mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-05 00:35:14 +00:00
Code Issues Releases Wiki Activity

Create def_* macros for each defaults value so we no longer need

Browse Source 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
This commit is contained in:
Todd C. Miller
2003-12-30 22:20:21 +00:00
parent 45fe0a6cc6
commit 6ad252765b
22 changed files with 313 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auth/aix_auth.c
View File

@@ -79,7 +79,7 @@ aixauth_verify(pw, prompt, auth)
int reenter = 1;
int rval = AUTH_FAILURE;
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
if (pass) {
if (authenticate(pw->pw_name, (char *)pass, &reenter, &message) == 0)
rval = AUTH_SUCCESS;

6
auth/bsdauth.c
View File

@@ -137,9 +137,9 @@ bsdauth_verify(pw, prompt, auth)
* S/Key.
*/
if ((s = auth_challenge(as)) == NULL) {
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
} else {
pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
@@ -154,7 +154,7 @@ bsdauth_verify(pw, prompt, auth)
while (isspace(prompt[len]) || prompt[len] == ':')
prompt[len--] = '\0';
easprintf(&s, "%s [echo on]: ", prompt);
pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60,
pass = tgetpass(s, def_passwd_timeout * 60,
tgetpass_flags | TGP_ECHO);
free(s);
}

6
auth/fwtk.c
View File

@@ -130,13 +130,13 @@ fwtk_verify(pw, prompt, auth)
/* Get the password/response from the user. */
if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
pass = tgetpass(buf, def_passwd_timeout * 60, tgetpass_flags);
if (pass && *pass == '\0') {
pass = tgetpass("Response [echo on]: ",
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags | TGP_ECHO);
def_passwd_timeout * 60, tgetpass_flags | TGP_ECHO);
}
} else if (strncmp(resp, "password", 8) == 0) {
pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60,
pass = tgetpass(prompt, def_passwd_timeout * 60,
tgetpass_flags);
} else {
warnx("%s", resp);

2
auth/pam.c
View File

@@ -212,7 +212,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
p = pm->msg;
/* Read the password. */
pass = tgetpass(p, def_ival(I_PASSWD_TIMEOUT) * 60, flags);
pass = tgetpass(p, def_passwd_timeout * 60, flags);
pr->resp = estrdup(pass ? pass : "");
if (*pr->resp == '\0')
nil_pw = 1; /* empty password */

2
auth/rfc1938.c
View File

@@ -143,7 +143,7 @@ rfc1938_setup(pw, promptp, auth)
new_prompt = (char *) erealloc(new_prompt, np_size);
}
if (def_flag(I_LONG_OTP_PROMPT))
if (def_long_otp_prompt)
(void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt);
else
(void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", op_len,

4
auth/securid5.c
View File

@@ -184,7 +184,7 @@ securid_verify(pw, pass, auth)
int rval;
pass = (char *) tgetpass("Enter your PASSCODE: ",
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
def_passwd_timeout * 60, tgetpass_flags);
/* Have ACE verify password */
switch (SD_Check(*sd, pass, pw->pw_name)) {
@@ -214,7 +214,7 @@ securid_verify(pw, pass, auth)
!!! ATTENTION !!!\n\
Wait for the token code to change, \n\
then enter the new token code.\n", \
def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
def_passwd_timeout * 60, tgetpass_flags);
if (SD_Next(*sd, pass) == ACM_OK) {
rval = AUTH_SUCCESS;

4
auth/sia.c
View File

@@ -90,8 +90,8 @@ sudo_collect(timeout, rendition, title, nprompts, prompts)
switch (rendition) {
case SIAFORM:
case SIAONELINER:
if (timeout <= 0 || timeout > def_ival(I_PASSWD_TIMEOUT) * 60)
timeout = def_ival(I_PASSWD_TIMEOUT) * 60;
if (timeout <= 0 || timeout > def_passwd_timeout * 60)
timeout = def_passwd_timeout * 60;
/*
* Substitute custom prompt if a) the sudo prompt is not "Password:"
* and b) the SIA prompt is "Password:" (so we know it is safe).

16
auth/sudo_auth.c
View File

@@ -113,7 +113,7 @@ verify_user(pw, prompt)
struct passwd *pw;
char *prompt;
{
int counter = def_ival(I_PASSWD_TRIES) + 1;
int counter = def_passwd_tries + 1;
int success = AUTH_FAILURE;
int status;
int flags;
@@ -178,7 +178,7 @@ verify_user(pw, prompt)
#ifdef AUTH_STANDALONE
p = prompt;
#else
p = (char *) tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60,
p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
tgetpass_flags);
if (!p || *p == '\0')
nil_pw = 1;
@@ -207,7 +207,7 @@ verify_user(pw, prompt)
/* Exit loop on nil password, but give it a chance to match first. */
if (nil_pw) {
if (counter == def_ival(I_PASSWD_TRIES))
if (counter == def_passwd_tries)
exit(1);
else
break;
@@ -237,13 +237,13 @@ cleanup:
(void) sigaction(SIGTSTP, &osa, NULL);
return;
case AUTH_FAILURE:
if (def_flag(I_MAIL_BADPASS) || def_flag(I_MAIL_ALWAYS))
if (def_mail_badpass || def_mail_always)
flags = 0;
else
flags = NO_MAIL;
log_error(flags, "%d incorrect password attempt%s",
def_ival(I_PASSWD_TRIES) - counter,
(def_ival(I_PASSWD_TRIES) - counter == 1) ? "" : "s");
def_passwd_tries - counter,
(def_passwd_tries - counter == 1) ? "" : "s");
case AUTH_FATAL:
exit(1);
}
@@ -256,11 +256,11 @@ pass_warn(fp)
{
#ifdef INSULT
if (def_flag(I_INSULTS))
if (def_insults)
(void) fprintf(fp, "%s\n", INSULT);
else
#endif
(void) fprintf(fp, "%s\n", def_str(I_BADPASS_MESSAGE));
(void) fprintf(fp, "%s\n", def_badpass_message);
}
void

