mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 22:35:10 +00:00
Code Issues Releases Wiki Activity

Add rootpw, runaspw, and targetpw options.

Browse Source
This commit is contained in:
Todd C. Miller
2000-02-18 17:56:28 +00:00
parent 44c5092fab
commit 09b23e7b41
10 changed files with 247 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@@ -1253,3 +1253,10 @@ Sudo 1.6.2 released.
395) It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
396) configure now pulls in the values of LIBS, LDFLAGS, CPPFLAGS, etc
as the documentation says it ought to.
397) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user's passwords respectively (instead of the invoking user's
password).

11
defaults.c
View File

@@ -184,6 +184,15 @@ struct sudo_defs_types sudo_defs_table[] = {
}, {
"env_editor", T_FLAG,
"Visudo will honor the EDITOR environment variable"
}, {
"rootpw", T_FLAG,
"Prompt for root's password, not the users's"
}, {
"runaspw", T_FLAG,
"Prompt for the runas_default user's password, not the users's"
}, {
"targetpw", T_FLAG,
"Prompt for the target user's password, not the users's"
}, {
"loglinelen", T_INT|T_BOOL,
"Length at which to wrap log file lines (0 for no wrap): %d"
@@ -534,7 +543,7 @@ init_defaults()
def_flag(I_INSULTS) = TRUE;
#endif
#ifdef ENV_EDITOR
def_flag(I_ENVEDITOR) = TRUE;
def_flag(I_ENV_EDITOR) = TRUE;
#endif
/* Syslog options need special care since they both strings and ints */

47
defaults.h
View File

@@ -111,36 +111,39 @@ struct sudo_defs_types {
#define I_FQDN 21
#define I_INSULTS 22
#define I_REQUIRETTY 23
#define I_ENVEDITOR 24
#define I_ENV_EDITOR 24
#define I_ROOTPW 25
#define I_RUNASPW 26
#define I_TARGETPW 27
/* Integer values */
#define I_LOGLEN 25 /* wrap log file line after N chars */
#define I_TS_TIMEOUT 26 /* timestamp stale after N minutes */
#define I_PW_TIMEOUT 27 /* exit if pass not entered in N minutes */
#define I_PW_TRIES 28 /* exit after N bad password tries */
#define I_UMASK 29 /* umask to use or 0777 to use user's */
#define I_LOGLEN 28 /* wrap log file line after N chars */
#define I_TS_TIMEOUT 29 /* timestamp stale after N minutes */
#define I_PW_TIMEOUT 30 /* exit if pass not entered in N minutes */
#define I_PW_TRIES 31 /* exit after N bad password tries */
#define I_UMASK 32 /* umask to use or 0777 to use user's */
/* Strings */
#define I_LOGFILE 30 /* path to logfile (or NULL for none) */
#define I_MAILERPATH 31 /* path to sendmail or other mailer */
#define I_MAILERFLAGS 32 /* flags to pass to the mailer */
#define I_MAILTO 33 /* who to send bitch mail to */
#define I_MAILSUB 34 /* subject line of mail msg */
#define I_BADPASS_MSG 35 /* what to say when passwd is wrong */
#define I_TIMESTAMPDIR 36 /* path to timestamp dir */
#define I_EXEMPT_GRP 37 /* no password or PATH override for these */
#define I_PASSPROMPT 38 /* password prompt */
#define I_RUNAS_DEF 39 /* default user to run commands as */
#define I_SECURE_PATH 40 /* set $PATH to this if not NULL */
#define I_EDITOR 41 /* path to editor used by visudo */
#define I_LOGFILE 33 /* path to logfile (or NULL for none) */
#define I_MAILERPATH 34 /* path to sendmail or other mailer */
#define I_MAILERFLAGS 35 /* flags to pass to the mailer */
#define I_MAILTO 36 /* who to send bitch mail to */
#define I_MAILSUB 37 /* subject line of mail msg */
#define I_BADPASS_MSG 38 /* what to say when passwd is wrong */
#define I_TIMESTAMPDIR 39 /* path to timestamp dir */
#define I_EXEMPT_GRP 40 /* no password or PATH override for these */
#define I_PASSPROMPT 41 /* password prompt */
#define I_RUNAS_DEF 42 /* default user to run commands as */
#define I_SECURE_PATH 43 /* set $PATH to this if not NULL */
#define I_EDITOR 44 /* path to editor used by visudo */
/* Integer versions of list/verify options */
#define I_LISTPW 42
#define I_VERIFYPW 43
#define I_LISTPW 45
#define I_VERIFYPW 46
/* String versions of list/verify options */
#define I_LISTPWSTR 44
#define I_VERIFYPWSTR 45
#define I_LISTPWSTR 47
#define I_VERIFYPWSTR 48
/*
* Macros for accessing sudo_defs_table.

