isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
3b30984406 Use saved errno in vlog_warning() before calling sudo_vwarn_nodebug(). 
Fixes the error message printed if set_perms() fails.
 2015-03-21 15:41:59 -06:00
Todd C. Miller
be4872f691 For sudoedit, run the editor with the user's original environment 
as per the documentation (and as in sudo 1.7.x).  Bug #688
 2015-03-16 20:19:24 -06:00
Todd C. Miller
d8d6fae793 Sync with translationproject.org 2015-03-16 14:11:19 -06:00
Todd C. Miller
0600a0d0a9 Sync with translationproject.org 2015-03-09 11:16:09 -06:00
Todd C. Miller
9896b2243d Sync with translationproject.org 2015-03-05 12:28:51 -07:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00
Todd C. Miller
ea514dc391 Fix compiler warning on systems where mode_t is not unsigned int, 
such as 32-bit Solaris.
 2015-03-02 13:58:45 -07:00
Todd C. Miller
c9d4e1084c Fix logic for verifypw/listpw all in sudoers LDAP and sssd. 2015-03-02 11:37:43 -07:00
Todd C. Miller
74d3745cc6 regen 2015-02-27 14:48:41 -07:00
Todd C. Miller
233783511d Define YYDEBUG to 0 if not already defined so we can protect use 
of sudoersdebug with "#if YYDEBUG" like the generated parser does.
From David Michael.
 2015-02-27 07:10:20 -07:00
Todd C. Miller
d09a838939 regen 2015-02-26 09:40:10 -07:00
Todd C. Miller
8fdc46433c Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. 2015-02-25 16:45:12 -07:00
Todd C. Miller
973286c7ac Check the return value of gettimeofday(), even though it should 
never fail.
 2015-02-25 07:10:25 -07:00
Todd C. Miller
5d2e9426b2 We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as 
it may be present but not implemented.  Add sudo_gettime_real() and
sudo_gettime_mono() functions to get the real and monotonic times
respectively.  Now sudo_gettime_mono() checks the value of
sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC)
and falls back on sudo_gettime_real() as needed.  The Mach version
of sudo_gettime_mono() uses mach_absolute_time().

This should fix problems with timestamp files on systems where
the CLOCK_MONOTONIC is defined but not actually implemented.
 2015-02-24 11:19:21 -07:00
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
e11f32fd42 On AIX use the value of auth_type in /etc/security/login.cfg to 
determine whether to use LAM or PAM unless the user specified the
--with-pam or --with-aixauth configure flags.
 2015-02-23 11:12:43 -07:00
Todd C. Miller
1ca3e1834e Update the regression test that check that all tags are parsed. 2015-02-20 16:02:37 -07:00
Todd C. Miller
bd8eebd6f7 regen 2015-02-20 06:33:37 -07:00
Todd C. Miller
bb5093f40f Sync with translationproject.org 2015-02-20 06:33:02 -07:00
Todd C. Miller
be8dbeb22e Avoid using HOST_NAME_MAX directly and use sysconf(_SC_HOST_NAME_MAX) 
instead.
 2015-02-19 20:28:02 -07:00
Todd C. Miller
9b514ed83c Historically, crypt() returned the empty string on error, which 
ensured that crypt("", "") would return "", which supported matcing
empty encrypted passwords with no additional code.  Some modern
versions of crypt() (such as glibc) return NULL on error so we need
an explicit test to match an empty plaintext password and an empty
encrypted password.
 2015-02-19 14:17:57 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00
Todd C. Miller
8bb5897091 All modern systems should have LINE_MAX. 2015-02-19 09:59:25 -07:00
Todd C. Miller
96eddddc12 Almost no systems actually define OPEN_MAX since it is dynamic on 
modern OSes.  If sysconf(_SC_OPEN_MAX) ever fails, fall back on
_POSIX_OPEN_MAX instead.  We can assume modern systems have sysconf().
Also remove checks for strrchr() and strtoll() for which the HAVE_*
defines are no longer used.
 2015-02-19 09:59:25 -07:00
Todd C. Miller
9206ba54c5 Russian translation for sudoers from translationproject.org. 2015-02-07 07:47:39 -07:00
Todd C. Miller
cecdd7e728 Russian translation for sudoers from translationproject.org. 2015-02-06 15:28:04 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
c299cdd665 Remove extraneous casts of node->data (which is void *). 2015-02-05 15:01:25 -07:00
Todd C. Miller
cebd92a88e Fix a potential crash when getpwnam() of the running user fails 
and we don't replace the negative cached entry with a faked up one.
From Stephane Chazelas
 2015-02-05 11:17:26 -07:00
Todd C. Miller
b727d4309c Handle sudo_get_grlist() returning NULL which can happen if 
getgrouplist() fails even after allocating the appropriate amount
of memory.  From Stephane Chazelas
 2015-02-05 11:17:24 -07:00
Todd C. Miller
a3435e7d12 Require POSIX regular expression support for sudoreplay. 2015-02-05 11:16:06 -07:00
Todd C. Miller
1e30824a1a The plugin no longer needs to call initprogname() now that it links 
with the same libsudo_util as sudo.
 2015-02-05 11:08:55 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
dfb369198a Sync with translationproject.org 2015-02-04 06:28:31 -07:00
Todd C. Miller
d1ce08369a Sync with translationproject.org 2015-02-04 06:23:57 -07:00
Todd C. Miller
2033be83c6 Regen with yacc skeleton that the clang analyzer doesn't complain about. 2015-02-03 15:58:09 -07:00
Todd C. Miller
a9bf105eda Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX 
systems doesn't include stdint.h itself.
 2015-02-03 10:00:30 -07:00
Todd C. Miller
536c83cec3 Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to 
get the host's NIS domain.
 2015-02-03 07:33:24 -07:00
Todd C. Miller
15717c518e Actually use the check for prior initialization in sudo_getdomainname(). 2015-02-02 15:38:03 -07:00
Todd C. Miller
fde8776d54 regen 2015-02-02 13:53:44 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but 
also match nisNetgroupTriple entries that have no domain.
 2015-01-30 14:45:22 -07:00
Todd C. Miller
97469c243c Avoid setting the tty to non-blocking mode so "sudoreplay | cat" 
(for example) works as expected.  We only read a single byte from
the keyboard and only when interactive anyway so this should be fine.
 2015-01-30 13:07:21 -07:00
Todd C. Miller
00e7dbd645 regen 2015-01-30 12:57:27 -07:00
Todd C. Miller
0ac881ba4b Avoid a cppcheck warning about undefined behavior (using the address 
of a stack buffer - 1) and fix a memory leak of the iov when
doing nl->crnl conversion.
 2015-01-30 10:45:15 -07:00
Todd C. Miller
770e6ca190 Fix handling of partial writes from writev() which can occur with 
large output buffers.
 2015-01-30 09:23:30 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there 
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
 2015-01-29 14:08:30 -07:00
Todd C. Miller
741bb8ec79 Add macros to ease the checking of strlcpy, strlcat and 
sudo_ldap_value_cat return values.
 2015-01-22 11:42:32 -07:00