isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,952 Commits 1 Branch 0 Tags
a0646aa4ad768869adc21a9f48c0a63a6657a72c
Commit Graph

4952 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
553361aca0 Emulate seteuid using setreuid() or setresuid() as needed. 
There are still a few places that call seteuid() directly.
 2010-05-14 16:43:55 -04:00
Todd C. Miller
e336dac874 Attempt to fix building on systems that only have setuid. 2010-05-14 16:35:03 -04:00
Todd C. Miller
9a6cbe03b6 Clarify sudoedit a tad. 2010-05-14 09:39:01 -04:00
Todd C. Miller
39652bf75f Fix compilation on HP-UX 2010-05-13 20:10:21 -04:00
Todd C. Miller
c8a62b1ecb Document sudoedit 2010-05-13 17:49:52 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
d5bfd148d6 Make find_path() a little more generic by not checking def_foo 
variables inside it.  Instead, pass in ignore_dot as a function
argument.
 2010-05-13 10:27:03 -04:00
Todd C. Miller
832ce341e4 Add version of getenv(3) that uses our own environ pointer. 2010-05-13 10:20:40 -04:00
Todd C. Miller
396317ffe9 Avoid a potential race condition if SIGCHLD is received immediately 
before we call select().
 2010-05-12 11:13:40 -04:00
Todd C. Miller
1487026b03 Call env_init() before we open the sudoers sources as those may 
call our setenv() replacement.
 2010-05-12 08:32:12 -04:00
Todd C. Miller
754c1a16dd Initialize env_len in env_init() 2010-05-12 08:31:29 -04:00
Todd C. Miller
21ba4a4680 Document time stamp shortcomings under SECURITY NOTES 
Use "time stamp" instead of timestamp.
 2010-05-11 15:33:47 -04:00
Todd C. Miller
ad4700e7ae Make sed substitution of mansectsu and mansectform global. 2010-05-11 15:33:08 -04:00
Todd C. Miller
a331dcb46a If the tty lives on a devpts filesystem, stash the ctime in the tty 
ticket file, as it is not updated when the tty is written to.
This helps us determine when a tty has been reused without the
user authenticating again with sudo.
 2010-05-11 14:25:14 -04:00
Todd C. Miller
8ea8de47fa Fix pasto in mulitple signal fix and use _NSIG not NSIG since that 
is what our compat checks set.
 2010-05-11 13:33:42 -04:00
Todd C. Miller
06e650a450 Add check for whether sudo need to link with -ldl to get dlopen(). 
This is a bit of a hack that will get reworked when libtool is
updated.
 2010-05-11 13:21:50 -04:00
Todd C. Miller
b89980ac6e Fix timestamp removal with -k/-K 2010-05-11 13:08:41 -04:00
Todd C. Miller
e324082d5c audit.c is now private to the sudoers plugin 2010-05-11 12:18:41 -04:00
Todd C. Miller
7502a3d71f Link with -lpthread on HP-UX since a plugin may be linked with -lpthread 
and dlopen() will fail if the shared object has a dependency on -lpthread
but the main program is not linked with it.
 2010-05-11 12:11:03 -04:00
Todd C. Miller
f38afc9779 Add separate test for getresuid() since HP-UX has setresuid() but no 
getresuid().
 2010-05-11 10:55:59 -04:00
Todd C. Miller
c76e6aa1e3 Remove errant backslash 2010-05-11 10:07:12 -04:00
Todd C. Miller
cafc6a4f66 Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout 
we need to pass any SIGPIPE we receive to the running command.
 2010-05-11 08:59:59 -04:00
Todd C. Miller
02f8c187a5 Also start the command in the background if stdin is not a tty. 2010-05-11 08:12:02 -04:00
Todd C. Miller
c2d0888bf9 No need to use pseudo-cbreak mode now that we use pipes when stdout is 
not a tty.  Instead, check whether stdin is a tty and if not, delay
setting the tty to raw mode until the command tries to access it itself
(and receives SIGTTIN or SIGTTOU).
 2010-05-10 17:23:35 -04:00
Todd C. Miller
cbb3010d73 Use an array for signals received instead of a single variable so 
we don't lose any when there are multiple different signals.
 2010-05-10 15:13:48 -04:00
Todd C. Miller
5adda153ae Do signal setup after turning off echo, not before. If we are using 
a tty but are not the foreground pgrp this will generate SIGTTOU
so we want the default action to be taken (suspend process).
 2010-05-10 15:02:50 -04:00
Todd C. Miller
23a9bf2c07 Flush the iobufs on suspend or child exit using the same logic 
as the main event loop.
 2010-05-07 10:15:25 -04:00
Todd C. Miller
b08a96eea7 Free memory after we are done with it. 2010-05-07 10:14:12 -04:00
Todd C. Miller
247f7acaaf Quest now sponsors Sudo development 2010-05-06 10:54:21 -04:00
Todd C. Miller
75f63d9981 Install sudo_plugin man page. 2010-05-05 16:19:02 -04:00
Todd C. Miller
3cbbf27e9d Go back to reseting io_buffer offset and length (and now also the 
EOF handling) in the loop we do the FD_SET, not after we drain the
buffer after write() since we don't know what order reads and writes
will occur in.
 2010-05-05 16:11:13 -04:00
Todd C. Miller
0af98f2e9d audit files moved to sudoers plugin directory 2010-05-05 13:25:29 -04:00
Todd C. Miller
7da9e1a912 Document plugin_printf and new logging functions. 2010-05-05 13:22:21 -04:00
Todd C. Miller
b4d16ae1af Add support for logging stdin when it is not a tty. 
There is still a bug where "cat | sudo cat" has problems because
both cat and sudo are trying to read from the tty.
 2010-05-05 09:47:12 -04:00
Todd C. Miller
782f494003 Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. 
NOTE: stdin logging does not currently work and is disabled for now.
 2010-05-05 07:29:28 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
b60b28abd1 Stop if make in a subdir fails 2010-05-04 15:13:40 -04:00
Todd C. Miller
e3f561668f Only set user's tty to blocking mode when doing the final flush. 
Flush pipes as well as pty master when the process is done.
 2010-05-04 09:09:12 -04:00
Todd C. Miller
dc72c27b1b Use print_error() when displaying ldap config info in debugging mode. 2010-05-03 18:02:19 -04:00
Todd C. Miller
9166c156e6 No longer need strdup() or strndup() replacements. 2010-05-03 17:56:06 -04:00
Todd C. Miller
13966481c7 Add print_error() function that uses the conversation function to 
print a variable number of error strings and use it in log_error().
 2010-05-03 16:53:05 -04:00
Todd C. Miller
0eda64b235 Do not need the opost flag to term_copy() now that we use pipes for 
stdout/stderr when they are not a tty.
 2010-05-03 10:41:26 -04:00
Todd C. Miller
dd256f25ca Use pipes to the sudo process if stdout or stderr is not a tty. 
Still needs some polishing and a decision as to whether it is
desirable to add additonal entry points for logging stdout/stderr/stdin
when they are not ttys.  That would allow a replay program to keep
things separate and to know whether the terminal needs to be in raw
mode at replay time.
 2010-05-03 10:12:54 -04:00
Todd C. Miller
5475020561 Move audit sources into the sudoers plugin dir; the driver does not use them. 2010-04-30 15:38:33 -04:00
Todd C. Miller
d346e50903 Use angle brackets when including headers that can only be found when 
an -I flag is specified.  The files in the compat dir could get away
with double quotes here but I've converted all the source files
to use angle brackets for consistency.
 2010-04-30 15:13:47 -04:00
Todd C. Miller
1438664047 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat dir 
can be found when building outside the source tree.
 2010-04-30 15:13:15 -04:00
Todd C. Miller
1473d78637 Clean up links in distclean 2010-04-30 13:57:27 -04:00
Todd C. Miller
8cfde4f9db Hack around VPATH semantic differences by symlinking files we need from 
../../src into the current directory and build those.  A better fix would
be to either make a .a or .la file with those files in it or simply
use a single, flat, Makefile instead of per-subdirs Makefiles.
 2010-04-30 13:53:33 -04:00
Todd C. Miller
23f9bb59ec fmt_string is used by the sudoers plugin too so do not include sudo.h 
(which is not really needed here anyway)
 2010-04-30 13:40:57 -04:00