isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,307 Commits 1 Branch 0 Tags
b406b51da0684490de642b8fc189f696cf347b23
Commit Graph

342 Commits

Author SHA1 Message Date
Todd C. Miller
d29aede203 No longer throw an error if sudoers is a symbolic link. Deprecated 
the --with-stow option as that is now (effectively) the default.
 2012-05-21 13:30:59 -04:00
Todd C. Miller
cf3fce6651 Use AC_HEADER_MAJOR to determine where major/minor are defined. 2012-04-16 10:25:49 -04:00
Todd C. Miller
dbcd7222a1 Include sys/mkdev.h if present instead of sys/sysmacros.h for 
minor().  This is needed on Solaris (at least) where the makedev
macros in sysmacros.h are obsolete and library functions should be
used instead.
 2012-04-16 10:18:32 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
83fc02bc97 Rototill code to determine the tty. For Linux, we now look up the 
tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2].
The sudo_ttyname_dev() function maps the given device number to a
string.  On BSD, we can use devname().  On Solaris, _ttyname_dev()
does what we want.
TODO: write /dev/ traversal code for the generic sudo_ttyname_dev().
 2012-04-11 14:48:08 -04:00
Todd C. Miller
11f13be0dd Check for SVR4-style struct psinfo.pr_ttydev and use that to determine 
the tty if std{in,out,err} are not ttys.
 2012-04-10 15:53:41 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
9ceea5cb7b Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers 
to sudo_noexec.c.
 2012-03-30 09:36:30 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
9cd65dafc6 Add check for pam_getenvlist() 2012-03-14 20:55:11 -04:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
966fa83a9a Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions 
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 2012-02-28 10:33:16 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
8c1d8a7b15 Make a copy of the struct passwd in exec_setup() to make sure nothing 
in the policy init modifies it.
 2012-02-06 10:56:39 -05:00
Todd C. Miller
da6fe1230f Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. 2012-01-30 09:28:11 -05:00
Todd C. Miller
760cdb00d8 Remove obsolete template for HAVE_TIMESPEC 2012-01-12 13:25:04 -05:00
Todd C. Miller
528258aff5 Add support for determining tty via sysctl on other BSD variants. 2012-01-10 16:49:24 -05:00
Todd C. Miller
974e50dcf0 On newer FreeBSD we can get the parent's tty name via sysctl(). 2012-01-09 16:08:58 -05:00
Todd C. Miller
241b1db873 Add --enable-kerb5-instance configure option to allow people using 
Kerberos V authentication to use a custom instance.  Adapted from
a diff by Michael E Burr.
 2012-01-05 15:39:05 -05:00
Todd C. Miller
38a4990e4a Add getaddrinfo() for those without it, written by Russ Allbery 2011-12-02 17:28:50 -05:00
Todd C. Miller
86c86183ab Add stdbool.h for systems without it. 2011-12-01 13:49:46 -05:00
Todd C. Miller
e54fc4eb34 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default 
includes have unistd.h in them.  Add check for socklen_t for upcoming
getaddrinfo compat.
 2011-12-01 11:27:57 -05:00
Todd C. Miller
51e45647ae Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of 
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
 2011-12-01 11:07:17 -05:00
Todd C. Miller
c86561e502 Remove the old Kerberos IV support 2011-11-13 09:12:43 -05:00
Todd C. Miller
749a7695d0 Add checks for __func__ and __FUNCTION__ and mention that we now 
require a cpp that supports variadic macros.
 2011-10-22 14:20:52 -04:00
Todd C. Miller
4724e313e0 FreeBSD has libutil.h not util.h 2011-09-21 09:52:33 -04:00
Todd C. Miller
f730cb7873 Assume all modern systems support fstat(2). 2011-08-31 11:19:10 -04:00
Todd C. Miller
47af0fc2b8 Add configure test for missing errno declaration and only 
declare it ourselves if it is missing.
 2011-08-30 10:05:30 -04:00
Todd C. Miller
b124635b04 Instead of keeping separate groups and gids arrays, create struct 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
 2011-07-20 11:58:45 -04:00
Todd C. Miller
bf7e7b5752 Add gettext.h convenience header. This is similar to but distinct from 
the one included with the gettext package.
 2011-05-20 11:48:17 -04:00
Todd C. Miller
0954a1b1c0 Emulate ngettext for the non-nls case 2011-05-18 13:44:07 -04:00
Todd C. Miller
96b7c1f0f4 Add initial scaffolding to support localization via gettext() 2011-05-04 15:26:31 -04:00
Todd C. Miller
1e72fa9127 Add HAVE_RFC1938_SKEYCHALLENGE 2011-04-07 07:04:26 -04:00
Todd C. Miller
53d183c380 Add explicit check for struct utmpx.ut_exit.e_termination 
and struct utmpx.ut_exit.__e_termination.  HP-UX uses the latter.
Only update ut_exit if we detect one or the other.
 2011-03-29 09:10:40 -04:00
Todd C. Miller
2041d39db7 Add support for ut_exit 2011-03-15 16:18:33 -04:00
Todd C. Miller
8653ccc809 Redo utmp handling. If no getutent()/getutxent() is available, 
assume a ttyslot-based utmp.  If getttyent() is available, use
that directly instead of ttyslot() so we don't have to do the
stdin dup2 dance.
 2011-03-14 10:20:47 -04:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
1496bfed6c Add support for adding a utmp entry when allocating a new pty. 
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
Currently only creates a new entry if the existing tty has
a utmp entry.
 2011-03-08 15:37:40 -05:00
Todd C. Miller
39d9feb438 The howmany macro lives in sys/sysmacros.h on SVR5 systems 
Closes Bug 470
 2011-02-19 08:23:46 -05:00
Todd C. Miller
ed8e30cf6e Add --disable-env-reset configure option. 2011-01-28 16:52:25 -05:00
Todd C. Miller
807a9ca94b Do logging and email sending in the locale specified by the 
"sudoers_locale" setting ("C" by default).  Email send by sudo
includes MIME headers when the sudoers locale is not "C".
 2011-01-28 16:11:47 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
5cf56a77ec Provide mkdtemp() for systems without it. 2010-12-27 13:49:49 -05:00
Todd C. Miller
6247b85469 Add large file support. 2010-10-28 12:09:17 -04:00
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
b51afe6249 Implement --with-umask-override configure flag. 2010-09-14 17:18:55 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
24a755bfe7 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN 
Use AC_TYPE_LONG_LONG_INT and AC_CHECK_SIZEOF([long int]) instead
    of rolling our own.
 2010-07-31 21:19:46 -04:00
Todd C. Miller
6d0395ee68 Add support for Ubuntu admin flag file and enable it when building 
Ubuntu packages.
 2010-07-28 16:34:11 -04:00
Todd C. Miller
2675524c32 The tty_tickets option is now on by default. 2010-07-20 13:20:53 -04:00