26
check.c
View File

@@ -114,7 +114,7 @@ check_user()
lecture(); /* first time through they get a lecture */
/* Expand any escapes in the prompt. */
prompt = expand_prompt(user_prompt ? user_prompt : def_str(I_PASSPROMPT),
prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
user_name, user_shost);
verify_user(auth_pw, prompt);
@@ -134,7 +134,7 @@ static void
lecture()
{
if (def_flag(I_LECTURE)) {
if (def_lecture) {
(void) fputs("\n\
We trust you have received the usual lecture from the local System\n\
Administrator. It usually boils down to these two things:\n\
@@ -290,10 +290,10 @@ user_is_exempt()
struct group *grp;
char **gr_mem;
if (!def_str(I_EXEMPT_GROUP))
if (!def_exempt_group)
return(FALSE);
if (!(grp = getgrnam(def_str(I_EXEMPT_GROUP))))
if (!(grp = getgrnam(def_exempt_group)))
return(FALSE);
if (user_gid == grp->gr_gid)
@@ -318,7 +318,7 @@ build_timestamp(timestampdir, timestampfile)
char *dirparent;
int len;
dirparent = def_str(I_TIMESTAMPDIR);
dirparent = def_timestampdir;
len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
if (len >= MAXPATHLEN)
log_error(0, "timestamp path too long: %s", timestampdir);
@@ -327,21 +327,21 @@ build_timestamp(timestampdir, timestampfile)
* Timestamp file may be a file in the directory or NUL to use
* the directory as the timestamp.
*/
if (def_flag(I_TTY_TICKETS)) {
if (def_tty_tickets) {
char *p;
if ((p = strrchr(user_tty, '/')))
p++;
else
p = user_tty;
if (def_flag(I_TARGETPW))
if (def_targetpw)
len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name,
p, *user_runas);
else
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
if (len >= MAXPATHLEN)
log_error(0, "timestamp path too long: %s", timestampfile);
} else if (def_flag(I_TARGETPW)) {
} else if (def_targetpw) {
len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
*user_runas);
if (len >= MAXPATHLEN)
@@ -362,7 +362,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
{
struct stat sb;
time_t now;
char *dirparent = def_str(I_TIMESTAMPDIR);
char *dirparent = def_timestampdir;
int status = TS_ERROR; /* assume the worst */
if (timestamp_uid != 0)
@@ -498,17 +498,17 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
*/
if (status == TS_OLD) {
/* Negative timeouts only expire manually (sudo -k). */
if (def_ival(I_TIMESTAMP_TIMEOUT) < 0 && sb.st_mtime != 0)
if (def_timestamp_timeout < 0 && sb.st_mtime != 0)
status = TS_CURRENT;
else {
now = time(NULL);
if (def_ival(I_TIMESTAMP_TIMEOUT) &&
now - sb.st_mtime < 60 * def_ival(I_TIMESTAMP_TIMEOUT)) {
if (def_timestamp_timeout &&
now - sb.st_mtime < 60 * def_timestamp_timeout) {
/*
* Check for bogus time on the stampfile. The clock may
* have been set back or someone could be trying to spoof us.
*/
if (sb.st_mtime > now + 60 * def_ival(I_TIMESTAMP_TIMEOUT) * 2) {
if (sb.st_mtime > now + 60 * def_timestamp_timeout * 2) {
log_error(NO_EXIT,
"timestamp too far in the future: %20.20s",
4 + ctime(&sb.st_mtime));

59
def_data.h
View File

@@ -1,59 +1,118 @@
#define def_syslog_ifac (sudo_defs_table[0].sd_un.ival)
#define I_SYSLOG_IFAC 0
#define def_syslog_igoodpri (sudo_defs_table[1].sd_un.ival)
#define I_SYSLOG_IGOODPRI 1
#define def_syslog_ibadpri (sudo_defs_table[2].sd_un.ival)
#define I_SYSLOG_IBADPRI 2
#define def_syslog (sudo_defs_table[3].sd_un.str)
#define I_SYSLOG 3
#define def_syslog_goodpri (sudo_defs_table[4].sd_un.str)
#define I_SYSLOG_GOODPRI 4
#define def_syslog_badpri (sudo_defs_table[5].sd_un.str)
#define I_SYSLOG_BADPRI 5
#define def_long_otp_prompt (sudo_defs_table[6].sd_un.flag)
#define I_LONG_OTP_PROMPT 6
#define def_ignore_dot (sudo_defs_table[7].sd_un.flag)
#define I_IGNORE_DOT 7
#define def_mail_always (sudo_defs_table[8].sd_un.flag)
#define I_MAIL_ALWAYS 8
#define def_mail_badpass (sudo_defs_table[9].sd_un.flag)
#define I_MAIL_BADPASS 9
#define def_mail_no_user (sudo_defs_table[10].sd_un.flag)
#define I_MAIL_NO_USER 10
#define def_mail_no_host (sudo_defs_table[11].sd_un.flag)
#define I_MAIL_NO_HOST 11
#define def_mail_no_perms (sudo_defs_table[12].sd_un.flag)
#define I_MAIL_NO_PERMS 12
#define def_tty_tickets (sudo_defs_table[13].sd_un.flag)
#define I_TTY_TICKETS 13
#define def_lecture (sudo_defs_table[14].sd_un.flag)
#define I_LECTURE 14
#define def_authenticate (sudo_defs_table[15].sd_un.flag)
#define I_AUTHENTICATE 15
#define def_root_sudo (sudo_defs_table[16].sd_un.flag)
#define I_ROOT_SUDO 16
#define def_log_host (sudo_defs_table[17].sd_un.flag)
#define I_LOG_HOST 17
#define def_log_year (sudo_defs_table[18].sd_un.flag)
#define I_LOG_YEAR 18
#define def_shell_noargs (sudo_defs_table[19].sd_un.flag)
#define I_SHELL_NOARGS 19
#define def_set_home (sudo_defs_table[20].sd_un.flag)
#define I_SET_HOME 20
#define def_always_set_home (sudo_defs_table[21].sd_un.flag)
#define I_ALWAYS_SET_HOME 21
#define def_path_info (sudo_defs_table[22].sd_un.flag)
#define I_PATH_INFO 22
#define def_fqdn (sudo_defs_table[23].sd_un.flag)
#define I_FQDN 23
#define def_insults (sudo_defs_table[24].sd_un.flag)
#define I_INSULTS 24
#define def_requiretty (sudo_defs_table[25].sd_un.flag)
#define I_REQUIRETTY 25
#define def_env_editor (sudo_defs_table[26].sd_un.flag)
#define I_ENV_EDITOR 26
#define def_rootpw (sudo_defs_table[27].sd_un.flag)
#define I_ROOTPW 27
#define def_runaspw (sudo_defs_table[28].sd_un.flag)
#define I_RUNASPW 28
#define def_targetpw (sudo_defs_table[29].sd_un.flag)
#define I_TARGETPW 29
#define def_use_loginclass (sudo_defs_table[30].sd_un.flag)
#define I_USE_LOGINCLASS 30
#define def_set_logname (sudo_defs_table[31].sd_un.flag)
#define I_SET_LOGNAME 31
#define def_stay_setuid (sudo_defs_table[32].sd_un.flag)
#define I_STAY_SETUID 32
#define def_env_reset (sudo_defs_table[33].sd_un.flag)
#define I_ENV_RESET 33
#define def_preserve_groups (sudo_defs_table[34].sd_un.flag)
#define I_PRESERVE_GROUPS 34
#define def_loglinelen (sudo_defs_table[35].sd_un.ival)
#define I_LOGLINELEN 35
#define def_timestamp_timeout (sudo_defs_table[36].sd_un.ival)
#define I_TIMESTAMP_TIMEOUT 36
#define def_passwd_timeout (sudo_defs_table[37].sd_un.ival)
#define I_PASSWD_TIMEOUT 37
#define def_passwd_tries (sudo_defs_table[38].sd_un.ival)
#define I_PASSWD_TRIES 38
#define def_umask (sudo_defs_table[39].sd_un.mode)
#define I_UMASK 39
#define def_logfile (sudo_defs_table[40].sd_un.str)
#define I_LOGFILE 40
#define def_mailerpath (sudo_defs_table[41].sd_un.str)
#define I_MAILERPATH 41
#define def_mailerflags (sudo_defs_table[42].sd_un.str)
#define I_MAILERFLAGS 42
#define def_mailto (sudo_defs_table[43].sd_un.str)
#define I_MAILTO 43
#define def_mailsub (sudo_defs_table[44].sd_un.str)
#define I_MAILSUB 44
#define def_badpass_message (sudo_defs_table[45].sd_un.str)
#define I_BADPASS_MESSAGE 45
#define def_timestampdir (sudo_defs_table[46].sd_un.str)
#define I_TIMESTAMPDIR 46
#define def_timestampowner (sudo_defs_table[47].sd_un.str)
#define I_TIMESTAMPOWNER 47
#define def_exempt_group (sudo_defs_table[48].sd_un.str)
#define I_EXEMPT_GROUP 48
#define def_passprompt (sudo_defs_table[49].sd_un.str)
#define I_PASSPROMPT 49
#define def_runas_default (sudo_defs_table[50].sd_un.str)
#define I_RUNAS_DEFAULT 50
#define def_editor (sudo_defs_table[51].sd_un.str)
#define I_EDITOR 51
#define def_env_check (sudo_defs_table[52].sd_un.list)
#define I_ENV_CHECK 52
#define def_env_delete (sudo_defs_table[53].sd_un.list)
#define I_ENV_DELETE 53
#define def_env_keep (sudo_defs_table[54].sd_un.list)
#define I_ENV_KEEP 54
#define def_listpw_i (sudo_defs_table[55].sd_un.ival)
#define I_LISTPW_I 55
#define def_verifypw_i (sudo_defs_table[56].sd_un.ival)
#define I_VERIFYPW_I 56
#define def_listpw (sudo_defs_table[57].sd_un.str)
#define I_LISTPW 57
#define def_verifypw (sudo_defs_table[58].sd_un.str)
#define I_VERIFYPW 58

