isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,283 Commits 1 Branch 0 Tags
ce97ca28db2bc09b07d555895bceafac4b8418b3
Commit Graph

326 Commits

Author SHA1 Message Date
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
4bc70c02c1 Always use a linker script to hide symbols if it is supported. 
We use this even if the compiler has symbol visibility support so
we will notice mismatches between the exports file and __dso_public
annotations in the source code.
 2020-08-03 10:27:27 -06:00
Todd C. Miller
38e28dcbf5 Rename python_plugin.exp.in -> python_plugin.exp 
There is nothing dynamic in this file.
 2020-08-03 10:15:28 -06:00
Todd C. Miller
3b4d4ab8dd Add missing python_plugin.exp.in file and remove unneeded __dso_public 
This fixes building the python plugin on systems where the compiler
doesn't support symbol hiding (but wherethe linker does).
 2020-08-03 09:53:12 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
kuberlog
054939c1ed configure.ac: fix documentation about lecture 2020-07-21 08:47:03 -06:00
Todd C. Miller
bd24a322cc Handle openssl where there is no separate libcrypto pkgconfig file. 
In this case, just use the full openssl libs to get the sha2 functions.
 2020-07-16 08:15:02 -06:00
Todd C. Miller
10f8bb6398 Ignore --enable-gcrypt if --enable-openssl is also specified. 2020-07-16 07:32:13 -06:00
Todd C. Miller
6a9ed1998b Sudo 1.9.2 2020-07-15 10:46:31 -06:00
Todd C. Miller
be89bdcf7c Fix some warnings displayed by autoconf 2.69b 
This fixes the missing HAVE_GSSAPI_GSSAPI_H define in config.h.in.
TODO: replace shadow_funcs variable in function checks with literals
 2020-07-15 10:12:55 -06:00
Todd C. Miller
4cadd54951 Use pkg-config to find the openssl cflags and libs if possible. 
We support linking against static openssl libs too.
 2020-06-25 20:55:02 -06:00
Todd C. Miller
5e9346d4e9 Add -Wimplicit-fallthrough to --enable-warnings if available. 
Note that clang 10 has support for -Wimplicit-fallthrough in C code
but doesn't recognize lint-style FALLTHROUGH comments like gcc does
so we can't use it.
 2020-06-20 13:51:02 -06:00
Todd C. Miller
23b1ee2f45 Fix some warnings from configure test programs. 2020-06-20 13:51:02 -06:00
Todd C. Miller
f2dce25ac1 Drop old test for -lcposix for ISC Unix. 2020-06-20 11:21:27 -06:00
Todd C. Miller
48c2bd0007 Declare getdelim(3) if it exists in libc but is not prototyped in stdio.h. 
This can happen on systems with a gcc packages that was built on
and older versions of the OS where getdelim(3) was not present.
 2020-06-06 18:45:27 -06:00
Todd C. Miller
17b3f90f74 For python3-config, only use -I and -L/-l from --cflags and --ldflags output. 
Otherwise we may get other flags used to build python that conflict
with what sudo uses.
 2020-06-06 16:32:10 -06:00
Todd C. Miller
026caf0081 Add basic support for --runstatedir 
If the user specifies --runstatedir but not --with-rundir, use
runstatdir as the parent directory of the sudo rundir.

In the future we may deprecate --with-rundir in favor of --runstatedir
but that will require changes for systems with no /var/run directory.
 2020-05-20 18:51:52 -06:00
Todd C. Miller
5a69831dd4 Sudo 1.9.1 2020-05-18 18:50:50 -06:00
Todd C. Miller
d3b710b0da cfmakeraw(3) is broken on AIX, don't use it there 
The cfmakeraw(3) function exists but does not set VMIN to 1 or VTIME
to 0 in c_cc[] in struct termios, which makes it useless.  The AIX
version also doesn't clear the CSIZE and PARENB flags from c_cflag.
 2020-05-12 09:52:27 -06:00
Todd C. Miller
04cb06160a Fix a few more typos. 2020-05-07 07:49:54 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
a212ee64e3 Use the --embed when running "python3-config --ldflags" if supported. 
Newer versions of python3-config only include libpython in the
output when the --embed is used.  Otherwise, "python3-config --libs"
and "python3-config --ldflags" only list the libraries python is
dependent on and not the python library itself.
 2020-05-03 12:56:26 -06:00
Todd C. Miller
024b146d06 1.9.0 final 2020-04-14 19:26:41 -06:00
Todd C. Miller
55eb0a633c Install the example sudo_logsrvd.conf unless one already exists 2020-04-08 08:54:27 -06:00
Todd C. Miller
dfd5a88772 Sudo 1.9.0rc1 2020-04-07 15:08:26 -06:00
Todd C. Miller
0a10c702be Split sudo_logsrvd and the python plugin into their own packages. 2020-04-07 14:03:58 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
0fcb647160 Check for presence of fseeko() regardless of utmp type. 2020-01-28 13:00:54 -07:00
Todd C. Miller
c9b68ccb34 Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version 
Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
 2020-01-23 09:38:09 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Robert Manner
b66ecf6e13 plugins/python: various portability improvements 2020-01-20 06:30:20 -07:00
Todd C. Miller
aed69fb471 We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. 
Otherwise, LD_LIBRARY_PATH does not work when running the tests.
The GNU linker's --enable-new-dtags can be used to do this.
We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
 2020-01-15 10:13:54 -07:00
Todd C. Miller
8747a9554e If --enable-openssl or --enable-gcrypt is given a path, append to LDFLAGS. 
Previously we appended the path to SUDOERS_LDFLAGS but now that we
use OpenSSL in the log server, LDFLAGS is the correct one to use.
 2020-01-07 11:33:26 -07:00
Todd C. Miller
5bf0752021 Substitute plugin dir into examples/sudo.conf 2020-01-02 12:53:30 -07:00
Todd C. Miller
c8532ae7a9 Enable OpenBSD extensions on NetBSD to get reallocarray(3) prototype. 2019-12-25 11:21:49 -07:00
Todd C. Miller
c6f8f4b545 Move init.d and sudo.pp to the etc dir. 2019-12-23 14:29:27 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Robert Manner
91e6bf8ccd Makefile.in, configure.ac: add python plugin build 2019-12-14 12:55:42 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
58cede6fee Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv 2019-11-15 13:35:58 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00