mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 07:15:27 +00:00
Code Issues Releases Wiki Activity

Add "listpw" and "verifypw" options.

Browse Source
This commit is contained in:
Todd C. Miller
2000-01-17 04:05:18 +00:00
parent a597c4ad55
commit f68cc2f628
5 changed files with 104 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
defaults.c
View File

@@ -106,6 +106,7 @@ static int store_str __P((char *, struct sudo_defs_types *, int));
static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
static int store_mode __P((char *, struct sudo_defs_types *, int)); static int store_mode __P((char *, struct sudo_defs_types *, int));
static int store_pwflag __P((char *, struct sudo_defs_types *, int));
/* /*
* Table describing compile-time and run-time options. * Table describing compile-time and run-time options.
@@ -225,6 +226,16 @@ struct sudo_defs_types sudo_defs_table[] = {
}, { }, {
"secure_path", T_STR|T_BOOL, "secure_path", T_STR|T_BOOL,
"Value to override user's $PATH with: %s" "Value to override user's $PATH with: %s"
}, {
"listpw_i", T_INT, NULL
}, {
"verifypw_i", T_INT, NULL
}, {
"listpw", T_PWFLAG,
"When to require a password for 'list' pseudocommand: %s"
}, {
"verifypw", T_PWFLAG,
"When to require a password for 'verify' pseudocommand: %s"
}, { }, {
NULL, 0, NULL NULL, 0, NULL
} }
@@ -248,6 +259,7 @@ dump_defaults()
case T_STR: case T_STR:
case T_LOGFAC: case T_LOGFAC:
case T_LOGPRI: case T_LOGPRI:
case T_PWFLAG:
if (cur->sd_un.str) { if (cur->sd_un.str) {
(void) printf(cur->desc, cur->sd_un.str); (void) printf(cur->desc, cur->sd_un.str);
putchar('\n'); putchar('\n');
@@ -355,6 +367,19 @@ set_default(var, val, op)
return(FALSE); return(FALSE);
} }
break; break;
case T_PWFLAG:
if (!store_pwflag(val, cur, op)) {
if (val)
(void) fprintf(stderr,
"%s: value '%s' is invalid for option '%s'\n", Argv[0],
val, var);
else
(void) fprintf(stderr,
"%s: no value specified for `%s' on line %d\n", Argv[0],
var, sudolineno);
return(FALSE);
}
break;
case T_STR: case T_STR:
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
@@ -447,6 +472,7 @@ init_defaults()
case T_STR: case T_STR:
case T_LOGFAC: case T_LOGFAC:
case T_LOGPRI: case T_LOGPRI:
case T_PWFLAG:
if (def->sd_un.str) { if (def->sd_un.str) {
free(def->sd_un.str); free(def->sd_un.str);
def->sd_un.str = NULL; def->sd_un.str = NULL;
@@ -509,6 +535,10 @@ init_defaults()
(void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE);
#endif #endif
/* Password flags also have a string and integer component. */
(void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE);
(void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE);
/* Then initialize the int-like things. */ /* Then initialize the int-like things. */
#ifdef SUDO_UMASK #ifdef SUDO_UMASK
def_mode(I_UMASK) = SUDO_UMASK; def_mode(I_UMASK) = SUDO_UMASK;
@@ -598,8 +628,10 @@ store_syslogfac(val, def, op)
struct strmap *fac; struct strmap *fac;
if (op == FALSE) { if (op == FALSE) {
free(def->sd_un.str); if (def->sd_un.str) {
def->sd_un.str = NULL; free(def->sd_un.str);
def->sd_un.str = NULL;
}
return(TRUE); return(TRUE);
} }
#ifdef LOG_NFACILITIES #ifdef LOG_NFACILITIES
@@ -679,3 +711,50 @@ store_mode(val, def, op)
} }
return(TRUE); return(TRUE);
} }
static int
store_pwflag(val, def, op)
char *val;
struct sudo_defs_types *def;
int op;
{
int isub, flags;
if (strcmp(def->name, "verifypw") == 0)
isub = I_VERIFYPW;
else
isub = I_LISTPW;
/* Handle !foo. */
if (op == FALSE) {
if (def->sd_un.str) {
free(def->sd_un.str);
def->sd_un.str = NULL;
}
def->sd_un.str = estrdup("never");
sudo_defs_table[isub].sd_un.ival = PWCHECK_NEVER;
return(TRUE);
}
if (!val)
return(FALSE);
/* Convert strings to integer values. */
if (strcmp(val, "all") == 0)
flags = PWCHECK_ALL;
else if (strcmp(val, "any") == 0)
flags = PWCHECK_ANY;
else if (strcmp(val, "never") == 0)
flags = PWCHECK_NEVER;
else if (strcmp(val, "always") == 0)
flags = PWCHECK_ALWAYS;
else
return(FALSE);
/* Store both name and number. */
if (def->sd_un.str)
free(def->sd_un.str);
def->sd_un.str = estrdup(val);
sudo_defs_table[isub].sd_un.ival = flags;
return(TRUE);
}