72
defaults.c
View File

@@ -385,57 +385,57 @@ init_defaults()
/* First initialize the flags. */
#ifdef LONG_OTP_PROMPT
def_flag(I_LONG_OTP_PROMPT) = TRUE;
def_long_otp_prompt = TRUE;
#endif
#ifdef IGNORE_DOT_PATH
def_flag(I_IGNORE_DOT) = TRUE;
def_ignore_dot = TRUE;
#endif
#ifdef ALWAYS_SEND_MAIL
def_flag(I_MAIL_ALWAYS) = TRUE;
def_mail_always = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NO_USER
def_flag(I_MAIL_NO_USER) = TRUE;
def_mail_no_user = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NO_HOST
def_flag(I_MAIL_NO_HOST) = TRUE;
def_mail_no_host = TRUE;
#endif
#ifdef SEND_MAIL_WHEN_NOT_OK
def_flag(I_MAIL_NO_PERMS) = TRUE;
def_mail_no_perms = TRUE;
#endif
#ifdef USE_TTY_TICKETS
def_flag(I_TTY_TICKETS) = TRUE;
def_tty_tickets = TRUE;
#endif
#ifndef NO_LECTURE
def_flag(I_LECTURE) = TRUE;
def_lecture = TRUE;
#endif
#ifndef NO_AUTHENTICATION
def_flag(I_AUTHENTICATE) = TRUE;
def_authenticate = TRUE;
#endif
#ifndef NO_ROOT_SUDO
def_flag(I_ROOT_SUDO) = TRUE;
def_root_sudo = TRUE;
#endif
#ifdef HOST_IN_LOG
def_flag(I_LOG_HOST) = TRUE;
def_log_host = TRUE;
#endif
#ifdef SHELL_IF_NO_ARGS
def_flag(I_SHELL_NOARGS) = TRUE;
def_shell_noargs = TRUE;
#endif
#ifdef SHELL_SETS_HOME
def_flag(I_SET_HOME) = TRUE;
def_set_home = TRUE;
#endif
#ifndef DONT_LEAK_PATH_INFO
def_flag(I_PATH_INFO) = TRUE;
def_path_info = TRUE;
#endif
#ifdef FQDN
def_flag(I_FQDN) = TRUE;
def_fqdn = TRUE;
#endif
#ifdef USE_INSULTS
def_flag(I_INSULTS) = TRUE;
def_insults = TRUE;
#endif
#ifdef ENV_EDITOR
def_flag(I_ENV_EDITOR) = TRUE;
def_env_editor = TRUE;
#endif
def_flag(I_SET_LOGNAME) = TRUE;
def_set_logname = TRUE;
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
@@ -452,33 +452,33 @@ init_defaults()
/* Then initialize the int-like things. */
#ifdef SUDO_UMASK
def_mode(I_UMASK) = SUDO_UMASK;
def_umask = SUDO_UMASK;
#else
def_mode(I_UMASK) = 0777;
def_umask = 0777;
#endif
def_ival(I_LOGLINELEN) = MAXLOGFILELEN;
def_ival(I_TIMESTAMP_TIMEOUT) = TIMEOUT;
def_ival(I_PASSWD_TIMEOUT) = PASSWORD_TIMEOUT;
def_ival(I_PASSWD_TRIES) = TRIES_FOR_PASSWORD;
def_loglinelen = MAXLOGFILELEN;
def_timestamp_timeout = TIMEOUT;
def_passwd_timeout = PASSWORD_TIMEOUT;
def_passwd_tries = TRIES_FOR_PASSWORD;
/* Now do the strings */
def_str(I_MAILTO) = estrdup(MAILTO);
def_str(I_MAILSUB) = estrdup(MAILSUBJECT);
def_str(I_BADPASS_MESSAGE) = estrdup(INCORRECT_PASSWORD);
def_str(I_TIMESTAMPDIR) = estrdup(_PATH_SUDO_TIMEDIR);
def_str(I_PASSPROMPT) = estrdup(PASSPROMPT);
def_str(I_RUNAS_DEFAULT) = estrdup(RUNAS_DEFAULT);
def_mailto = estrdup(MAILTO);
def_mailsub = estrdup(MAILSUBJECT);
def_badpass_message = estrdup(INCORRECT_PASSWORD);
def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
def_passprompt = estrdup(PASSPROMPT);
def_runas_default = estrdup(RUNAS_DEFAULT);
#ifdef _PATH_SUDO_SENDMAIL
def_str(I_MAILERPATH) = estrdup(_PATH_SUDO_SENDMAIL);
def_str(I_MAILERFLAGS) = estrdup("-t");
def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
def_mailerflags = estrdup("-t");
#endif
#if (LOGGING & SLOG_FILE)
def_str(I_LOGFILE) = estrdup(_PATH_SUDO_LOGFILE);
def_logfile = estrdup(_PATH_SUDO_LOGFILE);
#endif
#ifdef EXEMPTGROUP
def_str(I_EXEMPT_GROUP) = estrdup(EXEMPTGROUP);
def_exempt_group = estrdup(EXEMPTGROUP);
#endif
def_str(I_EDITOR) = estrdup(EDITOR);
def_editor = estrdup(EDITOR);
/* Finally do the lists (currently just environment tables). */
init_envtables();
@@ -489,7 +489,7 @@ init_defaults()
* value changes we get the change.
*/
if (user_runas == NULL)
user_runas = &def_str(I_RUNAS_DEFAULT);
user_runas = &def_runas_default;
firsttime = 0;
}

9
defaults.h
View File

@@ -106,15 +106,6 @@ struct sudo_defs_types {
#define I_GOODPRI I_SYSLOG_IGOODPRI
#define I_BADPRI I_SYSLOG_IBADPRI
/*
* Macros for accessing sudo_defs_table.
*/
#define def_flag(_i) (sudo_defs_table[(_i)].sd_un.flag)
#define def_ival(_i) (sudo_defs_table[(_i)].sd_un.ival)
#define def_str(_i) (sudo_defs_table[(_i)].sd_un.str)
#define def_list(_i) (sudo_defs_table[(_i)].sd_un.list)
#define def_mode(_i) (sudo_defs_table[(_i)].sd_un.mode)
/*
* Prototypes
*/

18
env.c
View File

@@ -293,13 +293,13 @@ rebuild_env(sudo_mode, envp)
*/
ps1 = NULL;
didvar = 0;
if (def_flag(I_ENV_RESET)) {
if (def_env_reset) {
int keepit;
/* Pull in vars we want to keep from the old environment. */
for (ep = envp; *ep; ep++) {
keepit = 0;
for (cur = def_list(I_ENV_KEEP); cur; cur = cur->next) {
for (cur = def_env_keep; cur; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
if (cur->value[len - 1] == '*') {
@@ -374,7 +374,7 @@ rebuild_env(sudo_mode, envp)
okvar = 1;
/* Skip anything listed in env_delete. */
for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) {
for (cur = def_env_delete; cur && okvar; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
if (cur->value[len - 1] == '*') {
@@ -389,7 +389,7 @@ rebuild_env(sudo_mode, envp)
}
/* Check certain variables for '%' and '/' characters. */
for (cur = def_list(I_ENV_CHECK); cur && okvar; cur = cur->next) {
for (cur = def_env_check; cur && okvar; cur = cur->next) {
len = strlen(cur->value);
/* Deal with '*' wildcard */
if (cur->value[len - 1] == '*') {
@@ -427,7 +427,7 @@ rebuild_env(sudo_mode, envp)
#endif
/* Set $USER and $LOGNAME to target if "set_logname" is true. */
if (def_flag(I_SET_LOGNAME) && runas_pw->pw_name) {
if (def_set_logname && runas_pw->pw_name) {
insert_env(format_env("LOGNAME", runas_pw->pw_name), 1);
insert_env(format_env("USER", runas_pw->pw_name), 1);
}
@@ -467,15 +467,15 @@ init_envtables()
for (p = initial_badenv_table; *p; p++) {
cur = emalloc(sizeof(struct list_member));
cur->value = estrdup(*p);
cur->next = def_list(I_ENV_DELETE);
def_list(I_ENV_DELETE) = cur;
cur->next = def_env_delete;
def_env_delete = cur;
}
/* Fill in "env_check" variable. */
for (p = initial_checkenv_table; *p; p++) {
cur = emalloc(sizeof(struct list_member));
cur->value = estrdup(*p);
cur->next = def_list(I_ENV_CHECK);
def_list(I_ENV_CHECK) = cur;
cur->next = def_env_check;
def_env_check = cur;
}
}

2
find_path.c
View File

@@ -151,7 +151,7 @@ find_path(infile, outfile, path)
*/
if (!result && checkdot) {
result = sudo_goodpath(infile);
if (result && def_flag(I_IGNORE_DOT))
if (result && def_ignore_dot)
return(NOT_FOUND_DOT);
}

52
logging.c
View File

@@ -116,7 +116,7 @@ mysyslog(pri, fmt, va_alist)
va_start(ap);
#endif
#ifdef LOG_NFACILITIES
openlog("sudo", 0, def_ival(I_LOGFAC));
openlog("sudo", 0, def_syslog_ifac);
#else
openlog("sudo", 0);
#endif
@@ -200,30 +200,30 @@ do_logfile(msg)
size_t maxlen;
oldmask = umask(077);
maxlen = def_ival(I_LOGLINELEN) > 0 ? def_ival(I_LOGLINELEN) : 0;
fp = fopen(def_str(I_LOGFILE), "a");
maxlen = def_loglinelen > 0 ? def_loglinelen : 0;
fp = fopen(def_logfile, "a");
(void) umask(oldmask);
if (fp == NULL) {
easprintf(&full_line, "Can't open log file: %s: %s",
def_str(I_LOGFILE), strerror(errno));
def_logfile, strerror(errno));
send_mail(full_line);
free(full_line);
} else if (!lock_file(fileno(fp), SUDO_LOCK)) {
easprintf(&full_line, "Can't lock log file: %s: %s",
def_str(I_LOGFILE), strerror(errno));
def_logfile, strerror(errno));
send_mail(full_line);
free(full_line);
} else {
if (def_ival(I_LOGLINELEN) == 0) {
if (def_loglinelen == 0) {
/* Don't pretty-print long log file lines (hard to grep) */
if (def_flag(I_LOG_HOST))
if (def_log_host)
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(),
user_name, user_shost, msg);
else
(void) fprintf(fp, "%s : %s : %s\n", get_timestr(),
user_name, msg);
} else {
if (def_flag(I_LOG_HOST))
if (def_log_host)
easprintf(&full_line, "%s : %s : HOST=%s : %s", get_timestr(),
user_name, user_shost, msg);
else
@@ -299,9 +299,9 @@ log_auth(status, inform_user)
int pri;
if (status & VALIDATE_OK)
pri = def_ival(I_GOODPRI);
pri = def_syslog_igoodpri;
else
pri = def_ival(I_BADPRI);
pri = def_syslog_ibadpri;
/* Set error message, if any. */
if (status & VALIDATE_OK)
@@ -342,9 +342,9 @@ log_auth(status, inform_user)
/*
* Log via syslog and/or a file.
*/
if (def_str(I_SYSLOG))
if (def_syslog)
do_syslog(pri, logline);
if (def_str(I_LOGFILE))
if (def_logfile)
do_logfile(logline);
free(logline);
@@ -423,9 +423,9 @@ log_error(va_alist)
/*
* Log to syslog and/or a file.
*/
if (def_str(I_SYSLOG))
do_syslog(def_ival(I_BADPRI), logline);
if (def_str(I_LOGFILE))
if (def_syslog)
do_syslog(def_syslog_ibadpri, logline);
if (def_logfile)
do_logfile(logline);
free(message);
@@ -461,7 +461,7 @@ send_mail(line)
#endif
/* Just return if mailer is disabled. */
if (!def_str(I_MAILERPATH) || !def_str(I_MAILTO))
if (!def_mailerpath || !def_mailto)
return;
(void) sigemptyset(&set);
@@ -490,8 +490,8 @@ send_mail(line)
(void) close(pfd[1]);
/* Build up an argv based the mailer path and flags */
mflags = estrdup(def_str(I_MAILERFLAGS));
mpath = estrdup(def_str(I_MAILERPATH));
mflags = estrdup(def_mailerflags);
mpath = estrdup(def_mailerpath);
if ((argv[0] = strrchr(mpath, ' ')))
argv[0]++;
else
@@ -529,8 +529,8 @@ send_mail(line)
/* Pipes are all setup, send message via sendmail. */
(void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ",
def_str(I_MAILTO), user_name);
for (p = def_str(I_MAILSUB); *p; p++) {
def_mailto, user_name);
for (p = def_mailsub; *p; p++) {
/* Expand escapes in the subject */
if (*p == '%' && *(p+1) != '%') {
switch (*(++p)) {
@@ -567,16 +567,16 @@ mail_auth(status, line)
int mail_mask;
/* If any of these bits are set in status, we send mail. */
if (def_flag(I_MAIL_ALWAYS))
if (def_mail_always)
mail_mask =
VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK;
else {
mail_mask = VALIDATE_ERROR;
if (def_flag(I_MAIL_NO_USER))
if (def_mail_no_user)
mail_mask |= FLAG_NO_USER;
if (def_flag(I_MAIL_NO_HOST))
if (def_mail_no_host)
mail_mask |= FLAG_NO_HOST;
if (def_flag(I_MAIL_NO_PERMS))
if (def_mail_no_perms)
mail_mask |= VALIDATE_NOT_OK;
}
@@ -618,7 +618,7 @@ get_timestr()
struct tm *timeptr;
timeptr = localtime(&now);
if (def_flag(I_LOG_YEAR))
if (def_log_year)
s = "%h %e %T %Y";
else
s = "%h %e %T";
@@ -631,7 +631,7 @@ get_timestr()
#endif /* HAVE_STRFTIME */
s = ctime(&now) + 4; /* skip day of the week */
if (def_flag(I_LOG_YEAR))
if (def_log_year)
s[20] = '\0'; /* avoid the newline */
else
s[15] = '\0'; /* don't care about year */