3
getspwuid.c
View File

@@ -94,7 +94,6 @@ int crypt_type = INT_MAX;
* Local functions not visible outside getspwuid.c
*/
static char *sudo_getshell __P((struct passwd *));
static char *sudo_getepw __P((struct passwd *));
/*
@@ -123,7 +122,7 @@ sudo_getshell(pw)
* Return the encrypted password for the user described by pw. If shadow
* passwords are in use, look in the shadow file.
*/
static char *
char *
sudo_getepw(pw)
struct passwd *pw;
{

40
sudo.c
View File

@@ -108,6 +108,7 @@ static int init_vars __P((int));
static void add_env __P((int));
static void clean_env __P((char **, struct env_table *));
static void initial_setup __P((void));
static void update_epasswd __P((void));
extern struct passwd *sudo_getpwuid __P((uid_t));
extern void list_matches __P((void));
@@ -304,6 +305,9 @@ main(argc, argv)
(void) close(fd);
}
/* Update encrypted password in user_password if sudoers said to. */
update_epasswd();
/* Require a password unless the NOPASS tag was set. */
if (!(validated & FLAG_NOPASS))
check_user();
@@ -1062,6 +1066,42 @@ set_fqdn()
}
}
/*
* If the sudoers file says to prompt for a different user's password,
* update the encrypted password in user_passwd accordingly.
*/
static void
update_epasswd()
{
struct passwd *pw;
/* We may be configured to prompt for a password other than the user's */
if (def_ival(I_ROOTPW)) {
if ((pw = getpwuid(0)) == NULL)
log_error(0, "uid 0 does not exist in the passwd file!");
free(user_passwd);
user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_RUNASPW)) {
if ((pw = getpwnam(def_str(I_RUNAS_DEF))) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
def_str(I_RUNAS_DEF));
free(user_passwd);
user_passwd = estrdup(sudo_getepw(pw));
} else if (def_ival(I_TARGETPW)) {
if (**user_runas == '#') {
if ((pw = getpwuid(atoi(*user_runas + 1))) == NULL)
log_error(0, "uid %s does not exist in the passwd file!",
user_runas);
} else {
if ((pw = getpwnam(*user_runas)) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
user_runas);
}
free(user_passwd);
user_passwd = estrdup(sudo_getepw(pw));
}
}
/*
* Tell which options are mutually exclusive and exit.
*/

1
sudo.h
View File

@@ -208,6 +208,7 @@ int lock_file __P((int, int));
int touch __P((char *, time_t));
int user_is_exempt __P((void));
void set_fqdn __P((void));
char *sudo_getepw __P((struct passwd *));
YY_DECL;
/* Only provide extern declarations outside of sudo.c. */

