mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 07:15:27 +00:00
Code Issues Releases Wiki Activity

o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS.

Browse Source 
It turns out the old DES crypt does the right thing with passwords
   longert than 8 characters.
 o Fix common typo (necesary -> necessary)
 o Update TODO list
This commit is contained in:
Todd C. Miller
1999-05-14 16:30:14 +00:00
parent 6b91a87a9f
commit 850a52aa6f
11 changed files with 56 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@@ -43,7 +43,7 @@ CHANGES from sudo 1.2 (unofficial version)
15) Ported to Solaris 2.x (based on a port of sudo 1.1 done by UnixOps). 15) Ported to Solaris 2.x (based on a port of sudo 1.1 done by UnixOps).
16) Took out setuid(0); setruid(uid); pairs that bracketed calls to 16) Took out setuid(0); setruid(uid); pairs that bracketed calls to
update_timestamp() since they are unnecesary and setruid() is update_timestamp() since they are unnecessary and setruid() is
broken on systems without a setreuid(2) or setresuid(2) system call. broken on systems without a setreuid(2) or setresuid(2) system call.
(Ie: AIX and Solaris 2.x). (Ie: AIX and Solaris 2.x).
@@ -95,7 +95,7 @@ CHANGES from sudo 1.3
32) Now use sysconf(2) instead of getdtablesize(2) if it is available 32) Now use sysconf(2) instead of getdtablesize(2) if it is available
(see change #31). Because of the the getdtablesize() emulation for (see change #31). Because of the the getdtablesize() emulation for
hpux is no longer necesary. hpux is no longer necessary.
33) Now only do a getcwd(3) or getwd(3) once and do it as the real user. 33) Now only do a getcwd(3) or getwd(3) once and do it as the real user.
Sudo should no longer complain that it can't get the cwd unless Sudo should no longer complain that it can't get the cwd unless
@@ -357,7 +357,7 @@ CHANGES from sudo 1.3.1pl4
validated but before the exec(). validated but before the exec().
118) Now update timestamp file via utime() (and emulate via utimes() 118) Now update timestamp file via utime() (and emulate via utimes()
if necesary) to eliminate a small race. Works with if necessary) to eliminate a small race. Works with
both POSIX utime() as well as old utime() in BSD <= 4.3. both POSIX utime() as well as old utime() in BSD <= 4.3.
119) Kerberos ticket file now lives in same dirs as sudo timestamp 119) Kerberos ticket file now lives in same dirs as sudo timestamp
@@ -567,7 +567,7 @@ CHANGES from sudo 1.4
instead of a flat string to make wildcard matching simpler. instead of a flat string to make wildcard matching simpler.
177) Added NewArgv and NewArgc that describe the command to be 177) Added NewArgv and NewArgc that describe the command to be
executed. The copy of args in cmnd_args is no longer necesary executed. The copy of args in cmnd_args is no longer necessary
and has been removed. and has been removed.
178) Using strcmp(3) for argument matching in command_matches() 178) Using strcmp(3) for argument matching in command_matches()
@@ -705,7 +705,7 @@ CHANGES from sudo 1.4.3
215) Fixed a core dump problem when built with -DSHELL_IF_NO_ARGS. 215) Fixed a core dump problem when built with -DSHELL_IF_NO_ARGS.
216) Fixed 2 typos in parse.yacc and removed some unnecesary if's. 216) Fixed 2 typos in parse.yacc and removed some unnecessary if's.
217) Now always use install-sh since SunOS install can't do uid/gid's. 217) Now always use install-sh since SunOS install can't do uid/gid's.
Other BSD installs are probably similarly afflicted. Other BSD installs are probably similarly afflicted.
@@ -1063,3 +1063,5 @@ Sudo 1.5.9 released.
333) Stash the "safe" path to the command instead of stashing the struct 333) Stash the "safe" path to the command instead of stashing the struct
stat. Should be safer. stat. Should be safer.
334) Now set $LOGNAME in addition to $USER.