13
mkdefaults
View File

@@ -71,6 +71,19 @@ close(HEADER);
close(CFILE);
sub print_record {
my ($v, $defname);
# each variable gets a macro to access its value
for ($type) {
if (/^T_U?INT/) { $v = "ival"; }
elsif (/^(T_STR|T_PWFLAG|T_LOG)/) { $v = "str"; }
elsif (/^T_FLAG/) { $v = "flag"; }
elsif (/^T_MODE/) { $v = "mode"; }
elsif (/^T_LIST/) { $v = "list"; }
else { die "$0: unknown defaults type: $type\n"; }
}
printf HEADER "#define %-24s(sudo_defs_table[$count].sd_un.${v})\n",
"def_${var}";
$defname = "I_" . uc($var);
printf HEADER "#define %-24s%d", $defname, $count;
#print HEADER "\t/* $desc */" if defined($desc);

6
parse.c
View File

@@ -159,7 +159,7 @@ sudoers_lookup(pwflag)
* wait until now to set this.
*/
if (pwflag)
pwcheck = (pwflag == -1) ? PWCHECK_NEVER : def_ival(pwflag);
pwcheck = (pwflag == -1) ? PWCHECK_NEVER : sudo_defs_table[pwflag].sd_un.ival;
else
pwcheck = 0;
@@ -167,7 +167,7 @@ sudoers_lookup(pwflag)
* Assume the worst. If the stack is empty the user was
* not mentioned at all.
*/
if (def_flag(I_AUTHENTICATE))
if (def_authenticate)
error = VALIDATE_NOT_OK;
else
error = VALIDATE_NOT_OK | FLAG_NOPASS;
@@ -188,7 +188,7 @@ sudoers_lookup(pwflag)
if (pwcheck) {
int found;
if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
if (pwcheck == PWCHECK_NEVER || !def_authenticate)
nopass = FLAG_NOPASS;
found = 0;
while (top) {

12
parse.yacc
View File

@@ -127,7 +127,7 @@ int top = 0, stacksize = 0;
match[top].cmnd = -1; \
match[top].host = -1; \
match[top].runas = -1; \
match[top].nopass = def_flag(I_AUTHENTICATE) ? -1 : TRUE; \
match[top].nopass = def_authenticate ? -1 : TRUE; \
top++; \
} while (0)
@@ -366,7 +366,7 @@ privilege : hostlist '=' cmndspeclist {
*/
host_matches = -1;
runas_matches = -1;
if (def_flag(I_AUTHENTICATE))
if (def_authenticate)
no_passwd = -1;
else
no_passwd = TRUE;
@@ -501,7 +501,7 @@ runasspec : /* empty */ {
*/
if (runas_matches == -1)
runas_matches = (strcmp(*user_runas,
def_str(I_RUNAS_DEFAULT)) == 0);
def_runas_default) == 0);
}
| RUNAS runaslist {
runas_matches = ($2 == TRUE ? TRUE : FALSE);
@@ -1052,13 +1052,13 @@ list_matches()
} while ((p = strtok(NULL, ", ")));
(void) fputs(") ", stdout);
} else {
(void) printf("(%s) ", def_str(I_RUNAS_DEFAULT));
(void) printf("(%s) ", def_runas_default);
}
/* Is a password required? */
if (cm_list[count].nopasswd == TRUE && def_flag(I_AUTHENTICATE))
if (cm_list[count].nopasswd == TRUE && def_authenticate)
(void) fputs("NOPASSWD: ", stdout);
else if (cm_list[count].nopasswd == FALSE && !def_flag(I_AUTHENTICATE))
else if (cm_list[count].nopasswd == FALSE && !def_authenticate)
(void) fputs("PASSWD: ", stdout);
/* Print the actual command or expanded Cmnd_Alias. */

