auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
auth/secureware.c auth/securid.c auth/sia.c auth/sudo_auth.c
-HDRS = compat.h defaults.h ins_2001.h ins_classic.h ins_csops.h ins_goons.h \
- insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h version.h \
- auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h
+HDRS = compat.h def_data.h defaults.h ins_2001.h ins_classic.h ins_csops.h \
+ ins_goons.h insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h \
+ version.h auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h
AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
BINSPECIAL= INSTALL.binary Makefile.binary
SUDODEP = $(srcdir)/sudo.h $(srcdir)/compat.h $(srcdir)/defaults.h \
- $(srcdir)/logging.h config.h pathnames.h
+ $(srcdir)/logging.h config.h def_data.h pathnames.h
AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h
@DEV@ rm -f lex.yy.c
@DEV@ $(LEX) $(srcdir)/parse.lex
+# Uncomment the following if you intend to modify def_data.in
+@DEV@def_data.h def_data.c: def_data.in
+@DEV@ $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in
+
# Dependencies (not counting auth functions)
alloc.o: alloc.c $(SUDODEP)
check.o: check.c $(SUDODEP)
parse.o: parse.c $(SUDODEP) parse.h interfaces.h
lex.yy.o: lex.yy.c $(SUDODEP) parse.h sudo.tab.h
sudo.tab.o: sudo.tab.c $(SUDODEP) parse.h
-defaults.o: defaults.c $(SUDODEP) auth/sudo_auth.h
+defaults.o: defaults.c $(SUDODEP) def_data.c auth/sudo_auth.h
fnmatch.o: fnmatch.c config.h compat.h emul/fnmatch.h
getcwd.o: getcwd.c config.h compat.h
lsearch.o: lsearch.c config.h compat.h emul/search.h
struct group *grp;
char **gr_mem;
- if (!def_str(I_EXEMPT_GRP))
+ if (!def_str(I_EXEMPT_GROUP))
return(FALSE);
- if (!(grp = getgrnam(def_str(I_EXEMPT_GRP))))
+ if (!(grp = getgrnam(def_str(I_EXEMPT_GROUP))))
return(FALSE);
if (getgid() == grp->gr_gid)
*/
if (status == TS_OLD) {
now = time(NULL);
- if (def_ival(I_TS_TIMEOUT) &&
- now - sb.st_mtime < 60 * def_ival(I_TS_TIMEOUT)) {
+ if (def_ival(I_TIMESTAMP_TIMEOUT) &&
+ now - sb.st_mtime < 60 * def_ival(I_TIMESTAMP_TIMEOUT)) {
/*
* Check for bogus time on the stampfile. The clock may
* have been set back or someone could be trying to spoof us.
*/
- if (sb.st_mtime > now + 60 * def_ival(I_TS_TIMEOUT) * 2) {
+ if (sb.st_mtime > now + 60 * def_ival(I_TIMESTAMP_TIMEOUT) * 2) {
log_error(NO_EXIT,
"timestamp too far in the future: %20.20s",
4 + ctime(&sb.st_mtime));
--- /dev/null
+struct sudo_defs_types sudo_defs_table[] = {
+ {
+ "syslog_ifac", NULL,
+ "NULL"
+ }, {
+ "syslog_igoodpri", NULL,
+ "NULL"
+ }, {
+ "syslog_ibadpri", NULL,
+ "NULL"
+ }, {
+ "syslog", T_LOGFAC|T_BOOL,
+ "Syslog facility if syslog is being used for logging: %s"
+ }, {
+ "syslog_goodpri", T_LOGPRI,
+ "Syslog priority to use when user authenticates successfully: %s"
+ }, {
+ "syslog_badpri", T_LOGPRI,
+ "Syslog priority to use when user authenticates unsuccessfully: %s"
+ }, {
+ "long_otp_prompt", T_FLAG,
+ "Put OTP prompt on its own line"
+ }, {
+ "ignore_dot", T_FLAG,
+ "Ignore '.' in $PATH"
+ }, {
+ "mail_always", T_FLAG,
+ "Always send mail when sudo is run"
+ }, {
+ "mail_no_user", T_FLAG,
+ "Send mail if the user is not in sudoers"
+ }, {
+ "mail_no_host", T_FLAG,
+ "Send mail if the user is not in sudoers for this host"
+ }, {
+ "mail_no_perms", T_FLAG,
