├── contrib
├── build
│ ├── mkaix52
│ ├── cleanall
│ ├── mktar
│ ├── mkrhel6
│ ├── mkhpux
│ ├── mksunos
│ ├── mkrhel7
│ ├── mkrhel345
│ └── mkaix43
├── .gitignore
├── linux
│ ├── .gitignore
│ └── op.spec
├── aix52
│ ├── .gitignore
│ ├── mkpkg
│ └── op.spec
├── hpux1100
│ ├── .gitignore
│ ├── README
│ ├── op.postremove
│ ├── op.postinstall
│ └── op.psf
├── hpux1111
│ ├── .gitignore
│ ├── README
│ ├── op.postremove
│ ├── op.postinstall
│ └── op.psf
├── solaris
│ ├── .gitignore
│ ├── README
│ ├── pkginfo
│ ├── RATPop.admin
│ ├── prototype
│ └── postinstall
├── audit
│ ├── cppcheck.cfg
│ ├── cppcheck.sh
│ └── cpplint.sh
├── mkpkg
└── aix43
│ ├── README
│ └── bos.adt.insttools
│ └── usr
│ └── lpp
│ └── bos
│ └── README.MKINSTALLP
├── NEWS
├── op.pam
├── yywrap.c
├── AUTHORS
├── .travis.yml
├── .gitignore
├── op.conf
├── op.list.in
├── autogen.sh
├── regexp.h
├── COPYING
├── Makefile.am
├── m4
├── ax_require_defined.m4
├── ax_compiler_flags_gir.m4
├── ax_is_release.m4
├── ax_append_flag.m4
├── ax_compiler_flags_ldflags.m4
├── ax_append_link_flags.m4
├── ax_append_compile_flags.m4
├── ax_check_link_flag.m4
├── ax_check_compile_flag.m4
├── ax_compiler_vendor.m4
├── ax_cflags_aix_option.m4
├── ax_compiler_flags_cflags.m4
├── ax_cflags_warn_all.m4
└── ax_compiler_flags.m4
├── strlcpy.c
├── atov.c
├── rplregex.h
├── strlcat.c
├── op.conf.complex
├── op.conf-dist
├── util.c
├── README
├── defs.h
├── rplregex.c
├── config.h.in
├── ChangeLog
├── op.1
├── configure.ac
├── lex.l
├── op.paper
└── INSTALL
/contrib/build/mkaix52:
--------------------------------------------------------------------------------
1 | mkaix43
--------------------------------------------------------------------------------
/NEWS:
--------------------------------------------------------------------------------
1 | No news is good news.
2 |
--------------------------------------------------------------------------------
/contrib/.gitignore:
--------------------------------------------------------------------------------
1 | !build/
2 |
--------------------------------------------------------------------------------
/contrib/linux/.gitignore:
--------------------------------------------------------------------------------
1 | *.rpm
2 |
--------------------------------------------------------------------------------
/contrib/aix52/.gitignore:
--------------------------------------------------------------------------------
1 | *.tar.gz
2 | usr/
3 |
--------------------------------------------------------------------------------
/contrib/hpux1100/.gitignore:
--------------------------------------------------------------------------------
1 | *.depot
2 | usr/
3 |
--------------------------------------------------------------------------------
/contrib/hpux1111/.gitignore:
--------------------------------------------------------------------------------
1 | *.depot
2 | usr/
3 |
--------------------------------------------------------------------------------
/contrib/solaris/.gitignore:
--------------------------------------------------------------------------------
1 | RATPop
2 | *.pkg
3 | usr/
4 |
--------------------------------------------------------------------------------
/op.pam:
--------------------------------------------------------------------------------
1 | #%PAM-1.0
2 | auth required pam_unix.so
3 | auth required pam_nologin.so
4 |
--------------------------------------------------------------------------------
/yywrap.c:
--------------------------------------------------------------------------------
1 | #include "config.h"
2 | #ifndef HAVE_LIBL
3 | #ifndef HAVE_LIBFL
4 | int yywrap(void);
5 | int yywrap(void)
6 | {
7 | return 1;
8 | }
9 | #endif
10 | #endif
11 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | Tom Christiansen + Dave Koblas (original authors)
2 | Howard Owen (maintainer from 1995 to 2002)
3 | Alec Thomas (current maintainer)
4 | Cyrille Lefevre (code auditing/hardening)
5 |
--------------------------------------------------------------------------------
/contrib/hpux1100/README:
--------------------------------------------------------------------------------
1 | create a datastream package named op-0.2-HP-UX.depot
2 | # /usr/sbin/swpackage -sop.psf -dop-0.2-HP-UX.depot -xtarget_type=tape
3 |
4 | install it
5 | # swinstall -s `pwd`/op-0.2-HP-UX.depot \*
6 |
7 |
--------------------------------------------------------------------------------
/contrib/hpux1111/README:
--------------------------------------------------------------------------------
1 | create a datastream package named op-0.2-HP-UX.depot
2 | # /usr/sbin/swpackage -sop.psf -dop-0.2-HP-UX.depot -xtarget_type=tape
3 |
4 | install it
5 | # swinstall -s `pwd`/op-0.2-HP-UX.depot \*
6 |
7 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: c
2 |
3 | compiler: gcc
4 |
5 | before_install:
6 | - sudo apt-get -qq update
7 | - sudo apt-get install -y xauth
8 |
9 | script:
10 | - ./configure --enable-xauth=/usr/bin/xauth && make
11 |
--------------------------------------------------------------------------------
/contrib/solaris/README:
--------------------------------------------------------------------------------
1 | copy the op binary to the bin directory
2 |
3 | # pkgmk -d `pwd`
4 | will create the package op in directory format
5 | # pkgtrans `pwd` op.pkg op
6 | will create the package op.pkg in datastream format
7 |
--------------------------------------------------------------------------------
/contrib/build/cleanall:
--------------------------------------------------------------------------------
1 | home=$HOME
2 |
3 | set -e
4 | cd $home/op
5 | rm -rf build autom4te.cache
6 | sudo rm -rf contrib/aix??/op/op/build contrib/aix??/op/op/op.template
7 | rm -rf contrib/hpux????/usr
8 | rm -rf contrib/solaris/RATPop contrib/solaris/usr
9 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.o
2 | *.old
3 | *.tar.gz
4 | .*.swp
5 | .deps/
6 | Makefile
7 | \[config.h].in
8 | audit/
9 | autom4te.cache/
10 | build/
11 | config.cache
12 | config.h
13 | config.log
14 | config.status
15 | lex.c
16 | op
17 | op.list
18 | packages/
19 | stamp-h1
20 |
--------------------------------------------------------------------------------
/contrib/build/mktar:
--------------------------------------------------------------------------------
1 | rhost=esxide@recife
2 | rdir=/home/ftp/diffusion/exploitation/op
3 | vers=1.34
4 |
5 | ssh -o LogLevel=ERROR ${rhost} \
6 | "cd ${rdir} && /usr/local/bin/tar zcf ${rdir}/op_${vers}.tar.gz *${vers}*.rpm *${vers}*.depot *${vers}*.bff *${vers}*.pkg *.admin"
7 |
--------------------------------------------------------------------------------
/contrib/solaris/pkginfo:
--------------------------------------------------------------------------------
1 | PKG="RATPop"
2 | NAME="op"
3 | CATEGORY="application"
4 | ARCH="sparc"
5 | VERSION="1.34"
6 | BASEDIR=/
7 | VENDOR="not for sale"
8 | DESC="Controlled privilege escalation (a flexible alternative to sudo)"
9 | EMAIL=""
10 | HOTLINE="Please contact your local service provider"
11 |
--------------------------------------------------------------------------------
/contrib/solaris/RATPop.admin:
--------------------------------------------------------------------------------
1 | mail=
2 | instance=overwrite
3 | partial=nocheck
4 | runlevel=nocheck
5 | idepend=quit
6 | rdepend=quit
7 | space=quit
8 | setuid=nocheck
9 | conflict=quit
10 | action=nocheck
11 | networktimeout=60
12 | networkretries=3
13 | authentication=quit
14 | keystore=/var/sadm/security
15 | proxy=
16 | basedir=default
17 |
--------------------------------------------------------------------------------
/contrib/aix52/mkpkg:
--------------------------------------------------------------------------------
1 | #!/usr/bin/sh
2 |
3 | pkg=op
4 | ver=1.34.aix52
5 | exc='op.conf$'
6 | dir=build/usr/local
7 | usr=root
8 | grp=system
9 | rdir=/home/ftp/diffusion/exploitation/op
10 | #post='chmod 700 /tmp/${pkg}_${ver}/${dir}/usr/local/etc/op.d'
11 |
12 | PATH=/usr/local/bin:$PATH # tar
13 | cd build/usr/local
14 |
15 | . ../../../../mkpkg
16 |
--------------------------------------------------------------------------------
/contrib/hpux1100/op.postremove:
--------------------------------------------------------------------------------
1 | #!/sbin/sh
2 |
3 | set -e
4 |
5 | PATH=${SW_PATH}:/sbin:/usr/bin:/usr/ccs/sbin
6 |
7 | DESTDIR=${DESTDIR:-}
8 | [ ${DESTDIR} = '/' ] && DESTDIR=
9 | LOCALDIR=/usr/local
10 | [ -n ${LOCALDIR} ] && USERDIR=${LOCALDIR} || USERDIR=/usr
11 |
12 | rm -f ${DESTDIR}${USERDIR}/bin/op ${DESTDIR}${USERDIR}/share/man/man1/op.1
13 |
14 | # eof
15 |
--------------------------------------------------------------------------------
/contrib/hpux1111/op.postremove:
--------------------------------------------------------------------------------
1 | #!/sbin/sh
2 |
3 | set -e
4 |
5 | PATH=${SW_PATH}:/sbin:/usr/bin:/usr/ccs/sbin
6 |
7 | DESTDIR=${DESTDIR:-}
8 | [ ${DESTDIR} = '/' ] && DESTDIR=
9 | LOCALDIR=/usr/local
10 | [ -n ${LOCALDIR} ] && USERDIR=${LOCALDIR} || USERDIR=/usr
11 |
12 | rm -f ${DESTDIR}${USERDIR}/bin/op ${DESTDIR}${USERDIR}/share/man/man1/op.1
13 |
14 | # eof
15 |
--------------------------------------------------------------------------------
/op.conf:
--------------------------------------------------------------------------------
1 | #
2 | # A simple example config for op(1). See the man page for more information or
3 | # op.conf.complex for a complex multi-user/multi-system configuration.
4 | #
5 |
6 | ## List of privileged users
7 | #PRIVILEGED=
8 | #
9 | #shell /bin/su -;
10 | # users=PRIVILEGED
11 | # password
12 | # environment
13 | #
14 | #shutdown /sbin/shutdown -h now;
15 | # users=PRIVILEGED
16 | #
17 | #reboot /sbin/shutdown -h now;
18 | # users=PRIVILEGED
19 |
--------------------------------------------------------------------------------
/contrib/solaris/prototype:
--------------------------------------------------------------------------------
1 | i pkginfo
2 | i postinstall
3 | d none usr ? ? ?
4 | d none usr/local/bin ? ? ?
5 | d none usr/local/etc ? ? ?
6 | d none usr/local/share ? ? ?
7 | d none usr/local/share/man ? ? ?
8 | d none usr/local/share/man/man1 ? ? ?
9 | d none usr/local/etc/op.d 0700 root sys
10 | f none usr/local/bin/op=usr/local/bin/op 4511 root sys
11 | f none usr/local/etc/op.conf-dist=usr/local/etc/op.conf-dist 0600 root sys
12 | f none usr/local/share/man/man1/op.1=usr/local/share/man/man1/op.1 0444 root bin
13 |
--------------------------------------------------------------------------------
/op.list.in:
--------------------------------------------------------------------------------
1 | %readme README
2 | %version @VERSION@
3 | %product Operator Escalation
4 | %copyright David Koblas, Howard Owen, Alec Thomas
5 | %license COPYING
6 | %vendor N/A
7 |
8 |
9 | # Directories...
10 | $prefix=/usr
11 | $exec_prefix=${prefix}
12 | $bindir=${exec_prefix}/bin
13 | $mandir=${prefix}/share/man
14 | $datadir=${prefix}/share
15 |
16 | d 755 root sys ${bindir} -
17 | f 4755 root sys ${bindir}/op op
18 |
19 | d 755 root sys /etc -
20 | d 755 root sys /etc/op.d -
21 | c 600 root sys /etc/op.conf op.conf
22 |
23 | d 755 root sys ${mandir} -
24 | d 755 root sys ${mandir}/man1 -
25 | f 644 root sys ${mandir}/man1/op.1 op.1
26 |
--------------------------------------------------------------------------------
/autogen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | set -e
4 |
5 | rm -f aclocal.m4
6 |
7 | type autoreconf268 > /dev/null 2>&1 && acversion=268 || acversion=
8 |
9 | autoreconf$acversion -f -i -v -I m4 -Wall
10 |
11 | rm -rf autom4te.cache
12 |
13 | [ -f config.cache ] && cp -f config.cache config.cache.old || touch config.cache.old
14 |
15 | [ "_$1" = _-M ] && shift && set - --enable-maintainer-mode ${1+"$@"}
16 |
17 | ./configure -C ${1+"$@"}
18 |
19 | PATH=$PATH:/usr/contrib/bin
20 | perl -pi -e 's/auto(conf|header)$/$&'"$acversion"'/ if /^AUTO(CONF|HEADER)/' Makefile
21 |
22 | diff -u config.cache.old config.cache
23 |
24 | rm -f config.cache.old
25 |
26 | exit 0
27 |
--------------------------------------------------------------------------------
/contrib/audit/cppcheck.cfg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | true
5 |
6 |
7 | true
8 |
9 |
10 | true
11 |
12 |
13 | true
14 |
15 |
16 | true
17 |
18 |
19 | true
20 |
21 |
22 | true
23 |
24 |
25 | true
26 |
27 |
28 |
--------------------------------------------------------------------------------
/contrib/build/mkrhel6:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
3 | vers=1.34
4 | dist=.el$(tr -dc 0-9 < /etc/redhat-release | cut -c 1)
5 | type xauth | grep -q X11 && x11='--with x11' || x11=
6 |
7 | set -e
8 | for pkg in rpm-build gcc glibc-devel; do
9 | rpm -q $pkg > /dev/null ||
10 | sudo yum install -y $pkg
11 | done
12 | cd $home/op
13 | mkdir -p $home/rpmbuild/SOURCES packages
14 | ln -fs $home/op/op-$vers.tar.gz $home/rpmbuild/SOURCES
15 | cd $home/op/contrib/linux
16 | rpmbuild -bb $x11 op$X.spec
17 | arch | grep -q 64 &&
18 | CC='gcc -m32' rpmbuild --target=i386-linux -bb op.spec
19 | mv $home/rpmbuild/RPMS/*/op-$vers-1$dist.*.rpm .
20 | scp -p op-$vers-1$dist.*.rpm $rdist
21 | mv op-$vers-1$dist.*.rpm $home/op/packages/
22 |
--------------------------------------------------------------------------------
/contrib/solaris/postinstall:
--------------------------------------------------------------------------------
1 | #!/sbin/sh
2 |
3 | set -e
4 |
5 | DESTDIR=${DESTDIR:-${BASEDIR:-}}
6 | [ ${DESTDIR} = '/' ] && DESTDIR=
7 | LOCALDIR=/usr/local
8 | [ -n ${LOCALDIR} ] && USERDIR=${LOCALDIR} || USERDIR=/usr
9 |
10 | CFGOWN=root
11 | CFGGRP=sys
12 |
13 | # /etc/op.conf
14 | test -f ${DESTDIR}${LOCALDIR}/etc/op.conf ||
15 | cp ${DESTDIR}${LOCALDIR}/etc/op.conf-dist ${DESTDIR}${LOCALDIR}/etc/op.conf
16 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.conf
17 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.conf
18 |
19 | # /etc/op.d/*
20 | case ${DESTDIR}${LOCALDIR}/etc/op.d/* in */\*) ;; *)
21 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
22 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
23 | esac
24 |
25 | # eof
26 |
--------------------------------------------------------------------------------
/contrib/build/mkhpux:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
3 | osrel=$(uname -r | sed 's|B.||')
4 | osver=$(uname -r | tr -d B.)
5 | vers=1.34
6 | PATH=/usr/sbin:$PATH
7 |
8 | set -e
9 | cd $home/op
10 | mkdir -p build/hpux$osver packages
11 | cd $home/op/build/hpux$osver
12 | type lex > /dev/null 2>&1 || cp ../../lex.c .
13 | ln -fs ../../op.conf-dist .
14 | egrep -q 'in +;' ../../configure &&
15 | perl -pi -e 's/in +;/in .;/' ../../configure
16 | ../../configure --enable-xauth=/usr/bin/X11/xauth
17 | make
18 | make install DESTDIR=$home/op/contrib/hpux$osver
19 | cd $home/op/contrib/hpux$osver
20 | swpackage -s op.psf -d op-$vers-HP-UX-$osrel.depot -x target_type=tape
21 | scp op-$vers-HP-UX-$osrel.depot $rdist
22 | mv op-$vers-HP-UX-$osrel.depot $home/op/packages/
23 |
--------------------------------------------------------------------------------
/contrib/build/mksunos:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
3 | vers=1.34
4 | PATH=/sbin:/usr/sbin:$PATH:/usr/openwin/bin
5 |
6 | set -e
7 | cd $home/op
8 | mkdir -p build/sunos59 packages
9 | cd $home/op/build/sunos59
10 | grep -q 'in *;' ../../configure &&
11 | perl -pi -e 's/in +;/in .;/' ../../configure
12 | ../../configure --enable-xauth=/usr/openwin/bin/xauth
13 | make
14 | make install DESTDIR=$home/op/contrib/solaris
15 | rm -f $home/op/contrib/solaris/usr/local/etc/op.conf
16 | cd $home/op/contrib/solaris
17 | pkgmk -od $PWD
18 | pkgtrans $PWD RATPop-$vers.pkg RATPop
19 | pkginfo -ld RATPop-$vers.pkg
20 | pkgchk -vd RATPop-$vers.pkg all
21 | scp -p RATPop-$vers.pkg RATPop.admin $rdist
22 | cp -p RATPop.admin $home/op/packages/
23 | mv RATPop-$vers.pkg $home/op/packages/
24 |
--------------------------------------------------------------------------------
/contrib/mkpkg:
--------------------------------------------------------------------------------
1 | [[ -n ${pkg} ]] || exit
2 |
3 | #pkg=xxx
4 | #ver=vXX.YY.ZZ
5 | ext=${ext:-tar.gz}
6 | inc=${inc:-.}
7 | exc=${exc+|${exc}}
8 | usr=${usr:-exploit}
9 | grp=${grp:-expl}
10 | dir=${dir:-${pkg}}
11 | user=${user:-esxide}
12 | host=${host:-recife}
13 | post=${post:-}
14 | rdir=${rdir:-/home/ftp/diffusion/exploitation/${pkg}/futur}
15 | now=$(date +%Y%m%d%H%M%S)
16 |
17 | sudo rm -rf /tmp/${pkg}_${ver}
18 | mkdir -p /tmp/${pkg}_${ver}/${dir}
19 | find ${inc} |
20 | egrep -v "\.#|~$|\.swp|\.gitignore|mkpkg${exc}" |
21 | cpio -pdm /tmp/${pkg}_${ver}/${dir}
22 | sudo chown -Rh ${usr}:${grp} /tmp/${pkg}_${ver}/${dir}
23 | sudo chmod -R g-s /tmp/${pkg}_${ver}/${dir}
24 | eval "${post}"
25 | sudo tar zcf /tmp/${pkg}_${ver}.${ext} -C /tmp/${pkg}_${ver} ${dir}
26 | tar zvtf /tmp/${pkg}_${ver}.${ext}
27 | sftp -o LogLevel=ERROR ${user}@${host} << EOF
28 | put /tmp/${pkg}_${ver}.${ext} ${rdir}/${pkg}_${ver}.${ext}
29 | ls -l ${rdir}
30 | quit
31 | EOF
32 | sudo rm -rf /tmp/${pkg}_${ver}
33 |
--------------------------------------------------------------------------------
/contrib/hpux1100/op.postinstall:
--------------------------------------------------------------------------------
1 | #!/sbin/sh
2 |
3 | set -e
4 |
5 | PATH=${SW_PATH}:/sbin:/usr/bin:/usr/ccs/sbin
6 |
7 | DESTDIR=${DESTDIR:-${SW_ROOT_DIRECTORY:-}}
8 | [ ${DESTDIR} = '/' ] && DESTDIR=
9 | LOCALDIR=/usr/local
10 | [ -n ${LOCALDIR} ] && USERDIR=${LOCALDIR} || USERDIR=/usr
11 |
12 | CFGOWN=root
13 | CFGGRP=root
14 |
15 | # /etc/op.conf
16 | test -f ${DESTDIR}${LOCALDIR}/etc/op.conf ||
17 | cp ${DESTDIR}${LOCALDIR}/etc/op.conf-dist ${DESTDIR}${LOCALDIR}/etc/op.conf
18 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.conf
19 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.conf
20 |
21 | # /etc/op.d
22 | test -d ${DESTDIR}${LOCALDIR}/etc/op.d ||
23 | mkdir ${DESTDIR}${LOCALDIR}/etc/op.d
24 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.d
25 | chmod 700 ${DESTDIR}${LOCALDIR}/etc/op.d
26 |
27 | # /etc/op.d/*
28 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
29 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
30 |
31 | # eof
32 |
--------------------------------------------------------------------------------
/contrib/hpux1111/op.postinstall:
--------------------------------------------------------------------------------
1 | #!/sbin/sh
2 |
3 | set -e
4 |
5 | PATH=${SW_PATH}:/sbin:/usr/bin:/usr/ccs/sbin
6 |
7 | DESTDIR=${DESTDIR:-${SW_ROOT_DIRECTORY:-}}
8 | [ ${DESTDIR} = '/' ] && DESTDIR=
9 | LOCALDIR=/usr/local
10 | [ -n ${LOCALDIR} ] && USERDIR=${LOCALDIR} || USERDIR=/usr
11 |
12 | CFGOWN=root
13 | CFGGRP=root
14 |
15 | # /etc/op.conf
16 | test -f ${DESTDIR}${LOCALDIR}/etc/op.conf ||
17 | cp ${DESTDIR}${LOCALDIR}/etc/op.conf-dist ${DESTDIR}${LOCALDIR}/etc/op.conf
18 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.conf
19 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.conf
20 |
21 | # /etc/op.d
22 | test -d ${DESTDIR}${LOCALDIR}/etc/op.d ||
23 | mkdir ${DESTDIR}${LOCALDIR}/etc/op.d
24 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.d
25 | chmod 700 ${DESTDIR}${LOCALDIR}/etc/op.d
26 |
27 | # /etc/op.d/*
28 | chown ${CFGOWN}:${CFGGRP} ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
29 | chmod 600 ${DESTDIR}${LOCALDIR}/etc/op.d/* || : set -e
30 |
31 | # eof
32 |
--------------------------------------------------------------------------------
/regexp.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Definitions etc. for regexp(3) routines.
