#
-# Copyright (c) 1996, 1998-2005, 2007-2009
-# Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
-# Sponsored in part by the Defense Advanced Research Projects
-# Agency (DARPA) and Air Force Research Laboratory, Air Force
-# Materiel Command, USAF, under agreement number F39502-99-1-0512.
-#
# @configure_input@
#
srcdir = @srcdir@
devdir = @devdir@
authdir = $(srcdir)/auth
-top_builddir = .
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+incdir = $(top_srcdir)/include
+compat = $(top_srcdir)/compat
# Compiler & tools to use
CC = @CC@
-FLEX = @FLEX@
-YACC = @YACC@
-NROFF = nroff -Tascii
LIBTOOL = @LIBTOOL@
-AR=@AR@
-RANLIB=@RANLIB@
# Our install program supports extra flags...
-INSTALL = $(SHELL) $(srcdir)/install-sh -c
+INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
# Libraries
-LIBS = @LIBS@
-NET_LIBS = @NET_LIBS@
-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS)
+LIBS =
# C preprocessor flags
-CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
+CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) @CPPFLAGS@
# Usually -O and/or -g
CFLAGS = @CFLAGS@
# Flags to pass to the link stage
-LDFLAGS = -L. @LDFLAGS@
-SUDO_LDFLAGS = @SUDO_LDFLAGS@ $(LDFLAGS)
+LDFLAGS =
# Where to install things...
prefix = @prefix@
sysconfdir = @sysconfdir@
libexecdir = @libexecdir@
datarootdir = @datarootdir@
-mandir = @mandir@
-noexecfile = @NOEXECFILE@
-noexecdir = @NOEXECDIR@
-
-# Directory in which to install sudo.
-sudodir = $(bindir)
-
-# Directory in which to install visudo
-visudodir = $(sbindir)
+plugindir = @PLUGINDIR@
# Directory in which to install the sudoers file
sudoersdir = $(sysconfdir)
-# Directory in which to install the man page
-mantype = @MANTYPE@
-mansectsu = @mansectsu@
-mansectform = @mansectform@
-mandirsu = $(mandir)/$(mantype)$(mansectsu)
-mandirform = $(mandir)/$(mantype)$(mansectform)
-
-# User and group ids the installed files should be "owned" by
-install_uid = 0
-install_gid = 0
-
# User, group, and mode the sudoers file should be "owned" by (configure)
sudoers_uid = @SUDOERS_UID@
sudoers_gid = @SUDOERS_GID@
SHELL = /bin/sh
-PROGS = @PROGS@
-
-SRCS = aix.c alias.c alloc.c audit.c boottime.c bsm_audit.c check.c \
- closefrom.c def_data.c defaults.c env.c error.c fileops.c find_path.c \
- fnmatch.c getcwd.c getprogname.c getspwuid.c gettime.c glob.c \
- goodpath.c gram.c gram.y interfaces.c isblank.c lbuf.c ldap.c list.c \
- logging.c match.c mkstemp.c memrchr.c nanosleep.c parse.c pwutil.c \
- pty.c script.c set_perms.c sigaction.c snprintf.c strcasecmp.c \
- strerror.c strlcat.c strlcpy.c strsignal.c sudo.c sudo_noexec.c \
- sudo_edit.c sudo_nss.c term.c testsudoers.c tgetpass.c toke.c toke.l \
- tsgetgrpw.c utimes.c vasgroups.c visudo.c zero_bytes.c redblack.c \
- selinux.c sesh.c sudoreplay.c getdate.c getdate.y getline.c \
- timestr.c $(AUTH_SRCS)
-
-AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
- auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
- auth/secureware.c auth/securid.c auth/securid5.c auth/sia.c \
- auth/sudo_auth.c
-
-HDRS = alloc.h bsm_audit.h compat.h def_data.h defaults.h error.h ins_2001.h \
- ins_classic.h ins_csops.h ins_goons.h insults.h interfaces.h lbuf.h \
- list.h logging.h missing.h nonunix.h redblack.h parse.h sudo.h \
- sudo_nss.h gram.h auth/sudo_auth.h emul/charclass.h emul/fnmatch.h \
- emul/glob.h emul/timespec.h emul/utime.h
+# XXX - configure will substitute in .o files not .lo files
+AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
-AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
+COMMON_OBJS = alias.lo atobool.lo defaults.lo gram.lo \
+ list.lo match.lo pwutil.lo timestr.lo toke.lo redblack.lo \
+ zero_bytes.lo @NONUNIX_GROUPS_IMPL@
-COMMON_OBJS = alias.o alloc.o defaults.o error.o getline.o gram.o \
- list.o match.o pwutil.o timestr.o toke.o redblack.o \
- term.o zero_bytes.o @NONUNIX_GROUPS_IMPL@
+# XXX - add @SUDOERS_OBJS@ in configure.in
+SUDOERS_OBJS = $(AUTH_OBJS) alloc.lo boottime.lo check.lo fmt_string.lo \
+ error.lo env.lo getspwuid.lo gettime.lo goodpath.lo fileops.lo \
+ find_path.lo interfaces.lo lbuf.lo logging.lo parse.lo \
+ set_perms.lo sudoers.lo sudo_nss.lo @SUDOERS_OBJS@
-SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o boottime.o check.o \
- env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
- interfaces.o lbuf.o logging.o parse.o set_perms.o sudo.o \
- sudo_edit.o sudo_nss.o tgetpass.o
+LIBOBJDIR = $(top_srcdir)/@ac_config_libobj_dir@/
-VISUDO_OBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o
-
-REPLAY_OBJS = getdate.o sudoreplay.o
-
-TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o
-
-LIB_OBJS = @LIBOBJS@
+LTLIBOBJS = $(top_srcdir)/@ac_config_libobj_dir@/libmissing_pic.a
VERSION = @PACKAGE_VERSION@
-DISTFILES = $(SRCS) $(HDRS) ChangeLog HISTORY INSTALL INSTALL.configure \
- LICENSE Makefile.in PORTING README README.LDAP TROUBLESHOOTING \
- UPGRADE WHATSNEW aclocal.m4 acsite.m4 aixcrypt.exp config.guess \
- config.h.in config.sub configure configure.in def_data.in \
- indent.pro install-sh ltmain.sh mkdefaults mkinstalldirs \
- pathnames.h.in sample.pam sample.syslog.conf sample.sudoers \
- schema.ActiveDirectory schema.OpenLDAP schema.iPlanet sudo.cat \
- sudo.man.in sudo.pod sudo.psf sudo_usage.h.in sudoers sudoers.cat \
- sudoers.man.in sudoers.pod sudoers.ldap.cat sudoers.ldap.man.in \
- sudoers.ldap.pod sudoers2ldif sudoreplay.cat sudoreplay.man.in \
- sudoreplay.pod visudo.cat visudo.man.in visudo.pod auth/API \
- sudo.man.pl sudoers.man.pl
-
-BINFILES= ChangeLog HISTORY LICENSE README TROUBLESHOOTING \
- UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
- sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
- sudoers.pod sudoreplay.cat sudoreplay.man sudoreplay.pod \
- visudo visudo.cat visudo.man visudo.pod
-
-BINSPECIAL= INSTALL.binary Makefile.binary.in libtool
-
-SUDODEP = $(srcdir)/sudo.h $(srcdir)/alloc.h $(srcdir)/compat.h \
- $(srcdir)/defaults.h $(srcdir)/error.h $(srcdir)/list.h \
- $(srcdir)/logging.h $(srcdir)/missing.h $(srcdir)/sudo_nss.h \
- $(devdir)/def_data.h pathnames.h config.h
+SUDODEP = $(srcdir)/sudoers.h $(incdir)/compat.h \
+ $(srcdir)/defaults.h $(incdir)/error.h $(incdir)/list.h \
+ $(srcdir)/logging.h $(incdir)/missing.h $(srcdir)/sudo_nss.h \
+ $(devdir)/def_data.h $(top_builddir)/pathnames.h $(top_builddir)/config.h
AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h
INSDEP = $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \
$(srcdir)/ins_goons.h $(srcdir)/insults.h
-all: $(PROGS)
+all: sudoers.la
-.SUFFIXES: .o .c .h .l .y .man .cat .lo
+.SUFFIXES: .o .c .h .lo
.c.o:
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
.c.lo:
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
-.man.cat:
- @rm -f $@
- sed '1s/^/.if n .ll 78n/' $< | $(NROFF) -man > $@
-
-libsudo.a: $(LIB_OBJS) $(COMMON_OBJS)
- $(AR) rv $@ $(LIB_OBJS) $(COMMON_OBJS)
- $(RANLIB) $@
-
-sudo: libsudo.a $(SUDO_OBJS)
- $(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
-
-visudo: libsudo.a $(VISUDO_OBJS)
- $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
-
-sudoreplay: libsudo.a $(REPLAY_OBJS)
- $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) -lsudo $(LIBS) @ZLIB@
-
-testsudoers: $(TEST_OBJS)
- $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
-
-sudo_noexec.lo: $(srcdir)/sudo_noexec.c
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
-
-sudo_noexec.la: sudo_noexec.lo
- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
-
-# Uncomment the following if you want "make distclean" to clean the parser
-@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
-
-# Uncomment the lines before -@true if you intend to modify gram.y
-$(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y
-@DEV@ $(YACC) -d $(srcdir)/gram.y
-@DEV@ mv -f y.tab.c gram.c
-@DEV@ if cmp -s y.tab.h gram.h; then rm -f y.tab.h; else mv -f y.tab.h gram.h; fi
- -@true
-
-# Uncomment the lines before -@true if you intend to modify toke.l
-$(devdir)/toke.c: $(srcdir)/toke.l
-@DEV@ $(FLEX) $(srcdir)/toke.l
-@DEV@ mv -f lex.yy.c toke.c
- -@true
-
-# Uncomment the lines before -@true if you intend to modify getdate.y
-$(devdir)/getdate.c: $(srcdir)/getdate.y
-@DEV@ echo "expect 10 shift/reduce conflicts"
-@DEV@ $(YACC) $(srcdir)/getdate.y
-@DEV@ mv -f y.tab.c getdate.c
- -@true
-
-# Uncomment the following if you intend to modify def_data.in
-@DEV@$(devdir)/def_data.h $(devdir)/def_data.c: $(srcdir)/def_data.in
-@DEV@ perl $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in
-
-# Dependencies (not counting auth functions)
-aix.o: $(srcdir)/aix.c
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
-alias.o: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/redblack.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
-alloc.o: $(srcdir)/alloc.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
-audit.o: $(srcdir)/audit.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
-boottime.o: $(srcdir)/boottime.c config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
-bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) bsm_audit.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
-check.o: $(srcdir)/check.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
-closefrom.o: $(srcdir)/closefrom.c config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
-defaults.o: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
-env.o: $(srcdir)/env.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
-error.o: $(srcdir)/error.c $(srcdir)/compat.h $(srcdir)/error.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
-fileops.o: $(srcdir)/fileops.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
-find_path.o: $(srcdir)/find_path.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
-fnmatch.o: $(srcdir)/fnmatch.c $(srcdir)/emul/fnmatch.h $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
-getcwd.o: $(srcdir)/getcwd.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
-getdate.o: $(srcdir)/getdate.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
-getline.o: $(srcdir)/getline.c config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
-getprogname.o: $(srcdir)/getprogname.c config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
-getspwuid.o: $(srcdir)/getspwuid.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
-gettime.o: $(srcdir)/gettime.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
-glob.o: $(srcdir)/glob.c $(srcdir)/emul/glob.h $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
-goodpath.o: $(srcdir)/goodpath.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
-gram.o: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
-interfaces.o: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
-isblank.o: $(srcdir)/isblank.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
-lbuf.o: $(srcdir)/lbuf.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
-ldap.o: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
-list.o: $(srcdir)/list.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
-logging.o: $(srcdir)/logging.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
-match.o: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
-memrchr.o: $(srcdir)/memrchr.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
-mkstemp.o: $(srcdir)/mkstemp.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemp.c
-nanosleep.o: $(srcdir)/nanosleep.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
-parse.o: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
-pwutil.o: $(srcdir)/pwutil.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
-pty.o: $(srcdir)/pty.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pty.c
-redblack.o: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
-script.o: $(srcdir)/script.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/script.c
-set_perms.o: $(srcdir)/set_perms.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
-sigaction.o: $(srcdir)/sigaction.c $(srcdir)/compat.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
-snprintf.o: $(srcdir)/snprintf.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
-strcasecmp.o: $(srcdir)/strcasecmp.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
-strerror.o: $(srcdir)/strerror.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
-strlcat.o: $(srcdir)/strlcat.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
-strlcpy.o: $(srcdir)/strlcpy.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
-strsignal.o: $(srcdir)/strsignal.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
-selinux.o: $(srcdir)/selinux.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
-sudo.o: $(srcdir)/sudo.c $(SUDODEP) sudo_usage.h $(srcdir)/interfaces.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
-sudoreplay.o: $(srcdir)/sudoreplay.c $(srcdir)/alloc.h $(srcdir)/compat.h $(srcdir)/error.h $(srcdir)/missing.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
-sudo_edit.o: $(srcdir)/sudo_edit.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
-sudo_noexec.o: $(srcdir)/sudo_noexec.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
-sudo_nss.o: $(srcdir)/sudo_nss.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
-term.o: $(srcdir)/term.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
-testsudoers.o: $(srcdir)/testsudoers.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
-tgetpass.o: $(srcdir)/tgetpass.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
-timestr.o: $(srcdir)/timestr.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
-toke.o: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
-tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
-utimes.o: $(srcdir)/utimes.c $(srcdir)/compat.h $(srcdir)/emul/utime.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
-vasgroups.o: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
-visudo.o: $(srcdir)/visudo.c $(SUDODEP) $(devdir)/gram.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
-zero_bytes.o: $(srcdir)/zero_bytes.c $(srcdir)/compat.h config.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
-sudo_auth.o: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
-afs.o: $(authdir)/afs.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
-aix_auth.o: $(authdir)/aix_auth.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
-bsdauth.o: $(authdir)/bsdauth.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
-dce.o: $(authdir)/dce.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
-fwtk.o: $(authdir)/fwtk.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
-kerb4.o: $(authdir)/kerb4.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
-kerb5.o: $(authdir)/kerb5.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
-pam.o: $(authdir)/pam.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
-passwd.o: $(authdir)/passwd.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
-rfc1938.o: $(authdir)/rfc1938.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
-secureware.o: $(authdir)/secureware.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
-securid.o: $(authdir)/securid.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
-securid5.o: $(authdir)/securid5.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
-sia.o: $(authdir)/sia.c $(AUTHDEP)
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
-
-sudo.man.in: $(srcdir)/sudo.pod
- @rm -f $(srcdir)/$@
- ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudo.man.pl >> $@ )
-
-sudo.man: sudo.man.in
- CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
-
-sudo.cat: sudo.man
-
-visudo.man.in: $(srcdir)/visudo.pod
- @rm -f $(srcdir)/$@
- ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
-
-visudo.man: visudo.man.in
- CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
-
-visudo.cat: visudo.man
-
-sudoers.man.in: $(srcdir)/sudoers.pod
- @rm -f $(srcdir)/$@
- ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoers.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoers.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudoers.man.pl >> $@ )
-
-sudoers.man:: sudoers.man.in
- CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
-
-sudoers.cat: sudoers.man
-
-sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.pod
- @rm -f $(srcdir)/$@
- ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoers.ldap.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoers.ldap.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
-
-sudoers.ldap.man:: sudoers.ldap.man.in
- CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
-
-sudoers.ldap.cat: sudoers.ldap.man
-
-sudoreplay.man.in: $(srcdir)/sudoreplay.pod
- @rm -f $(srcdir)/$@
- ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudoreplay.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudoreplay.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@ )
-
-sudoreplay.man:: sudoreplay.man.in
- CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status
-
-sudoers.cat: sudoers.man
-
-@DEV@HISTORY: history.pod
-@DEV@ pod2text -l -i0 $> > $@
-@DEV@
-@DEV@LICENSE: license.pod
-@DEV@ pod2text -l -i0 $> | sed '1,2d' > $@
-
-ChangeLog:
- hg log --style=changelog -b default > $@
-
-install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man
+sudoers.la: $(SUDOERS_OBJS) $(COMMON_OBJS) $(LTLIBOBJS)
+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(SUDOERS_OBJS) $(COMMON_OBJS) $(LTLIBOBJS) -module -avoid-version -rpath $(plugindir)
+
+# Sudoers dependencies
+sudoers.lo: $(srcdir)/sudoers.c $(SUDODEP) $(srcdir)/interfaces.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoers.c
+alias.lo: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(srcdir)/redblack.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
+boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
+check.lo: $(srcdir)/check.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
+defaults.lo: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
+env.lo: $(srcdir)/env.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
+find_path.lo: $(srcdir)/find_path.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
+getdate.lo: $(srcdir)/getdate.c $(incdir)/compat.h $(top_builddir)/config.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
+getspwuid.lo: $(srcdir)/getspwuid.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
+gettime.lo: $(srcdir)/gettime.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
+goodpath.lo: $(srcdir)/goodpath.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
+gram.lo: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
+interfaces.lo: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
+ldap.lo: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
+logging.lo: $(srcdir)/logging.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
+match.lo: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
+parse.lo: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
+pwutil.lo: $(srcdir)/pwutil.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
+redblack.lo: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
+set_perms.lo: $(srcdir)/set_perms.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
+sudo_nss.lo: $(srcdir)/sudo_nss.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
+timestr.lo: $(srcdir)/timestr.c $(incdir)/compat.h $(top_builddir)/config.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
+toke.lo: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(incdir)/list.h $(devdir)/gram.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
+tsgetgrpw.lo: $(srcdir)/tsgetgrpw.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
+vasgroups.lo: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
+error.lo: $(srcdir)/error.c $(incdir)/error.h $(incdir)/compat.h $(top_builddir)/config.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
+
+# Upper level sudo dependencies
+alloc.lo: $(top_srcdir)/src/alloc.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/alloc.c
+atobool.lo: $(top_srcdir)/src/atobool.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/atobool.c
+fileops.lo: $(top_srcdir)/src/fileops.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/fileops.c
+fmt_string.lo: $(top_srcdir)/src/fmt_string.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/fmt_string.c
+list.lo: $(top_srcdir)/src/list.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/list.c
+lbuf.lo: $(top_srcdir)/src/lbuf.c $(SUDODEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/lbuf.c
+zero_bytes.lo: $(top_srcdir)/src/zero_bytes.c $(incdir)/compat.h $(top_builddir)/config.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(top_srcdir)/src/zero_bytes.c
+
+# Auth dependencies
+sudo_auth.lo: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
+afs.lo: $(authdir)/afs.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
+aix_auth.lo: $(authdir)/aix_auth.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
+bsdauth.lo: $(authdir)/bsdauth.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
+dce.lo: $(authdir)/dce.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
+fwtk.lo: $(authdir)/fwtk.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
+kerb4.lo: $(authdir)/kerb4.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
+kerb5.lo: $(authdir)/kerb5.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
+pam.lo: $(authdir)/pam.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
+passwd.lo: $(authdir)/passwd.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
+rfc1938.lo: $(authdir)/rfc1938.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
+secureware.lo: $(authdir)/secureware.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
+securid.lo: $(authdir)/securid.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
+securid5.lo: $(authdir)/securid5.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
+sia.lo: $(authdir)/sia.c $(AUTHDEP)
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
+
+install: install-dirs install-plugin
install-dirs:
- $(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
- $(DESTDIR)$(visudodir) $(DESTDIR)$(sudoersdir) \
- $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \
- $(DESTDIR)$(noexecdir)
-
-install-binaries: install-dirs $(PROGS)
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo
- rm -f $(DESTDIR)$(sudodir)/sudoedit
- ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
- if [ -f sudoreplay ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
- if [ -f sesh ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh; fi
-
-install-noexec: install-dirs sudo_noexec.la
- if [ -f .libs/$(noexecfile) ]; then $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir); fi
-
-install-sudoers: install-dirs
- test -f $(DESTDIR)$(sudoersdir)/sudoers || \
- $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
- $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers
-
-install-man: install-dirs
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
- @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
- ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
- @REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
- @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
-@MAN_POSTINSTALL@
+ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir)
+
+install-binaries:
+
+install-man:
+
+install-plugin: install-dirs sudoers.la
+ $(LIBTOOL) --mode=install $(INSTALL) sudoers.la $(plugindir)
check:
@echo nothing to check
clean:
- -rm -f *.a *.o *.lo stamp-* $(PROGS) testsudoers core *.core core.*
+ -rm -f *.a *.o *.lo *.la stamp-* core *.core core.*
mostlyclean: clean
distclean: clean
- -rm -rf Makefile pathnames.h config.h config.status config.cache \
- config.log libtool sudo_noexec.lo .libs $(GENERATED) \
- sudo.man sudoers.man sudoers.ldap.man visudo.man sudo_usage.h \
- Makefile.binary
+ -rm -rf Makefile sudoers.lo .libs
clobber: distclean
rm -f TAGS tags
cleandir: realclean
-
-dist: ChangeLog
- pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \
- $(DISTFILES)
- gzip -9f ../sudo-$(VERSION).tar
- ls -l ../sudo-$(VERSION).tar.gz
-
-bindist: ChangeLog
- ( \
- ARCH=`uname -m|sed 's:/:_:g'`+`uname -sr|sed 's/ /_/g'` ; \
- mkdir tmp.$$ARCH ; \
- tdir=tmp.$$ARCH/sudo-$(VERSION) ; \
- mkdir $$tdir ; \
- for i in $(BINFILES) ; do \
- if [ -f $$i ]; then \
- cp $$i $$tdir ; \
- elif [ -f $(srcdir)/$$i ]; then \
- cp $(srcdir)/$$i $$tdir ; \
- else \
- echo cannot find $$i ; \
- exit 1 ; \
- fi ; \
- done ; \
- if [ -f sudo_noexec.la ]; then \
- cp libtool $$tdir ; \
- $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \
- ln $$tdir/sudo_noexec.la $$tdir/sudo_noexec.lai ; \
- ln -s . $$tdir/.libs ; \
- fi ; \
- cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \
- sh ./config.status --file=Makefile.binary && cp Makefile.binary $$tdir/Makefile ; \
- strip $$tdir/sudo ; \
- strip $$tdir/visudo ; \
- cd tmp.$$ARCH && tar Ocf ../sudo-$(VERSION)-$$ARCH.tar sudo-$(VERSION) && cd .. ; \
- gzip -f --best sudo-$(VERSION)-$$ARCH.tar ; \
- rm -rf tmp.$$ARCH ; \
- )
-
-depot:
- ( \
- tdir=tmp.depot ; \
- mkdir $$tdir ; \
- for i in sudo visudo sudo.man visudo.man sudoers.man sudoers ChangeLog HISTORY LICENSE README TROUBLESHOOTING UPGRADE sample.syslog.conf sample.sudoers; do \
- if [ -f $$i ]; then \
- cp $$i $$tdir ; \
- elif [ -f $(srcdir)/$$i ]; then \
- cp $(srcdir)/$$i $$tdir ; \
- else \
- echo cannot find $$i ; \
- exit 1 ; \
- fi ; \
- done ; \
- if [ -f sudo_noexec.la ]; then \
- cp libtool $$tdir ; \
- $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \
- fi ; \
- sed 's/@VERSION@/$(VERSION)/g' <$(srcdir)/sudo.psf >$$tdir/sudo.psf ; \
- printf '#!/sbin/sh\nrm -f /usr/local/bin/sudoedit\nln /usr/local/bin/sudo /usr/local/bin/sudoedit\n' > $$tdir/sudo-exec.postinstall ; \
- printf '#!/sbin/sh\nrm -f /usr/local/man/man1m/sudoedit.1m\nln /usr/local/man/man1m/sudo.1m /usr/local/man/man1m/sudoedit.1m\n' > $$tdir/sudo-man.postinstall ; \
- printf '#!/sbin/sh\nif [ ! -s /etc/sudoers ]; then\n\techo installing /usr/local/doc/sudo/sudoers as /etc/sudoers\n\techo use /usr/local/sbin/visudo to configure sudo\n\tcp /usr/local/doc/sudo/sudoers /etc/sudoers\n\tchmod 440 /etc/sudoers\n\tchown root:root /etc/sudoers\nfi\n' > $$tdir/sudo-config.postinstall ; \
- chmod 755 $$tdir/sudo-exec.postinstall $$tdir/sudo-man.postinstall $$tdir/sudo-config.postinstall ; \
- strip $$tdir/sudo ; \
- strip $$tdir/visudo ; \
- cd $$tdir ; \
- swpackage -x target_type=tape -d ../sudo-$(VERSION).depot -s sudo.psf ; \
- cd .. ; \
- gzip -f --best sudo-$(VERSION).depot; \
- rm -rf tmp.depot ; \
- )
-
-.PHONY: ChangeLog
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
-#include "sudo.h"
+#include "sudoers.h"
#include "parse.h"
#include "redblack.h"
#include <gram.h>
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
#include <afs/stds.h>
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
/*
int reenter = 1;
int rval = AUTH_FAILURE;
- pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass) {
/* XXX - should probably print message on failure. */
if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
#include <login_cap.h>
#include <bsd_auth.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
extern char *login_style; /* from sudo.c */
* S/Key.
