isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,815 Commits 1 Branch 0 Tags
d8d6fae793669d1c48e6ccd5859f8bf377f037a0
Commit Graph

7815 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d8d6fae793 Sync with translationproject.org 2015-03-16 14:11:19 -06:00
Todd C. Miller
8088806bd8 Update function names in debug_decl. 2015-03-10 11:09:25 -06:00
Todd C. Miller
ef1b2c3beb Use TCSAFLUSH instead of TCSANOW in sudo_term_copy(). 
Be consistent with where we put TCSASOFT in the action flags.
 2015-03-10 08:55:01 -06:00
Todd C. Miller
0600a0d0a9 Sync with translationproject.org 2015-03-09 11:16:09 -06:00
Todd C. Miller
9f22416935 Include unistd.h since sudo_compat.h uses gid_t. 2015-03-08 18:53:58 -06:00
Todd C. Miller
5cfd0cff9c Add --disable-weak-symbols option to disable use of weak symbols 
in libsudo_util.
 2015-03-05 14:43:06 -07:00
Todd C. Miller
1e724eac8d regen 2015-03-05 12:57:14 -07:00
Todd C. Miller
26f0d6d800 When checking for weak aliases, check the gcc attribute format last 
since some C compilers just ignore unsupported attributes.
 2015-03-05 12:44:48 -07:00
Todd C. Miller
da092640be Update copyright year. 2015-03-05 12:43:50 -07:00
Todd C. Miller
9896b2243d Sync with translationproject.org 2015-03-05 12:28:51 -07:00
Todd C. Miller
35dcb05a5f Fix symbol name collision with systems that have their own sha2 
implementation.  This can result in PAM using the wrong sha2
implementation on Solaris systems configured to use SHA512 for
passwords.
 2015-03-05 12:27:26 -07:00
Todd C. Miller
2dd0540ad6 Use SSP_LDFLAGS when linking sudo_noexec.la 2015-03-05 10:10:29 -07:00
Todd C. Miller
a7edf7d984 Remove compat/utime.h, it was only useful for ancient systems that 
are no longer capable of compiling sudo.
 2015-03-03 16:57:55 -07:00
Todd C. Miller
1592192cef Link libsudo_util with -lrt on systems where clock_gettime is in -lrt. 2015-03-02 16:05:57 -07:00
Todd C. Miller
480d267116 Update. 2015-03-02 15:38:47 -07:00
Todd C. Miller
30adf83b12 Update OpenBSD CVS Ids 2015-03-02 14:43:38 -07:00
Todd C. Miller
5647a1ac46 Make comment match code. 2015-03-02 14:42:17 -07:00
Todd C. Miller
3c79ea75bb Fix compilation error on systems without futimes(). 2015-03-02 14:28:46 -07:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00
Todd C. Miller
ea514dc391 Fix compiler warning on systems where mode_t is not unsigned int, 
such as 32-bit Solaris.
 2015-03-02 13:58:45 -07:00
Todd C. Miller
c9d4e1084c Fix logic for verifypw/listpw all in sudoers LDAP and sssd. 2015-03-02 11:37:43 -07:00
Todd C. Miller
b78a985bf0 Fix cut & pasto that prevented the SIGPIPE handler from being 
restored before returning from tgetpass().  From mancha
 2015-03-02 08:49:04 -07:00
Todd C. Miller
f25cf99679 Our utimes() emulation support futime() too. 2015-02-28 15:13:19 -07:00
Todd C. Miller
74d3745cc6 regen 2015-02-27 14:48:41 -07:00
Todd C. Miller
233783511d Define YYDEBUG to 0 if not already defined so we can protect use 
of sudoersdebug with "#if YYDEBUG" like the generated parser does.
From David Michael.
 2015-02-27 07:10:20 -07:00
Todd C. Miller
f95d762586 Document that Aliases may not be redefined and that "sudo -f /etc/sudo.d/foo" 
will not catch the redefinition.
 2015-02-26 16:54:14 -07:00
Todd C. Miller
8e1ceb5a7b Only create /usr/lib/tmpfiles.d/sudo.conf if 
/usr/lib/tmpfiles.d/systemd.conf also exists.  Some other package
may have created /usr/lib/tmpfiles.d even though it is not used.
 2015-02-26 09:55:01 -07:00
Todd C. Miller
d09a838939 regen 2015-02-26 09:40:10 -07:00
Todd C. Miller
a056794e9c Clear the ts dir instead of just making sure it exists. 2015-02-26 09:21:18 -07:00
Todd C. Miller
083f59a75c Only substiture init.d scripts that we are going to use. 2015-02-26 09:19:08 -07:00
Todd C. Miller
8fdc46433c Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. 2015-02-25 16:45:12 -07:00
Todd C. Miller
973286c7ac Check the return value of gettimeofday(), even though it should 
never fail.
 2015-02-25 07:10:25 -07:00
Todd C. Miller
5d2e9426b2 We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as 
it may be present but not implemented.  Add sudo_gettime_real() and
sudo_gettime_mono() functions to get the real and monotonic times
respectively.  Now sudo_gettime_mono() checks the value of
sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC)
and falls back on sudo_gettime_real() as needed.  The Mach version
of sudo_gettime_mono() uses mach_absolute_time().

This should fix problems with timestamp files on systems where
the CLOCK_MONOTONIC is defined but not actually implemented.
 2015-02-24 11:19:21 -07:00
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
23f4e49f4d Plug memory leak when debug file cannot be opened. 
Use %zu printf format now that our snprintf support it.
 2015-02-23 15:40:37 -07:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
e11f32fd42 On AIX use the value of auth_type in /etc/security/login.cfg to 
determine whether to use LAM or PAM unless the user specified the
--with-pam or --with-aixauth configure flags.
 2015-02-23 11:12:43 -07:00
Todd C. Miller
1ce9dd5e07 Fix cast. 2015-02-23 06:32:43 -07:00
Todd C. Miller
b5831d55d8 Update snprintf.c from OpenBSD. The floating point and wide character 
code has been retained but is not compiled by default.
 2015-02-21 16:52:14 -07:00
Todd C. Miller
1ca3e1834e Update the regression test that check that all tags are parsed. 2015-02-20 16:02:37 -07:00
Todd C. Miller
49128a79e3 Add regress for mkdtemp and mkstemps from OpenBSD 2015-02-20 14:37:02 -07:00
Todd C. Miller
bd8eebd6f7 regen 2015-02-20 06:33:37 -07:00
Todd C. Miller
bb5093f40f Sync with translationproject.org 2015-02-20 06:33:02 -07:00
Todd C. Miller
f9af2bc99e Correct SECURE_PATH comment. 2015-02-20 06:30:41 -07:00
Todd C. Miller
93b52daaba Sudo 1.8.13 2015-02-20 06:29:41 -07:00
Todd C. Miller
be8dbeb22e Avoid using HOST_NAME_MAX directly and use sysconf(_SC_HOST_NAME_MAX) 
instead.
 2015-02-19 20:28:02 -07:00
Todd C. Miller
9b514ed83c Historically, crypt() returned the empty string on error, which 
ensured that crypt("", "") would return "", which supported matcing
empty encrypted passwords with no additional code.  Some modern
versions of crypt() (such as glibc) return NULL on error so we need
an explicit test to match an empty plaintext password and an empty
encrypted password.
 2015-02-19 14:17:57 -07:00
Todd C. Miller
615aee9d1e Sort tags lexically in the sudoers manual 2015-02-19 10:13:25 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00