isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,950 Commits 1 Branch 0 Tags
4695dd1b700d7f08d07c71757ab8f982e9a3b32b
Commit Graph

4950 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4695dd1b70 Re-enable PATH_MAX check for command 2010-05-26 16:33:35 -04:00
Todd C. Miller
c7d685b90a For distclean, clean the main directory last since the subdirs 
need to be able to run libtool to clean things.
 2010-05-26 16:10:24 -04:00
Todd C. Miller
acc60712e5 Fix generation of mksiglist.h 2010-05-26 15:43:46 -04:00
Todd C. Miller
efa908448d Now that we defer sending cstat until the end of script_child() 
we cannot reuse cstat when reading command status from parent.
 2010-05-26 11:19:17 -04:00
Todd C. Miller
807d1313a5 Use numeric registers to handle conditionals instead of trying 
to do it all with text processing.
 2010-05-25 16:13:04 -04:00
Todd C. Miller
5dd8e98ec7 Document per-command SELinux settings 2010-05-25 14:43:39 -04:00
Todd C. Miller
45923111e0 Repair "sudo -l -U username" 2010-05-25 14:21:21 -04:00
Todd C. Miller
937b5f166d Set selinux role and type in command details. 2010-05-25 13:58:16 -04:00
Todd C. Miller
2942edcbd0 Rework SELinux support. 2010-05-25 11:00:39 -04:00
Todd C. Miller
5f857e6e54 Make SELinux support compile again. Needs more work to be complete. 2010-05-24 18:18:50 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
60e0e496ef If running a command or sudoedit in transcript mode, call io_nextid() 
before log_allowed() so the session id is logged.
 2010-05-24 14:30:54 -04:00
Todd C. Miller
79cb53c62c Use mandoc(1) if nroff(1) is not present. 2010-05-24 12:35:43 -04:00
Todd C. Miller
b519f7a097 Use the --file argument to config.status instead of setting CONFIG_FILES 
in the environment.
 2010-05-24 12:25:20 -04:00
Todd C. Miller
5dd7fd4305 We cannot conditionally update gram.h or the dependency ordering gets 
messed up in devel mode.
 2010-05-24 12:10:05 -04:00
Todd C. Miller
8a8830e34f Substitute @SHELL@ into Makefiles 2010-05-21 21:29:44 -04:00
Todd C. Miller
222a4f7c8a Fix typo 2010-05-21 21:05:44 -04:00
Todd C. Miller
755752c6b1 Update to autoconf 2.65 2010-05-21 19:25:17 -04:00
Todd C. Miller
815e401281 Fix libtool target (space vs. tabs) 2010-05-21 18:41:18 -04:00
Todd C. Miller
8ae8e8442c Remove use of RETSIGTYPE; all modern systems have signal handlers that 
return void.
 2010-05-21 18:40:04 -04:00
Todd C. Miller
51b558e753 Update to libtool-2.2.6b. I haven't made any local modifications 
this time, which should be OK since we install sudo_noexec.so by
hand now.
 2010-05-21 17:59:47 -04:00
Todd C. Miller
6b370cb020 Use libtool to clean objects 2010-05-21 16:53:21 -04:00
Todd C. Miller
a60f268a7c Install sudo_plugin.h as part of "make install" and make other install 
targets callable from the top-level Makefile
 2010-05-21 16:52:31 -04:00
Todd C. Miller
60b5321558 regen with autoupdate to eliminate AC_TRY_LINK 2010-05-21 15:53:39 -04:00
Todd C. Miller
95d939f9bb Install sudo_plugin.h as part of "make install" and make other install 
targets callable from the top-level Makefile
 2010-05-21 15:31:36 -04:00
Todd C. Miller
b628e15dc4 The sample plugin doesn't support being run with no args so return 
a usage error in this case.
 2010-05-21 14:56:31 -04:00
Todd C. Miller
f59669fc20 Set close on exec flag for descriptors used for I/O logging so they 
are not present in the command being run.