3
INSTALL
View File

@@ -516,6 +516,9 @@ Digital UNIX:
#ifdef __cplusplus #ifdef __cplusplus
to: to:
#if defined(__cplusplus) || defined(__GNUC__) #if defined(__cplusplus) || defined(__GNUC__)
If you don't like the idea of editing the system header file
you can just make a copy in gcc's private include tree and
edit that.
Linux: Linux:
One person reported that he needed to run configure with One person reported that he needed to run configure with

42
TODO
View File

@@ -11,53 +11,51 @@ TODO list (most will be addressed in the next rewrite)
05) Add a -h (?) flag to sudo for a history mechanism. 05) Add a -h (?) flag to sudo for a history mechanism.
06) Make parse.lex in the same coding style as everything else... 06) Add an option to hard-code LD_LIBRARY_PATH?
07) Add an option to hard-code LD_LIBRARY_PATH? 07) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
08) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). 08) check for <net/errno.h> in configure and include it in sudo.c if it exists.
09) check for <net/errno.h> in configure and include it in sudo.c if it exists. 09) Add generic STREAMS support for getting interfaces and netmasks.
10) Add generic STREAMS support for getting interfaces and netmasks. 10) Do all the environment variable additions in one fell swoop for
11) Do all the environment variable additions in one fell swoop for
efficiency and speed. efficiency and speed.
12) Catch/ignore signals in sudo? 11) Catch/ignore signals in sudo?
13) Make -p work with -v and -l in any order. 12) Add support for "safe scripts" by checking for shell script
14) Add support for "safe scripts" by checking for shell script
cookie (first two bytes are "#!") and execing the shell outselves cookie (first two bytes are "#!") and execing the shell outselves
after doing the stat to guard against spoofing. This should avoid after doing the stat to guard against spoofing. This should avoid
the race condition caused by going through namei() twice... the race condition caused by going through namei() twice...
15) Sudo should not allow someone with a nil password to run commands. 13) Sudo should not allow someone with a nil password to run commands.
16) Overhaul testsudoers to use parse.o so we don't reimplement things. 14) Overhaul testsudoers to use parse.o so we don't reimplement things.
17) Make runas_user a struct "runas" with user and group components. 15) Make runas_user a struct "runas" with user and group components.
(make uid and gid too???) (make uid and gid too???)
18) Add -g group/gid option. 16) Add -g group/gid option.
19) Should be able to mix Cmnd_Alias's and command args. Ie: 17) Should be able to mix Cmnd_Alias's and command args. Ie:
pete ALL=PASSWD [A-z]*,!PASSWD root pete ALL=PASSWD [A-z]*,!PASSWD root
where PASSWD was defined to be /usr/bin/passwd. where PASSWD was defined to be /usr/bin/passwd.
This requires the arg parsing to happen in the yacc grammer. This requires the arg parsing to happen in the yacc grammer.
20) Add a per-tty restriction? Ie: only can run foo from /dev/console. 18) Add a per-tty restriction? Ie: only can run foo from /dev/console.
21) Use popen.c instead of rolling own in logging.c 19) Use popen.c instead of rolling own in logging.c
Need to make popen.c portable first... Need to make popen.c portable first...
22) Add test for how to read ether interfaces in configure script 20) Add test for how to read ether interfaces in configure script
23) Add configure check for $(CC) -R and use it in addition to -L 21) Add configure check for $(CC) -R and use it in addition to -L
24) An option to make "sudo -s" use the target user's shell might be nice 22) An option to make "sudo -s" use the target user's shell might be nice
(and more like su). (and more like su).
25) Sudo should have a separate error message for when the user is in sudoers 23) Sudo should have a separate error message for when the user is in sudoers
but not allowed to run stuff on that host, and send mail. but not allowed to run stuff on that host, and send mail.
24) Break authentication stuff out of check.c into auth.c

2
check.c
View File

@@ -595,7 +595,7 @@ check_passwd()
char *pass; /* this is what gets entered */ char *pass; /* this is what gets entered */
int counter = TRIES_FOR_PASSWORD; int counter = TRIES_FOR_PASSWORD;
#if defined(HAVE_KERB4) && defined(USE_GETPASS) #if defined(HAVE_KERB4) && defined(USE_GETPASS)
char kpass[_PASSWD_LEN + 1]; char kpass[SUDO_PASS_MAX + 1];
#endif /* HAVE_KERB4 && USE_GETPASS */ #endif /* HAVE_KERB4 && USE_GETPASS */
#ifdef HAVE_AUTHENTICATE #ifdef HAVE_AUTHENTICATE
char *message; char *message;