+ "Send mail if the user is not allowed to run a command"
+ }, {
+ "tty_tickets", T_FLAG,
+ "Use a separate timestamp for each user/tty combo"
+ }, {
+ "lecture", T_FLAG,
+ "Lecture user the first time they run sudo"
+ }, {
+ "authenticate", T_FLAG,
+ "Require users to authenticate by default"
+ }, {
+ "root_sudo", T_FLAG,
+ "Root may run sudo"
+ }, {
+ "log_host", T_FLAG,
+ "Log the hostname in the (non-syslog) log file"
+ }, {
+ "log_year", T_FLAG,
+ "Log the year in the (non-syslog) log file"
+ }, {
+ "shell_noargs", T_FLAG,
+ "If sudo is invoked with no arguments, start a shell"
+ }, {
+ "set_home", T_FLAG,
+ "Set $HOME to the target user when starting a shell with -s"
+ }, {
+ "always_set_home", T_FLAG,
+ "Always set $HOME to the target user's home directory"
+ }, {
+ "path_info", T_FLAG,
+ "Allow some information gathering to give useful error messages"
+ }, {
+ "fqdn", T_FLAG,
+ "Require fully-qualified hostnames in the sudoers file"
+ }, {
+ "insults", T_FLAG,
+ "Insult the user when they enter an incorrect password"
+ }, {
+ "requiretty", T_FLAG,
+ "Only allow the user to run sudo if they have a tty"
+ }, {
+ "env_editor", T_FLAG,
+ "Visudo will honor the EDITOR environment variable"
+ }, {
+ "rootpw", T_FLAG,
+ "Prompt for root's password, not the users's"
+ }, {
+ "runaspw", T_FLAG,
+ "Prompt for the runas_default user's password, not the users's"
+ }, {
+ "targetpw", T_FLAG,
+ "Prompt for the target user's password, not the users's"
+ }, {
+ "use_loginclass", T_FLAG,
+ "Apply defaults in the target user's login class if there is one"
+ }, {
+ "set_logname", T_FLAG,
+ "Set the LOGNAME and USER environment variables"
+ }, {
+ "stay_setuid", T_FLAG,
+ "Only set the effective uid to the target user, not the real uid"
+ }, {
+ "env_reset", T_FLAG,
+ "Reset the environment to a default set of variables"
+ }, {
+ "loglinelen", T_INT|T_BOOL,
+ "Length at which to wrap log file lines (0 for no wrap): %d"
+ }, {
+ "timestamp_timeout", T_INT|T_BOOL,
+ "Authentication timestamp timeout: %d minutes"
+ }, {
+ "passwd_timeout", T_INT|T_BOOL,
+ "Password prompt timeout: %d minutes"
+ }, {
+ "passwd_tries", T_INT,
+ "Number of tries to enter a password: %d"
+ }, {
+ "umask", T_MODE|T_BOOL,
+ "Umask to use or 0777 to use user's: 0%o"
+ }, {
+ "logfile", T_STR|T_BOOL|T_PATH,
+ "Path to log file: %s"
+ }, {
+ "mailerpath", T_STR|T_BOOL|T_PATH,
+ "Path to mail program: %s"
+ }, {
+ "mailerflags", T_STR|T_BOOL,
+ "Flags for mail program: %s"
+ }, {
+ "mailto", T_STR|T_BOOL,
+ "Address to send mail to: %s"
+ }, {
+ "mailsub", T_STR,
+ "Subject line for mail messages: %s"
+ }, {
+ "badpass_message", T_STR,
+ "Incorrect password message: %s"
+ }, {
+ "timestampdir", T_STR|T_PATH,
+ "Path to authentication timestamp dir: %s"
+ }, {
+ "exempt_group", T_STR|T_BOOL,
+ "Users in this group are exempt from password and PATH requirements: %s"
+ }, {
+ "passprompt", T_STR,
+ "Default password prompt: %s"
+ }, {
+ "runas_default", T_STR,
+ "Default user to run commands as: %s"
+ }, {
+ "secure_path", T_STR|T_BOOL,
+ "Value to override user's $PATH with: %s"
+ }, {
+ "editor", T_STR|T_PATH,
+ "Path to the editor for use by visudo: %s"
+ }, {
+ "env_keep", T_STR|T_BOOL,
+ "Environment variables to preserve: %s"
+ }, {
+ "listpw_i", NULL,
+ "NULL"
+ }, {
+ "verifypw_i", NULL,
+ "NULL"
+ }, {