10
defaults.h
View File

@@ -69,6 +69,8 @@ struct sudo_defs_types {
#define T_LOGFAC 0x005 #define T_LOGFAC 0x005
#undef T_LOGPRI #undef T_LOGPRI
#define T_LOGPRI 0x006 #define T_LOGPRI 0x006
#undef T_PWFLAG
#define T_PWFLAG 0x007
#undef T_MASK #undef T_MASK
#define T_MASK 0x0FF #define T_MASK 0x0FF
#undef T_BOOL #undef T_BOOL
@@ -129,6 +131,14 @@ struct sudo_defs_types {
#define I_RUNAS_DEF 37 /* default user to run commands as */ #define I_RUNAS_DEF 37 /* default user to run commands as */
#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */ #define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
/* Integer versions of list/verify options */
#define I_LISTPW 39
#define I_VERIFYPW 40
/* String versions of list/verify options */
#define I_LISTPWSTR 41
#define I_VERIFYPWSTR 42
/* /*
* Macros for accessing sudo_defs_table. * Macros for accessing sudo_defs_table.
*/ */

14
parse.c
View File

@@ -129,7 +129,7 @@ sudoers_lookup(pwflags)
init_parser(); init_parser();
/* For most pwflags to be useful we need to keep more state around. */ /* For most pwflags to be useful we need to keep more state around. */
if (pwflags && !(pwflags & PWCHECK_NEVER)) if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS)
keepall = TRUE; keepall = TRUE;
/* Need to be root while stat'ing things in the parser. */ /* Need to be root while stat'ing things in the parser. */
@@ -167,7 +167,7 @@ sudoers_lookup(pwflags)
if (pwflags) { if (pwflags) {
int nopass, found; int nopass, found;
if ((pwflags & PWCHECK_NEVER) || !def_flag(I_AUTHENTICATE)) if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))
nopass = FLAG_NOPASS; nopass = FLAG_NOPASS;
else else
nopass = -1; nopass = -1;
@@ -175,12 +175,10 @@ sudoers_lookup(pwflags)
while (top) { while (top) {
if (host_matches == TRUE) { if (host_matches == TRUE) {
found = 1; found = 1;
if (!(pwflags & PWCHECK_RUNAS) || runas_matches == TRUE) { if (pwflags == PWCHECK_ANY && no_passwd == TRUE)
if ((pwflags & PWCHECK_ANY) && no_passwd == TRUE) nopass = FLAG_NOPASS;
nopass = FLAG_NOPASS; else if (pwflags == PWCHECK_ALL && nopass != 0)
else if ((pwflags & PWCHECK_ALL) && nopass != 0) nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;
}
} }
top--; top--;
} }

4
sudo.c
View File

@@ -237,7 +237,7 @@ main(argc, argv)
break; break;
case MODE_VALIDATE: case MODE_VALIDATE:
user_cmnd = "validate"; user_cmnd = "validate";
sudoers_flags = PWCHECK_ALL | PWCHECK_RUNAS; sudoers_flags = def_ival(I_VERIFYPW);
break; break;
case MODE_KILL: case MODE_KILL:
case MODE_INVALIDATE: case MODE_INVALIDATE:
@@ -251,7 +251,7 @@ main(argc, argv)
case MODE_LIST: case MODE_LIST:
user_cmnd = "list"; user_cmnd = "list";
printmatches = 1; printmatches = 1;
sudoers_flags = PWCHECK_ANY; sudoers_flags = def_ival(I_LISTPW);
break; break;
} }

10
sudo.h
View File

@@ -149,12 +149,12 @@ struct sudo_user {
* PASSWD_NEVER: user never has to give a passwd * PASSWD_NEVER: user never has to give a passwd
* PASSWD_ALL: no passwd needed if all entries for host have NOPASSWD flag * PASSWD_ALL: no passwd needed if all entries for host have NOPASSWD flag
* PASSWD_ANY: no passwd needed if any entry for host has a NOPASSWD flag * PASSWD_ANY: no passwd needed if any entry for host has a NOPASSWD flag
* PWCHECK_RUNAS: require that runas_matches be TRUE * PASSWD_ALWAYS: passwd always needed
*/ */
#define PWCHECK_NEVER 001 #define PWCHECK_NEVER 0x01
#define PWCHECK_ALL 002 #define PWCHECK_ALL 0x02
#define PWCHECK_ANY 004 #define PWCHECK_ANY 0x04
#define PWCHECK_RUNAS 010 #define PWCHECK_ALWAYS 0x08
/* /*
* Function prototypes * Function prototypes