From c352187cf8c61c79b51c55f4b0c63c77a787ed56 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 18 Mar 2008 20:04:41 +0000 Subject: [PATCH] Add -n (non-interactive) flag. --- WHATSNEW | 4 +++ check.c | 7 ++++- sudo.c | 7 +++-- sudo.cat | 76 ++++++++++++++++++++++++------------------------- sudo.h | 3 +- sudo.man.in | 15 ++++++---- sudo.pod | 14 ++++++--- sudo_usage.h.in | 8 +++--- 8 files changed, 79 insertions(+), 55 deletions(-) diff --git a/WHATSNEW b/WHATSNEW index a97c796b4..46286af18 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -58,3 +58,7 @@ What's new in Sudo 1.7? * A new Defaults option, "mailfrom" that sets the value of the "From:" field in the warning/error mail. If unspecified, the login name of the invoking user is used. + + * A new flag, -n, may be used to indicate that sudo should not + prompt the user for a password and, instead, exit with an error + if authentication is required. diff --git a/check.c b/check.c index 0297df5c3..e12aef7ce 100644 --- a/check.c +++ b/check.c @@ -84,8 +84,9 @@ static void update_timestamp __P((char *, char *)); * verify who he/she is. */ void -check_user(validated) +check_user(validated, interactive) int validated; + int interactive; { char *timestampdir = NULL; char *timestampfile = NULL; @@ -99,6 +100,10 @@ check_user(validated) status = timestamp_status(timestampdir, timestampfile, user_name, TS_MAKE_DIRS); if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { + /* Bail out if we are non-interactive and a password is required */ + if (!interactive) + errorx(1, "sorry, a password is required to run %s", getprogname()); + if (!ISSET(tgetpass_flags, TGP_ASKPASS)) lecture(status); diff --git a/sudo.c b/sudo.c index 895e35722..ad43b44e5 100644 --- a/sudo.c +++ b/sudo.c @@ -402,7 +402,7 @@ main(argc, argv, envp) /* Require a password if sudoers says so. */ if (def_authenticate) - check_user(validated); + check_user(validated, !ISSET(sudo_mode, MODE_NONINTERACTIVE)); /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ @@ -827,7 +827,7 @@ parse_args(argc, argv) * Some trickiness is required to allow environment variables * to be interspersed with command line options. */ - if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlPp:r:Sst:Uu:Vv")) != -1) { + if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlnPp:r:Sst:Uu:Vv")) != -1) { switch (ch) { case 'A': SET(tgetpass_flags, TGP_ASKPASS); @@ -907,6 +907,9 @@ parse_args(argc, argv) usage_excl(1); excl = 'l'; break; + case 'n': + SET(rval, MODE_NONINTERACTIVE); + break; case 'V': rval = MODE_VERSION; if (excl && excl != 'V') diff --git a/sudo.cat b/sudo.cat index e777d93f0..b5c363b6c 100644 --- a/sudo.cat +++ b/sudo.cat @@ -8,15 +8,15 @@ NNAAMMEE sudo, sudoedit - execute a command as another user SSYYNNOOPPSSIISS - ssuuddoo --hh | --KK | --kk | --LL | --VV | --vv + ssuuddoo [--nn] --hh | --KK | --kk | --LL | --VV | --vv - ssuuddoo --ll[[ll]] [--AASS] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] + ssuuddoo --ll[[ll]] [--AAnnSS] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d] - ssuuddoo [--AAbbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] + ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [{--ii | --ss] [<_c_o_m_m_a_n_d}] - ssuuddooeeddiitt [--AASS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] + ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file ... DDEESSCCRRIIPPTTIIOONN @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7 March 2, 2008 1 +1.7 March 18, 2008 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7 March 2, 2008 2 +1.7 March 18, 2008 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7 March 2, 2008 3 +1.7 March 18, 2008 3 @@ -229,6 +229,11 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) --llll), or if --ll is specified multiple times, a longer list format is used. + -n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompt- + ing the user for a password. If a password is required for + the command to run, ssuuddoo will display an error messages and + exit. + -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to pre- serve the invoking user's