+2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * match.c:
+ When matching the runas user and runas group (-u and -g command line
+ options), keep track of runas group and runas user matches
+ separately. Only return a positive match if we have a match for
+ both runas user and runas group (if specified).
+ [68d30216c13a]
+
+2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * ldap.c, parse.c:
+ Do not return -1 on error from the display functions; the call
+ expects a return value >= 0.
+ [e50e6ae4d06d]
+
+ * ldap.c:
+ display_bound_defaults now returns a count so make the stub return
+ 0, not 1.
+ [97293ced4908]
+
+2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * get_pty.c:
+ It looks like AIX doesn't need to push STREAMS modules for ptys.
+ [62c281fcd4ad]
+
+2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Install sudoers file from the build dir not hte src dir.
+ [a26afd8db531]
+
+2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * set_perms.c:
+ If runas_pw changes, reset the stashed runas aux group vector.
+ Otherwise, if runas_default is set in a per-command Defaults
+ statement, the command runs with root's aux group vector (i.e. the
+ one that was used when locating the command).
+ [24a695707b67]
+
+ * Makefile.in:
+ Add target to generate sudoers file Remove generated sudoers file as
+ part of distclean
+ [448627fc35b6]
+
+2010-08-23 millert <millert@rh4-x86.home.courtesan.com>
+
+ * exec.c:
+ When not logging I/O install a handler for SIGCONT and deliver it to
+ the command upon resume. Fixes bugzilla #431
+ [e84690aa67bd]
+
+2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.c:
+ Don't need to fork and wait when compiled with --disable-pam-session
+ [2ae1bbe4437a]
+
+2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * lbuf.c:
+ Convert a remaining puts() and putchar() to use the output function.
+ [d68c213feb0f]
+
+2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in:
+ Replace sudoers with sudoers.in in DISTFILES
+ [616509f85d6c]
+
+ * env.c:
+ Set dupcheck to TRUE when setting new HOME value if !env_reset but
+ always_set_home is true. Prevents a duplicate HOME in the
+ environment (old value plus the new one) introduced in 9f97e4b43a4b.
+ [2672ae047984]
+
+ * configure, configure.in, sudoers, sudoers.in:
+ Substitute sysconfdir in the installed sudoers file to get the
+ correct path for sudoers.d.
+ [ab14a68e546f]
+
+2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * boottime.c, get_pty.c:
+ Fix typos that prevented compilation on Irix; Friedrich Haubensak
+ [a3e6c5a66890]
+
+2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/pam.c:
+ If the user hits ^C while a password is being read, error out before
+ reading any further passwords in the pam conversation function.
+ Otherwise, if multiple PAM auth methods are required, the user will
+ have to hit ^C for each one.
+ [c8f6bc58fd86]
+
+2010-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * exec.c:
+ Fix waitpid() loop termination condition.
+ [97719b3259f2]
+
+ * exec_pty.c:
+ Use sudo_waitpid() instead of bare waitpid()
+ [624a40269189]
+
+2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Set pp_kit_version and strip off patchlevel
+ [814c87778567]
+
+ * sudo.pp:
+ Better handling of versions with a patchlevel. For rpm and deb, use
+ the patchlevel+1 as the release. For AIX, use the patchlevel as the
+ 4th version number. For the rest, just leave the patchlevel in the
+ version string.
+ [d18ef30f0a72]
+
+2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * auth/sudo_auth.c:
+ For non-standalone auth methods, stop reading the password if the
+ user enters ^C at the prompt.
+ [59d2b1328d1e]
+
+ * check.c:
+ When removing/resetting the timestamp file ignore the tty ticket
+ contents.
+ [8b285f601ec0]
+
+2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * UPGRADE:
+ Fix typo
+ [0f443aa22e96]
+
+2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * check.c:
+ Do not produce a warning for "sudo -k" if the ticket file does not
+ exist.
+ [eeaaa73d7f5b]
+
+2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure:
+ Add cross-compile defaults for remaining AC_TRY_RUN usage.
