Todd C. Miller
74c2dc7806
Add execve failure in pty bug fix.
2016-06-09 11:00:02 -06:00
Todd C. Miller
ce28b15eca
sync with translationproject.org
2016-06-09 10:51:40 -06:00
Todd C. Miller
8a86233c16
In handle_sigchld() fix the return value when we've already received
...
an exec error. We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
2016-06-09 10:50:58 -06:00
Todd C. Miller
1ec4d9918d
Move sudo_debug_execve() call into sudo_execve().
2016-06-09 10:48:59 -06:00
Todd C. Miller
12ab5b8108
sync with translationproject.org
2016-06-09 07:12:38 -06:00
Todd C. Miller
bd8e3b5fb9
update for 1.8.17 final
2016-06-07 13:45:37 -06:00
Todd C. Miller
1052a7205f
Fix setting of hard stack limit when stack_hard is not specified
...
in /etc/security/limits. When 64-bit resource limits are supported
we can use the default value of 8388608 512-byte blocks directly.
We should only resort to using RLIM_SAVED_MAX for 32-bit resource
limits.
2016-06-07 13:06:27 -06:00
Todd C. Miller
734b43c6b0
regen
2016-06-06 10:07:58 -06:00
Todd C. Miller
3169259821
Ignore empty ipa_hostname
2016-06-05 14:42:54 -06:00
Todd C. Miller
c6a21bd53d
Better martching of ipa_hostname in sssd.conf
2016-06-05 05:40:32 -06:00
Todd C. Miller
9b027676c0
Use the value of ipa_hostname from /etc/sssd/sssd.conf if present
...
instead of the system hostname.
2016-06-04 19:52:10 -06:00
Todd C. Miller
ccf88d3bb2
When matching host, short-circuit the loop when we get a match.
...
Only check username as part of the netgroup when netgroup_tuple is
enabled.
2016-06-03 14:07:40 -06:00
Todd C. Miller
a71cac91f2
Avoid using !strcmp()
2016-06-03 13:58:12 -06:00
Todd C. Miller
b6beccf19e
SSSD doesn't handle netgroups, we have to ensure they are correctly filtered
...
in sudo. The rules may contain mixed sudoUser specification so we have to
check not only for netgroup membership but also for user and group matches.
Adapted from a patch from Daniel Kopecek.
2016-06-02 10:47:39 -06:00
Todd C. Miller
a24f4b8248
Return PAM_CONV_ERR from the conversation function if getpass returns
...
NULL or the user pressed ^C.
2016-06-01 14:48:31 -06:00
Todd C. Miller
7a35bab8c8
Make base64 decoding table-driven.
2016-06-01 12:43:02 -06:00
Todd C. Miller
fc517ba9f8
Back out cfa26b99228f, it was already fixed differently.
...
Caught by regress checks.
2016-06-01 12:38:53 -06:00
Todd C. Miller
6c3c03ea26
Allow double-quoted groups and netgroups to be part of a Defaults spec.
...
From Daniel Kopecek.
2016-05-31 13:50:38 -06:00
Todd C. Miller
638acc28cf
The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8.
...
Also fix the section for ldap.conf cross-references.
2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0
Fix copy pasta, "sudoNotAfter" not "sudoNotBefore".
...
Add missing word "order" in a sentence describing sudoOrder.
2016-05-31 13:14:30 -06:00
Todd C. Miller
461a419d04
For sudo -ll (long list) print the SSSD role just like we do
...
for the LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch
2016-05-31 13:07:31 -06:00
Todd C. Miller
c6b41b1657
Setting timestamp_timeout less than zero only lasts until the
...
next reboot. Adapted from a RedHat patch.
2016-05-31 12:57:08 -06:00
Todd C. Miller
77179d69de
sync with translationproject.org
2016-05-31 12:31:40 -06:00
Todd C. Miller
53ebf69af3
fputs() is now specified as returning non-negative on success, not
...
explicitly zero. Fixes a failure on glibc.
2016-05-25 14:50:05 -06:00
Todd C. Miller
e93b4aa681
Don't try to dereference replies[] if it is a NULL pointer.
