isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,082 Commits 1 Branch 0 Tags
cd74b83c213b03028c7a5da79c1b315ab03aeec4
Commit Graph

483 Commits

Author SHA1 Message Date
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
c9b68ccb34 Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version 
Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
 2020-01-23 09:38:09 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Todd C. Miller
c8532ae7a9 Enable OpenBSD extensions on NetBSD to get reallocarray(3) prototype. 2019-12-25 11:21:49 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Todd C. Miller
96a03a0891 regen 2019-12-14 13:02:53 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
81c6cac81b Solaris getentropy() requires that sys/random.h be included. 2019-06-10 12:12:57 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
ecd9688818 Add support for utmps as found in HP-UX. 2018-11-18 07:45:43 -07:00
Todd C. Miller
716aa6e4ab Support st_nmtime in struct stat as found in HP-UX. 2018-11-14 13:37:46 -07:00
Todd C. Miller
fdd7296122 Add a test for the 4-argument au_close() function found in Solaris 
11 instead of assuming it is present if __sun is defined.  Fixes a
compilation error on OpenIndiana and older Solaris versions.
 2018-08-27 13:50:23 -06:00
Todd C. Miller
04d1f56d90 Use struct timespec, not struct timeval in the event subsystem. 
Use ppoll() or pselect() if avaialble which use timespec.
 2018-08-25 21:02:05 -06:00
Todd C. Miller
d876602dbf Do not assume all Linux has linux/random.h. 
Add missing sys/syscall.h include
 2018-08-22 15:12:11 -06:00
Todd C. Miller
df1c062526 HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead. 2018-08-20 10:56:34 -06:00
Todd C. Miller
b3227d3ed5 Add sudo_gettime_uptime() to measure time while not sleeping. 2018-08-19 09:55:08 -06:00
Todd C. Miller
f4a5d2b3e2 Regen with aclocal 1.15.1. 2018-08-02 15:32:28 -06:00
Todd C. Miller
ddd663a5f2 Import arc4random() from libressl. This takes an all-in-one approach 
instead of the one-file-per-OS approach that libressl takes.
The fallback code does not have as many OS-specific bits as libressl.
 2018-05-24 21:04:23 -06:00
Todd C. Miller
523f0eeeab Monty Python insults from Philip Hudson 2018-04-17 07:10:43 -06:00
Todd C. Miller
217e0a9b4b Less confusing sysctl checks for kinfo_proc. 2018-03-05 17:35:02 -07:00
Todd C. Miller
faa5baac9b Use setpassent() and setgroupent() on systems that support it to 
keep the passwd and group database open.  Sudo does a lot of passwd
and group lookups so it can be beneficial to just leave the file
open.
 2018-02-20 13:22:59 -07:00
Todd C. Miller
a885b952fb Remove use of AC_HEADER_TIME, only obsolete platforms actually 
need this.  Also stop removing sys/time.h unless the source file
uses struct timeval.
 2018-01-17 09:52:15 -07:00
Todd C. Miller
ff5ac3ef0e Add tsdump, a simple utility to dump a timestamp file. To build, 
run "make tsdump" in the plugins/sudoers directory (it is not built
by default).  In order to map the tty device number to a name,
sudo_ttyname_dev() has been moved into libsudo_util.
 2018-01-11 10:49:20 -07:00
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
c000189684 Use getentropy() in mkstemp/mkdtemp replacement. 2017-06-29 18:11:30 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
7aa89c49b5 Emulate pipe2() on systems without it. 2017-03-13 12:11:51 -06:00
Todd C. Miller
fd40d88ba7 strftime() was in C89 so use it unconditionally. 2017-02-18 16:23:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
2f0295373a When waiting for the parent to grant us the tty, use nanosleep 
instead of spinning to avoid hogging the CPU.
 2017-01-12 10:44:26 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
334350af45 id_t is 64-bits on FreeBSD so use strtoll() there. 
Fixes the strtoid regress.
 2016-11-30 07:32:59 -07:00
Todd C. Miller
695784e6ee Add support for getpwnam_shadow() on OpenBSD 2016-11-17 17:55:44 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
c18ff022e0 Use vsyslog() if available. 2016-10-18 17:00:53 -06:00
Todd C. Miller
8e49ce07f6 Fix configure check for seccomp filter on Linux 2016-10-09 11:24:29 -06:00
Todd C. Miller
237e2f964d Use a seccomp filter on Linux to disable execve(2) and execveat(2). 
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
 2016-10-08 19:09:17 -06:00
Todd C. Miller
d0ccd947d0 Wrap wordexp(3) in sudo_noexec. 2016-10-05 20:21:18 -06:00