12
set_perms.c
View File

@@ -121,7 +121,7 @@ set_perms_posix(perm)
case PERM_RUNAS:
/* headed for exec(), assume euid == 0 */
runas_setup();
if (def_flag(I_STAY_SETUID))
if (def_stay_setuid)
error = seteuid(runas_pw->pw_uid);
else
error = setuid(runas_pw->pw_uid);
@@ -194,7 +194,7 @@ set_perms_suid(perm)
case PERM_RUNAS:
/* headed for exec(), assume euid == 0 */
runas_setup();
error = setresuid(def_flag(I_STAY_SETUID) ?
error = setresuid(def_stay_setuid ?
user_uid : runas_pw->pw_uid,
runas_pw->pw_uid, runas_pw->pw_uid);
if (error)
@@ -266,7 +266,7 @@ set_perms_suid(perm)
case PERM_RUNAS:
/* headed for exec(), assume euid == 0 */
runas_setup();
error = setreuid(def_flag(I_STAY_SETUID) ?
error = setreuid(def_stay_setuid ?
user_uid : runas_pw->pw_uid,
runas_pw->pw_uid);
if (error)
@@ -382,7 +382,7 @@ runas_setup()
#endif /* HAVE_PAM */
#ifdef HAVE_LOGIN_CAP_H
if (def_flag(I_USE_LOGINCLASS)) {
if (def_use_loginclass) {
/*
* We don't have setusercontext() set the user since we
* may only want to set the effective uid. Depending on
@@ -390,7 +390,7 @@ runas_setup()
* setusercontext() to call initgroups().
*/
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
if (!def_flag(I_PRESERVE_GROUPS))
if (!def_preserve_groups)
flags |= LOGIN_SETGROUP;
else if (setgid(runas_pw->pw_gid))
perror("cannot set gid to runas gid");
@@ -411,7 +411,7 @@ runas_setup()
/*
* Initialize group vector unless asked not to.
*/
if (!def_flag(I_PRESERVE_GROUPS) &&
if (!def_preserve_groups &&
initgroups(*user_runas, runas_pw->pw_gid) < 0)
perror("cannot set group vector");
#endif /* HAVE_INITGROUPS */

46
sudo.c
View File

@@ -271,7 +271,7 @@ main(argc, argv, envp)
*/
#if !defined(HAVE_SETRESUID) && !defined(HAVE_SETREUID) && \
!defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION)
if (!def_flag(I_STAY_SETUID) && set_perms == set_perms_posix) {
if (!def_stay_setuid && set_perms == set_perms_posix) {
if (setuid(0)) {
perror("setuid(0)");
exit(1);
@@ -300,16 +300,16 @@ main(argc, argv, envp)
/*
* Look up the timestamp dir owner if one is specified.
*/
if (def_str(I_TIMESTAMPOWNER)) {
if (def_timestampowner) {
struct passwd *pw;
if (*def_str(I_TIMESTAMPOWNER) == '#')
pw = getpwuid(atoi(def_str(I_TIMESTAMPOWNER) + 1));
if (*def_timestampowner == '#')
pw = getpwuid(atoi(def_timestampowner + 1));
else
pw = getpwnam(def_str(I_TIMESTAMPOWNER));
pw = getpwnam(def_timestampowner);
if (!pw)
log_error(0, "timestamp owner (%s): No such user",
def_str(I_TIMESTAMPOWNER));
def_timestampowner);
timestamp_uid = pw->pw_uid;
}
@@ -324,7 +324,7 @@ main(argc, argv, envp)
errorlineno);
/* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_flag(I_ROOT_SUDO)) {
if (user_uid == 0 && !def_root_sudo) {
(void) fprintf(stderr,
"Sorry, %s has been configured to not allow root to run it.\n",
getprogname());
@@ -333,19 +333,19 @@ main(argc, argv, envp)
/* If given the -P option, set the "preserve_groups" flag. */
if (sudo_mode & MODE_PRESERVE_GROUPS)
def_flag(I_PRESERVE_GROUPS) = TRUE;
def_preserve_groups = TRUE;
/* If no command line args and "set_home" is not set, error out. */
if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS))
if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_shell_noargs)
usage(1);
/* May need to set $HOME to target user if we are running a command. */
if ((sudo_mode & MODE_RUN) && (def_flag(I_ALWAYS_SET_HOME) ||
((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))))
if ((sudo_mode & MODE_RUN) && (def_always_set_home ||
((sudo_mode & MODE_SHELL) && def_set_home)))
sudo_mode |= MODE_RESET_HOME;
/* Bail if a tty is required and we don't have one. */
if (def_flag(I_REQUIRETTY)) {
if (def_requiretty) {
if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
else
@@ -389,8 +389,8 @@ main(argc, argv, envp)
}
/* Override user's umask if configured to do so. */
if (def_ival(I_UMASK) != 0777)
(void) umask(def_mode(I_UMASK));
if (def_umask != 0777)
(void) umask(def_umask);
/* Restore coredumpsize resource limit. */
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
@@ -430,7 +430,7 @@ main(argc, argv, envp)
log_auth(validated, 1);
exit(1);
} else if (validated & VALIDATE_NOT_OK) {
if (def_flag(I_PATH_INFO)) {
if (def_path_info) {
/*
* We'd like to not leak path info at all here, but that can
* *really* confuse the users. To really close the leak we'd
@@ -492,7 +492,7 @@ init_vars(sudo_mode)
user_host = user_shost = "localhost";
else {
user_host = estrdup(thost);
if (def_flag(I_FQDN)) {
if (def_fqdn) {
/* Defer call to set_fqdn() until log_error() is safe. */
user_shost = user_host;
} else {
@@ -546,7 +546,7 @@ init_vars(sudo_mode)
/*
* Must defer set_fqdn() until it is safe to call log_error()
*/
if (def_flag(I_FQDN))
if (def_fqdn)
set_fqdn();
if (nohostname)
@@ -691,7 +691,7 @@ parse_args(argc, argv)
usage(1);
login_class = NewArgv[1];
def_flag(I_USE_LOGINCLASS) = TRUE;
def_use_loginclass = TRUE;
NewArgc--;
NewArgv++;
@@ -992,14 +992,14 @@ get_authpw()
{
struct passwd *pw;
if (def_ival(I_ROOTPW)) {
if (def_rootpw) {
if ((pw = sudo_getpwuid(0)) == NULL)
log_error(0, "uid 0 does not exist in the passwd file!");
} else if (def_ival(I_RUNASPW)) {
if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEFAULT))) == NULL)
} else if (def_runaspw) {
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
log_error(0, "user %s does not exist in the passwd file!",
def_str(I_RUNAS_DEFAULT));
} else if (def_ival(I_TARGETPW)) {
def_runas_default);
} else if (def_targetpw) {
if (**user_runas == '#') {
if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL)
log_error(0, "uid %s does not exist in the passwd file!",