+ "listpw", T_PWFLAG,
+ "When to require a password for 'list' pseudocommand: %s"
+ }, {
+ "verifypw", T_PWFLAG,
+ "When to require a password for 'verify' pseudocommand: %s"
+ }, {
+ NULL, 0, NULL
+ }
+};
--- /dev/null
+#define I_SYSLOG_IFAC 0
+#define I_SYSLOG_IGOODPRI 1
+#define I_SYSLOG_IBADPRI 2
+#define I_SYSLOG 3
+#define I_SYSLOG_GOODPRI 4
+#define I_SYSLOG_BADPRI 5
+#define I_LONG_OTP_PROMPT 6
+#define I_IGNORE_DOT 7
+#define I_MAIL_ALWAYS 8
+#define I_MAIL_NO_USER 9
+#define I_MAIL_NO_HOST 10
+#define I_MAIL_NO_PERMS 11
+#define I_TTY_TICKETS 12
+#define I_LECTURE 13
+#define I_AUTHENTICATE 14
+#define I_ROOT_SUDO 15
+#define I_LOG_HOST 16
+#define I_LOG_YEAR 17
+#define I_SHELL_NOARGS 18
+#define I_SET_HOME 19
+#define I_ALWAYS_SET_HOME 20
+#define I_PATH_INFO 21
+#define I_FQDN 22
+#define I_INSULTS 23
+#define I_REQUIRETTY 24
+#define I_ENV_EDITOR 25
+#define I_ROOTPW 26
+#define I_RUNASPW 27
+#define I_TARGETPW 28
+#define I_USE_LOGINCLASS 29
+#define I_SET_LOGNAME 30
+#define I_STAY_SETUID 31
+#define I_ENV_RESET 32
+#define I_LOGLINELEN 33
+#define I_TIMESTAMP_TIMEOUT 34
+#define I_PASSWD_TIMEOUT 35
+#define I_PASSWD_TRIES 36
+#define I_UMASK 37
+#define I_LOGFILE 38
+#define I_MAILERPATH 39
+#define I_MAILERFLAGS 40
+#define I_MAILTO 41
+#define I_MAILSUB 42
+#define I_BADPASS_MESSAGE 43
+#define I_TIMESTAMPDIR 44
+#define I_EXEMPT_GROUP 45
+#define I_PASSPROMPT 46
+#define I_RUNAS_DEFAULT 47
+#define I_SECURE_PATH 48
+#define I_EDITOR 49
+#define I_ENV_KEEP 50
+#define I_LISTPW_I 51
+#define I_VERIFYPW_I 52
+#define I_LISTPW 53
+#define I_VERIFYPW 54
--- /dev/null
+#
+# Format:
+#
+# var_name
+# TYPE
+# description (or NULL)
+#
+
+syslog_ifac
+ T_INT
+ NULL
+syslog_igoodpri
+ T_INT
+ NULL
+syslog_ibadpri
+ T_INT
+ NULL
+syslog
+ T_LOGFAC|T_BOOL
+ "Syslog facility if syslog is being used for logging: %s"
+syslog_goodpri
+ T_LOGPRI
+ "Syslog priority to use when user authenticates successfully: %s"
+syslog_badpri
+ T_LOGPRI
+ "Syslog priority to use when user authenticates unsuccessfully: %s"
+long_otp_prompt
+ T_FLAG
+ "Put OTP prompt on its own line"
+ignore_dot
+ T_FLAG
+ "Ignore '.' in $PATH"
+mail_always
+ T_FLAG
+ "Always send mail when sudo is run"
+mail_no_user
+ T_FLAG
+ "Send mail if the user is not in sudoers"
+mail_no_host
+ T_FLAG
+ "Send mail if the user is not in sudoers for this host"
+mail_no_perms
+ T_FLAG
+ "Send mail if the user is not allowed to run a command"
+tty_tickets
+ T_FLAG
+ "Use a separate timestamp for each user/tty combo"
+lecture
+ T_FLAG
+ "Lecture user the first time they run sudo"
+authenticate
+ T_FLAG
+ "Require users to authenticate by default"
+root_sudo
+ T_FLAG
+ "Root may run sudo"
+log_host
+ T_FLAG
+ "Log the hostname in the (non-syslog) log file"
+log_year
+ T_FLAG
+ "Log the year in the (non-syslog) log file"
+shell_noargs
+ T_FLAG
+ "If sudo is invoked with no arguments, start a shell"
+set_home
+ T_FLAG
+ "Set $HOME to the target user when starting a shell with -s"
+always_set_home
+ T_FLAG
+ "Always set $HOME to the target user's home directory"
+path_info
+ T_FLAG
+ "Allow some information gathering to give useful error messages"
+fqdn
+ T_FLAG
+ "Require fully-qualified hostnames in the sudoers file"
+insults
+ T_FLAG
+ "Insult the user when they enter an incorrect password"
+requiretty
+ T_FLAG
