Commit Graph

1213 Commits

Author SHA1 Message Date
Todd C. Miller
d6d467b92e Add implementation of SSL_read_ex/SSL_write_ex for those without. 2023-08-05 10:38:02 -06:00
Todd C. Miller
e6d14c95b6 Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and SSL_write(). 2023-08-05 10:38:01 -06:00
Todd C. Miller
0a181849a1 Add --enable-postinstall, an optional phase when building packages.
This makes it possible to run an arbitrary script between "make
install" and the polypkg run.  This will be used to copy different
word size versions of sudo_intercept.so and sudo_noexec.so.
2023-07-31 19:46:00 -06:00
Todd C. Miller
980e0216ac Add basic support for 32-bit and 64-bit LD_PRELOAD equivalents.
The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specified by a colon.  For example:
/usr/libexec/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
2023-07-31 13:46:57 -06:00
Todd C. Miller
a432aed4f0 realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX)
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure.  Also quiet some -Wconversion
warnings.
2023-07-10 15:52:16 -06:00
Todd C. Miller
f7801f2160 Add configure check for restrict keyword. 2023-07-07 15:06:53 -06:00
Todd C. Miller
bfb6132d9c Add configure tests for __builtin_clz/__builtin_clzl 2023-07-04 12:39:31 -06:00
Todd C. Miller
a0b074cc9c Fix undefined symbol on macOS for intercept mode and log_subcmds.
macOS does not support direct access to the environ pointer from a
shared object.  We need to redirect through _NSGetEnviron() instead.
Fixes GitHub issue #276.
2023-06-28 10:59:26 -06:00
Todd C. Miller
c7070b0475 sudo 1.9.14 2023-06-05 13:13:37 -06:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it.
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
2023-05-02 10:37:39 -06:00
Todd C. Miller
9ad6dfa371 Substitute for _PATH_SUDO* variables in pathnames.h.
Previously these were hard-coded with Makefile overrides.
2023-02-08 16:47:18 -07:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list.
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
2023-05-02 10:37:38 -06:00
Todd C. Miller
a7e906ff66 Regenerate with latest autoconf from git. 2023-05-01 09:35:34 -06:00
Todd C. Miller
075ee0f9dc Add missing stdio.h include for the _FORTIFY_SOURCE=2 check.
Implementations of _FORTIFY_SOURCE require the header file to be
included.  Also remove the useless test of an empty program with
_FORTIFY_SOURCE defined.  Pointed out by Florian Weimer.
2023-04-26 12:44:10 -06:00
Todd C. Miller
b83140e0f1 Use ldap_msgfree() instead of ldap_init() for the lber.h test.
The ldap_init() function is marked as deprecated and not defined
by default on some systems.  This can cause an error for compilers
that do not support implicit function declarations.
From Florian Weimer.
2023-04-26 11:10:46 -06:00
Todd C. Miller
65c0b5a089 Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. 2023-04-18 07:29:37 -06:00
Todd C. Miller
ae12d18ff0 Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" warnings.
Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used.  This is added by libtool by default on macOS but we can
suppress it by passing -no-undefined to libtool.
2023-04-14 13:02:28 -06:00
Todd C. Miller
f95c9f839c Regenerate with the autoconf 2.72c snapshot. 2023-03-27 09:55:41 -06:00
Todd C. Miller
f0f5e1b5bc Use built-in tests for bit types instead of using AC_CHECK_TYPES.
This should be more portable as it handles the quirks of some older
systems.
2023-03-22 15:37:12 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore.
Any operating system supported by sudo already includes getcwd(3).
2023-03-16 15:01:41 -06:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation.
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
2023-03-10 10:05:33 -07:00
Todd C. Miller
0df56634c3 Sudo 1.9.13p3 2023-03-04 09:59:19 -07:00
Todd C. Miller
f4d2412628 Sudo 1.9.13p2. 2023-02-25 11:20:55 -07:00
Todd C. Miller
8bb1160624 Replace LIBMD with LIBCRYPTO display crypto/tls libs in summary.
We can only have one of either -lmd, -lgcrypt or -lcrypto so there
is no need to have more than one variable.