3 | *
4 | * Caveat: this is V8 regexp(3) [actually, a reimplementation thereof],
5 | * not the System V one.
6 | */
7 | #ifndef REGEXP_DWA20011023_H
8 | # define REGEXP_DWA20011023_H
9 |
10 | #define NSUBEXP 20
11 | typedef struct regexp {
12 | char *startp[NSUBEXP];
13 | char *endp[NSUBEXP];
14 | char regstart; /* Internal use only. */
15 | char reganch; /* Internal use only. */
16 | char *regmust; /* Internal use only. */
17 | int regmlen; /* Internal use only. */
18 | char program[1]; /* Unwarranted chumminess with compiler. */
19 | } regexp;
20 |
21 | regexp *regcomp(char *exp);
22 | int regexec(regexp * prog, char *string);
23 | void regerror(char *s);
24 | void regsub(regexp * prog, char *source, char *dest);
25 |
26 | /*
27 | * The first byte of the regexp internal "program" is actually this magic
28 | * number; the start node begins in the second byte.
29 | */
30 | #define MAGIC 0234
31 |
32 | #endif
33 |
--------------------------------------------------------------------------------
/contrib/build/mkrhel7:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
3 | vers=1.34
4 | dist=.el$(tr -dc 0-9 < /etc/redhat-release | cut -c 1)
5 | type xauth | grep -q X11 && x11='--with x11' || x11=
6 |
7 | set -e
8 | for pkg in rpm-build gcc glibc-devel libasan-static; do
9 | [[ $pkg = libasan-static ]] && repo=--enablerepo=* || repo=
10 | rpm -q $pkg > /dev/null ||
11 | sudo yum install $repo -y $pkg
12 | done
13 | cd $home/op
14 | mkdir -p $home/rpmbuild/SOURCES packages
15 | ln -fs $home/op/op-$vers.tar.gz $home/rpmbuild/SOURCES
16 | cd $home/op/contrib/linux
17 | # -ba to generate debuginfo
18 | rpmbuild -bb $x11 op$X.spec
19 | # not tested... should I ?!
20 | #arch | grep -q 64 &&
21 | #CC='gcc -m32' rpmbuild --target=i386-linux -bb op.spec
22 | mv $home/rpmbuild/RPMS/*/op-$vers-1$dist.*.rpm .
23 | # mv $home/rpmbuild/RPMS/*/op-debuginfo-$vers-1$dist.*.rpm .
24 | # mv $home/rpmbuild/SRPMS/op-$vers-1$dist.*.rpm .
25 | scp -p op-$vers-1$dist.*.rpm $rdist
26 | mv op-$vers-1$dist.*.rpm $home/op/packages/
27 | # mv op-debuginfo-$vers-1$dist.*.rpm $home/op/packages/
28 |
--------------------------------------------------------------------------------
/contrib/audit/cppcheck.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/sh
2 |
3 | top=${0%/*}
4 | top=${top:-.}
5 |
6 | cppcargs=
7 | cppcargs="${cppcargs} --check-library"
8 | cppcargs="${cppcargs} --library=std"
9 | # cppcargs="${cppcargs} --library=/usr/local/share/cppcheck/gnu.cfg"
10 | cppcargs="${cppcargs} --include=/usr/local/"
11 | cppcargs="${cppcargs} --include=/usr/lib/gcc/x86_64-redhat-linux/4.4.7/include/"
12 | cppcargs="${cppcargs} --include=/usr/include/"
13 | cppcargs="${cppcargs} --platform=unix64 --inconclusive --inline-suppr"
14 | cppcargs="${cppcargs} --enable=information,style --error-exitcode=1"
15 | cppcargs="${cppcargs} --suppress=missingIncludeSystem"
16 | cppcargs="${cppcargs} --suppress=checkLibraryNoReturn"
17 | cppcargs="${cppcargs} --suppress=unreachableCode"
18 | cppcargs="${cppcargs} --template='{file}:{line}:{severity}:{id}:{message}'"
19 |
20 | cppcargs="${cppcargs} --library=${top}/cppcheck.cfg"
21 | cppcargs="${cppcargs} -DXAUTH=1" # -DHAVE_CONFIG_H
22 |
23 | args= sep=; for arg; do args="$args$sep'$arg'"; sep=' '; done
24 |
25 | eval cppcheck $cppcargs $args 2>&1
26 |
27 | exit
28 |
29 | // cppcheck-suppress
30 | // memlink
31 | // unreadVariale
32 | // ignoredReturnValue
33 | // nullPointer
34 |
--------------------------------------------------------------------------------
/COPYING:
--------------------------------------------------------------------------------
1 | Redistribution and use in source and binary forms, with or without
2 | modification, are permitted provided that the following conditions
3 | are met:
4 |
5 | 1. Redistributions of source code must retain the above copyright
6 | notice, this list of conditions and the following disclaimer.
7 | 2. Redistributions in binary form must reproduce the above copyright
8 | notice, this list of conditions and the following disclaimer in the
9 | documentation and/or other materials provided with the distribution.
10 |
11 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
12 | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
13 | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
14 | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
15 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16 | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
17 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
18 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
19 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
20 | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 |
--------------------------------------------------------------------------------
/contrib/build/mkrhel345:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
3 | vers=1.34
4 | dist=.el$(tr -dc 0-9 < /etc/redhat-release | cut -c 1)
5 | type xauth | grep -q X11 && x11='--with x11' || x11=
6 |
7 | set -e
8 | for pkg in rpm-build gcc glibc-devel; do
9 | rpm -q $pkg > /dev/null ||
10 | sudo yum install -y $pkg
11 | done
12 | grep -q %_topdir ~/.rpmmacros ||
13 | echo %_topdir $home/rpmbuild >> ~/.rpmmacros
14 | case $dist in *[45]) # bug cross compile
15 | grep -q %_sysconfdir ~/.rpmmacros ||
16 | echo %_sysconfdir /etc >> ~/.rpmmacros
17 | grep -q %_localstatedir ~/.rpmmacros ||
18 | echo %_localstatedir /var >> ~/.rpmmacros
19 | esac
20 | cd $home/op
21 | mkdir -p $home/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SPRMS} packages
22 | ln -fs $PWD/op-$vers.tar.gz $home/rpmbuild/SOURCES/
23 | cd $home/op/contrib/linux
24 | rpmbuild -D "dist $dist" -bb $x11 op.spec
25 | arch | grep -q 64 &&
26 | CC='gcc -m32' rpmbuild --target=i386-linux -D "dist $dist" -bb $x11 op.spec
27 | mv $home/rpmbuild/RPMS/*/op-$vers-1$dist.*.rpm .
28 | [[ -f $home/rpmbuild/RPMS/i386/op-$vers-1.i386.rpm ]] &&
29 | mv $home/rpmbuild/RPMS/i386/op-$vers-1.i386.rpm op-$vers-1$dist.i386.rpm
30 | scp -p op-$vers-1$dist.*.rpm $rdist
31 | mv op-$vers-1$dist.*.rpm $home/op/packages/
32 |
--------------------------------------------------------------------------------
/Makefile.am:
--------------------------------------------------------------------------------
1 | ACLOCAL_AMFLAGS = -I m4
2 |
3 | bin_PROGRAMS=op
4 | op_SOURCES=defs.h lex.l main.c regexp.c regexp.h util.c \
5 | snprintf.c strlcat.c strlcpy.c yywrap.c rplregex.c rplregex.h
6 | man_MANS=op.1
7 | EXTRA_DIST=op.conf op.conf.complex op.list.in op.pam op.paper op.1 \
8 | op.conf-dist autogen.sh contrib m4
9 | #README
10 |
11 | EXTRA_CPPFLAGS = @EXTRA_CPPFLAGS@
12 | AM_CPPFLAGS = $(EXTRA_CPPFLAGS) $(WARN_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\"
13 |
14 | EXTRA_CFLAGS = @EXTRA_CFLAGS@
15 | AM_CFLAGS = $(EXTRA_CFLAGS)
16 |
17 | EXTRA_LDFLAGS = @EXTRA_LDFLAGS@
18 | AM_LDFLAGS = $(EXTRA_LDFLAGS) $(WARN_LDFLAGS)
19 |
20 | install-exec-local: op.conf-dist
21 | chmod 4755 $(DESTDIR)$(bindir)/op
22 | test -d $(DESTDIR)$(sysconfdir) || \
23 | $(INSTALL) -d -m 755 $(DESTDIR)$(sysconfdir)
24 | test -d $(DESTDIR)$(sysconfdir)/op.d || \
25 | $(INSTALL) -d -m 700 $(DESTDIR)$(sysconfdir)/op.d
26 | $(INSTALL) -m 600 op.conf-dist $(DESTDIR)$(sysconfdir)/op.conf-dist
27 | test -f $(DESTDIR)$(sysconfdir)/op.conf || \
28 | $(INSTALL) -m 600 op.conf-dist $(DESTDIR)$(sysconfdir)/op.conf
29 |
30 | clobber: clean
31 | rm -f lex.c
32 |
33 | cleanall:
34 | rm -rf build
35 | rm -rf contrib/aix??/op/op/build contrib/aix??/op/op/op.template
36 | rm -rf contrib/hpux????/usr
37 | rm -rf contrib/solaris/RATPop contrib/solaris/usr
38 |
39 | clobberall:
40 | rm -rf packages
41 |
--------------------------------------------------------------------------------
/m4/ax_require_defined.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_require_defined.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_REQUIRE_DEFINED(MACRO)
8 | #
9 | # DESCRIPTION
10 | #
11 | # AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
12 | # been defined and thus are available for use. This avoids random issues
13 | # where a macro isn't expanded. Instead the configure script emits a
14 | # non-fatal:
15 | #
16 | # ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
17 | #
18 | # It's like AC_REQUIRE except it doesn't expand the required macro.
19 | #
20 | # Here's an example:
21 | #
22 | # AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
23 | #
24 | # LICENSE
25 | #
26 | # Copyright (c) 2014 Mike Frysinger
27 | #
28 | # Copying and distribution of this file, with or without modification, are
29 | # permitted in any medium without royalty provided the copyright notice
30 | # and this notice are preserved. This file is offered as-is, without any
31 | # warranty.
32 |
33 | #serial 1
34 |
35 | AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
36 | m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
37 | ])dnl AX_REQUIRE_DEFINED
38 |
--------------------------------------------------------------------------------
/contrib/build/mkaix43:
--------------------------------------------------------------------------------
1 | home=$HOME
2 | serv=sv003611
3 | rdist=esxide@recife:/home/ftp/diffusion/exploitation/op/
4 | osrel=$(oslevel | cut -d . -f 1-2)
5 | vers=1.34
6 | dist=$(echo $osrel | tr -d .)
7 | PATH=/usr/sbin:$PATH
8 |
9 | # set -e
10 | cd $home/op
11 | make distclean
12 | mkdir -p build/aix$dist contrib/aix$dist/op/op/build packages
13 | cd $home/op/build/aix$dist
14 | for i in lex.l main.c regexp.c snprintf.c strlcat.c strlcpy.c util.c yywrap.c op.1 op.conf-dist rplregex.c
15 | do ln -fs ../../$i; done; cp -p ../../lex.c lex.c
16 | egrep -q 'in +;' ../../configure &&
17 | perl -pi -e 's/in +;/in .;/' ../../configure
18 | ../../configure --enable-xauth=/usr/bin/X11/xauth
19 | make
20 | sudo make install DESTDIR=$home/op/contrib/aix$dist/op/op/build
21 | sudo rm -f $home/op/contrib/aix$dist/op/op/build/usr/local/etc/op.conf
22 | cd $home/op/contrib/aix$dist/op/op
23 | # echo /usr/local/etc/op.conf preserve > build/.info/ratp.freeware.op.cfgfiles
24 | sed "s|@PWD@|$PWD|" op.tmpl > op.template
25 | sudo mkinstallp -d build -T op.template
26 | #sudo installp -Ld build/tmp/ratp.freeware.op.$vers.$osrel.bff
27 | #sudo installp -ld build/tmp/ratp.freeware.op.$vers.$osrel.bff
28 | scp -p build/tmp/ratp.freeware.op.$vers.$osrel.bff $rdist
29 | cp -p build/tmp/ratp.freeware.op.$vers.$osrel.bff $home/op/packages/
30 | tar cf - -C $home op/packages/ratp.freeware.op.$vers.$osrel.bff | ssh $serv tar xf -
31 |
--------------------------------------------------------------------------------
/contrib/audit/cpplint.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/sh
2 |
3 | cpplargs=
4 | cpplargs="${cpplargs} --extensions=c,h,l"
5 |
6 | filters= sep=
7 |
8 | # category list : cpplint.py --filter=
9 | # ignore next line : // NOLINT(category)
10 |
11 | filters="${filters}${sep}-build/include"; sep=,
12 |
13 | filters="${filters}${sep}-legal/copyright"; sep=,
14 |
15 | filters="${filters}${sep}-readability/braces"; sep=,
16 | filters="${filters}${sep}-readability/casting"; sep=,
17 |
18 | #filters="${filters}${sep}-runtime/int"; sep=,
19 | filters="${filters}${sep}-runtime/threadsafe_fn"; sep=,
20 |
21 | #filters="${filters}${sep}-whitespace/blank_line"; sep=,
22 | filters="${filters}${sep}-whitespace/braces"; sep=,
23 | #filters="${filters}${sep}-whitespace/comma"; sep=,
24 | #filters="${filters}${sep}-whitespace/comments"; sep=,
25 | #filters="${filters}${sep}-whitespace/end_of_line"; sep=,
26 | #filters="${filters}${sep}-whitespace/indent"; sep=,
27 | #filters="${filters}${sep}-whitespace/line_length"; sep=,
28 | #filters="${filters}${sep}-whitespace/newline"; sep=,
29 | #filters="${filters}${sep}-whitespace/operators"; sep=,
30 | #filters="${filters}${sep}-whitespace/parens"; sep=,
31 | #filters="${filters}${sep}-whitespace/semicolon"; sep=,
32 | filters="${filters}${sep}-whitespace/tab"; sep=,
33 |
34 | cpplargs="${cpplargs} --filter=${filters}"
35 |
36 | cpplint.py $cpplargs "$@" 2>&1
37 |
38 | exit
39 |
40 | // cpplheck-suppress
41 | // memlink
42 | // unreadVariale
43 | // ignoredReturnValue
44 | // nullPointer
45 |
--------------------------------------------------------------------------------
/contrib/aix43/README:
--------------------------------------------------------------------------------
1 | this rootsh directory was made for creating a installp package
2 | using the lppbuild tool. Get it from
3 | ftp://aixpdslib.seas.ucla.edu/pub/lppbuild/RISC/4.3/src/lppbuild.2.1.tar.Z
4 |
5 | 1. Set your PATH to /lppbuild-2.1/bin
6 |
7 | 2. Change into the rootsh directory
8 | copy your rootsh binary to
9 | ./rootsh/rootsh/root/usr/bin/COPY_YUR_ROOTSH_BINARY_HERE
10 |
11 | chown bin:bin rootsh/root/usr
12 | chmod 755 rootsh/root/usr
13 | chown bin:bin rootsh/root/usr/bin
14 | chmod 755 rootsh/root/usr/bin
15 | chown bin:bin rootsh/root/usr/bin/rootsh
16 | chmod 500 rootsh/root/usr/bin/rootsh
17 |
18 | 3. Call lppbuild
19 | hopefully you will see this
20 | # lppbuild
21 | LPPBUILD - Processing for rootsh started
22 | found "rootsh" at level 0.2.0.0.
23 | Processing files for rootsh...
24 | Backing up to /home/qx28305/rootsh-0.2/contrib/aix/rootsh/rootsh.bff.
25 | Cluster 51200 bytes (100 blocks).
26 | Volume 1 on /home/qx28305/rootsh-0.2/contrib/aix/rootsh/rootsh.bff
27 | a 102 ./lpp_name
28 | a 0 ./usr
29 | a 0 ./usr/bin
30 | a 64585 ./usr/bin/rootsh
31 | a 0 ./usr/lpp
32 | a 0 ./usr/lpp/rootsh
33 | a 3460 ./usr/lpp/rootsh/liblpp.a
34 | The total size is 68147 bytes.
35 | Backup finished on Thu Jul 15 15:42:42 MSZ 2004; there are 200 blocks on 1 volumes.
36 | LPPBUILD - processing complete
37 | #
38 |
39 | 4. lppbuild created a package rootsh.bff which you can install with
40 | installp -a -d .../rootsh.bff all
41 |
42 |
--------------------------------------------------------------------------------
/contrib/hpux1100/op.psf:
--------------------------------------------------------------------------------
1 | # PSF file for /usr/contrib 1/14/97
2 | #
3 | #
4 | # Useful Commands:
5 | #
6 | # swpackage -p -vv -s /depot/psf_files/op.psf -d /depot/s700_contrib
7 | # swmodify -p -d -vv -s /depot/psf_files/op.psf op @ /depot/s700_contrib
8 | # swremove -p -v -d op,r=yyy @ /depot/s700_contrib
9 | # swinstall -p -v -s /depot/s700_contrib op
10 | #
11 | #
12 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
13 | #
14 | # This section is optional -- delete it if you don't want it.
15 | #
16 | vendor
17 | tag RATP
18 | title "Linux operations at RATP"
19 | #description ""
20 | end
21 | #
22 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
23 | #
24 | # Describe the product below. Search and replace the op. Delete
25 | # what you don't use. Either define filesets by file or by whole directory.
26 | #
27 | product
28 | tag OP
29 | title "Controlled privilege escalation (a flexible alternative to sudo)"
30 | description "Controlled privilege escalation (a flexible alternative to sudo)"
31 | revision 1.34
32 | #
33 | architecture S700/S800_HPUX_11
34 | machine_type 9000/[78]*
35 | os_name HP-UX
36 | os_release ?.11.*
37 | os_version *
38 | #
39 | fileset
40 | tag op
41 | title "op executables"
42 | revision 1.34
43 |
44 | file -u 0177 -g root -o root usr/local/etc/op.conf-dist /usr/local/etc/op.conf-dist
45 | file -m 4755 -g bin -o root usr/local/bin/op /usr/local/bin/op
46 | file -u 0333 -g bin -o bin usr/local/share/man/man1/op.1 /usr/local/share/man/man1/op.1
47 | postinstall op.postinstall
48 | postremove op.postremove
49 | end
50 | end
51 |
52 |
--------------------------------------------------------------------------------
/contrib/hpux1111/op.psf:
--------------------------------------------------------------------------------
1 | # PSF file for /usr/contrib 1/14/97
2 | #
3 | #
4 | # Useful Commands:
5 | #
6 | # swpackage -p -vv -s /depot/psf_files/op.psf -d /depot/s700_contrib
7 | # swmodify -p -d -vv -s /depot/psf_files/op.psf op @ /depot/s700_contrib
8 | # swremove -p -v -d op,r=yyy @ /depot/s700_contrib
9 | # swinstall -p -v -s /depot/s700_contrib op
10 | #
11 | #
12 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
13 | #
14 | # This section is optional -- delete it if you don't want it.
15 | #
16 | vendor
17 | tag RATP
18 | title "Linux operations at RATP"
19 | #description ""
20 | end
21 | #
22 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
23 | #
24 | # Describe the product below. Search and replace the op. Delete
25 | # what you don't use. Either define filesets by file or by whole directory.
26 | #
27 | product
28 | tag OP
29 | title "Controlled privilege escalation (a flexible alternative to sudo)"
30 | description "Controlled privilege escalation (a flexible alternative to sudo)"
31 | revision 1.34
32 | #
33 | architecture S700/S800_HPUX_11
34 | machine_type 9000/[78]*
35 | os_name HP-UX
36 | os_release ?.11.*
37 | os_version *
38 | #
39 | fileset
40 | tag op
41 | title "op executables"
42 | revision 1.34
43 |
44 | file -u 0177 -g root -o root usr/local/etc/op.conf-dist /usr/local/etc/op.conf-dist
45 | file -m 4755 -g bin -o root usr/local/bin/op /usr/local/bin/op
46 | file -u 0333 -g bin -o bin usr/local/share/man/man1/op.1 /usr/local/share/man/man1/op.1
47 | postinstall op.postinstall
48 | postremove op.postremove
49 | end
50 | end
51 |
52 |
--------------------------------------------------------------------------------
/strlcpy.c:
--------------------------------------------------------------------------------
1 | /* from openssh 4.3p2 compat/strlcpy.c */
2 | /*
3 | * Copyright (c) 1998 Todd C. Miller
4 | *
5 | * Permission to use, copy, modify, and distribute this software for any
6 | * purpose with or without fee is hereby granted, provided that the above
7 | * copyright notice and this permission notice appear in all copies.
8 | *
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 | */
17 |
18 | /* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
19 |
20 | #include "defs.h"
21 |
22 | #ifndef HAVE_LIBBSD
23 | #ifndef HAVE_STRLCPY
24 |
25 | #include
26 | #include
27 |
28 | /*
29 | * Copy src to string dst of size siz. At most siz-1 characters
30 | * will be copied. Always NUL terminates (unless siz == 0).
31 | * Returns strlen(src); if retval >= siz, truncation occurred.