252
sudoers.cat
View File

@@ -381,13 +381,13 @@ sudoers(5) FILE FORMATS sudoers(5)
to get a shell (which would be a root shell
and not be logged).
IIIInnnntttteeeeggggeeeerrrrssss:
passwd_tries
The number of tries a user gets to enter
his/her password before sudo logs the failure
and exits. The default is 3.
rootpw If set, sudo will prompt for the root password
instead of the password of the invoking user.
runaspw If set, sudo will prompt for the password of
the user defined by the _r_u_n_a_s___d_e_f_a_u_l_t option
(defaults to root) instead of the password of
the invoking user.
@@ -400,6 +400,18 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
targetpw If set, sudo will prompt for the password of
the user specified by the -u flag (defaults to
root) instead of the password of the invoking
user.
IIIInnnntttteeeeggggeeeerrrrssss:
passwd_tries
The number of tries a user gets to enter
his/her password before sudo logs the failure
and exits. The default is 3.
IIIInnnntttteeeeggggeeeerrrrssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt:
loglinelen Number of characters per line for the file
@@ -441,18 +453,6 @@ sudoers(5) FILE FORMATS sudoers(5)
timestamp files. The default is either
/var/run/sudo or /tmp/sudo.
passprompt The default prompt to use when asking for a
password; can be overridden via the -p option
or the SUDO_PROMPT environment variable.
Supports two escapes: "%u" expands to the
user's login name and "%h" expands to the
local hostname. The default value is
"Password:".
runas_default
The default user to run commands as if the -u
flag is not specified on the command line.
This defaults to "root".
@@ -466,6 +466,19 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
passprompt The default prompt to use when asking for a
password; can be overridden via the -p option
or the SUDO_PROMPT environment variable.
Supports two escapes: "%u" expands to the
user's login name and "%h" expands to the
local hostname. The default value is
"Password:".
runas_default
The default user to run commands as if the -u
flag is not specified on the command line.
This defaults to "root".
syslog_goodpri
Syslog priority to use when user authenticates
successfully. Defaults to "notice".
@@ -507,6 +520,18 @@ sudoers(5) FILE FORMATS sudoers(5)
verifypw This option controls when a password will be
required when a user runs sudo with the ----vvvv.
18/Feb/2000 1.6.3 8
sudoers(5) FILE FORMATS sudoers(5)
It has the following possible values:
all All the user's I<sudoers> entries for the
@@ -521,17 +546,6 @@ sudoers(5) FILE FORMATS sudoers(5)
never The user need never enter a password to use
the B<-v> flag.
18/Feb/2000 1.6.3 8
sudoers(5) FILE FORMATS sudoers(5)
always The user must always enter a password to use
the B<-v> flag.
@@ -572,6 +586,18 @@ sudoers(5) FILE FORMATS sudoers(5)
User_Spec ::= User_list Host_List '=' User_List Cmnd_Spec_List \
(':' User_Spec)*
18/Feb/2000 1.6.3 9
sudoers(5) FILE FORMATS sudoers(5)
Cmnd_Spec_List ::= Cmnd_Spec |
Cmnd_Spec ',' Cmnd_Spec_List
@@ -586,18 +612,6 @@ sudoers(5) FILE FORMATS sudoers(5)
Let's break that down into its constituent parts:
18/Feb/2000 1.6.3 9
sudoers(5) FILE FORMATS sudoers(5)
RRRRuuuunnnnaaaassss____SSSSppppeeeecccc
A Runas_Spec is simply a Runas_List (as defined above)
@@ -639,6 +653,17 @@ sudoers(5) FILE FORMATS sudoers(5)
able to run _/_b_i_n_/_k_i_l_l without a password the entry would
be:
18/Feb/2000 1.6.3 10
sudoers(5) FILE FORMATS sudoers(5)
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
Note however, that the PASSWD tag has no effect on users
@@ -652,18 +677,6 @@ sudoers(5) FILE FORMATS sudoers(5)
pertain to the current host. This behavior may be
overridden via the verifypw and listpw options.
18/Feb/2000 1.6.3 10
sudoers(5) FILE FORMATS sudoers(5)
WWWWiiiillllddddccccaaaarrrrddddssss ((((aaaakkkkaaaa mmmmeeeettttaaaa cccchhhhaaaarrrraaaacccctttteeeerrrrssss))))::::
ssssuuuuddddoooo allows shell-style _w_i_l_d_c_a_r_d_s to be used in pathnames
@@ -705,6 +718,18 @@ sudoers(5) FILE FORMATS sudoers(5)
The pound sign ('#') is used to indicate a comment (unless
it occurs in the context of a user name and is followed by
18/Feb/2000 1.6.3 11
sudoers(5) FILE FORMATS sudoers(5)
one or more digits, in which case it is treated as a uid).
Both the comment character and any text after it, up to
the end of the line, are ignored.
@@ -718,18 +743,6 @@ sudoers(5) FILE FORMATS sudoers(5)
dangerous since in a command context, it allows the user
to run aaaannnnyyyy command on the system.
18/Feb/2000 1.6.3 11
sudoers(5) FILE FORMATS sudoers(5)
An exclamation point ('!') can be used as a logical _n_o_t
operator both in an _a_l_i_a_s and in front of a Cmnd. This
allows one to exclude certain values. Note, however, that
@@ -771,6 +784,18 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
18/Feb/2000 1.6.3 12
sudoers(5) FILE FORMATS sudoers(5)
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
@@ -784,18 +809,6 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
18/Feb/2000 1.6.3 12
sudoers(5) FILE FORMATS sudoers(5)
Here we override some of the compiled in default values.
We want sudo to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility
in all cases. We don't want to subject the full time
@@ -837,6 +850,18 @@ sudoers(5) FILE FORMATS sudoers(5)
_C_S_N_E_T_S alias (the networks 128.138.243.0, 128.138.204.0,
and 128.138.242.0). Of those networks, only
<128.138.204.0> has an explicit netmask (in CIDR notation)
18/Feb/2000 1.6.3 13
sudoers(5) FILE FORMATS sudoers(5)
indicating it is a class C network. For the other
networks in _C_S_N_E_T_S, the local machine's netmask will be
used during matching.
@@ -850,18 +875,6 @@ sudoers(5) FILE FORMATS sudoers(5)
/usr/oper/bin/
The ooooppppeeeerrrraaaattttoooorrrr user may run commands limited to simple
18/Feb/2000 1.6.3 13
sudoers(5) FILE FORMATS sudoers(5)
maintenance. Here, those are commands related to backups,
killing processes, the printing system, shutting down the
system, and any commands in the directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/.
@@ -903,6 +916,18 @@ sudoers(5) FILE FORMATS sudoers(5)
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the _A_L_P_H_A machines, user jjjjoooohhhhnnnn may su to anyone except
18/Feb/2000 1.6.3 14
sudoers(5) FILE FORMATS sudoers(5)
root but he is not allowed to give _s_u(1) any flags.
jen ALL, !SERVERS = ALL
@@ -917,17 +942,6 @@ sudoers(5) FILE FORMATS sudoers(5)
any commands in the directory /usr/bin/ except for those
commands belonging to the _S_U and _S_H_E_L_L_S Cmnd_Aliases.
18/Feb/2000 1.6.3 14
sudoers(5) FILE FORMATS sudoers(5)
steve CSNETS = (operator) /usr/local/op_commands/
The user sssstttteeeevvvveeee may run any command in the directory
@@ -968,6 +982,18 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
restrictions should be considered advisory at best (and
reinforced by policy).
18/Feb/2000 1.6.3 15
sudoers(5) FILE FORMATS sudoers(5)
CCCCAAAAVVVVEEEEAAAATTTTSSSS
The _s_u_d_o_e_r_s file should aaaallllwwwwaaaayyyyssss be edited by the vvvviiiissssuuuuddddoooo
command which locks the file and does grammatical
@@ -981,19 +1007,6 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
hostname be fully-qualified as returned by the hostname
command or use the _f_q_d_n option in _s_u_d_o_e_r_s.
18/Feb/2000 1.6.3 15
sudoers(5) FILE FORMATS sudoers(5)
FFFFIIIILLLLEEEESSSS
/etc/sudoers List of who can run what
/etc/group Local groups file
@@ -1024,19 +1037,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO

21
sudoers.man
View File

@@ -2,8 +2,8 @@
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
''' Revision 1.26 2000/02/18 17:11:43 millert
''' enveditor -> env_editor
''' Revision 1.27 2000/02/18 17:56:27 millert
''' Add rootpw, runaspw, and targetpw options.
'''
'''
.de Sh
@@ -469,6 +469,17 @@ If set, visudo will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0 environm
falling back on the default editor. Note that this may create a
security hole as most editors allow a user to get a shell (which
would be a root shell and not be logged).
.Ip "rootpw" 12
If set, sudo will prompt for the root password instead of the password
of the invoking user.
.Ip "runaspw" 12
If set, sudo will prompt for the password of the user defined by the
\fIrunas_default\fR option (defaults to root) instead of the password
of the invoking user.
.Ip "targetpw" 12
If set, sudo will prompt for the password of the user specified by
the \f(CW-u\fR flag (defaults to root) instead of the password of the
invoking user.
.PP
\fBIntegers\fR:
.Ip "passwd_tries" 12
@@ -1009,6 +1020,12 @@ as returned by the \f(CWhostname\fR command or use the \fIfqdn\fR option in
.IX Item "env_editor"
.IX Item "rootpw"
.IX Item "runaspw"
.IX Item "targetpw"
.IX Item "passwd_tries"
.IX Item "loglinelen"

17
sudoers.pod
View File

@@ -353,6 +353,23 @@ falling back on the default editor. Note that this may create a
security hole as most editors allow a user to get a shell (which
would be a root shell and not be logged).
=item rootpw
If set, sudo will prompt for the root password instead of the password
of the invoking user.
=item runaspw
If set, sudo will prompt for the password of the user defined by the
I<runas_default> option (defaults to root) instead of the password
of the invoking user.
=item targetpw
If set, sudo will prompt for the password of the user specified by
the C<-u> flag (defaults to root) instead of the password of the
invoking user.
=back
B<Integers>:

2
visudo.c
View File

@@ -227,7 +227,7 @@ main(argc, argv)
* If we are allowing EDITOR and VISUAL envariables set Editor
* base on whichever exists...
*/
if (!def_flag(I_ENVEDITOR) ||
if (!def_flag(I_ENV_EDITOR) ||
(!(Editor = getenv("EDITOR")) && !(Editor = getenv("VISUAL"))))
Editor = def_str(I_EDITOR);