isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,154 Commits 1 Branch 0 Tags
388ad69f096fa53e3d657bedca98363040cca36a
Commit Graph

646 Commits

Author SHA1 Message Date
Todd C. Miller
eb44a5ba5c No need to use __signed. 2013-12-17 16:08:18 -07:00
Todd C. Miller
cbf41b8b96 The OpenBSD strtonum() uses very short error strings that can't 
be translated usefully.  Convert them to longer strings on error.
Also use the longer strings for atomode() and atoid().
 2013-12-11 13:43:10 -07:00
Todd C. Miller
8f9ce7249a Use strtonum() instead of atoi(), strtol() or strtoul() where possible. 2013-12-10 16:23:21 -07:00
Todd C. Miller
f83eac40eb Add strtonum.c to compat for simpler number parsing. 2013-12-10 14:38:52 -07:00
Todd C. Miller
0d81263e26 Instead of setprogname(), add initprogname() which gets the program 
name for getprogname() using /proc or pstat() if possible.
 2013-12-01 19:12:21 -07:00
Todd C. Miller
4247c1741b Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it 
in Makefile.in so we can make it last.  Fixes a linking problem on
Ubuntu precise.
 2013-11-26 07:15:55 -07:00
Todd C. Miller
94ad47ff98 Do not rely on NULL being defined for getaddrinfo() test. 
Fixes the check on HP-UX 11.23.
 2013-11-25 09:54:04 -07:00
Todd C. Miller
12f3bdf60e Add wrapper functions for dlopen() et al so that we can support 
statically compiling in the sudoers plugin but still allow other
plugins to be loaded.  The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary.  This does not prevent other plugins from being
loaded as per sudo.conf.
 2013-11-22 16:35:15 -07:00
Todd C. Miller
6a1d1e1483 Add dedicated test for getaddrinfo(). Tru64 UNIX contains two 
versions of getaddrinfo and we must include netdb.h to get the
proper definition.
 2013-11-20 12:04:47 -07:00
Todd C. Miller
42b1e4a9c4 Add check for C99 compliant (v)snprintf function. 2013-11-19 10:40:25 -07:00
Todd C. Miller
0a47860ef7 Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and 
SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h.
Bug #621; from Daniel Richard G.
 2013-11-19 09:48:01 -07:00
Todd C. Miller
3dab6bd8e9 Allow sudo to compile without variadic macro support in cpp. 
Debugging support will be limited (no file info from warnings.)
From Daniel Richard G.; Bug #621
 2013-11-18 09:10:09 -07:00
Todd C. Miller
bf65cc041e Fixes for building under Tru64; from Daniel Richard G. 
Bug #624
 2013-11-17 14:16:13 -07:00
Todd C. Miller
942f732a50 Add -Wpointer-arith to --enable-warnings 2013-11-15 15:33:46 -07:00
Todd C. Miller
e684f6a096 Fix more instances of #include directives where the '#' was not in 
column 1.  From Daniel Richard G. (bug #622)
 2013-11-15 15:16:47 -07:00
Todd C. Miller
362080220e Regen with autoconf 2.69 2013-11-13 15:02:19 -07:00
Todd C. Miller
97b60e3eb2 From Daniel Richard G. (bug #622) 
Add an autogen.sh script that rebuilds the autoconf world.
    Move old aclocal.m4 contents to m4/sudo.m4.
    New (generayed) aclocal.m4 contains the m4_include directives.
    Some tests had #include directives where the '#' was not in column 1.
    Updated obsolete macro usage via autoupdate.
 2013-11-13 14:45:47 -07:00
Todd C. Miller
142fff6db3 HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for MSG_WAITALL 
to be visible.
 2013-11-12 15:13:54 -07:00
Todd C. Miller
88a57822ea Add getaddrinfo.lo to LTLIBOBJS for systems that need it. 
From Daniel Richard G.
 2013-11-11 12:53:44 -07:00
Todd C. Miller
3b65249bd4 Add -Wold-style-definition to --enable-warnings 2013-11-04 06:21:01 -07:00
Todd C. Miller
8861e01d16 Add support for libevent-style timed events. Adding a timed event 
is currently O(n).  The only consumer of timed events is sudoreplay
which only used a singled one so O(n) == O(1) for now.  This also
allows us to remove the nanosleep compat function as we now use a
timeout event instead.