32 | */
33 | size_t strlcpy(char *dst, const char *src, size_t siz)
34 | {
35 | char *d = dst;
36 | const char *s = src;
37 | size_t n = siz;
38 |
39 | /* Copy as many bytes as will fit */
40 | if (n != 0 && --n != 0) {
41 | do {
42 | if ((*d++ = *s++) == 0)
43 | break;
44 | } while (--n != 0);
45 | }
46 |
47 | /* Not enough room in dst, add NUL and traverse rest of src */
48 | if (n == 0) {
49 | if (siz != 0)
50 | *d = '\0'; /* NUL-terminate dst */
51 | while (*s++) {}
52 | }
53 |
54 | return (size_t) (s - src - 1); /* count does not include NUL */
55 | }
56 |
57 | #endif /* !HAVE_LIBBSD */
58 | #endif /* !HAVE_STRLCPY */
59 |
--------------------------------------------------------------------------------
/atov.c:
--------------------------------------------------------------------------------
1 | /* +-------------------------------------------------------------------+ */
2 | /* | Copyright 1988,1991, David Koblas. | */
3 | /* | Permission to use, copy, modify, and distribute this software | */
4 | /* | and its documentation for any purpose and without fee is hereby | */
5 | /* | granted, provided that the above copyright notice appear in all | */
6 | /* | copies and that both that copyright notice and this permission | */
7 | /* | notice appear in supporting documentation. This software is | */
8 | /* | provided "as is" without express or implied warranty. | */
9 | /* +-------------------------------------------------------------------+ */
10 |
11 | #include
12 | #include
13 |
14 | #ifdef TEST
15 | int
16 | main(argc, argv)
17 | int argc;
18 | char **argv;
19 | {
20 | int i;
21 | for (i = 1; i < argc; i++)
22 | printf("%10s == %d\n", argv[i], atov(argv[i], 0));
23 | }
24 | #endif
25 |
26 | int
27 | atov(char *str, int type)
28 | {
29 | int sign = 1;
30 | int i;
31 | char c;
32 | int val = 0, n;
33 |
34 | i = 0;
35 | while ((str[i] == ' ') || (str[i] == '\t'))
36 | i++;
37 | if (str[i] == '-') {
38 | sign = -1;
39 | i++;
40 | } else if (str[i] == '+') {
41 | sign = 1;
42 | i++;
43 | }
44 | if (type == 0) {
45 | if (str[i] == '0') {
46 | i++;
47 | if (str[i] == '%') {
48 | i++;
49 | type = 2;
50 | } else if (str[i] == 'x') {
51 | i++;
52 | type = 16;
53 | } else {
54 | type = 8;
55 | }
56 | } else {
57 | type = 10;
58 | }
59 | }
60 | // Flawfinder: ignore (strlen)
61 | for (; i < strlen(str); i++) {
62 | c = str[i];
63 | if (isdigit(c)) {
64 | n = c - '0';
65 | } else if (isupper(c)) {
66 | n = c - 'A' + 10;
67 | } else if (islower(c)) {
68 | n = c - 'a' + 10;
69 | } else {
70 | goto out;
71 | }
72 | if (n >= type)
73 | goto out;
74 | val = (val * type) + n;
75 | }
76 | out:
77 | return (val * sign);
78 | }
79 |
--------------------------------------------------------------------------------
/m4/ax_compiler_flags_gir.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_compiler_flags_gir.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_COMPILER_FLAGS_GIR([VARIABLE], [IS-RELEASE], [EXTRA-BASE-FLAGS], [EXTRA-YES-FLAGS])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Add warning flags for the g-ir-scanner (from GObject Introspection) to
12 | # VARIABLE, which defaults to WARN_SCANNERFLAGS. VARIABLE is AC_SUBST-ed
13 | # by this macro, but must be manually added to the SCANNERFLAGS variable
14 | # for each GIR target in the code base.
15 | #
16 | # This macro depends on the environment set up by AX_COMPILER_FLAGS.
17 | # Specifically, it uses the value of $ax_enable_compile_warnings to decide
18 | # which flags to enable.
19 | #
20 | # LICENSE
21 | #
22 | # Copyright (c) 2015 Philip Withnall
23 | #
24 | # Copying and distribution of this file, with or without modification, are
25 | # permitted in any medium without royalty provided the copyright notice
26 | # and this notice are preserved. This file is offered as-is, without any
27 | # warranty.
28 |
29 | #serial 4
30 |
31 | AC_DEFUN([AX_COMPILER_FLAGS_GIR],[
32 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
33 |
34 | # Variable names
35 | m4_define(ax_warn_scannerflags_variable,
36 | [m4_normalize(ifelse([$1],,[WARN_SCANNERFLAGS],[$1]))])
37 |
38 | # Base flags
39 | AX_APPEND_FLAG([$3],ax_warn_scannerflags_variable)
40 |
41 | AS_IF([test "$ax_enable_compile_warnings" != "no"],[
42 | # "yes" flags
43 | AX_APPEND_FLAG([ dnl
44 | --warn-all dnl
45 | $4 dnl
46 | $5 dnl
47 | $6 dnl
48 | $7 dnl
49 | ],ax_warn_scannerflags_variable)
50 | ])
51 | AS_IF([test "$ax_enable_compile_warnings" = "error"],[
52 | # "error" flags
53 | AX_APPEND_FLAG([ dnl
54 | --warn-error dnl
55 | ],ax_warn_scannerflags_variable)
56 | ])
57 |
58 | # Substitute the variables
59 | AC_SUBST(ax_warn_scannerflags_variable)
60 | ])dnl AX_COMPILER_FLAGS
61 |
--------------------------------------------------------------------------------
/rplregex.h:
--------------------------------------------------------------------------------
1 | /*
2 | ** Copyright (c) 2016, Cyrille Lefevre .
3 | ** All rights reserved.
4 | **
5 | ** Redistribution and use in source and binary forms, with or without
6 | ** modification, are permitted provided that the following conditions
7 | ** are met:
8 | **
9 | ** 1. Redistributions of source code must retain the above copyright
10 | ** notice, this list of conditions and the following disclaimer.
11 | ** 2. Redistributions in binary form must reproduce the above copyright
12 | ** notice, this list of conditions and the following disclaimer in the
13 | ** documentation and/or other materials provided with the distribution.
14 | **
15 | ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 | ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 | ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 | ** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
19 | ** BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
20 | ** OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
21 | ** OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
22 | ** BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 | ** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24 | ** OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
25 | ** EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 | **/
27 |
28 | #ifndef _RPLREGEX_H_
29 | #define _RPLREGEX_H_
30 |
31 | #ifdef HAVE_REGEX
32 | #include
33 | #define REGEXP_T regexp_t
34 | typedef struct {
35 | regex_t preg;
36 | int cflags;
37 | const char *string;
38 | regmatch_t *pmatch;
39 | } regexp_t;
40 | #else
41 | #include "regexp.h"
42 | #define REGEXP_T regexp
43 | #ifndef REG_NOMATCH
44 | #define REG_NOMATCH 1
45 | #endif
46 | #ifndef REG_ESUBREG
47 | #define REG_ESUBREG 6
48 | #endif
49 | #ifndef REG_ESPACE
50 | #define REG_ESPACE 12
51 | #endif
52 | #endif
53 |
54 | void rpl_regfree(REGEXP_T **_prog);
55 | int rpl_regcomp(REGEXP_T **_prog, const char *regex, int cflags);
56 | int rpl_regexec(REGEXP_T * const *_prog, const char *string);
57 | int rpl_regsub(REGEXP_T * const *_prog, const char *source, char *dest, size_t size);
58 | char *rpl_regerror(int error, REGEXP_T * const *_prog);
59 |
60 | #endif /* !_RPLREGEX_H_ */
61 |
--------------------------------------------------------------------------------
/strlcat.c:
--------------------------------------------------------------------------------
1 | /* compat/strlcat.c */
2 |
3 | /*-
4 | * Copyright (c) 1998 Todd C. Miller
5 | * All rights reserved.
6 | *
7 | * Redistribution and use in source and binary forms, with or without
8 | * modification, are permitted provided that the following conditions
9 | * are met:
10 | * 1. Redistributions of source code must retain the above copyright
11 | * notice, this list of conditions and the following disclaimer.
12 | * 2. Redistributions in binary form must reproduce the above copyright
13 | * notice, this list of conditions and the following disclaimer in the
14 | * documentation and/or other materials provided with the distribution.
15 | * 3. The name of the author may not be used to endorse or promote products
16 | * derived from this software without specific prior written permission.
17 | *
18 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20 | * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 | * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
23 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
24 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
25 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
26 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | /* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
31 |
32 | #include "defs.h"
33 |
34 | #ifndef HAVE_LIBBSD
35 | #ifndef HAVE_STRLCAT
36 |
37 | #include
38 | #include
39 |
40 | /*
41 | * Appends src to string dst of size siz (unlike strncat, siz is the
42 | * full size of dst, not space left). At most siz-1 characters
43 | * will be copied. Always NUL terminates (unless siz <= strlen(dst)).
44 | * Returns strlen(src) + MIN(siz, strlen(initial dst)).
45 | * If retval >= siz, truncation occurred.
46 | */
47 | size_t strlcat(char *dst, const char *src, size_t siz)
48 | {
49 | char *d = dst;
50 | const char *s = src;
51 | size_t n = siz;
52 | size_t dlen;
53 |
54 | /* Find the end of dst and adjust bytes left but don't go past end */
55 | while (n-- != 0 && *d != '\0')
56 | d++;
57 | dlen = (size_t) (d - dst);
58 | n = (size_t) (siz - dlen);
59 |
60 | if (n == 0)
61 | /* Flawfinder: ignore (strlen) */
62 | return (dlen + strlen(s));
63 | while (*s != '\0') {
64 | if (n != 1) {
65 | *d++ = *s;
66 | n--;
67 | }
68 | s++;
69 | }
70 | *d = '\0';
71 |
72 | return (dlen + (size_t) (s - src)); /* count does not include NUL */
73 | }
74 |
75 | #endif /* !HAVE_LIBBSD */
76 | #endif /* !HAVE_STRLCAT */
77 |
--------------------------------------------------------------------------------
/m4/ax_is_release.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_is_release.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_IS_RELEASE(POLICY)
8 | #
9 | # DESCRIPTION
10 | #
11 | # Determine whether the code is being configured as a release, or from
12 | # git. Set the ax_is_release variable to 'yes' or 'no'.
13 | #
14 | # If building a release version, it is recommended that the configure
15 | # script disable compiler errors and debug features, by conditionalising
16 | # them on the ax_is_release variable. If building from git, these
17 | # features should be enabled.
18 | #
19 | # The POLICY parameter specifies how ax_is_release is determined. It can
20 | # take the following values:
21 | #
22 | # * git-directory: ax_is_release will be 'no' if a '.git' directory exists
23 | # * minor-version: ax_is_release will be 'no' if the minor version number
24 | # in $PACKAGE_VERSION is odd; this assumes
25 | # $PACKAGE_VERSION follows the 'major.minor.micro' scheme
26 | # * micro-version: ax_is_release will be 'no' if the micro version number
27 | # in $PACKAGE_VERSION is odd; this assumes
28 | # $PACKAGE_VERSION follows the 'major.minor.micro' scheme
29 | # * always: ax_is_release will always be 'yes'
30 | # * never: ax_is_release will always be 'no'
31 | #
32 | # Other policies may be added in future.
33 | #
34 | # LICENSE
35 | #
36 | # Copyright (c) 2015 Philip Withnall
37 | #
38 | # Copying and distribution of this file, with or without modification, are
39 | # permitted in any medium without royalty provided the copyright notice
40 | # and this notice are preserved.
41 |
42 | #serial 3
43 |
44 | AC_DEFUN([AX_IS_RELEASE],[
45 | AC_BEFORE([AC_INIT],[$0])
46 |
47 | m4_case([$1],
48 | [git-directory],[
49 | # $is_release = (.git directory does not exist)
50 | AS_IF([test -d .git],[ax_is_release=no],[ax_is_release=yes])
51 | ],
52 | [minor-version],[
53 | # $is_release = ($minor_version is even)
54 | minor_version=`echo "$PACKAGE_VERSION" | sed 's/[[^.]][[^.]]*.\([[^.]][[^.]]*\).*/\1/'`
55 | AS_IF([test "$(( $minor_version % 2 ))" -ne 0],
56 | [ax_is_release=no],[ax_is_release=yes])
57 | ],
58 | [micro-version],[
59 | # $is_release = ($micro_version is even)
60 | micro_version=`echo "$PACKAGE_VERSION" | sed 's/[[^.]]*\.[[^.]]*\.\([[^.]]*\).*/\1/'`
61 | AS_IF([test "$(( $micro_version % 2 ))" -ne 0],
62 | [ax_is_release=no],[ax_is_release=yes])
63 | ],
64 | [always],[ax_is_release=yes],
65 | [never],[ax_is_release=no],
66 | [
67 | AC_MSG_ERROR([Invalid policy. Valid policies: git-directory, minor-version.])
68 | ])
69 | ])
70 |
--------------------------------------------------------------------------------
/op.conf.complex:
--------------------------------------------------------------------------------
1 | # Host definitions
2 | SWAPOFF_ORG=(blink|iris|seraph|cavern)
3 | FAILOVER_ORG=(thoth|ash|oak|widow)
4 | SELLICK_ID_AU=(beholder|kraken)
5 | ASN=(SWAPOFF_ORG|FAILOVER_ORG|SELLICK_ID_AU)
6 |
7 | # User definitions
8 | SWAPOFF_ORG_USERS=(athomas)
9 | SELLICK_ID_AU_USERS=(psellick)
10 | FAILOVER_ORG_USERS=(dcooper)
11 | ASN_USERS=(SWAPOFF_ORG_USERS|SELLICK_ID_AU_USERS|FAILOVER_ORG_USERS)
12 |
13 | # ACL definitions
14 | FAILOVER_ORG_ACL=FAILOVER_ORG_USERS@FAILOVER_ORG
15 | SWAPOFF_ORG_ACL=SWAPOFF_ORG_USERS@SWAPOFF_ORG
16 | SELLICK_ID_AU_ACL=SELLICK_ID_AU_USERS@SELLICK_ID_AU
17 | ASN_ACL=root|FAILOVER_ORG_ACL|SWAPOFF_ORG_ACL|SELLICK_ID_AU_ACL
18 |
19 | # Group definitions
20 | ASN_GROUPS=asn
21 |
22 | # Actions requiring authentication
23 | shell /bin/su -; users=ASN_ACL environment password
24 | sh /bin/su -; users=ASN_ACL environment password
25 | vi /usr/bin/vi $*; users=ASN_ACL password
26 | reboot /sbin/reboot; users=ASN_ACL environment password
27 |
28 | # Password-less commands
29 | shutdown /sbin/shutdown -h $1; users=ASN_ACL environment
30 | $1=now|[0-1]?[0-9]:[0-9][0-9]|2[0-3]:[0-5][0-9]|\+[0-9]+
31 | ethereal /usr/bin/ethereal $*; users=ASN_ACL environment
32 | nomad /usr/bin/nomad $*; users=ASN_ACL environment
33 | tcpdump /usr/sbin/tcpdump $*; users=ASN_ACL environment
34 | nmap /usr/bin/nmap $*; users=ASN_ACL environment
35 | updatedb /usr/bin/updatedb; users=ASN_ACL environment
36 | makewhatis /bin/sh -c '
37 | /usr/sbin/makewhatis &
38 | echo makewhatis running in the background
39 | ';
40 | users=ASN_ACL environment
41 | cdrom /sbin/mount /mnt/cdrom; users=ASN_ACL
42 | eject /usr/bin/eject; users=ASN_ACL
43 | nmap /usr/bin/nmap $*; users=ASN_ACL environment
44 | grip /bin/sh -c '/usr/bin/nice -n 19 /usr/bin/grip &';
45 | users=ASN_ACL
46 | user=athomas
47 | group=audio
48 | umask=007
49 | environment
50 |
51 | # Cavern local commands
52 | gtkam /usr/bin/gtkam; users=athomas environment $DISPLAY $GTKRC=/home/athomas/.gtkrc
53 | drip /usr/bin/drip; users=athomas environment $DISPLAY $GTKRC=/home/athomas/.gtkrc
54 | evms /bin/sh -c 'PATH=/sbin:/usr/sbin:$PATH /sbin/evmsgui &'; users=athomas environment $DISPLAY $GTKRC=/home/athomas/.gtkrc
55 | xine /usr/bin/xine; users=athomas environment $DISPLAY
56 |
57 | # An example of how to use
58 | mount /bin/sh -c '
59 | case $1 in
60 | cdrom) /bin/mount /mnt/cdrom ;;
61 | dvd) /bin/mount -o ro /dev/dvd /mnt/dvd ;;
62 | burner) /bin/mount -o ro /dev/burner /mnt/burner ;;
63 | *) echo "op: you do not have permission to mount \'$1\'" ;;
64 | esac
65 | ';
66 | users=athomas environment
67 |
68 | apache /usr/sbin/apachectl $1;
69 | users=athomas
70 | environment
71 | $1=start|stop|restart
72 |
73 | umount /bin/sh -c '
74 | case $1 in
75 | cdrom) /bin/umount /mnt/cdrom ;;
76 | dvd) /bin/umount /mnt/dvd ;;
77 | burner) /bin/umount /mnt/burner ;;
78 | *) echo "op: you do not have permission to unmount \'$1\'" ;;
79 | esac
80 | ';
81 | users=athomas environment
82 |
83 | tail /usr/bin/tail -f $1; users=athomas
84 |
--------------------------------------------------------------------------------
/m4/ax_append_flag.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
8 | #
9 | # DESCRIPTION
10 | #
11 | # FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
12 | # added in between.
13 | #
14 | # If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
15 | # CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
16 | # FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
17 | # FLAG.
18 | #
19 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
20 | #
21 | # LICENSE
22 | #
23 | # Copyright (c) 2008 Guido U. Draheim
24 | # Copyright (c) 2011 Maarten Bosmans
25 | #
26 | # This program is free software: you can redistribute it and/or modify it
27 | # under the terms of the GNU General Public License as published by the
28 | # Free Software Foundation, either version 3 of the License, or (at your
29 | # option) any later version.
30 | #
31 | # This program is distributed in the hope that it will be useful, but
32 | # WITHOUT ANY WARRANTY; without even the implied warranty of
33 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
34 | # Public License for more details.
35 | #
36 | # You should have received a copy of the GNU General Public License along
37 | # with this program. If not, see .
38 | #
39 | # As a special exception, the respective Autoconf Macro's copyright owner
40 | # gives unlimited permission to copy, distribute and modify the configure
41 | # scripts that are the output of Autoconf when processing the Macro. You
42 | # need not follow the terms of the GNU General Public License when using
43 | # or distributing such scripts, even though portions of the text of the
44 | # Macro appear in them. The GNU General Public License (GPL) does govern
45 | # all other use of the material that constitutes the Autoconf Macro.
46 | #
47 | # This special exception to the GPL applies to versions of the Autoconf
48 | # Macro released by the Autoconf Archive. When you make and distribute a
49 | # modified version of the Autoconf Macro, you may extend this special
50 | # exception to the GPL to apply to your modified version as well.
51 |
52 | #serial 6
53 |
54 | AC_DEFUN([AX_APPEND_FLAG],
55 | [dnl
56 | AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
57 | AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
58 | AS_VAR_SET_IF(FLAGS,[
59 | AS_CASE([" AS_VAR_GET(FLAGS) "],
60 | [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
61 | [
62 | AS_VAR_APPEND(FLAGS,[" $1"])
63 | AC_RUN_LOG([: FLAGS="$FLAGS"])
64 | ])
65 | ],
66 | [
67 | AS_VAR_SET(FLAGS,[$1])
68 | AC_RUN_LOG([: FLAGS="$FLAGS"])
69 | ])
70 | AS_VAR_POPDEF([FLAGS])dnl
71 | ])dnl AX_APPEND_FLAG
72 |
--------------------------------------------------------------------------------
/m4/ax_compiler_flags_ldflags.m4:
--------------------------------------------------------------------------------
1 | # =============================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_compiler_flags_ldflags.html
3 | # =============================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_COMPILER_FLAGS_LDFLAGS([VARIABLE], [IS-RELEASE], [EXTRA-BASE-FLAGS], [EXTRA-YES-FLAGS])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Add warning flags for the linker to VARIABLE, which defaults to
12 | # WARN_LDFLAGS. VARIABLE is AC_SUBST-ed by this macro, but must be
13 | # manually added to the LDFLAGS variable for each target in the code base.
14 | #
15 | # This macro depends on the environment set up by AX_COMPILER_FLAGS.
16 | # Specifically, it uses the value of $ax_enable_compile_warnings to decide
17 | # which flags to enable.
18 | #
19 | # LICENSE
20 | #
21 | # Copyright (c) 2014, 2015 Philip Withnall
22 | #
23 | # Copying and distribution of this file, with or without modification, are
24 | # permitted in any medium without royalty provided the copyright notice
25 | # and this notice are preserved. This file is offered as-is, without any
26 | # warranty.
27 |
28 | #serial 5
29 |
30 | AC_DEFUN([AX_COMPILER_FLAGS_LDFLAGS],[
31 | AX_REQUIRE_DEFINED([AX_APPEND_LINK_FLAGS])
32 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
33 | AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
34 |
35 | # Variable names
36 | m4_define(ax_warn_ldflags_variable,
37 | [m4_normalize(ifelse([$1],,[WARN_LDFLAGS],[$1]))])
38 |
39 | # Always pass -Werror=unknown-warning-option to get Clang to fail on bad
40 | # flags, otherwise they are always appended to the warn_ldflags variable,
41 | # and Clang warns on them for every compilation unit.
42 | # If this is passed to GCC, it will explode, so the flag must be enabled
43 | # conditionally.
44 | AX_CHECK_COMPILE_FLAG([-Werror=unknown-warning-option],[
45 | ax_compiler_flags_test="-Werror=unknown-warning-option"
46 | ],[
47 | ax_compiler_flags_test=""
48 | ])
49 |
50 | # Base flags
51 | AX_APPEND_LINK_FLAGS([ dnl
52 | -Wl,--no-as-needed dnl
53 | $3 dnl
54 | ],ax_warn_ldflags_variable,[$ax_compiler_flags_test])
55 |
56 | AS_IF([test "$ax_enable_compile_warnings" != "no"],[
57 | # "yes" flags
58 | AX_APPEND_LINK_FLAGS([$4 $5 $6 $7],
59 | ax_warn_ldflags_variable,
60 | [$ax_compiler_flags_test])
61 | ])
62 | AS_IF([test "$ax_enable_compile_warnings" = "error"],[
63 | # "error" flags; -Werror has to be appended unconditionally because
64 | # it's not possible to test for
65 | #
66 | # suggest-attribute=format is disabled because it gives too many false
67 | # positives
68 | AX_APPEND_LINK_FLAGS([ dnl
69 | -Wl,--fatal-warnings dnl
70 | ],ax_warn_ldflags_variable,[$ax_compiler_flags_test])
71 | ])
72 |
73 | # Substitute the variables
74 | AC_SUBST(ax_warn_ldflags_variable)
75 | ])dnl AX_COMPILER_FLAGS
76 |
--------------------------------------------------------------------------------
/op.conf-dist:
--------------------------------------------------------------------------------
1 | #
2 | # A simple example config for op(1). See the man page for more information or
3 | # op.conf.complex for a complex multi-user/multi-system configuration.
4 | #
5 | # Syntaxe:
6 | # VAR=value
7 | # DEFAULT option...
