From: Bdale Garbee Date: Wed, 14 May 2008 18:04:14 +0000 (-0600) Subject: Imported Upstream version 1.6.9p11 X-Git-Tag: upstream/1.6.9p11^0 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=c6cb9418e5b85abeb8dd9274b2e8c049fc0f9b5b;p=debian%2Fsudo Imported Upstream version 1.6.9p11 --- diff --git a/CHANGES b/CHANGES index 8aa51fc..08be411 100644 --- a/CHANGES +++ b/CHANGES @@ -2015,3 +2015,17 @@ Sudo 1.6.9p9 released. in addition to the existing start_tls support. Sudo 1.6.9p10 released. + +637) Fixed a compilation problem on SCO related to how they + store the high resolution timestamps in struct stat. + +638) Avoid checking the passwd file group multiple times + in the LDAP query when the user's passwd group is also + listed in the supplemental group vector. + +639) The URI specifier can now be used in ldap.conf even when + the LDAP SDK doesn't support ldap_initialize(). + +640) New %p prompt escape that expands to the user whose password + is being prompted, as specified by the rootpw, targetpw and + runaspw sudoers flags. Based on a diff from Patrick Schoenfeld. diff --git a/Makefile.in b/Makefile.in index 8073eb3..c0472bd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -20,7 +20,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.246.2.21 2007/12/17 19:18:14 millert Exp $ +# $Sudo: Makefile.in,v 1.246.2.22 2008/01/05 23:31:51 millert Exp $ # #### Start of system configuration section. #### @@ -131,7 +131,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p10 +VERSION = 1.6.9p11 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ diff --git a/README.LDAP b/README.LDAP index 540df8d..a36ff24 100644 --- a/README.LDAP +++ b/README.LDAP @@ -210,15 +210,19 @@ option. Make sure you sudoers_base matches exactly with the location you specified when you imported the sudoers. Below is an example /etc/ldap.conf - # Either specify a URI or host and port. - # If neither is specified sudo will default to localhost port 389. + # Either specify one or more URIs or one or more host:port pairs. + # If neither is specified sudo will default to localhost, port 389. + # #host ldapserver + #host ldapserver1 ldapserver2:390 + # + # Default port if host is specified without one, defaults to 389. #port 389 # - # URI will override host & port settings but only works with LDAP - # SDK's that support ldap_initialize() such as OpenLDAP. + # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver + #uri ldaps://secureldapserver ldap://ldapserver # # must be set or sudo will ignore LDAP sudoers_base ou=SUDOers,dc=example,dc=com diff --git a/check.c b/check.c index 3d527f2..4889ac7 100644 --- a/check.c +++ b/check.c @@ -63,7 +63,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.9 2007/07/06 19:52:13 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.10 2008/01/05 23:59:42 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -206,6 +206,16 @@ expand_prompt(old_prompt, user, host) len += strlen(user_host) - 2; subst = 1; break; + case 'p': + p++; + if (def_rootpw) + len += 2; + else if (def_targetpw || def_runaspw) + len += strlen(*user_runas) - 2; + else + len += strlen(user_name) - 2; + subst = 1; + break; case 'u': p++; len += strlen(user_name) - 2; @@ -247,6 +257,18 @@ expand_prompt(old_prompt, user, host) goto oflow; np += n; continue; + case 'p': + p++; + if (def_rootpw) + n = strlcpy(np, "root", np - endp); + else if (def_targetpw || def_runaspw) + n = strlcpy(np, *user_runas, np - endp); + else + n = strlcpy(np, user_name, np - endp); + if (n >= np - endp) + goto oflow; + np += n; + continue; case 'u': p++; n = strlcpy(np, user_name, np - endp); diff --git a/config.h.in b/config.h.in index 2d45f3c..822ff6b 100644 --- a/config.h.in +++ b/config.h.in @@ -374,6 +374,9 @@ /* Define to 1 if your struct stat has an st_mtim member */ #undef HAVE_ST_MTIM +/* Define to 1 if your struct stat uses an st__tim union */ +#undef HAVE_ST__TIM + /* Define to 1 if your struct stat has an st_mtimespec member */ #undef HAVE_ST_MTIMESPEC @@ -635,8 +638,13 @@ * so the last 3 digits of tv_nsec are not significant. */ #ifdef HAVE_ST_MTIM -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# ifdef HAVE_ST__TIM +# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# else +# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# endif #else # ifdef HAVE_ST_MTIMESPEC # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) diff --git a/configure b/configure index 29b474f..b36ee33 100755 --- a/configure +++ b/configure @@ -17660,6 +17660,106 @@ if test $ac_cv_member_struct_stat_st_mtim = yes; then #define HAVE_ST_MTIM 1 _ACEOF + { echo "$as_me:$LINENO: checking for struct stat.st_mtim.st__tim" >&5 +echo $ECHO_N "checking for struct stat.st_mtim.st__tim... $ECHO_C" >&6; } +if test "${ac_cv_member_struct_stat_st_mtim_st__tim+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static struct stat ac_aggr; +if (ac_aggr.st_mtim.st__tim) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_stat_st_mtim_st__tim=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static struct stat ac_aggr; +if (sizeof ac_aggr.st_mtim.st__tim) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_stat_st_mtim_st__tim=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_member_struct_stat_st_mtim_st__tim=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_mtim_st__tim" >&5 +echo "${ECHO_T}$ac_cv_member_struct_stat_st_mtim_st__tim" >&6; } +if test $ac_cv_member_struct_stat_st_mtim_st__tim = yes; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_ST__TIM 1 +_ACEOF + +fi + else { echo "$as_me:$LINENO: checking for struct stat.st_mtimespec" >&5 echo $ECHO_N "checking for struct stat.st_mtimespec... $ECHO_C" >&6; } @@ -24068,6 +24168,8 @@ fi + + diff --git a/configure.in b/configure.in index a64fb69..a766f92 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.413.2.34 2007/12/19 19:29:29 millert Exp $ +dnl $Sudo: configure.in,v 1.413.2.36 2008/01/03 16:05:42 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl @@ -1719,7 +1719,9 @@ AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o" ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) if test X"$ac_cv_type_struct_timespec" != X"no"; then - AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) + AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] + [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], + [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) AC_MSG_CHECKING([for two-parameter timespecsub]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[struct timespec ts1, ts2; @@ -2431,6 +2433,7 @@ AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.]) AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) +AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) @@ -2471,8 +2474,13 @@ AH_BOTTOM([/* * so the last 3 digits of tv_nsec are not significant. */ #ifdef HAVE_ST_MTIM -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# ifdef HAVE_ST__TIM +# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# else +# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# endif #else # ifdef HAVE_ST_MTIMESPEC # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) diff --git a/ldap.c b/ldap.c index 85762ab..c4fbfbf 100644 --- a/ldap.c +++ b/ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2005 Todd C. Miller + * Copyright (c) 2003-2008 Todd C. Miller * * This code is derived from software contributed by Aaron Spangler. * @@ -45,6 +45,7 @@ # include #endif /* HAVE_UNISTD_H */ #include +#include #include #include #include @@ -65,7 +66,7 @@ #include "parse.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.28 2007/12/19 19:29:32 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.32 2008/01/05 23:27:10 millert Exp $"; #endif /* lint */ #ifndef LINE_MAX @@ -183,6 +184,127 @@ static void sudo_ldap_update_defaults __P((LDAP *)); static void sudo_ldap_close __P((LDAP *)); static LDAP *sudo_ldap_open __P((void)); +#ifndef HAVE_LDAP_INITIALIZE +/* + * For each uri, convert to host:port pairs. For ldaps:// enable SSL + * Accepts: uris of the form ldap:/// or ldap://hostname:portnum/ + * where the trailing slash is optional. + */ +static int +sudo_ldap_parse_uri(uri_list) + const char *uri_list; +{ + char *buf, *uri, *host, *cp, *port; + char hostbuf[LINE_MAX]; + int nldap = 0, nldaps = 0; + int rc = -1; + + buf = estrdup(uri_list); + hostbuf[0] = '\0'; + for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) { + if (strncasecmp(uri, "ldap://", 7) == 0) { + nldap++; + host = uri + 7; + } else if (strncasecmp(uri, "ldaps://", 8) == 0) { + nldaps++; + host = uri + 8; + } else { + warnx("unsupported LDAP uri type: %s", uri); + goto done; + } + + /* trim optional trailing slash */ + if ((cp = strrchr(host, '/')) != NULL && cp[1] == '\0') { + *cp = '\0'; + } + + if (hostbuf[0] != '\0') { + if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + } + + if (*host == '\0') + host = "localhost"; /* no host specified, use localhost */ + + if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + + /* If using SSL and no port specified, add port 636 */ + if (nldaps) { + if ((port = strrchr(host, ':')) == NULL || !isdigit(port[1])) + if (strlcat(hostbuf, ":636", sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + } + } + if (hostbuf[0] == '\0') { + warnx("invalid uri: %s", uri_list); + goto done; + } + + if (nldaps != 0) { + if (nldap != 0) { + warnx("cannot mix ldap and ldaps URIs"); + goto done; + } + if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { + warnx("cannot mix ldaps and starttls"); + goto done; + } + ldap_conf.ssl_mode = SUDO_LDAP_SSL; + } + + free(ldap_conf.host); + ldap_conf.host = estrdup(hostbuf); + rc = 0; + +done: + efree(buf); + return(rc); + +toobig: + errx(1, "sudo_ldap_parse_uri: out of space building hostbuf"); +} +#endif /* HAVE_LDAP_INITIALIZE */ + +static int +sudo_ldap_init(ldp, host, port) + LDAP **ldp; + const char *host; + int port; +{ + LDAP *ld = NULL; + int rc = LDAP_CONNECT_ERROR; + +#ifdef HAVE_LDAPSSL_INIT + if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { + DPRINTF(("ldapssl_clientauth_init(%s, %s)", + ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", + ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); + rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, + ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); + if (rc != LDAP_SUCCESS) { + warnx("unable to initialize SSL cert and key db: %s", + ldapssl_err2string(rc)); + goto done; + } + + DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2); + if ((ld = ldapssl_init(host, port, 1)) == NULL) + goto done; + } else +#endif + { + DPRINTF(("ldap_init(%s, %d)", host, port), 2); + if ((ld = ldap_init(host, port)) == NULL) + goto done; + } + rc = LDAP_SUCCESS; + +done: + *ldp = ld; + return(rc); +} + /* * Walk through search results and return TRUE if we have a matching * netgroup, else FALSE. @@ -509,6 +631,8 @@ sudo_ldap_build_pass1() /* Append supplementary groups */ for (i = 0; i < user_ngroups; i++) { + if (user_groups[i] == user_gid) + continue; if ((grp = getgrgid(user_groups[i])) != NULL) { ncat(&b, &sz, "(sudoUser=%"); ncat(&b, &sz, grp -> gr_name); @@ -641,12 +765,9 @@ sudo_ldap_read_config() if (ldap_conf.debug > 1) { fprintf(stderr, "LDAP Config Summary\n"); fprintf(stderr, "===================\n"); -#ifdef HAVE_LDAP_INITIALIZE if (ldap_conf.uri) { fprintf(stderr, "uri %s\n", ldap_conf.uri); - } else -#endif - { + } else { fprintf(stderr, "host %s\n", ldap_conf.host ? ldap_conf.host : "(NONE)"); fprintf(stderr, "port %d\n", ldap_conf.port); @@ -695,8 +816,19 @@ sudo_ldap_read_config() ldap_conf.ssl_mode = SUDO_LDAP_SSL; } +#ifndef HAVE_LDAP_INITIALIZE + /* Convert uri list to host list if no ldap_initialize(). */ + if (ldap_conf.uri) { + if (sudo_ldap_parse_uri(ldap_conf.uri) != 0) + return(FALSE); + free(ldap_conf.uri); + ldap_conf.uri = NULL; + ldap_conf.port = LDAP_PORT; + } +#endif + /* Use port 389 for plaintext LDAP and port 636 for SSL LDAP */ - if (ldap_conf.port < 0) + if (!ldap_conf.uri && ldap_conf.port < 0) ldap_conf.port = ldap_conf.ssl_mode == SUDO_LDAP_SSL ? LDAPS_PORT : LDAP_PORT; @@ -894,7 +1026,7 @@ sudo_ldap_set_options(ld) ldap_err2string(rc)); return(-1); } - + DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)\n"), 1); } #endif return(0); @@ -912,46 +1044,17 @@ sudo_ldap_open() if (!sudo_ldap_read_config()) return(NULL); -#ifdef HAVE_LDAPSSL_INIT - if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { - DPRINTF(("ldapssl_clientauth_init(%s, %s)", - ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", - ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); - rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, - ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); - if (rc != LDAP_SUCCESS) { - warnx("unable to initialize SSL cert and key db: %s", - ldapssl_err2string(rc)); - return(NULL); - } - } -#endif /* HAVE_LDAPSSL_INIT */ - /* Connect to LDAP server */ #ifdef HAVE_LDAP_INITIALIZE - if (ldap_conf.uri) { + if (ldap_conf.uri != NULL) { DPRINTF(("ldap_initialize(ld, %s)", ldap_conf.uri), 