*/
if ((s = auth_challenge(as)) == NULL) {
- pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
} else {
- pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
while (isspace(prompt[len]) || prompt[len] == ':')
prompt[len--] = '\0';
easprintf(&s, "%s [echo on]: ", prompt);
- pass = tgetpass(s, def_passwd_timeout * 60,
- tgetpass_flags | TGP_ECHO);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60,
+ SUDO_CONV_PROMPT_ECHO_ON);
free(s);
}
}
#include <dce/sec_login.h>
#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
static int check_dce_status __P((error_status_t, char *));
#include <auth.h>
#include <firewall.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
int
/* Get the password/response from the user. */
if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
- pass = tgetpass(buf, def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (pass && *pass == '\0') {
- pass = tgetpass("Response [echo on]: ",
- def_passwd_timeout * 60, tgetpass_flags | TGP_ECHO);
+ pass = auth_getpass("Response [echo on]: ",
+ def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON);
}
} else if (strncmp(resp, "chalnecho ", 10) == 0) {
- pass = tgetpass(&resp[10], def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass(&resp[10], def_passwd_timeout * 60,
+ SUDO_CONV_PROMPT_ECHO_OFF);
} else if (strncmp(resp, "password", 8) == 0) {
- pass = tgetpass(prompt, def_passwd_timeout * 60,
- tgetpass_flags);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60,
+ SUDO_CONV_PROMPT_ECHO_OFF);
} else if (strncmp(resp, "display ", 8) == 0) {
fprintf(stderr, "%s\n", &resp[8]);
strlcpy(buf, "response dummy", sizeof(buf));
#include <pwd.h>
#include <krb.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
int
#include <com_err.h>
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
#ifdef HAVE_HEIMDAL
# endif
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
/* Only OpenPAM and Linux PAM use const qualifiers. */
PAM_CONST struct pam_message *pm;
const char *prompt;
char *pass;
- int n, flags, std_prompt;
+ int n, type, std_prompt;
if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
return(PAM_SYSTEM_ERR);
zero_bytes(*response, num_msg * sizeof(struct pam_response));
for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
- flags = tgetpass_flags;
+ type = SUDO_CONV_PROMPT_ECHO_OFF;
switch (pm->msg_style) {
case PAM_PROMPT_ECHO_ON:
- SET(flags, TGP_ECHO);
+ type = SUDO_CONV_PROMPT_ECHO_ON;
case PAM_PROMPT_ECHO_OFF:
prompt = def_prompt;
prompt = pm->msg;
#endif
/* Read the password unless interrupted. */
- pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
+ pass = auth_getpass(prompt, def_passwd_timeout * 60, type);
if (pass == NULL) {
/* We got ^C instead of a password; abort quickly. */
if (errno == EINTR)
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
#define DESLEN 13
# define rfc1938verify(a,b) opieverify((a),(b))
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
int
#endif /* __hpux */
#include <prot.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
int
#include <sdconf.h>
#include <sdacmvls.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
union config_record configure;
#include <acexport.h>
#include <sdacmvls.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
/*
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
int rval;
- pass = (char *) tgetpass("Enter your PASSCODE: ",
- def_passwd_timeout * 60, tgetpass_flags);
+ pass = auth_getpass("Enter your PASSCODE: ",
+ def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
/* Have ACE verify password */
switch (SD_Check(*sd, pass, pw->pw_name)) {
/* Sometimes (when current token close to expire?)
ACE challenges for the next token displayed
(entered without the PIN) */
- pass = (char *) tgetpass("\
+ pass = auth_getpass("\
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
then enter the new token code.\n", \
- def_passwd_timeout * 60, tgetpass_flags);
+ def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
if (SD_Next(*sd, pass) == ACM_OK) {
rval = AUTH_SUCCESS;
#include <pwd.h>
#include <siad.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *));
/*
- * Copyright (c) 1999-2005, 2008-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <time.h>
#include <signal.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "sudo_auth.h"
#include "insults.h"
+sudo_conv_t sudo_conv;
+
sudo_auth auth_switch[] = {
#ifdef AUTH_STANDALONE
AUTH_STANDALONE
AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
};
-void
-verify_user(pw, prompt)
- struct passwd *pw;
- char *prompt;
+int
+verify_user(struct passwd *pw, char *prompt)
{
int counter = def_passwd_tries + 1;
int success = AUTH_FAILURE;
- int status;
- int flags;
+ int flags, status, rval;
char *p;
sudo_auth *auth;
sigaction_t sa, osa;
"There are no authentication methods compiled into sudo!",
"If you want to turn off authentication, use the",
"--disable-authentication configure option.");
+ return -1;
}
/* Set FLAG_ONEANDONLY if there is only one auth method. */
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
- exit(1); /* assume error msg already printed */
+ return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
- exit(1); /* assume error msg already printed */
+ return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
#ifdef AUTH_STANDALONE
p = prompt;
#else
- p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
- tgetpass_flags);
+ p = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF);
#endif /* AUTH_STANDALONE */
/* Call authentication functions. */
goto cleanup;
}
#ifndef AUTH_STANDALONE
- if (p)
- zero_bytes(p, strlen(p));
+ if (repl.reply)
+ zero_bytes(p, strlen(repl.reply));
#endif
- if (!ISSET(tgetpass_flags, TGP_ASKPASS))
- pass_warn(stderr);
+ /* XXX - need way to know if askpass was used */
+ //if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+ pass_warn();
}
cleanup:
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
- exit(1); /* assume error msg already printed */
+ return -1; /* assume error msg already printed */
}
if (NEEDS_USER(auth))
switch (success) {
case AUTH_SUCCESS:
(void) sigaction(SIGTSTP, &osa, NULL);
- return;
+ rval = TRUE;
+ break;
case AUTH_INTR:
case AUTH_FAILURE:
if (counter != def_passwd_tries) {
flags = 0;
else
flags = NO_MAIL;
-#ifdef HAVE_BSM_AUDIT
- audit_failure(NewArgv, "authentication failure");
-#endif
log_error(flags, "%d incorrect password attempt%s",
def_passwd_tries - counter,
(def_passwd_tries - counter == 1) ? "" : "s");
}
- /* FALLTHROUGH */
+#ifdef HAVE_BSM_AUDIT
+ audit_failure(NewArgv, "authentication failure");
+#endif
+ rval = FALSE;
+ break;
case AUTH_FATAL:
+ default:
#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
#endif
- exit(1);
+ rval = -1;
+ break;
}
- /* NOTREACHED */
+
+ return rval;
}
void
-pass_warn(fp)
- FILE *fp;
+pass_warn(void)
{
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+ /* Call conversation function */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_ERROR_MSG;
#ifdef INSULT
if (def_insults)
- (void) fprintf(fp, "%s\n", INSULT);
+ msg.msg = INSULT;
else
#endif
- (void) fprintf(fp, "%s\n", def_badpass_message);
+ msg.msg = def_badpass_message;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
}
+char *
+auth_getpass(const char *prompt, int timeout, int type)
+{
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+
+ /* Call conversation function */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF;
+ msg.timeout = def_passwd_timeout * 60;
+ msg.msg = prompt;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
+ /* XXX - check for ENOTTY? */
+ return repl.reply;
+}
+
+#ifdef notyet
void
-dump_auth_methods()
+dump_auth_methods(void)
{
sudo_auth *auth;
+ /* XXX - conversation function */
(void) fputs("Authentication methods:", stdout);
for (auth = auth_switch; auth->name; auth++)
(void) printf(" '%s'", auth->name);
(void) putchar('\n');
}
+#endif
#define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED)
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
+/* Like tgetpass() but uses conversation function */
+char *auth_getpass(const char *prompt, int timeout, int type);
+
+/* Pointer to conversation function to use with auth_getpass(). */
+extern sudo_conv_t sudo_conv;
+
/* Prototypes for standalone methods */
int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
# include <compat/timespec.h>
#endif
-#include "sudo.h"
+#include "sudoers.h"
/* Status codes for timestamp_status() */
#define TS_CURRENT 0
#define TS_MAKE_DIRS 1
#define TS_REMOVE 2
-static void build_timestamp __P((char **, char **));
+static int build_timestamp __P((char **, char **));
static int timestamp_status __P((char *, char *, char *, int));
static char *expand_prompt __P((char *, char *, char *));
static void lecture __P((int));
/*
* This function only returns if the user can successfully
* verify who he/she is.
+ * XXX - check return values
*/
-void
+int
check_user(validated, mode)
int validated;
int mode;
char *timestampdir = NULL;
char *timestampfile = NULL;
char *prompt;
- int status;
+ int status, rval = TRUE;
/* Always prompt for a password when -k was specified with the command. */
if (ISSET(mode, MODE_INVALIDATE)) {
SET(validated, FLAG_CHECK_USER);
} else {
if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
- return;
+ return TRUE;
}
- build_timestamp(×tampdir, ×tampfile);
+ if (build_timestamp(×tampdir, ×tampfile) == -1)
+ return -1;
+
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_MAKE_DIRS);
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
/* Bail out if we are non-interactive and a password is required */
- if (ISSET(mode, MODE_NONINTERACTIVE))
- errorx(1, "sorry, a password is required to run %s", getprogname());
+ if (ISSET(mode, MODE_NONINTERACTIVE)) {
+ warningx("sorry, a password is required to run %s", getprogname());
+ return -1;
+ }
+#if 0 /* XXX - checks need to be done in main driver */
/* If user specified -A, make sure we have an askpass helper. */
if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
if (user_askpass == NULL)
}
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+#endif
lecture(status);
/* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
user_name, user_shost);
- verify_user(auth_pw, prompt);
+ rval = verify_user(auth_pw, prompt);
}
/* Only update timestamp if user was validated. */
if (ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_INVALIDATE) && status != TS_ERROR)
update_timestamp(timestampdir, timestampfile);
efree(timestampdir);
efree(timestampfile);
+
+ return rval;
}
/*
}
if (subst) {
- new_prompt = (char *) emalloc(++len);
+ new_prompt = emalloc(++len);
endp = new_prompt + len;
for (p = old_prompt, np = new_prompt; *p; p++) {
if (p[0] =='%') {
/*
* Fills in timestampdir as well as timestampfile if using tty tickets.
*/
-static void
+static int
build_timestamp(timestampdir, timestampfile)
char **timestampdir;
char **timestampfile;
dirparent = def_timestampdir;
len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
- if (len >= PATH_MAX)
+ if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampdir);
+ return -1;
+ }
/*
* Timestamp file may be a file in the directory or NUL to use
p, runas_pw->pw_name);
else
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
- if (len >= PATH_MAX)
+ if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampfile);
+ return -1;
+ }
} else if (def_targetpw) {
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
runas_pw->pw_name);
- if (len >= PATH_MAX)
+ if (len >= PATH_MAX) {
log_error(0, "timestamp path too long: %s", *timestampfile);
+ return -1;
+ }
} else
*timestampfile = NULL;
+
+ return len;
}
/*
char *timestampdir, *timestampfile, *path;
int status;
- build_timestamp(×tampdir, ×tampfile);
+ if (build_timestamp(×tampdir, ×tampfile) == -1)
+ return;
+
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_REMOVE);
if (status == TS_OLD || status == TS_CURRENT) {
#include <pwd.h>
#include <ctype.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "parse.h"
#include <gram.h>
#include <errno.h>
#include <pwd.h>
-#include "sudo.h"
+#include "sudoers.h"
/*
* Flags used in rebuild_env()
NULL
};
+/*
+ * Initialize env based on envp.