+ [fb88d22eabc6]
+
+2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+ Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+ and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+ [5e7cc557a46e]
+
2010-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
* .hgtags:
Added tag SUDO_1_7_4 for changeset 2920a3b9d568
- [e929004d5102] [tip]
+ [e929004d5102]
* pp:
Debian: Remove dots from decoded release number AIX: looser matching
mkpkg pathnames.h.in pp sample.pam sample.syslog.conf \
sample.sudoers schema.ActiveDirectory schema.OpenLDAP \
schema.iPlanet siglist.in sudo.cat sudo.man.in sudo.pod sudo.pp \
- sudo_usage.h.in sudoers sudoers.cat sudoers.man.in sudoers.pod \
+ sudo_usage.h.in sudoers.in sudoers.cat sudoers.man.in sudoers.pod \
sudoers.ldap.cat sudoers.ldap.man.in sudoers.ldap.pod \
sudoers2ldif sudoreplay.cat sudoreplay.man.in sudoreplay.pod \
visudo.cat visudo.man.in visudo.pod auth/API sudo.man.pl \
@DEV@LICENSE: $(srcdir)/license.pod
@DEV@ pod2text -l -i0 $(srcdir)/license.pod | sed '1,2d' > $@
+sudoers: $(srcdir)/sudoers.in
+ (cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@)
+
# The 1.7 branch started Jan 18, 2010
ChangeLog:
if test -d $(srcdir)/.hg; then \
$(DESTDIR)$(sudoersdir)/sudoers.d
test -f $(DESTDIR)$(sudoersdir)/sudoers || \
$(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
- $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers
+ sudoers $(DESTDIR)$(sudoersdir)/sudoers
install-doc: install-dirs ChangeLog
(cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
distclean: clean
-rm -rf Makefile pathnames.h config.h config.status config.cache \
- config.log libtool sudo_noexec.lo .libs $(GENERATED) \
+ config.log libtool sudoers sudo_noexec.lo .libs $(GENERATED) \
sudo.man sudoers.man sudoers.ldap.man sudoreplay.man \
visudo.man sudo_usage.h Makefile.binary
use when searching for configuration files. Adding HOME to env_keep
may enable a user to run unrestricted commands via sudo.
- The default syslog facility has changed from "local2" or "authpriv"
+ The default syslog facility has changed from "local2" to "authpriv"
(or "auth" if the operating system doesn't have "authpriv").
The --with-logfac configure option can be used to change this
or it can be changed in the sudoers file.
],
[sudo_cv_func_unsetenv_void=no],
[sudo_cv_func_unsetenv_void=yes],
- [sudo_cv_func_unsetenv_void=yes])])
+ [sudo_cv_func_unsetenv_void=no])])
if test $sudo_cv_func_unsetenv_void = yes; then
AC_DEFINE(UNSETENV_VOID, 1,
[Define to 1 if the `unsetenv' function returns void instead of `int'.])
dnl
dnl check for sa_len field in struct sockaddr
dnl
-AC_DEFUN(SUDO_SOCK_SA_LEN,
-[AC_MSG_CHECKING(for sa_len field in struct sockaddr)
-AC_CACHE_VAL(sudo_cv_sock_sa_len,
-[AC_TRY_RUN([#include <sys/types.h>
-#include <sys/socket.h>
-main() {
-struct sockaddr s;
-s.sa_len = 0;
-exit(0);
-}], sudo_cv_sock_sa_len=yes, sudo_cv_sock_sa_len=no,
- sudo_cv_sock_sa_len=no)
-rm -f core core.* *.core])dnl
-AC_MSG_RESULT($sudo_cv_sock_sa_len)
-if test $sudo_cv_sock_sa_len = yes; then
- AC_DEFINE(HAVE_SA_LEN, 1, [Define if your struct sockadr has an sa_len field.])
-fi
-])
-
+AC_DEFUN(SUDO_SOCK_SA_LEN, [
+ AC_CHECK_MEMBER([struct sockaddr.sa_len],
+ [AC_DEFINE(HAVE_SA_LEN, 1, [Define if your struct sockadr has an sa_len field.])],
+ [],
+ [ #include <sys/types.h>
+ #include <sys/socket.h>]
+ )]
+)
dnl
dnl check for max length of uid_t in string representation.
dnl we can't really trust UID_MAX or MAXUID since they may exist
(void) fprintf(f, "%d\n", strlen(b));
(void) fclose(f);
exit(0);
-}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10)
+}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10, sudo_cv_uid_t_len=10)
])
rm -f conftestdata
AC_MSG_RESULT($sudo_cv_uid_t_len)
AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).])
])
-dnl
-dnl Check for presence of long long and for sizeof(long long) == sizeof(long)
-dnl
-AC_DEFUN(SUDO_TYPE_LONG_LONG,
-[AC_CHECK_TYPES(long long, [AC_DEFINE(HAVE_LONG_LONG, 1, [Define if your compiler supports the "long long" type.])]
