mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

o Kill shell_noargs option, it cannot work since the command needs to

Browse Source 
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option.  We now set host/shost via set_fqdn which
  gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
  correctly from the sudoers file.
This commit is contained in:
Todd C. Miller
1999-12-02 20:31:25 +00:00
parent a6a2b564d0
commit 449f67f776
9 changed files with 149 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
INSTALL
View File

@@ -228,6 +228,12 @@ Special features/options:
security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging).
--enable-noargs-shell
If sudo is invoked with no arguments it acts as if the "-s" flag had
been given. That is, it runs a shell as root (the shell is determined
by the SHELL environment variable, falling back on the shell listed
in the invoking user's /etc/passwd entry).
The following options are also configurable at runtime:
--with-otp-only
@@ -417,12 +423,6 @@ The following options are also configurable at runtime:
--enable-log-host
Log the hostname in the log file.
--enable-noargs-shell
If sudo is invoked with no arguments it acts as if the "-s" flag had
been given. That is, it runs a shell as root (the shell is determined
by the SHELL environment variable, falling back on the shell listed
in the invoking user's /etc/passwd entry).
--enable-shell-sets-home
If sudo is invoked with the "-s" flag the HOME environment variable
will be set to the home directory of the target user (which is root

23
defaults.c
View File

@@ -165,9 +165,6 @@ struct sudo_defs_types sudo_defs_table[] = {
}, {
"log_year", T_FLAG, { 0 },
"Log the year in the (non-syslog) log file"
}, {
"shell_noargs", T_FLAG, { 0 },
"If sudo is invoked with no arguments, start a shell"
}, {
"set_home", T_FLAG, { 0 },
"Set $HOME to the target user when starting a shell with -s"
@@ -321,8 +318,9 @@ set_default(var, val, op)
int op; /* TRUE or FALSE */
{
struct sudo_defs_types *cur;
int num;
for (cur = sudo_defs_table; cur->name; cur++) {
for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
if (strcmp(var, cur->name) == 0)
break;
}
@@ -425,6 +423,10 @@ set_default(var, val, op)
return(FALSE);
}
cur->sd_un.flag = op;
/* Special action for I_FQDN. Move to own switch if we get more */
if (num == I_FQDN && op)
set_fqdn();
break;
}
@@ -490,9 +492,6 @@ init_defaults()
#ifdef HOST_IN_LOG
def_flag(I_LOG_HOST) = TRUE;
#endif
#ifdef SHELL_IF_NO_ARGS
def_flag(I_SHELL_NOARGS) = TRUE;
#endif
#ifdef SHELL_SETS_HOME
def_flag(I_SET_HOME) = TRUE;
#endif
@@ -615,13 +614,19 @@ store_syslogfac(val, def, op)
return(FALSE); /* not found */
/* Store both name and number. */
if (def->sd_un.str)
if (def->sd_un.str) {
free(def->sd_un.str);
closelog();
}
openlog("sudo", 0, fac->num);
def->sd_un.str = estrdup(fac->name);
sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
#else
if (def->sd_un.str)
if (def->sd_un.str) {
free(def->sd_un.str);
closelog();
}
openlog("sudo", 0);
def->sd_un.str = estrdup("default");
#endif /* LOG_NFACILITIES */
return(TRUE);

