From: Todd C. Miller Date: Sun, 27 Feb 2000 03:49:07 +0000 (+0000) Subject: Added -S flag (read passwd from stdin) and tgetpass_flags global X-Git-Tag: SUDO_1_6_3~43 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=54fbe0854596603fb6e84032b7336026b397c9fa;p=sudo Added -S flag (read passwd from stdin) and tgetpass_flags global that holds flags to be passed in to tgetpass(). Change echo_off param to tgetpass() into a flags field. There are currently 2 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(), abstract the echo set/clear via macros and if (flags & TGP_ECHO) but echo is not set on the terminal, but sure to set it. --- diff --git a/CHANGES b/CHANGES index 86ce39fa3..57962af0e 100644 --- a/CHANGES +++ b/CHANGES @@ -1250,13 +1250,18 @@ Sudo 1.6.2 released. 394) Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson. -395) It is now possible to set the path to the editor for visudo as well +395) Fixed a bug that caused an infinite loop when the password + timeout was disabled. + +396) It is now possible to set the path to the editor for visudo as well as the flag that determines whether or not visudo will look at $EDITOR in the sudoers file. -396) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc +397) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc as the documentation says it ought to. -397) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default +398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default and target user's passwords respectively (instead of the invoking user's password). + +399) Added -S flag to force password read from stdin. diff --git a/RUNSON b/RUNSON index 17dc861e9..a26757d42 100644 --- a/RUNSON +++ b/RUNSON @@ -6,16 +6,16 @@ the current version of sudo does not mean it won't work... Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none -SunOS 4.1.3 sun4 bundled cc 1.6.2p1 Todd Miller none -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p1 Todd Miller none +SunOS 4.1.3 sun4 bundled cc 1.6.2p2 Todd Miller none +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller none SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 -SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey +SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none -Solaris 2.6 sparc gcc2.9.5.2 1.6.2p1 Todd Miller none -Solaris 2.6 sparc gcc2.9.5.2 1.6.2p1 Todd Miller --with-pam -Solaris 2.6 i386 gcc2.9.5.2 1.6.2p1 Todd Miller none +Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller none +Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller --with-pam +Solaris 2.6 i386 gcc2.9.5.2 1.6.2p2 Todd Miller none Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none Solaris 7 i386 gcc 2.8.1 1.6.1 Ido Dubrawsky none @@ -32,15 +32,15 @@ HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.10 hp700 unbundled cc 1.6.2p1 Todd Miller --with-skey -HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey -HP-UX 10.20 hp700 bundled cc 1.6.2p1 Todd Miller none +HP-UX 10.10 hp700 unbundled cc 1.6.2p2 Todd Miller --with-skey +HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey +HP-UX 10.20 hp700 bundled cc 1.6.2p2 Todd Miller none HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2 HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none HP-UX 11.00 hp700 HP C compiler 1.6.2 Jeff Earickson --with-pam HP-UX 10.20 hp700 gcc 2.95.2 1.6.2 Jeff Earickson --with-DCE -Ultrix 4.3 mips bundled cc 1.6.2p1 Todd Miller none +Ultrix 4.3 mips bundled cc 1.6.2p2 Todd Miller none Ultrix 4.3 mips gcc2.7.2.1 1.5.9 Todd Miller --with-skey IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none IRIX 4.05H mips unbundled cc 1.4 Todd Miller none @@ -48,8 +48,8 @@ IRIX 5.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none -IRIX 5.3 mips unbundled cc 1.6.2p1 Todd Miller none -IRIX 5.3 mips gcc2.9.5.2 1.6.2p1 Todd Miller --with-skey +IRIX 5.3 mips unbundled cc 1.6.2p2 Todd Miller none +IRIX 5.3 mips gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 @@ -67,14 +67,14 @@ NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none -DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p1 Todd Miller --with-skey +DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p2 Todd Miller --with-skey DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2 DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none -AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p1 Todd Miller none -AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p1 Todd Miller --with-authenticate +AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller none +AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller --with-authenticate AIX 4.1.5 rs6000 gcc-2.7.2.3 1.4.4 Daniel Robitaille none AIX 4.1.X rs6000 bundled cc 1.5.3 Robin Jackson --with-AFS AIX 4.1.X PowerPC bundled cc 1.5.3 Robin Jackson --with-AFS @@ -85,9 +85,9 @@ AIX 4.3.2 rs6000 egcs 1.1.2 1.5.9p4 Scott Kinnane none ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none -OpenBSD 2.X i586 gcc-2.8.1 1.6.2p1 Todd Miller none -OpenBSD 2.X alpha gcc-2.8.1 1.6.2p1 Todd Miller none -OpenBSD 2.X m68k gcc-2.8.1 1.6.2p1 Todd Miller none +OpenBSD 2.X i586 gcc-2.8.1 1.6.2p2 Todd Miller none +OpenBSD 2.X alpha gcc-2.8.1 1.6.2p2 Todd Miller none +OpenBSD 2.X m68k gcc-2.8.1 1.6.2p2 Todd Miller none OpenBSD 2.X mvme88k gcc-2.8.1 1.5.9 Steve Murphree none FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none @@ -95,12 +95,12 @@ FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2 Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none -Linux 2.0.36 i586 gcc-2.95.2 1.6.2p1 Todd Miller none +Linux 2.0.36 i586 gcc-2.95.2 1.6.2p2 Todd Miller none Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none Linux 2.0.34 alpha egcs-2.90.27 1.5.3 Karl Schlitt none Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none -Linux 2.2.12 i586 gcc-2.95.2 1.6.2p1 Todd Miller --with-pam +Linux 2.2.12 i586 gcc-2.95.2 1.6.2p2 Todd Miller --with-pam Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none Linux 2.0.34 mips gcc-2.7.2 1.6 Tristan Roddis none UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none diff --git a/TODO b/TODO index 2232b9f56..f76fba039 100644 --- a/TODO +++ b/TODO @@ -81,6 +81,4 @@ TODO list (most will be addressed in sudo 2.0) 30) Add support for: Default:user@host -31) Add -S flag to force password read from stdin - -32) Do login-style -sh hack for sudo -s? +31) Do login-style -sh hack for sudo -s? diff --git a/auth/aix_auth.c b/auth/aix_auth.c index b528ca056..3e8981ebf 100644 --- a/auth/aix_auth.c +++ b/auth/aix_auth.c @@ -67,7 +67,7 @@ aixauth_verify(pw, prompt, auth) char *message, *pass; int reenter = 1; - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); if (authenticate(pw->pw_name, pass, &reenter, &message) == 0) return(AUTH_SUCCESS); else diff --git a/auth/fwtk.c b/auth/fwtk.c index b71e76b8e..45cb9613a 100644 --- a/auth/fwtk.c +++ b/auth/fwtk.c @@ -118,9 +118,10 @@ fwtk_verify(pw, prompt, auth) /* Get the password/response from the user. */ if (strncmp(resp, "challenge ", 10) == 0) { (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]); - pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, 0); + pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, + tgetpass_flags | TGP_ECHO); } else if (strncmp(resp, "password", 8) == 0) { - pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags); } else { (void) fprintf(stderr, "%s: %s\n", Argv[0], resp); return(AUTH_FATAL); diff --git a/auth/pam.c b/auth/pam.c index ad4e52ec1..182ab2608 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -135,7 +135,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr) struct pam_response *pr; PAM_CONST struct pam_message *pm; const char *p = def_prompt; - int echo = 0; extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) @@ -145,7 +144,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) for (pr = *response, pm = *msg; num_msg--; pr++, pm++) { switch (pm->msg_style) { case PAM_PROMPT_ECHO_ON: - echo = 1; + tgetpass_flags |= TGP_ECHO; case PAM_PROMPT_ECHO_OFF: /* Only override PAM prompt if it matches /^Password: ?/ */ if (strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0' @@ -153,7 +152,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr) p = pm->msg; /* Read the password. */ pr->resp = estrdup((char *) tgetpass(p, - def_ival(I_PW_TIMEOUT) * 60, !echo)); + def_ival(I_PW_TIMEOUT) * 60, tgetpass_flags)); if (*pr->resp == '\0') nil_pw = 1; /* empty password */ break; diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c index 4c27b7395..0c54783e2 100644 --- a/auth/sudo_auth.c +++ b/auth/sudo_auth.c @@ -155,7 +155,8 @@ verify_user(prompt) #ifdef AUTH_STANDALONE p = prompt; #else - p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1); + p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, + tgetpass_flags); if (!p || *p == '\0') nil_pw = 1; #endif /* AUTH_STANDALONE */ diff --git a/sudo.c b/sudo.c index e9f130038..2061f5cb5 100644 --- a/sudo.c +++ b/sudo.c @@ -124,6 +124,7 @@ FILE *sudoers_fp = NULL; static char *runas_homedir = NULL; /* XXX */ struct interface *interfaces; int num_interfaces; +int tgetpass_flags; extern int errorlineno; /* @@ -639,6 +640,9 @@ parse_args() case 'H': rval |= MODE_RESET_HOME; break; + case 'S': + tgetpass_flags |= TGP_STDIN; + break; case '-': NewArgc--; NewArgv++; @@ -1122,7 +1126,7 @@ usage(exit_val) int exit_val; { (void) fprintf(stderr, - "usage: %s -V | -h | -L | -l | -v | -k | -K | -H | [-b] [-p prompt]\n%*s", + "usage: %s -V | -h | -L | -l | -v | -k | -K | -H | [-S] [-b] [-p prompt]\n%*s", Argv[0], (int) strlen(Argv[0]) + 8, " "); (void) fprintf(stderr, "[-u username/#uid] -s | \n"); exit(exit_val); diff --git a/sudo.h b/sudo.h index 5f6972862..e8059cc7a 100644 --- a/sudo.h +++ b/sudo.h @@ -157,6 +157,12 @@ struct sudo_user { #define PWCHECK_ANY 0x04 #define PWCHECK_ALWAYS 0x08 +/* + * Flags for tgetpass() + */ +#define TGP_ECHO 0x01 /* leave echo on when reading passwd */ +#define TGP_STDIN 0x02 /* read from stdin, not /dev/tty */ + /* * Function prototypes */ @@ -218,6 +224,7 @@ extern struct sudo_user sudo_user; extern int Argc; extern char **Argv; extern FILE *sudoers_fp; +extern int tgetpass_flags; #endif extern int errno; diff --git a/tgetpass.c b/tgetpass.c index f2935fd87..91d2c2cad 100644 --- a/tgetpass.c +++ b/tgetpass.c @@ -73,13 +73,37 @@ #include "sudo.h" +#ifndef lint +static const char rcsid[] = "$Sudo$"; +#endif /* lint */ + #ifndef TCSASOFT #define TCSASOFT 0 #endif /* TCSASOFT */ -#ifndef lint -static const char rcsid[] = "$Sudo$"; -#endif /* lint */ +/* + * Abstract method of getting at the term flags. + */ +#undef TERM +#undef tflags +#ifdef HAVE_TERMIOS_H +# define TERM termios +# define tflags c_lflag +# define term_getattr(f, t) tcgetattr(f, t) +# define term_setattr(f, t) tcsetattr(f, TCSAFLUSH|TCSASOFT, t) +#else +# ifdef HAVE_TERMIO_H +# define TERM termio +# define tflags c_lflag +# define term_getattr(f, t) ioctl(f, TCGETA, t) +# define term_setattr(f, t) ioctl(f, TCSETA, t) +# else +# define TERM sgttyb +# define tflags sg_flags +# define term_getattr(f, t) ioctl(f, TIOCGETP, t) +# define term_setattr(f, t) ioctl(f, TIOCSETP, t) +# endif /* HAVE_TERMIO_H */ +#endif /* HAVE_TERMIOS_H */ static char *tgetline __P((int, char *, size_t, int)); @@ -87,25 +111,18 @@ static char *tgetline __P((int, char *, size_t, int)); * Like getpass(3) but with timeout and echo flags. */ char * -tgetpass(prompt, timeout, echo_off) +tgetpass(prompt, timeout, flags) const char *prompt; int timeout; - int echo_off; + int flags; { -#ifdef HAVE_TERMIOS_H - struct termios term; -#else -#ifdef HAVE_TERMIO_H - struct termio term; -#else - struct sgttyb ttyb; -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ + struct TERM term, oterm; int input, output; static char buf[SUDO_PASS_MAX + 1]; /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */ - if ((input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { + if ((flags & TGP_STDIN) || + (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { input = STDIN_FILENO; output = STDERR_FILENO; } @@ -113,53 +130,22 @@ tgetpass(prompt, timeout, echo_off) if (prompt) (void) write(output, prompt, strlen(prompt) + 1); - if (echo_off) { -#ifdef HAVE_TERMIOS_H - (void) tcgetattr(input, &term); - if ((echo_off = (term.c_lflag & ECHO))) { - term.c_lflag &= ~ECHO; - (void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } -#else -#ifdef HAVE_TERMIO_H - (void) ioctl(input, TCGETA, &term); - if ((echo_off = (term.c_lflag & ECHO))) { - term.c_lflag &= ~ECHO; - (void) ioctl(input, TCSETA, &term); - } -#else - (void) ioctl(input, TIOCGETP, &ttyb); - if ((echo_off = (ttyb.sg_flags & ECHO))) { - ttyb.sg_flags &= ~ECHO; - (void) ioctl(input, TIOCSETP, &ttyb); - } -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ - } + /* Turn echo off/on as specified by flags. */ + (void) term_getattr(input, &oterm); + (void) memcpy(&term, &oterm, sizeof(term)); + if ((flags & TGP_ECHO) && !(term.tflags & ECHO)) + term.tflags |= ECHO; + else if (!(flags & TGP_ECHO) && (term.tflags & ECHO)) + term.tflags &= ~ECHO; + (void) term_setattr(input, &term); buf[0] = '\0'; tgetline(input, buf, sizeof(buf), timeout); -#ifdef HAVE_TERMIOS_H - if (echo_off) { - term.c_lflag |= ECHO; - (void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } -#else -#ifdef HAVE_TERMIO_H - if (echo_off) { - term.c_lflag |= ECHO; - (void) ioctl(input, TCSETA, &term); - } -#else - if (echo_off) { - ttyb.sg_flags |= ECHO; - (void) ioctl(input, TIOCSETP, &ttyb); - } -#endif /* HAVE_TERMIO_H */ -#endif /* HAVE_TERMIOS_H */ + /* Restore old tty flags. */ + (void) term_setattr(input, &oterm); - if (echo_off) + if (!(flags & TGP_ECHO)) (void) write(output, "\n", 1); if (input != STDIN_FILENO)