 2010-05-21 14:51:50 -04:00
Todd C. Miller
d3d8364d4e Set close on exec flag in private versions of setpwent() and setgrent(). 2010-05-21 14:51:05 -04:00
Todd C. Miller
16c2769ed9 Close the I/O pipes aftering dup2()ing them to std{in,out,err}. 
Fixes extra fds being present in the command when it is part of a pipeline.
 2010-05-21 14:50:26 -04:00
Todd C. Miller
529bfcf674 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does 
(it is used when logging).  Note that user_ttypath will still be
NULL if there is no tty.
 2010-05-21 12:19:55 -04:00
Todd C. Miller
064cffd575 Cosmetic changes: 
add comments, remove orphaned prototype and make a global static.
 2010-05-21 12:01:11 -04:00
Todd C. Miller
a9a16d7331 Move check for maxfd == -1 to flush_output where it belongs. 2010-05-20 17:34:53 -04:00
Todd C. Miller
d18b458e1f Break out of select loop if all the fds we want to select on are -1. 2010-05-20 17:13:22 -04:00
Todd C. Miller
20c125297f Avoid possible malloc(0) if plugin returns an empty groups list. 2010-05-20 17:10:16 -04:00
Todd C. Miller
9360e67a3d Add debugging info when calling plugin close function 2010-05-20 17:01:53 -04:00
Todd C. Miller
882fe3ac41 Avoid closing stdin/stdout/stderr when we are piping output. 2010-05-20 17:01:27 -04:00
Todd C. Miller
f8ff268318 When execve() of the command fails, it is possible to receive SIGCHLD 
before we've read the error status from the pipe.  Re-order things
such that we send the final status at the very end and prefer error
status over wait status.
 2010-05-20 07:33:14 -04:00
Todd C. Miller
d2b8bad2a5 Fix compilation for non PAM/BSD auth/AIX auth 2010-05-19 11:40:46 -04:00
Todd C. Miller
0eec7335af Additional checks to make sure we don't close /dev/tty by mistake. 
When flushing, sleep in select as long as we have buffers that need
to be written out.
 2010-05-18 18:50:20 -04:00
Todd C. Miller
6a2a182e0f Now that we can use pipes for stdin/stdout/stderr there is no 
longer a need to error out when there is no tty.  We just need
to make sure we don't try to use the tty fd if it is -1.
 2010-05-18 17:43:10 -04:00
Todd C. Miller
55ef027d88 Add argc and argv to I/O logger open function. 2010-05-17 10:38:56 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
3ac9aee52e If plugin sets "sudoedit=true" in the command info, enable 
sudoedit mode even if not invoked as sudoedit.  This allows
a plugin to enable sudoedit when the user runs an editor.
 2010-05-16 19:27:04 -04:00
Todd C. Miller
285ccb152c gram.h must not depend on gram.y if we want to avoid unnecessary 
rebuilding of targets dependent on gram.h when gram.y changes.
 2010-05-15 15:12:06 -04:00
Todd C. Miller
2d785a7953 Refactor common bits of check_policy and check_edit 2010-05-15 11:51:00 -04:00
Todd C. Miller
31087fdcd6 Add sudoedit support 2010-05-15 07:51:24 -04:00
Todd C. Miller
3efb055c88 Rely more on VPATH; fixes a dependency issue with the parser. 2010-05-14 18:31:21 -04:00
Todd C. Miller
d7f238ffaf Fix typo introduced in last commit 2010-05-14 16:49:22 -04:00
Todd C. Miller
553361aca0 Emulate seteuid using setreuid() or setresuid() as needed. 
There are still a few places that call seteuid() directly.
 2010-05-14 16:43:55 -04:00
Todd C. Miller
e336dac874 Attempt to fix building on systems that only have setuid. 2010-05-14 16:35:03 -04:00