-[AC_MSG_CHECKING(for long and long long equivalence)
-AC_CACHE_VAL(sudo_cv_type_long_is_quad,
-[AC_TRY_RUN([
-main() {
-if (sizeof(long long) == sizeof(long)) exit(0);
-else exit(1);
-}], [sudo_cv_type_long_is_quad=yes],
-[sudo_cv_type_long_is_quad=no], [sudo_cv_type_long_is_quad=no])
-rm -f core core.* *.core])dnl
-AC_MSG_RESULT($sudo_cv_type_long_is_quad)
-if test $sudo_cv_type_long_is_quad = yes; then
- AC_DEFINE(LONG_IS_QUAD, 1, [Define if sizeof(long) == sizeof(long long).])
-fi
-])])
-
dnl
dnl append a libpath to an LDFLAGS style variable
dnl
case PAM_PROMPT_ECHO_OFF:
prompt = def_prompt;
+ /* Error out if the last password read was interrupted. */
+ if (gotintr)
+ goto err;
+
/* Is the sudo prompt standard? (If so, we'l just use PAM's) */
std_prompt = strncmp(def_prompt, "Password:", 9) == 0 &&
(def_prompt[9] == '\0' ||
goto cleanup;
}
#ifndef AUTH_STANDALONE
- if (p)
- zero_bytes(p, strlen(p));
+ if (p == NULL)
+ break;
+ zero_bytes(p, strlen(p));
#endif
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
pass_warn(stderr);
int
get_boottime(tv)
- struct timeval *tv
+ struct timeval *tv;
{
return 0;
}
/*
* Check for stored tty info. If the file is zero-sized
* it is an old-style timestamp with no tty info in it.
+ * If removing, we don't care about the contents.
* The actual mtime check is done later.
*/
- if (sb.st_size != 0) {
+ if (ISSET(flags, TS_REMOVE)) {
+ status = TS_OLD;
+ } else if (sb.st_size != 0) {
struct tty_info info;
int fd = open(timestampfile, O_RDONLY, 0644);
if (fd != -1) {
}
} else {
timevalclear(&tv);
- if (touch(-1, path, &tv) == -1)
+ if (touch(-1, path, &tv) == -1 && errno != ENOENT)
error(1, "can't reset %s to Epoch", path);
}
}
/* Define to 1 if you have the <login_cap.h> header file. */
#undef HAVE_LOGIN_CAP_H
-/* Define if your compiler supports the "long long" type. */
-#undef HAVE_LONG_LONG
+/* Define to 1 if the system has the type `long long int'. */
+#undef HAVE_LONG_LONG_INT
/* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48
/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH. */
#undef LOGGING
-/* Define if sizeof(long) == sizeof(long long). */
-#undef LONG_IS_QUAD
-
/* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */
#undef LONG_OTP_PROMPT
/* Define to 1 if you want sudo to set $HOME in shell mode. */
#undef SHELL_SETS_HOME
+/* The size of `long int', as computed by sizeof. */
+#undef SIZEOF_LONG_INT
+
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.65 for sudo 1.7.4.
+# Generated by GNU Autoconf 2.65 for sudo 1.7.4p4.
#
# Report bugs to <http://www.sudo.ws/bugs/>.
#
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.7.4'
-PACKAGE_STRING='sudo 1.7.4'
+PACKAGE_VERSION='1.7.4p4'
+PACKAGE_STRING='sudo 1.7.4p4'
PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures sudo 1.7.4 to adapt to many kinds of systems.
+\`configure' configures sudo 1.7.4p4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of sudo 1.7.4:";;
+ short | recursive ) echo "Configuration of sudo 1.7.4p4:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-sudo configure 1.7.4
+sudo configure 1.7.4p4
generated by GNU Autoconf 2.65
Copyright (C) 2009 Free Software Foundation, Inc.
} # ac_fn_c_check_type
-# ac_fn_c_check_decl LINENO SYMBOL VAR
-# ------------------------------------
-# Tests whether SYMBOL is declared, setting cache variable VAR accordingly.
-ac_fn_c_check_decl ()
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5
-$as_echo_n "checking whether $2 is declared... " >&6; }
-if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
- $as_echo_n "(cached) " >&6
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
-#ifndef $2
- (void) $2;
-#endif
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
- eval "$3=yes"
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
else
- eval "$3=no"
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
-} # ac_fn_c_check_decl
+} # ac_fn_c_compute_int
# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
# ----------------------------------------------------
eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
} # ac_fn_c_check_member
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR
+# ------------------------------------
+# Tests whether SYMBOL is declared, setting cache variable VAR accordingly.
