From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 17 Jan 2000 17:25:10 +0000 (+0000)
Subject: Add 'shell_noargs' runtime option back in.  We have to defer checking
X-Git-Tag: SUDO_1_6_2~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ccb808da31799dabb358cf9086ccc52573390e30;p=sudo

Add 'shell_noargs' runtime option back in.  We have to defer checking
until after the sudoers file has been parsed but since there are now
other options that operate that way this one can too.  Based on a patch
from bguillory@email.com.
---

diff --git a/INSTALL b/INSTALL
index 0b4d98627..f8e755f42 100644
--- a/INSTALL
+++ b/INSTALL
@@ -228,12 +228,6 @@ Special features/options:
 	security hole as most editors allow a user to get a shell (which would
 	be a root shell and hence, no logging).
 
-  --enable-noargs-shell
-	If sudo is invoked with no arguments it acts as if the "-s" flag had
-	been given.  That is, it runs a shell as root (the shell is determined
-	by the SHELL environment variable, falling back on the shell listed
-	in the invoking user's /etc/passwd entry).
-
 The following options are also configurable at runtime:
 
   --with-otp-only
@@ -423,6 +417,12 @@ The following options are also configurable at runtime:
   --enable-log-host
 	Log the hostname in the log file.
 
+  --enable-noargs-shell
+	If sudo is invoked with no arguments it acts as if the "-s" flag had
+	been given.  That is, it runs a shell as root (the shell is determined
+	by the SHELL environment variable, falling back on the shell listed
+	in the invoking user's /etc/passwd entry).
+
   --enable-shell-sets-home
 	If sudo is invoked with the "-s" flag the HOME environment variable
 	will be set to the home directory of the target user (which is root
diff --git a/defaults.c b/defaults.c
index d01eaea5c..ca280f739 100644
--- a/defaults.c
+++ b/defaults.c
@@ -163,6 +163,9 @@ struct sudo_defs_types sudo_defs_table[] = {
     }, {
 	"log_year", T_FLAG,
 	"Log the year in the (non-syslog) log file"
+    }, {
+	"shell_noargs", T_FLAG,
+	"If sudo is invoked with no arguments, start a shell"
     }, {
 	"set_home", T_FLAG,
 	"Set $HOME to the target user when starting a shell with -s"
@@ -515,6 +518,9 @@ init_defaults()
 #ifdef HOST_IN_LOG
     def_flag(I_LOG_HOST) = TRUE;
 #endif
+#ifdef SHELL_IF_NO_ARGS
+    def_flag(I_SHELL_NOARGS) = TRUE;
+#endif
 #ifdef SHELL_SETS_HOME
     def_flag(I_SET_HOME) = TRUE;
 #endif
diff --git a/defaults.h b/defaults.h
index d3082f1d7..3ece174eb 100644
--- a/defaults.h
+++ b/defaults.h
@@ -105,39 +105,40 @@ struct sudo_defs_types {
 #define I_ROOT_SUDO		15
 #define I_LOG_HOST		16
 #define I_LOG_YEAR		17
-#define I_SET_HOME		18
-#define I_PATH_INFO		19
-#define I_FQDN			20
-#define I_INSULTS		21
-#define I_REQUIRETTY		22
+#define I_SHELL_NOARGS		18
+#define I_SET_HOME		19
+#define I_PATH_INFO		20
+#define I_FQDN			21
+#define I_INSULTS		22
+#define I_REQUIRETTY		23
 
 /* Integer values */
-#define	I_LOGLEN	23	/* wrap log file line after N chars */
-#define	I_TS_TIMEOUT	24	/* timestamp stale after N minutes */
-#define	I_PW_TIMEOUT	25	/* exit if pass not entered in N minutes */
-#define	I_PW_TRIES	26	/* exit after N bad password tries */
-#define	I_UMASK		27	/* umask to use or 0777 to use user's */
+#define	I_LOGLEN	24	/* wrap log file line after N chars */
+#define	I_TS_TIMEOUT	25	/* timestamp stale after N minutes */
+#define	I_PW_TIMEOUT	26	/* exit if pass not entered in N minutes */
+#define	I_PW_TRIES	27	/* exit after N bad password tries */
+#define	I_UMASK		28	/* umask to use or 0777 to use user's */
 
