isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
4,160 Commits 1 Branch 0 Tags
c352187cf8c61c79b51c55f4b0c63c77a787ed56
Commit Graph

235 Commits

Author SHA1 Message Date
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
9a07c1a7f1 For netscape-based LDAP, use ldapssl_set_strength() to implement 
the checkpeer ldap.conf option.
 2008-01-13 19:22:11 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s() 
Remove -DLDAP_DEPRECATED from CFLAGS
 2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn 
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
 2008-01-03 21:11:33 +00:00
Todd C. Miller
27efa3d257 fix typo in mtim_getnsec 2008-01-03 16:05:04 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
5a04b3ff9d Add --disable-pam-session configure option to disable calling 
pam_{open,close}_session.  May work around bugs in some PAM
implementations.
 2007-10-09 00:04:48 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
f9a6950fbf regen 2007-06-20 19:05:04 +00:00
Todd C. Miller
60b7ac61bf Add Solaris 10 "project" support. From Michael Brantley. 2007-06-19 22:24:51 +00:00
Todd C. Miller
c22096ac33 Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. 
Include memrchr() for systems without it.
 2007-06-14 16:03:53 +00:00
Todd C. Miller
fc38e7c21e o use krb5_verify_user() if available instead of doing it by hand 
o use krb5_init_secure_context() if we have it
 o pass an encryption type of 0 to krb5_kt_read_service_key() instead of
   ENCTYPE_DES_CBC_MD5 to let kerberos choose.
 2007-06-09 11:24:49 +00:00
Todd C. Miller
cad6de7d73 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by 
Darren Tucker.
 2006-08-17 15:26:54 +00:00
Todd C. Miller
ea8c5d5d2d Add seteuid() flavor of set_perms() for systems without setreuid() 
or setresuid() that have a working seteuid().  Tested on Darwin.
 2006-07-31 17:50:06 +00:00
Todd C. Miller
8efcb40512 Add mkstemp() for those poor souls without it. 2005-11-17 01:36:48 +00:00
Todd C. Miller
c2f6b93ada No longer need memmove() 2005-02-20 17:28:25 +00:00
Todd C. Miller
0b315c10d0 Set locale to "C" if locales are supported, just to be safe. 2005-02-10 03:24:00 +00:00
Todd C. Miller
9a890467a7 Use execve(2) and wrap the command in sh if we get ENOEXEC. 2005-02-07 04:16:28 +00:00
Todd C. Miller
f780611c33 use bcopy on systems w/o memmove 2005-02-06 03:56:38 +00:00
Todd C. Miller
e166c1b11d Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as possible. 
Silences a warning about isblank() on linux.
 2005-02-05 14:57:44 +00:00
Todd C. Miller
2dc559bf3e s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g 2005-01-21 15:29:55 +00:00
Todd C. Miller
9884923a9c Add TIME_WITH_SYS_TIME_H 2004-12-03 18:48:07 +00:00
Todd C. Miller
33db4b2edb Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS) and 
fix a typo in the gettimeofday check.
 2004-11-25 17:09:31 +00:00
Todd C. Miller
f7f282ba13 Add configure check for getgroups() 2004-11-16 23:59:56 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
ba12600db1 No long use lsearch() 2004-10-26 22:15:05 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
082b0f8b3b Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and GLOB_BRACE) 2004-10-07 18:27:49 +00:00
Todd C. Miller
e05c8441e6 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE 2004-10-07 16:59:54 +00:00
Todd C. Miller
0035b30f94 Add missing HAVE_LINUX_SYSTRACE_H 2004-10-01 14:47:14 +00:00
Todd C. Miller
35203ffe56 Add check for setproctitle 2004-09-24 18:10:27 +00:00
Todd C. Miller
2af113f24e Add --with-systrace 2004-09-24 00:11:31 +00:00
Todd C. Miller
70d8f78328 Removed unneed check for fchown 
Add check for gettimeofday
Move autoheader template stuff into separate AH_TEMPLATE lines
 2004-09-08 15:49:26 +00:00
Todd C. Miller
54789c8fbd Add a check for struct timespec and provide it for those without. 2004-09-07 20:36:31 +00:00
Todd C. Miller
c0bfcc95c3 Add checks for st_mtim and st_mtimespec and add macros for pulling 
the mtime sec and nsec out of struct stat.  These are used in sudo_edit()
to better tell whether or not the file has changed.
 2004-09-07 19:57:00 +00:00
Todd C. Miller
1c20ff1a6d Use utimes() and futimes() instead of utime() in touch(), emulating as needed. 
Not all systems are able to support setting the times of an fd so touch()
takes both an fd and a file name as arguments.
 2004-09-07 17:14:52 +00:00
Todd C. Miller
610da19a89 Better check for dirfd macro--we now set HAVE_DIRFD for the macro version too. 
Added check for dd_fd in `DIR' if no dirfd is found; this is now used to
confitionally define the dirfd macro in compat.h.
 2004-06-01 20:53:31 +00:00