+ "Only allow the user to run sudo if they have a tty"
+env_editor
+ T_FLAG
+ "Visudo will honor the EDITOR environment variable"
+rootpw
+ T_FLAG
+ "Prompt for root's password, not the users's"
+runaspw
+ T_FLAG
+ "Prompt for the runas_default user's password, not the users's"
+targetpw
+ T_FLAG
+ "Prompt for the target user's password, not the users's"
+use_loginclass
+ T_FLAG
+ "Apply defaults in the target user's login class if there is one"
+set_logname
+ T_FLAG
+ "Set the LOGNAME and USER environment variables"
+stay_setuid
+ T_FLAG
+ "Only set the effective uid to the target user, not the real uid"
+env_reset
+ T_FLAG
+ "Reset the environment to a default set of variables"
+loglinelen
+ T_INT|T_BOOL
+ "Length at which to wrap log file lines (0 for no wrap): %d"
+timestamp_timeout
+ T_INT|T_BOOL
+ "Authentication timestamp timeout: %d minutes"
+passwd_timeout
+ T_INT|T_BOOL
+ "Password prompt timeout: %d minutes"
+passwd_tries
+ T_INT
+ "Number of tries to enter a password: %d"
+umask
+ T_MODE|T_BOOL
+ "Umask to use or 0777 to use user's: 0%o"
+logfile
+ T_STR|T_BOOL|T_PATH
+ "Path to log file: %s"
+mailerpath
+ T_STR|T_BOOL|T_PATH
+ "Path to mail program: %s"
+mailerflags
+ T_STR|T_BOOL
+ "Flags for mail program: %s"
+mailto
+ T_STR|T_BOOL
+ "Address to send mail to: %s"
+mailsub
+ T_STR
+ "Subject line for mail messages: %s"
+badpass_message
+ T_STR
+ "Incorrect password message: %s"
+timestampdir
+ T_STR|T_PATH
+ "Path to authentication timestamp dir: %s"
+exempt_group
+ T_STR|T_BOOL
+ "Users in this group are exempt from password and PATH requirements: %s"
+passprompt
+ T_STR
+ "Default password prompt: %s"
+runas_default
+ T_STR
+ "Default user to run commands as: %s"
+secure_path
+ T_STR|T_BOOL
+ "Value to override user's $PATH with: %s"
+editor
+ T_STR|T_PATH
+ "Path to the editor for use by visudo: %s"
+env_keep
+ T_STR|T_BOOL
+ "Environment variables to preserve: %s"
+listpw_i
+ T_INT
+ NULL
+verifypw_i
+ T_INT
+ NULL
+listpw
+ T_PWFLAG
+ "When to require a password for 'list' pseudocommand: %s"
+verifypw
+ T_PWFLAG
+ "When to require a password for 'verify' pseudocommand: %s"
/*
* Table describing compile-time and run-time options.
*/
-struct sudo_defs_types sudo_defs_table[] = {
- {
- "syslog_ifac", T_INT, NULL
- }, {
- "syslog_igoodpri", T_INT, NULL
- }, {
- "syslog_ibadpri", T_INT, NULL
- }, {
- "syslog", T_LOGFAC|T_BOOL,
- "Syslog facility if syslog is being used for logging: %s"
- }, {
- "syslog_goodpri", T_LOGPRI,
- "Syslog priority to use when user authenticates successfully: %s"
- }, {
- "syslog_badpri", T_LOGPRI,
- "Syslog priority to use when user authenticates unsuccessfully: %s"
- }, {
- "long_otp_prompt", T_FLAG,
- "Put OTP prompt on its own line"
- }, {
- "ignore_dot", T_FLAG,
- "Ignore '.' in $PATH"
- }, {
- "mail_always", T_FLAG,
- "Always send mail when sudo is run"
- }, {
- "mail_no_user", T_FLAG,
- "Send mail if the user is not in sudoers"
- }, {
- "mail_no_host", T_FLAG,
- "Send mail if the user is not in sudoers for this host"
- }, {
- "mail_no_perms", T_FLAG,
- "Send mail if the user is not allowed to run a command"
- }, {
- "tty_tickets", T_FLAG,
- "Use a separate timestamp for each user/tty combo"
- }, {
- "lecture", T_FLAG,
- "Lecture user the first time they run sudo"
- }, {
- "authenticate", T_FLAG,