+ac_fn_c_check_decl ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5
+$as_echo_n "checking whether $2 is declared... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+#ifndef $2
+ (void) $2;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_decl
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by sudo $as_me 1.7.4, which was
+It was created by sudo $as_me 1.7.4p4, which was
generated by GNU Autoconf 2.65. Invocation command line was
$ $0 $@
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6587: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6765: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6590: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6768: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6593: output\"" >&5)
+ (eval echo "\"\$as_me:6771: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7798 "configure"' > conftest.$ac_ext
+ echo '#line 7976 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9191: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9369: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9195: \$? = $ac_status" >&5
+ echo "$as_me:9373: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9530: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9708: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9534: \$? = $ac_status" >&5
+ echo "$as_me:9712: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9635: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9813: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9639: \$? = $ac_status" >&5
+ echo "$as_me:9817: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9690: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9868: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9694: \$? = $ac_status" >&5
+ echo "$as_me:9872: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12057 "configure"
+#line 12235 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12153 "configure"
+#line 12331 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if test "${ac_cv_type_long_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ /* For now, do not test the preprocessor; as of 2007 there are too many
+ implementations with broken preprocessors. Perhaps this can
+ be revisited in 2012. In the meantime, code should not expect
+ #if to work with literals wider than 32 bits. */
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if test "$cross_compiling" = yes; then :
+ ac_cv_type_long_long_int=yes
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+ #ifndef LLONG_MAX
+ # define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ # define LLONG_MAX (HALF - 1 + HALF)
+ #endif
+int
+main ()
+{
+long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_type_long_long_int=yes
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+ ac_cv_type_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+ if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+ fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
+$as_echo_n "checking size of long int... " >&6; }
+if test "${ac_cv_sizeof_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "cannot compute sizeof (long int)
+See \`config.log' for more details." "$LINENO" 5; }; }
+ else
+ ac_cv_sizeof_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
+_ACEOF
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
$as_echo_n "checking for size_t... " >&6; }
if test "${sudo_cv_type_size_t+set}" = set; then :
else
rm -f conftestdata
if test "$cross_compiling" = yes; then :
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error "cannot run test program while cross compiling
-See \`config.log' for more details." "$LINENO" 5; }
+ sudo_cv_uid_t_len=10
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
_ACEOF
-ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default"
-if test "x$ac_cv_type_long_long" = x""yes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define HAVE_LONG_LONG 1
-_ACEOF
-
-
-$as_echo "#define HAVE_LONG_LONG 1" >>confdefs.h
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for long and long long equivalence" >&5
-$as_echo_n "checking for long and long long equivalence... " >&6; }
-if test "${sudo_cv_type_long_is_quad+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- sudo_cv_type_long_is_quad=no
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-main() {
-if (sizeof(long long) == sizeof(long)) exit(0);
-else exit(1);
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- sudo_cv_type_long_is_quad=yes
-else
- sudo_cv_type_long_is_quad=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-rm -f core core.* *.core
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_long_is_quad" >&5
-$as_echo "$sudo_cv_type_long_is_quad" >&6; }
-if test $sudo_cv_type_long_is_quad = yes; then
-
-$as_echo "#define LONG_IS_QUAD 1" >>confdefs.h
-
-fi
-fi
+ ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " #include <sys/types.h>
+ #include <sys/socket.h>
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_len field in struct sockaddr" >&5
