isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,830 Commits 1 Branch 0 Tags
main
Commit Graph

577 Commits

Author SHA1 Message Date
isa
f7f0457b92 Initial realm_auth_sudo plugin commit
Some checks failed
CodeQL / Analyze (cpp) (push) Has been cancelled
Details
CodeQL / Analyze (python) (push) Has been cancelled
Details
CIFuzz / Fuzzing (push) Has been cancelled
Details
2025-02-11 23:06:36 -05:00
Todd C. Miller
f0823c70c6 Remove offensive insults that were disabled by default anyway. 
Bug #1058
 2024-03-18 09:14:15 -06:00
Todd C. Miller
bafdcc3d40 Check if ac_cv_sys_file_offset_bits is "64", not "yes" 
This is used for determining whether to set _TIME_BITS with autoconf
versions before 2.72.
 2024-02-18 07:09:10 -07:00
Todd C. Miller
00b2bd3589 Sudo 1.9.15p5 2023-12-29 14:43:39 -07:00
Todd C. Miller
ad4dc22d5a Automatically migrate lecture file path from name-based to uid-based. 
GitHub issue #342.
 2023-12-22 09:39:24 -07:00
Todd C. Miller
680352b917 Sudo 1.9.15p4 2023-12-15 10:57:24 -07:00
Todd C. Miller
c9198ef4df Sudo 1.9.15p3 2023-12-13 12:15:12 -07:00
Todd C. Miller
62895ea442 Sudo 1.9.15p2 2023-11-08 20:10:02 -07:00
Todd C. Miller
45aeeddcbe Sudo 1.9.15p1 2023-11-07 13:46:01 -07:00
Todd C. Miller
0c67456923 Sudo assumes that a uid_t can be cast to unsigned int without problems. 
Add a configure check and error out if sizeof(uid_t) > 4.
 2023-09-20 11:25:48 -06:00
Todd C. Miller
37ee2946aa sudo 1.9.15 2023-08-24 09:28:45 -06:00
Todd C. Miller
94b80e3ad4 Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED. 2023-09-19 15:16:30 -06:00
Todd C. Miller
49c7c1f4d3 Only cast TIOCSWINSZ to int on systems that might require it (AIX). 
Otherwise we end up with a -Wconversion warning on systems where
the ioctl() request argument is unsigned long.
 2023-09-15 10:26:29 -06:00
Todd C. Miller
d6d467b92e Add implementation of SSL_read_ex/SSL_write_ex for those without. 2023-08-05 10:38:02 -06:00
Todd C. Miller
0a181849a1 Add --enable-postinstall, an optional phase when building packages. 
This makes it possible to run an arbitrary script between "make
install" and the polypkg run.  This will be used to copy different
word size versions of sudo_intercept.so and sudo_noexec.so.
 2023-07-31 19:46:00 -06:00
Todd C. Miller
980e0216ac Add basic support for 32-bit and 64-bit LD_PRELOAD equivalents. 
The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specified by a colon.  For example:
/usr/libexec/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
 2023-07-31 13:46:57 -06:00
Todd C. Miller
a432aed4f0 realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX) 
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure.  Also quiet some -Wconversion
warnings.
 2023-07-10 15:52:16 -06:00
Todd C. Miller
f7801f2160 Add configure check for restrict keyword. 2023-07-07 15:06:53 -06:00
Todd C. Miller
bfb6132d9c Add configure tests for __builtin_clz/__builtin_clzl 2023-07-04 12:39:31 -06:00
Todd C. Miller
a0b074cc9c Fix undefined symbol on macOS for intercept mode and log_subcmds. 
macOS does not support direct access to the environ pointer from a
shared object.  We need to redirect through _NSGetEnviron() instead.
Fixes GitHub issue #276.
 2023-06-28 10:59:26 -06:00
Todd C. Miller
c7070b0475 sudo 1.9.14 2023-06-05 13:13:37 -06:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it. 
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
 2023-05-02 10:37:39 -06:00
Todd C. Miller
9ad6dfa371 Substitute for _PATH_SUDO* variables in pathnames.h. 
Previously these were hard-coded with Makefile overrides.
 2023-02-08 16:47:18 -07:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
65c0b5a089 Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. 2023-04-18 07:29:37 -06:00
Todd C. Miller
ae12d18ff0 Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" warnings. 
Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used.  This is added by libtool by default on macOS but we can
suppress it by passing -no-undefined to libtool.
 2023-04-14 13:02:28 -06:00
Todd C. Miller
f0f5e1b5bc Use built-in tests for bit types instead of using AC_CHECK_TYPES. 
This should be more portable as it handles the quirks of some older
systems.
 2023-03-22 15:37:12 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
0df56634c3 Sudo 1.9.13p3 2023-03-04 09:59:19 -07:00
Todd C. Miller
f4d2412628 Sudo 1.9.13p2. 2023-02-25 11:20:55 -07:00
Todd C. Miller
8bb1160624 Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary. 
We can only have one of either -lmd, -lgcrypt or -lcrypto so there
is no need to have more than one variable.
 2023-02-22 08:49:33 -07:00
Todd C. Miller
0443d14578 Add checks for realpath(3) and a version from NetBSD for those without it. 2023-02-12 13:27:17 -07:00
Todd C. Miller
440d9649a8 Move initial values into AC_SUBST() where possible. 2023-02-21 10:17:24 -07:00
Todd C. Miller
7c6f373587 No need to AC_SUBST() standard autoconf variables. 2023-02-21 09:34:49 -07:00
Todd C. Miller
b8c13bbe89 Fix indentation of intercept file in summary output. 2023-02-19 09:21:39 -07:00
Todd C. Miller
58382028aa Sudo 1.9.13p1 2023-02-16 10:17:32 -07:00
Todd C. Miller
42163ac0a9 Use m4_bmatch, m4_case does not support shell-style globbing. 2023-02-16 10:05:26 -07:00
Todd C. Miller
2feea9b2f6 Allow configure.ac to be processed by autoconf 2.69. 
AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above but it is
necessary for autoconf 2.69.
 2023-02-16 09:46:07 -07:00
Todd C. Miller
d7080afe0e Only use AC_SYS_YEAR2038 if it is defined. 
Otherwise, use the method from 1.9.12.
GitHub issue #242
 2023-02-16 07:21:05 -07:00
Todd C. Miller
defec5d46e Add missing '[' to AS_IF() call. 
Fixes GitHub issue #238.
 2023-02-14 14:24:28 -07:00
Todd C. Miller
2e1a73502e Use AS_IF instead of if; then where possible. 2023-02-05 08:06:02 -07:00
Todd C. Miller
ffb09be49d Add configure test for NSIG, _NSIG or __NSIG. 
This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may not have been included.
 2023-01-31 11:30:45 -07:00
Todd C. Miller
f65a51afdf Try to link a simple shared object with -Wl,--no-undefined. 
This only works for gcc-style compilers, which should not be a
problem.  The source uses environ (FreeBSD) and errno (OpenBSD).
 2023-01-20 12:30:33 -07:00
Todd C. Miller
7a64275a3d Don't use -Wl,--no-undefined with the sanitizers/fuzzers. 
It breaks linking when using -fsanitize with clang at least.
 2023-01-19 19:40:35 -07:00
Todd C. Miller
f7265f5de2 Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro. 2023-01-19 13:59:05 -07:00
Todd C. Miller
9ddae66818 Add support for the struct kinfo_proc on Dragonfly BSD. 2023-01-19 13:22:32 -07:00
Todd C. Miller
d409ba67c6 Elminate the $OS variable, we can just use $host_os instead. 2023-01-19 13:22:31 -07:00
Todd C. Miller
cb56fd2edb Need to link sudo and sudoers with -lutil on Dragonfly BSD. 
It is safer to just search for setusercontext() in libc and libutil
instead of matching on the operating system.
 2023-01-19 13:22:31 -07:00
Todd C. Miller
83b4cee98a Add -Wl,--no-undefined to LDFLAGS if it is supported. 
This will find missing symbols at build-time instead of run-time.
Don't use it on FreeBSD where environ is filled in by the dynamic loader.
We also need to pull in -llber with -lldap where possible (instead
of relying on DT_NEEDED) to avoid undefined symbol errors when
building with LDAP support.
 2023-01-19 07:47:10 -07:00
Todd C. Miller
73c52e731a Limit some of the hardening tests to compilers that define __GNUC__. 
This should avoid false positives on other compilers.
 2023-01-18 14:39:52 -07:00