isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,909 Commits 1 Branch 0 Tags
ab75dd2e306a92e491bc4fae9876c84d311a166c
Commit Graph

5909 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ab75dd2e30 Get rid of done: label. If the child exits we still need to close 
the pty, update utmp and restore the SELinux tty context.
 2011-10-24 11:14:20 -04:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
9923464d96 Wrap error/errorx and warning/warningx functions with debug statements. 
Disable wrapping for standalone sudoers programs as well as memory
allocation functions (to avoid infinite recursion).
 2011-10-22 14:28:33 -04:00
Todd C. Miller
749a7695d0 Add checks for __func__ and __FUNCTION__ and mention that we now 
require a cpp that supports variadic macros.
 2011-10-22 14:20:52 -04:00
Todd C. Miller
53e3ad11b5 New debug framework for sudo and plugins using /etc/sudo.conf that 
also supports function call tracing.
 2011-10-22 14:00:52 -04:00
Todd C. Miller
697caf8df3 Update Japanese sudoers translation from translationproject.org 2011-10-21 09:00:42 -04:00
Todd C. Miller
8ef560b85c Override and ignore the --disable-static option. Sudo already runs 
libtool with -tag=disable-static where applicable and we need non-PIC
objects to build the executables.
 2011-10-12 08:24:13 -04:00
Todd C. Miller
ce8b4e53a5 Add sudoedit fix 2011-10-10 15:52:47 -04:00
Todd C. Miller
3f526029ae regen pot files 2011-10-10 15:50:41 -04:00
Todd C. Miller
b7a6107702 Ignore set_logname (which is now the default) for sudoedit since 
we want the LOGNAME, USER and USERNAME environment variables to
refer to the calling user since that is who the editor runs as.
This allows the editor to find the user's startup files.
Fixes bugzilla #515
 2011-10-10 13:10:24 -04:00
Todd C. Miller
a6602fa0e4 Instead of trying to grow the buffer in make_grlist_item(), simply 
increase the total length, free the old buffer and allocate a new
one.  This is less error prone and saves us from having to adjust
all the pointers in the buffer.  This code path is only taken when
there are groups longer than the length of the user field in struct
utmp or utmpx, which should be quite rare.
 2011-10-10 11:10:59 -04:00
Todd C. Miller
dd3902e115 Add Italian translation for sudo from translationproject.org 2011-10-10 11:00:09 -04:00
Todd C. Miller
82dd8f65fd Japanese translation for sudo and sudoers from translationproject.org 2011-10-10 06:45:28 -04:00
Todd C. Miller
fb49b16e4a sudoreplay depends on timestr.lo too; from Mike Frysinger 2011-10-07 16:09:48 -04:00
Todd C. Miller
063c6ee60a Regen sudoers pot file. 2011-10-04 12:32:05 -04:00
Todd C. Miller
a4378bd94c Update with latest sudo 1.8.3 news 2011-10-04 12:22:08 -04:00
Todd C. Miller
930122d346 It appears that LDAP or NSS may modify the euid so we need to be 
root for the open().  We restore the old perms at the end of
sudoers_policy_open().
 2011-10-04 11:15:06 -04:00
Todd C. Miller
b743b77a0d Better warning message on setuid() failure for the setreuid() 
version of set_perms().
 2011-10-04 11:13:28 -04:00
Todd C. Miller
45ad681cd6 Delref auth_pw at the end of check_user() instead of getting a ref 
twice.
 2011-09-27 16:21:21 -04:00
Todd C. Miller
1e93d1fbb6 Make sudo_auth_{init,cleanup} return TRUE on success and check for 
sudo_auth_init() return value in check_user().
 2011-09-27 15:41:22 -04:00
Todd C. Miller
4540a7525e Do not return without restoring permissions. 2011-09-27 15:22:08 -04:00
Todd C. Miller
de684e5d2c regen pot files 2011-09-27 14:07:18 -04:00
Todd C. Miller
bceb5df158 Modify the authentication API such that the init and cleanup functions 
are always called, regardless of whether or not we are going to
verify a password.  This is needed for proper PAM session support.