43
defaults.h
View File

@@ -103,32 +103,31 @@ struct sudo_defs_types {
#define I_ROOT_SUDO 15
#define I_LOG_HOST 16
#define I_LOG_YEAR 17
#define I_SHELL_NOARGS 18
#define I_SET_HOME 19
#define I_PATH_INFO 20
#define I_FQDN 21
#define I_INSULTS 22
#define I_REQUIRETTY 23
#define I_SET_HOME 18
#define I_PATH_INFO 19
#define I_FQDN 20
#define I_INSULTS 21
#define I_REQUIRETTY 22
/* Integer values */
#define I_LOGLEN 24 /* wrap log file line after N chars */
#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */
#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */
#define I_PW_TRIES 27 /* exit after N bad password tries */
#define I_UMASK 28 /* umask to use or 0777 to use user's */
#define I_LOGLEN 23 /* wrap log file line after N chars */
#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */
#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */
#define I_PW_TRIES 26 /* exit after N bad password tries */
#define I_UMASK 27 /* umask to use or 0777 to use user's */
/* Strings */
#define I_LOGFILE 29 /* path to logfile (or NULL for none) */
#define I_MAILERPATH 30 /* path to sendmail or other mailer */
#define I_MAILERFLAGS 31 /* flags to pass to the mailer */
#define I_MAILTO 32 /* who to send bitch mail to */
#define I_MAILSUB 33 /* subject line of mail msg */
#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */
#define I_TIMESTAMPDIR 35 /* path to timestamp dir */
#define I_EXEMPT_GRP 36 /* no password or PATH override for these */
#define I_PASSPROMPT 37 /* password prompt */
#define I_RUNAS_DEF 38 /* default user to run commands as */
#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */
#define I_LOGFILE 28 /* path to logfile (or NULL for none) */
#define I_MAILERPATH 29 /* path to sendmail or other mailer */
#define I_MAILERFLAGS 30 /* flags to pass to the mailer */
#define I_MAILTO 31 /* who to send bitch mail to */
#define I_MAILSUB 32 /* subject line of mail msg */
#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */
#define I_TIMESTAMPDIR 34 /* path to timestamp dir */
#define I_EXEMPT_GRP 35 /* no password or PATH override for these */
#define I_PASSPROMPT 36 /* password prompt */
#define I_RUNAS_DEF 37 /* default user to run commands as */
#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
/*
* Macros for accessing sudo_defs_table.

68
sudo.c
View File

@@ -217,15 +217,6 @@ main(argc, argv)
/* Setup defaults data structures. */
init_defaults();
/* Initialize syslog(3) if we are using it. */
if (def_str(I_LOGFACSTR)) {
#ifdef LOG_NFACILITIES
openlog("sudo", 0, def_ival(I_LOGFAC));
#else
openlog("sudo", 0);
#endif /* LOG_NFACILITIES */
}
if (sudo_mode & MODE_SHELL)
user_cmnd = "shell";
else
@@ -293,6 +284,10 @@ main(argc, argv)
exit(1);
}
/* May need to set $HOME to target user. */
if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))
sudo_mode |= MODE_RESET_HOME;
/* Bail if a tty is required and we don't have one. */
if (def_flag(I_REQUIRETTY)) {
if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
@@ -416,7 +411,6 @@ init_vars(sudo_mode)
int sudo_mode;
{
char *p, thost[MAXHOSTNAMELEN];
struct hostent *hp;
/* Sanity check command from user. */
if (user_cmnd == NULL && strlen(NewArgv[0]) >= MAXPATHLEN) {
@@ -445,15 +439,9 @@ init_vars(sudo_mode)
log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
} else
user_host = estrdup(thost);
if (def_flag(I_FQDN)) {
if (!(hp = gethostbyname(user_host))) {
log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
"unable to lookup %s via gethostbyname()", user_host);
} else {
free(user_host);
user_host = estrdup(hp->h_name);
}
}
if (def_flag(I_FQDN))
set_fqdn();
else {
if ((p = strchr(user_host, '.'))) {
*p = '\0';
user_shost = estrdup(user_host);
@@ -461,6 +449,7 @@ init_vars(sudo_mode)
} else {
user_shost = user_host;
}
}
if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO))) {
if (strncmp(p, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
@@ -549,12 +538,12 @@ parse_args()
NewArgv = Argv + 1;
NewArgc = Argc - 1;
if (Argc < 2) { /* no options and no command */
if (!def_flag(I_SHELL_NOARGS))
usage(1);
#ifdef SHELL_IF_NO_ARGS
if (NewArgc == 0) { /* no options and no command */
rval |= MODE_SHELL;
return(rval);
}
#endif
while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
@@ -636,8 +625,6 @@ parse_args()
if (excl && excl != 's')
usage_excl(1);
excl = 's';
if (def_flag(I_SET_HOME))
rval |= MODE_RESET_HOME;
break;
case 'H':
rval |= MODE_RESET_HOME;
@@ -645,8 +632,10 @@ parse_args()
case '-':
NewArgc--;
NewArgv++;
if (def_flag(I_SHELL_NOARGS) && rval == MODE_RUN)
#ifdef SHELL_IF_NO_ARGS
if (rval == MODE_RUN)
rval |= MODE_SHELL;
#endif
return(rval);
case '\0':
(void) fprintf(stderr, "%s: '-' requires an argument\n",
@@ -1038,6 +1027,35 @@ initial_setup()
#endif /* POSIX_SIGNALS */
}
/*
* Look up the fully qualified domain name and set user_host and user_shost.
*/
void
set_fqdn()
{
struct hostent *hp;
char *p;
if (def_flag(I_FQDN)) {
if (!(hp = gethostbyname(user_host))) {
log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
"unable to lookup %s via gethostbyname()", user_host);
} else {
free(user_host);
user_host = estrdup(hp->h_name);
}
}
if (user_shost != user_host)
free(user_shost);
if ((p = strchr(user_host, '.'))) {
*p = '\0';
user_shost = estrdup(user_host);
*p = '.';
} else {
user_shost = user_host;
}
}
/*
* Tell which options are mutually exclusive and exit.
*/