2023-02-22 08:49:33 -07:00
Todd C. Miller
0443d14578 Add checks for realpath(3) and a version from NetBSD for those without it. 2023-02-12 13:27:17 -07:00
Todd C. Miller
440d9649a8 Move initial values into AC_SUBST() where possible. 2023-02-21 10:17:24 -07:00
Todd C. Miller
7c6f373587 No need to AC_SUBST() standard autoconf variables. 2023-02-21 09:34:49 -07:00
Todd C. Miller
b8c13bbe89 Fix indentation of intercept file in summary output. 2023-02-19 09:21:39 -07:00
Todd C. Miller
58382028aa Sudo 1.9.13p1 2023-02-16 10:17:32 -07:00
Todd C. Miller
2feea9b2f6 Allow configure.ac to be processed by autoconf 2.69.
AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above but it is
necessary for autoconf 2.69.
2023-02-16 09:46:07 -07:00
Todd C. Miller
defec5d46e Add missing '[' to AS_IF() call.
Fixes GitHub issue #238.
2023-02-14 14:24:28 -07:00
Todd C. Miller
2e1a73502e Use AS_IF instead of if; then where possible. 2023-02-05 08:06:02 -07:00
Todd C. Miller
ffb09be49d Add configure test for NSIG, _NSIG or __NSIG.
This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may not have been included.
2023-01-31 11:30:45 -07:00
Todd C. Miller
fd0021ee5c Regen with latest autoconf git. 2023-01-27 14:44:45 -07:00
Todd C. Miller
1977f98d21 Fix a typo. 2023-01-27 14:44:45 -07:00
Todd C. Miller
f65a51afdf Try to link a simple shared object with -Wl,--no-undefined.
This only works for gcc-style compilers, which should not be a
problem.  The source uses environ (FreeBSD) and errno (OpenBSD).
2023-01-20 12:30:33 -07:00
Todd C. Miller
7a64275a3d Don't use -Wl,--no-undefined with the sanitizers/fuzzers.
It breaks linking when using -fsanitize with clang at least.
2023-01-19 19:40:35 -07:00
Todd C. Miller
f7265f5de2 Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro. 2023-01-19 13:59:05 -07:00
Todd C. Miller
9ddae66818 Add support for the struct kinfo_proc on Dragonfly BSD. 2023-01-19 13:22:32 -07:00
Todd C. Miller
d409ba67c6 Elminate the $OS variable, we can just use $host_os instead. 2023-01-19 13:22:31 -07:00
Todd C. Miller
cb56fd2edb Need to link sudo and sudoers with -lutil on Dragonfly BSD.
It is safer to just search for setusercontext() in libc and libutil
instead of matching on the operating system.
2023-01-19 13:22:31 -07:00
Todd C. Miller
83b4cee98a Add -Wl,--no-undefined to LDFLAGS if it is supported.
This will find missing symbols at build-time instead of run-time.
Don't use it on FreeBSD where environ is filled in by the dynamic loader.
We also need to pull in -llber with -lldap where possible (instead
of relying on DT_NEEDED) to avoid undefined symbol errors when
building with LDAP support.
2023-01-19 07:47:10 -07:00
Todd C. Miller
544c978217 Solaris: use lt_prog_compiler_pic instead of assuming -KPIC 2023-01-18 16:05:52 -07:00
Todd C. Miller
e72d75d38e Solaris: the aslr, nxheap and nxstack link options are only for executables.
Move them back to PIE_LDFLAGS, which is only used when linking a binary.
2023-01-18 15:38:31 -07:00
Todd C. Miller
7d4666656e Solaris: move aslr linker option to hardening and try to build real PIEs
These flags are specific to the Solaris linker.
2023-01-18 15:14:55 -07:00
Todd C. Miller
b44ad49bf7 Enable non-executable heap and stack options for Solaris ld. 2023-01-18 14:54:20 -07:00
Todd C. Miller
73c52e731a Limit some of the hardening tests to compilers that define __GNUC__.
This should avoid false positives on other compilers.
2023-01-18 14:39:52 -07:00
Todd C. Miller
a960d2c45f Add back the linker check for -fstack-clash-protection.
This is expected to fix GitHub issue #231.
2023-01-17 16:19:29 -07:00
Todd C. Miller
acee3ea6ef Fix logic goof in 05781ba6f1f3, disable replacements when fuzzing.
Not the other way around.
2022-12-31 09:31:37 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation.
Also use prefix for group plugin fallback path section in sudoers manual.
2022-12-30 13:38:40 -07:00