Commit Graph

6942 Commits

Author SHA1 Message Date
Todd C. Miller
251c79a77b Add missing missing.h 2013-08-15 10:08:27 -06:00
Todd C. Miller
c376c71618 Move the -C (user_closefrom) check until after set_cmnd() so that
closefrom_override can be used in a command-specific Defaults line.
Fixes bug #610 from Mengtao Sun.
2013-08-15 09:56:17 -06:00
Todd C. Miller
299a881fe2 If not using a pty and the child process gets SIGTTOU or SIGTTIN
and sudo is the foreground process, make the child the foreground
process and continue it.
2013-08-14 16:36:41 -06:00
Todd C. Miller
c909f61004 If sudo is not setuid and was not invoked with a full path, look
in the user's PATH for the sudo binary to give a better error
message.
2013-08-14 14:22:16 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
2013-08-14 13:49:14 -06:00
Todd C. Miller
79104ce751 Fix parsing of "-h host" when used in conjunction with the -l flag. 2013-08-14 13:41:47 -06:00
Todd C. Miller
8b1d645534 Simplify usage messages a bit and make --help output more closely
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
2013-08-14 10:30:51 -06:00
Todd C. Miller
91e66c481f Fix setting of mailer argv[0] to basename of mailerpath.
No need to strdup() mailerpath as it is not modified.
2013-08-13 14:53:55 -06:00
Todd C. Miller
04b290e385 Make sure the mailer exists and is a regular file before trying
to exec it.
2013-08-13 14:48:24 -06:00
Todd C. Miller
39d630f2f2 If tty_tickets are enabled but there is no tty, use a ticket file
based on the parent pid.
2013-08-13 12:55:17 -06:00
Todd C. Miller
d9fd6281e4 Allow default plugin dir to be configured in sudo.conf. 2013-08-13 12:24:28 -06:00
Todd C. Miller
d10641cdbb UTF8 for Ruusamae, Elan; from Tae Wong 2013-08-13 10:37:52 -06:00
Todd C. Miller
9b2fb418ca Don't allow max_groups to be set to zero, it just complicates things
needlessly.  Fixes an assertion in visudo when there is a group-based
Defaults entry.
2013-08-12 09:14:38 -06:00
Todd C. Miller
8b4fbc5cc0 Refactor code to parse list of gids into its own function that is
shared by the sudo front-end and the sudoers module.
Make uid/gid parse error be fatal, not just a warning.
2013-08-08 11:40:36 -06:00
Todd C. Miller
6126c08f7d Add function comment block. 2013-08-08 11:38:39 -06:00
Todd C. Miller
141f91e777 Default text domain is now sudo, not sudoers. 2013-08-08 10:37:25 -06:00
Todd C. Miller
5556a0f211 Update dependency for atoid.lo 2013-08-08 08:39:58 -06:00
Todd C. Miller
fe23e7c038 Add endpointer and separator args to atoid() 2013-08-08 06:11:52 -06:00
Todd C. Miller
39cbfcd406 Use private version of atoid() to avoid a dependency on libcommon.a
(since that already depends on libreplace.a).
2013-08-07 16:52:50 -06:00
Todd C. Miller
03fc668e5a More UTF8 in names; from Tae Wong 2013-08-07 16:07:14 -06:00
Todd C. Miller
dde7331a0f Use atoid() in more places. 2013-08-07 15:49:03 -06:00
Todd C. Miller
40cb480f07 Move atoid() to common so it can be used in src and compat too. 2013-08-07 15:10:45 -06:00
Todd C. Miller
2c6e68df0e Avoid a crash on Mac OS X 10.8 (at least) when we close libdispatch's
fds out from under it before executing the command.  Switch to just
setting the close on exec flag instead.
2013-08-07 15:04:58 -06:00
Todd C. Miller
30adf33eaf Convert to last, first for easier sorting and use UTF8 (including a
BOM).
2013-08-07 14:14:05 -06:00
Todd C. Miller
c3fb47a88e Add atoid() function to convert a string to an id_t (uid, gid or
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
2013-08-07 13:13:56 -06:00
Todd C. Miller
5dc56ea81d Add atoid() function to convert a string to an id_t (uid, gid or
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
2013-08-07 11:23:19 -06:00
Todd C. Miller
972ee9a0fb Avoid "perm stack underflow" error when logging the unknown uid error. 2013-08-07 10:13:04 -06:00
Todd C. Miller
23a2bdbcba In rewind_perms() there is nothing to do if perm_stack_depth == 0. 2013-08-07 09:42:14 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether
pam_setcred() is called on the user's behalf.
2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control
the service name passed to pam_start.
2013-08-06 11:01:36 -06:00
Todd C. Miller
385e20c7bc Newer Xcode places the SDKs under Xcode.app 2013-08-06 10:58:50 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes().
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
2013-08-03 08:30:06 -06:00
Todd C. Miller
8c867be419 Do not try to install plugins when shared modules are disabled
(sudoers already had the check).
2013-08-01 10:51:46 -06:00
Todd C. Miller
d882303b88 Update dependencies to take into account compat/getopt.h and
compat/dlfcn.h.
2013-08-01 10:51:06 -06:00
Todd C. Miller
235d32c994 Update dependencies now that sudo_usage.h is always included from
the build dir.
2013-08-01 10:50:05 -06:00
Todd C. Miller
62da46a9cb Add some warnings and debugging to sasl ccname handling. 2013-07-31 15:20:14 -06:00
Todd C. Miller
c0c782ae14 Fix write loop invariant in sudo_krb5_copy_cc_file() 2013-07-31 15:03:46 -06:00
Todd C. Miller
09e752274e Strip off leading FILE: or WRFILE: prefix before trying to copy
the user's credential cache.
2013-07-30 15:37:04 -06:00
Todd C. Miller
3582ad3409 Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
just save RLIMIT_NPROC in exec_setup() before the final setuid()
and restore it immediately after.  We don't need to modify RLIMIT_NPROC
for simple euid changes, just for changing the real (and saved)
uids before we exec.  This also means we no longer need to worry
about _SC_CHILD_MAX returning -1.  Bug #565
2013-07-29 15:34:49 -06:00
Todd C. Miller
b1c8f0575b Now that the ldap code runs with the real and effective uid set to
0, it is not possible for the gssapi libs to find the user's krb5
credential cache file.  To work around this, we make a temporary
copy of the user's credential cache specified by KRB5CCNAME (opened
with the user's effective uid) and point gssapi to it.  To set the
credential cache file name, we dynamically look up gss_krb5_ccache_name()
and use it if available, otherwise fall back to setting KRB5CCNAME.
2013-07-28 17:06:43 -06:00
Todd C. Miller
39575aecf2 Long option support for visudo and sudoreplay. 2013-07-19 09:42:25 -06:00
Todd C. Miller
6e56e6d8c8 Add support for long options and fix inclusion of sudo_usage.h with
modern gcc broken in 8597:1fcb7ba13018.
2013-07-18 16:51:56 -06:00
Todd C. Miller
fbfd0ad630 Add rule to rebuild sudo_usage.h when the .in file changes. 2013-07-18 14:29:30 -06:00
Todd C. Miller
deb3844959 Add make rules for building getopt_long.c 2013-07-18 10:07:41 -06:00
Todd C. Miller
db05b9ae0d Make "-h hostname" work. Optional args in GNU getopt() only work
when there is no space between the option flag and the argument.
2013-07-18 10:02:43 -06:00
Todd C. Miller
9309c9eab7 Use getopt_long() so we can make the -h flag take an optional argument.
Includes a version for those without it.
2013-07-17 17:00:55 -06:00
Todd C. Miller
29908cb6df Document that the -h option can be used specify a host name for future
plugins.
2013-07-16 16:31:59 -06:00
Todd C. Miller
c2860cce57 Overload -h option to specify an optional hostname for remote access.
This is future-proofing; no policy plugins currently support this.
2013-07-16 16:31:05 -06:00
Todd C. Miller
1e4497331c Bump version to 1.8.8 2013-07-16 16:29:42 -06:00
Todd C. Miller
1d20a0ab63 Document the remote_host setting (-h host) 2013-07-16 16:21:14 -06:00