8 | # mnemonic command [arg...] ; [option...]
9 | #
10 | # command : path | MAGIC_SHELL
11 | # arg : literal | $1..$n $*
12 | # option:
13 | # uid=user (root) gid=group dir=dir chroot=dir umask=0### (022)
14 | # groups=group|... users=user|... fowners=user:group fperms=0###
15 | # password environment nolog xauth[=user] help="..."
16 | # $VAR $VAR=... $1..$n $*
17 |
18 | # login : $SHELL $TERM $HOME $LOGNAME $PATH $MAIL
19 | # su : $SHELL $TERM $DISPLAY $XAUTHORITY $HOME $USER $LOGNAME $PATH
20 | # sudo -i : $DISPLAY $PATH $TERM $HOME $MAIL $SHELL $HOME $LOGNAME
21 |
22 | ## List of privileged users
23 |
24 | GRP_PRIVALL=root|wheel|expl|keypriv
25 |
26 | DEFAULT $COLORS $DISPLAY $HOSTNAME $HISTSIZE $INPUTRC $KDEDIR $LS_COLORS
27 | $MAIL $PS1 $PS2 $QTDIR $USERNAME $LANG $LC_ADDRESS $LC_CTYPE
28 | $LC_COLLATE $LC_IDENTIFICATION $LC_MEASUREMENT $LC_MESSAGES
29 | $LC_MONETARY $LC_NAME $LC_NUMERIC $LC_PAPER $LC_TELEPHONE
30 | $LC_TIME $LC_ALL $LANGUAGE $LINGUAS $_XKB_CHARSET $TERM $XAUTHORITY
31 |
32 | ## List of privileged commands
33 |
34 | id /usr/bin/id $*;
35 | groups=GRP_PRIVALL
36 | help="id"
37 |
38 | env /bin/env $*;
39 | groups=GRP_PRIVALL
40 | environment
41 | help="env [arg...] + env"
42 |
43 | magic MAGIC_SHELL;
44 | groups=GRP_PRIVALL
45 | environment
46 | help="magic command [arg...] + env"
47 |
48 | sh /bin/sh $*;
49 | groups=GRP_PRIVALL
50 | environment
51 | help="sh [arg...] + env"
52 |
53 | -- /bin/su -;
54 | groups=GRP_PRIVALL
55 | $TERM $DISPLAY
56 | help="su -"
57 |
58 | - /bin/sh -c '
59 | while [ -n "${DISPLAY}" -a -z "${XAUTHORITY}" ]; do
60 | found=0
61 | for xauth in /usr/bin/xauth /usr/bin/X11/xauth /usr/openwin/bin/xauth; do
62 | [ -x ${xauth} ] && found=1 && break
63 | done
64 | [ ${found} = 0 ] && break
65 | home=$(eval echo ~$(id -un))
66 | if [ -f /stand/vmunix ]; then
67 | export XAUTHORITY=$(mktemp -c -d "${home}" -p .xauth)
68 | elif [ -f /proc/version ]; then
69 | export XAUTHORITY=$(mktemp -t -p "${home}" .xauthXXXXXX)
70 | fi
71 | until [ -f "${XAUTHORITY}" ]; do
72 | XAUTHORITY=${home}/.xauth$(awk \'BEGIN{srand();printf "%06.6i", int(rand()*1000000)}\' /dev/null)
73 | touch "${XAUTHORITY}.$$" 2> /dev/null || break; break=
74 | ln "${XAUTHORITY}.$$" "${XAUTHORITY}" 2> /dev/null && break=
75 | rm -f "${XAUTHORITY}.$$"; $break
76 | done
77 | [ ! -f "${XAUTHORITY}" ] && unset XAUTHORITY && break
78 | ((sleep 5; rm -f "${XAUTHORITY}") &)
79 | eval ${xauth} -f ~${USER}/.Xauthority extract - :${DISPLAY#*:} |
80 | ${xauth} merge -; break
81 | done
82 | [ -z "${XAUTHORITY}" ] && unset DISPLAY
83 | exec /bin/su -';
84 | groups=GRP_PRIVALL
85 | $TERM $DISPLAY
86 | help="su -"
87 |
88 | su /bin/su $*;
89 | help="su [arg...] + env"
90 | groups=GRP_PRIVALL
91 | environment
92 |
93 | op /bin/su $*;
94 | groups=GRP_PRIVALL
95 | $TERM $DISPLAY $USER=root $LOGNAME=root
96 | help="su [arg...] - env"
97 |
98 |
--------------------------------------------------------------------------------
/m4/ax_append_link_flags.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
8 | #
9 | # DESCRIPTION
10 | #
11 | # For every FLAG1, FLAG2 it is checked whether the linker works with the
12 | # flag. If it does, the flag is added FLAGS-VARIABLE
13 | #
14 | # If FLAGS-VARIABLE is not specified, the linker's flags (LDFLAGS) is
15 | # used. During the check the flag is always added to the linker's flags.
16 | #
17 | # If EXTRA-FLAGS is defined, it is added to the linker's default flags
18 | # when the check is done. The check is thus made with the flags: "LDFLAGS
19 | # EXTRA-FLAGS FLAG". This can for example be used to force the linker to
20 | # issue an error when a bad flag is given.
21 | #
22 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE.
23 | #
24 | # NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG.
25 | # Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS.
26 | #
27 | # LICENSE
28 | #
29 | # Copyright (c) 2011 Maarten Bosmans
30 | #
31 | # This program is free software: you can redistribute it and/or modify it
32 | # under the terms of the GNU General Public License as published by the
33 | # Free Software Foundation, either version 3 of the License, or (at your
34 | # option) any later version.
35 | #
36 | # This program is distributed in the hope that it will be useful, but
37 | # WITHOUT ANY WARRANTY; without even the implied warranty of
38 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
39 | # Public License for more details.
40 | #
41 | # You should have received a copy of the GNU General Public License along
42 | # with this program. If not, see .
43 | #
44 | # As a special exception, the respective Autoconf Macro's copyright owner
45 | # gives unlimited permission to copy, distribute and modify the configure
46 | # scripts that are the output of Autoconf when processing the Macro. You
47 | # need not follow the terms of the GNU General Public License when using
48 | # or distributing such scripts, even though portions of the text of the
49 | # Macro appear in them. The GNU General Public License (GPL) does govern
50 | # all other use of the material that constitutes the Autoconf Macro.
51 | #
52 | # This special exception to the GPL applies to versions of the Autoconf
53 | # Macro released by the Autoconf Archive. When you make and distribute a
54 | # modified version of the Autoconf Macro, you may extend this special
55 | # exception to the GPL to apply to your modified version as well.
56 |
57 | #serial 5
58 |
59 | AC_DEFUN([AX_APPEND_LINK_FLAGS],
60 | [AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
61 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
62 | for flag in $1; do
63 | AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3], [$4])
64 | done
65 | ])dnl AX_APPEND_LINK_FLAGS
66 |
--------------------------------------------------------------------------------
/m4/ax_append_compile_flags.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
8 | #
9 | # DESCRIPTION
10 | #
11 | # For every FLAG1, FLAG2 it is checked whether the compiler works with the
12 | # flag. If it does, the flag is added FLAGS-VARIABLE
13 | #
14 | # If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
15 | # CFLAGS) is used. During the check the flag is always added to the
16 | # current language's flags.
17 | #
18 | # If EXTRA-FLAGS is defined, it is added to the current language's default
19 | # flags (e.g. CFLAGS) when the check is done. The check is thus made with
20 | # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
21 | # force the compiler to issue an error when a bad flag is given.
22 | #
23 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE.
24 | #
25 | # NOTE: This macro depends on the AX_APPEND_FLAG and
26 | # AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
27 | # AX_APPEND_LINK_FLAGS.
28 | #
29 | # LICENSE
30 | #
31 | # Copyright (c) 2011 Maarten Bosmans
32 | #
33 | # This program is free software: you can redistribute it and/or modify it
34 | # under the terms of the GNU General Public License as published by the
35 | # Free Software Foundation, either version 3 of the License, or (at your
36 | # option) any later version.
37 | #
38 | # This program is distributed in the hope that it will be useful, but
39 | # WITHOUT ANY WARRANTY; without even the implied warranty of
40 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
41 | # Public License for more details.
42 | #
43 | # You should have received a copy of the GNU General Public License along
44 | # with this program. If not, see .
45 | #
46 | # As a special exception, the respective Autoconf Macro's copyright owner
47 | # gives unlimited permission to copy, distribute and modify the configure
48 | # scripts that are the output of Autoconf when processing the Macro. You
49 | # need not follow the terms of the GNU General Public License when using
50 | # or distributing such scripts, even though portions of the text of the
51 | # Macro appear in them. The GNU General Public License (GPL) does govern
52 | # all other use of the material that constitutes the Autoconf Macro.
53 | #
54 | # This special exception to the GPL applies to versions of the Autoconf
55 | # Macro released by the Autoconf Archive. When you make and distribute a
56 | # modified version of the Autoconf Macro, you may extend this special
57 | # exception to the GPL to apply to your modified version as well.
58 |
59 | #serial 5
60 |
61 | AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
62 | [AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
63 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
64 | for flag in $1; do
65 | AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4])
66 | done
67 | ])dnl AX_APPEND_COMPILE_FLAGS
68 |
--------------------------------------------------------------------------------
/contrib/linux/op.spec:
--------------------------------------------------------------------------------
1 | # Upstream: Corey Henderson
2 |
3 | %define _with_pam 1
4 | #define _with_shadow 1
5 | %define _with_xauth 1
6 | #define _with_x11 1
7 |
8 | Summary: Controlled privilege escalation (a flexible alternative to sudo)
9 | Name: op
10 | Version: 1.34
11 | Release: 1%{?dist}
12 | License: GPL
13 | Group: System Environment/Base
14 | URL: https://github.com/dagwieers/op/
15 | Packager: Alec Thomas
16 | #Source: https://github.com/dagwieers/op/archive/%{version}.tar.gz
17 | Source: file:///../../op-%{version}.tar.gz
18 | NoSource: 0
19 |
20 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
21 |
22 | %description
23 | Op is a tool for allowing users to run root privileged commands
24 | without the root password.
25 |
26 | # ----------------------------------------------------------------------
27 | %prep
28 | %setup
29 |
30 | # ----------------------------------------------------------------------
31 | %build
32 | %configure --target=%{_target} \
33 | %{?_with_pam:--with-pam} %{?_with_shadow:--with-shadow} \
34 | %{?_with_xauth:--enable-xauth=/usr/bin%{?_with_x11:/X11}/xauth}
35 | %{__make} %{?_smp_mflags}
36 |
37 | # ----------------------------------------------------------------------
38 | %install
39 | %{__rm} -rf %{buildroot} # RHEL5
40 | %{__make} install DESTDIR=%{?buildroot}
41 | #%{__install} -p -d -m 700 %{buildroot}%{_sysconfdir}/op.d/
42 | %{__install} -p -d %{buildroot}%{_sysconfdir}/pam.d/
43 | #%{__install} -p -m 600 op.conf-dist %{buildroot}%{_sysconfdir}/op.conf
44 | cat << EOF > %{buildroot}%{_sysconfdir}/pam.d/op
45 | #%PAM-1.0
46 | #
47 | #auth sufficient pam_rootok.so
48 | # Uncomment the following line to implicitly trust users in the "wheel" group.
49 | #auth sufficient pam_wheel.so trust use_uid
50 | # Uncomment the following line to require a user to be in the "wheel" group.
51 | #auth required pam_wheel.so use_uid
52 | #
53 | auth include system-auth
54 | #
55 | account sufficient pam_succeed_if.so uid = 0 use_uid quiet
56 | #
57 | #
58 | account include system-auth
59 | password include system-auth
60 | #session required pam_limits.so
61 | #
62 | #
63 | #session optional pam_xauth.so
64 | #
65 | EOF
66 |
67 | %clean
68 | %{__rm} -rf %{buildroot}
69 |
70 | #%pre
71 | #%pre_control op
72 | #%pre_control op.conf
73 |
74 | %post
75 | # /etc/op.d
76 | case %{_sysconfdir}/op.d/* in */\*) ;; *)
77 | chown root:root %{_sysconfdir}/op.d/* || : set -e
78 | chmod 600 %{_sysconfdir}/op.d/* || : set -e
79 | esac
80 | #%post_control -s wheelonly op
81 | #%post_control -s strict op.conf
82 |
83 | # ----------------------------------------------------------------------
84 | %files
85 | # %defattr(-, root, root, -)
86 | %dir %{_sysconfdir}/pam.d
87 | %config(noreplace) %{_sysconfdir}/pam.d/op
88 | # %caps(cap_linux_immutable)
89 | %attr(600,root,root) %{_sysconfdir}/op.conf-dist
90 | %attr(600,root,root) %config(noreplace) %{_sysconfdir}/op.conf
91 | %attr(700, root, root) %dir %{_sysconfdir}/op.d
92 | %attr(4511, root, root) %{_bindir}/op
93 | %{_mandir}/man1/op.1*
94 | %doc AUTHORS ChangeLog COPYING INSTALL README
95 | %doc op.conf.complex
96 |
97 | %changelog
98 | * Fri Jun 5 2012 Alec Thomas - 1.34
99 | - Initial package.
100 |
--------------------------------------------------------------------------------
/contrib/aix52/op.spec:
--------------------------------------------------------------------------------
1 | # Upstream: Corey Henderson
2 |
3 | %define _with_pam 1
4 | %define _with_shadow 0
5 | %define _with_xauth 1
6 | %define _with_x11 1
7 |
8 | Summary: Controlled privilege escalation (a flexible alternative to sudo)
9 | Name: op
10 | Version: 1.34
11 | Release: 1%{?dist}
12 | License: GPL
13 | Group: System Environment/Base
14 | URL: https://github.com/dagwieers/op/
15 | Packager: Alec Thomas
16 | #Source: https://github.com/dagwieers/op/archive/%{version}.tar.gz
17 | Source: file:///../../op-%{version}.tar.gz
18 | NoSource: 0
19 |
20 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
21 |
22 | %description
23 | Op is a tool for allowing users to run root privileged commands
24 | without the root password.
25 |
26 | # ----------------------------------------------------------------------
27 | %prep
28 | %setup
29 |
30 | # ----------------------------------------------------------------------
31 | %build
32 | %configure --target=%{_target} \
33 | %{?_with_pam:--with-pam} %{?_with_shadow:--with-shadow} \
34 | %{?_with_xauth:--enable-xauth=/usr/bin%{?_with_x11:/X11}/xauth}
35 | %{__make} %{?_smp_mflags}
36 |
37 | # ----------------------------------------------------------------------
38 | %install
39 | %{__rm} -rf %{buildroot} # RHEL5
40 | %{__make} install DESTDIR=%{?buildroot}
41 | #%{__install} -p -d -m 700 %{buildroot}%{_sysconfdir}/op.d/
42 | %{__install} -p -d %{buildroot}%{_sysconfdir}/pam.d/
43 | #%{__install} -p -m 600 op.conf-dist %{buildroot}%{_sysconfdir}/op.conf
44 | cat << EOF > %{buildroot}%{_sysconfdir}/pam.d/op
45 | #%PAM-1.0
46 | #
47 | #auth sufficient pam_rootok.so
48 | # Uncomment the following line to implicitly trust users in the "wheel" group.
49 | #auth sufficient pam_wheel.so trust use_uid
50 | # Uncomment the following line to require a user to be in the "wheel" group.
51 | #auth required pam_wheel.so use_uid
52 | #
53 | auth include system-auth
54 | #
55 | account sufficient pam_succeed_if.so uid = 0 use_uid quiet
56 | #
57 | #
58 | account include system-auth
59 | password include system-auth
60 | #session required pam_limits.so
61 | #
62 | #
63 | #session optional pam_xauth.so
64 | #
65 | EOF
66 |
67 | %clean
68 | %{__rm} -rf %{buildroot}
69 |
70 | #%pre
71 | #%pre_control op
72 | #%pre_control op.conf
73 |
74 | %post
75 | # /etc/op.d
76 | case %{_sysconfdir}/op.d/* in */\*) ;; *)
77 | chown root:system %{_sysconfdir}/op.d/* || : set -e
78 | chmod 600 %{_sysconfdir}/op.d/* || : set -e
79 | esac
80 | #%post_control -s wheelonly op
81 | #%post_control -s strict op.conf
82 |
83 | # ----------------------------------------------------------------------
84 | %files
85 | # %defattr(-, root, system, -)
86 | %dir %{_sysconfdir}/pam.d
87 | %config(noreplace) %{_sysconfdir}/pam.d/op
88 | # %caps(cap_linux_immutable)
89 | %attr(600,root,system) %{_sysconfdir}/op.conf-dist
90 | %attr(600,root,system) %config(noreplace) %{_sysconfdir}/op.conf
91 | %attr(700, root, system) %dir %{_sysconfdir}/op.d
92 | %attr(4511, root, system) %{_bindir}/op
93 | %{_mandir}/man1/op.1*
94 | %doc AUTHORS ChangeLog COPYING INSTALL README
95 | %doc op.conf.complex
96 |
97 | %changelog
98 | * Fri Jun 5 2012 Alec Thomas - 1.34
99 | - Initial package.
100 |
--------------------------------------------------------------------------------
/m4/ax_check_link_flag.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Check whether the given FLAG works with the linker or gives an error.
12 | # (Warnings, however, are ignored)
13 | #
14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
15 | # success/failure.
16 | #
17 | # If EXTRA-FLAGS is defined, it is added to the linker's default flags
18 | # when the check is done. The check is thus made with the flags: "LDFLAGS
19 | # EXTRA-FLAGS FLAG". This can for example be used to force the linker to
20 | # issue an error when a bad flag is given.
21 | #
22 | # INPUT gives an alternative input source to AC_LINK_IFELSE.
23 | #
24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
25 | # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
26 | #
27 | # LICENSE
28 | #
29 | # Copyright (c) 2008 Guido U. Draheim
30 | # Copyright (c) 2011 Maarten Bosmans
31 | #
32 | # This program is free software: you can redistribute it and/or modify it
33 | # under the terms of the GNU General Public License as published by the
34 | # Free Software Foundation, either version 3 of the License, or (at your
35 | # option) any later version.
36 | #
37 | # This program is distributed in the hope that it will be useful, but
38 | # WITHOUT ANY WARRANTY; without even the implied warranty of
39 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
40 | # Public License for more details.
41 | #
42 | # You should have received a copy of the GNU General Public License along
43 | # with this program. If not, see .
44 | #
45 | # As a special exception, the respective Autoconf Macro's copyright owner
46 | # gives unlimited permission to copy, distribute and modify the configure
47 | # scripts that are the output of Autoconf when processing the Macro. You
48 | # need not follow the terms of the GNU General Public License when using
49 | # or distributing such scripts, even though portions of the text of the
50 | # Macro appear in them. The GNU General Public License (GPL) does govern
51 | # all other use of the material that constitutes the Autoconf Macro.
52 | #
53 | # This special exception to the GPL applies to versions of the Autoconf
54 | # Macro released by the Autoconf Archive. When you make and distribute a
55 | # modified version of the Autoconf Macro, you may extend this special
56 | # exception to the GPL to apply to your modified version as well.
57 |
58 | #serial 4
59 |
60 | AC_DEFUN([AX_CHECK_LINK_FLAG],
61 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
62 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
63 | AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
64 | ax_check_save_flags=$LDFLAGS
65 | LDFLAGS="$LDFLAGS $4 $1"
66 | AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
67 | [AS_VAR_SET(CACHEVAR,[yes])],
68 | [AS_VAR_SET(CACHEVAR,[no])])
69 | LDFLAGS=$ax_check_save_flags])
70 | AS_VAR_IF(CACHEVAR,yes,
71 | [m4_default([$2], :)],
72 | [m4_default([$3], :)])
73 | AS_VAR_POPDEF([CACHEVAR])dnl
74 | ])dnl AX_CHECK_LINK_FLAGS
75 |
--------------------------------------------------------------------------------
/util.c:
--------------------------------------------------------------------------------
1 | /* +-------------------------------------------------------------------+ */
2 | /* | Copyright 1991, David Koblas. | */
3 | /* | Permission to use, copy, modify, and distribute this software | */
4 | /* | and its documentation for any purpose and without fee is hereby | */
5 | /* | granted, provided that the above copyright notice appear in all | */
6 | /* | copies and that both that copyright notice and this permission | */
7 | /* | notice appear in supporting documentation. This software is | */
8 | /* | provided "as is" without express or implied warranty. | */
9 | /* +-------------------------------------------------------------------+ */
10 |
11 | #include "defs.h"
12 | #include
13 |
14 | char *
15 | strtolower(char *in)
16 | {
17 | char *i;
18 |
19 | for (i = in; *i; ++i)
20 | *i = tolower(*i);
21 | return in;
22 | }
23 |
24 | array_t *
25 | array_alloc(void)
26 | {
27 | array_t *array = malloc(sizeof(array_t));
28 |
29 | if (!array || !(array->data = malloc(sizeof(void **) * ARRAY_CHUNK)))
30 | fatal(1, "failed to allocate array");
31 | array->capacity = ARRAY_CHUNK;
32 | array->size = 0;
33 | return array;
34 | }
35 |
36 | void
37 | array_free(array_t * array)
38 | {
39 | free(array->data);
40 | free(array);
41 | }
42 |
43 | array_t *
44 | array_free_contents(array_t * array)
45 | {
46 | size_t i;
47 |
48 | for (i = 0; i < array->size; ++i)
49 | free(array->data[i]);
50 | array->size = 0;
51 | return array;
52 | }
53 |
54 | void *
55 | array_push(array_t * array, void *object)
56 | {
57 | if (array->size + 1 >= array->capacity) {
58 | array->capacity += ARRAY_CHUNK;
59 | if (!