2016-05-25 14:48:52 -06:00
Todd C. Miller
db2c732931
sudo_version should be unsigned
2016-05-25 08:44:53 -06:00
Todd C. Miller
4d36fbec2f
sync with translationproject.org
2016-05-25 08:41:45 -06:00
Todd C. Miller
63dbb74250
Korean translation for sudo and sudoers from translationproject.org.
2016-05-25 08:41:27 -06:00
Todd C. Miller
5e1084c08a
Ignore PAM_SESSION_ERR from pam_open_session() since this can
...
apparently happen on systems using Solaris-derived PAM. Other
errors from pam_open_session() are treated as fatal. This avoids
the "policy plugin failed session initialization" error message
seen on some systems.
2016-05-25 08:33:57 -06:00
Todd C. Miller
356e74e1db
Don't read from stdin when flushing final buffers in blocking mode.
...
Reading from the pipe can block too if the other end is not closed.
2016-05-24 11:16:44 -06:00
Todd C. Miller
e3514817df
Mention visudo -x change.
2016-05-23 11:32:01 -06:00
Todd C. Miller
58ffab1dfa
There's no need to escape forward slashes in JSON output. While
...
it is legal to escape a forward slash, it is not required.
2016-05-23 11:29:17 -06:00
Todd C. Miller
ab861b92d2
Document that in 1.8.12 sudo started being able to check the NIS
...
domain on Solaris.
2016-05-23 11:21:34 -06:00
Todd C. Miller
ccece8c01d
Better description of the I/O logging pipe issue.
2016-05-20 11:00:18 -06:00
Todd C. Miller
8f694cc228
In del_io_events(), avoid reading from the pty master in blocking
...
mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
another that could block if stdin is a pipe. This ensures we consume
the pipe until EOF.
2016-05-20 10:17:23 -06:00
Todd C. Miller
223b251c19
Improve debug info in sudo_ev_add() and sudo_ev_del()
2016-05-20 10:14:38 -06:00
Todd C. Miller
994f86b40f
In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag
...
so the event loop will exit after a single run through. Otherwise,
we may hang at exit on non-BSD systems.
2016-05-20 08:12:46 -06:00
Todd C. Miller
d8cfe62113
regen
2016-05-18 14:31:04 -06:00
Todd C. Miller
38f4ba2249
Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF
...
for this because that corresponds to the value for atomic pipe
writes. The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.
2016-05-17 08:31:23 -06:00
Todd C. Miller
fb247aa76a
I/O logging bug fix
2016-05-17 08:19:21 -06:00
Todd C. Miller
3b6cb9d65b
Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close
...
time, only when the user suspends sudo. Fixes a problem where all
buffers might not get flushed at exit when logging I/O. Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
2016-05-17 08:16:43 -06:00
Todd C. Miller
eb4510597b
Don't try to fflush(export_fp) or ferror(export_fp) if export_fp
...
is NULL, which can happen on the error path.
2016-05-16 14:16:08 -06:00
Todd C. Miller
a2e541aef8
O_NOCTTY has no effect when opening /dev/tty as the open can only
...
succeed if there is already a controlling tty.
2016-05-16 11:17:20 -06:00
Todd C. Miller
3b39377246
Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on
...
first open like a physical terminal. By definition, if you have a
controlling tty, the first open (which might block) has already
occurred.
2016-05-16 11:12:54 -06:00
Todd C. Miller
4e6b6fd0fa
Use O_NOCTTY when opening a tty.
2016-05-16 11:00:31 -06:00
Todd C. Miller
3161c05a04
regen
2016-05-16 10:29:30 -06:00
Todd C. Miller
b9dde14808
No need to set pass to NULL after freeing at the end of the loop
...
it since it is already set to NULL each time through the loop.
2016-05-16 10:18:31 -06:00
Todd C. Miller
67eb6dad0f
SELinux fixes in 1.8.17.
2016-05-14 19:40:12 -06:00
Todd C. Miller
787912fa91
Check fprintf() return value in writeln_wrap() and return the number
...
of characters actually written, or -1 on error.
2016-05-14 19:38:23 -06:00
Todd C. Miller
009f3e6456
Check fputs() return value.
2016-05-14 19:34:42 -06:00