From: Todd C. Miller Date: Wed, 2 Jan 2008 15:09:20 +0000 (+0000) Subject: add sudo_nss.h to HDRS X-Git-Tag: SUDO_1_7_0~265 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=915fc493cf7e635fc45235d4d16e757209824ded;p=sudo add sudo_nss.h to HDRS --- diff --git a/Makefile.in b/Makefile.in index bb9b152e8..7f043b695 100644 --- a/Makefile.in +++ b/Makefile.in @@ -115,7 +115,7 @@ AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ HDRS = compat.h def_data.h defaults.h error.h ins_2001.h ins_classic.h \ ins_csops.h ins_goons.h insults.h interfaces.h lbuf.h list.h \ - logging.h parse.h sudo.h gram.h version.h auth/sudo_auth.h \ + logging.h parse.h sudo.h sudo_nss.h gram.h version.h auth/sudo_auth.h \ emul/fnmatch.h emul/glob.h emul/timespec.h emul/utime.h redblack.h AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ diff --git a/TODO b/TODO index 6ef146216..144ce638d 100644 --- a/TODO +++ b/TODO @@ -98,65 +98,64 @@ TODO list (most will be addressed in sudo 2.0) 33) Move prototypes to extern.h? -34) Get rid of VALIDATE_NOT_OK and just set/clear VALIDATE_OK +34) visudo -c should also sanity check aliases -35) visudo -c should also sanity check aliases +35) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too? -36) Use AC_CHECK_DECLS for systems w/o proper prototypes? Maybe errno too? - -37) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup +36) Flesh out testsudoers and fix glob/opendir issues. Use custom netgroup code too? -38) Think some more about giving admins a way to test commands for a user +37) Think some more about giving admins a way to test commands for a user on a specific host with a different sudoers file. -39) Add nsswitch.conf parsing to LDAP support. - -40) Refactor duplicated code in ldap.c into wrapper functions. +38) Refactor duplicated code in ldap.c into wrapper functions. -41) Return command from command_matches() instead of setting safe_cmnd directly. +39) Return command from command_matches() instead of setting safe_cmnd directly. -42) Roll visudo into sudo ala sudoedit. +40) Roll visudo into sudo ala sudoedit. -43) Add ticket file to ticket dir in non-tty tickets case so we +41) Add ticket file to ticket dir in non-tty tickets case so we can mix tty and non-tty ticket schemes. -44) Use ldap_get_values_len() instead of ldap_get_values() for - OpenLDAP (what about others?) - -45) Add support for NOEXEC w/ 64-bit AIX executables. +42) Add support for NOEXEC w/ 64-bit AIX executables. http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.xlf91a.doc/xlfug/comp64.htm -46) Revisit debian fqdn diffs. +43) Revisit debian fqdn diffs. -47) Add gettext() support. Can borrow some translations from PAM. +44) Add gettext() support. Can borrow some translations from PAM. -48) Convert the other capitalized files into .pod so we can get decent html +45) Convert the other capitalized files into .pod so we can get decent html form them? E.g. README, etc. E.g. pod2text -l -i0 history.pod > HISTORY pod2html --noindex history.pod > history.html -49) Use mkstemp() for visudo temp files? Also re-examine locking. +46) Use mkstemp() for visudo temp files? Also re-examine locking. -50) Run sudo thorugh valgrind +47) Run sudo thorugh valgrind -51) Make -a and -c options in sudo.pod only visible when available. +48) Make -a and -c options in sudo.pod only visible when available. Could use an nroff register combines with configure substitute magic. Note that configure substitution runs on the .man.in file not the .pod file. -52) Consolidate line wrap code. +49) Consolidate line wrap code. -53) How can we distinguish between a bare '\\' and one that is escaping +50) How can we distinguish between a bare '\\' and one that is escaping glob chars? Right now we convert \\ -> \ in the lexer which causes the confusion. -54) For LDAP entries, should be able to parse the per-command options +51) For LDAP entries, should be able to parse the per-command options since they may affect the outcome (e.g. default_runas). -55) Better LDAP documention. Perhaps a sudo-ldap man page. +52) Better LDAP documention. Perhaps a sudo-ldap man page. -56) Improve nss error handling. Consider removing sources that +53) Improve nss error handling. Consider removing sources that can't be opened. Need to keep in mind ret_notfound. -57) lookup method should only return VALIDATE_NOT_OK if matched !command. +54) lookup method should only return VALIDATE_NOT_OK if matched !command. + +55) Convert LDAP code from using deprecated