+ */
+int
+env_init(char * const envp[])
+{
+ char * const *ep;
+ size_t len;
+ int rval = -1;
+
+ for (ep = envp; *ep != NULL; ep++)
+ continue;
+ len = (size_t)(ep - envp);
+
+ env.env_size = len + 1 + 128;
+ env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+ memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+ memcpy(env.envp, envp, len * sizeof(char *));
+ env.envp[len] = '\0';
+ rval = 0;
+ return rval;
+}
+
/*
* Similar to setenv(3) but operates on sudo's private copy of the environment
* (not environ) and it always overwrites. The dupcheck param determines
const char *cp;
size_t esize;
- if (!var || *var == '\0')
- return(EINVAL);
+ if (!var || *var == '\0') {
+ errno = EINVAL;
+ return -1;
+ }
/*
* POSIX says a var name with '=' is an error but BSD
#endif
}
sudo_putenv(estring, TRUE, overwrite);
- return(0);
+ return 0;
}
/*
#ifdef UNSETENV_VOID
return;
#else
- return(-1);
+ return -1;
#endif
}
}
}
#ifndef UNSETENV_VOID
- return(0);
+ return 0;
#endif
}
{
if (strchr(string, '=') == NULL) {
errno = EINVAL;
- return(-1);
+ return -1;
}
/* Sync env.envp with environ as needed. */
if (env.envp != environ) {
#endif
}
sudo_putenv((char *)string, TRUE, TRUE);
- return(0);
+ return 0;
}
/*
break;
}
}
- return(match);
+ return match;
}
/*
break;
}
}
- return(keepit);
+ return keepit;
}
/*
break;
}
}
- return(keepit);
+ return keepit;
}
/*
easprintf(&cp, "%s %s", user_cmnd, user_args);
sudo_setenv("SUDO_COMMAND", cp, TRUE);
efree(cp);
- } else
+ } else {
sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
+ }
/* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
sudo_setenv("SUDO_USER", user_name, TRUE);
--- /dev/null
+/*
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+
+#include <config.h>
+#include <compat.h>
+#include "error.h"
+
+static void _warning(int, const char *, va_list);
+ void cleanup(int);
+
+sigjmp_buf error_jmp;
+
+void
+error(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ _warning(1, fmt, ap);
+ va_end(ap);
+ cleanup(0);
+ if (error_jmp)
+ siglongjmp(error_jmp, 1);
+ else
+ exit(eval);
+}
+
+void
+errorx(int eval, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ _warning(0, fmt, ap);
+ va_end(ap);
+ cleanup(0);
+ if (error_jmp)
+ siglongjmp(error_jmp, 1);
+ else
+ exit(eval);
+}
+
+void
+warning(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ _warning(1, fmt, ap);
+ va_end(ap);
+}
+
+void
+warningx(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ _warning(0, fmt, ap);
+ va_end(ap);
+}
+
+static void
+_warning(int use_errno, const char *fmt, va_list ap)
+{
+ int serrno = errno;
+
+ fputs(getprogname(), stderr);
+ if (fmt != NULL) {
+ fputs(": ", stderr);
+ vfprintf(stderr, fmt, ap);
+ }
+ if (use_errno) {
+ fputs(": ", stderr);
+ fputs(strerror(serrno), stderr);
+ }
+ putc('\n', stderr);
+}
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
-#include "sudo.h"
+#include "sudoers.h"
/*
* This function finds the full pathname for a command and
# include <auth.h>
#endif /* HAVE_GETAUTHUID */
-#include "sudo.h"
+#include "sudoers.h"
/*
* Exported for auth/secureware.c
sudo_getepw(pw)
const struct passwd *pw;
{
- char *epw;
+ char *epw = NULL;
/* If there is a function to check for shadow enabled, use it... */
#ifdef HAVE_ISCOMSEC
if (!iscomsec())
- return(estrdup(pw->pw_passwd));
+ goto done;
#endif /* HAVE_ISCOMSEC */
#ifdef HAVE_ISSECURE
if (!issecure())
- return(estrdup(pw->pw_passwd));
+ goto done;
#endif /* HAVE_ISSECURE */
- epw = NULL;
#ifdef HAVE_GETPRPWNAM
{
struct pr_passwd *spw;
# ifdef __alpha
crypt_type = spw->ufld.fd_oldcrypt;
# endif /* __alpha */
- epw = estrdup(spw->ufld.fd_encrypt);
+ epw = spw->ufld.fd_encrypt;
}
- if (epw)
- return(epw);
}
#endif /* HAVE_GETPRPWNAM */
#ifdef HAVE_GETSPNAM
struct spwd *spw;
if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
- epw = estrdup(spw->sp_pwdp);
- if (epw)
- return(epw);
+ epw = spw->sp_pwdp;
}
#endif /* HAVE_GETSPNAM */
#ifdef HAVE_GETSPWUID
struct s_passwd *spw;
if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
- epw = estrdup(spw->pw_passwd);
- if (epw)
- return(epw);
+ epw = spw->pw_passwd;
}
#endif /* HAVE_GETSPWUID */
#ifdef HAVE_GETPWANAM
struct passwd_adjunct *spw;
if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
- epw = estrdup(spw->pwa_passwd);
- if (epw)
- return(epw);
+ epw = spw->pwa_passwd;
}
#endif /* HAVE_GETPWANAM */
#ifdef HAVE_GETAUTHUID
AUTHORIZATION *spw;
if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
- epw = estrdup(spw->a_password);
- if (epw)
- return(epw);
+ epw = spw->a_password;
}
#endif /* HAVE_GETAUTHUID */
- /* Fall back on normal password. */
- return(estrdup(pw->pw_passwd));
+#if defined(HAVE_ISCOMSEC) || defined(HAVE_ISSECURE)
+done:
+#endif
+ /* If no shadow password, fall back on regular password. */
+ return estrdup(epw ? epw : pw->pw_passwd);
}
void
#endif /* HAVE_UNISTD_H */
#include <errno.h>
-#include "sudo.h"
+#include "sudoers.h"
/*
* Verify that path is a normal file and executable by root.
-#ifndef lint
-/*static char yysccsid[] = "from: @(#)yaccpar 1.9 (Berkeley) 02/21/93";*/
-static char yyrcsid[]
-#if __GNUC__ >= 2
- __attribute__ ((unused))
-#endif /* __GNUC__ >= 2 */
- = "$OpenBSD: skeleton.c,v 1.29 2008/07/08 15:06:50 otto Exp $";
-#endif
#include <stdlib.h>
#include <string.h>
#define YYBYACC 1
#define yyerrok (yyerrflag=0)
#define YYRECOVERING() (yyerrflag!=0)
#define YYPREFIX "yy"
-#line 2 "gram.y"
+#line 2 "./gram.y"
/*
* Copyright (c) 1996, 1998-2005, 2007-2009
* Todd C. Miller <Todd.Miller@courtesan.com>
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
#include <limits.h>
-#include "sudo.h"
+#include "sudoers.h" /* XXX */
#include "parse.h"
/*
errorfile = estrdup(sudoers);
}
if (verbose && s != NULL) {
+ /* XXX - conversation function when called via plugin */
#ifndef TRACELEXER
(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
sudolineno ? sudolineno - 1 : 0);
}
parse_error = TRUE;
}
-#line 117 "gram.y"
+#line 114 "./gram.y"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
int tok;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
-#line 151 "y.tab.c"
+#line 140 "y.tab.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 600 "gram.y"
+#line 597 "./gram.y"
static struct defaults *
new_default(var, val, op)
char *var;
sudolineno = 1;
verbose = !quiet;
}
-#line 772 "y.tab.c"
+#line 761 "y.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
switch (yyn)
{
case 1:
-#line 190 "gram.y"
+#line 187 "./gram.y"
{ ; }
break;
case 5:
-#line 198 "gram.y"
+#line 195 "./gram.y"
{
;
}
break;
case 6:
-#line 201 "gram.y"
+#line 198 "./gram.y"
{
yyerrok;
}
break;
case 7:
-#line 204 "gram.y"
+#line 201 "./gram.y"
{
add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
}
break;
case 8:
-#line 207 "gram.y"
+#line 204 "./gram.y"
{
;
}
break;
case 9:
-#line 210 "gram.y"
+#line 207 "./gram.y"
{
;
}
break;
case 10:
-#line 213 "gram.y"
+#line 210 "./gram.y"
{
;
}
break;
case 11:
-#line 216 "gram.y"
+#line 213 "./gram.y"
{
;
}
break;
case 12:
-#line 219 "gram.y"
+#line 216 "./gram.y"
{
add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
}
break;
case 13:
-#line 222 "gram.y"
+#line 219 "./gram.y"
{
add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 14:
-#line 225 "gram.y"
+#line 222 "./gram.y"
{
add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 15:
-#line 228 "gram.y"
+#line 225 "./gram.y"
{
add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 16:
-#line 231 "gram.y"
+#line 228 "./gram.y"
{
add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 18:
-#line 237 "gram.y"
+#line 234 "./gram.y"
{
list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
yyval.defaults = yyvsp[-2].defaults;
}
break;
case 19:
-#line 243 "gram.y"
+#line 240 "./gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
}
break;
case 20:
-#line 246 "gram.y"
+#line 243 "./gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
}
break;
case 21:
-#line 249 "gram.y"
+#line 246 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
}
break;
case 22:
-#line 252 "gram.y"
+#line 249 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
}
break;
case 23:
-#line 255 "gram.y"
+#line 252 "./gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
}
break;
case 25:
-#line 261 "gram.y"
+#line 258 "./gram.y"
{
list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
yyval.privilege = yyvsp[-2].privilege;
}
break;
case 26:
-#line 267 "gram.y"
+#line 264 "./gram.y"
{
struct privilege *p = emalloc(sizeof(*p));
list2tq(&p->hostlist, yyvsp[-2].member);
}
break;
case 27:
-#line 277 "gram.y"
+#line 274 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 28:
-#line 281 "gram.y"
+#line 278 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 29:
-#line 287 "gram.y"
+#line 284 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 30:
-#line 290 "gram.y"
+#line 287 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 31:
-#line 293 "gram.y"
+#line 290 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
case 32:
-#line 296 "gram.y"
+#line 293 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NTWKADDR);
}
break;
case 33:
-#line 299 "gram.y"
+#line 296 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
case 35:
-#line 305 "gram.y"
+#line 302 "./gram.y"
{
list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
#ifdef HAVE_SELINUX
}
break;
case 36:
-#line 335 "gram.y"
+#line 332 "./gram.y"
{
struct cmndspec *cs = emalloc(sizeof(*cs));
if (yyvsp[-3].runas != NULL) {
}
break;
case 37:
-#line 361 "gram.y"
+#line 358 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 38:
-#line 365 "gram.y"
+#line 362 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 39:
-#line 371 "gram.y"
+#line 368 "./gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 40:
-#line 376 "gram.y"
+#line 373 "./gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 41:
-#line 381 "gram.y"
+#line 378 "./gram.y"
{
yyval.seinfo.role = NULL;
yyval.seinfo.type = NULL;
}
break;
case 42:
-#line 385 "gram.y"
+#line 382 "./gram.y"
{
yyval.seinfo.role = yyvsp[0].string;
yyval.seinfo.type = NULL;
}
break;
case 43:
-#line 389 "gram.y"
+#line 386 "./gram.y"
{
yyval.seinfo.type = yyvsp[0].string;
yyval.seinfo.role = NULL;
}
break;
case 44:
-#line 393 "gram.y"
+#line 390 "./gram.y"
{
yyval.seinfo.role = yyvsp[-1].string;
yyval.seinfo.type = yyvsp[0].string;
}
break;
case 45:
-#line 397 "gram.y"
+#line 394 "./gram.y"
{
yyval.seinfo.type = yyvsp[-1].string;
yyval.seinfo.role = yyvsp[0].string;
}
break;
case 46:
-#line 403 "gram.y"
+#line 400 "./gram.y"
{
yyval.runas = NULL;
}
break;
case 47:
-#line 406 "gram.y"
+#line 403 "./gram.y"
{
yyval.runas = yyvsp[-1].runas;
}
break;
case 48:
-#line 411 "gram.y"
+#line 408 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[0].member;
}
break;
case 49:
-#line 416 "gram.y"
+#line 413 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[-2].member;
}
break;
case 50:
-#line 421 "gram.y"
+#line 418 "./gram.y"
{
yyval.runas = emalloc(sizeof(struct runascontainer));
yyval.runas->runasusers = NULL;
}
break;
case 51:
-#line 428 "gram.y"
+#line 425 "./gram.y"
{
yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.transcript = UNSPEC;
}
break;
case 52:
-#line 431 "gram.y"
+#line 428 "./gram.y"
{
yyval.tag.nopasswd = TRUE;