2); rc = ldap_initialize(&ld, ldap_conf.uri); - if (rc != LDAP_SUCCESS) { - warnx("unable to initialize LDAP: %s", ldap_err2string(rc)); - return(NULL); - } } else #endif /* HAVE_LDAP_INITIALIZE */ - { -#ifdef HAVE_LDAPSSL_INIT - DPRINTF(("ldapssl_init(%s, %d, %d)", ldap_conf.host, ldap_conf.port, - ldap_conf.ssl_mode == SUDO_LDAP_SSL), 2); - ld = ldapssl_init(ldap_conf.host, ldap_conf.port, - ldap_conf.ssl_mode == SUDO_LDAP_SSL); -#else - DPRINTF(("ldap_init(%s, %d)", ldap_conf.host, ldap_conf.port), 2); - ld = ldap_init(ldap_conf.host, ldap_conf.port); -#endif /* HAVE_LDAPSSL_INIT */ - if (ld == NULL) { - warn("unable to initialize LDAP"); - return(NULL); - } + rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); + if (rc != LDAP_SUCCESS) { + warnx("unable to initialize LDAP: %s", ldap_err2string(rc)); + return(NULL); } /* Set LDAP options */ diff --git a/sudo.cat b/sudo.cat index e753c22..ca6b521 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9p10 December 17, 2007 1 +1.6.9p11 January 5, 2008 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.6.9p10 December 17, 2007 2 +1.6.9p11 January 5, 2008 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.9p10 December 17, 2007 3 +1.6.9p11 January 5, 2008 3 @@ -222,6 +222,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) %h expanded to the local hostname without the domain name + %p expanded to the user whose password is being asked + for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w + flags in _s_u_d_o_e_r_s) + %U expanded to the login name of the user the command will be run as (defaults to root) @@ -253,13 +257,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) defaults ssuuddoo was compiled with as well as the machine's local network addresses. - -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update - the user's timestamp, prompting for the user's pass­ - word if necessary. This extends the ssuuddoo timeout for - -1.6.9p10 December 17, 2007 4 +1.6.9p11 January 5, 2008 4 @@ -268,6 +268,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update + the user's timestamp, prompting for the user's pass­ + word if necessary. This extends the ssuuddoo timeout for another 5 minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but does not run a command. @@ -318,14 +321,11 @@ SSEECCUURRIITTYY NNOOTTEESS If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables not explicitly denied by the _e_n_v___c_h_e_c_k and - _e_n_v___d_e_l_e_t_e options are inherited from the invoking pro­ - cess. In this case, _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e behave like - a blacklist. Since it is not possible to blacklist all - potentially dangerous environment variables, use of the + _e_n_v___d_e_l_e_t_e options are inherited from the invoking -1.6.9p10 December 17, 2007 5 +1.6.9p11 January 5, 2008 5 @@ -334,7 +334,10 @@ SSEECCUURRIITTYY NNOOTTEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - default _e_n_v___r_e_s_e_t behavior is encouraged. + process. In this case, _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e behave + like a blacklist. Since it is not possible to blacklist + all potentially dangerous environment variables, use of + the default _e_n_v___r_e_s_e_t behavior is encouraged. In all cases, environment variables with a value beginning with () are removed as they could be interpreted as bbaasshh @@ -385,13 +388,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) timestamp with a bogus date on systems that allow users to give away files. - Please note that ssuuddoo will normally only log the command - it explicitly runs. If a user runs a command such as sudo - su or sudo sh, subsequent commands run from that shell -1.6.9p10 December 17, 2007 6 +1.6.9p11 January 5, 2008 6 @@ -400,6 +400,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + Please note that ssuuddoo will normally only log the command + it explicitly runs. If a user runs a command such as sudo + su or sudo sh, subsequent commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access control affect them. The same is true for commands that offer shell escapes (including most editors). Because of this, care @@ -450,14 +453,11 @@ FFIILLEESS _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps -EEXXAAMMPPLLEESS - Note: the following examples assume