This patch will upgrade Sudo version 1.6.9 patchlevel 10 to Sudo version 1.6.9 patchlevel 11. To apply: $ cd sudo-1.6.9p10 $ patch -p1 < sudo-1.6.9p11.patch diff -ur sudo-1.6.9p10/CHANGES sudo-1.6.9p11/CHANGES --- sudo-1.6.9p10/CHANGES Wed Dec 19 14:30:55 2007 +++ sudo-1.6.9p11/CHANGES Sat Jan 5 18:57:26 2008 @@ -2015,3 +2015,17 @@ in addition to the existing start_tls support. Sudo 1.6.9p10 released. + +637) Fixed a compilation problem on SCO related to how they + store the high resolution timestamps in struct stat. + +638) Avoid checking the passwd file group multiple times + in the LDAP query when the user's passwd group is also + listed in the supplemental group vector. + +639) The URI specifier can now be used in ldap.conf even when + the LDAP SDK doesn't support ldap_initialize(). + +640) New %p prompt escape that expands to the user whose password + is being prompted, as specified by the rootpw, targetpw and + runaspw sudoers flags. Based on a diff from Patrick Schoenfeld. diff -ur sudo-1.6.9p10/Makefile.in sudo-1.6.9p11/Makefile.in --- sudo-1.6.9p10/Makefile.in Mon Dec 17 14:18:14 2007 +++ sudo-1.6.9p11/Makefile.in Sat Jan 5 18:31:51 2008 @@ -20,7 +20,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.246.2.21 2007/12/17 19:18:14 millert Exp $ +# $Sudo: Makefile.in,v 1.246.2.22 2008/01/05 23:31:51 millert Exp $ # #### Start of system configuration section. #### @@ -131,7 +131,7 @@ LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p10 +VERSION = 1.6.9p11 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ diff -ur sudo-1.6.9p10/README.LDAP sudo-1.6.9p11/README.LDAP --- sudo-1.6.9p10/README.LDAP Wed Dec 19 16:37:35 2007 +++ sudo-1.6.9p11/README.LDAP Sat Jan 5 17:06:44 2008 @@ -210,15 +210,19 @@ Make sure you sudoers_base matches exactly with the location you specified when you imported the sudoers. Below is an example /etc/ldap.conf - # Either specify a URI or host and port. - # If neither is specified sudo will default to localhost port 389. + # Either specify one or more URIs or one or more host:port pairs. + # If neither is specified sudo will default to localhost, port 389. + # #host ldapserver + #host ldapserver1 ldapserver2:390 + # + # Default port if host is specified without one, defaults to 389. #port 389 # - # URI will override host & port settings but only works with LDAP - # SDK's that support ldap_initialize() such as OpenLDAP. + # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver + #uri ldaps://secureldapserver ldap://ldapserver # # must be set or sudo will ignore LDAP sudoers_base ou=SUDOers,dc=example,dc=com diff -ur sudo-1.6.9p10/check.c sudo-1.6.9p11/check.c --- sudo-1.6.9p10/check.c Fri Jul 6 15:52:13 2007 +++ sudo-1.6.9p11/check.c Sat Jan 5 18:59:42 2008 @@ -63,7 +63,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.9 2007/07/06 19:52:13 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.10 2008/01/05 23:59:42 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -206,6 +206,16 @@ len += strlen(user_host) - 2; subst = 1; break; + case 'p': + p++; + if (def_rootpw) + len += 2; + else if (def_targetpw || def_runaspw) + len += strlen(*user_runas) - 2; + else + len += strlen(user_name) - 2; + subst = 1; + break; case 'u': p++; len += strlen(user_name) - 2; @@ -245,6 +255,18 @@ n = strlcpy(np, user_host, np - endp); if (n >= np - endp) goto oflow; + np += n; + continue; + case 'p': + p++; + if (def_rootpw) + n = strlcpy(np, "root", np - endp); + else if (def_targetpw || def_runaspw) + n = strlcpy(np, *user_runas, np - endp); + else + n = strlcpy(np, user_name, np - endp); + if (n >= np - endp) + goto oflow; np += n; continue; case 'u': diff -ur sudo-1.6.9p10/config.h.in sudo-1.6.9p11/config.h.in --- sudo-1.6.9p10/config.h.in Wed Dec 19 13:12:36 2007 +++ sudo-1.6.9p11/config.h.in Sat Jan 5 16:54:59 2008 @@ -374,6 +374,9 @@ /* Define to 1 if your struct stat has an st_mtim member */ #undef HAVE_ST_MTIM +/* Define to 1 if your struct stat uses an st__tim union */ +#undef HAVE_ST__TIM + /* Define to 1 if your struct stat has an st_mtimespec member */ #undef HAVE_ST_MTIMESPEC @@ -635,8 +638,13 @@ * so the last 3 digits of tv_nsec are not significant. */ #ifdef HAVE_ST_MTIM -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# ifdef HAVE_ST__TIM +# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# else +# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# endif #else # ifdef HAVE_ST_MTIMESPEC # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) diff -ur sudo-1.6.9p10/configure sudo-1.6.9p11/configure --- sudo-1.6.9p10/configure Wed Dec 19 10:42:43 2007 +++ sudo-1.6.9p11/configure Wed Jan 2 12:27:44 2008 @@ -17660,7 +17660,107 @@ #define HAVE_ST_MTIM 1 _ACEOF + { echo "$as_me:$LINENO: checking for struct stat.st_mtim.st__tim" >&5 +echo $ECHO_N "checking for struct stat.st_mtim.st__tim... $ECHO_C" >&6; } +if test "${ac_cv_member_struct_stat_st_mtim_st__tim+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static struct stat ac_aggr; +if (ac_aggr.st_mtim.st__tim) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_stat_st_mtim_st__tim=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static struct stat ac_aggr; +if (sizeof ac_aggr.st_mtim.st__tim) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_member_struct_stat_st_mtim_st__tim=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_member_struct_stat_st_mtim_st__tim=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_mtim_st__tim" >&5 +echo "${ECHO_T}$ac_cv_member_struct_stat_st_mtim_st__tim" >&6; } +if test $ac_cv_member_struct_stat_st_mtim_st__tim = yes; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_ST__TIM 1 +_ACEOF + +fi + +else { echo "$as_me:$LINENO: checking for struct stat.st_mtimespec" >&5 echo $ECHO_N "checking for struct stat.st_mtimespec... $ECHO_C" >&6; } if test "${ac_cv_member_struct_stat_st_mtimespec+set}" = set; then @@ -23928,6 +24028,8 @@ ;; esac fi + + diff -ur sudo-1.6.9p10/configure.in sudo-1.6.9p11/configure.in --- sudo-1.6.9p10/configure.in Wed Dec 19 14:29:29 2007 +++ sudo-1.6.9p11/configure.in Sat Jan 5 17:02:59 2008 @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.413.2.34 2007/12/19 19:29:29 millert Exp $ +dnl $Sudo: configure.in,v 1.413.2.36 2008/01/03 16:05:42 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl @@ -1719,7 +1719,9 @@ ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) if test X"$ac_cv_type_struct_timespec" != X"no"; then - AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) + AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] + [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], + [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) AC_MSG_CHECKING([for two-parameter timespecsub]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[struct timespec ts1, ts2; @@ -2431,6 +2433,7 @@ AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) +AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) @@ -2471,8 +2474,13 @@ * so the last 3 digits of tv_nsec are not significant. */ #ifdef HAVE_ST_MTIM -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# ifdef HAVE_ST__TIM +# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# else +# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) +# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# endif #else # ifdef HAVE_ST_MTIMESPEC # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) diff -ur sudo-1.6.9p10/ldap.c sudo-1.6.9p11/ldap.c --- sudo-1.6.9p10/ldap.c Wed Dec 19 14:29:32 2007 +++ sudo-1.6.9p11/ldap.c Sat Jan 5 18:27:10 2008 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2005 Todd C. Miller + * Copyright (c) 2003-2008 Todd C. Miller * * This code is derived from software contributed by Aaron Spangler. * @@ -45,6 +45,7 @@ # include #endif /* HAVE_UNISTD_H */ #include +#include #include #include #include @@ -65,7 +66,7 @@ #include "parse.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.28 2007/12/19 19:29:32 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.11.2.32 2008/01/05 23:27:10 millert Exp $"; #endif /* lint */ #ifndef LINE_MAX @@ -183,7 +184,128 @@ static void sudo_ldap_close __P((LDAP *)); static LDAP *sudo_ldap_open __P((void)); +#ifndef HAVE_LDAP_INITIALIZE /* + * For each uri, convert to host:port pairs. For ldaps:// enable SSL + * Accepts: uris of the form ldap:/// or ldap://hostname:portnum/ + * where the trailing slash is optional. + */ +static int +sudo_ldap_parse_uri(uri_list) + const char *uri_list; +{ + char *buf, *uri, *host, *cp, *port; + char hostbuf[LINE_MAX]; + int nldap = 0, nldaps = 0; + int rc = -1; + + buf = estrdup(uri_list); + hostbuf[0] = '\0'; + for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) { + if (strncasecmp(uri, "ldap://", 7) == 0) { + nldap++; + host = uri + 7; + } else if (strncasecmp(uri, "ldaps://", 8) == 0) { + nldaps++; + host = uri + 8; + } else { + warnx("unsupported LDAP uri type: %s", uri); + goto done; + } + + /* trim optional trailing slash */ + if ((cp = strrchr(host, '/')) != NULL && cp[1] == '\0') { + *cp = '\0'; + } + + if (hostbuf[0] != '\0') { + if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + } + + if (*host == '\0') + host = "localhost"; /* no host specified, use localhost */ + + if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + + /* If using SSL and no port specified, add port 636 */ + if (nldaps) { + if ((port = strrchr(host, ':')) == NULL || !isdigit(port[1])) + if (strlcat(hostbuf, ":636", sizeof(hostbuf)) >= sizeof(hostbuf)) + goto toobig; + } + } + if (hostbuf[0] == '\0') { + warnx("invalid uri: %s", uri_list); + goto done; + } + + if (nldaps != 0) { + if (nldap != 0) { + warnx("cannot mix ldap and ldaps URIs"); + goto done; + } + if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { + warnx("cannot mix ldaps and starttls"); + goto done; + } + ldap_conf.ssl_mode = SUDO_LDAP_SSL; + } + + free(ldap_conf.host); + ldap_conf.host = estrdup(hostbuf); + rc = 0; + +done: + efree(buf); + return(rc); + +toobig: + errx(1, "sudo_ldap_parse_uri: out of space building hostbuf"); +} +#endif /* HAVE_LDAP_INITIALIZE */ + +static int +sudo_ldap_init(ldp, host, port) + LDAP **ldp; + const char *host; + int port; +{ + LDAP *ld = NULL; + int rc = LDAP_CONNECT_ERROR; + +#ifdef HAVE_LDAPSSL_INIT + if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { + DPRINTF(("ldapssl_clientauth_init(%s, %s)", + ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", + ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); + rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, + ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); + if (rc != LDAP_SUCCESS) { + warnx("unable to initialize SSL cert and key db: %s", + ldapssl_err2string(rc)); + goto done; + } + + DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2); + if ((ld = ldapssl_init(host, port, 