group vector unaltered. By default, ssuuddoo will initialize the group vector to the list @@ -252,21 +257,21 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) %U expanded to the login name of the user the command will be run as (defaults to root) - %u expanded to the invoking user's login name - %% two consecutive % characters are collapsed into a sin- - gle % character +1.7 March 18, 2008 4 -1.7 March 2, 2008 4 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + %u expanded to the invoking user's login name + %% two consecutive % characters are collapsed into a sin- + gle % character The prompt specified by the --pp option will override the system password prompt on systems that support PAM unless @@ -317,15 +322,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) line are subject to the same restrictions as normal environment vari- ables with one important exception. If the _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command - matched is ALL, the user may set variables that would overwise be for- - bidden. See _s_u_d_o_e_r_s(4) for more information. - -RREETTUURRNN VVAALLUUEESS - Upon successful execution of a program, the return value from ssuuddoo will -1.7 March 2, 2008 5 +1.7 March 18, 2008 5 @@ -334,6 +334,11 @@ RREETTUURRNN VVAALLUUEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + matched is ALL, the user may set variables that would overwise be for- + bidden. See _s_u_d_o_e_r_s(4) for more information. + +RREETTUURRNN VVAALLUUEESS + Upon successful execution of a program, the return value from ssuuddoo will simply be the return value of the program that was executed. Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura- @@ -383,15 +388,10 @@ SSEECCUURRIITTYY NNOOTTEESS environment variable is _n_o_t modified and is passed unchanged to the program that ssuuddoo executes. - ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o - by default) and ignore the directory's contents if it is not owned by - root or if it is writable by a user other than root. On systems that - allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp - directory is located in a directory writable by anyone (e.g., _/_t_m_p), it -1.7 March 2, 2008 6 +1.7 March 18, 2008 6 @@ -400,6 +400,11 @@ SSEECCUURRIITTYY NNOOTTEESS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o + by default) and ignore the directory's contents if it is not owned by + root or if it is writable by a user other than root. On systems that + allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp + directory is located in a directory writable by anyone (e.g., _/_t_m_p), it is possible for a user to create the timestamp directory before ssuuddoo is run. However, because ssuuddoo checks the ownership and mode of the direc- tory and its contents, the only damage that can be done is to "hide" @@ -450,21 +455,20 @@ EENNVVIIRROONNMMEENNTT SUDO_COMMAND Set to the command run by sudo - SUDO_USER Set to the login of the user who invoked sudo - - SUDO_UID Set to the uid of the user who invoked sudo +1.7 March 18, 2008 7 -1.7 March 2, 2008 7 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + SUDO_USER Set to the login of the user who invoked sudo + SUDO_UID Set to the uid of the user who invoked sudo SUDO_GID Set to the gid of the user who invoked sudo @@ -517,13 +521,9 @@ AAUUTTHHOORRSS Many people have worked on ssuuddoo over the years; this version consists of code written primarily by: - Todd C. Miller - - See the HISTORY file in the ssuuddoo distribution or visit - -1.7 March 2, 2008 8 +1.7 March 18, 2008 8 @@ -532,6 +532,9 @@ AAUUTTHHOORRSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + Todd C. Miller + + See the HISTORY file in the ssuuddoo distribution or visit http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo. CCAAVVEEAATTSS @@ -586,9 +589,6 @@ DDIISSCCLLAAIIMMEERR - - - -1.7 March 2, 2008 9 +1.7 March 18, 2008 9 diff --git a/sudo.h b/sudo.h index 00cc3e00c..272f169a8 100644 --- a/sudo.h +++ b/sudo.h @@ -114,6 +114,7 @@ struct sudo_user { #define MODE_RESET_HOME 0x04000 #define MODE_PRESERVE_GROUPS 0x08000 #define MODE_PRESERVE_ENV 