 2013-10-28 10:00:09 -06:00
Todd C. Miller
f4d2978f30 Add -Wsign-compare to --enable-warnings 2013-10-23 15:02:22 -06:00
Todd C. Miller
58f71c00ec Bump version to 1.8.9 2013-10-14 11:00:12 -06:00
Todd C. Miller
79acd5db49 Simple event subsystem that uses poll() or select(). Basically a 
simplied subset of libevent2.  Currently only fd events are supported
(since that's all we need).  The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
 2013-10-12 05:53:43 -06:00
Todd C. Miller
40b24c5da0 Add configure checks for the exec functions we will dummy out. This 
is only really needed on Mac OS X when symbol interposition is being
performed but won't hurt elsewhere.
 2013-08-21 10:09:04 -06:00
Todd C. Miller
b0f5c498f8 Fix installation of sudo_noexec on Mac OS X. 
Use library symbol interposition on Mac OS X 10.4 and higher so
we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1.
 2013-08-20 15:14:17 -06:00
Todd C. Miller
3c2a9b9948 Don't redefine opterr, optind, optopt, optarg in getopt_long.c. 
Add a check for optreset which is a BSD extension and provide a
definition in getopt_long.c if it is not present.
 2013-08-16 13:50:48 -06:00
Todd C. Miller
8b1d645534 Simplify usage messages a bit and make --help output more closely 
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
 2013-08-14 10:30:51 -06:00
Todd C. Miller
5dc56ea81d Add atoid() function to convert a string to an id_t (uid, gid or 
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
 2013-08-07 11:23:19 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
9309c9eab7 Use getopt_long() so we can make the -h flag take an optional argument. 
Includes a version for those without it.
 2013-07-17 17:00:55 -06:00
Todd C. Miller
1e4497331c Bump version to 1.8.8 2013-07-16 16:29:42 -06:00
Todd C. Miller
c057692da7 On Solaris 11 and higher, tag binaries for ASLR if supported by the 
linker.
 2013-05-30 09:29:36 -04:00
Todd C. Miller
67d8af4be5 Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. 
OpenBSD also supports PIE but enables it by default so we don't
need to do anything.  This fixes problems on systems with a version
of GNU ld that accepts -pie but where the run-time linker doesn't
actually support PIE.  Also verify that a trivial PIE binary works
unless PIE is explicitly enabled.
 2013-05-28 14:40:45 -04:00
Todd C. Miller
521e17b13b Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld 
where we can end up crashing due to malloc() failures.  Sems OK
when Using Sun as and ld.
 2013-05-24 16:47:16 -04:00
Todd C. Miller
62c7945c00 Add -fPIE to PIE_LDFLAGS as per gcc manual. 2013-05-23 22:47:28 -04:00
Todd C. Miller
ca4f8d9495 PIE is broken on FreeBSD/arm 2013-05-03 14:33:26 -04:00
Todd C. Miller
95b50f84af Use time(&now) instead of now = time(NULL) when storing the current 
time in a time_t (better compiler error checking).
Better parsing and printing of 64-bit time_t on 32-bit platforms.
 2013-04-23 13:15:22 -04:00
Todd C. Miller
d1580ff592 Error out in configure if the compiler doesn't support "long long". 2013-04-16 14:36:42 -04:00
Todd C. Miller
89759fa36c For big endian architectures just use memcpy() instead of BE macros 
in a loop.
 2013-04-15 11:05:52 -04:00
Todd C. Miller
35375a2b7e Initial implementation of checksum support in sudoers. 
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
      checksum support for ldap sudoers
 2013-04-14 07:00:21 -04:00
Todd C. Miller
e003c793b3 Use AC_LINK_IFELSE instead of AC_TRY_LINK 
Fix printing of status message for visibility checks when the test fails.
 2013-04-02 16:56:59 -04:00
Todd C. Miller
4bd1b5e35c We no longer use mbr_check_membership() and setrlimit64() is 
AIX-specific.
 2013-04-02 16:52:59 -04:00
Todd C. Miller
7364f0ce98 Do exec_prefix expansion when enable_shared even if noexec is 
not enabled.
 2013-04-02 12:25:54 -04:00
Todd C. Miller
3a83dbafbe Fix getgrouplist() check. 2013-04-01 14:58:31 -04:00
Todd C. Miller
b4ca9535b4 Fix a typo in a comment and make sure we don't mistakenly include 
_PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
 2013-03-21 16:35:18 -04:00
Todd C. Miller
575466027b Use $host_os not $host when we only care about the os name and version. 2013-03-19 15:59:23 -04:00
Todd C. Miller
017c7a15d3 Suppress duplicate -L and -I flags. 2013-03-19 14:10:26 -04:00
Todd C. Miller
3c139fa3c9 If we find sasl/sasl.h there's no need to check for sasl.h too 2013-03-19 13:04:24 -04:00