1
sudo.h
View File

@@ -193,6 +193,7 @@ void dump_defaults __P((void));
void dump_auth_methods __P((void));
int lock_file __P((int, int));
int touch __P((char *, time_t));
void set_fqdn __P((void));
YY_DECL;
/* Only provide extern declarations outside of sudo.c. */

88
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
28/Nov/1999 1.6 1
2/Dec/1999 1.6 1
@@ -127,7 +127,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 2
2/Dec/1999 1.6 2
@@ -193,7 +193,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 3
2/Dec/1999 1.6 3
@@ -259,7 +259,7 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 4
2/Dec/1999 1.6 4
@@ -268,10 +268,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
shell_noargs
If sudo is invoked with no arguments, start a
shell
set_home Set $HOME to the target user when starting a
shell with -s
@@ -322,10 +318,14 @@ sudoers(5) FILE FORMATS sudoers(5)
syslog_goodpri
Syslog priority to use when user authenticates
successfully
syslog_badpri
Syslog priority to use when user authenticates
28/Nov/1999 1.6 5
2/Dec/1999 1.6 5
@@ -334,10 +334,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
successfully
syslog_badpri
Syslog priority to use when user authenticates
unsuccessfully
SSSSttttrrrriiiinnnnggggssss tttthhhhaaaatttt ccccaaaannnn bbbbeeee uuuusssseeeedddd iiiinnnn aaaa bbbboooooooolllleeeeaaaannnn ccccoooonnnntttteeeexxxxtttt:
@@ -388,10 +384,14 @@ sudoers(5) FILE FORMATS sudoers(5)
A Runas_Spec is simply a Runas_List (as defined above)
enclosed in a set of parentheses. If you do not specify a
Runas_Spec in the user specification, a default Runas_Spec
of rrrrooooooootttt will be used. A Runas_Spec sets the default for
commands that follow it. What this means is that for the
entry:
28/Nov/1999 1.6 6
2/Dec/1999 1.6 6
@@ -400,11 +400,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
Runas_Spec in the user specification, a default Runas_Spec
of rrrrooooooootttt will be used. A Runas_Spec sets the default for
commands that follow it. What this means is that for the
entry:
dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
The user ddddggggbbbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m
@@ -453,11 +448,16 @@ sudoers(5) FILE FORMATS sudoers(5)
[...] Matches any character in the specified range.
[!...] Matches any character nnnnooootttt in the specified range.
\x For any character "x", evaluates to "x". This is
used to escape special characters such as: "*",
"?", "[", and "}".
28/Nov/1999 1.6 7
2/Dec/1999 1.6 7
@@ -466,12 +466,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
[!...] Matches any character nnnnooootttt in the specified range.
\x For any character "x", evaluates to "x". This is
used to escape special characters such as: "*",
"?", "[", and "}".
Note that a forward slash ('/') will nnnnooootttt be matched by
wildcards used in the pathname. When matching the command
line arguments, however, as slash ddddooooeeeessss get matched by
@@ -521,9 +515,15 @@ sudoers(5) FILE FORMATS sudoers(5)
syntactic characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':',
'(', ')') is optional.
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
28/Nov/1999 1.6 8
2/Dec/1999 1.6 8
@@ -532,10 +532,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of
these are a bit contrived. First, we define our _a_l_i_a_s_e_s:
@@ -587,9 +583,13 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually
determines who may run what.
28/Nov/1999 1.6 9
2/Dec/1999 1.6 9
@@ -598,9 +598,6 @@ EEEEXXXXAAAAMMMMPPPPLLLLEEEESSSS
sudoers(5) FILE FORMATS sudoers(5)
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually
determines who may run what.
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
@@ -652,10 +649,13 @@ sudoers(5) FILE FORMATS sudoers(5)
assumes _p_a_s_s_w_d(1) does not take multiple usernames on the
command line.
bob SPARC = (OP) ALL : SGI = (OP) ALL
The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I
28/Nov/1999 1.6 10
2/Dec/1999 1.6 10
@@ -664,9 +664,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
bob SPARC = (OP) ALL : SGI = (OP) ALL
The user bbbboooobbbb may run anything on the _S_P_A_R_C and _S_G_I
machines as any user listed in the _O_P Runas_Alias (rrrrooooooootttt
and ooooppppeeeerrrraaaattttoooorrrr).
@@ -718,10 +715,13 @@ sudoers(5) FILE FORMATS sudoers(5)
On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias
(will, wendy, and wim), may run any command as user www
(which owns the web pages) or simply _s_u(1) to www.
28/Nov/1999 1.6 11
2/Dec/1999 1.6 11
@@ -730,8 +730,6 @@ sudoers(5) FILE FORMATS sudoers(5)
sudoers(5) FILE FORMATS sudoers(5)
(which owns the web pages) or simply _s_u(1) to www.
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
@@ -787,7 +785,9 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
28/Nov/1999 1.6 12
2/Dec/1999 1.6 12
@@ -853,6 +853,6 @@ sudoers(5) FILE FORMATS sudoers(5)
28/Nov/1999 1.6 13
2/Dec/1999 1.6 13

