=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/defaults.c,v retrieving revision 1.2 retrieving revision 1.3 diff -c -r1.2 -r1.3 *** src/usr.bin/sudo/Attic/defaults.c 1999/12/10 06:45:11 1.2 --- src/usr.bin/sudo/Attic/defaults.c 2000/01/24 04:22:53 1.3 *************** *** 1,5 **** /* ! * Copyright (c) 1999 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without --- 1,5 ---- /* ! * Copyright (c) 1999-2000 Todd C. Miller * All rights reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 53,59 **** #include "sudo.h" #ifndef lint ! static const char rcsid[] = "$Sudo: defaults.c,v 1.13 1999/12/02 20:31:24 millert Exp $"; #endif /* lint */ /* --- 53,59 ---- #include "sudo.h" #ifndef lint ! static const char rcsid[] = "$Sudo: defaults.c,v 1.17 2000/01/17 23:46:24 millert Exp $"; #endif /* lint */ /* *************** *** 106,235 **** static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); static int store_mode __P((char *, struct sudo_defs_types *, int)); /* * Table describing compile-time and run-time options. */ struct sudo_defs_types sudo_defs_table[] = { { ! "syslog_ifac", T_INT, { 0 }, ! NULL }, { ! "syslog_igoodpri", T_INT, { 0 }, ! NULL }, { ! "syslog_ibadpri", T_INT, { 0 }, ! NULL }, { ! "syslog", T_LOGFAC|T_BOOL, { 0 }, "Syslog facility if syslog is being used for logging: %s" }, { ! "syslog_goodpri", T_LOGPRI, { 0 }, "Syslog priority to use when user authenticates successfully: %s" }, { ! "syslog_badpri", T_LOGPRI, { 0 }, "Syslog priority to use when user authenticates unsuccessfully: %s" }, { ! "long_otp_prompt", T_FLAG, { 0 }, "Put OTP prompt on its own line" }, { ! "ignore_dot", T_FLAG, { 0 }, "Ignore '.' in $PATH" }, { ! "mail_always", T_FLAG, { 0 }, "Always send mail when sudo is run" }, { ! "mail_no_user", T_FLAG, { 0 }, "Send mail if the user is not in sudoers" }, { ! "mail_no_host", T_FLAG, { 0 }, "Send mail if the user is not in sudoers for this host" }, { ! "mail_no_perms", T_FLAG, { 0 }, "Send mail if the user is not allowed to run a command" }, { ! "tty_tickets", T_FLAG, { 0 }, "Use a separate timestamp for each user/tty combo" }, { ! "lecture", T_FLAG, { 0 }, "Lecture user the first time they run sudo" }, { ! "authenticate", T_FLAG, { 0 }, "Require users to authenticate by default" }, { ! "root_sudo", T_FLAG, { 0 }, "Root may run sudo" }, { ! "log_host", T_FLAG, { 0 }, "Log the hostname in the (non-syslog) log file" }, { ! "log_year", T_FLAG, { 0 }, "Log the year in the (non-syslog) log file" }, { ! "set_home", T_FLAG, { 0 }, "Set $HOME to the target user when starting a shell with -s" }, { ! "path_info", T_FLAG, { 0 }, "Allow some information gathering to give useful error messages" }, { ! "fqdn", T_FLAG, { 0 }, "Require fully-qualified hsotnames in the sudoers file" }, { ! "insults", T_FLAG, { 0 }, "Insult the user when they enter an incorrect password" }, { ! "requiretty", T_FLAG, { 0 }, "Only allow the user to run sudo if they have a tty" }, { ! "loglinelen", T_INT|T_BOOL, { 0 }, "Length at which to wrap log file lines (0 for no wrap): %d" }, { ! "timestamp_timeout", T_INT|T_BOOL, { 0 }, "Authentication timestamp timeout: %d minutes" }, { ! "passwd_timeout", T_INT|T_BOOL, { 0 }, "Password prompt timeout: %d minutes" }, { ! "passwd_tries", T_INT, { 0 }, "Number of tries to enter a password: %d" }, { ! "umask", T_MODE|T_BOOL, { 0 }, "Umask to use or 0777 to use user's: 0%o" }, { ! "logfile", T_STR|T_BOOL|T_PATH, { 0 }, "Path to log file: %s" }, { ! "mailerpath", T_STR|T_BOOL|T_PATH, { 0 }, "Path to mail program: %s" }, { ! "mailerflags", T_STR|T_BOOL, { 0 }, "Flags for mail program: %s" }, { ! "mailto", T_STR|T_BOOL, { 0 }, "Address to send mail to: %s" }, { ! "mailsub", T_STR, { 0 }, "Subject line for mail messages: %s" }, { ! "badpass_message", T_STR, { 0 }, "Incorrect password message: %s" }, { ! "timestampdir", T_STR|T_PATH, { 0 }, "Path to authentication timestamp dir: %s" }, { ! "exempt_group", T_STR|T_BOOL, { 0 }, "Users in this group are exempt from password and PATH requirements: %s" }, { ! "passprompt", T_STR, { 0 }, "Default password prompt: %s" }, { ! "runas_default", T_STR, { 0 }, "Default user to run commands as: %s" }, { ! "secure_path", T_STR|T_BOOL, { 0 }, "Value to override user's $PATH with: %s" }, { ! NULL, 0, { 0 }, NULL } }; --- 106,246 ---- static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); static int store_mode __P((char *, struct sudo_defs_types *, int)); + static int store_pwflag __P((char *, struct sudo_defs_types *, int)); /* * Table describing compile-time and run-time options. */ struct sudo_defs_types sudo_defs_table[] = { { ! "syslog_ifac", T_INT, NULL }, { ! "syslog_igoodpri", T_INT, NULL }, { ! "syslog_ibadpri", T_INT, NULL }, { ! "syslog", T_LOGFAC|T_BOOL, "Syslog facility if syslog is being used for logging: %s" }, { ! "syslog_goodpri", T_LOGPRI, "Syslog priority to use when user authenticates successfully: %s" }, { ! "syslog_badpri", T_LOGPRI, "Syslog priority to use when user authenticates unsuccessfully: %s" }, { ! "long_otp_prompt", T_FLAG, "Put OTP prompt on its own line" }, { ! "ignore_dot", T_FLAG, "Ignore '.' in $PATH" }, { ! "mail_always", T_FLAG, "Always send mail when sudo is run" }, { ! "mail_no_user", T_FLAG, "Send mail if the user is not in sudoers" }, { ! "mail_no_host", T_FLAG, "Send mail if the user is not in sudoers for this host" }, { ! "mail_no_perms", T_FLAG, "Send mail if the user is not allowed to run a command" }, { ! "tty_tickets", T_FLAG, "Use a separate timestamp for each user/tty combo" }, { ! "lecture", T_FLAG, "Lecture user the first time they run sudo" }, { ! "authenticate", T_FLAG, "Require users to authenticate by default" }, { ! "root_sudo", T_FLAG, "Root may run sudo" }, { ! "log_host", T_FLAG, "Log the hostname in the (non-syslog) log file" }, { ! "log_year", T_FLAG, "Log the year in the (non-syslog) log file" }, { ! "shell_noargs", T_FLAG, ! "If sudo is invoked with no arguments, start a shell" ! }, { ! "set_home", T_FLAG, "Set $HOME to the target user when starting a shell with -s" }, { ! "path_info", T_FLAG, "Allow some information gathering to give useful error messages" }, { ! "fqdn", T_FLAG, "Require fully-qualified hsotnames in the sudoers file" }, { ! "insults", T_FLAG, "Insult the user when they enter an incorrect password" }, { ! "requiretty", T_FLAG, "Only allow the user to run sudo if they have a tty" }, { ! "loglinelen", T_INT|T_BOOL, "Length at which to wrap log file lines (0 for no wrap): %d" }, { ! "timestamp_timeout", T_INT|T_BOOL, "Authentication timestamp timeout: %d minutes" }, { ! "passwd_timeout", T_INT|T_BOOL, "Password prompt timeout: %d minutes" }, { ! "passwd_tries", T_INT, "Number of tries to enter a password: %d" }, { ! "umask", T_MODE|T_BOOL, "Umask to use or 0777 to use user's: 0%o" }, { ! "logfile", T_STR|T_BOOL|T_PATH, "Path to log file: %s" }, { ! "mailerpath", T_STR|T_BOOL|T_PATH, "Path to mail program: %s" }, { ! "mailerflags", T_STR|T_BOOL, "Flags for mail program: %s" }, { ! "mailto", T_STR|T_BOOL, "Address to send mail to: %s" }, { ! "mailsub", T_STR, "Subject line for mail messages: %s" }, { ! "badpass_message", T_STR, "Incorrect