isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,394 Commits 1 Branch 0 Tags
06035f193e77d8b1751a9c087321a2bcbea6c6be
Commit Graph

323 Commits

Author SHA1 Message Date
Todd C. Miller
f4e5b135bb Update copyright year 2016-01-20 15:40:51 -07:00
Todd C. Miller
4bcef637f8 Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using 
pread64() on that platform.
 2016-01-13 11:10:33 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
2c7ff33ea8 Explicitly mark large hex constants unsigned. 2015-09-24 11:23:02 -06:00
Todd C. Miller
edfeee6a7a No need to have version macros for hooks, callbacks and the sudoers 
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.
 2015-09-09 14:56:52 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
af47293800 Make hook_version and hook_type unsigned. 2015-09-02 08:00:27 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
540b09b32c Remove some compatibilty defines that should no longer be needed. 2015-07-02 09:07:15 -06:00
Todd C. Miller
8f9aa5af25 Need to include stddef.h to get rsize_t on Mac OS X for sudo_memset_s() 
prototype.
 2015-06-30 14:11:53 -06:00
Todd C. Miller
105f199f6b Fix build on compilers w/o __func__ or __FUNCTION__ 2015-06-30 10:41:14 -06:00
Todd C. Miller
54f9de6cce Add an error flag to the lbuf struct to simplify error checking. 
Callers of the lbuf functions now check the error flag to tell if
a memory allocation error ocurred.
 2015-06-26 15:58:04 -06:00
Todd C. Miller
a76b93e23a Use our own bitmap macros instead of borrowing the ones from select. 2015-06-23 16:37:00 -06:00
Todd C. Miller
f6627e70b0 No longer need __malloc_like 2015-06-20 16:56:57 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
4be97a6c4e Remove now-unused sudo_alloc.h and alloc.c 2015-06-17 17:00:55 -06:00
Todd C. Miller
5ce50a885c Use non-exiting allocators in libsudo_util. 2015-06-17 17:00:53 -06:00
Todd C. Miller
8d1708434f Add sudo_strsplit(), similar to strtok_r() but non-destructive and 
operates on non-C strings (requires a length parameter).
 2015-05-26 15:46:41 -06:00
Todd C. Miller
11840308c4 Fix sudo_strnlen() prototype. 2015-05-26 14:14:06 -06:00
Todd C. Miller
82286d8b7b Add strndup() for those without it. As strndup.c uses strnlen(), 
use our own if it is missing.
 2015-05-26 14:05:26 -06:00
Todd C. Miller
49d56f323e Add strnlen() replacement needed for glob.c. 
Only used if no glob() and no strnlen().
 2015-05-26 13:55:18 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
1298ea9107 Add target for "make splint". A few files need extra guards to avoid 
errors on systems where they would not otherwise be compiled.
No warnings from splint.
 2015-05-21 11:07:13 -06:00
Todd C. Miller
3595807f4e Add reallocarray() for those without it. 2015-05-14 10:13:18 -06:00
Todd C. Miller
80cb630bc0 In sudo_warn_gettext_v1() call dgettext() not gettext() to make 
sure the domain is set correctly.  The sudoers plugin uses its own
text domain.
 2015-05-12 15:58:05 -06:00
Todd C. Miller
8bc70a635c Instead of trying to make weak functions work on all platforms, 
just use a registration function for a plugin-specific setlocale
function.  The sudoers version just wraps sudoers_setlocale().
 2015-05-11 14:51:32 -06:00
Todd C. Miller
6ab5994152 Fix compilation when HAVE_DECL_SIG2STR_MAX is not defined. 2015-05-11 13:26:16 -06:00
Todd C. Miller
4ae1bdf9c3 HAVE_DECL_SIG2STR_MAX is always defined so use a !HAVE_DECL_SIG2STR_MAX 
check instead of #ifndef.
 2015-05-08 17:31:31 -06:00
Todd C. Miller
caf5d45e0f Previously, debug_return_bool was the same as debug_return_int 
except that it logged true/false for 1/0.  However, this appears
to trigger a bug in some compilers.  To avoid this, debug_return_bool
now uses bool, not int.  Callers that were passing it an int have
been converted to use debug_return_int instead.
 2015-05-07 10:33:23 -06:00
Todd C. Miller
5647736ef5 Add configure check for SIG2STR_MAX, which may be missing on UnixWare. 2015-05-07 07:34:50 -06:00
Todd C. Miller
6f8af4d26d Split variable declaration out of debug_decl into debug_decl_vars() 
so we can use it in main() when we know sudo_debug_enter() cannot
succeed.
 2015-04-22 13:30:58 -06:00
Todd C. Miller
9240018ce4 Avoid struct assignment when stashing mtime since AIX at least uses 
a struct st_timespec that differs from struct timespec.
From Andrey Klyachkin.
 2015-04-10 07:43:54 -06:00
Todd C. Miller
35dcb05a5f Fix symbol name collision with systems that have their own sha2 
implementation.  This can result in PAM using the wrong sha2
implementation on Solaris systems configured to use SHA512 for
passwords.
 2015-03-05 12:27:26 -07:00
Todd C. Miller
a7edf7d984 Remove compat/utime.h, it was only useful for ancient systems that 
are no longer capable of compiling sudo.
 2015-03-03 16:57:55 -07:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00
Todd C. Miller
5d2e9426b2 We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as 
it may be present but not implemented.  Add sudo_gettime_real() and
sudo_gettime_mono() functions to get the real and monotonic times
respectively.  Now sudo_gettime_mono() checks the value of
sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC)
and falls back on sudo_gettime_real() as needed.  The Mach version
of sudo_gettime_mono() uses mach_absolute_time().

This should fix problems with timestamp files on systems where
the CLOCK_MONOTONIC is defined but not actually implemented.
 2015-02-24 11:19:21 -07:00
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
be8dbeb22e Avoid using HOST_NAME_MAX directly and use sysconf(_SC_HOST_NAME_MAX) 
instead.
 2015-02-19 20:28:02 -07:00
Todd C. Miller
96eddddc12 Almost no systems actually define OPEN_MAX since it is dynamic on 
modern OSes.  If sysconf(_SC_OPEN_MAX) ever fails, fall back on
_POSIX_OPEN_MAX instead.  We can assume modern systems have sysconf().
Also remove checks for strrchr() and strtoll() for which the HAVE_*
defines are no longer used.
 2015-02-19 09:59:25 -07:00
Todd C. Miller
3eb9a854d8 Add check for getresuid() declaration, which may be missing on HP-UX. 
When checking for getdomainname() prototype, look in netdb.h too.
 2015-02-06 11:33:30 -07:00
Todd C. Miller
1bb633a210 Check whether getdomainname(), innetgr(), setresuid() and setresgid() 
are declared and add prototypes in sudo_compat.h as needed.
 2015-02-05 11:08:55 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
55a34e6941 Avoid inadvertantly defining things like PATH_MAX simply because 
the source file doesn't include limits.h.
 2015-01-15 17:01:30 -07:00
Todd C. Miller
237f3c9dfe Add support for GLOB_LIMIT from OpenBSD (not currently used) and 
also a limit on the max recursion depth for glob().
 2014-12-16 17:04:13 -07:00
Todd C. Miller
ccc210eddb If a system lacks mkdtemp() or mkstemps(), use our own mkdtemp() 
and mkstemps().  Previously we only exposed the missing one but
since the guts are the same we might as well use them.
 2014-10-29 13:03:39 -06:00