- "Require users to authenticate by default"
- }, {
- "root_sudo", T_FLAG,
- "Root may run sudo"
- }, {
- "log_host", T_FLAG,
- "Log the hostname in the (non-syslog) log file"
- }, {
- "log_year", T_FLAG,
- "Log the year in the (non-syslog) log file"
- }, {
- "shell_noargs", T_FLAG,
- "If sudo is invoked with no arguments, start a shell"
- }, {
- "set_home", T_FLAG,
- "Set $HOME to the target user when starting a shell with -s"
- }, {
- "always_set_home", T_FLAG,
- "Always set $HOME to the target user's home directory"
- }, {
- "path_info", T_FLAG,
- "Allow some information gathering to give useful error messages"
- }, {
- "fqdn", T_FLAG,
- "Require fully-qualified hostnames in the sudoers file"
- }, {
- "insults", T_FLAG,
- "Insult the user when they enter an incorrect password"
- }, {
- "requiretty", T_FLAG,
- "Only allow the user to run sudo if they have a tty"
- }, {
- "env_editor", T_FLAG,
- "Visudo will honor the EDITOR environment variable"
- }, {
- "rootpw", T_FLAG,
- "Prompt for root's password, not the users's"
- }, {
- "runaspw", T_FLAG,
- "Prompt for the runas_default user's password, not the users's"
- }, {
- "targetpw", T_FLAG,
- "Prompt for the target user's password, not the users's"
- }, {
- "use_loginclass", T_FLAG,
- "Apply defaults in the target user's login class if there is one"
- }, {
- "set_logname", T_FLAG,
- "Set the LOGNAME and USER environment variables"
- }, {
- "stay_setuid", T_FLAG,
- "Only set the effective uid to the target user, not the real uid"
- }, {
- "env_reset", T_FLAG,
- "Reset the environment to a default set of variables"
- }, {
- "loglinelen", T_INT|T_BOOL,
- "Length at which to wrap log file lines (0 for no wrap): %d"
- }, {
- "timestamp_timeout", T_INT|T_BOOL,
- "Authentication timestamp timeout: %d minutes"
- }, {
- "passwd_timeout", T_INT|T_BOOL,
- "Password prompt timeout: %d minutes"
- }, {
- "passwd_tries", T_INT,
- "Number of tries to enter a password: %d"
- }, {
- "umask", T_MODE|T_BOOL,
- "Umask to use or 0777 to use user's: 0%o"
- }, {
- "logfile", T_STR|T_BOOL|T_PATH,
- "Path to log file: %s"
- }, {
- "mailerpath", T_STR|T_BOOL|T_PATH,
- "Path to mail program: %s"
- }, {
- "mailerflags", T_STR|T_BOOL,
- "Flags for mail program: %s"
- }, {
- "mailto", T_STR|T_BOOL,
- "Address to send mail to: %s"
- }, {
- "mailsub", T_STR,
- "Subject line for mail messages: %s"
- }, {
- "badpass_message", T_STR,
- "Incorrect password message: %s"
- }, {
- "timestampdir", T_STR|T_PATH,
- "Path to authentication timestamp dir: %s"
- }, {
- "exempt_group", T_STR|T_BOOL,
- "Users in this group are exempt from password and PATH requirements: %s"
- }, {
- "passprompt", T_STR,
- "Default password prompt: %s"
- }, {
- "runas_default", T_STR,
- "Default user to run commands as: %s"
- }, {
- "secure_path", T_STR|T_BOOL,
- "Value to override user's $PATH with: %s"
- }, {
- "editor", T_STR|T_PATH,
- "Path to the editor for use by visudo: %s"
- }, {
- "env_keep", T_STR|T_BOOL,
- "Environment variables to preserve: %s"
- }, {
- "listpw_i", T_INT, NULL
- }, {
- "verifypw_i", T_INT, NULL
- }, {
- "listpw", T_PWFLAG,
- "When to require a password for 'list' pseudocommand: %s"
- }, {
- "verifypw", T_PWFLAG,
- "When to require a password for 'verify' pseudocommand: %s"
- }, {
- NULL, 0, NULL
- }
-};
+#include "def_data.c"
/*
* Print version and configure info.
