From 04402c11f42ab1ab88cfdd8b22b23f78efd81f75 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Wed, 14 May 2008 12:03:30 -0600 Subject: [PATCH] Imported Upstream version 1.6.8p7 --- CHANGES | 14 ++++++++++++++ LICENSE | 2 +- Makefile.in | 2 +- TROUBLESHOOTING | 16 +++++++++++++--- auth/pam.c | 26 +++++++++++++++----------- env.c | 5 +++-- ldap.c | 4 ++++ sudo.c | 6 ++++++ sudo.cat | 18 +++++++++--------- sudo.man.in | 2 +- sudoers.cat | 46 +++++++++++++++++++++++----------------------- sudoers.man.in | 2 +- version.h | 2 +- visudo.cat | 6 +++--- visudo.man.in | 2 +- 15 files changed, 96 insertions(+), 57 deletions(-) diff --git a/CHANGES b/CHANGES index d4d5ab7..928b09f 100644 --- a/CHANGES +++ b/CHANGES @@ -1764,3 +1764,17 @@ Sudo 1.6.8p4 released. 556) Invalid values for a tuple are now handled correctly. Sudo 1.6.8p5 released. + +557) Added a set of missing braces needed for MacOS X / Darwin. + +558) Define LDAP_OPT_SUCCESS for those without it. + +Sudo 1.6.8p6 released. + +559) Warn if the user tries to use the -u option when not running a command. + +560) Better PAM error handling and messages. + +561) Fixed setting of $USER when env_reset is enabled. + +Sudo 1.6.8p7 released. diff --git a/LICENSE b/LICENSE index 8703535..70655fa 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following ISC-style license: - Copyright (c) 1994-1996,1998-2004 Todd C. Miller + Copyright (c) 1994-1996,1998-2005 Todd C. Miller Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above diff --git a/Makefile.in b/Makefile.in index b5585b6..477ad2b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.8p5 +VERSION = 1.6.8p7 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \ diff --git a/TROUBLESHOOTING b/TROUBLESHOOTING index 94a93cc..3f7dd35 100644 --- a/TROUBLESHOOTING +++ b/TROUBLESHOOTING @@ -25,9 +25,19 @@ A) The operating system you are running probably has broken support for option and rebuild sudo. Q) Sudo never gives me a chance to enter a password using PAM, it just - says 'Sorry, try again.' three times and quits. -A) You didn't setup PAM to work with sudo. On Linux this generally - means installing sample.pam as /etc/pam.d/sudo. + says 'Sorry, try again.' three times and exits. +A) You didn't setup PAM to work with sudo. On Redhat Linux or Fedora + Core this generally means installing sample.pam as /etc/pam.d/sudo. + See the sample.pam file for hints on what to use for other Linux + systems. + +Q) Sudo says 'Account expired or PAM config lacks an "account" + section for sudo, contact your system administrator' and exits + but I know my account has not expired. +A) Your PAM config lacks an "account" specification. On Linux this + usually means you are missing a line like: + account required pam_unix.so + in /etc/pam.d/sudo. Q) Sudo is setup to log via syslog(3) but I'm not getting any log messages. diff --git a/auth/pam.c b/auth/pam.c index 1dc162a..d289a06 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -91,8 +91,7 @@ pam_init(pw, promptp, auth) pam_conv.conv = sudo_conv; pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { - log_error(USE_ERRNO|NO_EXIT|NO_MAIL, - "unable to initialize PAM"); + log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM"); return(AUTH_FATAL); } if (strcmp(user_tty, "unknown")) @@ -125,25 +124,30 @@ pam_verify(pw, prompt, auth) *pam_status); return(AUTH_FAILURE); case PAM_NEW_AUTHTOK_REQD: - log_error(NO_EXIT|NO_MAIL, "%s, %s" + log_error(NO_EXIT|NO_MAIL, "%s, %s", "Account or password is expired", "reset your password and try again"); - *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + *pam_status = pam_chauthtok(pamh, + PAM_CHANGE_EXPIRED_AUTHTOK); if (*pam_status == PAM_SUCCESS) return(AUTH_SUCCESS); if ((s = pam_strerror(pamh, *pam_status))) - log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s",s); + log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s", s); return(AUTH_FAILURE); + case PAM_AUTHTOK_EXPIRED: + log_error(NO_EXIT|NO_MAIL, + "Password expired, contact your system administrator"); + return(AUTH_FATAL); case PAM_ACCT_EXPIRED: - log_error(NO_EXIT|NO_MAIL, "%s, %s" - "Account or password is expired", - "contact your system administrator"); - /* FALLTHROUGH */ - default: - return(AUTH_FAILURE); + log_error(NO_EXIT|NO_MAIL, "%s %s", + "Account expired or PAM config lacks an \"account\"", + "section for sudo, contact your system administrator"); + return(AUTH_FATAL); } + /* FALLTHROUGH */ case PAM_AUTH_ERR: case PAM_MAXTRIES: + case PAM_PERM_DENIED: return(AUTH_FAILURE); default: if ((s = pam_strerror(pamh, *pam_status))) diff --git a/env.c b/env.c index 3f58b44..9d3a765 100644 --- a/env.c +++ b/env.c @@ -69,7 +69,7 @@ static const char rcsid[] = "$Sudo: env.c,v 1.42 2004/09/08 15:57:49 millert Exp #undef DID_LOGNAME #define DID_LOGNAME 0x10 #undef DID_USER -#define DID_USER 0x12 +#define DID_USER 0x20 #undef VNULL #define VNULL (VOID *)NULL @@ -499,7 +499,7 @@ rebuild_env(envp, sudo_mode, noexec) * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html * XXX - should prepend to original value, if any */ - if (noexec && def_noexec_file != NULL) + if (noexec && def_noexec_file != NULL) { #if defined(__darwin__) || defined(__APPLE__) insert_env(format_env("DYLD_INSERT_LIBRARIES", def_noexec_file, VNULL), 