Hi,
On Wed, Dec 05, 2007 at 08:12:57AM -0700, Bdale Garbee wrote:
> Ok, thanks to you and Francois for catching this. I don't see a better
> solution, so will implement this patch in my CVS for the next upload.
i have created a patch that lets %u respect the def_rootpw setting.
Its attached. You may want to examine it (eventually apply it)
and forward it upstream.
Best Regards
Patrick
diff -urN sudo-1.6.9p9/check.c sudo-1.6.9p9.patched/check.c
--- sudo-1.6.9p9/check.c 2007-07-06 21:52:13.000000000 +0200
+++ sudo-1.6.9p9.patched/check.c 2007-12-05 16:56:47.430628803 +0100
@@ -208,7 +208,13 @@
break;
case 'u':
p++;
- len += strlen(user_name) - 2;
+
+ if (def_rootpw) {
+ len += strlen("root") - 2;
+ } else {
+ len += strlen(user_name) - 2;
+ }
+
subst = 1;
break;
case 'U':
@@ -249,7 +255,11 @@
continue;
case 'u':
p++;
- n = strlcpy(np, user_name, np - endp);
+ if ( def_rootpw) {
+ n = strlcpy(np, "root", np - endp);
+ } else {
+ n = strlcpy(np, user_name, np - endp);
+ }
if (n >= np - endp)
goto oflow;
np += n;
diff -urN sudo-1.6.9p9/debian/rules sudo-1.6.9p9.patched/debian/rules
--- sudo-1.6.9p9/debian/rules 2007-12-05 16:57:04.000000000 +0100
+++ sudo-1.6.9p9.patched/debian/rules 2007-12-05 16:57:33.316860646 +0100
@@ -21,7 +21,7 @@
--with-logging=syslog --with-logfac=authpriv \
--with-env-editor --with-editor=/usr/bin/vi \
--with-timeout=15 --with-password-timeout=0 \
- --with-passprompt="[sudo] password for %u:" \
+ --with-passprompt="[sudo] password for %u: " \
--disable-root-mailer --disable-setresuid \
--with-sendmail=/usr/sbin/sendmail \
--mandir=/usr/share/man --libexecdir=/usr/lib/sudo \
@@ -37,7 +37,7 @@
--with-logging=syslog --with-logfac=authpriv \
--with-env-editor --with-editor=/usr/bin/vi \
--with-timeout=15 --with-password-timeout=0 \
- --with-passprompt="[sudo] password for %u:" \
+ --with-passprompt="[sudo] password for %u: " \
--disable-root-mailer --disable-setresuid \
--with-sendmail=/usr/sbin/sendmail \
--with-ldap-conf-file=/etc/ldap/ldap.conf \