60 | (array->data =
61 | realloc(array->data, sizeof(void **) * array->capacity)))
62 | fatal(1, "failed to extend array");
63 | }
64 | return (array->data[array->size++] = object);
65 | }
66 |
67 | void *
68 | array_pop(array_t * array)
69 | {
70 | if (array->size == 0)
71 | return NULL;
72 | return array->data[--array->size];
73 | }
74 |
75 | int
76 | array_extend(array_t * array, size_t capacity)
77 | {
78 | if (capacity < array->capacity)
79 | return 0;
80 | array->capacity = capacity;
81 | array->data = realloc(array->data, sizeof(void **) * array->capacity);
82 | return 1;
83 | }
84 |
85 | #ifdef malloc
86 | #undef malloc
87 | void *
88 | rpl_malloc(size_t n)
89 | {
90 | if (n == 0)
91 | n = 1;
92 | return malloc(n);
93 | }
94 | #endif
95 |
96 | #ifdef realloc
97 | #undef realloc
98 | void *
99 | rpl_realloc(void *ptr, size_t n)
100 | {
101 | if (n == 0)
102 | n = 1;
103 | return realloc(ptr, n);
104 | }
105 | #endif
106 |
107 | /* from man strtol(1) */
108 | /* NOLINTNEXTLINE(runtime/int) */
109 | long
110 | strtolong(const char *str, int base)
111 | {
112 | char *endptr;
113 | /* NOLINTNEXTLINE(runtime/int) */
114 | long val;
115 |
116 | errno = 0; /* To distinguish success/failure after call */
117 | val = strtol(str, &endptr, base); /* base 10 */
118 |
119 | /* Check for various possible errors */
120 |
121 | if ((errno == ERANGE && (val == LONG_MAX || val == LONG_MIN))
122 | || (errno != 0 && val == 0))
123 | fatal(1, "Number out of range");
124 |
125 | if (endptr == str)
126 | fatal(1, "No digits were found");
127 |
128 | if (val < 0)
129 | fatal(1, "Number out of range");
130 |
131 | return val;
132 | }
133 |
--------------------------------------------------------------------------------
/m4/ax_check_compile_flag.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Check whether the given FLAG works with the current language's compiler
12 | # or gives an error. (Warnings, however, are ignored)
13 | #
14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
15 | # success/failure.
16 | #
17 | # If EXTRA-FLAGS is defined, it is added to the current language's default
18 | # flags (e.g. CFLAGS) when the check is done. The check is thus made with
19 | # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
20 | # force the compiler to issue an error when a bad flag is given.
21 | #
22 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE.
23 | #
24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
25 | # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
26 | #
27 | # LICENSE
28 | #
29 | # Copyright (c) 2008 Guido U. Draheim
30 | # Copyright (c) 2011 Maarten Bosmans
31 | #
32 | # This program is free software: you can redistribute it and/or modify it
33 | # under the terms of the GNU General Public License as published by the
34 | # Free Software Foundation, either version 3 of the License, or (at your
35 | # option) any later version.
36 | #
37 | # This program is distributed in the hope that it will be useful, but
38 | # WITHOUT ANY WARRANTY; without even the implied warranty of
39 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
40 | # Public License for more details.
41 | #
42 | # You should have received a copy of the GNU General Public License along
43 | # with this program. If not, see .
44 | #
45 | # As a special exception, the respective Autoconf Macro's copyright owner
46 | # gives unlimited permission to copy, distribute and modify the configure
47 | # scripts that are the output of Autoconf when processing the Macro. You
48 | # need not follow the terms of the GNU General Public License when using
49 | # or distributing such scripts, even though portions of the text of the
50 | # Macro appear in them. The GNU General Public License (GPL) does govern
51 | # all other use of the material that constitutes the Autoconf Macro.
52 | #
53 | # This special exception to the GPL applies to versions of the Autoconf
54 | # Macro released by the Autoconf Archive. When you make and distribute a
55 | # modified version of the Autoconf Macro, you may extend this special
56 | # exception to the GPL to apply to your modified version as well.
57 |
58 | #serial 4
59 |
60 | AC_DEFUN([AX_CHECK_COMPILE_FLAG],
61 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
62 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
63 | AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
64 | ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
65 | _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
66 | AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
67 | [AS_VAR_SET(CACHEVAR,[yes])],
68 | [AS_VAR_SET(CACHEVAR,[no])])
69 | _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
70 | AS_VAR_IF(CACHEVAR,yes,
71 | [m4_default([$2], :)],
72 | [m4_default([$3], :)])
73 | AS_VAR_POPDEF([CACHEVAR])dnl
74 | ])dnl AX_CHECK_COMPILE_FLAGS
75 |
--------------------------------------------------------------------------------
/m4/ax_compiler_vendor.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_compiler_vendor.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_COMPILER_VENDOR
8 | #
9 | # DESCRIPTION
10 | #
11 | # Determine the vendor of the C/C++ compiler, e.g., gnu, intel, ibm, sun,
12 | # hp, borland, comeau, dec, cray, kai, lcc, metrowerks, sgi, microsoft,
13 | # watcom, etc. The vendor is returned in the cache variable
14 | # $ax_cv_c_compiler_vendor for C and $ax_cv_cxx_compiler_vendor for C++.
15 | #
16 | # LICENSE
17 | #
18 | # Copyright (c) 2008 Steven G. Johnson
19 | # Copyright (c) 2008 Matteo Frigo
20 | #
21 | # This program is free software: you can redistribute it and/or modify it
22 | # under the terms of the GNU General Public License as published by the
23 | # Free Software Foundation, either version 3 of the License, or (at your
24 | # option) any later version.
25 | #
26 | # This program is distributed in the hope that it will be useful, but
27 | # WITHOUT ANY WARRANTY; without even the implied warranty of
28 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
29 | # Public License for more details.
30 | #
31 | # You should have received a copy of the GNU General Public License along
32 | # with this program. If not, see .
33 | #
34 | # As a special exception, the respective Autoconf Macro's copyright owner
35 | # gives unlimited permission to copy, distribute and modify the configure
36 | # scripts that are the output of Autoconf when processing the Macro. You
37 | # need not follow the terms of the GNU General Public License when using
38 | # or distributing such scripts, even though portions of the text of the
39 | # Macro appear in them. The GNU General Public License (GPL) does govern
40 | # all other use of the material that constitutes the Autoconf Macro.
41 | #
42 | # This special exception to the GPL applies to versions of the Autoconf
43 | # Macro released by the Autoconf Archive. When you make and distribute a
44 | # modified version of the Autoconf Macro, you may extend this special
45 | # exception to the GPL to apply to your modified version as well.
46 |
47 | #serial 15
48 |
49 | AC_DEFUN([AX_COMPILER_VENDOR],
50 | [AC_CACHE_CHECK([for _AC_LANG compiler vendor], ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor,
51 | dnl Please add if possible support to ax_compiler_version.m4
52 | [# note: don't check for gcc first since some other compilers define __GNUC__
53 | vendors="intel: __ICC,__ECC,__INTEL_COMPILER
54 | ibm: __xlc__,__xlC__,__IBMC__,__IBMCPP__
55 | pathscale: __PATHCC__,__PATHSCALE__
56 | clang: __clang__
57 | cray: _CRAYC
58 | fujitsu: __FUJITSU
59 | gnu: __GNUC__
60 | sun: __SUNPRO_C,__SUNPRO_CC
61 | hp: __HP_cc,__HP_aCC
62 | dec: __DECC,__DECCXX,__DECC_VER,__DECCXX_VER
63 | borland: __BORLANDC__,__CODEGEARC__,__TURBOC__
64 | comeau: __COMO__
65 | kai: __KCC
66 | lcc: __LCC__
67 | sgi: __sgi,sgi
68 | microsoft: _MSC_VER
69 | metrowerks: __MWERKS__
70 | watcom: __WATCOMC__
71 | portland: __PGI
72 | tcc: __TINYC__
73 | unknown: UNKNOWN"
74 | for ventest in $vendors; do
75 | case $ventest in
76 | *:) vendor=$ventest; continue ;;
77 | *) vencpp="defined("`echo $ventest | sed 's/,/) || defined(/g'`")" ;;
78 | esac
79 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,[
80 | #if !($vencpp)
81 | thisisanerror;
82 | #endif
83 | ])], [break])
84 | done
85 | ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor=`echo $vendor | cut -d: -f1`
86 | ])
87 | ])
88 |
--------------------------------------------------------------------------------
/m4/ax_cflags_aix_option.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_cflags_aix_option.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CFLAGS_AIX_OPTION (optionflag [,[shellvar][,[A][,[NA]]])
8 | #
9 | # DESCRIPTION
10 | #
11 | # AX_CFLAGS_AIX_OPTION(-qubicle) would show a message as like "checking
12 | # CFLAGS for aix/cc -qubicle ... yes" and adds the optionflag to CFLAGS if
13 | # it is understood. You can override the shellvar-default of CFLAGS of
14 | # course. The order of arguments stems from the explicit macros like
15 | # AX_CFLAGS_WARN_ALL.
16 | #
17 | # The cousin AX_CXXFLAGS_AIX_OPTION would check for an option to add to
18 | # CXXFLAGS - and it uses the autoconf setup for C++ instead of C (since it
19 | # is possible to use different compilers for C and C++).
20 | #
21 | # The macro is a lot simpler than any special AX_CFLAGS_* macro (or
22 | # ax_cxx_rtti.m4 macro) but allows to check for arbitrary options.
23 | # However, if you use this macro in a few places, it would be great if you
24 | # would make up a new function-macro and submit it to the ac-archive.
25 | #
26 | # - $1 option-to-check-for : required ("-option" as non-value)
27 | # - $2 shell-variable-to-add-to : CFLAGS (or CXXFLAGS in the other case)
28 | # - $3 action-if-found : add value to shellvariable
29 | # - $4 action-if-not-found : nothing
30 | #
31 | # note: in earlier versions, $1-$2 were swapped. We try to detect the
32 | # situation and accept a $2=~/-/ as being the old option-to-check-for.
33 | #
34 | # see also: AX_CFLAGS_GCC_OPTION for the widely used original variant.
35 | #
36 | # LICENSE
37 | #
38 | # Copyright (c) 2008 Guido U. Draheim
39 | #
40 | # This program is free software; you can redistribute it and/or modify it
41 | # under the terms of the GNU General Public License as published by the
42 | # Free Software Foundation; either version 3 of the License, or (at your
43 | # option) any later version.
44 | #
45 | # This program is distributed in the hope that it will be useful, but
46 | # WITHOUT ANY WARRANTY; without even the implied warranty of
47 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
48 | # Public License for more details.
49 | #
50 | # You should have received a copy of the GNU General Public License along
51 | # with this program. If not, see .
52 | #
53 | # As a special exception, the respective Autoconf Macro's copyright owner
54 | # gives unlimited permission to copy, distribute and modify the configure
55 | # scripts that are the output of Autoconf when processing the Macro. You
56 | # need not follow the terms of the GNU General Public License when using
57 | # or distributing such scripts, even though portions of the text of the
58 | # Macro appear in them. The GNU General Public License (GPL) does govern
59 | # all other use of the material that constitutes the Autoconf Macro.
60 | #
61 | # This special exception to the GPL applies to versions of the Autoconf
62 | # Macro released by the Autoconf Archive. When you make and distribute a
63 | # modified version of the Autoconf Macro, you may extend this special
64 | # exception to the GPL to apply to your modified version as well.
65 |
66 | #serial 13
67 |
68 | AC_DEFUN([AX_FLAGS_AIX_OPTION_PRIVATE], [dnl
69 | AX_CHECK_COMPILE_FLAG([$1], [flag_ok="yes"], [flag_ok="no"], [-qlanglvl=ansi -qsrcmsg])
70 | AS_CASE([".$flag_ok"],
71 | [.ok|.ok,*], [$3],
72 | [.|.no|.no,*], [$4],
73 | [m4_default($3,[AX_APPEND_FLAG([$1],[$2])])])
74 | ])
75 |
76 | AC_DEFUN([AX_CFLAGS_AIX_OPTION],[
77 | AC_LANG_PUSH([C])
78 | AX_FLAGS_AIX_OPTION_PRIVATE(ifelse(m4_bregexp([$2],[-]),-1,[[$1],[$2]],[[$2],[$1]]),[$3],[$4])
79 | AC_LANG_POP
80 | ])
81 |
82 | AC_DEFUN([AX_CXXFLAGS_AIX_OPTION],[
83 | AC_LANG_PUSH([C++])
84 | AX_FLAGS_AIX_OPTION_PRIVATE(ifelse(m4_bregexp([$2],[-]),-1,[[$1],[$2]],[[$2],[$1]]),[$3],[$4])
85 | AC_LANG_POP
86 | ])
87 |
--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
1 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2 |
3 | This document is largely out of date, but left for historical interest.
4 |
5 | Alec Thomas, 08/06/2005
6 |
7 | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8 |
9 | Op is a tool for allowing users to run root privileged commands
10 | without the root password. It is described in detail in "Op: A Flexible
11 | Tool for Restricted Superuser Access" by Tom Christiansen. From this
12 | description Dave Koblas produced an impementation of op in C. Tom's
13 | original paper is included in this distribution in the file
14 | "op.paper". Differences between that design and the current
15 | implementation are noted in the file "op.changes".
16 |
17 | I first came into contact with op at Octel in 1992. Over the years I
18 | added a couple of things, and ported it to architectures Octel cared
19 | about. Those included SunOS 4.1.x, Solaris 2.2 and greater, AIX,
20 | HP-UX 9.x, BSDI 1.1 and Linux 1.x. I added support for SecurID access
21 | control from Security Dynamics. This particular code has only been
22 | tested under SunOS and Solaris. I also enhanced the syslog stuff so it
23 | would log the command parameters that op executes as well as the
24 | command name. Support for Solaris shadow passwords was also added.
25 |
26 | I left Octel in 1996, and payed little attention to op for over a
27 | year. Recently, I had a need for op on Linux 2.0. I had to tweak the
28 | shadow password implementation to get it to work. while I was at it I
29 | cleaned up some of the logging code. It seems to work quite well on
30 | Linux. I've tried hard not to break other platforms with my mods, so
31 | they probably still work too. 8).I will test this code on any platform
32 | I need to use it on. If you have ported or built this code on other
33 | platforms, I'd like to hear from you. You can reach me via email at
34 | hbo@egbok.com. I'll try to help out with bugs time permitting.
35 |
36 |
37 | **** Disclaimer ****
38 |
39 | This code has been extensively tested only on the Sun
40 | architectures. We have noticed no egregious bugs on those platforms,
41 | but that's no guarantee such bugs don't exist. That goes double for
42 | the non-Sun architectures where testing has involved building,
43 | installing and running "op sh" once or twice.
44 |
45 | To build op, edit defs.h to point OP_ACCESS at the full pathname of
46 | your op.access file. You can study the sample file included with the
47 | distribution to get an idea of its semantics. Next, edit the Makefile
48 | and remove comments from the lines appropriate to your
49 | architecture.
50 |
51 | If you have shadow passwords, define the USE_SHADOW symbol to build in
52 | Solaris style shadow support. This also works on Linux 2.0.30. Shadow
53 | passwords on other architectures have not been tested and are not
54 | supported. If you successfully port op to another platform's shadow
55 | password implementation, send me the diffs, and I'll try to roll them
56 | into the main distribution.
57 |
58 | If you have the Security Dynamics ACE server software,
59 | uncomment the lines pertaining to SECURID. Define SECURIDLIBDIR and
60 | SECURIDINC to point at where the sdiclient library, and the ACE
61 | header files live respectively. The keyword "securid" in op.access
62 | will enable the client code. Each host that runs op in this mode must
63 | be configured as a client in the ACE server's database.
64 |
65 | After that, a simple make in the source directory should build op. To
66 | test op, the executable must be setuid root, and the op.access file
67 | must reside at the place OP_ACCESS points to.
68 |
69 | I'm grateful to Tom Christiansen and Dave Koblas for the original
70 | design and implementation of op. I'm also grateful to all those folks
71 | who, like Tom and Dave, have made my life easier by giving away
72 | marvelous, useful source code. I'm happy to give a little bit back, at
73 | long last.
74 |
75 | /* +-------------------------------------------------------------------+ */
76 | /* | Copyright 1991, David Koblas. | */
77 | /* | Permission to use, copy, modify, and distribute this software | */
78 | /* | and its documentation for any purpose and without fee is hereby | */
79 | /* | granted, provided that the above copyright notice appear in all | */
80 | /* | copies and that both that copyright notice and this permission | */
81 | /* | notice appear in supporting documentation. This software is | */
82 | /* | provided "as is" without express or implied warranty. | */
83 | /* +-------------------------------------------------------------------+ */
84 |
85 | Ditto for my contributions which are Copyright (C) 1995, 1997 by
86 | Howard Owen. (hbo@egbok.com)
87 |
88 | And again for contributions by me, Alec Thomas (alec@swapoff.org),
89 | Copyright (C) 2002-2005.
90 |
91 |
--------------------------------------------------------------------------------
/defs.h:
--------------------------------------------------------------------------------
1 | /* +-------------------------------------------------------------------+ */
2 | /* | Copyright 1991, David Koblas. | */
3 | /* | Permission to use, copy, modify, and distribute this software | */
4 | /* | and its documentation for any purpose and without fee is hereby | */
5 | /* | granted, provided that the above copyright notice appear in all | */
6 | /* | copies and that both that copyright notice and this permission | */
7 | /* | notice appear in supporting documentation. This software is | */
8 | /* | provided "as is" without express or implied warranty. | */
9 | /* +-------------------------------------------------------------------+ */
10 |
11 | #ifndef _DEFS_H_
12 | #define _DEFS_H_
13 |
14 | #include "config.h"
15 |
16 | #include
17 | #include
18 | #include
19 | #include
20 |
21 | #if HAVE_MALLOC == 0
22 | # ifdef malloc
23 | # undef malloc
24 | # define rpl_malloc
25 | # endif
26 | # ifdef realloc
27 | # undef realloc
28 | # define rpl_realloc
29 | # endif
30 | #endif
31 | #include
32 | #if HAVE_MALLOC == 0
33 | # ifdef rpl_malloc
34 | # undef rpl_malloc
35 | # define malloc rpl_malloc
36 | # endif
37 | # ifdef rpl_realloc
38 | # undef rpl_realloc
39 | # define realloc rpl_realloc
40 | # endif
41 | #endif
42 |
43 | #include
44 |
45 | #ifdef TIME_WITH_SYS_TIME
46 | # include
47 | # include
48 | #else
49 | # ifdef HAVE_SYS_TIME_H
50 | # include
51 | # else
52 | # include
53 | # endif
54 | #endif
55 |
56 | #ifdef HAVE_DIRENT_H
57 | # include
58 | # define NAMLEN(dirent) strlen((dirent)->d_name)
59 | #else
60 | # define dirent direct
61 | # define NAMLEN(dirent) (dirent)->d_namlen
62 | # ifdef HAVE_SYS_NDIR_H
63 | # include
64 | # endif
65 | # ifdef HAVE_SYS_DIR_H
66 | # include
67 | # endif
68 | # ifdef HAVE_NDIR_H
69 | # include
70 | # endif
71 | #endif
72 |
73 | #include
74 | #ifdef HAVE_SYS_WAIT_H
75 | # include
76 | #endif
77 | #ifndef WEXITSTATUS
78 | # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
79 | #endif
80 | #ifndef WIFEXITED
81 | # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
82 | #endif
83 |
84 | #ifdef STDC_HEADERS
85 | # include
86 | #else
87 | # ifndef HAVE_STRCHR
88 | # define strchr index
89 | # define strrchr rindex
90 | # endif
91 | char *strchr(), *strrchr();
92 | # ifndef HAVE_MEMCPY
93 | # define memcpy(d, s, n) bcopy ((s), (d), (n))
94 | # define memmove(d, s, n) bcopy ((s), (d), (n))
95 | # endif
96 | #endif
97 |
98 | #ifdef HAVE_LIBBSD
99 | #include
100 | #else
101 | # ifndef HAVE_STRLCAT
102 | size_t strlcat(char *dst, const char *src, size_t siz);
103 | size_t strlcpy(char *dst, const char *src, size_t siz);
104 | # endif
105 | #endif
106 |
107 | #ifndef HAVE_VSNPRINTF
108 | int snprintf(char *str, size_t size, const char *format, ...);
109 | int vsnprintf(char *str, size_t size, const char *format, va_list arg);
110 | #endif
111 |
112 | #ifndef MIN
113 | #define MIN(a, b) ((a) < (b) ? (a) : (b))
114 | #endif
115 |
116 | #define UNUSED(x) (void)(x)
117 |
118 | #ifdef malloc
119 | void *rpl_malloc(size_t n);
120 | #endif
121 | #ifdef realloc
122 | void *rpl_realloc(void *ptr, size_t n);
123 | #endif
124 |
125 | typedef struct cmd_s {
126 | char *name;
127 | size_t nargs, nopts;
128 | size_t margs, mopts;
129 | char **args, **opts;
130 | struct cmd_s *next;
131 | } cmd_t;
132 |
133 | typedef struct var_s {
134 | char *name, *value;
135 | struct var_s *next;
136 | } var_t;
137 |
138 | typedef struct array_s {
139 | void **data;
140 | size_t size, capacity;
141 | } array_t;
142 |
143 | /* functions to manage a dynamically extensible array of pointers */
144 | #define ARRAY_CHUNK 32
145 | array_t *array_alloc(void);
146 | void array_free(array_t * array);
147 | array_t *array_free_contents(array_t * array);
148 | void *array_push(array_t * array, void *object);
149 | void *array_pop(array_t * array);
150 | int array_extend(array_t * array, size_t capacity);
151 |
152 | char *savestr(const char *str);
153 | cmd_t *Build(cmd_t * def, cmd_t * cmd);
154 | cmd_t *BuildSingle(cmd_t * def, cmd_t * cmd);
155 |
156 | extern cmd_t *First;
157 | extern var_t *Variables;
158 |
159 | /* cppcheck-suppress noreturn */
160 | int logger(unsigned level, const char *format, ...);
161 | void fatal(int logit, const char *format, ...);
162 | char *strtolower(char *in);
163 | /* NOLINTNEXTLINE(runtime/int) */
164 | long strtolong(const char *str, int base);
165 |
166 | int ReadFile(const char *file);
167 | int CountArgs(cmd_t * cmd);
168 |
169 | #define MAXSTRLEN 2048
170 | #ifndef SYSCONFDIR
171 | #define SYSCONFDIR "/etc"
172 | #endif
173 | #define OP_ACCESS SYSCONFDIR "/op.conf"
174 | #define OP_ACCESS_DIR SYSCONFDIR "/op.d"
175 |
176 | #define VAR_EXPAND_LEN 8192
177 | #define VAR_NAME_LEN 64
178 |
179 | #ifndef HOST_NAME_MAX
180 | #define HOST_NAME_MAX 255
181 | #endif
182 |
183 | #ifndef PASS_MAX
184 | #define PASS_MAX 512
185 | #endif
186 |
187 | #endif /* !_DEFS_H_ */
188 |
--------------------------------------------------------------------------------
/m4/ax_compiler_flags_cflags.m4:
--------------------------------------------------------------------------------
1 | # ============================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_compiler_flags_cflags.html
3 | # ============================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_COMPILER_FLAGS_CFLAGS([VARIABLE], [IS-RELEASE], [EXTRA-BASE-FLAGS], [EXTRA-YES-FLAGS])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Add warning flags for the C compiler to VARIABLE, which defaults to
12 | # WARN_CFLAGS. VARIABLE is AC_SUBST-ed by this macro, but must be
13 | # manually added to the CFLAGS variable for each target in the code base.
14 | #
15 | # This macro depends on the environment set up by AX_COMPILER_FLAGS.
16 | # Specifically, it uses the value of $ax_enable_compile_warnings to decide
17 | # which flags to enable.
18 | #
19 | # LICENSE
20 | #
21 | # Copyright (c) 2014, 2015 Philip Withnall
22 | #
23 | # Copying and distribution of this file, with or without modification, are
24 | # permitted in any medium without royalty provided the copyright notice
25 | # and this notice are preserved. This file is offered as-is, without any
26 | # warranty.
27 |
28 | #serial 11
29 |
30 | AC_DEFUN([AX_COMPILER_FLAGS_CFLAGS],[
31 | AC_REQUIRE([AC_PROG_SED])
32 | AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS])
33 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
34 | AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
35 |
36 | # Variable names
37 | m4_define(ax_warn_cflags_variable,
38 | [m4_normalize(ifelse([$1],,[WARN_CFLAGS],[$1]))])
39 |
40 | AC_LANG_PUSH([C])
41 |
42 | # Always pass -Werror=unknown-warning-option to get Clang to fail on bad
43 | # flags, otherwise they are always appended to the warn_cflags variable, and
44 | # Clang warns on them for every compilation unit.
45 | # If this is passed to GCC, it will explode, so the flag must be enabled
46 | # conditionally.
47 | AX_CHECK_COMPILE_FLAG([-Werror=unknown-warning-option],[
48 | ax_compiler_flags_test="-Werror=unknown-warning-option"
49 | ],[
50 | ax_compiler_flags_test=""
51 | ])
52 |
53 | # Base flags
54 | AX_APPEND_COMPILE_FLAGS([ dnl
55 | -fno-strict-aliasing dnl
56 | $3 dnl
57 | ],ax_warn_cflags_variable,[$ax_compiler_flags_test])
58 |
59 | AS_IF([test "$ax_enable_compile_warnings" != "no"],[
60 | # "yes" flags
61 | AX_APPEND_COMPILE_FLAGS([ dnl
62 | -Wall dnl
63 | -Wextra dnl
64 | -Wundef dnl
65 | -Wnested-externs dnl
66 | -Wwrite-strings dnl
67 | -Wpointer-arith dnl
68 | -Wmissing-declarations dnl
69 | -Wmissing-prototypes dnl
70 | -Wstrict-prototypes dnl
71 | -Wredundant-decls dnl
72 | -Wno-unused-parameter dnl
73 | -Wno-missing-field-initializers dnl
74 | -Wdeclaration-after-statement dnl
75 | -Wformat=2 dnl
76 | -Wold-style-definition dnl
77 | -Wcast-align dnl
78 | -Wformat-nonliteral dnl
79 | -Wformat-security dnl
80 | -Wsign-compare dnl
81 | -Wstrict-aliasing dnl
82 | -Wshadow dnl
83 | -Winline dnl
84 | -Wpacked dnl
85 | -Wmissing-format-attribute dnl
86 | -Wmissing-noreturn dnl
87 | -Winit-self dnl
88 | -Wredundant-decls dnl
89 | -Wmissing-include-dirs dnl
90 | -Wunused-but-set-variable dnl
91 | -Warray-bounds dnl
92 | -Wimplicit-function-declaration dnl
93 | -Wreturn-type dnl
94 | -Wswitch-enum dnl
95 | -Wswitch-default dnl
96 | $4 dnl
97 | $5 dnl
98 | $6 dnl
99 | $7 dnl
100 | ],ax_warn_cflags_variable,[$ax_compiler_flags_test])
101 | ])
102 | AS_IF([test "$ax_enable_compile_warnings" = "error"],[
103 | # "error" flags; -Werror has to be appended unconditionally because
104 | # it's not possible to test for
105 | #
106 | # suggest-attribute=format is disabled because it gives too many false
107 | # positives
108 | AX_APPEND_FLAG([-Werror],ax_warn_cflags_variable)
109 |
110 | AX_APPEND_COMPILE_FLAGS([ dnl
111 | -Wno-suggest-attribute=format dnl
112 | ],ax_warn_cflags_variable,[$ax_compiler_flags_test])
113 | ])
114 |
115 | # In the flags below, when disabling specific flags, always add *both*
116 | # -Wno-foo and -Wno-error=foo. This fixes the situation where (for example)
117 | # we enable -Werror, disable a flag, and a build bot passes CFLAGS=-Wall,
118 | # which effectively turns that flag back on again as an error.
119 | for flag in $ax_warn_cflags_variable; do
120 | AS_CASE([$flag],
121 | [-Wno-*=*],[],
122 | [-Wno-*],[
123 | AX_APPEND_COMPILE_FLAGS([-Wno-error=$(AS_ECHO([$flag]) | $SED 's/^-Wno-//')],
124 | ax_warn_cflags_variable,
125 | [$ax_compiler_flags_test])
126 | ])
127 | done
128 |
129 | AC_LANG_POP([C])
130 |
131 | # Substitute the variables
132 | AC_SUBST(ax_warn_cflags_variable)
133 | ])dnl AX_COMPILER_FLAGS
134 |
--------------------------------------------------------------------------------
/m4/ax_cflags_warn_all.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_cflags_warn_all.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
8 | # AX_CXXFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
9 | # AX_FCFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
10 | #
11 | # DESCRIPTION
12 | #
13 | # Try to find a compiler option that enables most reasonable warnings.
14 | #
15 | # For the GNU compiler it will be -Wall (and -ansi -pedantic) The result
16 | # is added to the shellvar being CFLAGS, CXXFLAGS, or FCFLAGS by default.
17 | #
18 | # Currently this macro knows about the GCC, Solaris, Digital Unix, AIX,
19 | # HP-UX, IRIX, NEC SX-5 (Super-UX 10), Cray J90 (Unicos 10.0.0.8), and
20 | # Intel compilers. For a given compiler, the Fortran flags are much more
21 | # experimental than their C equivalents.
22 | #
23 | # - $1 shell-variable-to-add-to : CFLAGS, CXXFLAGS, or FCFLAGS
24 | # - $2 add-value-if-not-found : nothing
25 | # - $3 action-if-found : add value to shellvariable
26 | # - $4 action-if-not-found : nothing
27 | #
28 | # NOTE: These macros depend on AX_APPEND_FLAG.
29 | #
30 | # LICENSE
31 | #
32 | # Copyright (c) 2008 Guido U. Draheim
33 | # Copyright (c) 2010 Rhys Ulerich
34 | #
35 | # This program is free software; you can redistribute it and/or modify it
36 | # under the terms of the GNU General Public License as published by the
37 | # Free Software Foundation; either version 3 of the License, or (at your
38 | # option) any later version.
39 | #
40 | # This program is distributed in the hope that it will be useful, but
41 | # WITHOUT ANY WARRANTY; without even the implied warranty of
42 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
43 | # Public License for more details.
44 | #
45 | # You should have received a copy of the GNU General Public License along
46 | # with this program. If not, see .
47 | #
48 | # As a special exception, the respective Autoconf Macro's copyright owner
49 | # gives unlimited permission to copy, distribute and modify the configure
50 | # scripts that are the output of Autoconf when processing the Macro. You
51 | # need not follow the terms of the GNU General Public License when using
52 | # or distributing such scripts, even though portions of the text of the
53 | # Macro appear in them. The GNU General Public License (GPL) does govern
54 | # all other use of the material that constitutes the Autoconf Macro.
55 | #
56 | # This special exception to the GPL applies to versions of the Autoconf
57 | # Macro released by the Autoconf Archive. When you make and distribute a
58 | # modified version of the Autoconf Macro, you may extend this special
59 | # exception to the GPL to apply to your modified version as well.
60 |
61 | #serial 15
62 |
63 | AC_DEFUN([AX_FLAGS_WARN_ALL],[dnl
64 | AS_VAR_PUSHDEF([FLAGS],[_AC_LANG_PREFIX[]FLAGS])dnl
65 | AS_VAR_PUSHDEF([VAR],[ac_cv_[]_AC_LANG_ABBREV[]flags_warn_all])dnl
66 | AC_CACHE_CHECK([m4_ifval($1,$1,FLAGS) for maximum warnings],
67 | VAR,[VAR="no, unknown"
68 | ac_save_[]FLAGS="$[]FLAGS"
69 | for ac_arg dnl
70 | in "-warn all % -warn all" dnl Intel
71 | "-pedantic % -Wall" dnl GCC
72 | "-xstrconst % -v" dnl Solaris C
73 | "-std1 % -verbose -w0 -warnprotos" dnl Digital Unix
74 | "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" dnl AIX
75 | "-ansi -ansiE % -fullwarn" dnl IRIX
76 | "+ESlit % +w1" dnl HP-UX C
77 | "-Xc % -pvctl[,]fullmsg" dnl NEC SX-5 (Super-UX 10)
78 | "-h conform % -h msglevel 2" dnl Cray C (Unicos)
79 | #
80 | do FLAGS="$ac_save_[]FLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
81 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
82 | [VAR=`echo $ac_arg | sed -e 's,.*% *,,'` ; break])
83 | done
84 | FLAGS="$ac_save_[]FLAGS"
85 | ])
86 | AS_VAR_POPDEF([FLAGS])dnl
87 | AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
88 | case ".$VAR" in
89 | .ok|.ok,*) m4_ifvaln($3,$3) ;;
90 | .|.no|.no,*) m4_default($4,[m4_ifval($2,[AX_APPEND_FLAG([$2], [$1])])]) ;;
91 | *) m4_default($3,[AX_APPEND_FLAG([$VAR], [$1])]) ;;
92 | esac
93 | AS_VAR_POPDEF([VAR])dnl
94 | ])dnl AX_FLAGS_WARN_ALL
95 | dnl implementation tactics:
96 | dnl the for-argument contains a list of options. The first part of
97 | dnl these does only exist to detect the compiler - usually it is
98 | dnl a global option to enable -ansi or -extrawarnings. All other
99 | dnl compilers will fail about it. That was needed since a lot of
100 | dnl compilers will give false positives for some option-syntax
101 | dnl like -Woption or -Xoption as they think of it is a pass-through
102 | dnl to later compile stages or something. The "%" is used as a
103 | dnl delimiter. A non-option comment can be given after "%%" marks
104 | dnl which will be shown but not added to the respective C/CXXFLAGS.
105 |
106 | AC_DEFUN([AX_CFLAGS_WARN_ALL],[dnl
107 | AC_LANG_PUSH([C])
108 | AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
109 | AC_LANG_POP([C])
110 | ])
111 |
112 | AC_DEFUN([AX_CXXFLAGS_WARN_ALL],[dnl
113 | AC_LANG_PUSH([C++])
114 | AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
115 | AC_LANG_POP([C++])
116 | ])
117 |
118 | AC_DEFUN([AX_FCFLAGS_WARN_ALL],[dnl
119 | AC_LANG_PUSH([Fortran])
120 | AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
121 | AC_LANG_POP([Fortran])
122 | ])
123 |
--------------------------------------------------------------------------------
/rplregex.c:
--------------------------------------------------------------------------------
1 | /*
2 | ** Copyright (c) 2016, Cyrille Lefevre .
3 | ** All rights reserved.
4 | **
5 | ** Redistribution and use in source and binary forms, with or without
6 | ** modification, are permitted provided that the following conditions
7 | ** are met:
8 | **
9 | ** 1. Redistributions of source code must retain the above copyright
10 | ** notice, this list of conditions and the following disclaimer.
11 | ** 2. Redistributions in binary form must reproduce the above copyright
12 | ** notice, this list of conditions and the following disclaimer in the
13 | ** documentation and/or other materials provided with the distribution.
14 | **
15 | ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 | ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 | ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18 | ** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
19 | ** BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
20 | ** OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
21 | ** OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
22 | ** BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 | ** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
24 | ** OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
25 | ** EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 | **/
27 |
28 | #include "config.h"
29 |
30 | #include
31 | #include
32 | #include
33 |
34 | #include "rplregex.h"
35 |
36 | #ifndef HAVE_REGEX
37 | static char *_regerrorstr;
38 |
39 | void regerror(char *s)
40 | {
41 | _regerrorstr = s;
42 | }
43 | #endif
44 |
45 | void rpl_regfree(REGEXP_T **_prog)
46 | {
47 | REGEXP_T *prog = *_prog;
48 | #ifdef HAVE_REGEX
49 | if (prog->preg.re_nsub)
50 | free(prog->pmatch);
51 | regfree(&prog->preg);
52 | #endif
53 | free(prog);
54 | *_prog = (REGEXP_T *) NULL;
55 | }
56 |
57 | int rpl_regcomp(REGEXP_T **_prog, const char *regex, int cflags)
58 | {
59 | #ifdef HAVE_REGEX
60 | int rc;
61 | REGEXP_T *prog = *_prog = (REGEXP_T *) malloc(sizeof(REGEXP_T));
62 | if (prog == NULL)
63 | return REG_ESPACE;
64 | prog->cflags = cflags;
65 | prog->pmatch = NULL;
66 | rc = regcomp(&prog->preg, regex, cflags|REG_EXTENDED);
67 | if (rc || cflags & REG_NOSUB || prog->preg.re_nsub == 0)
68 | return rc;
69 | prog->pmatch = calloc(prog->preg.re_nsub + 1, sizeof(regmatch_t));
70 | if (prog->pmatch == NULL) {
71 | prog->preg.re_nsub = 0;
72 | rpl_regfree(&prog);
73 | return REG_ESPACE;
74 | }
75 | return 0;
76 | #else
77 | *_prog = regcomp((char *)regex);
78 | return *_prog == NULL;
79 | #endif
80 | }
81 |
82 | int rpl_regexec(REGEXP_T * const *_prog, const char *string)
83 | {
84 | REGEXP_T *prog = *_prog;
85 | #ifdef HAVE_REGEX
86 | if (!(prog->cflags & REG_NOSUB))
87 | prog->string = string;
88 | return regexec(&prog->preg, string, prog->preg.re_nsub + 1, prog->pmatch, 0);
89 | #else
90 | int rc = !regexec(prog, (char *)string);
91 | return rc && _regerrorstr ? REG_ESPACE : rc;
92 | #endif
93 | }
94 |
95 | int rpl_regsub(REGEXP_T * const *_prog, const char *source, char *dest, size_t size)
96 | {
97 | REGEXP_T *prog = *_prog;
98 | const char *src;
99 | char *dst, c;
100 | int no;
101 | size_t len;
102 |
103 | if (prog == NULL || source == NULL || dest == NULL || size == 0)
104 | return REG_ESPACE;
105 |
106 | src = source;
107 | dst = dest;
108 | while ((c = *src++) != '\0') {
109 | if (c == '&')
110 | no = 0;
111 | else if (c == '\\' && '0' <= *src && *src <= '9')
112 | no = *src++ - '0';
113 | else
114 | no = -1;
115 | if (no < 0) { /* Ordinary character. */
116 | if (c == '\\' && (*src == '\\' || *src == '&'))
117 | c = *src++;
118 | if ((size_t) (dst - dest) + 1 >= size)
119 | return REG_ESPACE;
120 | *dst++ = c;
121 | #ifdef HAVE_REGEX
122 | } else if (prog->preg.re_nsub &&
123 | (size_t) no <= prog->preg.re_nsub &&
124 | prog->pmatch[no].rm_so >= 0 &&
125 | prog->pmatch[no].rm_eo > prog->pmatch[no].rm_so) {
126 | len = (size_t) (prog->pmatch[no].rm_eo - prog->pmatch[no].rm_so);
127 | if ((size_t) (dst - dest) + len >= size)
128 | return REG_ESPACE;
129 | /* Flawfinder: ignore (strncpy) */
130 | strncpy(dst, prog->string + prog->pmatch[no].rm_so, len);
131 | #else
132 | } else if (prog->startp[no] != NULL && prog->endp[no] != NULL &&
133 | prog->endp[no] > prog->startp[no]) {
134 | len = (size_t) (prog->endp[no] - prog->startp[no]);
135 | if ((size_t) (dst - dest) + len >= size)
136 | return REG_ESPACE;
137 | /* Flawfinder: ignore (strncpy) */
138 | strncpy(dst, prog->startp[no], len);
139 | #endif
140 | dst += len;
141 | if (len != 0 && *(dst - 1) == '\0') /* strncpy hit NUL. */
142 | return REG_ESUBREG;
143 | }
144 | }
145 | *dst = '\0';
146 | return 0;
147 | }
148 |
149 | char *rpl_regerror(int error, REGEXP_T * const *_prog)
150 | {
151 | char *buf;
152 | #ifdef HAVE_REGEX
153 | REGEXP_T *prog = *_prog;
154 | size_t len = regerror(error, &prog->preg, NULL, 0);
155 |
156 | buf = malloc(len);
157 | if (buf)
158 | regerror(error, &prog->preg, buf, len);
159 | #else
160 | if (_regerrorstr) {
161 | buf = strdup(_regerrorstr);
162 | _regerrorstr = NULL;
163 | } else {
164 | size_t len = 16;
165 |
166 | buf = malloc(len);
167 | if (buf)
168 | snprintf(buf, sizeof(buf), "Error %d\n", error);
169 | }
170 | #endif
171 | return buf;
172 | }
173 |
174 | #ifdef WANT_REGMAIN
175 | int main(int argc, char **argv)
176 | {
177 | REGEXP_T *prog;
178 | int rc, no;
179 | char *str = argv[1];
180 | char *re = argv[2];
181 | char *sub = argv[3];
182 | char dst[1024];
183 |
184 | rc = rpl_regcomp(&prog, re, 0);
185 | if (rc == 0)
186 | rc = rpl_regexec(&prog, str);
187 | if (rc == 0) {
188 | fprintf(stderr, "match\n");
189 | #ifdef HAVE_REGEX
190 | if (prog->preg.re_nsub)
191 | for (no = 0; no <= prog->preg.re_nsub; no++)
192 | fprintf(stderr, "[%d]:%2d-%2d %-.*s\n", no,
193 | prog->pmatch[no].rm_so, prog->pmatch[no].rm_eo,
194 | prog->pmatch[no].rm_eo - prog->pmatch[no].rm_so,
195 | str+prog->pmatch[no].rm_so);
196 | #else
197 | for (no = 0; no <= NSUBEXP; no++)
198 | if (prog->startp[no] && prog->endp[no])
199 | fprintf(stderr, "[%d]:%2ld-%2ld %-.*s\n", no,
200 | prog->startp[no] - str, prog->endp[no] - str,
201 | (int)(prog->endp[no] - prog->startp[no]),
202 | prog->startp[no]);
203 | #endif
204 | rc = rpl_regsub(&prog, sub, dst, sizeof(dst));
205 | }
206 | if (rc == 0)
207 | printf("%s\n", dst);
208 | else if (rc == REG_NOMATCH)
209 | fprintf(stderr, "nomatch\n");
210 | else {
211 | char *buf = rpl_regerror(rc, &prog);
212 | fprintf(stderr, "regerror: %s\n", buf);
213 | free(buf);
214 | }
215 | rpl_regfree(&prog);
216 | return rc;
217 | }
218 | #endif
219 |
--------------------------------------------------------------------------------
/config.h.in:
--------------------------------------------------------------------------------
1 | /* config.h.in. Generated from configure.ac by autoheader. */
2 |
3 | /* Define to 1 if the `closedir' function returns void instead of `int'. */
4 | #undef CLOSEDIR_VOID
5 |
6 | /* Define to 1 if your system has a working `chown' function. */
7 | #undef HAVE_CHOWN
8 |
9 | /* Define to 1 if you have the header file, and it defines `DIR'.
10 | */
11 | #undef HAVE_DIRENT_H
12 |
13 | /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
14 | #undef HAVE_DOPRNT
15 |
16 | /* Define to 1 if you have the `fork' function. */
17 | #undef HAVE_FORK
18 |
19 | /* Define to 1 if you have the `gethostname' function. */
20 | #undef HAVE_GETHOSTNAME
21 |
22 | /* Define to 1 if you have the `getpass' function. */
23 | #undef HAVE_GETPASS
24 |
25 | /* Define to 1 if you have the `getspnam' function. */
26 | #undef HAVE_GETSPNAM
27 |
28 | /* Define to 1 if you have the header file. */
29 | #undef HAVE_INTTYPES_H
30 |
31 | /* Define to 1 if you have the `bsd' library (-lbsd) */
32 | #undef HAVE_LIBBSD
33 |
34 | /* Define to 1 if you have the `crypt' library (-lcrypt). */
35 | #undef HAVE_LIBCRYPT
36 |
37 | /* Define to 1 if you have the `fl' library (-lfl). */
38 | #undef HAVE_LIBFL
39 |
40 | /* Define to 1 if you have the `l' library (-ll). */
41 | #undef HAVE_LIBL
42 |
43 | /* Define to 1 if you have the header file. */
44 | #undef HAVE_LIMITS_H
45 |
46 | /* Define to 1 if your system has a GNU libc compatible `malloc' function, and
47 | to 0 otherwise. */
48 | #undef HAVE_MALLOC
49 |
50 | /* Define to 1 if you have the header file. */
51 | #undef HAVE_MEMORY_H
52 |
53 | /* Define to 1 if you have the `memset' function. */
54 | #undef HAVE_MEMSET
55 |
56 | /* Define to 1 if you have the header file, and it defines `DIR'. */
57 | #undef HAVE_NDIR_H
58 |
59 | /* Define to 1 if you have the header file. */
60 | #undef HAVE_NETDB_H
61 |
62 | /* Define to 1 if your system has a GNU libc compatible `realloc' function,
63 | and to 0 otherwise. */
64 | #undef HAVE_REALLOC
65 |
66 | /* Define to 1 if you have the `regcomp' function. */
67 | #undef HAVE_REGCOMP
68 |
69 | /* Define to 1 if you have the `regex' functions. */
70 | #undef HAVE_REGEX
71 |
72 | /* Define to 1 if you have the header file. */
73 | #undef HAVE_SHADOW_H
74 |
75 | /* Define to 1 if `stat' has the bug that it succeeds when given the
76 | zero-length file name argument. */
77 | #undef HAVE_STAT_EMPTY_STRING_BUG
78 |
79 | /* Define to 1 if you have the header file. */
80 | #undef HAVE_STDINT_H
81 |
82 | /* Define to 1 if you have the header file. */
83 | #undef HAVE_STDLIB_H
84 |
85 | /* Define to 1 if you have the `strchr' function. */
86 | #undef HAVE_STRCHR
87 |
88 | /* Define to 1 if you have the `strcspn' function. */
89 | #undef HAVE_STRCSPN
90 |
91 | /* Define to 1 if you have the `strdup' function. */
92 | #undef HAVE_STRDUP
93 |
94 | /* Define to 1 if you have the `strftime' function. */
95 | #undef HAVE_STRFTIME
96 |
97 | /* Define to 1 if you have the header file. */
98 | #undef HAVE_STRINGS_H
99 |
100 | /* Define to 1 if you have the header file. */
101 | #undef HAVE_STRING_H
102 |
103 | /* Define to 1 if you have the `strlcat' function. */
104 | #undef HAVE_STRLCAT
105 |
106 | /* Define to 1 if you have the `strlcpy' function. */
107 | #undef HAVE_STRLCPY
108 |
109 | /* Define to 1 if you have the `strrchr' function. */
110 | #undef HAVE_STRRCHR
111 |
112 | /* Define to 1 if you have the `strtol' function. */
113 | #undef HAVE_STRTOL
114 |
115 | /* Define to 1 if you have the header file. */
116 | #undef HAVE_SYSLOG_H
117 |
118 | /* Define to 1 if you have the header file, and it defines `DIR'.
