isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,469 Commits 1 Branch 0 Tags
24d812d0373dd06a03cae5d7f02f843e7f048b51
Commit Graph

504 Commits

Author SHA1 Message Date
Todd C. Miller
5913c63642 Add abs_top_srcdir and abs_top_builddir and use them. 
Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir.  We can use these instead of calling pwd.
 2020-01-20 06:37:42 -07:00
Todd C. Miller
1093e7bc4b Rebuild dependencies after hostcheck.c include changes. 2020-01-19 09:11:06 -07:00
Todd C. Miller
47d9504716 Add debugging statements to certificate checks. 2020-01-18 12:57:24 -07:00
Todd C. Miller
5a86073bd0 Portability fixes and correct path to hostcheck.h in MANIFEST. 
Include sys/socket.h for getpeername().
Link with -lnsl on Solaris to get inet_pton().
 2020-01-18 11:32:45 -07:00
Todd C. Miller
d2b7148b6c Using "libtool --clean" to remove regular files is slow. 
We only need to use libtool's clean mode to remove files created by libtool.
 2020-01-18 05:53:55 -07:00
Laszlo Orban
8d111db602 implement host validation for the audit server SSL certificates 2020-01-18 05:49:54 -07:00
Todd C. Miller
161750fc56 Really fix flushing of data in client_close(). 
Now that we call fmt_exit_message() from client_close() we do not
need to try to determine whether the read or write events were
pending in the old base.

We can't tell anyway because the active flag in the event was cleared
when the old sudo event base was destroyed.  It is correct to enable
both the read and write events after formatting the ExitMessage.
 2020-01-15 14:47:42 -07:00
Todd C. Miller
41242e121f FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. 
Don't test SIGLWP on FreeBSD where it is reserved for the thread
library and is not listed in sys_signame[].
 2020-01-15 10:27:54 -07:00
Todd C. Miller
9e57bea4e3 Fix coverity CID 206586. 
Potential use after free calling gzstrerror() after gzclose().
 2020-01-05 07:48:48 -07:00
Todd C. Miller
8aa815643f Remove POD-style C<> markup (typewriter font) from sudo.conf 2020-01-02 13:12:27 -07:00
Todd C. Miller
4347ed90d4 Fix compilation on systems with SIGRTMIN/SIGRTMAX but not _SC_RTSIG_MAX. 2019-12-25 11:19:58 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Robert Manner
c0d53d75eb src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
 2019-12-14 12:55:42 -07:00
Robert Manner
6710048c8d lib/util/sudo_debug.c: add a function for querying if debugging is needed 
for a level.
Rationale: this way we can avoid computing details for the log which will
not happen at all if the computation is slow.
 2019-12-14 12:55:42 -07:00
Todd C. Miller
3ec23ad5e1 Minor style cleanups. 
Remove extraneous break after return statement.
Convert two old K&R function declarations.
 2019-12-13 19:27:38 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
d7b4f88658 Use cfmakeraw() in sudo_term_raw() instead of doing it manually. 2019-12-07 12:25:51 -07:00
Todd C. Miller
22ffffe12b Add sudo_ev_pending(), used to check whether an event is pending. 2019-12-07 08:42:08 -07:00
Todd C. Miller
3ab29e29bb Add reference counting to debug register/deregister. 
Fixes a potential problem when an instance is re-registered.
 2019-12-03 20:03:19 -07:00
Laszlo Orban
33f6a16764 extend ServerHello message with two fields (tls, tls_checkpeer) 2019-11-22 11:11:55 +01:00
Todd C. Miller
20bc94635d Add sudo_ev_set_v1 to the exports file. 2019-11-15 16:30:46 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
58cede6fee Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv 2019-11-15 13:35:58 -07:00
Todd C. Miller
f6acc134f4 When freeing an event base, reset ev->base to NULL for associated events. 2019-11-15 13:35:19 -07:00
Todd C. Miller
f6a3dc6d27 Only write a carriage return if output is to a tty. 2019-11-08 19:40:49 -07:00
Todd C. Miller
b4878c95e7 Include a carriage return when printing warning messages. 
Otherwise, if the command is running in a pty the output is stair-stepped.
 2019-11-08 16:21:00 -07:00
Todd C. Miller
9f3bbdbd6f Add sudo_parse_host_port_v1 and sudo_pow2_roundup_v1 to exports file. 2019-11-07 18:09:44 -07:00
Todd C. Miller
09f1c26490 Fix typo in closefrom emulation. 2019-11-06 13:41:52 -07:00
Todd C. Miller
98ce89ee80 Add unit test for parse_host_port and make an empty port an error. 2019-11-05 06:04:13 -07:00
Todd C. Miller
2949d2c47b Fill in host and port pointers on success. 2019-11-04 13:28:09 -07:00
Todd C. Miller
b270b0c887 Split out code to parse host:port into a utility function. 2019-11-02 12:04:26 -06:00
Todd C. Miller
f1d0c99e03 Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. 2019-11-02 12:03:44 -06:00
Todd C. Miller
676d3fc67b Add missing depend target 2019-11-02 12:00:07 -06:00
Todd C. Miller
655fdde22b We haven't needed -I$(top_srcdir) for a long time. 2019-11-02 12:00:04 -06:00
Todd C. Miller
ac36cf2d4b In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. 
We want to try closing at least OPEN_MAX fds but no more than INT_MAX.
On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return
a value larger than INT_MAX when the number of open files is unlimited.
 2019-11-02 10:56:02 -06:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
ee91b7360b Simplify expand_iolog_path() 2019-10-24 20:04:33 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
13e3eaad5f Simplify iolog_set_user and iolog_set_group 2019-10-24 20:04:33 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
aaf5d0dc6e Read logsrvd.conf in two steps: first read, then apply if OK. 
This fixes a problem where when logsrvd.conf was reloaded while
running (due to SIGHUP) and there was an error we could end up with
a partial config.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
6c6f0567ba Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357 2019-10-24 20:04:32 -06:00
Todd C. Miller
8552b283be Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356 2019-10-24 20:04:32 -06:00
Todd C. Miller
728ed2100b Rename buffer.c -> logsrv_util.c and add iolog_seekto() 2019-10-24 20:04:32 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
3394785f6d Add restart support for compresses I/O logs. 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
534aba7a3e Make the logsrvd port and list address configurable. 2019-10-24 20:04:32 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00