29
compat.h
View File

@@ -93,31 +93,12 @@
#endif #endif
/* /*
* We need to know how long the longest password may be. * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
* For alternate password schemes we need longer passwords. * but that caused problems with various alternate authentication
* This is a bit, ummm, gross but necesary. * methods. So, we just define our own and assume that it is >= the
* system max.
*/ */
#if defined(HAVE_KERB4) || defined(HAVE_AFS) || defined(HAVE_DCE) || defined(HAVE_SKEY) || defined(HAVE_OPIE) #define SUDO_PASS_MAX 256
# undef _PASSWD_LEN
# define _PASSWD_LEN 256
#else
# ifdef HAVE_GETPRPWNAM
# undef _PASSWD_LEN
# define _PASSWD_LEN AUTH_MAX_PASSWD_LENGTH
# else
# ifndef _PASSWD_LEN
# ifdef PASS_MAX
# define _PASSWD_LEN PASS_MAX
# else
# if (SHADOW_TYPE != SPW_NONE)
# define _PASSWD_LEN 24
# else
# define _PASSWD_LEN 8
# endif /* SHADOW_TYPE != SPW_NONE */
# endif /* PASS_MAX */
# endif /* !_PASSWD_LEN */
# endif /* HAVE_GETPRPWNAM */
#endif /* HAVE_KERB4 || HAVE_AFS || HAVE_DCE || HAVE_SKEY || HAVE_OPIE */
/* /*
* Some OS's lack these * Some OS's lack these

2
getspwuid.c
View File

@@ -23,7 +23,7 @@
* This module contains sudo_getpwuid(), a function that * This module contains sudo_getpwuid(), a function that
* Makes a dynamic copy of the struct passwd returned by * Makes a dynamic copy of the struct passwd returned by
* getpwuid() and substitutes the shadow password if * getpwuid() and substitutes the shadow password if
* necesary. * necessary.
* *
* Todd C. Miller Mon Nov 20 13:53:06 MST 1995 * Todd C. Miller Mon Nov 20 13:53:06 MST 1995
*/ */

6
logging.c
View File

@@ -86,7 +86,7 @@ extern int errorlineno;
* syslog_wrapper() * syslog_wrapper()
* *
* This function logs via syslog w/ a priority and 3 strings args. * This function logs via syslog w/ a priority and 3 strings args.
* It really shouldn't be necesary but some syslog()'s don't * It really shouldn't be necessary but some syslog()'s don't
* guarantee that the syslog() operation will succeed! * guarantee that the syslog() operation will succeed!
*/ */
@@ -154,7 +154,7 @@ log_error(code)
/* /*
* we will skip this stuff when using syslog(3) but it is * we will skip this stuff when using syslog(3) but it is
* necesary for mail and file logs. * necessary for mail and file logs.
*/ */
now = time((time_t) 0); now = time((time_t) 0);
p = ctime(&now) + 4; p = ctime(&now) + 4;
@@ -321,7 +321,7 @@ log_error(code)
#endif /* Syslog_facility */ #endif /* Syslog_facility */
/* /*
* Log the full line, breaking into multiple syslog(3) calls if necesary * Log the full line, breaking into multiple syslog(3) calls if necessary
*/ */
p = &logline[header_length]; /* skip past the date, host, and user */ p = &logline[header_length]; /* skip past the date, host, and user */
for (count = 0; count < strlen(logline) / MAXSYSLOGLEN + 1; count++) { for (count = 0; count < strlen(logline) / MAXSYSLOGLEN + 1; count++) {

10
parse.yacc
View File

@@ -559,7 +559,7 @@ cmndalias : ALIAS {
push; push;
if (printmatches == TRUE) { if (printmatches == TRUE) {
in_alias = TRUE; in_alias = TRUE;
/* Allocate space for ga_list if necesary. */ /* Allocate space for ga_list if necessary. */
expand_ga_list(); expand_ga_list();
ga_list[ga_list_len-1].alias = estrdup($1); ga_list[ga_list_len-1].alias = estrdup($1);
} }
@@ -587,7 +587,7 @@ runasalias : ALIAS {
push; push;
if (printmatches == TRUE) { if (printmatches == TRUE) {
in_alias = TRUE; in_alias = TRUE;
/* Allocate space for ga_list if necesary. */ /* Allocate space for ga_list if necessary. */
expand_ga_list(); expand_ga_list();
ga_list[ga_list_len-1].alias = estrdup($1); ga_list[ga_list_len-1].alias = estrdup($1);
} }
@@ -936,7 +936,7 @@ append(src, dstp, dst_len, dst_size, separator)
*dstp = dst; *dstp = dst;
} }
/* Allocate more space if necesary. */ /* Allocate more space if necessary. */
if (*dst_size <= *dst_len + src_len) { if (*dst_size <= *dst_len + src_len) {
while (*dst_size <= *dst_len + src_len) while (*dst_size <= *dst_len + src_len)
*dst_size += BUFSIZ; *dst_size += BUFSIZ;
@@ -977,7 +977,7 @@ reset_aliases()
* *
* expand_ga_list() * expand_ga_list()
* *
* This function increments ga_list_len, allocating more space as necesary. * This function increments ga_list_len, allocating more space as necessary.
*/ */
static void static void
@@ -998,7 +998,7 @@ expand_ga_list()
* *
* expand_match_list() * expand_match_list()
* *
* This function increments cm_list_len, allocating more space as necesary. * This function increments cm_list_len, allocating more space as necessary.
*/ */
static void static void