}
break;
case 53:
-#line 434 "gram.y"
+#line 431 "./gram.y"
{
yyval.tag.nopasswd = FALSE;
}
break;
case 54:
-#line 437 "gram.y"
+#line 434 "./gram.y"
{
yyval.tag.noexec = TRUE;
}
break;
case 55:
-#line 440 "gram.y"
+#line 437 "./gram.y"
{
yyval.tag.noexec = FALSE;
}
break;
case 56:
-#line 443 "gram.y"
+#line 440 "./gram.y"
{
yyval.tag.setenv = TRUE;
}
break;
case 57:
-#line 446 "gram.y"
+#line 443 "./gram.y"
{
yyval.tag.setenv = FALSE;
}
break;
case 58:
-#line 449 "gram.y"
+#line 446 "./gram.y"
{
yyval.tag.transcript = TRUE;
}
break;
case 59:
-#line 452 "gram.y"
+#line 449 "./gram.y"
{
yyval.tag.transcript = FALSE;
}
break;
case 60:
-#line 457 "gram.y"
+#line 454 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 61:
-#line 460 "gram.y"
+#line 457 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 62:
-#line 463 "gram.y"
+#line 460 "./gram.y"
{
struct sudo_command *c = emalloc(sizeof(*c));
c->cmnd = yyvsp[0].command.cmnd;
}
break;
case 65:
-#line 475 "gram.y"
+#line 472 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
}
break;
case 67:
-#line 485 "gram.y"
+#line 482 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 70:
-#line 495 "gram.y"
+#line 492 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
}
break;
case 72:
-#line 505 "gram.y"
+#line 502 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 75:
-#line 515 "gram.y"
+#line 512 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
}
break;
case 78:
-#line 528 "gram.y"
+#line 525 "./gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
}
break;
case 80:
-#line 538 "gram.y"
+#line 535 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 81:
-#line 544 "gram.y"
+#line 541 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 82:
-#line 548 "gram.y"
+#line 545 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 83:
-#line 554 "gram.y"
+#line 551 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 84:
-#line 557 "gram.y"
+#line 554 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 85:
-#line 560 "gram.y"
+#line 557 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
case 86:
-#line 563 "gram.y"
+#line 560 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, USERGROUP);
}
break;
case 87:
-#line 566 "gram.y"
+#line 563 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
case 89:
-#line 572 "gram.y"
+#line 569 "./gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
case 90:
-#line 578 "gram.y"
+#line 575 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = FALSE;
}
break;
case 91:
-#line 582 "gram.y"
+#line 579 "./gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = TRUE;
}
break;
case 92:
-#line 588 "gram.y"
+#line 585 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 93:
-#line 591 "gram.y"
+#line 588 "./gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 94:
-#line 594 "gram.y"
+#line 591 "./gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
-#line 1526 "y.tab.c"
+#line 1515 "y.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
#include <limits.h>
-#include "sudo.h"
+#include "sudoers.h" /* XXX */
#include "parse.h"
/*
errorfile = estrdup(sudoers);
}
if (verbose && s != NULL) {
+ /* XXX - conversation function when called via plugin */
#ifndef TRACELEXER
(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
sudolineno ? sudolineno - 1 : 0);
# include <ifaddrs.h>
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "interfaces.h"
/* Minix apparently lacks IFF_LOOPBACK */
# endif
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"
#include <errno.h>
#include <fcntl.h>
-#include "sudo.h"
+#include "sudoers.h"
static void do_syslog __P((int, char *));
static void do_logfile __P((char *));
-static void send_mail __P((char *));
+static void send_mail __P((const char *fmt, ...));
static int should_mail __P((int));
static void mysyslog __P((int, const char *, ...));
static char *new_logline __P((const char *, int));
fp = fopen(def_logfile, "a");
(void) umask(oldmask);
if (fp == NULL) {
- easprintf(&full_line, "Can't open log file: %s: %s",
- def_logfile, strerror(errno));
- send_mail(full_line);
- efree(full_line);
+ send_mail("Can't open log file: %s: %s", def_logfile, strerror(errno));
} else if (!lock_file(fileno(fp), SUDO_LOCK)) {
- easprintf(&full_line, "Can't lock log file: %s: %s",
- def_logfile, strerror(errno));
- send_mail(full_line);
- efree(full_line);
+ send_mail("Can't lock log file: %s: %s", def_logfile, strerror(errno));
} else {
time_t now;
va_start(ap);
#endif
- /* Become root if we are not already to avoid user interference */
- set_perms(PERM_ROOT|PERM_NOEXIT);
-
/* Expand printf-style format + args. */
evasprintf(&message, fmt, ap);
va_end(ap);
+ /* Become root if we are not already to avoid user interference */
+ /* XXX - could longjmp back with wrong uid */
+ set_perms(PERM_ROOT|PERM_NOEXIT);
+
if (ISSET(flags, MSG_ONLY))
logline = message;
else
efree(logline);
+#if 0 /* XXX - longjmp instead */
if (!ISSET(flags, NO_EXIT)) {
cleanup(0);
exit(1);
}
+#endif
+
+ set_perms(PERM_USER);
}
#define MAX_MAILFLAGS 63
* Send a message to MAILTO user
*/
static void
-send_mail(line)
- char *line;
+send_mail(const char *fmt, ...)
{
FILE *mail;
char *p;
int fd, pfd[2], status;
pid_t pid, rv;
sigaction_t sa;
+ va_list ap;
#ifndef NO_ROOT_MAILER
static char *root_envp[] = {
"HOME=/",
} else
(void) fputc(*p, mail);
}
- (void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host,
- get_timestr(time(NULL), def_log_year), user_name, line);
+
+ (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host,
+ get_timestr(time(NULL), def_log_year), user_name);
+ va_start(ap, fmt);
+ (void) vfprintf(mail, fmt, ap);
+ va_end(ap);
+ fputs("\n\n", mail);
+
fclose(mail);
do {
#ifdef HAVE_WAITPID
}
len += sizeof(LL_ENV_STR) + 2 + evlen;
}
- len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
- if (user_args != NULL)
- len += strlen(user_args) + 1;
+ if (user_cmnd != NULL) {
+ len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
+ if (user_args != NULL)
+ len += strlen(user_args) + 1;
+ }
/*
* Allocate and build up the line.
goto toobig;
efree(evstr);
}
- if (strlcat(line, LL_CMND_STR, len) >= len ||
- strlcat(line, user_cmnd, len) >= len)
- goto toobig;
- if (user_args != NULL) {
- if (strlcat(line, " ", len) >= len ||
- strlcat(line, user_args, len) >= len)
+ if (user_cmnd != NULL) {
+ if (strlcat(line, LL_CMND_STR, len) >= len ||
+ strlcat(line, user_cmnd, len) >= len)
goto toobig;
+ if (user_args != NULL) {
+ if (strlcat(line, " ", len) >= len ||
+ strlcat(line, user_args, len) >= len)
+ goto toobig;
+ }
}
- return (line);
+ return line;
toobig:
errorx(1, "internal error: insufficient space for log line");
}
# endif
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include <gram.h>
# endif
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "mon_systrace.h"
/*
#include <pwd.h>
#include <grp.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "parse.h"
#include "lbuf.h"
#include <gram.h>
#include <pwd.h>
#include <grp.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "redblack.h"
/*
# endif
#endif /* STDC_HEADERS */
-#include "sudo.h"
+#include "sudoers.h"
#include "redblack.h"
static void rbrepair __P((struct rbtree *, struct rbnode *));
# include <login_cap.h>
#endif
-#include "sudo.h"
+#include "sudoers.h"
#ifdef __TANDEM
# define ROOT_UID 65535
#include <grp.h>
#include <ctype.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "lbuf.h"
extern struct sudo_nss sudo_nss_file;
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
# include <membership.h>
#endif
+#include <setjmp.h>
-#include <sudo_usage.h>
-#include "sudo.h"
+#include "sudo_plugin.h"
+#include "sudoers.h"
#include "lbuf.h"
#include "interfaces.h"
+#include "auth/sudo_auth.h"
#ifdef USING_NONUNIX_GROUPS
# include "nonunix.h"
/*
* Prototypes
*/
-static void init_vars __P((int, char **));
+static void init_vars __P((char * const *));
static int set_cmnd __P((int));
-static int parse_args __P((int, char **));
-static void initial_setup __P((void));
static void set_loginclass __P((struct passwd *));
static void set_project __P((struct passwd *));
static void set_runasgr __P((char *));
static void set_runaspw __P((char *));
-static void show_version __P((void));
-static void usage __P((int))
- __attribute__((__noreturn__));
-static void usage_excl __P((int))
- __attribute__((__noreturn__));
+static int sudoers_policy_version(int verbose);
static struct passwd *get_authpw __P((void));
+static int deserialize_info(char * const settings[], char * const user_info[]);
+
extern int sudo_edit __P((int, char **, char **));
-extern void rebuild_env __P((int, int));
+extern int rebuild_env __P((int, int));
+extern int env_init __P((char * const envp[]));
void validate_env_vars __P((struct list_member *));
void insert_env_vars __P((struct list_member *));
+/* XXX */
+char *fmt_string(const char *, const char *);
+
/*
* Globals
*/
-int Argc, NewArgc;
-char **Argv, **NewArgv;
char *prev_user;
-static int user_closefrom = -1;
struct sudo_user sudo_user;
struct passwd *auth_pw, *list_pw;
struct interface *interfaces;
int num_interfaces;
-int tgetpass_flags;
int long_list;
+int debug_level;
uid_t timestamp_uid;
extern int errorlineno;
extern int parse_error;
extern char *errorfile;
-#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
-static struct rlimit corelimit;
-#endif /* RLIMIT_CORE && !SUDO_DEVEL */
#ifdef HAVE_LOGIN_CAP_H
login_cap_t *lc;
#endif /* HAVE_LOGIN_CAP_H */
static char *runas_group;
static struct sudo_nss_list *snl;
-/* For getopt(3) */
-extern char *optarg;
-extern int optind;
+static int NewArgc;
+static char **NewArgv;
+
+/* XXX */
+extern int Argc;
+extern char **Argv;
+extern char **environ;
+
+/* error.c */
+extern sigjmp_buf error_jmp;
-int
-main(argc, argv, envp)
- int argc;
- char **argv;
- char **envp;
+static int sudo_mode;
+static char * const * user_env;
+
+static int
+sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
+ char * const settings[], char * const user_info[],
+ char * const envp[])
{
- int sources = 0, validated;
- int fd, cmnd_status, sudo_mode, pwflag, rc = 0;
+ int sources = 0;
sigaction_t sa;
struct sudo_nss *nss;
-#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
- extern char *malloc_options;
- malloc_options = "AFGJPR";
-#endif
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
-#endif
-
- Argv = argv;
- if ((Argc = argc) < 1)
- usage(1);
+ /* XXX - must not call log_error yet */
- /* Must be done as the first thing... */
+ /* Must be done before we do any password lookups */
#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
(void) set_auth_parameters(Argc, Argv);
# ifdef HAVE_INITPRIVS
# endif
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
- if (geteuid() != 0)
- errorx(1, "must be setuid root");
+ sudo_conv = conversation; /* XXX, stash elsewhere? */
+ if (sigsetjmp(error_jmp, 1)) {
+ /* called via error(), errorx() or log_error() */
+ return -1;
+ }
+
+/* XXX - duplicated in sudo.c */
/*
* Signal setup:
* Ignore keyboard-generated signals so the user cannot interrupt
(void) sigaction(SIGQUIT, &sa, &saved_sa_quit);
(void) sigaction(SIGTSTP, &sa, &saved_sa_tstp);
- /*
- * Turn off core dumps and make sure fds 0-2 are open.
