isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,160 Commits 1 Branch 0 Tags
c352187cf8c61c79b51c55f4b0c63c77a787ed56
Commit Graph

526 Commits

Author SHA1 Message Date
Todd C. Miller
52710ce517 AIX shared libs end in .a, not .so. 2008-03-14 12:11:57 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
64d226e1d7 we are not going to ship a sudo-specific askpass 2008-03-04 22:16:49 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
f20935284b Disable use of gss_krb5_ccache_name() by default and add 
--enable-gss-krb5-ccache-name configure option to enable it.  It
seems that gss_krb5_ccache_name() doesn't work properly with some
combinations of Heimdal and OpenLDAP.
 2008-02-27 14:26:28 +00:00
Todd C. Miller
cf6bca4b07 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
279ee07ee0 comment out SELinux manual bits unless --with-selinux was specified 2008-02-17 13:11:38 +00:00
Todd C. Miller
506285209d Treat k*bsd*-gnu like Linux, not BSD. 
Fixes compilation problems on Debian GNU/kFreeBSD.
 2008-02-15 20:23:54 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
f0dc1caa45 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent 
ldap.conf and ldap.secret paths from going into config.h.
Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
since in some versions of bash they will end up literally in the resulting
define.
 2008-01-23 11:33:27 +00:00
Todd C. Miller
48df9c481b ldap_ssl.h depends on ldap.h being included first 2008-01-21 16:43:10 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
c268627f90 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into 
sudoers.ldap.man.
 2008-01-20 15:15:47 +00:00
Todd C. Miller
49f2264ad6 substitute for sudoers.ldap.man 2008-01-20 01:35:54 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
63f224f045 Don't add -llber twice. 2008-01-15 12:28:33 +00:00
Todd C. Miller
dde5143f08 Fix check that determines whether -llber is required. 2008-01-13 19:57:34 +00:00
Todd C. Miller
9a07c1a7f1 For netscape-based LDAP, use ldapssl_set_strength() to implement 
the checkpeer ldap.conf option.
 2008-01-13 19:22:11 +00:00
Todd C. Miller
1df9ca2dc1 Add check for ber_set_option() in -llber 2008-01-09 17:08:30 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s() 
Remove -DLDAP_DEPRECATED from CFLAGS
 2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn 
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
 2008-01-03 21:11:33 +00:00
Todd C. Miller
27efa3d257 fix typo in mtim_getnsec 2008-01-03 16:05:04 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00
Todd C. Miller
c148eb52d6 Move the dgettext check. 2007-12-02 00:34:54 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
bfd781ff65 fix setting of mandir 2007-11-21 20:02:39 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
c50e7d4c06 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. 2007-10-21 13:29:18 +00:00
Todd C. Miller
8ef458b594 POSIX states that struct timespec be declared in time.h so check 
there regardless of the value of TIME_WITH_SYS_TIME.
 2007-10-20 02:28:40 +00:00
Todd C. Miller
5a04b3ff9d Add --disable-pam-session configure option to disable calling 
pam_{open,close}_session.  May work around bugs in some PAM
implementations.
 2007-10-09 00:04:48 +00:00
Todd C. Miller
2c59eea84a Since we ship with a pre-generated parser there is no need to 
ship a bogus alloca implementation.
 2007-09-06 16:39:11 +00:00
Todd C. Miller
5803487885 remove initial setting of CHECKSIA, we require that it be unset if not used 2007-09-06 16:19:20 +00:00
Todd C. Miller
2c6287b719 only do SIA checks on Digital Unix 2007-09-06 11:17:43 +00:00
Todd C. Miller
72255c0ad1 New method for setting the default authentication type and 
avoiding conflicts in auth types.
 2007-09-05 22:16:22 +00:00
Todd C. Miller
5ac0dc57b4 remove now-bogus comment and update copyright date 2007-09-02 21:03:21 +00:00
Todd C. Miller
237922518b Fix up use of with_passwd 2007-09-02 20:35:52 +00:00
Todd C. Miller
16871871d3 Update to autoconf-2.61 andf libtool-1.5.24 2007-09-02 20:25:53 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings 
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
 2007-08-19 20:48:09 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00
Todd C. Miller
f90beb2b2b fix sudo_noexec extension which got broken in the libtool update 2007-08-12 22:55:37 +00:00
Todd C. Miller
4da4964239 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the 
-lgssapi_krb5 case.
 2007-07-30 14:45:28 +00:00