def_flag(I_MAIL_ALWAYS) = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NO_USER
- def_flag(I_MAIL_NOUSER) = TRUE;
+ def_flag(I_MAIL_NO_USER) = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NO_HOST
- def_flag(I_MAIL_NOHOST) = TRUE;
+ def_flag(I_MAIL_NO_HOST) = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NOT_OK
- def_flag(I_MAIL_NOPERMS) = TRUE;
+ def_flag(I_MAIL_NO_PERMS) = TRUE;
#endif
#ifdef USE_TTY_TICKETS
def_flag(I_TTY_TICKETS) = TRUE;
#ifdef ENV_EDITOR
def_flag(I_ENV_EDITOR) = TRUE;
#endif
- def_flag(I_LOGNAME) = TRUE;
+ def_flag(I_SET_LOGNAME) = TRUE;
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
- (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_LOGFACSTR], TRUE);
- (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_GOODPRISTR], TRUE);
- (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE);
+ (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
+ (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
+ TRUE);
+ (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
+ TRUE);
#endif
/* Password flags also have a string and integer component. */
- (void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE);
- (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE);
+ (void) store_pwflag("any", &sudo_defs_table[I_LISTPW], TRUE);
+ (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPW], TRUE);
/* Then initialize the int-like things. */
#ifdef SUDO_UMASK
#else
def_mode(I_UMASK) = 0777;
#endif
- def_ival(I_LOGLEN) = MAXLOGFILELEN;
- def_ival(I_TS_TIMEOUT) = TIMEOUT;
- def_ival(I_PW_TIMEOUT) = PASSWORD_TIMEOUT;
- def_ival(I_PW_TRIES) = TRIES_FOR_PASSWORD;
+ def_ival(I_LOGLINELEN) = MAXLOGFILELEN;
+ def_ival(I_TIMESTAMP_TIMEOUT) = TIMEOUT;
+ def_ival(I_PASSWD_TIMEOUT) = PASSWORD_TIMEOUT;
+ def_ival(I_PASSWD_TRIES) = TRIES_FOR_PASSWORD;
/* Finally do the strings */
def_str(I_MAILTO) = estrdup(MAILTO);
def_str(I_MAILSUB) = estrdup(MAILSUBJECT);
- def_str(I_BADPASS_MSG) = estrdup(INCORRECT_PASSWORD);
+ def_str(I_BADPASS_MESSAGE) = estrdup(INCORRECT_PASSWORD);
def_str(I_TIMESTAMPDIR) = estrdup(_PATH_SUDO_TIMEDIR);
def_str(I_PASSPROMPT) = estrdup(PASSPROMPT);
- def_str(I_RUNAS_DEF) = estrdup(RUNAS_DEFAULT);
+ def_str(I_RUNAS_DEFAULT) = estrdup(RUNAS_DEFAULT);
#ifdef _PATH_SENDMAIL
def_str(I_MAILERPATH) = estrdup(_PATH_SENDMAIL);
def_str(I_MAILERFLAGS) = estrdup("-t");
def_str(I_LOGFILE) = estrdup(_PATH_SUDO_LOGFILE);
#endif
#ifdef EXEMPTGROUP
- def_str(I_EXEMPT_GRP) = estrdup(EXEMPTGROUP);
+ def_str(I_EXEMPT_GROUP) = estrdup(EXEMPTGROUP);
#endif
#ifdef SECURE_PATH
def_str(I_SECURE_PATH) = estrdup(SECURE_PATH);
* value changes we get the change.
*/
if (user_runas == NULL)
- user_runas = &def_str(I_RUNAS_DEF);
+ user_runas = &def_str(I_RUNAS_DEFAULT);
firsttime = 0;
}
if (op == FALSE || !val)
return(FALSE);
- if (def == &sudo_defs_table[I_GOODPRISTR])
+ if (def == &sudo_defs_table[I_SYSLOG_GOODPRI])
idef = &sudo_defs_table[I_GOODPRI];
- else if (def == &sudo_defs_table[I_BADPRISTR])
+ else if (def == &sudo_defs_table[I_SYSLOG_BADPRI])
idef = &sudo_defs_table[I_BADPRI];
else
return(FALSE);
int isub, flags;
if (strcmp(def->name, "verifypw") == 0)
- isub = I_VERIFYPW;
+ isub = I_VERIFYPW_I;
else
- isub = I_LISTPW;
+ isub = I_LISTPW_I;
/* Handle !foo. */
if (op == FALSE) {
/*
* Indexes into sudo_defs_table
*/
-
-/* Integer versions of syslog options. */
-#define I_LOGFAC 0 /* syslog facility */
-#define I_GOODPRI 1 /* syslog priority for successful auth */
