isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,911 Commits 1 Branch 0 Tags
1f3ea50afd89baf6c6557b42a3971e67bc838f6b
Commit Graph

616 Commits

Author SHA1 Message Date
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
9309c9eab7 Use getopt_long() so we can make the -h flag take an optional argument. 
Includes a version for those without it.
 2013-07-17 17:00:55 -06:00
Todd C. Miller
1e4497331c Bump version to 1.8.8 2013-07-16 16:29:42 -06:00
Todd C. Miller
c057692da7 On Solaris 11 and higher, tag binaries for ASLR if supported by the 
linker.
 2013-05-30 09:29:36 -04:00
Todd C. Miller
67d8af4be5 Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. 
OpenBSD also supports PIE but enables it by default so we don't
need to do anything.  This fixes problems on systems with a version
of GNU ld that accepts -pie but where the run-time linker doesn't
actually support PIE.  Also verify that a trivial PIE binary works
unless PIE is explicitly enabled.
 2013-05-28 14:40:45 -04:00
Todd C. Miller
521e17b13b Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld 
where we can end up crashing due to malloc() failures.  Sems OK
when Using Sun as and ld.
 2013-05-24 16:47:16 -04:00
Todd C. Miller
62c7945c00 Add -fPIE to PIE_LDFLAGS as per gcc manual. 2013-05-23 22:47:28 -04:00
Todd C. Miller
ca4f8d9495 PIE is broken on FreeBSD/arm 2013-05-03 14:33:26 -04:00
Todd C. Miller
95b50f84af Use time(&now) instead of now = time(NULL) when storing the current 
time in a time_t (better compiler error checking).
Better parsing and printing of 64-bit time_t on 32-bit platforms.
 2013-04-23 13:15:22 -04:00
Todd C. Miller
d1580ff592 Error out in configure if the compiler doesn't support "long long". 2013-04-16 14:36:42 -04:00
Todd C. Miller
89759fa36c For big endian architectures just use memcpy() instead of BE macros 
in a loop.
 2013-04-15 11:05:52 -04:00
Todd C. Miller
35375a2b7e Initial implementation of checksum support in sudoers. 
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
      checksum support for ldap sudoers
 2013-04-14 07:00:21 -04:00
Todd C. Miller
e003c793b3 Use AC_LINK_IFELSE instead of AC_TRY_LINK 
Fix printing of status message for visibility checks when the test fails.
 2013-04-02 16:56:59 -04:00
Todd C. Miller
4bd1b5e35c We no longer use mbr_check_membership() and setrlimit64() is 
AIX-specific.
 2013-04-02 16:52:59 -04:00
Todd C. Miller
7364f0ce98 Do exec_prefix expansion when enable_shared even if noexec is 
not enabled.
 2013-04-02 12:25:54 -04:00
Todd C. Miller
3a83dbafbe Fix getgrouplist() check. 2013-04-01 14:58:31 -04:00
Todd C. Miller
b4ca9535b4 Fix a typo in a comment and make sure we don't mistakenly include 
_PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
 2013-03-21 16:35:18 -04:00
Todd C. Miller
575466027b Use $host_os not $host when we only care about the os name and version. 2013-03-19 15:59:23 -04:00
Todd C. Miller
017c7a15d3 Suppress duplicate -L and -I flags. 2013-03-19 14:10:26 -04:00
Todd C. Miller
3c139fa3c9 If we find sasl/sasl.h there's no need to check for sasl.h too 2013-03-19 13:04:24 -04:00
Todd C. Miller
46da6159de Add -R flags at the very end after configure link tests are done 
since we can only count on libtool to accept -R, the compiler front
end may not.
Also unify the libldap and libibmldap tests using AC_SEARCH_LIBS
and check for -lCsup on HP-UX which is needed by libibmldap (but
is not an explicit dependency).
 2013-03-19 11:52:54 -04:00
Todd C. Miller
0b99679274 Back out changes that broke detection of skey, opie and ldap 
libraries.