-$as_echo_n "checking for sa_len field in struct sockaddr... " >&6; }
-if test "${sudo_cv_sock_sa_len+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- if test "$cross_compiling" = yes; then :
- sudo_cv_sock_sa_len=no
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/socket.h>
-main() {
-struct sockaddr s;
-s.sa_len = 0;
-exit(0);
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
- sudo_cv_sock_sa_len=yes
-else
- sudo_cv_sock_sa_len=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-rm -f core core.* *.core
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_sock_sa_len" >&5
-$as_echo "$sudo_cv_sock_sa_len" >&6; }
-if test $sudo_cv_sock_sa_len = yes; then
+"
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then :
$as_echo "#define HAVE_SA_LEN 1" >>confdefs.h
fi
+
case "$DEFS" in
*"RETSIGTYPE"*) ;;
*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
$as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = yes; then :
- sudo_cv_func_unsetenv_void=yes
+ sudo_cv_func_unsetenv_void=no
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
-ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h"
+ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by sudo $as_me 1.7.4, which was
+This file was extended by sudo $as_me 1.7.4p4, which was
generated by GNU Autoconf 2.65. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-sudo config.status 1.7.4
+sudo config.status 1.7.4p4
configured by $0, generated by GNU Autoconf 2.65,
with options \\"\$ac_cs_config\\"
"sudoers.ldap.man") CONFIG_FILES="$CONFIG_FILES sudoers.ldap.man" ;;
"sudoreplay.man") CONFIG_FILES="$CONFIG_FILES sudoreplay.man" ;;
"sudo_usage.h") CONFIG_FILES="$CONFIG_FILES sudo_usage.h" ;;
+ "sudoers") CONFIG_FILES="$CONFIG_FILES sudoers" ;;
*) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
dnl
dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.7.4], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.7.4p4], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER(config.h pathnames.h)
dnl
dnl This won't work before AC_INIT
#include <time.h>])
AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
#include <netinet/in.h>])
+AC_TYPE_LONG_LONG_INT
+AC_CHECK_SIZEOF([long int])
SUDO_TYPE_SIZE_T
SUDO_TYPE_SSIZE_T
SUDO_TYPE_DEV_T
SUDO_TYPE_INO_T
SUDO_UID_T_LEN
-SUDO_TYPE_LONG_LONG
SUDO_SOCK_SA_LEN
dnl
dnl only set RETSIGTYPE if it is not set already
dnl
dnl Substitute into the Makefile and man pages
dnl
-AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h])
+AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers])
AC_OUTPUT
dnl
/* Set $HOME to target user if not preserving user's value. */
if (reset_home && !ISSET(didvar, KEPT_HOME))
- sudo_setenv("HOME", runas_pw->pw_dir, ISSET(didvar, DID_HOME));
+ sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
/* Provide default values for $TERM and $PATH if they are not set. */
if (!ISSET(didvar, DID_TERM))
int rbac_enabled;
{
struct command_status cstat;
+ sigaction_t sa;
int pid;
+ zero_bytes(&sa, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+ sa.sa_handler = handler;
+ sigaction(SIGCONT, &sa, NULL);
+
pid = fork();
switch (pid) {
case -1:
#else
pid = wait(&status);
#endif
- if (pid == child) {
- if (!log_io) {
- if (WIFSTOPPED(status)) {
- /* Child may not have privs to suspend us itself. */
- kill(getpid(), WSTOPSIG(status));
- } else {
- /* Child has exited, we are done. */
- cstat->type = CMD_WSTATUS;
- cstat->val = status;
- return 0;
- }
+ } while (pid == -1 && errno == EINTR);
+ if (pid == child) {
+ /* If not logging I/O and child has exited we are done. */
+ if (!log_io) {
+ if (WIFSTOPPED(status)) {
+ /* Child may not have privs to suspend us itself. */
+ kill(getpid(), WSTOPSIG(status));
+ } else {
+ /* Child has exited, we are done. */
+ cstat->type = CMD_WSTATUS;
+ cstat->val = status;
+ return 0;
}
- /* Else we get ECONNRESET on sv[0] if child dies. */
}
- } while (pid != -1 || errno == EINTR);
+ /* Else we get ECONNRESET on sv[0] if child dies. */
+ }
}
zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
/* read child status */
do {
- pid = waitpid(child, &status, WUNTRACED|WNOHANG);
+#ifdef sudo_waitpid
+ pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
+#else
+ pid = wait(&status);
+#endif
} while (pid == -1 && errno == EINTR);
if (pid == child) {
if (cstat->type != CMD_ERRNO) {
char *line;
/* IRIX-style dynamic ptys (may fork) */
- line = _getpty(master, O_RDWR, IRUSR|S_IWUSR|S_IWGRP, 0);
+ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0);
if (line == NULL)
return (0);
*slave = open(line, O_RDWR|O_NOCTTY, 0);
close(*master);
return(0);
}
-# ifdef I_PUSH
+# if defined(I_PUSH) && !defined(_AIX)
ioctl(*slave, I_PUSH, "ptem"); /* pseudo tty emulation module */
ioctl(*slave, I_PUSH, "ldterm"); /* line discipline module */
# endif
/* For very small widths just give up... */
if (lbuf->cols <= lbuf->indent + contlen + 20) {
- puts(lbuf->buf);
+ lbuf->output(lbuf->buf);
+ lbuf->output("\n");
goto done;
}
/* Print each line in the buffer */