suitable _s_u_d_o_e_r_s(4) - entries. -1.6.9p10 December 17, 2007 7 +1.6.9p11 January 5, 2008 7 @@ -466,6 +466,10 @@ EEXXAAMMPPLLEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +EEXXAAMMPPLLEESS + Note: the following examples assume suitable _s_u_d_o_e_r_s(4) + entries. + To get a file listing of an unreadable directory: $ sudo ls /usr/local/protected @@ -517,13 +521,9 @@ CCAAVVEEAATTSS It is not meaningful to run the cd command directly via sudo, e.g., - $ sudo cd /usr/local/protected - - since when the command exits the parent process (your - -1.6.9p10 December 17, 2007 8 +1.6.9p11 January 5, 2008 8 @@ -532,6 +532,9 @@ CCAAVVEEAATTSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + $ sudo cd /usr/local/protected + + since when the command exits the parent process (your shell) will still be the same. Please see the EXAMPLES section for more information. @@ -586,9 +589,6 @@ DDIISSCCLLAAIIMMEERR - - - -1.6.9p10 December 17, 2007 9 +1.6.9p11 January 5, 2008 9 diff --git a/sudo.man.in b/sudo.man.in index d98c958..4f92cf1 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.29.2.17 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: sudo.man.in,v 1.29.2.19 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -339,6 +339,11 @@ expanded to the local hostname including the domain name .el .IP "\f(CW%h\fR" 4 .IX Item "%h" expanded to the local hostname without the domain name +.ie n .IP "%p" 4 +.el .IP "\f(CW%p\fR" 4 +.IX Item "%p" +expanded to the user whose password is being asked for (respects the +\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR) .ie n .IP "%U" 4 .el .IP "\f(CW%U\fR" 4 .IX Item "%U" diff --git a/sudo.pod b/sudo.pod index 8f06797..b6562b0 100644 --- a/sudo.pod +++ b/sudo.pod @@ -19,7 +19,7 @@ Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudo.pod,v 1.70.2.19 2007/11/21 19:26:10 millert Exp $ +$Sudo: sudo.pod,v 1.70.2.20 2008/01/05 23:59:42 millert Exp $ =pod =head1 NAME @@ -238,6 +238,11 @@ I option is set) expanded to the local hostname without the domain name +=item C<%p> + +expanded to the user whose password is being asked for (respects the +I, I and I flags in I) + =item C<%U> expanded to the login name of the user the command will diff --git a/sudoers.cat b/sudoers.cat index b35a99f..7fe45b2 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9p10 December 17, 2007 1 +1.6.9p11 January 5, 2008 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 2 +1.6.9p11 January 5, 2008 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 3 +1.6.9p11 January 5, 2008 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 4 +1.6.9p11 January 5, 2008 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 5 +1.6.9p11 January 5, 2008 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 6 +1.6.9p11 January 5, 2008 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 7 +1.6.9p11 January 5, 2008 7 @@ -523,7 +523,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.6.9p10 December 17, 2007 8 +1.6.9p11 January 5, 2008 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 9 +1.6.9p11 January 5, 2008 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 10 +1.6.9p11 January 5, 2008 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 11 +1.6.9p11 January 5, 2008 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 12 +1.6.9p11 January 5, 2008 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 13 +1.6.9p11 January 5, 2008 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9p10 December 17, 2007 14 +1.6.9p11 January 5, 2008 14 @@ -936,6 +936,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) %h expanded to the local hostname without the domain name + %p expanded to the user whose password is + being asked for (respects the _r_o_o_t_p_w, + _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s) + %U expanded to the login name of the user the command will be run as (defaults to root) @@ -979,20 +983,20 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) be printed along with the password prompt. It has the following possible values: - always Always lecture the user. - never Never lecture the user. +1.6.9p11 January 5, 2008 15 -1.6.9p10 December 17, 2007 15 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + always Always lecture the user. + never Never lecture the user. once Only lecture the user the first time they run