4
sudo.c
View File

@@ -412,8 +412,8 @@ load_globals(sudo_mode)
/* /*
* Get a local copy of the user's struct passwd with the shadow password * Get a local copy of the user's struct passwd with the shadow password
* if necesary. It is assumed that euid is 0 at this point so we * if necessary. It is assumed that euid is 0 at this point so we
* can read the shadow passwd file if necesary. * can read the shadow passwd file if necessary.
*/ */
if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) { if ((user_pw_ent = sudo_getpwuid(getuid())) == NULL) {
/* need to make a fake user_pw_ent */ /* need to make a fake user_pw_ent */

10
sudo.tab.c
View File

@@ -776,7 +776,7 @@ append(src, dstp, dst_len, dst_size, separator)
*dstp = dst; *dstp = dst;
} }
/* Allocate more space if necesary. */ /* Allocate more space if necessary. */
if (*dst_size <= *dst_len + src_len) { if (*dst_size <= *dst_len + src_len) {
while (*dst_size <= *dst_len + src_len) while (*dst_size <= *dst_len + src_len)
*dst_size += BUFSIZ; *dst_size += BUFSIZ;
@@ -817,7 +817,7 @@ reset_aliases()
* *
* expand_ga_list() * expand_ga_list()
* *
* This function increments ga_list_len, allocating more space as necesary. * This function increments ga_list_len, allocating more space as necessary.
*/ */
static void static void
@@ -838,7 +838,7 @@ expand_ga_list()
* *
* expand_match_list() * expand_match_list()
* *
* This function increments cm_list_len, allocating more space as necesary. * This function increments cm_list_len, allocating more space as necessary.
*/ */
static void static void
@@ -1489,7 +1489,7 @@ case 55:
push; push;
if (printmatches == TRUE) { if (printmatches == TRUE) {
in_alias = TRUE; in_alias = TRUE;
/* Allocate space for ga_list if necesary. */ /* Allocate space for ga_list if necessary. */
expand_ga_list(); expand_ga_list();
ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string); ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
} }
@@ -1518,7 +1518,7 @@ case 61:
push; push;
if (printmatches == TRUE) { if (printmatches == TRUE) {
in_alias = TRUE; in_alias = TRUE;
/* Allocate space for ga_list if necesary. */ /* Allocate space for ga_list if necessary. */
expand_ga_list(); expand_ga_list();
ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string); ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
} }

14
tgetpass.c
View File

@@ -66,14 +66,6 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#endif /* HAVE_TERMIO_H */ #endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */ #endif /* HAVE_TERMIOS_H */
#ifdef HAVE_GETPRPWNAM
# ifdef __hpux
# include <hpsecurity.h>
# else
# include <sys/security.h>
# endif /* __hpux */
# include <prot.h> /* for AUTH_MAX_PASSWD_LENGTH */
#endif /* HAVE_GETPRPWNAM */
#include <pathnames.h> #include <pathnames.h>
#include "compat.h" #include "compat.h"
@@ -118,7 +110,7 @@ tgetpass(prompt, timeout)
#endif /* POSIX_SIGNALS */ #endif /* POSIX_SIGNALS */
int n, echo; int n, echo;
FILE *input, *output; FILE *input, *output;
static char buf[_PASSWD_LEN + 1]; static char buf[SUDO_PASS_MAX + 1];
fd_set *readfds; fd_set *readfds;
struct timeval tv; struct timeval tv;
@@ -150,7 +142,7 @@ tgetpass(prompt, timeout)
if (prompt) if (prompt)
fputs(prompt, output); fputs(prompt, output);
/* rewind if necesary */ /* rewind if necessary */
if (input == output) { if (input == output) {
(void) fflush(output); (void) fflush(output);
(void) rewind(output); (void) rewind(output);
@@ -241,7 +233,7 @@ tgetpass(prompt, timeout)
#endif /* HAVE_TERMIO_H */ #endif /* HAVE_TERMIO_H */
#endif /* HAVE_TERMIOS_H */ #endif /* HAVE_TERMIOS_H */
/* rewind if necesary */ /* rewind if necessary */
if (input == output) { if (input == output) {
(void) fflush(output); (void) fflush(output);
(void) rewind(output); (void) rewind(output);