password message: %s" }, { ! "timestampdir", T_STR|T_PATH, "Path to authentication timestamp dir: %s" }, { ! "exempt_group", T_STR|T_BOOL, "Users in this group are exempt from password and PATH requirements: %s" }, { ! "passprompt", T_STR, "Default password prompt: %s" }, { ! "runas_default", T_STR, "Default user to run commands as: %s" }, { ! "secure_path", T_STR|T_BOOL, "Value to override user's $PATH with: %s" }, { ! "listpw_i", T_INT, NULL ! }, { ! "verifypw_i", T_INT, NULL ! }, { ! "listpw", T_PWFLAG, ! "When to require a password for 'list' pseudocommand: %s" ! }, { ! "verifypw", T_PWFLAG, ! "When to require a password for 'verify' pseudocommand: %s" ! }, { ! NULL, 0, NULL } }; *************** *** 251,256 **** --- 262,268 ---- case T_STR: case T_LOGFAC: case T_LOGPRI: + case T_PWFLAG: if (cur->sd_un.str) { (void) printf(cur->desc, cur->sd_un.str); putchar('\n'); *************** *** 358,363 **** --- 370,388 ---- return(FALSE); } break; + case T_PWFLAG: + if (!store_pwflag(val, cur, op)) { + if (val) + (void) fprintf(stderr, + "%s: value '%s' is invalid for option '%s'\n", Argv[0], + val, var); + else + (void) fprintf(stderr, + "%s: no value specified for `%s' on line %d\n", Argv[0], + var, sudolineno); + return(FALSE); + } + break; case T_STR: if (!val) { /* Check for bogus boolean usage or lack of a value. */ *************** *** 450,455 **** --- 475,481 ---- case T_STR: case T_LOGFAC: case T_LOGPRI: + case T_PWFLAG: if (def->sd_un.str) { free(def->sd_un.str); def->sd_un.str = NULL; *************** *** 492,497 **** --- 518,526 ---- #ifdef HOST_IN_LOG def_flag(I_LOG_HOST) = TRUE; #endif + #ifdef SHELL_IF_NO_ARGS + def_flag(I_SHELL_NOARGS) = TRUE; + #endif #ifdef SHELL_SETS_HOME def_flag(I_SET_HOME) = TRUE; #endif *************** *** 512,517 **** --- 541,550 ---- (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); #endif + /* Password flags also have a string and integer component. */ + (void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE); + (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE); + /* Then initialize the int-like things. */ #ifdef SUDO_UMASK def_mode(I_UMASK) = SUDO_UMASK; *************** *** 601,608 **** struct strmap *fac; if (op == FALSE) { ! free(def->sd_un.str); ! def->sd_un.str = NULL; return(TRUE); } #ifdef LOG_NFACILITIES --- 634,643 ---- struct strmap *fac; if (op == FALSE) { ! if (def->sd_un.str) { ! free(def->sd_un.str); ! def->sd_un.str = NULL; ! } return(TRUE); } #ifdef LOG_NFACILITIES *************** *** 680,684 **** --- 715,766 ---- return(FALSE); def->sd_un.mode = (mode_t)l; } + return(TRUE); + } + + static int + store_pwflag(val, def, op) + char *val; + struct sudo_defs_types *def; + int op; + { + int isub, flags; + + if (strcmp(def->name, "verifypw") == 0) + isub = I_VERIFYPW; + else + isub = I_LISTPW; + + /* Handle !foo. */ + if (op == FALSE) { + if (def->sd_un.str) { + free(def->sd_un.str); + def->sd_un.str = NULL; + } + def->sd_un.str = estrdup("never"); + sudo_defs_table[isub].sd_un.ival = PWCHECK_NEVER; + return(TRUE); + } + if (!val) + return(FALSE); + + /* Convert strings to integer values. */ + if (strcmp(val, "all") == 0) + flags = PWCHECK_ALL; + else if (strcmp(val, "any") == 0) + flags = PWCHECK_ANY; + else if (strcmp(val, "never") == 0) + flags = PWCHECK_NEVER; + else if (strcmp(val, "always") == 0) + flags = PWCHECK_ALWAYS; + else + return(FALSE); + + /* Store both name and number. */ + if (def->sd_un.str) + free(def->sd_un.str); + def->sd_un.str = estrdup(val); + sudo_defs_table[isub].sd_un.ival = flags; + return(TRUE); }