1)) == NULL) + goto done; + } else +#endif + { + DPRINTF(("ldap_init(%s, %d)", host, port), 2); + if ((ld = ldap_init(host, port)) == NULL) + goto done; + } + rc = LDAP_SUCCESS; + +done: + *ldp = ld; + return(rc); +} + +/* * Walk through search results and return TRUE if we have a matching * netgroup, else FALSE. */ @@ -509,6 +631,8 @@ /* Append supplementary groups */ for (i = 0; i < user_ngroups; i++) { + if (user_groups[i] == user_gid) + continue; if ((grp = getgrgid(user_groups[i])) != NULL) { ncat(&b, &sz, "(sudoUser=%"); ncat(&b, &sz, grp -> gr_name); @@ -641,12 +765,9 @@ if (ldap_conf.debug > 1) { fprintf(stderr, "LDAP Config Summary\n"); fprintf(stderr, "===================\n"); -#ifdef HAVE_LDAP_INITIALIZE if (ldap_conf.uri) { fprintf(stderr, "uri %s\n", ldap_conf.uri); - } else -#endif - { + } else { fprintf(stderr, "host %s\n", ldap_conf.host ? ldap_conf.host : "(NONE)"); fprintf(stderr, "port %d\n", ldap_conf.port); @@ -695,8 +816,19 @@ ldap_conf.ssl_mode = SUDO_LDAP_SSL; } +#ifndef HAVE_LDAP_INITIALIZE + /* Convert uri list to host list if no ldap_initialize(). */ + if (ldap_conf.uri) { + if (sudo_ldap_parse_uri(ldap_conf.uri) != 0) + return(FALSE); + free(ldap_conf.uri); + ldap_conf.uri = NULL; + ldap_conf.port = LDAP_PORT; + } +#endif + /* Use port 389 for plaintext LDAP and port 636 for SSL LDAP */ - if (ldap_conf.port < 0) + if (!ldap_conf.uri && ldap_conf.port < 0) ldap_conf.port = ldap_conf.ssl_mode == SUDO_LDAP_SSL ? LDAPS_PORT : LDAP_PORT; @@ -894,7 +1026,7 @@ ldap_err2string(rc)); return(-1); } - + DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)\n"), 1); } #endif return(0); @@ -912,46 +1044,17 @@ if (!sudo_ldap_read_config()) return(NULL); -#ifdef HAVE_LDAPSSL_INIT - if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { - DPRINTF(("ldapssl_clientauth_init(%s, %s)", - ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL", - ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2); - rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL, - ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL); - if (rc != LDAP_SUCCESS) { - warnx("unable to initialize SSL cert and key db: %s", - ldapssl_err2string(rc)); - return(NULL); - } - } -#endif /* HAVE_LDAPSSL_INIT */ - /* Connect to LDAP server */ #ifdef HAVE_LDAP_INITIALIZE - if (ldap_conf.uri) { + if (ldap_conf.uri != NULL) { DPRINTF(("ldap_initialize(ld, %s)", ldap_conf.uri), 2); rc = ldap_initialize(&ld, ldap_conf.uri); - if (rc != LDAP_SUCCESS) { - warnx("unable to initialize LDAP: %s", ldap_err2string(rc)); - return(NULL); - } } else #endif /* HAVE_LDAP_INITIALIZE */ - { -#ifdef HAVE_LDAPSSL_INIT - DPRINTF(("ldapssl_init(%s, %d, %d)", ldap_conf.host, ldap_conf.port, - ldap_conf.ssl_mode == SUDO_LDAP_SSL), 2); - ld = ldapssl_init(ldap_conf.host, ldap_conf.port, - ldap_conf.ssl_mode == SUDO_LDAP_SSL); -#else - DPRINTF(("ldap_init(%s, %d)", ldap_conf.host, ldap_conf.port), 2); - ld = ldap_init(ldap_conf.host, ldap_conf.port); -#endif /* HAVE_LDAPSSL_INIT */ - if (ld == NULL) { - warn("unable to initialize LDAP"); - return(NULL); - } + rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); + if (rc != LDAP_SUCCESS) { + warnx("unable to initialize LDAP: %s", ldap_err2string(rc)); + return(NULL); } /* Set LDAP options */ Binary files sudo-1.6.9p10/sudo.cat and sudo-1.6.9p11/sudo.cat differ diff -ur sudo-1.6.9p10/sudo.man.in sudo-1.6.9p11/sudo.man.in --- sudo-1.6.9p10/sudo.man.in Mon Dec 17 17:11:10 2007 +++ sudo-1.6.9p11/sudo.man.in Sat Jan 5 18:59:42 2008 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.29.2.17 