178
sudo.tab.c
View File

@@ -1,10 +1,10 @@
#ifndef lint
/*static char yysccsid[] = "from: @(#)yaccpar 1.9 (Berkeley) 02/21/93";*/
static char yyrcsid[]
#if __GNUC__ == 2
#if __GNUC__ >= 2
__attribute__ ((unused))
#endif /* __GNUC__ == 2 */
= "$OpenBSD: skeleton.c,v 1.19 2002/12/03 21:34:21 mickey Exp $";
#endif /* __GNUC__ >= 2 */
= "$OpenBSD: skeleton.c,v 1.22 2003/11/25 20:00:15 espie Exp $";
#endif
#include <stdlib.h>
#define YYBYACC 1
@@ -18,7 +18,7 @@ static char yyrcsid[]
#define YYPREFIX "yy"
#line 2 "parse.yacc"
/*
* Copyright (c) 1996, 1998-2001 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1996, 1998-2003 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* This code is derived from software contributed by Chris Jepeway.
@@ -51,6 +51,10 @@ static char yyrcsid[]
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/*
@@ -141,7 +145,7 @@ int top = 0, stacksize = 0;
match[top].cmnd = -1; \
match[top].host = -1; \
match[top].runas = -1; \
match[top].nopass = def_flag(I_AUTHENTICATE) ? -1 : TRUE; \
match[top].nopass = def_authenticate ? -1 : TRUE; \
top++; \
} while (0)
@@ -227,14 +231,14 @@ yyerror(s)
}
parse_error = TRUE;
}
#line 214 "parse.yacc"
#line 218 "parse.yacc"
typedef union {
char *string;
int BOOLEAN;
struct sudo_command command;
int tok;
} YYSTYPE;
#line 238 "sudo.tab.c"
#line 242 "sudo.tab.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
@@ -642,7 +646,7 @@ short *yyss;
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
#line 865 "parse.yacc"
#line 869 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
@@ -829,13 +833,13 @@ list_matches()
} while ((p = strtok(NULL, ", ")));
(void) fputs(") ", stdout);
} else {
(void) printf("(%s) ", def_str(I_RUNAS_DEFAULT));
(void) printf("(%s) ", def_runas_default);
}
/* Is a password required? */
if (cm_list[count].nopasswd == TRUE && def_flag(I_AUTHENTICATE))
if (cm_list[count].nopasswd == TRUE && def_authenticate)
(void) fputs("NOPASSWD: ", stdout);
else if (cm_list[count].nopasswd == FALSE && !def_flag(I_AUTHENTICATE))
else if (cm_list[count].nopasswd == FALSE && !def_authenticate)
(void) fputs("PASSWD: ", stdout);
/* Print the actual command or expanded Cmnd_Alias. */
@@ -992,7 +996,7 @@ init_parser()
if (printmatches == TRUE)
expand_match_list();
}
#line 944 "sudo.tab.c"
#line 948 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
@@ -1186,85 +1190,85 @@ yyreduce:
switch (yyn)
{
case 3:
#line 265 "parse.yacc"
#line 269 "parse.yacc"
{ ; }
break;
case 4:
#line 267 "parse.yacc"
#line 271 "parse.yacc"
{ yyerrok; }
break;
case 5:
#line 268 "parse.yacc"
#line 272 "parse.yacc"
{ push; }
break;
case 6:
#line 268 "parse.yacc"
#line 272 "parse.yacc"
{
while (top && user_matches != TRUE)
pop;
}
break;
case 7:
#line 273 "parse.yacc"
{ ; }
break;
case 8:
#line 275 "parse.yacc"
{ ; }
break;
case 9:
#line 277 "parse.yacc"
{ ; }
break;
case 10:
case 8:
#line 279 "parse.yacc"
{ ; }
break;
case 11:
case 9:
#line 281 "parse.yacc"
{ ; }
break;
case 10:
#line 283 "parse.yacc"
{ ; }
break;
case 11:
#line 285 "parse.yacc"
{ ; }
break;
case 13:
#line 287 "parse.yacc"
#line 291 "parse.yacc"
{
defaults_matches = TRUE;
}
break;
case 14:
#line 290 "parse.yacc"
#line 294 "parse.yacc"
{ push; }
break;
case 15:
#line 290 "parse.yacc"
#line 294 "parse.yacc"
{
defaults_matches = user_matches;
pop;
}
break;
case 16:
#line 294 "parse.yacc"
#line 298 "parse.yacc"
{ push; }
break;
case 17:
#line 294 "parse.yacc"
#line 298 "parse.yacc"
{
defaults_matches = yyvsp[0].BOOLEAN == TRUE;
pop;
}
break;
case 18:
#line 298 "parse.yacc"
#line 302 "parse.yacc"
{ push; }
break;
case 19:
#line 298 "parse.yacc"
#line 302 "parse.yacc"
{
defaults_matches = host_matches;
pop;
}
break;
case 22:
#line 308 "parse.yacc"
#line 312 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, TRUE)) {
@@ -1275,7 +1279,7 @@ case 22:
}
break;
case 23:
#line 316 "parse.yacc"
#line 320 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, FALSE)) {
@@ -1286,7 +1290,7 @@ case 23:
}
break;
case 24:
#line 324 "parse.yacc"
#line 328 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, TRUE)) {
@@ -1298,7 +1302,7 @@ case 24:
}
break;
case 25:
#line 333 "parse.yacc"
#line 337 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '+')) {
@@ -1310,7 +1314,7 @@ case 25:
}
break;
case 26:
#line 342 "parse.yacc"
#line 346 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '-')) {
@@ -1322,7 +1326,7 @@ case 26:
}
break;
case 29:
#line 357 "parse.yacc"
#line 361 "parse.yacc"
{
/*
* We already did a push if necessary in
@@ -1331,34 +1335,34 @@ case 29:
*/
host_matches = -1;
runas_matches = -1;
if (def_flag(I_AUTHENTICATE))
if (def_authenticate)
no_passwd = -1;
else
no_passwd = TRUE;
}
break;
case 30:
#line 372 "parse.yacc"
#line 376 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = yyvsp[0].BOOLEAN;
}
break;
case 31:
#line 376 "parse.yacc"
#line 380 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
host_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 32:
#line 382 "parse.yacc"
#line 386 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
case 33:
#line 385 "parse.yacc"
#line 389 "parse.yacc"
{
if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE;
@@ -1368,7 +1372,7 @@ case 33:
}
break;
case 34:
#line 392 "parse.yacc"
#line 396 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, user_host, user_shost, NULL))
yyval.BOOLEAN = TRUE;
@@ -1378,7 +1382,7 @@ case 34:
}
break;
case 35:
#line 399 "parse.yacc"
#line 403 "parse.yacc"
{
if (hostname_matches(user_shost, user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
@@ -1388,7 +1392,7 @@ case 35:
}
break;
case 36:
#line 406 "parse.yacc"
#line 410 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
@@ -1413,7 +1417,7 @@ case 36:
}
break;
case 39:
#line 434 "parse.yacc"
#line 438 "parse.yacc"
{
/*
* Push the entry onto the stack if it is worth
@@ -1441,14 +1445,14 @@ case 39:
}
break;
case 40:
#line 461 "parse.yacc"
#line 465 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = yyvsp[0].BOOLEAN;
}
break;
case 41:
#line 465 "parse.yacc"
#line 469 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1460,14 +1464,14 @@ case 41:
}
break;
case 42:
#line 473 "parse.yacc"
#line 477 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
cmnd_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 43:
#line 479 "parse.yacc"
#line 483 "parse.yacc"
{
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
@@ -1489,21 +1493,21 @@ case 43:
*/
if (runas_matches == -1)
runas_matches = (strcmp(*user_runas,
def_str(I_RUNAS_DEFAULT)) == 0);
def_runas_default) == 0);
}
break;
case 44:
#line 502 "parse.yacc"
#line 506 "parse.yacc"
{
runas_matches = (yyvsp[0].BOOLEAN == TRUE ? TRUE : FALSE);
}
break;
case 45:
#line 507 "parse.yacc"
#line 511 "parse.yacc"
{ ; }
break;
case 46:
#line 508 "parse.yacc"
#line 512 "parse.yacc"
{
/* Later entries override earlier ones. */
if (yyvsp[0].BOOLEAN != -1)
@@ -1513,11 +1517,11 @@ case 46:
}
break;
case 47:
#line 517 "parse.yacc"
#line 521 "parse.yacc"
{ ; }
break;
case 48:
#line 518 "parse.yacc"
#line 522 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1529,14 +1533,14 @@ case 48:
}
break;
case 49:
#line 526 "parse.yacc"
#line 530 "parse.yacc"
{
/* Set $$ to the negation of runasuser */
yyval.BOOLEAN = (yyvsp[0].BOOLEAN == -1 ? -1 : ! yyvsp[0].BOOLEAN);
}
break;
case 50:
#line 532 "parse.yacc"
#line 536 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1553,7 +1557,7 @@ case 50:
}
break;
case 51:
#line 546 "parse.yacc"
#line 550 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1570,7 +1574,7 @@ case 51:
}
break;
case 52:
#line 560 "parse.yacc"
#line 564 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1587,7 +1591,7 @@ case 52:
}
break;
case 53:
#line 574 "parse.yacc"
#line 578 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
@@ -1619,7 +1623,7 @@ case 53:
}
break;
case 54:
#line 603 "parse.yacc"
#line 607 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1632,7 +1636,7 @@ case 54:
}
break;
case 55:
#line 615 "parse.yacc"
#line 619 "parse.yacc"
{
/* Inherit NOPASSWD/PASSWD status. */
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1645,7 +1649,7 @@ case 55:
}
break;
case 56:
#line 625 "parse.yacc"
#line 629 "parse.yacc"
{
no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1654,7 +1658,7 @@ case 56:
}
break;
case 57:
#line 631 "parse.yacc"
#line 635 "parse.yacc"
{
no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
@@ -1663,7 +1667,7 @@ case 57:
}
break;
case 58:
#line 639 "parse.yacc"
#line 643 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
@@ -1683,7 +1687,7 @@ case 58:
}
break;
case 59:
#line 656 "parse.yacc"
#line 660 "parse.yacc"
{
aliasinfo *aip;
@@ -1715,7 +1719,7 @@ case 59:
}
break;
case 60:
#line 685 "parse.yacc"
#line 689 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
@@ -1744,11 +1748,11 @@ case 60:
}
break;
case 63:
#line 717 "parse.yacc"
#line 721 "parse.yacc"
{ push; }
break;
case 64:
#line 717 "parse.yacc"
#line 721 "parse.yacc"
{
if ((host_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
@@ -1759,7 +1763,7 @@ case 64:
}
break;
case 69:
#line 735 "parse.yacc"
#line 739 "parse.yacc"
{
push;
if (printmatches == TRUE) {
@@ -1772,7 +1776,7 @@ case 69:
}
break;
case 70:
#line 744 "parse.yacc"
#line 748 "parse.yacc"
{
if ((cmnd_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
@@ -1787,11 +1791,11 @@ case 70:
}
break;
case 71:
#line 758 "parse.yacc"
#line 762 "parse.yacc"
{ ; }
break;
case 75:
#line 766 "parse.yacc"
#line 770 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
@@ -1803,7 +1807,7 @@ case 75:
}
break;
case 76:
#line 774 "parse.yacc"
#line 778 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
@@ -1817,11 +1821,11 @@ case 76:
}
break;
case 79:
#line 791 "parse.yacc"
#line 795 "parse.yacc"
{ push; }
break;
case 80:
#line 791 "parse.yacc"
#line 795 "parse.yacc"
{
if ((user_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
@@ -1833,21 +1837,21 @@ case 80:
}
break;
case 83:
#line 806 "parse.yacc"
#line 810 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = yyvsp[0].BOOLEAN;
}
break;
case 84:
#line 810 "parse.yacc"
#line 814 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 85:
#line 816 "parse.yacc"
#line 820 "parse.yacc"
{
if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
@@ -1857,7 +1861,7 @@ case 85:
}
break;
case 86:
#line 823 "parse.yacc"
#line 827 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name))
yyval.BOOLEAN = TRUE;
@@ -1867,7 +1871,7 @@ case 86:
}
break;
case 87:
#line 830 "parse.yacc"
#line 834 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
@@ -1877,7 +1881,7 @@ case 87:
}
break;
case 88:
#line 837 "parse.yacc"
#line 841 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
@@ -1902,12 +1906,12 @@ case 88:
}
break;
case 89:
#line 859 "parse.yacc"
#line 863 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
#line 1859 "sudo.tab.c"
#line 1863 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;

