isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

509 Commits

Author SHA1 Message Date
Todd C. Miller
680fd4a629 Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). 
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
 2021-08-20 10:59:52 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
62aca803ce Older Solaris has getusershell() et al but does not declare it. 2021-08-13 09:52:02 -06:00
Todd C. Miller
0ea5efd8b7 If msg_control is not present in struct msghdr use msg_accrights instead. 
Fixes building on Solaris and probably others.  It is possible to
expose msg_control on Solaris but this requires a specific set of
feature flag defines which can cause other complications.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
4a90deb2a0 Add configure check for va_copy instead of using #ifdef 
This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included before stdarg.h.
 2021-07-25 15:51:23 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
b0a32fe738 Remove the HP-UX 11.0 pread64() hack, it causes problems on modern HP-UX. 2021-04-20 14:59:19 -06:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
e392646ed4 Add configure check for SSIZE_MAX 2021-02-08 18:38:17 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
da5c6c6c45 Regenerate configure script with autoconf 2.71. 
Also fix some warnings from the new version.
 2020-12-08 12:35:21 -07:00
Todd C. Miller
0e3e13d872 Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups. 
On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is defined.
Bug #946
 2020-12-07 13:15:25 -07:00
Todd C. Miller
a96b9a1373 Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled. 
Add a check for the function declaration in openssl/ssl.h.
 2020-11-16 14:39:52 -07:00
Todd C. Miller
62547746d3 Rename iolog_client -> log_client. 
The logsrvd client code is now used for more than just I/O logging.
 2020-11-09 17:13:04 -07:00
Todd C. Miller
c8c7e1f607 Use ssl_err2string() in message on ldap_ssl_client_init() failure. 
Displaying SSL reason code directly is not user-friendly.
 2020-10-28 09:40:11 -06:00
Todd C. Miller
874c2b27c6 Use a simple string compare on systems without crypt(3). 
This is only used on systems without PAM, BSD authentication or AIX
authentication.  Bug #940.
 2020-09-18 08:18:07 -06:00
Todd C. Miller
019f1f6b93 Use sigabbrev_np(3) to access signal abbreviations if supported. 
glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
 2020-08-25 16:48:13 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
kuberlog
054939c1ed configure.ac: fix documentation about lecture 2020-07-21 08:47:03 -06:00
Todd C. Miller
be89bdcf7c Fix some warnings displayed by autoconf 2.69b 
This fixes the missing HAVE_GSSAPI_GSSAPI_H define in config.h.in.
TODO: replace shadow_funcs variable in function checks with literals
 2020-07-15 10:12:55 -06:00
Todd C. Miller
48c2bd0007 Declare getdelim(3) if it exists in libc but is not prototyped in stdio.h. 
This can happen on systems with a gcc packages that was built on
and older versions of the OS where getdelim(3) was not present.
 2020-06-06 18:45:27 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
c9b68ccb34 Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version 
Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
 2020-01-23 09:38:09 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Todd C. Miller
c8532ae7a9 Enable OpenBSD extensions on NetBSD to get reallocarray(3) prototype. 2019-12-25 11:21:49 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Todd C. Miller
96a03a0891 regen 2019-12-14 13:02:53 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
81c6cac81b Solaris getentropy() requires that sys/random.h be included. 2019-06-10 12:12:57 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
ecd9688818 Add support for utmps as found in HP-UX. 2018-11-18 07:45:43 -07:00
Todd C. Miller
716aa6e4ab Support st_nmtime in struct stat as found in HP-UX. 2018-11-14 13:37:46 -07:00
Todd C. Miller
fdd7296122 Add a test for the 4-argument au_close() function found in Solaris 
11 instead of assuming it is present if __sun is defined.  Fixes a
compilation error on OpenIndiana and older Solaris versions.
 2018-08-27 13:50:23 -06:00
Todd C. Miller
04d1f56d90 Use struct timespec, not struct timeval in the event subsystem. 
Use ppoll() or pselect() if avaialble which use timespec.
 2018-08-25 21:02:05 -06:00
Todd C. Miller
d876602dbf Do not assume all Linux has linux/random.h. 
Add missing sys/syscall.h include
 2018-08-22 15:12:11 -06:00
Todd C. Miller
df1c062526 HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead. 2018-08-20 10:56:34 -06:00
Todd C. Miller
b3227d3ed5 Add sudo_gettime_uptime() to measure time while not sleeping. 2018-08-19 09:55:08 -06:00