-#define I_BADPRI 2 /* syslog priority for unsuccessful auth */
-
-/* String versions of syslog options. */
-#define I_LOGFACSTR 3 /* syslog facility */
-#define I_GOODPRISTR 4 /* syslog priority for successful auth */
-#define I_BADPRISTR 5 /* syslog priority for unsuccessful auth */
-
-/* Booleans */
-#define I_LONG_OTP_PROMPT 6
-#define I_IGNORE_DOT 7
-#define I_MAIL_ALWAYS 8
-#define I_MAIL_NOUSER 9
-#define I_MAIL_NOHOST 10
-#define I_MAIL_NOPERMS 11
-#define I_TTY_TICKETS 12
-#define I_LECTURE 13
-#define I_AUTHENTICATE 14
-#define I_ROOT_SUDO 15
-#define I_LOG_HOST 16
-#define I_LOG_YEAR 17
-#define I_SHELL_NOARGS 18
-#define I_SET_HOME 19
-#define I_ALWAYS_SET_HOME 20
-#define I_PATH_INFO 21
-#define I_FQDN 22
-#define I_INSULTS 23
-#define I_REQUIRETTY 24
-#define I_ENV_EDITOR 25
-#define I_ROOTPW 26
-#define I_RUNASPW 27
-#define I_TARGETPW 28
-#define I_LOGINCLASS 29
-#define I_LOGNAME 30
-#define I_STAY_SETUID 31
-#define I_ENV_RESET 32
-
-/* Integer values */
-#define I_LOGLEN 33 /* wrap log file line after N chars */
-#define I_TS_TIMEOUT 34 /* timestamp stale after N minutes */
-#define I_PW_TIMEOUT 35 /* exit if pass not entered in N minutes */
-#define I_PW_TRIES 36 /* exit after N bad password tries */
-#define I_UMASK 37 /* umask to use or 0777 to use user's */
-
-/* Strings */
-#define I_LOGFILE 38 /* path to logfile (or NULL for none) */
-#define I_MAILERPATH 39 /* path to sendmail or other mailer */
-#define I_MAILERFLAGS 40 /* flags to pass to the mailer */
-#define I_MAILTO 41 /* who to send bitch mail to */
-#define I_MAILSUB 42 /* subject line of mail msg */
-#define I_BADPASS_MSG 43 /* what to say when passwd is wrong */
-#define I_TIMESTAMPDIR 44 /* path to timestamp dir */
-#define I_EXEMPT_GRP 45 /* no password or PATH override for these */
-#define I_PASSPROMPT 46 /* password prompt */
-#define I_RUNAS_DEF 47 /* default user to run commands as */
-#define I_SECURE_PATH 48 /* set $PATH to this if not NULL */
-#define I_EDITOR 49 /* path to editor used by visudo */
-#define I_ENV_KEEP 50 /* list of env vars to preserve */
-
-/* Integer versions of list/verify options */
-#define I_LISTPW 51
-#define I_VERIFYPW 52
-
-/* String versions of list/verify options */
-#define I_LISTPWSTR 53
-#define I_VERIFYPWSTR 54
+#include "def_data.h"
+#define I_LOGFAC I_SYSLOG_IFAC
+#define I_GOODPRI I_SYSLOG_IGOODPRI
+#define I_BADPRI I_SYSLOG_IBADPRI
/*
* Macros for accessing sudo_defs_table.
/* XXX - set all to target user instead for -S */
*nep++ = format_env("HOME", user_dir);
*nep++ = format_env("SHELL", user_shell);
- if (def_flag(I_LOGNAME) && runas_pw->pw_name) {
+ if (def_flag(I_SET_LOGNAME) && runas_pw->pw_name) {
*nep++ = format_env("LOGNAME", runas_pw->pw_name);
*nep++ = format_env("USER", runas_pw->pw_name);
} else {
char *beg, *oldend, *end;
FILE *fp;
mode_t oldmask;
- int maxlen = def_ival(I_LOGLEN);
+ int maxlen = def_ival(I_LOGLINELEN);
oldmask = umask(077);
fp = fopen(def_str(I_LOGFILE), "a");
send_mail(full_line);
free(full_line);
} else {
- if (def_ival(I_LOGLEN) == 0) {
+ if (def_ival(I_LOGLINELEN) == 0) {
/* Don't pretty-print long log file lines (hard to grep) */
if (def_flag(I_LOG_HOST))
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(),
/*
* Log via syslog and/or a file.
*/
- if (def_str(I_LOGFACSTR))
+ if (def_str(I_SYSLOG))
do_syslog(pri, logline);
if (def_str(I_LOGFILE))
do_logfile(logline);
/*
* Log to syslog and/or a file.