for (cp = lbuf->buf; cp != NULL && *cp != '\0'; ) {
if (*cp == '\n') {
- putchar('\n');
+ lbuf->output("\n");
cp++;
} else {
ep = memchr(cp, '\n', lbuf->len - (cp - lbuf->buf));
int rc, count = 0;
if (ld == NULL)
- return(-1);
+ goto done;
for (base = ldap_conf.base; base != NULL; base = base->next) {
result = NULL;
if (result)
ldap_msgfree(result);
}
+done:
return(count);
}
struct passwd *pw;
struct lbuf *lbuf;
{
- return(1);
+ return(0);
}
/*
int rc, do_netgr, count = 0;
if (ld == NULL)
- return(-1);
+ goto done;
/*
* Okay - time to search for anything that matches this user
}
efree(filt);
}
+done:
return(count);
}
{
struct member *m;
struct alias *a;
- int rval, matched = UNSPEC;
-
- if (runas_gr != NULL) {
- if (tq_empty(group_list))
- return(DENY); /* group was specified but none in sudoers */
- if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) &&
- tq_empty(user_list))
- return(DENY); /* user was specified but none in sudoers */
- }
+ int rval;
+ int user_matched = UNSPEC;
+ int group_matched = UNSPEC;
if (tq_empty(user_list) && tq_empty(group_list))
return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
tq_foreach_rev(user_list, m) {
switch (m->type) {
case ALL:
- matched = !m->negated;
+ user_matched = !m->negated;
break;
case NETGROUP:
if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name))
- matched = !m->negated;
+ user_matched = !m->negated;
break;
case USERGROUP:
if (usergr_matches(m->name, runas_pw->pw_name, runas_pw))
- matched = !m->negated;
+ user_matched = !m->negated;
break;
case ALIAS:
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
rval = _runaslist_matches(&a->members, &empty);
if (rval != UNSPEC)
- matched = m->negated ? !rval : rval;
+ user_matched = m->negated ? !rval : rval;
break;
}
/* FALLTHROUGH */
case WORD:
if (userpw_matches(m->name, runas_pw->pw_name, runas_pw))
- matched = !m->negated;
+ user_matched = !m->negated;
break;
}
- if (matched != UNSPEC)
+ if (user_matched != UNSPEC)
break;
}
}
if (runas_gr != NULL) {
+ if (user_matched == UNSPEC) {
+ if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0)
+ user_matched = ALLOW; /* only changing group */
+ }
tq_foreach_rev(group_list, m) {
switch (m->type) {
case ALL:
- matched = !m->negated;
+ group_matched = !m->negated;
break;
case ALIAS:
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
rval = _runaslist_matches(&a->members, &empty);
if (rval != UNSPEC)
- matched = m->negated ? !rval : rval;
+ group_matched = m->negated ? !rval : rval;
break;
}
/* FALLTHROUGH */
case WORD:
if (group_matches(m->name, runas_gr))
- matched = !m->negated;
+ group_matched = !m->negated;
break;
}
- if (matched != UNSPEC)
+ if (group_matched != UNSPEC)
break;
}
}
- return(matched);
+ if (user_matched == DENY || group_matched == DENY)
+ return(DENY);
+ if (user_matched == group_matched || runas_gr == NULL)
+ return(user_matched);
+ return(UNSPEC);
}
int
int nfound = 0;
if (nss->handle == NULL)
- return(-1);
+ goto done;
tq_foreach_fwd(&userspecs, us) {
if (userlist_matches(pw, &us->users) != ALLOW)
else
nfound += sudo_file_display_priv_short(pw, us, lbuf);
}
+done:
return(nfound);
}
int nfound = 0;
if (nss->handle == NULL)
- return(-1);
+ goto done;
if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1]))
prefix = " ";
prefix = ", ";
nfound++;
}
-
+done:
return(nfound);
}
int host_match, runas_match, cmnd_match;
if (nss->handle == NULL)
- return(rval);
+ goto done;
match = NULL;
tq_foreach_rev(&userspecs, us) {
user_args ? user_args : "");
rval = 0;
}
+done:
return(rval);
}
# ifdef HAVE_GETGROUPS
static GETGROUPS_T *groups;
# endif
- struct passwd *pw;
+ static struct passwd *pw;
+ struct passwd *opw = pw;
if (def_preserve_groups)
return;
/*
* Use stashed copy of runas groups if available, else initgroups and stash.
*/
- if (ngroups == -1) {
- pw = runas_pw ? runas_pw : sudo_user.pw;
+ pw = runas_pw ? runas_pw : sudo_user.pw;
+ if (pw != opw) {
# ifdef HAVE_SETAUTHDB
aix_setauthdb(pw->pw_name);
# endif
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
# ifdef HAVE_GETGROUPS
+ if (groups) {
+ efree(groups);
+ groups = NULL;
+ }
if ((ngroups = getgroups(0, NULL)) > 0) {
groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
if (getgroups(ngroups, groups) < 0)
#ifndef LONG_MAX
# define LONG_MAX (ULONG_MAX / 2)
#endif
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
# ifndef ULLONG_MAX
# ifdef UQUAD_MAX
# define ULLONG_MAX UQUAD_MAX
# define LLONG_MAX (ULLONG_MAX / 2)
# endif
# endif
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
/*
* Macros for converting digits to letters and vice versa
}
/* Identical to __ultoa, but for quads. */
-#ifdef HAVE_LONG_LONG
-# ifdef LONG_IS_QUAD
+#ifdef HAVE_LONG_LONG_INT
+# if SIZEOF_LONG_INT == 8
# define __uqtoa(v, e, b, o, x) __ultoa((unsigned long)(v), (e), (b), (o), (x))
# else
static char *
}
return (cp);
}
-# endif /* !LONG_IS_QUAD */
-#endif /* HAVE_LONG_LONG */
+# endif /* !SIZEOF_LONG_INT */
+#endif /* HAVE_LONG_LONG_INT */
/*
* Actual printf innards.