- */
- initial_setup();
sudo_setpwent();
sudo_setgrent();
- /* Parse our arguments. */
- sudo_mode = parse_args(Argc, Argv);
-
/* Setup defaults data structures. */
init_defaults();
/* Load the list of local ip addresses and netmasks. */
load_interfaces();
+ /* Parse settings and user_info */
+ sudo_mode = deserialize_info(settings, user_info);
+
+#if 0 /* XXX */
pwflag = 0;
if (ISSET(sudo_mode, MODE_SHELL))
user_cmnd = "shell";
/* Must have a command to run... */
if (user_cmnd == NULL && NewArgc == 0)
usage(1);
+#endif
- init_vars(sudo_mode, envp); /* XXX - move this later? */
+ init_vars(envp); /* XXX - move this later? */
#ifdef USING_NONUNIX_GROUPS
sudo_nonunix_groupcheck_init(); /* initialise nonunix groups impl */
nss->setdefs(nss);
}
}
- if (sources == 0)
- log_error(0, "no valid sudoers sources found, quitting");
+ if (sources == 0) {
+ warningx("no valid sudoers sources found, quitting");
+ return -1;
+ }
/* XXX - collect post-sudoers parse settings into a function */
/* Set login class if applicable. */
set_loginclass(sudo_user.pw);
+#if 0 /* XXX - later */
/* Update initial shell now that runas is set. */
if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
NewArgv[0] = runas_pw->pw_shell;
+#endif
- /* This goes after sudoers is parsed since it may have timestamp options. */
- if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
- remove_timestamp((sudo_mode == MODE_KILL));
- cleanup(0);
- exit(0);
- }
+ /* XXX */
+ user_env = envp; /* stash for later */
+
+ return TRUE;
+}
+
+static void
+sudoers_policy_close(int exit_status, int error)
+{
+ /* XXX - fill in */
+ return;
+}
+
+static int
+sudoers_policy_check(int argc, char * const argv[], char *env_add[],
+ char **command_infop[], char **argv_out[], char **user_env_out[])
+{
+ static char *command_info[32]; /* XXX */
+ struct sudo_nss *nss;
+ char **old_environ = environ;
+ int cmnd_status, fd, validated, pwflag = 0;
+ int info_len = 0;
+ int rval = FALSE;
/* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) {
- (void) fprintf(stderr,
- "Sorry, %s has been configured to not allow root to run it.\n",
- getprogname());
- exit(1);
- }
+ warningx("sudoers specifies that root is not allowed to sudo");
+ goto done;
+ }
- /* Check for -C overriding def_closefrom. */
- if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
- if (!def_closefrom_override)
- errorx(1, "you are not permitted to use the -C option");
- else
- def_closefrom = user_closefrom;
+ if (sigsetjmp(error_jmp, 1)) {
+ /* called via error(), errorx() or log_error() */
+ return -1;
}
+ /* Local copy of argv */
+ NewArgv = emalloc2(argc + 1, sizeof(char *));
+ memcpy(NewArgv, argv, argc * sizeof(char *));
+ NewArgv[argc] = NULL;
+ NewArgc = argc;
+
+ /* Set environ to contents of user_env. */
+ env_init(user_env);
+
+ /* XXX*/
+ SET(sudo_mode, MODE_RUN);
+
+#ifdef USING_NONUNIX_GROUPS
+ sudo_nonunix_groupcheck_init(); /* initialise nonunix groups impl */
+#endif /* USING_NONUNIX_GROUPS */
+
+ /* Find command in path */
cmnd_status = set_cmnd(sudo_mode);
+ if (cmnd_status == -1) {
+ rval = -1;
+ goto done;
+ }
#ifdef HAVE_SETLOCALE
if (!setlocale(LC_ALL, def_sudoers_locale)) {
}
#endif
+ /*
+ * Check sudoers sources.
+ */
validated = FLAG_NO_USER | FLAG_NO_HOST;
tq_foreach_fwd(snl, nss) {
validated = nss->lookup(nss, validated, pwflag);
def_preserve_groups = TRUE;
/* If no command line args and "set_home" is not set, error out. */
- if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs)
- usage(1);
+ if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs) {
+ /* XXX - error message */
+ goto done;
+ }
/* Bail if a tty is required and we don't have one. */
if (def_requiretty) {
if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
- audit_failure(NewArgv, "no tty");
- log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
+ //audit_failure(NewArgv, "no tty");
+ warningx("sorry, you must have a tty to run sudo");
+ goto done;
} else
(void) close(fd);
}
- /* Use askpass value from sudoers unless user specified their own. */
- if (def_askpass && !user_askpass)
- user_askpass = def_askpass;
-
/* User may have overridden environment resetting via the -E flag. */
if (ISSET(sudo_mode, MODE_PRESERVE_ENV) && def_setenv)
def_env_reset = FALSE;
auth_pw = get_authpw();
/* Require a password if sudoers says so. */
- if (def_authenticate)
- check_user(validated, sudo_mode);
+ /* XXX - conversation function */
+ if (def_authenticate) {
+ rval = check_user(validated, sudo_mode);
+ if (rval != TRUE)
+ goto done;
+ }
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
/* XXX - causes confusion when root is not listed in sudoers */
}
}
- if (ISSET(validated, VALIDATE_OK)) {
- /* Finally tell the user if the command did not exist. */
- if (cmnd_status == NOT_FOUND_DOT) {
- audit_failure(NewArgv, "command in current directory");
- errorx(1, "ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
- } else if (cmnd_status == NOT_FOUND) {
- audit_failure(NewArgv, "%s: command not found", user_cmnd);
- errorx(1, "%s: command not found", user_cmnd);
- }
-
- /* If user specified env vars make sure sudoers allows it. */
- if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
- if (ISSET(sudo_mode, MODE_PRESERVE_ENV))
- log_error(NO_MAIL,
- "sorry, you are not allowed to preserve the environment");
- else
- validate_env_vars(sudo_user.env_vars);
- }
+ if (!ISSET(validated, VALIDATE_OK)) {
+ /* XXX - error message */
+ goto done;
+ }
-#ifdef _PATH_SUDO_TRANSCRIPT
- /* Get next session ID so we can log it. */
- if (def_transcript && ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)))
- script_nextid();
-#endif
+ /* Finally tell the user if the command did not exist. */
+ if (cmnd_status == NOT_FOUND_DOT) {
+ //audit_failure(NewArgv, "command in current directory");
+ warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
+ goto done;
+ } else if (cmnd_status == NOT_FOUND) {
+ //audit_failure(NewArgv, "%s: command not found", user_cmnd);
+ warningx("command not found", user_cmnd);
+ goto done;
+ }
- log_allowed(validated);
- if (ISSET(sudo_mode, MODE_CHECK))
- rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
- else if (ISSET(sudo_mode, MODE_LIST))
- display_privs(snl, list_pw ? list_pw : sudo_user.pw);
+ /* If user specified env vars make sure sudoers allows it. */
+ if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
+ if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
+ warningx("sorry, you are not allowed to preserve the environment");
+ goto done;
+ } else
+ validate_env_vars(sudo_user.env_vars);
+ }
- /* Cleanup sudoers sources */
- tq_foreach_fwd(snl, nss)
- nss->close(nss);
+ log_allowed(validated);
- /* Deferred exit due to sudo_ldap_close() */
- if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
- exit(rc);
+ /* Cleanup sudoers sources */
+ tq_foreach_fwd(snl, nss) {
+ nss->close(nss);
+ }
- /*
- * Set umask based on sudoers.
- * If user's umask is more restrictive, OR in those bits too
- * unless umask_override is set.
- */
- if (def_umask != 0777) {
- if (def_umask_override) {
- umask(def_umask);
- } else {
- mode_t mask = umask(def_umask);
- mask |= def_umask;
- if (mask != def_umask)
- umask(mask);
- }
+ /*
+ * Set umask based on sudoers.
+ * If user's umask is more restrictive, OR in those bits too
+ * unless umask_override is set.
+ */
+ if (def_umask != 0777) {
+ mode_t mask = def_umask;
+ if (!def_umask_override) {
+ mode_t omask = umask(mask);
+ mask |= omask;
+ umask(omask);
}
+ easprintf(&command_info[info_len++], "umask=0%o", mask);
+ }
- /* Restore coredumpsize resource limit. */
-#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
- (void) setrlimit(RLIMIT_CORE, &corelimit);
-#endif /* RLIMIT_CORE && !SUDO_DEVEL */
-
- /* Must audit before uid change. */
- audit_success(NewArgv);
-
-#ifdef _PATH_SUDO_TRANSCRIPT
- /* Open tty as needed */
- if (def_transcript)
- script_setup();
-#endif
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ char *p;
- /* Become specified user or root if executing a command. */
- if (ISSET(sudo_mode, MODE_RUN))
- set_perms(PERM_FULL_RUNAS);
+ /* Convert /bin/sh -> -sh so shell knows it is a login shell */
+ if ((p = strrchr(NewArgv[0], '/')) == NULL)
+ p = NewArgv[0];
+ *p = '-';
+ NewArgv[0] = p;
- if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
- char *p;
+ /* Set cwd to run user's homedir. */
+ command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir);
- /* Convert /bin/sh -> -sh so shell knows it is a login shell */
- if ((p = strrchr(NewArgv[0], '/')) == NULL)
- p = NewArgv[0];
- *p = '-';
- NewArgv[0] = p;
+#if defined(__linux__) || defined(_AIX)
+ /* Insert system-wide environment variables. */
+ /* XXX */
+ read_env_file(_PATH_ENVIRONMENT, TRUE);
+#endif
+ }
- /* Change to target user's homedir. */
- if (chdir(runas_pw->pw_dir) == -1)
- warning("unable to change directory to %s", runas_pw->pw_dir);
+ /* Insert system-wide environment variables. */
+#if 0 /* XXX - add back */
+ if (def_env_file) {
+ read_env_file(def_env_file, FALSE);
+ }
-#if defined(__linux__) || defined(_AIX)
- /* Insert system-wide environment variables. */
- read_env_file(_PATH_ENVIRONMENT, TRUE);
+ /* Insert user-specified environment variables. */
+ insert_env_vars(sudo_user.env_vars);
#endif
- }
- if (ISSET(sudo_mode, MODE_EDIT))
- exit(sudo_edit(NewArgc, NewArgv, envp));
+ /* Restore signal handlers before we exec. */
+ (void) sigaction(SIGINT, &saved_sa_int, NULL);
+ (void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
+ (void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
+
+ /* Close the password and group files and free up memory. */
+ sudo_endpwent();
+ sudo_endgrent();
+
+ /* XXX - handle ENOMEM */
+ command_info[info_len++] = fmt_string("command", safe_cmnd);
+ if (def_stay_setuid) {
+ easprintf(&command_info[info_len++], "runas_uid=%u", user_uid);
+ easprintf(&command_info[info_len++], "runas_gid=%u", user_gid);
+ easprintf(&command_info[info_len++], "runas_euid=%u", runas_pw->pw_uid);
+ easprintf(&command_info[info_len++], "runas_egid=%u", runas_pw->pw_gid);
+ } else {
+ easprintf(&command_info[info_len++], "runas_uid=%u", runas_pw->pw_uid);
+ easprintf(&command_info[info_len++], "runas_gid=%u", runas_pw->pw_gid);
+ }
- /* Insert system-wide environment variables. */
- if (def_env_file)
- read_env_file(def_env_file, FALSE);
+ /* Must audit before uid change. */
+ //audit_success(NewArgv); /* XXX */
- /* Insert user-specified environment variables. */
- insert_env_vars(sudo_user.env_vars);
+ /* XXX - set argv_out and env_out */
+ *command_infop = command_info;
- /* Restore signal handlers before we exec. */
- (void) sigaction(SIGINT, &saved_sa_int, NULL);
- (void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
- (void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
+ *argv_out = NewArgv;
+ *user_env_out = environ; /* actually our local copy */
- /* Close the password and group files and free up memory. */
- sudo_endpwent();
- sudo_endgrent();
+ rval = TRUE;
- /* Move pty master/slave to low numbered fd and close the rest. */
-#ifdef _PATH_SUDO_TRANSCRIPT
- fd = def_transcript ? script_duplow(def_closefrom) : def_closefrom;
- closefrom(fd);
-#else
- closefrom(def_closefrom);
-#endif
+done:
+ environ = old_environ;
-#ifdef PROFILING
- exit(0);
-#endif
- if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) {
- syslog(LOG_AUTH|LOG_ERR, "fork"); /* XXX */
- exit(0);
- }
-#ifdef _PATH_SUDO_TRANSCRIPT
- if (def_transcript)
- script_execv(safe_cmnd, NewArgv);
- else
-#endif
-#ifdef HAVE_SELINUX
- if (is_selinux_enabled() > 0 && user_role != NULL)
- selinux_exec(user_role, user_type, NewArgv);
- else
-#endif
- execv(safe_cmnd, NewArgv);
- /*
- * If we got here then execve() failed...
- */
- if (errno == ENOEXEC) {
- NewArgv--; /* at least one extra slot... */
- NewArgv[0] = "sh";
- NewArgv[1] = safe_cmnd;
- execv(_PATH_BSHELL, NewArgv);
- }
- warning("unable to execute %s", safe_cmnd);
- exit(127);
- } else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
- audit_failure(NewArgv, "No user or host");
- log_denial(validated, 1);
- exit(1);
- } else {
- if (def_path_info) {
- /*
- * We'd like to not leak path info at all here, but that can
- * *really* confuse the users. To really close the leak we'd
- * have to say "not allowed to run foo" even when the problem
- * is just "no foo in path" since the user can trivially set
- * their path to just contain a single dir.
- */
- log_denial(validated,
- !(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND));
- if (cmnd_status == NOT_FOUND)
- warningx("%s: command not found", user_cmnd);
- else if (cmnd_status == NOT_FOUND_DOT)
- warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
- } else {
- /* Just tell the user they are not allowed to run foo. */
- log_denial(validated, 1);
- }
- audit_failure(NewArgv, "validation failure");
- exit(1);
- }
- exit(0); /* not reached */
+ return rval;
}
/*
* load the ``interfaces'' array.
