
break;
case 93:
-#line 883 "parse.yacc"
+#line 897 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
}
break;
case 94:
-#line 905 "parse.yacc"
+#line 919 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1954 "sudo.tab.c"
+#line 1968 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
# Runas alias specification
# User privilege specification
-root ALL=(ALL) SETENV: ALL
+root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
-# and set environment variables.
-# %wheel ALL=(ALL) SETENV: ALL
+# %wheel ALL=(ALL) ALL
# Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
+# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
-1.6.9p11 January 5, 2008 1
+1.6.9p12 January 14, 2008 1
-1.6.9p11 January 5, 2008 2
+1.6.9p12 January 14, 2008 2
-1.6.9p11 January 5, 2008 3
+1.6.9p12 January 14, 2008 3
-1.6.9p11 January 5, 2008 4
+1.6.9p12 January 14, 2008 4
-1.6.9p11 January 5, 2008 5
+1.6.9p12 January 14, 2008 5
-1.6.9p11 January 5, 2008 6
+1.6.9p12 January 14, 2008 6
-1.6.9p11 January 5, 2008 7
+1.6.9p12 January 14, 2008 7
-1.6.9p11 January 5, 2008 8
+1.6.9p12 January 14, 2008 8
-1.6.9p11 January 5, 2008 9
+1.6.9p12 January 14, 2008 9
-1.6.9p11 January 5, 2008 10
+1.6.9p12 January 14, 2008 10
-1.6.9p11 January 5, 2008 11
+1.6.9p12 January 14, 2008 11
-1.6.9p11 January 5, 2008 12
+1.6.9p12 January 14, 2008 12
-1.6.9p11 January 5, 2008 13
+1.6.9p12 January 14, 2008 13
-1.6.9p11 January 5, 2008 14
+1.6.9p12 January 14, 2008 14
-1.6.9p11 January 5, 2008 15
+1.6.9p12 January 14, 2008 15
-1.6.9p11 January 5, 2008 16
+1.6.9p12 January 14, 2008 16
-1.6.9p11 January 5, 2008 17
+1.6.9p12 January 14, 2008 17
-1.6.9p11 January 5, 2008 18
+1.6.9p12 January 14, 2008 18
-1.6.9p11 January 5, 2008 19
+1.6.9p12 January 14, 2008 19
-1.6.9p11 January 5, 2008 20
+1.6.9p12 January 14, 2008 20
-1.6.9p11 January 5, 2008 21
+1.6.9p12 January 14, 2008 21
-1.6.9p11 January 5, 2008 22
+1.6.9p12 January 14, 2008 22
-1.6.9p11 January 5, 2008 23
+1.6.9p12 January 14, 2008 23
-1.6.9p11 January 5, 2008 24
+1.6.9p12 January 14, 2008 24
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: sudoers.man.in,v 1.45.2.21 2008/01/05 23:59:42 millert Exp $
+.\" $Sudo: sudoers.man.in,v 1.45.2.22 2008/01/14 12:22:57 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "January 14, 2008" "1.6.9p12" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
#include "sudo.h"
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.111.2.5 2007/10/17 15:39:43 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.111.2.6 2008/01/16 18:03:24 millert Exp $";
#endif /* lint */
#ifndef TCSASOFT
# define tcsetattr(f, a, t) ioctl(f, a, t)
# undef TCSAFLUSH
# define TCSAFLUSH TCSETAF
-# undef TCSANOW
-# define TCSANOW TCSETA
# else
# undef termios
# define termios sgttyb
# define tcsetattr(f, a, t) ioctl(f, a, t)
# undef TCSAFLUSH
# define TCSAFLUSH TIOCSETP
-# undef TCSANOW
-# define TCSANOW TIOCSETN
# endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */
/* Restore old tty settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
- while (tcsetattr(input, TCSANOW|TCSASOFT, &oterm) == -1 &&
+ while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
errno == EINTR)
continue;
}
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*
- * $Sudo: version.h,v 1.66.2.14 2008/01/05 23:31:52 millert Exp $
+ * $Sudo: version.h,v 1.66.2.15 2008/01/14 12:22:57 millert Exp $
*/
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.9p11";
+static const char version[] = "1.6.9p12";
#endif /* _SUDO_VERSION_H */
-1.6.9p11 January 5, 2008 1
+1.6.9p12 January 14, 2008 1
-1.6.9p11 January 5, 2008 2
+1.6.9p12 January 14, 2008 2
-1.6.9p11 January 5, 2008 3
+1.6.9p12 January 14, 2008 3
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.\" $Sudo: visudo.man.in,v 1.20.2.16 2008/01/05 23:59:42 millert Exp $
+.\" $Sudo: visudo.man.in,v 1.20.2.17 2008/01/14 12:22:57 millert Exp $
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "January 14, 2008" "1.6.9p12" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"