 2011-09-27 13:18:46 -04:00
Todd C. Miller
c21595044d Add missing dependency for getspwuid.lo and regen other depends. 2011-09-27 13:15:48 -04:00
Todd C. Miller
c5f8dc95c6 Fix a PAM_USER mismatch in session open/close. We update PAM_USER 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
 2011-09-27 11:13:44 -04:00
Todd C. Miller
7304bc744e Add check for old being NULL in utmp_setid(); from Steven McDonald 2011-09-27 09:30:59 -04:00
Todd C. Miller
05bfd66693 If the invoking user cannot be resolved by uid fake the struct 
passwd and store it in the cache so we can delref it on exit.
 2011-09-25 06:35:40 -04:00
Todd C. Miller
842526d71f Don't error out if the group plugin cannot be loaded, just warn. 2011-09-24 10:24:40 -04:00
Todd C. Miller
0775147894 Quiet a false positive found by several static analysis tools. 
These tools don't know that log_error() does not return (it longjmps
to error_jmp which returns to the sudo front-end).
 2011-09-23 19:37:21 -04:00
Todd C. Miller
6028afae83 Add Italian translation for sudo from translationproject.org 
Regen .mo files
 2011-09-22 14:56:43 -04:00
Todd C. Miller
a898356b1e Update to current reality and add bit about ssh auth 2011-09-21 12:30:09 -04:00
Todd C. Miller
de33689ae6 Make "verbose" static; fixes a namespace clash with pam_ssh_agent_auth 
(and it doesn't need to be extern these days).
 2011-09-21 10:15:13 -04:00
Todd C. Miller
4724e313e0 FreeBSD has libutil.h not util.h 2011-09-21 09:52:33 -04:00
Todd C. Miller
441abee4e8 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD 2011-09-21 09:46:52 -04:00
Todd C. Miller
32c1ae8f7e Update po files from translationproject.org 2011-09-20 14:57:43 -04:00
Todd C. Miller
3bcc9048c3 Add support for DEREF in ldap.conf. 2011-09-16 16:50:04 -04:00
Todd C. Miller
0f95023e9a install target should depend on ChangeLog too, not just install-doc 2011-09-16 14:20:15 -04:00
Todd C. Miller
e5e1bb24fa Only iolog_file (not iolog_dir) supports mktemp-style suffixes. 2011-09-16 14:05:44 -04:00
Todd C. Miller
62991b0cf0 Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. 2011-09-16 13:30:16 -04:00
Todd C. Miller
ed26d7a59e Document group lookup change and possible side effects. 2011-09-16 13:29:50 -04:00
Todd C. Miller
647e087cd3 Fix some square brackets in case statements that needed to be doubled 
up.  While here, use $OSMAJOR when it makes sense.
 2011-09-16 13:05:21 -04:00
Todd C. Miller
fd2d709bd2 Fix a crash in make_grlist_item() on 64-bit machines with strict 
alignment.
 2011-09-16 09:05:37 -04:00
Todd C. Miller
cab1968da2 Remove list_options() function that is no longer used now that "sudo 
-L" is gone.
 2011-09-16 09:05:17 -04:00
Todd C. Miller
523492af52 Error message if user tries --with-CC 2011-09-16 09:04:58 -04:00
Todd C. Miller
ba331ebfb6 Check for -libmldap too when looking for ldap libs, which is the 
Tivoli Directory Server client library.
 2011-09-16 09:04:27 -04:00
Todd C. Miller
dacb1e47f3 Honor NOPASSWD tag for denied commands too. 2011-09-09 09:57:39 -04:00
Todd C. Miller
b3b268c3a4 Remove --with-CC option; it doesn't work correctly now that we use 
libtool.  Users can get the same effect by setting the CC environment
variable when running configure.
 2011-09-08 09:36:24 -04:00
Todd C. Miller
f730cb7873 Assume all modern systems support fstat(2). 2011-08-31 11:19:10 -04:00
Todd C. Miller
47af0fc2b8 Add configure test for missing errno declaration and only 
declare it ourselves if it is missing.
 2011-08-30 10:05:30 -04:00
Todd C. Miller
55896f636e Include errno.h before sudo.h to avoid conflicting with the system 
definition of errno.
 2011-08-30 09:46:12 -04:00