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: sudo.man.in,v 1.29.2.19 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -339,6 +339,11 @@ .el .IP "\f(CW%h\fR" 4 .IX Item "%h" expanded to the local hostname without the domain name +.ie n .IP "%p" 4 +.el .IP "\f(CW%p\fR" 4 +.IX Item "%p" +expanded to the user whose password is being asked for (respects the +\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR) .ie n .IP "%U" 4 .el .IP "\f(CW%U\fR" 4 .IX Item "%U" diff -ur sudo-1.6.9p10/sudo.pod sudo-1.6.9p11/sudo.pod --- sudo-1.6.9p10/sudo.pod Wed Nov 21 14:26:39 2007 +++ sudo-1.6.9p11/sudo.pod Sat Jan 5 18:59:42 2008 @@ -19,7 +19,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudo.pod,v 1.70.2.19 2007/11/21 19:26:10 millert Exp $ +$Sudo: sudo.pod,v 1.70.2.20 2008/01/05 23:59:42 millert Exp $ =pod =head1 NAME @@ -237,6 +237,11 @@ =item C<%h> expanded to the local hostname without the domain name + +=item C<%p> + +expanded to the user whose password is being asked for (respects the +I, I and I flags in I) =item C<%U> Binary files sudo-1.6.9p10/sudoers.cat and sudo-1.6.9p11/sudoers.cat differ diff -ur sudo-1.6.9p10/sudoers.man.in sudo-1.6.9p11/sudoers.man.in --- sudo-1.6.9p10/sudoers.man.in Mon Dec 17 17:11:10 2007 +++ sudo-1.6.9p11/sudoers.man.in Sat Jan 5 18:59:42 2008 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.45.2.19 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: sudoers.man.in,v 1.45.2.21 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -903,6 +903,11 @@ .el .IP "\f(CW%h\fR" 4 .IX Item "%h" expanded to the local hostname without the domain name +.ie n .IP "%p" 4 +.el .IP "\f(CW%p\fR" 4 +.IX Item "%p" +expanded to the user whose password is being asked for (respects the +\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR) .ie n .IP "%U" 4 .el .IP "\f(CW%U\fR" 4 .IX Item "%U" diff -ur sudo-1.6.9p10/sudoers.pod sudo-1.6.9p11/sudoers.pod --- sudo-1.6.9p10/sudoers.pod Sun Dec 2 12:13:52 2007 +++ sudo-1.6.9p11/sudoers.pod Sat Jan 5 18:59:42 2008 @@ -19,7 +19,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.95.2.22 2007/12/02 17:13:52 millert Exp $ +$Sudo: sudoers.pod,v 1.95.2.23 2008/01/05 23:59:42 millert Exp $ =pod =head1 NAME @@ -785,6 +785,11 @@ =item C<%h> expanded to the local hostname without the domain name + +=item C<%p> + +expanded to the user whose password is being asked for (respects the +I, I and I flags in I) =item C<%U> diff -ur sudo-1.6.9p10/version.h sudo-1.6.9p11/version.h --- sudo-1.6.9p10/version.h Mon Dec 17 14:18:14 2007 +++ sudo-1.6.9p11/version.h Sat Jan 5 18:31:52 2008 @@ -17,12 +17,12 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: version.h,v 1.66.2.13 2007/12/17 19:18:14 millert Exp $ + * $Sudo: version.h,v 1.66.2.14 2008/01/05 23:31:52 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p10"; +static const char version[] = "1.6.9p11"; #endif /* _SUDO_VERSION_H */ Binary files sudo-1.6.9p10/visudo.cat and sudo-1.6.9p11/visudo.cat differ diff -ur sudo-1.6.9p10/visudo.man.in sudo-1.6.9p11/visudo.man.in --- sudo-1.6.9p10/visudo.man.in Mon Dec 17 17:11:10 2007 +++ sudo-1.6.9p11/visudo.man.in Sat Jan 5 18:59:42 2008 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.14 2007/12/17 22:11:10 millert Exp $ +.\" $Sudo: visudo.man.in,v 1.20.2.16 2008/01/05 23:59:42 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 .\" .\" Standard preamble: @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "December 17, 2007" "1.6.9p10" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "January 5, 2008" "1.6.9p11" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS"