isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,550 Commits 1 Branch 0 Tags
8195fe1bd270d02385b6f25ea6d7583c5b51bf4f
Commit Graph

351 Commits

Author SHA1 Message Date
Todd C. Miller
acf8af9aac #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. 2012-11-12 08:51:58 -05:00
Todd C. Miller
83dde2fbb6 Add os-specific initialization functions for solaris (workaround 
setuid locale problem in Solaris 11) and openbsd (set malloc_options
if SUDO_DEVEL).  Also move set_project() to solaris.c.
 2012-11-11 07:11:22 -05:00
Todd C. Miller
ab7dda035a Replace strsigname() with sig2str(), emulating it as needed. 2012-08-29 14:25:09 -04:00
Todd C. Miller
71e2d8290b Use fseeko() for legacy utmp handling if available. 2012-08-29 10:32:49 -04:00
Todd C. Miller
f44afdc423 Detect sys_sigabbrev[] and use it in place of sys_signame[] if 
present.  For some reason glibc does not declare sys_sigabbrev so
we must add an extern definition of our own.
 2012-08-28 10:11:38 -04:00
Todd C. Miller
537dc94b9e Use strsigname() to print signal names in the debug output. 
If the system has no strsigname(), use our own.
 2012-08-26 20:12:51 -04:00
Todd C. Miller
3c57d6a06d Add support for ldaps using Tivoli LDAP libraries. 
Add ldap.conf option to specify Tivoli key db password.
Allow TLS ciphers to be configured for Tivoli.
 2012-06-29 12:14:45 -04:00
Todd C. Miller
c74d406313 Older versions of Solaris lack ngettext() 2012-06-18 14:29:06 -04:00
Todd C. Miller
1fe3f9f40f The visibility attribute was actually added in gcc 3.3.x, not 4.0. 
Just assume that if -fvisibility=hidden works that the attribute
is usable.
 2012-06-13 16:57:49 -04:00
Todd C. Miller
d29aede203 No longer throw an error if sudoers is a symbolic link. Deprecated 
the --with-stow option as that is now (effectively) the default.
 2012-05-21 13:30:59 -04:00
Todd C. Miller
cf3fce6651 Use AC_HEADER_MAJOR to determine where major/minor are defined. 2012-04-16 10:25:49 -04:00
Todd C. Miller
dbcd7222a1 Include sys/mkdev.h if present instead of sys/sysmacros.h for 
minor().  This is needed on Solaris (at least) where the makedev
macros in sysmacros.h are obsolete and library functions should be
used instead.
 2012-04-16 10:18:32 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
83fc02bc97 Rototill code to determine the tty. For Linux, we now look up the 
tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2].
The sudo_ttyname_dev() function maps the given device number to a
string.  On BSD, we can use devname().  On Solaris, _ttyname_dev()
does what we want.
TODO: write /dev/ traversal code for the generic sudo_ttyname_dev().
 2012-04-11 14:48:08 -04:00
Todd C. Miller
11f13be0dd Check for SVR4-style struct psinfo.pr_ttydev and use that to determine 
the tty if std{in,out,err} are not ttys.
 2012-04-10 15:53:41 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
9ceea5cb7b Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers 
to sudo_noexec.c.
 2012-03-30 09:36:30 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
9cd65dafc6 Add check for pam_getenvlist() 2012-03-14 20:55:11 -04:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
966fa83a9a Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions 
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 2012-02-28 10:33:16 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
8c1d8a7b15 Make a copy of the struct passwd in exec_setup() to make sure nothing 
in the policy init modifies it.
 2012-02-06 10:56:39 -05:00
Todd C. Miller
da6fe1230f Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. 2012-01-30 09:28:11 -05:00
Todd C. Miller
760cdb00d8 Remove obsolete template for HAVE_TIMESPEC 2012-01-12 13:25:04 -05:00
Todd C. Miller
528258aff5 Add support for determining tty via sysctl on other BSD variants. 2012-01-10 16:49:24 -05:00
Todd C. Miller
974e50dcf0 On newer FreeBSD we can get the parent's tty name via sysctl(). 2012-01-09 16:08:58 -05:00
Todd C. Miller
241b1db873 Add --enable-kerb5-instance configure option to allow people using 
Kerberos V authentication to use a custom instance.  Adapted from
a diff by Michael E Burr.
 2012-01-05 15:39:05 -05:00
Todd C. Miller
38a4990e4a Add getaddrinfo() for those without it, written by Russ Allbery 2011-12-02 17:28:50 -05:00
Todd C. Miller
86c86183ab Add stdbool.h for systems without it. 2011-12-01 13:49:46 -05:00
Todd C. Miller
e54fc4eb34 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default 
includes have unistd.h in them.  Add check for socklen_t for upcoming
getaddrinfo compat.
 2011-12-01 11:27:57 -05:00
Todd C. Miller
51e45647ae Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of 
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
 2011-12-01 11:07:17 -05:00
Todd C. Miller
c86561e502 Remove the old Kerberos IV support 2011-11-13 09:12:43 -05:00
Todd C. Miller
749a7695d0 Add checks for __func__ and __FUNCTION__ and mention that we now 
require a cpp that supports variadic macros.
 2011-10-22 14:20:52 -04:00
Todd C. Miller
4724e313e0 FreeBSD has libutil.h not util.h 2011-09-21 09:52:33 -04:00
Todd C. Miller
f730cb7873 Assume all modern systems support fstat(2). 2011-08-31 11:19:10 -04:00
Todd C. Miller
47af0fc2b8 Add configure test for missing errno declaration and only 
declare it ourselves if it is missing.
 2011-08-30 10:05:30 -04:00
Todd C. Miller
b124635b04 Instead of keeping separate groups and gids arrays, create struct 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
 2011-07-20 11:58:45 -04:00
Todd C. Miller
bf7e7b5752 Add gettext.h convenience header. This is similar to but distinct from 
the one included with the gettext package.
 2011-05-20 11:48:17 -04:00
Todd C. Miller
0954a1b1c0 Emulate ngettext for the non-nls case 2011-05-18 13:44:07 -04:00
Todd C. Miller
96b7c1f0f4 Add initial scaffolding to support localization via gettext() 2011-05-04 15:26:31 -04:00
Todd C. Miller
1e72fa9127 Add HAVE_RFC1938_SKEYCHALLENGE 2011-04-07 07:04:26 -04:00
Todd C. Miller
53d183c380 Add explicit check for struct utmpx.ut_exit.e_termination 
and struct utmpx.ut_exit.__e_termination.  HP-UX uses the latter.
Only update ut_exit if we detect one or the other.
 2011-03-29 09:10:40 -04:00
Todd C. Miller
2041d39db7 Add support for ut_exit 2011-03-15 16:18:33 -04:00
Todd C. Miller
8653ccc809 Redo utmp handling. If no getutent()/getutxent() is available, 
assume a ttyslot-based utmp.  If getttyent() is available, use
that directly instead of ttyslot() so we don't have to do the
stdin dup2 dance.
 2011-03-14 10:20:47 -04:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
1496bfed6c Add support for adding a utmp entry when allocating a new pty. 
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
Currently only creates a new entry if the existing tty has
a utmp entry.
 2011-03-08 15:37:40 -05:00
Todd C. Miller
39d9feb438 The howmany macro lives in sys/sysmacros.h on SVR5 systems 
Closes Bug 470
 2011-02-19 08:23:46 -05:00
Todd C. Miller
ed8e30cf6e Add --disable-env-reset configure option. 2011-01-28 16:52:25 -05:00
Todd C. Miller
807a9ca94b Do logging and email sending in the locale specified by the 
"sudoers_locale" setting ("C" by default).  Email send by sudo
includes MIME headers when the sudoers locale is not "C".
 2011-01-28 16:11:47 -05:00