 2013-03-18 16:34:01 -04:00
Todd C. Miller
1a51a993de On HP-UX, libibmldap has a hidden dependency on libCsup 2013-03-18 15:19:12 -04:00
Todd C. Miller
eef31be22a Only create static helper libs when --disable-shared is specified. 2013-03-18 10:15:48 -04:00
Todd C. Miller
c8f630c060 Replace --with-rpath and --with-blibpath with --disable-rpath. 
Now that we use libtool for linking we can just use the -R
flag and have libtool translate it to the proper linker flag.
 2013-03-18 09:27:07 -04:00
Todd C. Miller
1614c3cad1 Document sesh Path setting. 2013-03-14 20:13:54 -04:00
Todd C. Miller
7f32d1ca4c Make sesh path configurable in sudo.conf 2013-03-14 16:49:42 -04:00
Todd C. Miller
4493554290 Use -fno-pie and -nopie if supported when --disable-pie is specified. 2013-03-14 16:06:13 -04:00
Todd C. Miller
d07d453ab5 Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. 
Fixes a problem with errno sometimes not being set on error on HP-UX.
 2013-03-07 11:54:17 -05:00
Todd C. Miller
9722784e1c Always install plugins with a .so extension regardless of what 
extension the system uses for shared libraries.  That way the
group_plugin sudoers setting can be shared between heterogenous
systems.
 2013-03-06 17:08:10 -05:00
Todd C. Miller
e30b0bd121 Use pstat() on HP-UX to determine the tty device. 2013-02-28 09:01:08 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
e07280eeeb Rename sample_group plugin to group_file. 
Install group_file and system_group plugins by default.
 2013-02-18 15:32:36 -05:00
Todd C. Miller
6b09c76a20 Sudo now stores its libexec files in a "sudo" subdirectory instead 
of in libexec itself.  For backwards compatibility, if the plugin
is not found in the default plugin directory, sudo will check the
parent directory default directory ends in "/sudo".
 2013-02-06 14:06:51 -05:00
Todd C. Miller
0bd79612b1 Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. 2013-02-05 10:56:58 -05:00
Todd C. Miller
6bc3d4aed5 Use nss_search() to implement getgrouplist() where available. Tested 
on Solaris and HP-UX.  We need to include a compatibility header
for HP-UX which uses the Solaris nsswitch implementation but doesn't
ship nss_dbdefs.h.
 2013-01-22 15:41:15 -05:00
Todd C. Miller
a06a14838f Use _getgroupsbymember() on Solaris to get the groups list. Fixes 
performance problems with the getgroupslist() compat on Solaris
systems with network-based group databases.
 2013-01-18 14:58:12 -05:00
Todd C. Miller
adbc8a574f Use -fstack-protector-all in preference to -fstack-protector 
where supported.
 2013-01-11 09:39:59 -05:00
Todd C. Miller
34d018fb91 Only test for -fstack-protector and -fvisibility=hidden on GNU 
compatible compilers.
 2013-01-10 21:27:40 -05:00
Todd C. Miller
6e560f2bab Break out stack smashing protector options into SSP_CFLAGS and 
SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
 2013-01-03 14:20:49 -05:00
Todd C. Miller
948253a156 Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. 2012-12-27 16:25:51 -05:00
Todd C. Miller
415dc82971 Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. 2012-11-25 11:54:17 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
acf8af9aac #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. 2012-11-12 08:51:58 -05:00
Todd C. Miller
83dde2fbb6 Add os-specific initialization functions for solaris (workaround 
setuid locale problem in Solaris 11) and openbsd (set malloc_options
if SUDO_DEVEL).  Also move set_project() to solaris.c.
 2012-11-11 07:11:22 -05:00
Todd C. Miller
9d2dc4c30a Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 locales. 
Make links from localdir/lang -> localdir/lang.UTF-8
 2012-11-08 14:45:22 -05:00
Todd C. Miller
0586a5e28a Allow the user to specify and alternate libtool 2012-10-28 12:58:48 -04:00
Todd C. Miller
8aca292b23 sudo 1.8.7 2012-10-24 16:29:13 -04:00
Todd C. Miller
a7ce1909fe sudo 1.8.6p3 2012-09-18 09:41:58 -04:00
Todd C. Miller
0c94a95ef3 Sudo 1.8.6p2 2012-09-16 21:04:33 -04:00