*/
- if (def_str(I_LOGFACSTR))
+ if (def_str(I_SYSLOG))
do_syslog(def_ival(I_BADPRI), logline);
if (def_str(I_LOGFILE))
do_logfile(logline);
VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK;
else {
mail_mask = VALIDATE_ERROR;
- if (def_flag(I_MAIL_NOUSER))
+ if (def_flag(I_MAIL_NO_USER))
mail_mask |= FLAG_NO_USER;
- if (def_flag(I_MAIL_NOHOST))
+ if (def_flag(I_MAIL_NO_HOST))
mail_mask |= FLAG_NO_HOST;
- if (def_flag(I_MAIL_NOPERMS))
+ if (def_flag(I_MAIL_NO_PERMS))
mail_mask |= VALIDATE_NOT_OK;
}
--- /dev/null
+#!/usr/bin/perl -w
+#
+# Generate sudo_defs_table and associated defines
+#
+# Input should be formatted thusly:
+#
+# var_name
+# TYPE
+# description (or NULL)
+
+# Deal with optional -o (output) argument
+if ($ARGV[0] eq "-o") {
+ shift;
+ $header = $cfile = shift;
+ $header .= '.h';
+ $cfile .= '.c';
+}
+die "usage: $0 input_file" unless $#ARGV == 0;
+
+$infile = $ARGV[0];
+if (!defined($header)) {
+ $header = $infile;
+ $header =~ s/(\.in)?$/.h/;
+}
+if (!defined($cfile)) {
+ $cfile = $infile;
+ $cfile =~ s/(\.in)?$/.c/;
+}
+
+open(IN, "<$infile") || die "$0: can't open $infile: $!\n";
+open(HEADER, ">$header") || die "$0: can't open $header: $!\n";
+open(CFILE, ">$cfile") || die "$0: can't open $cfile: $!\n";
+
+print CFILE "struct sudo_defs_types sudo_defs_table[] = {\n {\n";
+
+$count = -1;
+while(<IN>) {
+ chomp;
+ next if /^\s*$/;
+ next if /^\s*#/;
+
+ if (/^\S/) {
+ # Print last record
+ &print_record() if defined($var);
+
+ $var = $_;
+ ($type, $desc) = (undef, undef);
+ $count++;
+ } else {
+ s/^\s+//;
+ s/\s+$//;
+ die "$0: syntax error near line $.\n" if
+ defined($type) && defined($desc);
+ if (defined($type) && !/^NULL$/) {
+ # Strip leading and trailing double quote and escape the rest
+ s/^"//;
+ s/"$//;
+ s/"/\\"/g;
+ $desc = $_;
+ } else {
+ $type = $_;
+ }
+ }
+}
+&print_record();
+print CFILE "\tNULL, 0, NULL\n }\n};\n";
+
+close(IN);
+close(HEADER);
+close(CFILE);
+
+sub print_record {
+ $defname = "I_" . uc($var);
+ printf HEADER "#define %-24s%d", $defname, $count;
+ #print HEADER "\t/* $desc */" if defined($desc);
+ print HEADER "\n";
+
+ $desc = "NULL" unless defined($desc);
+ print CFILE "\t\"$var\", $type,\n\t\"$desc\"\n }, {\n";
+}
*/
if (runas_matches == -1)
runas_matches = (strcmp(*user_runas,
- def_str(I_RUNAS_DEF)) == 0);
+ def_str(I_RUNAS_DEFAULT)) == 0);
}
| RUNAS runaslist {
runas_matches = ($2 == TRUE ? TRUE : FALSE);
} while ((p = strtok(NULL, ", ")));
(void) fputs(") ", stdout);
} else {
- (void) printf("(%s) ", def_str(I_RUNAS_DEF));
+ (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT));
}
/* Is a password required? */
if (runas_pw->pw_name != NULL) {
#ifdef HAVE_LOGIN_CAP_H
- if (def_flag(I_LOGINCLASS)) {
+ if (def_flag(I_USE_LOGINCLASS)) {
/*
* We don't have setusercontext()
* set the user since we may only
break;
case MODE_VALIDATE:
user_cmnd = "validate";
- pwflag = I_VERIFYPW;
+ pwflag = I_VERIFYPW_I;
break;
case MODE_KILL:
case MODE_INVALIDATE:
break;
case MODE_LIST:
user_cmnd = "list";
- pwflag = I_LISTPW;
+ pwflag = I_LISTPW_I;
printmatches = 1;
break;
}
usage(1);
login_class = NewArgv[1];
- def_flag(I_LOGINCLASS) = TRUE;
+ def_flag(I_USE_LOGINCLASS) = TRUE;
/* Shift Argv over and adjust Argc. */
NewArgc--;
if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "uid 0 does not exist in the passwd file!");
} else if (def_ival(I_RUNASPW)) {
- if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEF))) == NULL)
+ if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEFAULT))) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
- def_str(I_RUNAS_DEF));
+ def_str(I_RUNAS_DEFAULT));
} else if (def_ival(I_TARGETPW)) {
if (**user_runas == '#') {
if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL)
} while ((p = strtok(NULL, ", ")));
(void) fputs(") ", stdout);
} else {
- (void) printf("(%s) ", def_str(I_RUNAS_DEF));
+ (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT));
}
/* Is a password required? */
*/
if (runas_matches == -1)
runas_matches = (strcmp(*user_runas,
- def_str(I_RUNAS_DEF)) == 0);
+ def_str(I_RUNAS_DEFAULT)) == 0);
}
break;
case 40: