isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,314 Commits 1 Branch 0 Tags
003f9550f175f0dff7ca437ee59b5c5bc1f4b36c
Commit Graph

11314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
b506497fe4 Fix pasto in gmtime_r and localtime_r macros. 
Also add missing Makefile targets for them.
 2021-10-31 09:01:18 -06:00
Todd C. Miller
dcd2199f79 Take daylight saving time into consideration when computing offset. 
Otherwise, the resulting time may be off by and hour, depending on
whether DST is currently active compared to the target time.
 2021-10-31 08:42:49 -06:00
Todd C. Miller
12c8dba4ca Back out f2d82771e7dd, arm64e on macOS is still in preview state. 
Until arm64e on macOS is finalized, continue to build arm64 packages.
 2021-10-29 13:03:36 -06:00
Todd C. Miller
491aee866b Build arm64e ABI binaries on macOS 11 and above. 
We originally used arm64 here but the correct ABI is arm64e.
The arm64 arch will be removed in a future release.
 2021-10-27 09:51:09 -06:00
Todd C. Miller
7c4c61be0f Use iolog_openat() when opening the log.json file in the I/O log dir. 2021-10-27 07:45:22 -06:00
Todd C. Miller
ed13faf9f6 Use BIO_new_file() not BIO_new_fd() to read dhparams file. 
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h and openssl/dh.h for wolfSSL.
 2021-10-26 19:26:20 -06:00
Todd C. Miller
fc5fa1bbd4 wolfSSL not WolfSSL 2021-10-26 19:00:16 -06:00
Todd C. Miller
77048c1193 Add wolfSSL variant to continuous integration tests. 2021-10-26 18:57:49 -06:00
Todd C. Miller
21c240d809 Add libwolfssl-dev to Debian and Ubuntu Dockerfiles 
Fedora does not appear to have an official wolfssl package.
 2021-10-26 11:05:04 -06:00
Todd C. Miller
094f4dac58 White space in an include file path supported by sudo 1.9.1 or higher. 2021-10-26 08:09:33 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
465bfbba72 regenerate dependencies 2021-10-25 12:32:02 -06:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
1dbf95645d Add pkg-config to all Dockerfile 2021-10-25 12:21:50 -06:00
Todd C. Miller
8a9c8794d0 Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not X509_FILETYPE_PEM 
While they are defined to the same value in OpenSSL one should not
rely on this.
 2021-10-24 14:47:49 -06:00
Todd C. Miller
a808f8e7e5 Fix setting _PATH_ASAN_LIB, need to double up the square brackets. 2021-10-23 15:27:20 -06:00
Todd C. Miller
e73e9d5e47 sudo_sendlog: send runenv, rungid and runuid from log.json too 
With this change, sudo_sendlog can now round-trip sudo-style I/O
logs that use the newer log.json format without losing any information.
 2021-10-23 09:04:26 -06:00
Todd C. Miller
ef3eb25a1b arc4random: need to include sys/random.h on Solaris too. 
This was removed when Linux genentropy() was disabled.
 2021-10-22 10:44:34 -06:00
Todd C. Miller
88c577171e Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. 2021-10-21 19:53:48 -06:00
Todd C. Miller
00f0c233b2 Only include log_client.h if SUDOERS_LOG_CLIENT is defined. 2021-10-21 19:46:35 -06:00
Todd C. Miller
cf47187eb5 Merge pull request #118 from larb0b/main 
Define MAP_FAILED where relevant if undefined
 2021-10-21 18:49:22 -06:00
Larkin Nickle
07bdfeedb8 Define MAP_FAILED where relevant if undefined 
On systems such as HP-UX 10.20, MAP_FAILED is not
defined.
 2021-10-21 19:16:28 -04:00
Todd C. Miller
cccefb962b Improve macOS version detection to support macOS 11 and simplify legacy logic 
From Jeremy Huddleston Sequoia
 2021-10-20 19:31:57 -06:00
Todd C. Miller
14873832c6 sudo_sendlog: send multiple I/O log records together if possible 
Try to fill the write buffer and then send to the server instead
of sending records one at a time.
 2021-10-20 19:16:23 -06:00
Todd C. Miller
1a26d2c883 sudo_sendlog: support multiple write buffers like sudo_logsrvd 2021-10-20 19:03:19 -06:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
de4fd4a31d Use the OpenSSL RAND_bytes() function if getrandom() fails. 2021-10-20 09:51:17 -06:00
Todd C. Miller
badd6267bd Fix compilation of standalone arc4random_buf(). 
Apparently this code was never compiled anywhere.
 2021-10-20 08:52:04 -06:00
Todd C. Miller
9dd6304940 sudo_uuid_create: no longer need a union for the uuid. 2021-10-20 07:55:35 -06:00
Todd C. Miller
803fc56bef eventlog_free: free signal_name too 2021-10-19 13:14:37 -06:00
Todd C. Miller
f49c7ac5a5 Add new log.json keywords 2021-10-19 13:13:59 -06:00
Todd C. Miller
89b53d5edd fuzz_iolog_json: initialize exit_value to -1 2021-10-19 13:13:29 -06:00
Todd C. Miller
02e77e656b Fix potential use-after-free when calling iolog_flush_all(). 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
 2021-10-19 11:57:32 -06:00
Todd C. Miller
5eebc30987 sendlog: use runargv from log.json if available 2021-10-19 09:42:48 -06:00
Todd C. Miller
a71d1f7ce6 sudo_sendlog: send exit data in eventlog if present 2021-10-19 09:42:46 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog. 
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
 2021-10-19 08:58:34 -06:00
Todd C. Miller
d415624ffc Read command run_time, signal and exit_value from I/O log log.json file. 2021-10-19 08:58:33 -06:00
Todd C. Miller
d21c935a15 Log the command run-time and exit status in the I/O log. 2021-10-19 08:50:02 -06:00
Todd C. Miller
77c339858d Handle a missing run_time in an ExitMessage. 
It is now possible to pass a NULL run_time to eventlog_exit().
 2021-10-18 15:34:48 -06:00
Todd C. Miller
f73bc6dee3 format_json: fix pasto when setting dumped_core boolean 2021-10-19 08:46:28 -06:00
Todd C. Miller
15b4427b9a No need to flush logs before commit point if we flush after each write. 
Also document that logs are flushed before sending a commit point
even when flushing is disabled.
 2021-10-16 07:58:44 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
3e4f6aa2e3 Do not treat a resume point of [0, 0] as an error. 
If the connecton is interrupted before sudo sends back a commit_point
message, resuming at [0, 0] is correct.
Also add a warning on unexpected EOF parsing the timing file.
 2021-10-15 12:24:53 -06:00
Todd C. Miller
369d21323b Display a more helpful message if the user tries to run "sudo cd". 
Since "cd" is a shell built-in command it cannot be run directly
via sudo.  The user either needs to spawn a shell via "sudo -s"
or use the -D option to run a command in a specific directory.
 2021-10-11 11:05:58 -06:00
Todd C. Miller
64e5798318 Don't install sudoers.a when configured with --enable-static-sudoers. 
We already avoid installing it when --disable-shared-util is specified.
 2021-10-11 11:04:40 -06:00
Todd C. Miller
7a56c9871e mkpkg: preserve make exit value on exit 
Fixes a problem where the exit value from mkpkg was 0 even on error.
 2021-10-10 16:14:52 -06:00
Todd C. Miller
4b7b3c05e9 Fix typos in SELinux and Solaris priv support. 2021-10-10 16:06:01 -06:00