1); insert_env(format_env("DYLD_FORCE_FLAT_NAMESPACE", VNULL), 1); @@ -510,6 +510,7 @@ rebuild_env(envp, sudo_mode, noexec) insert_env(format_env("LD_PRELOAD", def_noexec_file, VNULL), 1); # endif #endif + } /* Set PS1 if SUDO_PS1 is set. */ if (ps1) diff --git a/ldap.c b/ldap.c index 838587d..b5ecc44 100644 --- a/ldap.c +++ b/ldap.c @@ -66,6 +66,10 @@ static const char rcsid[] = "$Sudo: ldap.c,v 1.14 2004/09/02 04:03:25 aaron Exp #define BUF_SIZ 1024 #endif +#ifndef LDAP_OPT_SUCCESS +#define LDAP_OPT_SUCCESS LDAP_SUCCESS +#endif + extern int printmatches; /* ldap configuration structure */ diff --git a/sudo.c b/sudo.c index 0944911..31edb65 100644 --- a/sudo.c +++ b/sudo.c @@ -837,6 +837,12 @@ parse_args(argc, argv) NewArgv++; } + if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN))) { + if (excl != '\0') + warnx("the `-u' and '-%c' options may not be used together", excl); + usage(1); + } + if ((NewArgc == 0 && (rval & MODE_EDIT)) || (NewArgc > 0 && !(rval & (MODE_RUN | MODE_EDIT)))) usage(1); diff --git a/sudo.cat b/sudo.cat index 166721a..c64eace 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.8p5 November 26, 2004 1 +1.6.8p7 February 5, 2005 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.6.8p5 November 26, 2004 2 +1.6.8p7 February 5, 2005 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.8p5 November 26, 2004 3 +1.6.8p7 February 5, 2005 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.8p5 November 26, 2004 4 +1.6.8p7 February 5, 2005 4 @@ -325,7 +325,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.6.8p5 November 26, 2004 5 +1.6.8p7 February 5, 2005 5 @@ -391,7 +391,7 @@ EENNVVIIRROONNMMEENNTT -1.6.8p5 November 26, 2004 6 +1.6.8p7 February 5, 2005 6 @@ -457,7 +457,7 @@ AAUUTTHHOORRSS -1.6.8p5 November 26, 2004 7 +1.6.8p7 February 5, 2005 7 @@ -523,7 +523,7 @@ DDIISSCCLLAAIIMMEERR -1.6.8p5 November 26, 2004 8 +1.6.8p7 February 5, 2005 8 @@ -589,6 +589,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.6.8p5 November 26, 2004 9 +1.6.8p7 February 5, 2005 9 diff --git a/sudo.man.in b/sudo.man.in index 279cdfd..6fc6e17 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" diff --git a/sudoers.cat b/sudoers.cat index d895498..bdf0465 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.8p5 November 28, 2004 1 +1.6.8p7 February 5, 2005 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 2 +1.6.8p7 February 5, 2005 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 3 +1.6.8p7 February 5, 2005 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 4 +1.6.8p7 February 5, 2005 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 5 +1.6.8p7 February 5, 2005 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 6 +1.6.8p7 February 5, 2005 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 7 +1.6.8p7 February 5, 2005 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 8 +1.6.8p7 February 5, 2005 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 9 +1.6.8p7 February 5, 2005 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 10 +1.6.8p7 February 5, 2005 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 11 +1.6.8p7 February 5, 2005 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 12 +1.6.8p7 February 5, 2005 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 13 +1.6.8p7 February 5, 2005 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 14 +1.6.8p7 February 5, 2005 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 15 +1.6.8p7 February 5, 2005 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 16 +1.6.8p7 February 5, 2005 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 17 +1.6.8p7 February 5, 2005 17 @@ -1183,7 +1183,7 @@ EEXXAAMMPPLLEESS -1.6.8p5 November 28, 2004 18 +1.6.8p7 February 5, 2005 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 19 +1.6.8p7 February 5, 2005 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.8p5 November 28, 2004 20 +1.6.8p7 February 5, 2005 20 @@ -1381,7 +1381,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.6.8p5 November 28, 2004 21 +1.6.8p7 February 5, 2005 21 @@ -1447,7 +1447,7 @@ CCAAVVEEAATTSS -1.6.8p5 November 28, 2004 22 +1.6.8p7 February 5, 2005 22 @@ -1513,6 +1513,6 @@ DDIISSCCLLAAIIMMEERR -1.6.8p5 November 28, 2004 23 +1.6.8p7 February 5, 2005 23 diff --git a/sudoers.man.in b/sudoers.man.in index 98b980a..357f54d 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "November 28, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" diff --git a/version.h b/version.h index 3f06dfb..e7e46ff 100644 --- a/version.h +++ b/version.h @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.8p5"; +static const char version[] = "1.6.8p7"; #endif /* _SUDO_VERSION_H */ diff --git a/visudo.cat b/visudo.cat index a634127..dfcd8bc 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.6.8p5 November 26, 2004 1 +1.6.8p7 February 5, 2005 1 @@ -127,7 +127,7 @@ DDIIAAGGNNOOSSTTIICCSS -1.6.8p5 November 26, 2004 2 +1.6.8p7 February 5, 2005 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.6.8p5 November 26, 2004 3 +1.6.8p7 February 5, 2005 3 diff --git a/visudo.man.in b/visudo.man.in index 4e7fce5..3593696 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "November 26, 2004" "1.6.8p5" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" -- 2.47.2