119 | */
120 | #undef HAVE_SYS_DIR_H
121 |
122 | /* Define to 1 if you have the header file, and it defines `DIR'.
123 | */
124 | #undef HAVE_SYS_NDIR_H
125 |
126 | /* Define to 1 if you have the header file. */
127 | #undef HAVE_SYS_STAT_H
128 |
129 | /* Define to 1 if you have the header file. */
130 | #undef HAVE_SYS_TIME_H
131 |
132 | /* Define to 1 if you have the header file. */
133 | #undef HAVE_SYS_TYPES_H
134 |
135 | /* Define to 1 if you have that is POSIX.1 compatible. */
136 | #undef HAVE_SYS_WAIT_H
137 |
138 | /* Define to 1 if you have the header file. */
139 | #undef HAVE_UNISTD_H
140 |
141 | /* Define to 1 if you have the `vfork' function. */
142 | #undef HAVE_VFORK
143 |
144 | /* Define to 1 if you have the header file. */
145 | #undef HAVE_VFORK_H
146 |
147 | /* Define to 1 if you have the `vprintf' function. */
148 | #undef HAVE_VPRINTF
149 |
150 | /* Define to 1 if you have the `vsnprintf' function. */
151 | #undef HAVE_VSNPRINTF
152 |
153 | /* Define to 1 if `fork' works. */
154 | #undef HAVE_WORKING_FORK
155 |
156 | /* Define to 1 if `vfork' works. */
157 | #undef HAVE_WORKING_VFORK
158 |
159 | /* Define to 1 if `lstat' dereferences a symlink specified with a trailing
160 | slash. */
161 | #undef LSTAT_FOLLOWS_SLASHED_SYMLINK
162 |
163 | /* Does openlog() return void? */
164 | #undef OPENLOG_VOID
165 |
166 | /* Name of package */
167 | #undef PACKAGE
168 |
169 | /* Define to the address where bug reports for this package should be sent. */
170 | #undef PACKAGE_BUGREPORT
171 |
172 | /* Define to the full name of this package. */
173 | #undef PACKAGE_NAME
174 |
175 | /* Define to the full name and version of this package. */
176 | #undef PACKAGE_STRING
177 |
178 | /* Define to the one symbol short name of this package. */
179 | #undef PACKAGE_TARNAME
180 |
181 | /* Define to the home page for this package. */
182 | #undef PACKAGE_URL
183 |
184 | /* Define to the version of this package. */
185 | #undef PACKAGE_VERSION
186 |
187 | /* Define to 1 if you have the ANSI C header files. */
188 | #undef STDC_HEADERS
189 |
190 | /* Define to 1 if you can safely include both and . */
191 | #undef TIME_WITH_SYS_TIME
192 |
193 | /* Use PAM for authentication */
194 | #undef USE_PAM
195 |
196 | /* Use shadow file for authentication */
197 | #undef USE_SHADOW
198 |
199 | /* Enable extensions on AIX 3, Interix. */
200 | #ifndef _ALL_SOURCE
201 | # undef _ALL_SOURCE
202 | #endif
203 | /* Enable GNU extensions on systems that have them. */
204 | #ifndef _GNU_SOURCE
205 | # undef _GNU_SOURCE
206 | #endif
207 | /* Enable threading extensions on Solaris. */
208 | #ifndef _POSIX_PTHREAD_SEMANTICS
209 | # undef _POSIX_PTHREAD_SEMANTICS
210 | #endif
211 | /* Enable extensions on HP NonStop. */
212 | #ifndef _TANDEM_SOURCE
213 | # undef _TANDEM_SOURCE
214 | #endif
215 | /* Enable general extensions on Solaris. */
216 | #ifndef __EXTENSIONS__
217 | # undef __EXTENSIONS__
218 | #endif
219 |
220 |
221 | /* Version number of package */
222 | #undef VERSION
223 |
224 | /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
225 | `char[]'. */
226 | #undef YYTEXT_POINTER
227 |
228 | /* Define to 1 if on MINIX. */
229 | #undef _MINIX
230 |
231 | /* Define to 2 if the system does not provide POSIX.1 features except with
232 | this defined. */
233 | #undef _POSIX_1_SOURCE
234 |
235 | /* Define to 1 if you need to in order for `stat' and other things to work. */
236 | #undef _POSIX_SOURCE
237 |
238 | /* Define to empty if `const' does not conform to ANSI C. */
239 | #undef const
240 |
241 | /* Define to `int' if doesn't define. */
242 | #undef gid_t
243 |
244 | /* Define to rpl_malloc if the replacement function should be used. */
245 | #undef malloc
246 |
247 | /* Define to `int' if does not define. */
248 | #undef mode_t
249 |
250 | /* Define to `int' if does not define. */
251 | #undef pid_t
252 |
253 | /* Define to rpl_realloc if the replacement function should be used. */
254 | #undef realloc
255 |
256 | /* Define to `unsigned int' if does not define. */
257 | #undef size_t
258 |
259 | /* Define to `int' if doesn't define. */
260 | #undef uid_t
261 |
262 | /* Define as `fork' if `vfork' does not work. */
263 | #undef vfork
264 |
--------------------------------------------------------------------------------
/m4/ax_compiler_flags.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_compiler_flags.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_COMPILER_FLAGS([CFLAGS-VARIABLE], [LDFLAGS-VARIABLE], [IS-RELEASE], [EXTRA-BASE-CFLAGS], [EXTRA-YES-CFLAGS], [UNUSED], [UNUSED], [UNUSED], [EXTRA-BASE-LDFLAGS], [EXTRA-YES-LDFLAGS], [UNUSED], [UNUSED], [UNUSED])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Check for the presence of an --enable-compile-warnings option to
12 | # configure, defaulting to "error" in normal operation, or "yes" if
13 | # IS-RELEASE is equal to "yes". Return the value in the variable
14 | # $ax_enable_compile_warnings.
15 | #
16 | # Depending on the value of --enable-compile-warnings, different compiler
17 | # warnings are checked to see if they work with the current compiler and,
18 | # if so, are appended to CFLAGS-VARIABLE and LDFLAGS-VARIABLE. This
19 | # allows a consistent set of baseline compiler warnings to be used across
20 | # a code base, irrespective of any warnings enabled locally by individual
21 | # developers. By standardising the warnings used by all developers of a
22 | # project, the project can commit to a zero-warnings policy, using -Werror
23 | # to prevent compilation if new warnings are introduced. This makes
24 | # catching bugs which are flagged by warnings a lot easier.
25 | #
26 | # By providing a consistent --enable-compile-warnings argument across all
27 | # projects using this macro, continuous integration systems can easily be
28 | # configured the same for all projects. Automated systems or build
29 | # systems aimed at beginners may want to pass the --disable-Werror
30 | # argument to unconditionally prevent warnings being fatal.
31 | #
32 | # --enable-compile-warnings can take the values:
33 | #
34 | # * no: Base compiler warnings only; not even -Wall.
35 | # * yes: The above, plus a broad range of useful warnings.
36 | # * error: The above, plus -Werror so that all warnings are fatal.
37 | # Use --disable-Werror to override this and disable fatal
38 | # warnings.
39 | #
40 | # The set of base and enabled flags can be augmented using the
41 | # EXTRA-*-CFLAGS and EXTRA-*-LDFLAGS variables, which are tested and
42 | # appended to the output variable if --enable-compile-warnings is not
43 | # "no". Flags should not be disabled using these arguments, as the entire
44 | # point of AX_COMPILER_FLAGS is to enforce a consistent set of useful
45 | # compiler warnings on code, using warnings which have been chosen for low
46 | # false positive rates. If a compiler emits false positives for a
47 | # warning, a #pragma should be used in the code to disable the warning
48 | # locally. See:
49 | #
50 | # https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Diagnostic-Pragmas.html#Diagnostic-Pragmas
51 | #
52 | # The EXTRA-* variables should only be used to supply extra warning flags,
53 | # and not general purpose compiler flags, as they are controlled by
54 | # configure options such as --disable-Werror.
55 | #
56 | # IS-RELEASE can be used to disable -Werror when making a release, which
57 | # is useful for those hairy moments when you just want to get the release
58 | # done as quickly as possible. Set it to "yes" to disable -Werror. By
59 | # default, it uses the value of $ax_is_release, so if you are using the
60 | # AX_IS_RELEASE macro, there is no need to pass this parameter. For
61 | # example:
62 | #
63 | # AX_IS_RELEASE([git-directory])
64 | # AX_COMPILER_FLAGS()
65 | #
66 | # CFLAGS-VARIABLE defaults to WARN_CFLAGS, and LDFLAGS-VARIABLE defaults
67 | # to WARN_LDFLAGS. Both variables are AC_SUBST-ed by this macro, but must
68 | # be manually added to the CFLAGS and LDFLAGS variables for each target in
69 | # the code base.
70 | #
71 | # If C++ language support is enabled with AC_PROG_CXX, which must occur
72 | # before this macro in configure.ac, warning flags for the C++ compiler
73 | # are AC_SUBST-ed as WARN_CXXFLAGS, and must be manually added to the
74 | # CXXFLAGS variables for each target in the code base. EXTRA-*-CFLAGS can
75 | # be used to augment the base and enabled flags.
76 | #
77 | # Warning flags for g-ir-scanner (from GObject Introspection) are
78 | # AC_SUBST-ed as WARN_SCANNERFLAGS. This variable must be manually added
79 | # to the SCANNERFLAGS variable for each GIR target in the code base. If
80 | # extra g-ir-scanner flags need to be enabled, the AX_COMPILER_FLAGS_GIR
81 | # macro must be invoked manually.
82 | #
83 | # AX_COMPILER_FLAGS may add support for other tools in future, in addition
84 | # to the compiler and linker. No extra EXTRA-* variables will be added
85 | # for those tools, and all extra support will still use the single
86 | # --enable-compile-warnings configure option. For finer grained control
87 | # over the flags for individual tools, use AX_COMPILER_FLAGS_CFLAGS,
88 | # AX_COMPILER_FLAGS_LDFLAGS and AX_COMPILER_FLAGS_* for new tools.
89 | #
90 | # The UNUSED variables date from a previous version of this macro, and are
91 | # automatically appended to the preceding non-UNUSED variable. They should
92 | # be left empty in new uses of the macro.
93 | #
94 | # LICENSE
95 | #
96 | # Copyright (c) 2014, 2015 Philip Withnall
97 | # Copyright (c) 2015 David King
98 | #
99 | # Copying and distribution of this file, with or without modification, are
100 | # permitted in any medium without royalty provided the copyright notice
101 | # and this notice are preserved. This file is offered as-is, without any
102 | # warranty.
103 |
104 | #serial 13
105 |
106 | # _AX_COMPILER_FLAGS_LANG([LANGNAME])
107 | m4_defun([_AX_COMPILER_FLAGS_LANG],
108 | [m4_ifdef([_AX_COMPILER_FLAGS_LANG_]$1[_enabled], [],
109 | [m4_define([_AX_COMPILER_FLAGS_LANG_]$1[_enabled], [])dnl
110 | AX_REQUIRE_DEFINED([AX_COMPILER_FLAGS_]$1[FLAGS])])dnl
111 | ])
112 |
113 | AC_DEFUN([AX_COMPILER_FLAGS],[
114 | # C support is enabled by default.
115 | _AX_COMPILER_FLAGS_LANG([C])
116 | # Only enable C++ support if AC_PROG_CXX is called. The redefinition of
117 | # AC_PROG_CXX is so that a fatal error is emitted if this macro is called
118 | # before AC_PROG_CXX, which would otherwise cause no C++ warnings to be
119 | # checked.
120 | AC_PROVIDE_IFELSE([AC_PROG_CXX],
121 | [_AX_COMPILER_FLAGS_LANG([CXX])],
122 | [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AX_COMPILER_FLAGS_LANG([CXX])])])
123 | AX_REQUIRE_DEFINED([AX_COMPILER_FLAGS_LDFLAGS])
124 |
125 | # Default value for IS-RELEASE is $ax_is_release
126 | ax_compiler_flags_is_release=m4_tolower(m4_normalize(ifelse([$3],,
127 | [$ax_is_release],
128 | [$3])))
129 |
130 | AC_ARG_ENABLE([compile-warnings],
131 | AS_HELP_STRING([--enable-compile-warnings=@<:@no/yes/error@:>@],
132 | [Enable compiler warnings and errors]),,
133 | [AS_IF([test "$ax_compiler_flags_is_release" = "yes"],
134 | [enable_compile_warnings="yes"],
135 | [enable_compile_warnings="error"])])
136 | AC_ARG_ENABLE([Werror],
137 | AS_HELP_STRING([--disable-Werror],
138 | [Unconditionally make all compiler warnings non-fatal]),,
139 | [enable_Werror=maybe])
140 |
141 | # Return the user's chosen warning level
142 | AS_IF([test "$enable_Werror" = "no" -a \
143 | "$enable_compile_warnings" = "error"],[
144 | enable_compile_warnings="yes"
145 | ])
146 |
147 | ax_enable_compile_warnings=$enable_compile_warnings
148 |
149 | AX_COMPILER_FLAGS_CFLAGS([$1],[$ax_compiler_flags_is_release],
150 | [$4],[$5 $6 $7 $8])
151 | m4_ifdef([_AX_COMPILER_FLAGS_LANG_CXX_enabled],
152 | [AX_COMPILER_FLAGS_CXXFLAGS([WARN_CXXFLAGS],
153 | [$ax_compiler_flags_is_release],
154 | [$4],[$5 $6 $7 $8])])
155 | AX_COMPILER_FLAGS_LDFLAGS([$2],[$ax_compiler_flags_is_release],
156 | [$9],[$10 $11 $12 $13])
157 | AX_COMPILER_FLAGS_GIR([WARN_SCANNERFLAGS],[$ax_compiler_flags_is_release])
158 | ])dnl AX_COMPILER_FLAGS
159 |
--------------------------------------------------------------------------------
/ChangeLog:
--------------------------------------------------------------------------------
1 | 13/04/17 - op 1.34
2 | ==================
3 | * port to RHEL 7
4 | * https://travis-ci.org/
5 |
6 | 16/04/16 - op 1.33
7 | ==================
8 | * code auditing using flawfinder, cppcheck, cpplint.py and scan-build.
9 | * Replaced strcpy/strcat by strlcpy/strlcat which are also provided if missing.
10 | * Provided v/snprintf if missing.
11 | * Replaced atoi by strtolong (util.c), atov still provided but unused.
12 | * contrib dir added for various building and packaging architectures
13 | (aix, hp-ux, linux, solaris). results goes to build and packages dirs.
14 | * autoconf-archive macros added to m4 dir to enhance autotools configuration
15 | such as compiler flags for hardening building.
16 | * automake scripts moves to build-aux dir.
17 | * Replaced v8 regexp by POSIX regex if possible.
18 |
19 | 08/12/05 - op 1.32
20 | ==================
21 |
22 | * Added rpl_malloc/rpl_realloc so that systems with dodgy implementations
23 | will link. This fixes compilation on HPUX, for example.
24 | * If a 'help' parameter does not exist, use the actual command to be run for
25 | the help.
26 | * Added detection for openlog() returning void.
27 |
28 | 01/09/05 - op 1.31
29 | ==================
30 |
31 | The biggest change is the move to the autotools.
32 |
33 | Broken down changes.
34 |
35 | * Trailing args are now expanded from the last numbered argument encountered.
36 | eg. with {{{/bin/echo $1 $*}}}, the {{{$*}}} will expand to arguments 2 and on.
37 | * Fixed usage of snprintf.
38 | * Renamed fowner to fowners to be more consistent with the rest of the op commands.
39 | * Fixed long standing bug where the incorrect user is reported in the logs.
40 | * Added fperms and fowner constraints thanks to Pierre.
41 | * Logging beautification.
42 | * More automake/autoconf additions and cleanup.
43 | * Cleaned up ChangeLog, README, AUTHORS and NEWS.
44 | * Added man page.
45 | * Merged autoconf branch into trunk.
46 | * Fixed build errors on AIX reported by Pierre.
47 | * {{{make clean}}} cleans up {{{lex.c}}}.
48 | * Some configure fixes for crypt and pam fallback.
49 | * Added --with-shadow.
50 | * Added patch from Pierre that automatically reduces commands in the form "op
51 | /bin/ksh" to "op ksh" if the target is a valid executable. Convenience only.
52 | * Added a log prettification patch from Pierre. Also removed "=>" as it was
53 | ugly. This may break log parsers.
54 | * Added xauth support back in with {{{--enable-xauth=}}}.
55 |
56 |
57 | 27/05/05 - op 1.30
58 | ==================
59 | Fixed use of DEFAULT section, closes #5. Quite a pain in the arse actually.
60 |
61 | Environment variables can now be propagated into child environments even when
62 | "environment" is specified. This will override any existing variables.
63 |
64 | Now using vsnprintf rather than snprintf. Correspondingly, changed preprocessor
65 | define which may mean build scripts need to be changed.
66 |
67 | Added an INSTALL file documenting the usual installation instructions.
68 |
69 | Default to using Flex, as Lex has internal constraints.
70 |
71 | Added default op.pam which is now installed if /etc/pam.d exists.
72 |
73 | Added patches by Pierre fixing strnprintf issues and a wildcard constraint bug.
74 | Thanks Pierre.
75 |
76 | 08/04/05 - op 1.29
77 | ==================
78 | Added -l argument which lists available commands.
79 |
80 | Also added a {{{help=""}}} option which defines the help string displayed
81 | by -l.
82 |
83 | Cleaned up the code a bit, adding some basic dynamic array functions instead of
84 | replicating the code across multiple areas.
85 |
86 | Closes #4
87 |
88 | 07/04/05 - op 1.27/1.28
89 | ==================
90 | Added ''nolog'' option which suppresses informational logs. Useful for
91 | automated jobs to prevent log spam.
92 |
93 | Configuration files in /etc/op.d are now lexically sorted. This allows
94 | variables in configuration files to be used deterministically. Commands
95 | can also be overridden in this fashion.
96 |
97 | 07/04/05 - op 1.26
98 | ==================
99 | op will now read all config files in /etc/op.d with a .conf extension. This is
100 | a clean way of adding extra commands without having to manipulate op.conf.
101 | op.conf does not have to be present at all. Useful for dropping in op config
102 | with other packages or when adding config to systems in bulk. Thanks to Kyle
103 | Hyland for this idea.
104 |
105 | Also made error reporting a bit smarter when config files are missing or have
106 | incorrect permissions.
107 |
108 | 06/07/04 - op 1.24
109 | ==================
110 | The xauth directive can now be given a target user, into whose environment the
111 | X authentication information is imported.
112 |
113 | 04/05/04 - op 1.23
114 | ==================
115 | The xauth modifier now updates $XAUTHORITY in the child environment.
116 | Fixed a bug when setting the GID explicitly.
117 |
118 | 03/05/04 - op 1.22
119 | ==================
120 | Added xauth support. This allows the X authority for the current display to be
121 | exported to the destination users X authority database. eg.
122 |
123 | shell /bin/su -; users=athomas $TERM xauth password
124 |
125 | To enable xauth support, the preprocessor macro XAUTH must be defined as
126 | a string pointing to the FULL PATH to the xauth binary.
127 |
128 | 23/04/04 - op 1.21
129 | ==================
130 | Added netgroup support. eg.
131 |
132 | shell /bin/su -; netgroup=op-shell environment
133 |
134 | This is very useful in conjunction with either LDAP or NIS based netgroups.
135 |
136 | 02/02/04 - op 1.20
137 | ==================
138 | Fixed a fairly major bug whereby blocked signals were not restored to their
139 | original state upon execv'ing the child process.
140 |
141 | Changed version number scheme to match the original op versions, and bumped up
142 | to 1.20. This is part of a collaborative effort between myself and Steve
143 | Simmons, who is going to add Kerberos support to op in the near future. Welcome
144 | Steve.
145 |
146 | 27/01/04 - op 1.1.10
147 | ====================
148 | Applied some of the FreeBSD patches, thanks to Cyrille Lefevre (the previous
149 | FreeBSD port maintainer) for pointing me to these.
150 | Patched a potential buffer overflow, again, picked up by Cyrille.
151 | Added lots of checks for allocation failures.
152 | Added constraints to as many uses of strcpy/strcat as I could find.
153 | Added constraint on number of simultaneous groups a user can be in.
154 |
155 | 24/01/04 - op 1.1.9
156 | ===================
157 | Trapping signals (SIGINT, etc.) so that a failed authentication attempt can not
158 | be broken out of.
159 |
160 | 06/11/03 - op 1.1.8
161 | ===================
162 | Fixed a fairly substantial bug where command arguments with multiple variables
163 | were not being expanded at all.
164 |
165 | 28/10/03 - op 1.1.7
166 | ===================
167 | Logging now uses auth.level, and level is actually useful.
168 |
169 | 22/07/03 - op 1.1.6
170 | ===================
171 | Added PAM support.
172 |
173 | April 17th 2003 - op 1.1.5
174 | ==========================
175 | Added extensive logging to op. All logging is sent to syslog as auth.notice.
176 |
177 | April 16th 2003 - op 1.1.4
178 | ==========================
179 | Added basic quoted argument passing to exec commands. This allows for complex
180 | shell scripts:
181 |
182 | inetd /bin/sh -c '
183 | case $1 in
184 | on) /usr/sbin/inetd -s ;;
185 | off) /usr/bin/pkill inetd ;;
186 | esac
187 | ';
188 | users=ROOTUSERS
189 | $1=on|off
190 |
191 | April 10th 2003 - op 1.1.3
192 | ==========================
193 | Added a max length arugment to GetField to help prevent buffer overflows.
194 | Regular expressions always have ^ prepended and $ appended so that if you put
195 | 'a' in an rx field it will not match any string with an 'a'. Old behaviour can
196 | be emulated with '.*a.*'.
197 | Added expiration support to users (user[@host][/expiry]).
198 |
199 | September 13th 2002 - op 1.1.2
200 | ==============================
201 | Added user@host and group@host based access as well as variable expansion.
202 | Changed SHADOW to USE_SHADOW so it doesn't conflict with system defines.
203 |
204 | November 22nd 1997 - op 1.1.1
205 | ===============================
206 | Break shadow support out from Solaris support. Added SHADOW symbol to the
207 | build. It works on Linux 2.0.30. Presumably it still works on Solaris. 8)
208 |
209 | Cleaned up logging code. It was an uncomfortable mess. Slimmed it down some.
210 |
211 | Historical ChangeLog entries below
212 | ==================================
213 | Dave Koblas added the keyword "password" to the list of options
214 | accepted by op. This requires the user to supply op with a password
215 | before executing the command. The password can be specified in the
216 | op.access file (with "password=") or the user's personal password may
217 | be required.
218 |
219 | Howard Owen added the keyword "securid" to the list of options
220 | accepted by op. This functions similarly to the "password" option,
221 | requiring the user to supply op with his or her current SecurID code before
222 | executing the command. If op is compiled without SecurID support, use
223 | of this option in op.access will result in an error message and a
224 | refusal to execute the corresponding command.
225 |
--------------------------------------------------------------------------------
/contrib/aix43/bos.adt.insttools/usr/lpp/bos/README.MKINSTALLP:
--------------------------------------------------------------------------------
1 | mkinstallp README
2 |
3 | Description
4 |
5 | The mkinstallp command is a tool that allows users to create their own
6 | software packages for AIX. Packages created with mkinstallp are in installp
7 | format and can be installed or removed with the installp command.
8 |
9 | Files to be packaged by mkinstallp must be in a directory structure such
10 | that the location of the file relative to the root build directory is the
11 | same as the destination of the file after installation. For example, if
12 | /usr/bin/ is to be installed via a mkinstallp package,
13 | the file /usr/bin/ must exist when mkinstallp
14 | is invoked.
15 |
16 | Once the contents of a package are in the correct directory structure,
17 | mkinstallp prompts for basic package data via the command line interface.
18 | This data includes the package name, requisites, descriptions of files to
19 | be packaged, etc. mkinstallp will then generate a template file based on
20 | responses given by the user. Template files can be created and/or edited
21 | directly by the user and passed to the mkinstallp command with the -T flag
22 | to avoid command line prompting. A subdirectory of the root build directory,
23 | /.info, will be created for mkinstallp to save the template file
24 | and other packaging and configuration files.
25 |
26 | Command Syntax
27 |
28 | mkinstallp [ -d BaseDirectory ] [ -T TemplateFile ]
29 |
30 | Flags
31 |
32 | -d BaseDirectory Specifies the root build directory containing the files
33 | to be packaged. If omitted, the current working directory is used.
34 |
35 | -T TemplateFile Specifies the full path name of the template file to be
36 | passed to mkinstallp. If omitted, mkinstallp will prompt for package
37 | information and create a new template file based on user responses.
38 |
39 | Examples
40 |
41 | The following examples show the directory structure and template file for a
42 | variety of packaging scenarios. The root build directory for the following
43 | examples is /tmp/packages. A list of template keywords is defined after
44 | example 4.
45 | There may be additional supported template keywords. To see them, run
46 | mkinstallp without -T, say yes to every request for a file and look at the
47 | resulting template file.
48 |
49 | Ex 1: PkgA - single fileset with no requisites and no ROOT part
50 | Ex 2: PkgB - single fileset with one prerequisite and ROOT part
51 | Ex 3: PkgC - single fileset with License agreement required
52 | Ex 4: PkgD - multiple filesets, one using requisite filename
53 |
54 |
55 | Ex 1: PkgA - single fileset with no requisites
56 | ----------------------------------------------
57 | Directory Structure:
58 |
59 | /tmp/packages
60 | /tmp/packages/usr/doc/PkgA/README
61 | /tmp/packages/usr/PkgA/bin/acommand
62 |
63 |
64 | Template File:
65 |
66 | Package Name: PkgA
67 | Package VRMF: 1.0.0.0
68 | Update: N
69 | Fileset
70 | Fileset Name: PkgA.rte
71 | Fileset VRMF: 1.0.0.0
72 | Fileset Description: My runtime fileset
73 | Bosboot required: N
74 | License agreement acceptance required: N
75 | Include license files in this package: N
76 | Requisites:
77 | USRFiles
78 | /usr/doc/PkgA
79 | /usr/doc/PkgA/README
80 | /usr/PkgA
81 | /usr/PkgA/bin
82 | /usr/PkgA/bin/acommand
83 | EOUSRFiles
84 | ROOT Part: N
85 | ROOTFiles
86 | EOROOTFiles
87 | EOFileset
88 |
89 |
90 | Ex 2: PkgB - single fileset with one prerequisite and ROOT part
91 | ---------------------------------------------------------------
92 | Directory Structure:
93 |
94 | /tmp/packages
95 | /tmp/packages/etc/PkgB/a.cfg
96 | /tmp/packages/usr/doc/PkgB/README
97 | /tmp/packages/usr/PkgB/bin/bcommand
98 |
99 |
100 | Template File:
101 |
102 | Package Name: PkgB
103 | Package VRMF: 1.1.0.0
104 | Update: N
105 | Fileset
106 | Fileset Name: PkgB.rte
107 | Fileset VRMF: 1.1.0.0
108 | Fileset Description: My runtime fileset
109 | Bosboot required: N
110 | License agreement acceptance required: N
111 | Include license files in this package: N
112 | Requisites: *prereq PkgA.rte 1.0.0.0;
113 | USRFiles
114 | /usr/doc/PkgB
115 | /usr/doc/PkgB/README
116 | /usr/PkgB
117 | /usr/PkgB/bin
118 | /usr/PkgB/bin/bcommand
119 | EOUSRFiles
120 | ROOT Part: Y
121 | ROOTFiles
122 | /etc/PkgB
123 | /etc/PkgB/a.cfg
124 | EOROOTFiles
125 | EOFileset
126 |
127 |
128 | Ex 3: PkgC - single fileset with License agreement
129 | --------------------------------------------------
130 | Directory Structure:
131 |
132 | /tmp/packages
133 | /tmp/packages/usr/doc/PkgC/README
134 | /tmp/packages/usr/PkgC/bin/ccommand
135 |
136 |
137 | Template File:
138 |
139 | Package Name: PkgC
140 | Package VRMF: 1.0.1.0
141 | Update: N
142 | Fileset
143 | Fileset Name: PkgC.rte
144 | Fileset VRMF: 1.0.1.0
145 | Fileset Description: My runtime fileset
146 | Bosboot required: N
147 | License agreement acceptance required: Y
148 | Name of license agreement: LAR/usr/swlag/%L/LUM.la
149 | Include license files in this package: N
150 | Requisites:
151 | USRFiles
152 | /usr/doc/PkgC
153 | /usr/doc/PkgC/README
154 | /usr/PkgC
155 | /usr/PkgC/bin
156 | /usr/PkgC/bin/ccommand
157 | EOUSRFiles
158 | ROOT Part: N
159 | ROOTFiles
160 | EOROOTFiles
161 | EOFileset
162 |
163 |
164 | Ex 4: PkgD - multiple filesets, one with requisite file
165 | -------------------------------------------------------
166 | Directory Structure:
167 |
168 | /tmp/packages
169 | /tmp/packages/etc/PkgD/a.cfg
170 | /tmp/packages/usr/doc/PkgD/README
171 | /tmp/packages/usr/PkgD/bin/acommand
172 | /tmp/packages/usr/PkgD/bin/bcommand
173 |
174 |
175 | Template File:
176 |
177 | Package Name: PkgD
178 | Package VRMF: 1.2.0.0
179 | Update: N
180 | Fileset
181 | Fileset Name: PkgD.rte
182 | Fileset VRMF: 1.2.0.0
183 | Fileset Description: My runtime fileset
184 | Bosboot required: N
185 | License agreement acceptance required: N
186 | Include license files in this package: N
187 | Requisites: /pkgdata/pkgD.rte/requisites
188 | USRFiles
189 | /usr/doc/PkgD
190 | /usr/doc/PkgD/README
191 | /usr/PkgD
192 | /usr/PkgD/bin
193 | /usr/PkgD/bin/acommand
194 | EOUSRFiles
195 | ROOT Part: Y
196 | ROOTFiles
197 | /etc/PkgD
198 | /etc/PkgD/a.cfg
199 | EOROOTFiles
200 | EOFileset
201 | Fileset
202 | Fileset Name: PkgD.data
203 | Fileset VRMF: 1.2.0.0
204 | Fileset Description: My data fileset
205 | Bosboot required: N
206 | License agreement acceptance required: N
207 | Include license files in this package: N
208 | Requisites:
209 | USRFiles
210 | /usr/PkgD
211 | /usr/PkgD/bin
212 | /usr/PkgD/bin/bcommand
213 | EOUSRFiles
214 | ROOT Part: N
215 | ROOTFiles
216 | EOROOTFiles
217 | EOFileset
218 |
219 |
220 | Template File Keywords
221 |
222 | Keywords with a * are required, and will cause mkinstallp to fail if left blank or
223 | omitted in the template file.
224 |
225 | Package Name *- Name of the package
226 | Package VRMF *- Version, Release, Modification, and Fix level of the package
227 | Update *- Is this an update package?
228 | Fileset *- Start of a new Fileset
229 | Fileset Name *- Name of the fileset
230 | Fileset VRMF *- VRMF of the fileset
231 | Fileset Description *- Description of the fileset
232 | Bosboot required *- Is a bosboot required when installing this fileset?
233 | License agreement acceptance required *- Is license agreement acceptance required
234 | for this filesest?
235 | Name of license agreement - Name of the license agreement (see Note 1)
236 | Include license files in this package *- Are the license files included in this
237 | package?
238 | License file path - Path of the license file(s) (see Note 2)
239 | Requisites - co/if/inst/pre-requistes for the fileset (see Note 3)
240 | USRFiles *- Start of the USR part files section
241 | /path/to/file - File path (see Note 4)
242 | EOUSRFiles *- End of the USR part files section
243 | ROOT Part *- Is there a ROOT part included in this fileset?
244 | ROOTFiles *- Start of the ROOT part files section
245 | /path/to/file - File path (see Note 4)
246 | EOROOTFiles *- End of the ROOT part files section
247 | EOFileset *- End of the Fileset
248 |
249 | Note 1: The Name of license agreement is defined as LAR/path/to/license/agreement.
250 | The %L tag can be used in place of a hard coded path to represent the locale
251 | of the machine that the package will be installed on. For example, if PkgC
252 | is installed in the en_US locale, %L will be converted to en_US.
253 |
254 | Note 2: A License file path is defined as LAF/path/to/license/file. A conditional
255 | License file path is defined as LAF/path/to/license/file, where lc_LC
256 | is the locale which is associated with the license file. An example conditional
257 | License file path is LAF/usr/swlag/en_US/prod.la. Either type of path
258 | may be specified or both types. Multiple license file paths are separated by
259 | semicolons.
260 |
261 | Note 3: Requisites are defined as *Type Name VRMF;. Type may be coreq, ifreq, instreq,
262 | or prereq. Multiple requisites are separated by semicolons.
263 | Requisites may also be an absolute pathname of a file specifying multiple or
264 | complex requisites.
265 |
266 | Note 4: The full path name for each file in the fileset must be listed in the files
267 | section. Any custom directories should also be listed in this section. For
268 | example, to package /usr/PkgA/myFile, list both /usr/PkgA and /usr/PkgA/myFile in the
269 | files section. Each entity in the final package will have the same attributes
270 | (owner/group/permissions) that it had at build time. The user must ensure
271 | that file attributes in the buildroot are correct prior to running mkinstallp.
272 |
--------------------------------------------------------------------------------
/op.1:
--------------------------------------------------------------------------------
1 | .TH OP 1
2 | .UC 4
3 | .SH NAME
4 | op \- operator access
5 | .SH SYNOPSIS
6 | .B op
7 | mnemonic [arg]
8 | .SH DESCRIPTION
9 | The
10 | .I op
11 | tool provides a flexible means for system administrators to grant
12 | trusted users access to certain
13 | .B root
14 | operations without having to give them full superuser privileges.
15 | Different sets of users may access different operations, and the
16 | security-related aspects of environment of each
17 | operation can be carefully controlled.
18 | .SH OPTIONS
19 | .TP
20 | .B -V
21 | Show version number.
22 | .TP
23 | .B -l
24 | List available commands. Note that this will only display commands you are
25 | permitted to run.
26 | .SH CONFIGURATION
27 | .PP
28 | Configuration entries are read from
29 | .B /etc/op.conf
30 | and all files in lexical order from
31 | .B /etc/op.d
32 | with the extension
33 | .B .conf.
34 | Files must be owned by
35 | .I root
36 | and not have
37 | .I group
38 | or
39 | .I other
40 | permissions set.
41 | .PP
42 | The fields of the entries in the configuration files are separated by white
43 | space. Each entry may span several lines and continues until the next
44 | alphanumeric string is found at the beginning of a lines (which is taken to be
45 | the next
46 | .I mnemonic or variable definition,
47 | and thus the beginning of a new entry). Comments may be embedded
48 | beginning with a # character. Each entry in the configuration files has the
49 | following form:
50 | .RS
51 | .DT
52 | .PP
53 | \fImnemonic command \fR[\fI arg ... \fR]\fI ; \fR[\fI option ... \fR]
54 | .RE
55 | or
56 | .RS
57 | .DT
58 | var=value
59 | .PP
60 | .RE
61 | where the fields are interpreted in the following manner:
62 | .TP
63 | .I var
64 | a variable name, which must be an upper case alphanumeric identifier.
65 | Variables are expanded when reading options.
66 | .TP
67 | .I value
68 | the remainder of the line is taken to be the value of the variable.
69 | .TP
70 | .I mnemonic
71 | a unique, alphanumeric identifier for each operator function.
72 | .TP
73 | .I command
74 | the full pathname of the executable to be run by
75 | .I op
76 | when the associated
77 | .I mnemonic
78 | is chosen.
79 | .TP
80 | .I arg(s)
81 | any arguments, either literal or variable, needed by
82 | .I command.
83 | Literal arguments are simply specified directly, like specific command
84 | options (\fB0Gun\fR) or files (\fB/dev/rmt20\fR). Variable arguments
85 | are specified here as \fB$1, $2 ... $\fR\fIn\fR; these are described
86 | more fully in the options section below. \fB$*\fR indicates any number
87 | trailing arguments.
88 | .TP
89 | .I option(s)
90 | a set of optional parameters to specify settings or restoring for the
91 | particular
92 | .I mnemonic,
93 | define variable arguments specified for the
94 | .I command,
95 | space and are of the form
96 | .I keyword=value.
97 | The absence of a specific list of values separated by commas, where
98 | appropriate.
99 | There should be no white space in each element of the
100 | .I value
101 | string unless quoted. The
102 | .I keyword
103 | is any of the following types:
104 | .TP
105 | .B uid
106 | Set the user id to the value specified. The value can be numeric user
107 | ID or a login name. The default is
108 | .B root.
109 | .TP
110 | .B gid
111 | Set the group id's to the values specified. Each value can be a numeric
112 | group ID or a group name.
113 | .TP
114 | .B dir
115 | Change the current working directory to the path specified.
116 | .TP
117 | .B chroot
118 | Change the root directory to the path specified using
119 | .I chroot.
120 | .TP
121 | .B umask
122 | Set the file creation umask to the octal value specified. The default
123 | is to set it to
124 | .B 022.
125 | .TP
126 | .B groups
127 | Allow any user who belongs to a group listed here to execute this
128 | .I op
129 | function. The default is not to allow any specific group. Note that the user
130 | and group strings are always treated as regular expressions, meaning the user
131 | name 'a' will match *any* user with the letter A in their name. In addition,
132 | group@hostname can be used to explicitly allow access only on specific hosts.
133 |
134 | .TP
135 | .B users
136 | Allow any user listed here to execute this
137 | .I op
138 | function. The default is to not allow any specific users. You may use
139 | the regular expression .* to indicate that all users may use this
140 | mnemonic. User expressions are in the form [@][/] where
141 | is a regular expression matched against the current system user,
142 | is a regular expression matched against the systems hostname and is a
143 | time in the form YYYYMMDD[hh[mm]] when that users access to the command
144 | expires.
145 | .TP
146 | .B netgroups
147 | Allow any user who belongs to a netgroup listed here to execute this
148 | .I op
149 | function. The default is not to allow any specific netgroup.
150 |
151 | .TP
152 | .B password
153 | Queries the user for a password. If there is an = part the value is the crypted
154 | password required, otherwise the users own password is asked.
155 | .TP
156 | .B securid
157 | Queries the user for SecureID PIN and code. If op has been compiled
158 | without SecurID support, this option will cause the command to fail
159 | with an error message.
160 | .TP
161 | .BI $VAR
162 | where
163 | .I VAR
164 | is the name of an environment variable. The specified environment
165 | case, simply using
166 | .I $VAR with no = part (as in
167 | .B $USER)
168 | means that this environment variable is inherited unchanged from
169 | the caller's shell. If the $VAR is an assignment the environment variable
170 | is set to the specified value in the new environment.
171 | .TP
172 | .B environment
173 | Disables the destruction of the users environment.
174 | .TP
175 | .B help
176 | Define help for this mnemonic. Defaults to the full command.
177 | .I op -l
178 | will display this help when it lists the available commands. eg.
179 | .I help="This is some help"
180 | .TP
181 | .B nolog
182 | Disables informational logging per command. Useful for cron jobs to avoid
183 | spamming the logs. Note that authentication failures and other errors will
184 | still be logged.
185 | .TP
186 | .B fowners
187 | Specifies the owner and group of the target command executable as a list of
188 | regular expression in the form
189 | .I user:group
190 | If the executables ownership does not match, the command will not be executed.
191 | .TP
192 | .B fperms
193 | As with
194 | .I fowners
195 | but matches against the octal permissions of the executable.
196 | .TP
197 | .B xauth
198 | Attempt to propagate the X authority entry for the current display to the new
199 | users X authority file. The DISPLAY environment variable is also propagated to
200 | the new environment. The destination user is determined by first using the user
201 | specified after xauth=..., then the user specified by uid=... then finally the
202 | root user is used.
203 | .TP
204 | .B $n
205 | defines the \fIn\fRth variable argument specified in the command
206 | .I arg
207 | list. The value for this type may be a comma-separated list of regular
208 | expressions using \fIegrep\fR(1). option defines the range of values
209 | allowed for the variable arguments A variable argument specified as a
210 | command
211 | .I arg
212 | but not described in the
213 | .I options
214 | section may take on any value. If an argument does not match any
215 | of its permitted values, then a diagnostic is printed and the
216 | command is not executed. When using '(' syntax to pass values
217 | to other options, only the next options can use values from
218 | the previous search.
219 | .TP
220 | .B $*
221 | is used in the
222 | .I options
223 | section to place restriction on the trailing arguments
224 | specified as $* in the
225 | .I args
226 | section. If any of these (possibly many) arguments do not match, then
227 | a diagnostic is printed, and the command is not executed.
228 | .PP
229 | There can also be a special entry in the file beginning at the first
230 | non-comment line
231 | that can define default values to override the builtin defaults listed
232 | here, yet still be overridden by any entry that wants to redefine any of
233 | the keyword fields described above. It should have the following format:
234 | .RS
235 | .DT
236 | \fBDEFAULT\fR \fIkeyword_option\fR
237 | .RE
238 | where \fIkeyword_option\fR is a \fIkeyword=value\fR string mentioned above
239 | under \fIoptions\fR.
240 | .PP
241 | It should be noted that if any regular
242 | .I mnemonic
243 | entry defines its own
244 | .I option,
245 | the value given for that entry must explicitly include the item from the
246 | DEFAULT line if the default values is to be included. That is, the
247 | .I options
248 | definitions completely override any
249 | defaults; they do not add to them In this way, if a value specified on
250 | the DEFAULT line for
251 | .B users
252 | or
253 | .B groups
254 | (for example) needs to be "erased" without redefining new values
255 | (that is, we want no users or groups to be allowed to run the mnemonic),
256 | then the default value must be overridden with nothing (as in
257 | \fBusers=\fR). For the
258 | .B users
259 | or
260 | .B groups
261 | fields, such a null setting has the effect of setting the list of
262 | allowable users or groups to be empty. For the other keywords (\fR
263 | uid, gid, dir, chroot, \fRand\fB umask\fR), a null setting leaves that
264 | attribute as it is upon invocation of the
265 | .I op
266 | program, overriding any defaults.
267 | .PP
268 | Another note is that if the
269 | .I command
270 | for a
271 | .I mnemonic
272 | is
273 | .B MAGIC_SHELL
274 | then a shell (using the users $SHELL environment variable) is created,
275 | if there are arguments in addition to the
276 | .I mnemonic
277 | on the command line then the shell is invoked "-c args".
278 | .SH EXAMPLES
279 | .PP
280 | Example /etc/op.conf:
281 | .RS
282 | .PP
283 | # Define some users
284 | .br
285 | OPERATORS=(fred|barry)
286 | .br
287 | # Define hosts that Fred is restricted to
288 | .br
289 | FRED_HOSTS=(alpha|beta)
290 | .br
291 | # Define hosts that Barry is restricted to
292 | .br
293 | BARRY_HOSTS=(theta|gamma)
294 | .br
295 | # Define user/host access list
296 | .br
297 | ACCESS_LIST=fred@FRED_HOSTS|barry@BARRY_HOSTS
298 | .PP
299 | .br
300 | # 'op shell' - gives user a root shell
301 | .br
302 | shell
303 | .br
304 | /bin/su -;
305 | .br
306 | users=ACCESS_LIST
307 | .br
308 | environment
309 | .br
310 | password
311 | .br
312 | help="Root shell"
313 | .PP
314 | .br
315 | # 'op reboot' - reboot system
316 | .br
317 | reboot
318 | .br
319 | /sbin/reboot;
320 | .br
321 | users=ACCESS_LIST
322 | .br
323 | password
324 | .br
325 | help="Reboot system"
326 | .PP
327 | # 'op shutdown