isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,254 Commits 1 Branch 0 Tags
6a9ed1998bb4cc67bf5262c3dbd8fa06cdcf143f
Commit Graph

953 Commits

Author SHA1 Message Date
Todd C. Miller
6a9ed1998b Sudo 1.9.2 2020-07-15 10:46:31 -06:00
Todd C. Miller
be89bdcf7c Fix some warnings displayed by autoconf 2.69b 
This fixes the missing HAVE_GSSAPI_GSSAPI_H define in config.h.in.
TODO: replace shadow_funcs variable in function checks with literals
 2020-07-15 10:12:55 -06:00
Todd C. Miller
9ef09595f9 Allow HP-UX share libs and modules to link against static libs. 
hppa64 and ia64 use PIC by default
 2020-06-26 09:13:38 -06:00
Todd C. Miller
4cadd54951 Use pkg-config to find the openssl cflags and libs if possible. 
We support linking against static openssl libs too.
 2020-06-25 20:55:02 -06:00
Todd C. Miller
5e9346d4e9 Add -Wimplicit-fallthrough to --enable-warnings if available. 
Note that clang 10 has support for -Wimplicit-fallthrough in C code
but doesn't recognize lint-style FALLTHROUGH comments like gcc does
so we can't use it.
 2020-06-20 13:51:02 -06:00
Todd C. Miller
23b1ee2f45 Fix some warnings from configure test programs. 2020-06-20 13:51:02 -06:00
Todd C. Miller
f2dce25ac1 Drop old test for -lcposix for ISC Unix. 2020-06-20 11:21:27 -06:00
Todd C. Miller
48c2bd0007 Declare getdelim(3) if it exists in libc but is not prototyped in stdio.h. 
This can happen on systems with a gcc packages that was built on
and older versions of the OS where getdelim(3) was not present.
 2020-06-06 18:45:27 -06:00
Todd C. Miller
17b3f90f74 For python3-config, only use -I and -L/-l from --cflags and --ldflags output. 
Otherwise we may get other flags used to build python that conflict
with what sudo uses.
 2020-06-06 16:32:10 -06:00
Todd C. Miller
026caf0081 Add basic support for --runstatedir 
If the user specifies --runstatedir but not --with-rundir, use
runstatdir as the parent directory of the sudo rundir.

In the future we may deprecate --with-rundir in favor of --runstatedir
but that will require changes for systems with no /var/run directory.
 2020-05-20 18:51:52 -06:00
Todd C. Miller
5a69831dd4 Sudo 1.9.1 2020-05-18 18:50:50 -06:00
Todd C. Miller
d3b710b0da cfmakeraw(3) is broken on AIX, don't use it there 
The cfmakeraw(3) function exists but does not set VMIN to 1 or VTIME
to 0 in c_cc[] in struct termios, which makes it useless.  The AIX
version also doesn't clear the CSIZE and PARENB flags from c_cflag.
 2020-05-12 09:52:27 -06:00
Todd C. Miller
04cb06160a Fix a few more typos. 2020-05-07 07:49:54 -06:00
Todd C. Miller
a212ee64e3 Use the --embed when running "python3-config --ldflags" if supported. 
Newer versions of python3-config only include libpython in the
output when the --embed is used.  Otherwise, "python3-config --libs"
and "python3-config --ldflags" only list the libraries python is
dependent on and not the python library itself.
 2020-05-03 12:56:26 -06:00
Todd C. Miller
024b146d06 1.9.0 final 2020-04-14 19:26:41 -06:00
Todd C. Miller
55eb0a633c Install the example sudo_logsrvd.conf unless one already exists 2020-04-08 08:54:27 -06:00
Todd C. Miller
dfd5a88772 Sudo 1.9.0rc1 2020-04-07 15:08:26 -06:00
Todd C. Miller
0a10c702be Split sudo_logsrvd and the python plugin into their own packages. 2020-04-07 14:03:58 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
0fcb647160 Check for presence of fseeko() regardless of utmp type. 2020-01-28 13:00:54 -07:00
Todd C. Miller
c9b68ccb34 Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version 
Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
 2020-01-23 09:38:09 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Robert Manner
b66ecf6e13 plugins/python: various portability improvements 2020-01-20 06:30:20 -07:00
Todd C. Miller
aed69fb471 We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. 
Otherwise, LD_LIBRARY_PATH does not work when running the tests.
The GNU linker's --enable-new-dtags can be used to do this.
We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
 2020-01-15 10:13:54 -07:00
Todd C. Miller
8747a9554e If --enable-openssl or --enable-gcrypt is given a path, append to LDFLAGS. 
Previously we appended the path to SUDOERS_LDFLAGS but now that we
use OpenSSL in the log server, LDFLAGS is the correct one to use.
 2020-01-07 11:33:26 -07:00
Todd C. Miller
5bf0752021 Substitute plugin dir into examples/sudo.conf 2020-01-02 12:53:30 -07:00
Todd C. Miller
c8532ae7a9 Enable OpenBSD extensions on NetBSD to get reallocarray(3) prototype. 2019-12-25 11:21:49 -07:00
Todd C. Miller
c6f8f4b545 Move init.d and sudo.pp to the etc dir. 2019-12-23 14:29:27 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Todd C. Miller
96a03a0891 regen 2019-12-14 13:02:53 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
58cede6fee Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv 2019-11-15 13:35:58 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Laszlo Orban
e201f104d4 make audit server openssl dependency optional; tls layer is compiled only if sudo is built with --enable-openssl feature switch 2019-11-15 09:52:48 +01:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
240d589136 Command line option processing for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
2272430716 Import proof of concept sudo log server. 2019-10-24 20:04:29 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b6aa80b5f8 Sudo 1.8.28p1 2019-10-16 05:57:58 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
fd5d0f511e Back out compiler override for now. 2019-10-06 10:46:18 -06:00