isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,232 Commits 1 Branch 0 Tags
4e74b389c2edee4dc4183f73a0de9afaa1e458cd
Commit Graph

194 Commits

Author SHA1 Message Date
Todd C. Miller
3fbd834783 Add missing const to I/O log action function 2010-06-04 09:10:05 -04:00
Todd C. Miller
cd26d2891d Unbreak the non-io logging case. 2010-06-02 14:23:38 -04:00
Todd C. Miller
2b8fc46e2c Fix symbol name conflict with sudo_printf. 2010-06-02 11:10:04 -04:00
Todd C. Miller
1eafb30a44 Fix a bug where we could treat EAGAIN as a permanent error. 
Also set cstat if perform_io() returns an error.
 2010-06-01 10:58:11 -04:00
Todd C. Miller
73b630fa97 Completely remove the -L flag from the sudo front end. 2010-05-28 17:37:36 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
303d856065 Minor Makefile cleanup: fix a typo, change the removal order in 
the clean targets, and remove a superfluous include path for
the sudoers plugin.
 2010-05-28 10:41:58 -04:00
Todd C. Miller
62f470a575 Link libcommon before libreplace since libcommon may use functions 
only present in libreplace.
 2010-05-27 17:48:17 -04:00
Todd C. Miller
b8b006a885 Move code common to sudo and the sudoers plugin to a convenience library, 
libcommon.  Removes the need to make links in the sudoers plugin dir
and reduces re-compilation of duplicate object files.
 2010-05-27 17:27:36 -04:00
Todd C. Miller
9773ba3f79 Rename script_execve to sudo_execve and rename script_foo in exec.c 2010-05-27 16:46:31 -04:00
Todd C. Miller
4248a11ef7 rename script.c exec.c and fix up the MANIFEST file 2010-05-27 16:32:41 -04:00
Todd C. Miller
f8f82ffa8e Rename script_setup() to pty_setup() and call from script_execve() 
directly.
 2010-05-27 16:29:48 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
efa908448d Now that we defer sending cstat until the end of script_child() 
we cannot reuse cstat when reading command status from parent.
 2010-05-26 11:19:17 -04:00
Todd C. Miller
2942edcbd0 Rework SELinux support. 2010-05-25 11:00:39 -04:00
Todd C. Miller
5f857e6e54 Make SELinux support compile again. Needs more work to be complete. 2010-05-24 18:18:50 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
8a8830e34f Substitute @SHELL@ into Makefiles 2010-05-21 21:29:44 -04:00
Todd C. Miller
51b558e753 Update to libtool-2.2.6b. I haven't made any local modifications 
this time, which should be OK since we install sudo_noexec.so by
hand now.
 2010-05-21 17:59:47 -04:00
Todd C. Miller
6b370cb020 Use libtool to clean objects 2010-05-21 16:53:21 -04:00
Todd C. Miller
95d939f9bb Install sudo_plugin.h as part of "make install" and make other install 
targets callable from the top-level Makefile
 2010-05-21 15:31:36 -04:00
Todd C. Miller
16c2769ed9 Close the I/O pipes aftering dup2()ing them to std{in,out,err}. 
Fixes extra fds being present in the command when it is part of a pipeline.
 2010-05-21 14:50:26 -04:00
Todd C. Miller
064cffd575 Cosmetic changes: 
add comments, remove orphaned prototype and make a global static.
 2010-05-21 12:01:11 -04:00
Todd C. Miller
a9a16d7331 Move check for maxfd == -1 to flush_output where it belongs. 2010-05-20 17:34:53 -04:00
Todd C. Miller
d18b458e1f Break out of select loop if all the fds we want to select on are -1. 2010-05-20 17:13:22 -04:00
Todd C. Miller
20c125297f Avoid possible malloc(0) if plugin returns an empty groups list. 2010-05-20 17:10:16 -04:00
Todd C. Miller
9360e67a3d Add debugging info when calling plugin close function 2010-05-20 17:01:53 -04:00
Todd C. Miller
882fe3ac41 Avoid closing stdin/stdout/stderr when we are piping output. 2010-05-20 17:01:27 -04:00
Todd C. Miller
f8ff268318 When execve() of the command fails, it is possible to receive SIGCHLD 
before we've read the error status from the pipe.  Re-order things
such that we send the final status at the very end and prefer error
status over wait status.