*/
static void
-init_vars(sudo_mode, envp)
- int sudo_mode;
- char **envp;
+init_vars(char * const envp[])
{
- char *p, **ep, thost[MAXHOSTNAMELEN + 1];
- int nohostname;
+ char * const * ep;
+#if 0
/* Sanity check command from user. */
if (user_cmnd == NULL && strlen(NewArgv[0]) >= PATH_MAX)
errorx(1, "%s: File name too long", NewArgv[0]);
+#endif
#ifdef HAVE_TZSET
(void) tzset(); /* set the timezone if applicable */
#endif /* HAVE_TZSET */
+#if 0
/* Default value for cmnd and cwd, overridden later. */
if (user_cmnd == NULL)
user_cmnd = NewArgv[0];
- (void) strlcpy(user_cwd, "unknown", sizeof(user_cwd));
-
- /*
- * We avoid gethostbyname() if possible since we don't want
- * sudo to block if DNS or NIS is hosed.
- * "host" is the (possibly fully-qualified) hostname and
- * "shost" is the unqualified form of the hostname.
- */
- nohostname = gethostname(thost, sizeof(thost));
- if (nohostname)
- user_host = user_shost = "localhost";
- else {
- thost[sizeof(thost) - 1] = '\0';
- user_host = estrdup(thost);
- if (def_fqdn) {
- /* Defer call to set_fqdn() until log_error() is safe. */
- user_shost = user_host;
- } else {
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
- } else {
- user_shost = user_host;
- }
- }
- }
-
- if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO)) ||
- (p = ttyname(STDERR_FILENO))) {
- user_tty = user_ttypath = estrdup(p);
- if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
- user_tty += sizeof(_PATH_DEV) - 1;
- } else
- user_tty = "unknown";
+#endif
for (ep = envp; *ep; ep++) {
/* XXX - don't fill in if empty string */
* if necessary. It is assumed that euid is 0 at this point so we
* can read the shadow passwd file if necessary.
*/
- if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) {
+ if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) {
/* Need to make a fake struct passwd for logging to work. */
+ /* XXX - really needed now? */
struct passwd pw;
char pw_name[MAX_UID_T_LEN + 1];
pw.pw_name = pw_name;
sudo_user.pw = &pw;
+#if 0
/*
* If we are in -k/-K mode, just spew to stderr. It is not unusual for
* users to place "sudo -k" in a .logout file which can cause sudo to
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
errorx(1, "unknown uid: %s", pw_name);
log_error(0, "unknown uid: %s", pw_name);
+#endif
}
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
mbr_uid_to_uuid(user_uid, user_uuid);
/* It is now safe to use log_error() and set_perms() */
-#ifdef HAVE_GETGROUPS
- if ((user_ngroups = getgroups(0, NULL)) > 0) {
- user_groups = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
- if (getgroups(user_ngroups, user_groups) < 0)
- log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
+ if (def_fqdn) {
+ /* may call log_error() */
+ set_fqdn();
}
-#endif
-
- if (def_fqdn)
- set_fqdn(); /* may call log_error() */
-
- if (nohostname)
- log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
-
- /*
- * Get current working directory. Try as user, fall back to root.
- */
- set_perms(PERM_USER);
- if (!getcwd(user_cwd, sizeof(user_cwd))) {
- set_perms(PERM_ROOT);
- if (!getcwd(user_cwd, sizeof(user_cwd))) {
- warningx("cannot get working directory");
- (void) strlcpy(user_cwd, "unknown", sizeof(user_cwd));
- }
- } else
- set_perms(PERM_ROOT);
+#if 0 /* XXX need to adapt this in sudo.c */
/*
* If we were given the '-e', '-i' or '-s' options we need to redo
* NewArgv and NewArgc.
av[++NewArgc] = NULL;
NewArgv = av;
}
+#endif
}
/*
/* Resolve the path and return. */
rval = FOUND;
user_stat = emalloc(sizeof(struct stat));
+
if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
set_perms(PERM_RUNAS);
}
/* Alloc and build up user_args. */
- user_args = (char *) emalloc(size);
+ user_args = emalloc(size);
for (to = user_args, from = NewArgv + 1; *from; from++) {
n = strlcpy(to, *from, size - (to - user_args));
if (n >= size - (to - user_args))
return(rval);
}
-/*
- * Command line argument parsing.
- * Sets NewArgc and NewArgv which corresponds to the argc/argv we'll use
- * for the command to be run (if we are running one).
- */
-static int
-parse_args(argc, argv)
- int argc;
- char **argv;
-{
- int mode = 0; /* what mode is sudo to be run in? */
- int flags = 0; /* mode flags */
- int valid_flags, ch;
-
- /* First, check to see if we were invoked as "sudoedit". */
- if (strcmp(getprogname(), "sudoedit") == 0)
- mode = MODE_EDIT;
-
- /* Returns true if the last option string was "--" */
-#define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \
- argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0')
-
- /* Returns true if next option is an environment variable */
-#define is_envar (optind < argc && argv[optind][0] != '/' && \
- strchr(argv[optind], '=') != NULL)
-
- /* Flags allowed when running a command */
- valid_flags = MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|
- MODE_LOGIN_SHELL|MODE_INVALIDATE|MODE_NONINTERACTIVE|
- MODE_PRESERVE_GROUPS|MODE_SHELL;
- for (;;) {
- /*
- * We disable arg permutation for GNU getopt().
- * Some trickiness is required to allow environment variables
- * to be interspersed with command line options.
- */
- if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlnPp:r:Sst:U:u:Vv")) != -1) {
- switch (ch) {
- case 'A':
- SET(tgetpass_flags, TGP_ASKPASS);
- break;
-#ifdef HAVE_BSD_AUTH_H
- case 'a':
- login_style = optarg;
- break;
-#endif
- case 'b':
- SET(flags, MODE_BACKGROUND);
- break;
- case 'C':
- if ((user_closefrom = atoi(optarg)) < 3) {
- warningx("the argument to -C must be at least 3");
- usage(1);
- }
- break;
-#ifdef HAVE_LOGIN_CAP_H
- case 'c':
- login_class = optarg;
- def_use_loginclass = TRUE;
- break;
-#endif
- case 'E':
- SET(flags, MODE_PRESERVE_ENV);
- break;
- case 'e':
- if (mode && mode != MODE_EDIT)
- usage_excl(1);
- mode = MODE_EDIT;
- valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
- break;
- case 'g':
- runas_group = optarg;
- break;
- case 'H':
- SET(flags, MODE_RESET_HOME);
- break;
- case 'h':
- if (mode && mode != MODE_HELP) {
- if (strcmp(getprogname(), "sudoedit") != 0)
- usage_excl(1);
- }
- mode = MODE_HELP;
- valid_flags = 0;
- break;
- case 'i':
- SET(flags, MODE_LOGIN_SHELL);
- def_env_reset = TRUE;
- break;
- case 'k':
- SET(flags, MODE_INVALIDATE);
- break;
- case 'K':
- if (mode && mode != MODE_KILL)
- usage_excl(1);
- mode = MODE_KILL;
- valid_flags = 0;
- break;
- case 'L':
- if (mode && mode != MODE_LISTDEFS)
- usage_excl(1);
- mode = MODE_LISTDEFS;
- valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
- break;
- case 'l':
- if (mode) {
- if (mode == MODE_LIST)
- long_list = 1;
- else
- usage_excl(1);
- }
- mode = MODE_LIST;
- valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
- break;
- case 'n':
- SET(flags, MODE_NONINTERACTIVE);
- break;
- case 'P':
- SET(flags, MODE_PRESERVE_GROUPS);
- break;
- case 'p':
- user_prompt = optarg;
- def_passprompt_override = TRUE;
- break;
-#ifdef HAVE_SELINUX
- case 'r':
- user_role = optarg;
- break;
- case 't':
- user_type = optarg;
- break;
-#endif
- case 'S':
- SET(tgetpass_flags, TGP_STDIN);
- break;
- case 's':
- SET(flags, MODE_SHELL);
- break;
- case 'U':
- if ((list_pw = sudo_getpwnam(optarg)) == NULL)
- errorx(1, "unknown user: %s", optarg);
- break;
- case 'u':
- runas_user = optarg;
- break;
- case 'v':
- if (mode && mode != MODE_VALIDATE)
- usage_excl(1);
- mode = MODE_VALIDATE;
- valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
- break;
- case 'V':
- if (mode && mode != MODE_VERSION)
- usage_excl(1);
- mode = MODE_VERSION;
- valid_flags = 0;
- break;
- default:
- usage(1);
- }
- } else if (!got_end_of_args && is_envar) {
- struct list_member *ev;
-
- /* Store environment variable. */
- ev = emalloc(sizeof(*ev));
- ev->value = argv[optind];
- ev->next = sudo_user.env_vars;
- sudo_user.env_vars = ev;
-
- /* Crank optind and resume getopt. */
- optind++;
- } else {
- /* Not an option or an environment variable -- we're done. */
- break;
- }
- }
-
- NewArgc = argc - optind;
- NewArgv = argv + optind;
-
- if (!mode) {
- /* Defer -k mode setting until we know whether it is a flag or not */
- if (ISSET(flags, MODE_INVALIDATE) && NewArgc == 0) {
- mode = MODE_INVALIDATE; /* -k by itself */
- CLR(flags, MODE_INVALIDATE);
- valid_flags = 0;
- } else {
- mode = MODE_RUN; /* running a command */
- }
- }
-
- if (NewArgc > 0 && mode == MODE_LIST)
- mode = MODE_CHECK;
-
- if (ISSET(flags, MODE_LOGIN_SHELL)) {
- if (ISSET(flags, MODE_SHELL)) {
- warningx("you may not specify both the `-i' and `-s' options");
- usage(1);
- }
- if (ISSET(flags, MODE_PRESERVE_ENV)) {
- warningx("you may not specify both the `-i' and `-E' options");
- usage(1);
- }
- SET(flags, MODE_SHELL);
- }
- if ((flags & valid_flags) != flags)
- usage(1);
- if (mode == MODE_EDIT &&
- (ISSET(flags, MODE_PRESERVE_ENV) || sudo_user.env_vars != NULL)) {
- if (ISSET(mode, MODE_PRESERVE_ENV))
- warningx("the `-E' option is not valid in edit mode");
- if (sudo_user.env_vars != NULL)
- warningx("you may not specify environment variables in edit mode");
- usage(1);
- }
- if ((runas_user != NULL || runas_group != NULL) &&
- !ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK | MODE_VALIDATE)) {
- usage(1);
- }
- if (list_pw != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
- warningx("the `-U' option may only be used with the `-l' option");
- usage(1);
- }
- if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
- warningx("the `-A' and `-S' options may not be used together");
- usage(1);
- }
- if ((NewArgc == 0 && mode == MODE_EDIT) ||
- (NewArgc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK)))
- usage(1);
- if (NewArgc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL))
- SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL));
-
- return(mode | flags);
-}
-
/*
* Open sudoers and sanity check mode/owner/type.
* Returns a handle to the sudoers file or NULL on error.
return(fp);
}
-/*
- * Close all open files (except std*) and turn off core dumps.
- * Also sets the set_perms() pointer to the correct function.
- */
-static void
-initial_setup()
-{
- int miss[3], devnull = -1;
-#if defined(__linux__) || (defined(RLIMIT_CORE) && !defined(SUDO_DEVEL))
- struct rlimit rl;
-#endif
-
-#if defined(__linux__)
- /*
- * Unlimit the number of processes since Linux's setuid() will
- * apply resource limits when changing uid and return EAGAIN if
- * nproc would be violated by the uid switch.
- */
- rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
- if (setrlimit(RLIMIT_NPROC, &rl)) {
- if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
- rl.rlim_cur = rl.rlim_max;
- (void)setrlimit(RLIMIT_NPROC, &rl);
- }
- }
-#endif /* __linux__ */
-#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
- /*
- * Turn off core dumps.
- */
- (void) getrlimit(RLIMIT_CORE, &corelimit);
- memcpy(&rl, &corelimit, sizeof(struct rlimit));
- rl.rlim_cur = 0;
- (void) setrlimit(RLIMIT_CORE, &rl);
-#endif /* RLIMIT_CORE && !SUDO_DEVEL */
-
- /*
- * stdin, stdout and stderr must be open; set them to /dev/null
- * if they are closed and close all other fds.
- */
- miss[STDIN_FILENO] = fcntl(STDIN_FILENO, F_GETFL, 0) == -1;
- miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1;
- miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
- if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
- if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) {
- if (miss[STDIN_FILENO])
- (void) dup2(devnull, STDIN_FILENO);
- if (miss[STDOUT_FILENO])
- (void) dup2(devnull, STDOUT_FILENO);
- if (miss[STDERR_FILENO])
- (void) dup2(devnull, STDERR_FILENO);
- if (devnull > STDERR_FILENO)
- close(devnull);
- }
- }
-}
-
#ifdef HAVE_LOGIN_CAP_H
static void
set_loginclass(pw)
* Look up the fully qualified domain name and set user_host and user_shost.