18
sudoers.man
View File

@@ -2,8 +2,14 @@
''' $RCSfile$$Revision$$Date$
'''
''' $Log$
''' Revision 1.16 1999/11/29 01:57:04 millert
''' fix some syntactic goofs
''' Revision 1.17 1999/12/02 20:31:24 millert
''' o Kill shell_noargs option, it cannot work since the command needs to
''' be set before sudoers is parsed.
''' o Fix the "set_home" sudoers option (only worked at compile time).
''' o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
''' gets called when the "fqdn" option is set in sudoers.
''' o Move the openlog() to store_syslogfac() so this gets overridden
''' correctly from the sudoers file.
'''
'''
.de Sh
@@ -96,7 +102,7 @@
.nr % 0
.rr F
.\}
.TH sudoers 5 "1.6" "28/Nov/1999" "FILE FORMATS"
.TH sudoers 5 "1.6" "2/Dec/1999" "FILE FORMATS"
.UC
.if n .hy 0
.if n .na
@@ -399,8 +405,6 @@ Root may run sudo
Log the hostname in the (non-syslog) log file
.Ip "log_year" 12
Log the year in the (non-syslog) log file
.Ip "shell_noargs" 12
If sudo is invoked with no arguments, start a shell
.Ip "set_home" 12
Set \f(CW$HOME\fR to the target user when starting a shell with \f(CW-s\fR
.Ip "path_info" 12
@@ -847,8 +851,6 @@ will not run with a syntactically incorrect \fIsudoers\fR file.
.IX Item "log_year"
.IX Item "shell_noargs"
.IX Item "set_home"
.IX Item "path_info"
@@ -915,7 +917,7 @@ will not run with a syntactically incorrect \fIsudoers\fR file.
.IX Subsection "Exceptions to wildcard rules:"
.IX Item "\f(CW""\fR"
.IX Item \f(CW""\fR
.IX Subsection "Other special characters and reserved words:"

4
sudoers.pod
View File

@@ -269,10 +269,6 @@ Log the hostname in the (non-syslog) log file
Log the year in the (non-syslog) log file
=item shell_noargs
If sudo is invoked with no arguments, start a shell
=item set_home
Set $HOME to the target user when starting a shell with C<-s>

6
visudo.c
View File

@@ -407,6 +407,12 @@ netgr_matches(n, h, u)
return(TRUE);
}
void
set_fqdn()
{
return;
}
/*
* Assuming a parse error occurred, prompt the user for what they want
* to do now. Returns the first letter of their choice.