0x10000 +#define MODE_NONINTERACTIVE 0x20000 /* * Used with set_perms() @@ -236,7 +237,7 @@ int mkstemp __P((char *)); char *sudo_goodpath __P((const char *, struct stat *)); char *tgetpass __P((const char *, int, int)); int find_path __P((char *, char **, struct stat *, char *)); -void check_user __P((int)); +void check_user __P((int, int)); void verify_user __P((struct passwd *, char *)); #ifdef HAVE_LDAP int sudo_ldap_open __P((struct sudo_nss *)); diff --git a/sudo.man.in b/sudo.man.in index 66f6f3400..d63ba1e05 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -150,17 +150,17 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "March 2, 2008" "1.7" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "March 18, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR +\&\fBsudo\fR [\fB\-n\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR .PP -\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] +\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AnS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR] .PP -\&\fBsudo\fR [\fB\-AbEHPS\fR] +\&\fBsudo\fR [\fB\-AbEHnPS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] @@ -169,7 +169,7 @@ sudo, sudoedit \- execute a command as another user [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}] .PP -\&\fBsudoedit\fR [\fB\-AS\fR] +\&\fBsudoedit\fR [\fB\-AnS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] [\fB\-C\fR\ \fIfd\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] @@ -362,6 +362,11 @@ command line arguments. If \fIcommand\fR is specified but not allowed, \&\fBsudo\fR will exit with a return value of 1. If the \fB\-l\fR flag is specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR is specified multiple times, a longer list format is used. +.IP "\-n" 12 +.IX Item "-n" +The \fB\-n\fR (\fInon-interactive\fR) option prevents \fBsudo\fR from prompting +the user for a password. If a password is required for the command +to run, \fBsudo\fR will display an error messages and exit. .IP "\-P" 12 .IX Item "-P" The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to diff --git a/sudo.pod b/sudo.pod index ba3af82ee..fbe657e9f 100644 --- a/sudo.pod +++ b/sudo.pod @@ -27,12 +27,12 @@ sudo, sudoedit - execute a command as another user =head1 SYNOPSIS -B B<-h> | B<-K> | B<-k> | B<-L> | B<-V> | B<-v> +B [B<-n>] B<-h> | B<-K> | B<-k> | B<-L> | B<-V> | B<-v> -B B<-l[l]> [B<-AS>] S<[B<-g> I|I<#gid>]> S<[B<-U> I]> +B B<-l[l]> [B<-AnS>] S<[B<-g> I|I<#gid>]> S<[B<-U> I]> S<[B<-u> I|I<#uid>]> [I] -B [B<-AbEHPS>] +B [B<-AbEHnPS>] S<[B<-a> I]> S<[B<-C> I]> S<[B<-c> I|I<->]> @@ -41,7 +41,7 @@ S<[B<-r> I]> S<[B<-t> I]> S<[B<-u> I|I<#uid>]> S<[B=I]> [S<{B<-i> | B<-s>] [}>] -B [B<-AS>] +B [B<-AnS>] S<[B<-a> I]> S<[B<-C> I]> S<[B<-c> I|I<->]> @@ -260,6 +260,12 @@ B will exit with a return value of 1. If the B<-l> flag is specified with an B argument (i.e. B<-ll>), or if B<-l> is specified multiple times, a longer list format is used. +=item -n + +The B<-n> (I) option prevents B from prompting +the user for a password. If a password is required for the command +to run, B will display an error messages and exit. + =item -P The B<-P> (I I) option causes B to diff --git a/sudo_usage.h.in b/sudo_usage.h.in index 2351505ce..5a1bfc60f 100644 --- a/sudo_usage.h.in +++ b/sudo_usage.h.in @@ -5,9 +5,9 @@ * Usage strings for sudo. These are here because we * need to be able to substitute values from configure. */ -#define SUDO_USAGE1 " -h | -K | -k | -L | -V | -v" -#define SUDO_USAGE2 " -l[l] [-AS] [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]" -#define SUDO_USAGE3 " [-AbEHPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []" -#define SUDO_USAGE4 " -e [-AS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..." +#define SUDO_USAGE1 " [-n] -h | -K | -k | -L | -V | -v" +#define SUDO_USAGE2 " -l[l] [-AnS] [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]" +#define SUDO_USAGE3 " [-AbEHnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []" +#define SUDO_USAGE4 " -e [-AnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..." #endif /* _SUDO_USAGE_H */ -- 2.50.0