isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,868 Commits 1 Branch 0 Tags
0b506a2d07df25073f08975687ce6ea44c35d65b
Commit Graph

114 Commits

Author SHA1 Message Date
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
602ed0c747 In ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat. 
This more closely matches what "mkdir -p" does.
Coverity CID 104119.
 2016-05-06 16:37:20 -06:00
Todd C. Miller
7a86430d41 Cast off_t printed via printf(3) instead of assuming it is long long. 2016-05-06 14:17:32 -06:00
Todd C. Miller
562b5cb59b Check lseek() return value. 
Coverity CID 104061.
 2016-05-05 16:46:25 -06:00
Todd C. Miller
60e740dd60 Ignore ts_write() return value when disabling an entry with a bogus 
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.
 2016-05-05 16:30:11 -06:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
c6dad0001d Avoid compilation error on Solaris 10 with Stun Studio 12. 
Bug #727
 2015-11-01 15:08:50 -07:00
Todd C. Miller
118680eabf Cast sizeof(entry) to off_t before making it a negative offset for 
lseek().  Fixes "sudo -k" on Solaris and probably others.
 2015-09-24 10:52:44 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
69050f9345 Bring back the check for time stamp files that predate the boot 
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0487b6da9d Adjust new locking to work when tty_tickets is disabled. We need 
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
8f84857977 Fix creation of the timestamp file; bug #704 2015-07-20 20:16:14 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00
Todd C. Miller
5d2e9426b2 We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as 
it may be present but not implemented.  Add sudo_gettime_real() and
sudo_gettime_mono() functions to get the real and monotonic times
respectively.  Now sudo_gettime_mono() checks the value of
sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC)
and falls back on sudo_gettime_real() as needed.  The Mach version
of sudo_gettime_mono() uses mach_absolute_time().

This should fix problems with timestamp files on systems where
the CLOCK_MONOTONIC is defined but not actually implemented.
 2015-02-24 11:19:21 -07:00
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
ecaecdc1f4 Merge secure_path.h -> sudo_util.h 2014-07-22 11:37:39 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
f029e3e744 Remove touch() from fileops.c and just call utimes/futimes directly. 
Rename lock_file -> sudo_lock_file to avoid namespace pollution
 2014-06-26 15:51:15 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
db54815996 Use log_warning() instead of log_fatal() if the ticket or lecture 
path is too long and just return an error.  This can only happen
from a misconfiguration so just ignoring the ticket/lecture file
is safe.
 2014-03-26 14:22:46 -06:00
Todd C. Miller
2dfc10830c Fix warning on systems where mode_t is not unsigned int (Solaris). 2014-03-26 11:09:57 -06:00
Todd C. Miller
4d712aa903 Don't write an empty timestamp record when timestamp_timeout is 
zero.  If we find an empty record in the timestamp file, overwrite
it with a good one, truncating the file as needed.
 2014-03-17 07:14:55 -06:00
Todd C. Miller
403a48da40 Fix typo/thinko that prevented "Defaults !tty_tickets" from working. 2014-03-13 13:38:42 -06:00
Todd C. Miller
f2f96d849b Fix conversion of timestamp_timeout from double to struct timeval. 
Also quiet a printf format warning on 32-bit systems.
 2014-02-26 10:29:52 -07:00
Todd C. Miller
b299763e34 Don't warn about an insecure lecture dir twice. 
Display warnings in the user's locale.
 2014-02-06 15:46:27 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
32b897ac67 Restore warning when sudoers is unable to update the time stamp file. 2014-02-01 06:11:29 -07:00
Todd C. Miller
fb29e91ef0 Fix use of timestampowner in the new time stamp world order. Parent 
directories for timestampdir and lecture_dir are now created with
the execute bit set so that we can traverse them as non-root.
 2014-02-01 05:47:16 -07:00
Todd C. Miller
32b4713d6d sprinkle some debug printfs and add function header comments 2014-01-31 15:28:41 -07:00
Todd C. Miller
d7257a63e7 Properly handle the case where /var/run/sudo/ts doesn't exist. 2014-01-31 15:02:31 -07:00
Todd C. Miller
596fc68aca Warn on ftruncate failure(). 2014-01-30 16:24:48 -07:00
Todd C. Miller
63e7aa9942 Fix checking of lecture status. 2014-01-30 16:15:03 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
99b7351de0 Fix some #if vs. #ifdef and remove an extraneous semicolon. 
Bug #624; from Daniel Richard G.
 2013-11-17 16:15:36 -07:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
bd52869056 Be specific that we are talking about the Unix epoch; bug #615 2013-09-03 14:50:28 -06:00
Todd C. Miller
39d630f2f2 If tty_tickets are enabled but there is no tty, use a ticket file 
based on the parent pid.
 2013-08-13 12:55:17 -06:00