isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,241 Commits 1 Branch 0 Tags
cccefb962b76505fd9916e39c3ae7108b09c0bcc
Commit Graph

11241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
0645a2ade6 Use /usr/bin/cc on FreeBSD and macOS. 2021-05-12 15:19:43 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
d9b8311122 Fix compiler warning on FreeBSD. 2021-05-12 07:53:19 -06:00
Todd C. Miller
96fb72e7cb Explicitly include netinet/in.h for struct sockaddr_in and sockaddr+_in6. 
Fixes a compilation problem on FreeBSD.
 2021-05-12 07:27:09 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
0f5c8fe121 Remove line causing store_suspend_local() to return false on success. 
This is something that should have been removed as part of the local
I/O logging refactor.
 2021-05-10 13:44:31 -06:00
Todd C. Miller
3147bbeb24 Don't set the command status in the closure when the command is suspended. 
This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument.
 2021-05-10 13:42:06 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
7033f1c1d8 The -g option may also be used with any group the target user belongs to. 
The description in the Runas_Spec section incorrectly stated that
the -g option could not be used if no runas group was set.  Bug #975.
 2021-05-07 13:42:40 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
3018c1cd2d Build python plugin for RHEL 6 as well. 2021-05-06 18:59:51 -06:00
Todd C. Miller
9b33594a43 Remove shell-style quotes in configure warning/error/notice messages. 
Square bracket quotes are used, no need for shell-style double quotes.
 2021-05-06 14:41:35 -06:00
Todd C. Miller
96436787a1 Summarize configure settings after all tests have run. 
This makes it a lot easier to see what features have been enabled.
 2021-05-06 13:14:58 -06:00
Todd C. Miller
d71731e50d Remove --with-efence option, there are better options available. 2021-05-04 19:03:55 -06:00
Todd C. Miller
f2081f902b Move misplaced changes into the 1.9.7 section where they belong. 2021-05-04 14:23:39 -06:00
Todd C. Miller
468e9c7f48 Awful hack to pass on macOS where group_source=dynamic by default. 2021-05-04 13:58:29 -06:00
Todd C. Miller
0e9a5e4f90 Updated translations from translationproject.org 2021-05-04 12:26:07 -06:00
Todd C. Miller
e6f1adcb2c Document late stage 1.9.7 changes. 2021-05-04 12:25:38 -06:00
Todd C. Miller
9d734d57e7 sudo_sendlog: rename -m (max-time) to -s (stop-after). 2021-05-04 12:14:02 -06:00
Todd C. Miller
caf096e1a1 Update closure->elapsed_time in journal_seek(). 
Otherwise the commit point messages won't be accurate when restarting.
 2021-05-04 10:45:12 -06:00
Todd C. Miller
7376fa632f Add "-m elapsed" option to specify the max elapsed time of records to send. 
Useful for testing the ability of the server to handle restarted log
transfers.
 2021-05-04 08:22:34 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
c3534712de Fix I/O log restart of locally-store logs. 
This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.
 2021-05-03 16:54:25 -06:00
Todd C. Miller
b5542f8b26 Fix detection of the volatile flag when other flags are present. 
Otherwise flags fields like "volatile,ignore-other" will be ignored
by the Debian and BSD back ends.
 2021-05-03 13:51:21 -06:00
Todd C. Miller
51cbc626f8 Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails. 
GitHub issue #101
 2021-05-03 12:40:23 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
06cb6459c1 Add missing closedir(3) in logsrvd_queue_scan(). 
Coverity CID 221591
 2021-05-02 12:33:49 -06:00
Todd C. Miller
d883213f55 regen 2021-04-27 16:40:09 -06:00
Todd C. Miller
d204d41204 Mention "log_server_verify" bug fix. 2021-05-02 10:03:26 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
f49930c62e Make the failed relay retry interval configurable. 
This is the amount of time to wait before trying to resend a
journal to the relay server after a connection error.
 2021-05-02 06:19:32 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
9077daee93 Avoid clobbering errno in warning(). 2021-05-01 11:35:19 -06:00
Todd C. Miller
bc82430a6f Set relay name string to NULL after dropping the reference. 
Otherwise it is possible to decrement the reference more than once.
 2021-05-01 08:48:24 -06:00
Todd C. Miller
af0345e238 Fix cut & pasto that prevented the verify_server option from being set. 
The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" option instead of "verify_server".
From Krisztian Kovacs.
 2021-04-30 11:03:23 -06:00
Todd C. Miller
01bdfd3be2 Write client and server information to debug file on SIGUSR1 
This can be used to debug client problems such as a connection
not being closed as expected.
 2021-04-29 16:20:02 -06:00
Todd C. Miller
cefa72c6a6 Document journal file directories in store_first mode. 2021-04-29 14:34:54 -06:00
Todd C. Miller
f92bb8840c Create journal files in an incoming directory, move to outgoing when complete. 
This will make it possible to process completed journal files
periodically if the relay server is down.
 2021-04-29 14:19:08 -06:00
Todd C. Miller
5c593d5a4a Add missing connection_close() call for relay-only connections. 
For an immediate relay we will close the connection when the client
disconnects (or there is a timeout).  However, for store-and-forward
mode the client has already disconnected at the time we are relaying.
 2021-04-29 14:19:07 -06:00
Todd C. Miller
d4bdc85d74 Replace non-ascii characters in warning string. 2021-04-27 16:39:43 -06:00
Todd C. Miller
ac878d3e27 Quiet clang analyzer false positive in regress tests. 2021-04-27 15:56:24 -06:00
Todd C. Miller
84a01d3a93 Move local iolog log functions to logsrvd_local.c 2021-04-27 14:46:27 -06:00
Todd C. Miller
6d8942e82c Better client error reporting on relay server connection error. 
More detailed error messages may be found in the debug log.
 2021-04-27 12:25:19 -06:00
Todd C. Miller
e55991f244 Update debug pid string when sudo_logsrvd becomes a daemon. 2021-04-27 08:57:11 -06:00
Todd C. Miller
f25275ad5b Must call SSL_shutdown() before closing the underlying socket. 
This got broken by some code rearrangement when relay mode was added.
 2021-04-26 19:07:40 -06:00