ssuuddoo. @@ -1044,14 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) mail. Defaults to the path to sendmail found at configure time. - mailto Address to send warning and error mail to. - The address should be enclosed in double - quotes (") to protect against ssuuddoo interpret­ - ing the @ sign. Defaults to root. -1.6.9p10 December 17, 2007 16 +1.6.9p11 January 5, 2008 16 @@ -1060,6 +1060,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailto Address to send warning and error mail to. + The address should be enclosed in double + quotes (") to protect against ssuuddoo interpret­ + ing the @ sign. Defaults to root. + syslog Syslog facility if syslog is being used for logging (negate to disable syslog logging). Defaults to local2. @@ -1109,15 +1114,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) check is displayed when ssuuddoo is run by root with the _-_V option. - env_delete Environment variables to be removed from - the user's environment. The argument may - be a double-quoted, space-separated list - or a single value without double-quotes. - The list can be replaced, added to, -1.6.9p10 December 17, 2007 17 +1.6.9p11 January 5, 2008 17 @@ -1126,6 +1126,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + env_delete Environment variables to be removed from + the user's environment. The argument may + be a double-quoted, space-separated list + or a single value without double-quotes. + The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! operators respectively. The default list of environment variables to @@ -1174,16 +1179,11 @@ EEXXAAMMPPLLEESS Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit contrived. First, we define our _a_l_i_a_s_e_s: - # User alias specification - User_Alias FULLTIMERS = millert, mikef, dowdy - User_Alias PARTTIMERS = bostley, jwfox, crawl - User_Alias WEBMASTERS = will, wendy, wim - -1.6.9p10 December 17, 2007 18 +1.6.9p11 January 5, 2008 18 @@ -1192,6 +1192,11 @@ EEXXAAMMPPLLEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + # User alias specification + User_Alias FULLTIMERS = millert, mikef, dowdy + User_Alias PARTTIMERS = bostley, jwfox, crawl + User_Alias WEBMASTERS = will, wendy, wim + # Runas alias specification Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase @@ -1241,15 +1246,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Defaults@SERVERS log_year, logfile=/var/log/sudo.log Defaults!PAGERS noexec - The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter­ - mines who may run what. - - root ALL = (ALL) ALL - %wheel ALL = (ALL) ALL -1.6.9p10 December 17, 2007 19 +1.6.9p11 January 5, 2008 19 @@ -1258,6 +1258,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually deter­ + mines who may run what. + + root ALL = (ALL) ALL + %wheel ALL = (ALL) ALL + We let rroooott and any user in group wwhheeeell run any command on any host as any user. @@ -1307,22 +1313,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) bob SPARC = (OP) ALL : SGI = (OP) ALL - The user bboobb may run anything on the _S_P_A_R_C and _S_G_I - machines as any user listed in the _O_P Runas_Alias (rroooott - and ooppeerraattoorr). - jim +biglab = ALL +1.6.9p11 January 5, 2008 20 -1.6.9p10 December 17, 2007 20 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + The user bboobb may run anything on the _S_P_A_R_C and _S_G_I + machines as any user listed in the _O_P Runas_Alias (rroooott + and ooppeerraattoorr). + jim +biglab = ALL The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup. ssuuddoo knows that "biglab" is a netgroup due to @@ -1372,16 +1378,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) (will, wendy, and wim), may run any command as user www (which owns the web pages) or simply _s_u(1) to www. - ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ - /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM - - Any user may mount or unmount a CD-ROM on the machines in - the CDROM Host_Alias (orion, perseus, hercules) without - entering a password. This is a bit tedious for users to -1.6.9p10 December 17, 2007 21 +1.6.9p11 January 5, 2008 21 @@ -1390,6 +1390,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ + /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM + + Any user may mount or unmount a CD-ROM on the machines in + the CDROM Host_Alias (orion, perseus, hercules) without + entering a password. This is a bit tedious for users to type, so it is a prime candidate for encapsulating in a shell script. @@ -1438,23 +1444,24 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS that this applies only to native dynamically- linked executables. Statically-linked executa­ bles and foreign executables running under - binary emulation are not affected. - To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you - can run the following as root: - sudo -V | grep "dummy exec" +1.6.9p11 January 5, 2008 22 -1.6.9p10 December 17, 2007 22 +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + binary emulation are not affected. + + To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you + can run the following as root: + sudo -V | grep "dummy exec" If the resulting output contains a line that begins with: @@ -1502,18 +1509,11 @@ SSEEEE AALLSSOO CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo - command which locks the file and does grammatical check­ - ing. It is imperative that _s_u_d_o_e_r_s be free of syntax - errors since ssuuddoo will not run with a syntactically incor­ - rect _s_u_d_o_e_r_s file. - - When using netgroups of machines (as opposed to users), if - you store fully qualified hostnames in the netgroup (as is - usually the case), you either need to have the machine's + command which locks the file and does grammatical -1.6.9p10 December 17, 2007 23 +1.6.9p11 January 5, 2008 23 @@ -1522,6 +1522,13 @@ CCAAVVEEAATTSS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + checking. It is imperative that _s_u_d_o_e_r_s be free of syntax + errors since ssuuddoo will not run with a syntactically incor­ + rect _s_u_d_o_e_r_s file. + + When using netgroups of machines (as opposed to users), if + you store fully qualified hostnames in the netgroup (as is + usually the case), you either need to have the machine's hostname be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. @@ -1572,13 +1579,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - -1.6.9p10 December 17, 2007 24 +1.6.9p11 January 5, 2008 24 diff --git a/sudoers.man.in b/sudoers.man.in index 016d806..3955b2e 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.45.2.19 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: sudoers.man.in,v 1.45.2.21 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -903,6 +903,11 @@ option is set) .el .IP "\f(CW%h\fR" 4 .IX Item "%h" expanded to the local hostname without the domain name +.ie n .IP "%p" 4 +.el .IP "\f(CW%p\fR" 4 +.IX Item "%p" +expanded to the user whose password is being asked for (respects the +\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR) .ie n .IP "%U" 4 .el .IP "\f(CW%U\fR" 4 .IX Item "%U" diff --git a/sudoers.pod b/sudoers.pod index d8af57f..91dfd84 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -19,7 +19,7 @@ Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.95.2.22 2007/12/02 17:13:52 millert Exp $ +$Sudo: sudoers.pod,v 1.95.2.23 2008/01/05 23:59:42 millert Exp $ =pod =head1 NAME @@ -786,6 +786,11 @@ option is set) expanded to the local hostname without the domain name +=item C<%p> + +expanded to the user whose password is being asked for (respects the +I, I and I flags in I) + =item C<%U> expanded to the login name of the user the command will diff --git a/version.h b/version.h index 1c3a4f7..4394ff1 100644 --- a/version.h +++ b/version.h @@ -17,12 +17,12 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: version.h,v 1.66.2.13 2007/12/17 19:18:14 millert Exp $ + * $Sudo: version.h,v 1.66.2.14 2008/01/05 23:31:52 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p10"; +static const char version[] = "1.6.9p11"; #endif /* _SUDO_VERSION_H */ diff --git a/visudo.cat b/visudo.cat index 909e37a..bd9f7a9 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.6.9p10 December 17, 2007 1 +1.6.9p11 January 5, 2008 1 @@ -127,7 +127,7 @@ DDIIAAGGNNOOSSTTIICCSS -1.6.9p10 December 17, 2007 2 +1.6.9p11 January 5, 2008 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.6.9p10 December 17, 2007 3 +1.6.9p11 January 5, 2008 3 diff --git a/visudo.man.in b/visudo.man.in index a6bb1ff..08fa256 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.14 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: visudo.man.in,v 1.20.2.16 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS"