isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,482 Commits 1 Branch 0 Tags
3b112a17c12fde611dcbb38c285ddf0fee53a56c
Commit Graph

5482 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
815e401281 Fix libtool target (space vs. tabs) 2010-05-21 18:41:18 -04:00
Todd C. Miller
8ae8e8442c Remove use of RETSIGTYPE; all modern systems have signal handlers that 
return void.
 2010-05-21 18:40:04 -04:00
Todd C. Miller
51b558e753 Update to libtool-2.2.6b. I haven't made any local modifications 
this time, which should be OK since we install sudo_noexec.so by
hand now.
 2010-05-21 17:59:47 -04:00
Todd C. Miller
6b370cb020 Use libtool to clean objects 2010-05-21 16:53:21 -04:00
Todd C. Miller
a60f268a7c Install sudo_plugin.h as part of "make install" and make other install 
targets callable from the top-level Makefile
 2010-05-21 16:52:31 -04:00
Todd C. Miller
60b5321558 regen with autoupdate to eliminate AC_TRY_LINK 2010-05-21 15:53:39 -04:00
Todd C. Miller
95d939f9bb Install sudo_plugin.h as part of "make install" and make other install 
targets callable from the top-level Makefile
 2010-05-21 15:31:36 -04:00
Todd C. Miller
b628e15dc4 The sample plugin doesn't support being run with no args so return 
a usage error in this case.
 2010-05-21 14:56:31 -04:00
Todd C. Miller
f59669fc20 Set close on exec flag for descriptors used for I/O logging so they 
are not present in the command being run.
 2010-05-21 14:51:50 -04:00
Todd C. Miller
d3d8364d4e Set close on exec flag in private versions of setpwent() and setgrent(). 2010-05-21 14:51:05 -04:00
Todd C. Miller
16c2769ed9 Close the I/O pipes aftering dup2()ing them to std{in,out,err}. 
Fixes extra fds being present in the command when it is part of a pipeline.
 2010-05-21 14:50:26 -04:00
Todd C. Miller
529bfcf674 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does 
(it is used when logging).  Note that user_ttypath will still be
NULL if there is no tty.
 2010-05-21 12:19:55 -04:00
Todd C. Miller
064cffd575 Cosmetic changes: 
add comments, remove orphaned prototype and make a global static.
 2010-05-21 12:01:11 -04:00
Todd C. Miller
a9a16d7331 Move check for maxfd == -1 to flush_output where it belongs. 2010-05-20 17:34:53 -04:00
Todd C. Miller
d18b458e1f Break out of select loop if all the fds we want to select on are -1. 2010-05-20 17:13:22 -04:00
Todd C. Miller
20c125297f Avoid possible malloc(0) if plugin returns an empty groups list. 2010-05-20 17:10:16 -04:00
Todd C. Miller
9360e67a3d Add debugging info when calling plugin close function 2010-05-20 17:01:53 -04:00
Todd C. Miller
882fe3ac41 Avoid closing stdin/stdout/stderr when we are piping output. 2010-05-20 17:01:27 -04:00
Todd C. Miller
f8ff268318 When execve() of the command fails, it is possible to receive SIGCHLD 
before we've read the error status from the pipe.  Re-order things
such that we send the final status at the very end and prefer error
status over wait status.
 2010-05-20 07:33:14 -04:00
Todd C. Miller
d2b8bad2a5 Fix compilation for non PAM/BSD auth/AIX auth 2010-05-19 11:40:46 -04:00
Todd C. Miller
0eec7335af Additional checks to make sure we don't close /dev/tty by mistake. 
When flushing, sleep in select as long as we have buffers that need
to be written out.
 2010-05-18 18:50:20 -04:00
Todd C. Miller
6a2a182e0f Now that we can use pipes for stdin/stdout/stderr there is no 
longer a need to error out when there is no tty.  We just need
to make sure we don't try to use the tty fd if it is -1.
 2010-05-18 17:43:10 -04:00
Todd C. Miller
55ef027d88 Add argc and argv to I/O logger open function. 2010-05-17 10:38:56 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
3ac9aee52e If plugin sets "sudoedit=true" in the command info, enable 
sudoedit mode even if not invoked as sudoedit.  This allows
a plugin to enable sudoedit when the user runs an editor.
 2010-05-16 19:27:04 -04:00
Todd C. Miller
285ccb152c gram.h must not depend on gram.y if we want to avoid unnecessary 
rebuilding of targets dependent on gram.h when gram.y changes.
 2010-05-15 15:12:06 -04:00
Todd C. Miller
2d785a7953 Refactor common bits of check_policy and check_edit 2010-05-15 11:51:00 -04:00
Todd C. Miller
31087fdcd6 Add sudoedit support 2010-05-15 07:51:24 -04:00
Todd C. Miller
3efb055c88 Rely more on VPATH; fixes a dependency issue with the parser. 2010-05-14 18:31:21 -04:00
Todd C. Miller
d7f238ffaf Fix typo introduced in last commit 2010-05-14 16:49:22 -04:00
Todd C. Miller
553361aca0 Emulate seteuid using setreuid() or setresuid() as needed. 
There are still a few places that call seteuid() directly.
 2010-05-14 16:43:55 -04:00
Todd C. Miller
e336dac874 Attempt to fix building on systems that only have setuid. 2010-05-14 16:35:03 -04:00
Todd C. Miller
9a6cbe03b6 Clarify sudoedit a tad. 2010-05-14 09:39:01 -04:00
Todd C. Miller
39652bf75f Fix compilation on HP-UX 2010-05-13 20:10:21 -04:00
Todd C. Miller
c8a62b1ecb Document sudoedit 2010-05-13 17:49:52 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
d5bfd148d6 Make find_path() a little more generic by not checking def_foo 
variables inside it.  Instead, pass in ignore_dot as a function
argument.
 2010-05-13 10:27:03 -04:00
Todd C. Miller
832ce341e4 Add version of getenv(3) that uses our own environ pointer. 2010-05-13 10:20:40 -04:00
Todd C. Miller
396317ffe9 Avoid a potential race condition if SIGCHLD is received immediately 
before we call select().
 2010-05-12 11:13:40 -04:00
Todd C. Miller
1487026b03 Call env_init() before we open the sudoers sources as those may 
call our setenv() replacement.
 2010-05-12 08:32:12 -04:00
Todd C. Miller
754c1a16dd Initialize env_len in env_init() 2010-05-12 08:31:29 -04:00
Todd C. Miller
21ba4a4680 Document time stamp shortcomings under SECURITY NOTES 
Use "time stamp" instead of timestamp.
 2010-05-11 15:33:47 -04:00
Todd C. Miller
ad4700e7ae Make sed substitution of mansectsu and mansectform global. 2010-05-11 15:33:08 -04:00
Todd C. Miller
a331dcb46a If the tty lives on a devpts filesystem, stash the ctime in the tty 
ticket file, as it is not updated when the tty is written to.
This helps us determine when a tty has been reused without the
user authenticating again with sudo.
 2010-05-11 14:25:14 -04:00
Todd C. Miller
8ea8de47fa Fix pasto in mulitple signal fix and use _NSIG not NSIG since that 
is what our compat checks set.
 2010-05-11 13:33:42 -04:00
Todd C. Miller
06e650a450 Add check for whether sudo need to link with -ldl to get dlopen(). 
This is a bit of a hack that will get reworked when libtool is
updated.
 2010-05-11 13:21:50 -04:00
Todd C. Miller
b89980ac6e Fix timestamp removal with -k/-K 2010-05-11 13:08:41 -04:00
Todd C. Miller
e324082d5c audit.c is now private to the sudoers plugin 2010-05-11 12:18:41 -04:00
Todd C. Miller
7502a3d71f Link with -lpthread on HP-UX since a plugin may be linked with -lpthread 
and dlopen() will fail if the shared object has a dependency on -lpthread
but the main program is not linked with it.
 2010-05-11 12:11:03 -04:00