int prec; /* precision from format (%.3d), or -1 */
char sign; /* sign prefix (' ', '+', '-', or \0) */
unsigned long ulval; /* integer arguments %[diouxX] */
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
unsigned long long uqval; /* %q (quad) integers */
#endif
int base; /* base for [diouxX] conversion */
case 'l':
flags |= LONGINT;
goto rflag;
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
case 'q':
flags |= QUADINT;
goto rflag;
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
case 'c':
*(cp = buf) = va_arg(ap, int);
size = 1;
/*FALLTHROUGH*/
case 'd':
case 'i':
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT) {
uqval = va_arg(ap, long long);
if ((long long)uqval < 0) {
}
}
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
{
ulval = SARG();
if ((long)ulval < 0) {
base = 10;
goto number;
case 'n':
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT)
*va_arg(ap, long long *) = ret;
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
if (flags & LONGINT)
*va_arg(ap, long *) = ret;
else if (flags & SHORTINT)
flags |= LONGINT;
/*FALLTHROUGH*/
case 'o':
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT)
uqval = va_arg(ap, unsigned long long);
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
ulval = UARG();
base = 8;
goto nosign;
flags |= LONGINT;
/*FALLTHROUGH*/
case 'u':
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT)
uqval = va_arg(ap, unsigned long long);
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
ulval = UARG();
base = 10;
goto nosign;
case 'x':
xdigs = "0123456789abcdef";
hex:
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT)
uqval = va_arg(ap, unsigned long long);
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
ulval = UARG();
base = 16;
/* leading 0x/X only if non-zero */
if (flags & ALT &&
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
(flags & QUADINT ? uqval != 0 : ulval != 0))
#else
ulval != 0)
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
flags |= HEXPREFIX;
/* unsigned conversions */
* -- ANSI X3J11
*/
cp = buf + BUF;
-#ifdef HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG_INT
if (flags & QUADINT) {
if (uqval != 0 || prec != 0)
cp = __uqtoa(uqval, cp, base,
flags & ALT, xdigs);
}
else
-#endif /* HAVE_LONG_LONG */
+#endif /* HAVE_LONG_LONG_INT */
{
if (ulval != 0 || prec != 0)
cp = __ultoa(ulval, cp, base,
# include "nonunix.h"
#endif
-#ifdef HAVE_PAM
+#if defined(HAVE_PAM) && !defined(NO_PAM_SESSION)
# define CMND_WAIT TRUE
#else
# define CMND_WAIT FALSE
still allow people to get their work done."
vendor="Todd C. Miller"
copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
- pp_rpm_release="1"
+
+ # Convert to 4 part version for AIX, including patch level
+ pp_aix_version=`echo $version|sed -e 's/\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/' -e 's/[^0-9]*\([0-9]*\)$/.\1/'`
+
+ # Strip of patchlevel for kit which only supports x.y.z versions
+ pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/p[0-9]*$//'`"
+ pp_kit_name="TCM"
+
+ pp_sd_vendor_tag="TCM"
+ pp_solaris_name="TCM${name}"
+%if [rpm,deb]
+ # Convert patch level into release and remove from version
+ pp_rpm_release="`echo $version|sed 's/^[0-9]*\.[0-9]*\.[0-9]*[^0-9]*//'`"
+ pp_rpm_release="`expr $pp_rpm_release + 1`"
+ pp_rpm_version="`echo $version|sed 's/p[0-9]*$//'`"
pp_rpm_license="BSD"
pp_rpm_url="http://www.sudo.ws/"
pp_rpm_group="Applications/System"
pp_rpm_packager="Todd.Miller@courtesan.com"
- pp_deb_maintainer="Todd.Miller@courtesan.com"
- pp_sd_vendor_tag="TCM"
- pp_kit_name="TCM"
- pp_solaris_name="TCM${name}"
-%if [!rpm,deb]
+
+ pp_deb_maintainer="$pp_rpm_packager"
+ pp_deb_release="$pp_rpm_release"
+ pp_deb_version="$pp_rpm_version"
+%else
# For all but RPM and Debian we need to install sudoers with a different
# name and make a copy of it if there is no existing file.
mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
# For RedHat the doc dir is expected to include version and release
case "$pp_rpm_distro" in
centos*|rhel*)
- mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-1
- docdir=${docdir}-${version}-1
+ mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
+ docdir=${docdir}-${version}-${pp_rpm_release}
;;
esac
+++ /dev/null
-## sudoers file.