 /* Strings */
-#define	I_LOGFILE	28	/* path to logfile (or NULL for none) */
-#define	I_MAILERPATH	29	/* path to sendmail or other mailer */
-#define	I_MAILERFLAGS	30	/* flags to pass to the mailer */
-#define	I_MAILTO	31	/* who to send bitch mail to */
-#define	I_MAILSUB	32	/* subject line of mail msg */
-#define	I_BADPASS_MSG	33	/* what to say when passwd is wrong */
-#define	I_TIMESTAMPDIR	34	/* path to timestamp dir */
-#define	I_EXEMPT_GRP	35	/* no password or PATH override for these */
-#define	I_PASSPROMPT	36	/* password prompt */
-#define	I_RUNAS_DEF	37	/* default user to run commands as */
-#define	I_SECURE_PATH	38	/* set $PATH to this if not NULL */
+#define	I_LOGFILE	29	/* path to logfile (or NULL for none) */
+#define	I_MAILERPATH	30	/* path to sendmail or other mailer */
+#define	I_MAILERFLAGS	31	/* flags to pass to the mailer */
+#define	I_MAILTO	32	/* who to send bitch mail to */
+#define	I_MAILSUB	33	/* subject line of mail msg */
+#define	I_BADPASS_MSG	34	/* what to say when passwd is wrong */
+#define	I_TIMESTAMPDIR	35	/* path to timestamp dir */
+#define	I_EXEMPT_GRP	36	/* no password or PATH override for these */
+#define	I_PASSPROMPT	37	/* password prompt */
+#define	I_RUNAS_DEF	38	/* default user to run commands as */
+#define	I_SECURE_PATH	39	/* set $PATH to this if not NULL */
 
 /* Integer versions of list/verify options */
-#define I_LISTPW	39
-#define I_VERIFYPW	40
+#define I_LISTPW	40
+#define I_VERIFYPW	41
 
 /* String versions of list/verify options */
-#define I_LISTPWSTR	41
-#define I_VERIFYPWSTR	42
+#define I_LISTPWSTR	42
+#define I_VERIFYPWSTR	43
 
 /*
  * Macros for accessing sudo_defs_table.
diff --git a/sudo.c b/sudo.c
index d320c8bad..b935d2f67 100644
--- a/sudo.c
+++ b/sudo.c
@@ -289,6 +289,10 @@ main(argc, argv)
 	exit(1);
     }
 
+    /* If no command line args and "set_home" is not set, error out. */
+    if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS))
+	usage(1);
+
     /* May need to set $HOME to target user. */
     if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))
 	sudo_mode |= MODE_RESET_HOME;
@@ -543,12 +547,10 @@ parse_args()
     NewArgv = Argv + 1;
     NewArgc = Argc - 1;
 
-#ifdef SHELL_IF_NO_ARGS
     if (NewArgc == 0) {			/* no options and no command */
-	rval |= MODE_SHELL;
+	rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
 	return(rval);
     }
-#endif
 
     while (NewArgc > 0 && NewArgv[0][0] == '-') {
 	if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
@@ -637,10 +639,8 @@ parse_args()
 	    case '-':
 		NewArgc--;
 		NewArgv++;
-#ifdef SHELL_IF_NO_ARGS
 		if (rval == MODE_RUN)
-		    rval |= MODE_SHELL;
-#endif
+		    rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
 		return(rval);
 	    case '\0':
 		(void) fprintf(stderr, "%s: '-' requires an argument\n",
diff --git a/sudo.h b/sudo.h
index 504b97324..77b6f5c33 100644
--- a/sudo.h
+++ b/sudo.h
@@ -99,7 +99,8 @@ struct sudo_user {
 #define MODE_LISTDEFS            00200
 #define MODE_BACKGROUND          00400
 #define MODE_SHELL               01000
-#define MODE_RESET_HOME          02000
+#define MODE_IMPLIED_SHELL       02000
+#define MODE_RESET_HOME          04000
 
 /*
  * Used with set_perms()
diff --git a/sudoers.pod b/sudoers.pod
index 4a48ef070..8bfd59cd0 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -269,6 +269,10 @@ Log the hostname in the (non-syslog) log file
 
 Log the year in the (non-syslog) log file
 
+=item shell_noargs
+
+If sudo is invoked with no arguments, start a shell
+
 =item set_home
 
 Set $HOME to the target user when starting a shell with C<-s>