*/
void
-set_fqdn()
+set_fqdn(void)
{
#ifdef HAVE_GETADDRINFO
struct addrinfo *res0, hint;
user_host = estrdup(hp->h_name);
#endif
}
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
- } else {
+ if ((p = strchr(user_host, '.')) != NULL)
+ user_shost = estrndup(user_host, (size_t)(p - user_host));
+ else
user_shost = user_host;
- }
}
/*
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
} else {
if ((runas_pw = sudo_getpwnam(user)) == NULL) {
- audit_failure(NewArgv, "unknown user: %s", user);
+ //audit_failure(NewArgv, "unknown user: %s", user);
log_error(NO_MAIL|MSG_ONLY, "unknown user: %s", user);
}
}
sudo_endpwent();
sudo_endgrent();
}
-#ifdef _PATH_SUDO_TRANSCRIPT
+#ifdef notyet
+ /* XXX */
if (def_transcript)
term_restore(STDIN_FILENO, 0);
#endif
}
-static void
-show_version()
+static int
+sudoers_policy_version(int verbose)
{
- (void) printf("Sudo version %s\n", PACKAGE_VERSION);
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+ char *str;
+
+ easprintf(&str, "Sudoers plugin version %s\n", PACKAGE_VERSION);
+
+ /* Call conversation function */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_INFO_MSG;
+ msg.msg = str;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
+
+#ifdef notyet
if (getuid() == 0) {
putchar('\n');
(void) printf("Sudoers path: %s\n", _PATH_SUDOERS);
dump_defaults();
dump_interfaces();
}
- exit(0);
+#endif
+ return TRUE;
}
-/*
- * Tell which options are mutually exclusive and exit.
- */
-static void
-usage_excl(exit_val)
- int exit_val;
+static int
+deserialize_info(char * const settings[], char * const user_info[])
{
- warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified");
- usage(exit_val);
-}
+ char * const *cur;
+ const char *p;
+ int flags = 0;
-/*
- * Give usage message and exit.
- * The actual usage strings are in sudo_usage.h for configure substitution.
- */
-static void
-usage(exit_val)
- int exit_val;
-{
- struct lbuf lbuf;
- char *uvec[6];
- int i, ulen;
+#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0)
- /*
- * Use usage vectors appropriate to the progname.
- */
- if (strcmp(getprogname(), "sudoedit") == 0) {
- uvec[0] = SUDO_USAGE5 + 3;
- uvec[1] = NULL;
- } else {
- uvec[0] = SUDO_USAGE1;
- uvec[1] = SUDO_USAGE2;
- uvec[2] = SUDO_USAGE3;
- uvec[3] = SUDO_USAGE4;
- uvec[4] = SUDO_USAGE5;
- uvec[5] = NULL;
+ /* Parse command line settings. */
+ for (cur = settings; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "debug_level=")) {
+ debug_level = atoi(*cur + sizeof("debug_level=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "runas_user=")) {
+ runas_user = *cur + sizeof("runas_user=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "runas_group=")) {
+ runas_group = *cur + sizeof("runas_group=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "prompt=")) {
+ user_prompt = *cur + sizeof("prompt=") - 1;
+ def_passprompt_override = TRUE;
+ continue;
+ }
+ if (MATCHES(*cur, "set_home=")) {
+ if (atobool(*cur + sizeof("set_home=") - 1) == TRUE)
+ SET(flags, MODE_RESET_HOME);
+ continue;
+ }
+ if (MATCHES(*cur, "preserve_environment=")) {
+ if (atobool(*cur + sizeof("preserve_environment=") - 1) == TRUE)
+ SET(flags, MODE_PRESERVE_ENV);
+ continue;
+ }
+ if (MATCHES(*cur, "login_shell=")) {
+ if (atobool(*cur + sizeof("login_shell=") - 1) == TRUE) {
+ SET(flags, MODE_LOGIN_SHELL);
+ def_env_reset = TRUE;
+ }
+ continue;
+ }
+ if (MATCHES(*cur, "preserve_groups=")) {
+ SET(flags, MODE_PRESERVE_GROUPS);
+ continue;
+ }
+ if (MATCHES(*cur, "ignore_ticket=")) {
+ /* XXX */
+ continue;
+ }
+ if (MATCHES(*cur, "login_class=")) {
+ login_class = *cur + sizeof("login_class=") - 1;
+ def_use_loginclass = TRUE;
+ continue;
+ }
+#ifdef HAVE_SELINUX
+ if (MATCHES(*cur, "selinux_role=")) {
+ user_role = *cur + sizeof("selinux_role=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "selinux_type=")) {
+ user_role = *cur + sizeof("selinux_type=") - 1;
+ continue;
+ }
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_BSD_AUTH_H
+ if (MATCHES(*cur, "bsdauth_type=")) {
+ login_style = *cur + sizeof("bsdauth_type=") - 1;
+ continue;
+ }
+#endif /* HAVE_BSD_AUTH_H */
}
- /*
- * Print usage and wrap lines as needed, depending on the
- * tty width.
- */
- ulen = (int)strlen(getprogname()) + 8;
- lbuf_init(&lbuf, NULL, ulen, 0);
- for (i = 0; uvec[i] != NULL; i++) {
- lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL);
- lbuf_print(&lbuf);
+ for (cur = user_info; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "user=")) {
+ user_name = estrdup(*cur + sizeof("user=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "uid=")) {
+ user_uid = atoi(*cur + sizeof("uid=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "gid=")) {
+ user_gid = atoi(*cur + sizeof("gid=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "groups=")) {
+ /* XXX, set user_groups and user_ngroups */
+ continue;
+ }
+ if (MATCHES(*cur, "cwd=")) {
+ user_cwd = estrdup(*cur + sizeof("cwd=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "tty=")) {
+ user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1);
+ if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+ user_tty += sizeof(_PATH_DEV) - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "host=")) {
+ user_host = user_shost = estrdup(*cur + sizeof("host=") - 1);
+ if ((p = strchr(user_host, '.')))
+ user_shost = estrndup(user_host, (size_t)(p - user_host));
+ continue;
+ }
}
- lbuf_destroy(&lbuf);
- exit(exit_val);
+
+#undef MATCHES
+ return flags;
+}
+
+#if 0 /* move to error.c */
+void
+warning(const char *fmt, ...)
+{
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+ va_list ap;
+ char *str, *tmp;
+
+ va_start(ap, fmt);
+ evasprintf(&tmp, fmt, ap);
+ va_end(ap);
+ easprintf(&str, "%s: %s: %s\n", getprogname(), tmp, strerror(errno));
+ efree(tmp);
+
+ /* Call conversation function */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_ERROR_MSG;
+ msg.msg = str;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
}
+
+void
+warningx(const char *fmt, ...)
+{
+ struct sudo_conv_message msg;
+ struct sudo_conv_reply repl;
+ va_list ap;
+ char *str, *tmp;
+ int rc;
+
+ va_start(ap, fmt);
+ rc = wvasprintf(&tmp, fmt, ap);
+ va_end(ap);
+ if (rc == -1)
+ return;
+ easprintf(&str, "%s: %s\n", getprogname(), tmp);
+ efree(tmp);
+
+ /* Call conversation function */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_type = SUDO_CONV_ERROR_MSG;
+ msg.msg = str;
+ memset(&repl, 0, sizeof(repl));
+ sudo_conv(1, &msg, &repl);
+}
+#endif
+
+struct policy_plugin sudoers_policy = {
+ SUDO_POLICY_PLUGIN,
+ SUDO_API_VERSION,
+ sudoers_policy_open,
+ sudoers_policy_close,
+ sudoers_policy_version,
+ sudoers_policy_check,
+#ifdef notyet
+ sudoers_policy_list,
+ sudoers_policy_validate,
+ sudoers_policy_invalidate
+#endif
+};
+
+#ifdef notyet
+struct io_plugin sudoers_io = {
+ SUDO_IO_PLUGIN,
+ SUDO_API_VERSION,
+ io_open,
+ io_close,
+ io_version,
+ io_log_input,
+ io_log_output
+};
+#endif
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
-#ifndef _SUDO_SUDO_H
-#define _SUDO_SUDO_H
+#ifndef _SUDO_SUDOERS_H
+#define _SUDO_SUDOERS_H
#include <pathnames.h>
#include <limits.h>
#include "compat.h"
-#include "alloc.h"
#include "defaults.h"
-#include "error.h"
+#include "error.h" /* XXX */
+#include "alloc.h" /* XXX */
#include "list.h"
#include "logging.h"
#include "missing.h"
#include "sudo_nss.h"
+#include "sudo_plugin.h"
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
# include <membership.h>
struct passwd *_runas_pw;
struct group *_runas_gr;
struct stat *cmnd_stat;
+ char *name;
char *path;
char *shell;
char *tty;
char *display;
char *askpass;
int ngroups;
+ uid_t uid;
+ uid_t gid;
GETGROUPS_T *groups;
struct list_member *env_vars;
#ifdef HAVE_SELINUX
char *role;
char *type;
#endif
- char cwd[PATH_MAX];
+ char *cwd;
char sessid[7];
#ifdef HAVE_MBR_CHECK_MEMBERSHIP
uuid_t uuid;
/*
* find_path()/load_cmnd() return values
*/
-#define FOUND 1
-#define NOT_FOUND 0
-#define NOT_FOUND_DOT -1
+#define FOUND 0
+#define NOT_FOUND 1
+#define NOT_FOUND_DOT 2
/*
* Various modes sudo can be in (based on arguments) in hex
/*
* Shortcuts for sudo_user contents.
*/
-#define user_name (sudo_user.pw->pw_name)
+#define user_name (sudo_user.name)
+#define user_uid (sudo_user.uid)
+#define user_gid (sudo_user.gid)
#define user_passwd (sudo_user.pw->pw_passwd)
-#define user_uid (sudo_user.pw->pw_uid)
#define user_uuid (sudo_user.uuid)
-#define user_gid (sudo_user.pw->pw_gid)
#define user_dir (sudo_user.pw->pw_dir)
#define user_shell (sudo_user.shell)
#define user_ngroups (sudo_user.ngroups)
#define SUDO_TLOCK 2 /* test & lock a file (non-blocking) */
#define SUDO_UNLOCK 4 /* unlock a file */
+#if 0 /* XXX */
/*
* Flags for tgetpass()
*/
#define TGP_ECHO 0x01 /* leave echo on when reading passwd */
#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */
#define TGP_ASKPASS 0x04 /* read from askpass helper program */
+#endif
struct lbuf;
struct passwd;
#define YY_DECL int yylex __P((void))
char *sudo_goodpath __P((const char *, struct stat *));
-char *tgetpass __P((const char *, int, int));
int find_path __P((char *, char **, struct stat *, char *));
int tty_present __P((void));
-void check_user __P((int, int));
-void verify_user __P((struct passwd *, char *));
+int check_user __P((int, int));
+int verify_user __P((struct passwd *, char *));
#ifdef HAVE_LDAP
int sudo_ldap_open __P((struct sudo_nss *));
int sudo_ldap_close __P((struct sudo_nss *));
void sia_attempt_auth __P((void));
void pam_attempt_auth __P((void));
int yyparse __P((void));
-void pass_warn __P((FILE *));
+void pass_warn __P((void));
void dump_defaults __P((void));
void dump_auth_methods __P((void));
void init_envtables __P((void));
int user_in_group __P((struct passwd *, const char *));
YY_DECL;
+/* atobool.c */
+int atobool(const char *str);
+
/* Only provide extern declarations outside of sudo.c. */
#ifndef _SUDO_MAIN
extern struct sudo_user sudo_user;
extern struct passwd *auth_pw, *list_pw;
-extern int tgetpass_flags;
+extern int tgetpass_flags; /* XXX */
extern int long_list;
extern uid_t timestamp_uid;
#endif
extern int errno;
#endif
-#endif /* _SUDO_SUDO_H */
+#endif /* _SUDO_SUDOERS_H */
#include <arpa/inet.h>
#include <netdb.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include <gram.h>
# endif
#endif
#include <ctype.h>
-#include "sudo.h"
+#include "sudoers.h"
#include "parse.h"
#include <gram.h>
#include <pwd.h>
#include <grp.h>
-#include "sudo.h"
+#include "sudoers.h"
#ifndef LINE_MAX
# define LINE_MAX 2048
#include "logging.h"
#include "nonunix.h"
#include "parse.h"
-#include "sudo.h"
+#include "sudoers.h"
/* Pseudo-boolean types */
# include <compat/timespec.h>
#endif
-#include "sudo.h"
+#include "sudoers.h"
#include "interfaces.h"
#include "parse.h"
#include "redblack.h"
projects / sudo / commitdiff