+2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ check_addr needs to link with the network libraries on Solaris
+ [322bd70e316e]
+
+ * plugins/sudoers/match.c:
+ When matching a RunasAlias for a runas group, pass the alias in as
+ the group_list, not the user_list. From Daniel Kopecek.
+ [766545edf141]
+
+ * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
+ We need to init the auth system regardless of whether we need a
+ password since we will be closing the PAM session in the monitor
+ process. Fixes a crash in the monitor on Solaris; bugzilla #518
+ [e82809f86fb3]
+
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
* .hgtags:
Added tag SUDO_1_8_3 for changeset 82bec4d3a203
- [6c953ef6f577] [tip] <1.8>
+ [6c953ef6f577] <1.8>
* Update Japanese sudoers translation from translationproject.org
[82bec4d3a203] [SUDO_1_8_3] <1.8>
+What's new in Sudo 1.8.3p1?
+
+ * Fixed a crash in the monitor process on Solaris when NOPASSWD
+ was specified or when authentication was disabled.
+
+ * Fixed matching of a Runas_Alias in the group section of a
+ Runas_Spec.
+
What's new in Sudo 1.8.3?
* Fixed expansion of strftime() escape sequences in the "log_dir"
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.3.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.3p1.
#
# Report bugs to <http://www.sudo.ws/bugs/>.
#
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.3'
-PACKAGE_STRING='sudo 1.8.3'
+PACKAGE_VERSION='1.8.3p1'
+PACKAGE_STRING='sudo 1.8.3p1'
PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures sudo 1.8.3 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.3p1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of sudo 1.8.3:";;
+ short | recursive ) echo "Configuration of sudo 1.8.3p1:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-sudo configure 1.8.3
+sudo configure 1.8.3p1
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by sudo $as_me 1.8.3, which was
+It was created by sudo $as_me 1.8.3p1, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by sudo $as_me 1.8.3, which was
+This file was extended by sudo $as_me 1.8.3p1, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-sudo config.status 1.8.3
+sudo config.status 1.8.3p1
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
dnl
dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.8.3], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.3p1], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
dnl
dnl Note: this must come after AC_INIT
$(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @LIBDL@
check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS)
- $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(LIBS)
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS)
$(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(LIBS)
char *prompt;
struct stat sb;
int status, rval = TRUE;
+ int need_pass = def_authenticate;
+
+ /*
+ * Init authentication system regardless of whether we need a password.
+ * Required for proper PAM session support.
+ */
+ auth_pw = get_authpw();
+ if (sudo_auth_init(auth_pw) == -1) {
+ rval = -1;
+ goto done;
+ }
+
+ if (need_pass) {
+ /* Always need a password when -k was specified with the command. */
+ if (ISSET(mode, MODE_IGNORE_TICKET)) {
+ SET(validated, FLAG_CHECK_USER);
+ } else {
+ /*
+ * Don't prompt for the root passwd or if the user is exempt.
+ * If the user is not changing uid/gid, no need for a password.
+ */
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name)))
+ || user_is_exempt())
+ need_pass = FALSE;
+ }
+ }
+ if (!need_pass)
+ goto done;
/* Stash the tty's ctime for tty ticket comparison. */
if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
ctim_get(&sb, &tty_info.ctime);
}
- /* Init authentication system regardless of whether we need a password. */
- auth_pw = get_authpw();
- if (sudo_auth_init(auth_pw) == -1) {
- rval = -1;
- goto done;
- }
-
- /* Always prompt for a password when -k was specified with the command. */
- if (ISSET(mode, MODE_IGNORE_TICKET)) {
- SET(validated, FLAG_CHECK_USER);
- } else {
- /*
- * Don't prompt for the root passwd or if the user is exempt.
- * If the user is not changing uid/gid, no need for a password.
- */
- if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
- (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
- user_is_exempt())
- goto done;
- }
-
if (build_timestamp(×tampdir, ×tampfile) == -1) {
rval = -1;
goto done;
break;
case ALIAS:
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
- rval = _runaslist_matches(&a->members, &empty);
+ rval = _runaslist_matches(&empty, &a->members);
if (rval != UNSPEC)
group_matched = m->negated ? !rval : rval;
break;
rebuild_env();
/* Require a password if sudoers says so. */
- if (def_authenticate) {
- int rc = check_user(validated, sudo_mode);
- if (rc != TRUE) {
- rval = rc;
- goto done;
- }
- }
+ rval = check_user(validated, sudo_mode);
+ if (rval != TRUE)
+ goto done;
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
/* XXX - causes confusion when root is not listed in sudoers */