12
visudo.c
View File

@@ -259,7 +259,7 @@ main(argc, argv)
if (find_path(UserEditor, &Editor, getenv("PATH")) == FOUND) {
UserEditor = Editor;
} else {
if (def_flag(I_ENV_EDITOR)) {
if (def_env_editor) {
/* If we are honoring $EDITOR this is a fatal error. */
warnx("specified editor (%s) doesn't exist!", UserEditor);
Exit(-1);
@@ -275,7 +275,7 @@ main(argc, argv)
* we allow any $EDITOR or because $EDITOR is in the allowable list.
*/
Editor = EditorPath = NULL;
if (def_flag(I_ENV_EDITOR) && UserEditor)
if (def_env_editor && UserEditor)
Editor = UserEditor;
else if (UserEditor) {
struct stat editor_sb;
@@ -287,7 +287,7 @@ main(argc, argv)
warn("unable to stat editor (%s)", UserEditor);
Exit(-1);
}
EditorPath = estrdup(def_str(I_EDITOR));
EditorPath = estrdup(def_editor);
Editor = strtok(EditorPath, ":");
do {
/*
@@ -317,13 +317,13 @@ main(argc, argv)
}
/*
* Can't use $EDITOR, try each element of I_EDITOR until we
* Can't use $EDITOR, try each element of def_editor until we
* find one that exists, is regular, and is executable.
*/
if (Editor == NULL || *Editor == '\0') {
if (EditorPath != NULL)
free(EditorPath);
EditorPath = estrdup(def_str(I_EDITOR));
EditorPath = estrdup(def_editor);
Editor = strtok(EditorPath, ":");
do {
if (sudo_goodpath(Editor))
@@ -332,7 +332,7 @@ main(argc, argv)
/* Bleah, none of the editors existed! */
if (Editor == NULL || *Editor == '\0') {
warnx("no editor found (editor path = %s)", def_str(I_EDITOR));
warnx("no editor found (editor path = %s)", def_editor);
Exit(-1);
}
}