 2010-05-20 07:33:14 -04:00
Todd C. Miller
0eec7335af Additional checks to make sure we don't close /dev/tty by mistake. 
When flushing, sleep in select as long as we have buffers that need
to be written out.
 2010-05-18 18:50:20 -04:00
Todd C. Miller
6a2a182e0f Now that we can use pipes for stdin/stdout/stderr there is no 
longer a need to error out when there is no tty.  We just need
to make sure we don't try to use the tty fd if it is -1.
 2010-05-18 17:43:10 -04:00
Todd C. Miller
55ef027d88 Add argc and argv to I/O logger open function. 2010-05-17 10:38:56 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
3ac9aee52e If plugin sets "sudoedit=true" in the command info, enable 
sudoedit mode even if not invoked as sudoedit.  This allows
a plugin to enable sudoedit when the user runs an editor.
 2010-05-16 19:27:04 -04:00
Todd C. Miller
e336dac874 Attempt to fix building on systems that only have setuid. 2010-05-14 16:35:03 -04:00
Todd C. Miller
39652bf75f Fix compilation on HP-UX 2010-05-13 20:10:21 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
396317ffe9 Avoid a potential race condition if SIGCHLD is received immediately 
before we call select().
 2010-05-12 11:13:40 -04:00
Todd C. Miller
8ea8de47fa Fix pasto in mulitple signal fix and use _NSIG not NSIG since that 
is what our compat checks set.
 2010-05-11 13:33:42 -04:00
Todd C. Miller
cafc6a4f66 Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout 
we need to pass any SIGPIPE we receive to the running command.
 2010-05-11 08:59:59 -04:00
Todd C. Miller
02f8c187a5 Also start the command in the background if stdin is not a tty. 2010-05-11 08:12:02 -04:00
Todd C. Miller
c2d0888bf9 No need to use pseudo-cbreak mode now that we use pipes when stdout is 
not a tty.  Instead, check whether stdin is a tty and if not, delay
setting the tty to raw mode until the command tries to access it itself
(and receives SIGTTIN or SIGTTOU).
 2010-05-10 17:23:35 -04:00
Todd C. Miller
cbb3010d73 Use an array for signals received instead of a single variable so 
we don't lose any when there are multiple different signals.
 2010-05-10 15:13:48 -04:00
Todd C. Miller
5adda153ae Do signal setup after turning off echo, not before. If we are using 
a tty but are not the foreground pgrp this will generate SIGTTOU
so we want the default action to be taken (suspend process).
 2010-05-10 15:02:50 -04:00
Todd C. Miller
23a9bf2c07 Flush the iobufs on suspend or child exit using the same logic 
as the main event loop.
 2010-05-07 10:15:25 -04:00
Todd C. Miller
b08a96eea7 Free memory after we are done with it. 2010-05-07 10:14:12 -04:00
Todd C. Miller
3cbbf27e9d Go back to reseting io_buffer offset and length (and now also the 
EOF handling) in the loop we do the FD_SET, not after we drain the
buffer after write() since we don't know what order reads and writes
will occur in.
 2010-05-05 16:11:13 -04:00
Todd C. Miller
b4d16ae1af Add support for logging stdin when it is not a tty. 
There is still a bug where "cat | sudo cat" has problems because
both cat and sudo are trying to read from the tty.
 2010-05-05 09:47:12 -04:00
Todd C. Miller
782f494003 Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. 
NOTE: stdin logging does not currently work and is disabled for now.
 2010-05-05 07:29:28 -04:00