-##
-## This file MUST be edited with the 'visudo' command as root.
-## Failure to use 'visudo' may result in syntax or file permission errors
-## that prevent sudo from running.
-##
-## See the sudoers man page for the details on how to write a sudoers file.
-##
-
-##
-## Host alias specification
-##
-## Groups of machines. These may include host names (optionally with wildcards),
-## IP addresses, network numbers or netgroups.
-# Host_Alias WEBSERVERS = www1, www2, www3
-
-##
-## User alias specification
-##
-## Groups of users. These may consist of user names, uids, Unix groups,
-## or netgroups.
-# User_Alias ADMINS = millert, dowdy, mikef
-
-##
-## Cmnd alias specification
-##
-## Groups of commands. Often used to group related commands together.
-# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
-# /usr/bin/pkill, /usr/bin/top
-
-##
-## Defaults specification
-##
-## You may wish to keep some of the following environment variables
-## when running commands via sudo.
-##
-## Locale settings
-# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
-##
-## Run X applications through sudo; HOME is used to find the
-## .Xauthority file. Note that other programs use HOME to find
-## configuration files and this may lead to privilege escalation!
-# Defaults env_keep += "HOME"
-##
-## X11 resource path settings
-# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
-##
-## Desktop path settings
-# Defaults env_keep += "QTDIR KDEDIR"
-##
-## Allow sudo-run commands to inherit the callers' ConsoleKit session
-# Defaults env_keep += "XDG_SESSION_COOKIE"
-##
-## Uncomment to enable special input methods. Care should be taken as
-## this may allow users to subvert the command being run via sudo.
-# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
-##
-## Uncomment to enable logging of a command's output, except for
-## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
-# Defaults log_output
-# Defaults!/usr/bin/sudoreplay !log_output
-# Defaults!/usr/local/bin/sudoreplay !log_output
-# Defaults!/sbin/reboot !log_output
-
-##
-## Runas alias specification
-##
-
-##
-## User privilege specification
-##
-root ALL=(ALL) ALL
-
-## Uncomment to allow members of group wheel to execute any command
-# %wheel ALL=(ALL) ALL
-
-## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
-
-## Uncomment to allow members of group sudo to execute any command
-# %sudo ALL=(ALL) ALL
-
-## Uncomment to allow any user to run sudo if they know the password
-## of the user they are running the command as (root by default).
-# Defaults targetpw # Ask for the password of the target user
-# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
-
-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
-#includedir /etc/sudoers.d
--- /dev/null
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users. These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands. Often used to group related commands together.
+# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+# /usr/bin/pkill, /usr/bin/top
+
+##
+## Defaults specification
+##
+## You may wish to keep some of the following environment variables
+## when running commands via sudo.
+##
+## Locale settings
+# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
+##
+## Run X applications through sudo; HOME is used to find the
+## .Xauthority file. Note that other programs use HOME to find
+## configuration files and this may lead to privilege escalation!
+# Defaults env_keep += "HOME"
+##
+## X11 resource path settings
+# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
+##
+## Desktop path settings
+# Defaults env_keep += "QTDIR KDEDIR"
+##
+## Allow sudo-run commands to inherit the callers' ConsoleKit session
+# Defaults env_keep += "XDG_SESSION_COOKIE"
+##
+## Uncomment to enable special input methods. Care should be taken as
+## this may allow users to subvert the command being run via sudo.
+# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!/usr/local/bin/sudoreplay !log_output
+# Defaults!/sbin/reboot !log_output
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Uncomment to allow members of group sudo to execute any command
+# %sudo ALL=(ALL) ALL
+
+## Uncomment to allow any user to run sudo if they know the password
+## of the user they are running the command as (root by default).
+# Defaults targetpw # Ask for the password of the target user
+# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
+
+## Read drop-in files from @sysconfdir@/sudoers.d
+## (the '#' here does not indicate a comment)
+#includedir @sysconfdir@/sudoers.d
projects / debian / sudo / commitdiff