isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,461 Commits 1 Branch 0 Tags
c8fc35b0a69b08f1b39bca112be72bafe24b44d3
Commit Graph

253 Commits

Author SHA1 Message Date
Todd C. Miller
2935e2a5ba Check for dup2 and use dup instead if we don't have it. 2009-09-03 11:28:07 +00:00
Todd C. Miller
6ae9dae82a Add check for regcomp 2009-08-23 23:52:23 +00:00
Todd C. Miller
7a00c5257c Add scaffolding for building sudoreplay 2009-08-16 15:13:31 +00:00
Todd C. Miller
834e817fa4 Add UNIX98 pty support. 2009-08-08 00:29:30 +00:00
Todd C. Miller
ee20527bf0 On Linux, the openpty proto libes in pty.h 2009-08-07 13:23:07 +00:00
Todd C. Miller
b3458ec09c Add checks for revoke and vhangup if we don't have openpty 2009-08-06 15:53:21 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
f54b69b0cc Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. 2009-05-19 21:24:05 +00:00
Todd C. Miller
d985366233 Initial bits of non-unix group support using Quest Authentication Services 2009-05-17 22:19:38 +00:00
Todd C. Miller
45334b2092 Add missing HAVE_BSM_AUDIT 2009-03-10 21:34:08 +00:00
Todd C. Miller
91f04dc3b4 Add --enable-env-debug flag to enable environment sanity checks. 2009-03-08 20:57:01 +00:00
Todd C. Miller
ef071fa655 Add support for Tivoli-based LDAP start TLS as seen in AIX. Untested. 2009-03-01 21:20:37 +00:00
Todd C. Miller
6fed38f323 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and 
provide our own setenv/unsetenv/putenv that operates on own env pointer.
Make sync_env() inline in setenv/unsetenv/putenv functions.
 2009-03-01 00:58:41 +00:00
Todd C. Miller
02a894a09c Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX 2008-12-02 17:30:39 +00:00
Todd C. Miller
13e2ccea68 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. 
Really old heimdal has no krb5_get_init_creds_opt_alloc() at all.  Add
configure tests to handle all the cases.
 2008-10-23 16:06:23 +00:00
Todd C. Miller
99cdf6dc8d Add tests for __signed char and signed char. 2008-10-03 13:59:39 +00:00
Todd C. Miller
194d57b966 we no longer use setproctitle 2008-08-20 11:45:15 +00:00
Todd C. Miller
ca6eddf0df Replace the double fork with a fork + daemonize. 2008-06-22 20:19:42 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
9a07c1a7f1 For netscape-based LDAP, use ldapssl_set_strength() to implement 
the checkpeer ldap.conf option.
 2008-01-13 19:22:11 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s() 
Remove -DLDAP_DEPRECATED from CFLAGS
 2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn 
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
 2008-01-03 21:11:33 +00:00
Todd C. Miller
27efa3d257 fix typo in mtim_getnsec 2008-01-03 16:05:04 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
5a04b3ff9d Add --disable-pam-session configure option to disable calling 
pam_{open,close}_session.  May work around bugs in some PAM
implementations.
 2007-10-09 00:04:48 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
f9a6950fbf regen 2007-06-20 19:05:04 +00:00
Todd C. Miller
60b7ac61bf Add Solaris 10 "project" support. From Michael Brantley. 2007-06-19 22:24:51 +00:00
Todd C. Miller
c22096ac33 Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. 
Include memrchr() for systems without it.
 2007-06-14 16:03:53 +00:00
Todd C. Miller
fc38e7c21e o use krb5_verify_user() if available instead of doing it by hand 
o use krb5_init_secure_context() if we have it
 o pass an encryption type of 0 to krb5_kt_read_service_key() instead of
   ENCTYPE_DES_CBC_MD5 to let kerberos choose.
 2007-06-09 11:24:49 +00:00
Todd C. Miller
cad6de7d73 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by 
Darren Tucker.
 2006-08-17 15:26:54 +00:00
Todd C. Miller
ea8c5d5d2d Add seteuid() flavor of set_perms() for systems without setreuid() 
or setresuid() that have a working seteuid().  Tested on Darwin.
 2006-07-31 17:50:06 +00:00
Todd C. Miller
8efcb40512 Add mkstemp() for those poor souls without it. 2005-11-17 01:36:48 +00:00
Todd C. Miller
c2f6b93ada No longer need memmove() 2005-02-20 17:28:25 +00:00
Todd C. Miller
0b315c10d0 Set locale to "C" if locales are supported, just to be safe. 2005-02-10 03:24:00 +00:00
Todd C. Miller
9a890467a7 Use execve(2) and wrap the command in sh if we get ENOEXEC. 2005-02-07 04:16:28 +00:00
Todd C. Miller
f780611c33 use bcopy on systems w/o memmove 2005-02-06 03:56:38 +00:00