interfaces and stop + defining LDAP_DEPRECATED in configure. Deprecated functions: + ldap_search_s ldap_init ldap_simple_bind_s ldap_unbind_s + +56) Emulate ldap_initialize() on SDKs where it is not available? diff --git a/sudo.cat b/sudo.cat index f8709305a..1acfcc5a2 100644 --- a/sudo.cat +++ b/sudo.cat @@ -1,7 +1,7 @@ -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) NNAAMMEE @@ -61,13 +61,13 @@ DDEESSCCRRIIPPTTIIOONN -1.7 December 10, 2007 1 +1.7 January 1, 2008 1 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) commands through sudo even when a root shell has been @@ -107,7 +107,7 @@ OOPPTTIIOONNSS descriptor three). Values less than three are not permitted. This option is only available if the administrator has enabled the _c_l_o_s_e_- - _f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(4). + _f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(5). -c _c_l_a_s_s The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified command with resources limited by @@ -127,20 +127,20 @@ OOPPTTIIOONNSS -1.7 December 10, 2007 2 +1.7 January 1, 2008 2 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) -E The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will - override the _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)). + override the _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(5)). It is only available when either the matching command has the SETENV tag or the _s_e_t_e_n_v - option is set in _s_u_d_o_e_r_s(4). + option is set in _s_u_d_o_e_r_s(5). -e The --ee (_e_d_i_t) option indicates that, instead of running a command, the user wishes to edit @@ -189,28 +189,28 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -H The --HH (_H_O_M_E) option sets the HOME environment variable to the homedir of the target user - (root by default) as specified in _p_a_s_s_w_d(4). + (root by default) as specified in _p_a_s_s_w_d(5). -1.7 December 10, 2007 3 +1.7 January 1, 2008 3 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) By default, ssuuddoo does not modify HOME (see - _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(4)). + _s_e_t___h_o_m_e and _a_l_w_a_y_s___s_e_t___h_o_m_e in _s_u_d_o_e_r_s(5)). -h The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message and exit. -i [command] The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs - the shell specified in the _p_a_s_s_w_d(4) entry of + the shell specified in the _p_a_s_s_w_d(5) entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. @@ -221,8 +221,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) running the shell. It also initializes the environment, leaving _D_I_S_P_L_A_Y and _T_E_R_M unchanged, setting _H_O_M_E, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, - and _P_A_T_H, and unsetting all other environment - variables. + and _P_A_T_H, as well as the contents of + _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t. All other environment vari- + ables are removed. -K The --KK (sure _k_i_l_l) option is like --kk except that it removes the user's timestamp entirely. @@ -255,19 +256,19 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) allowed, ssuuddoo will exit with a return value of 1. - -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes -1.7 December 10, 2007 4 +1.7 January 1, 2008 4 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) + -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to preserve the invoking user's group vector unaltered. By default, ssuuddoo will ini- tialize the group vector to the list of groups @@ -308,7 +309,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -s [command] The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L environment variable if it is set - or the shell as specified in _p_a_s_s_w_d(4). If a + or the shell as specified in _p_a_s_s_w_d(5). If a command is specified, it is passed to the shell for execution. Otherwise, an interac- tive shell is executed. @@ -321,23 +322,23 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -u _u_s_e_r The --uu (_u_s_e_r) option causes ssuuddoo to run the specified command as a user other than _r_o_o_t. - To specify a _u_i_d instead of a _u_s_e_r _n_a_m_e, use -1.7 December 10, 2007 5 +1.7 January 1, 2008 5 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) + To specify a _u_i_d instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d. When running commands as a _u_i_d, many shells require that the '#' be escaped with a backslash ('\'). Note that if the _t_a_r_g_e_t_p_w - Defaults option is set (see _s_u_d_o_e_r_s(4)) it is + Defaults option is set (see _s_u_d_o_e_r_s(5)) it is not possible to run commands with a uid not listed in the password database. @@ -367,7 +368,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_- _e_r_s, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that - would overwise be forbidden. See _s_u_d_o_e_r_s(4) for more + would overwise be forbidden. See _s_u_d_o_e_r_s(5) for more information. RREETTUURRNN VVAALLUUEESS @@ -390,14 +391,13 @@ RREETTUURRNN VVAALLUUEESS +1.7 January 1, 2008 6 -1.7 December 10, 2007 6 - -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) SSEECCUURRIITTYY NNOOTTEESS @@ -457,13 +457,13 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7 December 10, 2007 7 +1.7 January 1, 2008 7 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) owned by root and inaccessible by any other user, the user @@ -491,7 +491,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) ssuuddoo to verify that the command does not inadvertently give the user an effective root shell. For more informa- tion, please see the PREVENTING SHELL ESCAPES section in - _s_u_d_o_e_r_s(4). + _s_u_d_o_e_r_s(5). EENNVVIIRROONNMMEENNTT ssuuddoo utilizes the following environment variables: @@ -523,13 +523,13 @@ EENNVVIIRROONNMMEENNTT -1.7 December 10, 2007 8 +1.7 January 1, 2008 8 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) sudo @@ -545,9 +545,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) FFIILLEESS _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps + _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mmooddee EEXXAAMMPPLLEESS - Note: the following examples assume suitable _s_u_d_o_e_r_s(4) + Note: the following examples assume suitable _s_u_d_o_e_r_s(5) entries. To get a file listing of an unreadable directory: @@ -575,8 +576,8 @@ EEXXAAMMPPLLEESS $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" SSEEEE AALLSSOO - _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), - _s_u_d_o_e_r_s(4), _v_i_s_u_d_o(1m) + _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(5), + _s_u_d_o_e_r_s(5), _v_i_s_u_d_o(8) AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this ver- @@ -585,19 +586,19 @@ AAUUTTHHOORRSS Todd C. Miller See the HISTORY file in the ssuuddoo distribution or visit - http://www.sudo.ws/sudo/history.html for a short history -1.7 December 10, 2007 9 +1.7 January 1, 2008 9 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(8) MAINTENANCE COMMANDS SUDO(8) + http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo. CCAAVVEEAATTSS @@ -607,7 +608,7 @@ CCAAVVEEAATTSS user to run commands via shell escapes, thus avoiding ssuuddoo's checks. However, on most systems it is possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. - See the _s_u_d_o_e_r_s(4) manual for details. + See the _s_u_d_o_e_r_s(5) manual for details. It is not meaningful to run the cd command directly via sudo, e.g., @@ -654,7 +655,6 @@ DDIISSCCLLAAIIMMEERR - -1.7 December 10, 2007 10 +1.7 January 1, 2008 10 diff --git a/sudo.man.in b/sudo.man.in index b4847bc23..66d6b2eed 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "December 10, 2007" "1.7" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "January 1, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -314,8 +314,9 @@ it is passed to the shell for execution. Otherwise, an interactive shell is executed. \fBsudo\fR attempts to change to that user's home directory before running the shell. It also initializes the environment, leaving \fI\s-1DISPLAY\s0\fR and \fI\s-1TERM\s0\fR unchanged, setting -\&\fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, and unsetting -all other environment variables. +\&\fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, as well as +the contents of \fI/etc/environment\fR. All other environment variables +are removed. .IP "\-K" 12 .IX Item "-K" The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes @@ -583,6 +584,9 @@ Default editor to use in \fB\-e\fR (sudoedit) mode .ie n .IP "\fI@timedir@\fR\*(C` \*(C'Directory containing timestamps" 4 .el .IP "\fI@timedir@\fR\f(CW\*(C` \*(C'\fRDirectory containing timestamps" 4 .IX Item "@timedir@ Directory containing timestamps" +.ie n .IP "\fI/etc/environment\fR\*(C` \*(C'\fRInitial environment for \fB\-i mode" 4 +.el .IP "\fI/etc/environment\fR\f(CW\*(C` \*(C'\fRInitial environment for \fB\-i\fR mode" 4 +.IX Item "/etc/environment Initial environment for -i mode" .PD .SH "EXAMPLES" .IX Header "EXAMPLES"