isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,267 Commits 1 Branch 0 Tags
e82b67314c47cf3fa55f5123d039980e73f441b8
Commit Graph

6267 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
e82b67314c Need to call ldapssl_clientauth_init() for start_tls on Mozilla 
LDAP SDK.
 2012-04-24 12:52:36 -04:00
Todd C. Miller
28268ed99c Fix printing of invalid uri 2012-04-24 10:34:02 -04:00
Todd C. Miller
989361c275 Pass PAM_SILENT when deleting creds to remove an annoying warning 
message on Solaris.
 2012-04-24 09:48:58 -04:00
Todd C. Miller
0fbd5e1bc2 Fix the setutxent and endutxent compatibility defines (this time 
correctly) when only setutent and endutent are available.
 2012-04-23 20:04:26 -04:00
Todd C. Miller
f6c7ae2519 sudo_ldap_set_options_global() should not take an LDAP handle as 
an argument since the options affect the global settings.
 2012-04-23 19:56:41 -04:00
Todd C. Miller
5f513b8326 Debian sudo has not been built with --with-exempt=sudo since 1.6.8. 2012-04-23 16:47:42 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
1480bb88b7 Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is 
not specified.
 2012-04-23 16:29:48 -04:00
Todd C. Miller
cf4562c031 Delete creds after closing the PAM session. 2012-04-23 16:11:49 -04:00
Todd C. Miller
cde9f8aa12 Provide a more useful error message if using a Mozilla-style LDAP 
SDK and you forgot to specify TLS_CERT in ldap.conf.
 2012-04-23 15:30:34 -04:00
Todd C. Miller
ce9863358a Add missing initialization of a sigaction structure when I/O logging. 
Fixes a potential problem when suspending the command.
 2012-04-23 14:56:31 -04:00
Todd C. Miller
9f461efd5f Split global and per-connection LDAP options into separate arrays. 
Set global LDAP options before calling ldap_initialize() or ldap_init().
After we have an LDAP handle, set the per-connection options.
Fixes a problem with OpenLDAP using the nss crypto backend; bug #342
 2012-04-23 13:08:57 -04:00
Todd C. Miller
3491dd8189 sync with translationproject.org 2012-04-23 08:12:36 -04:00
Todd C. Miller
886ee33603 Move struct passwd pointer into struct command details. 2012-04-21 13:37:46 -04:00
Todd C. Miller
cc07164d92 Sync with upstream for Mac OS X (and other) fixes. 2012-04-20 15:36:23 -04:00
Todd C. Miller
c19ec8f9f6 Only built Mac intel universal binary on an intel machine. 2012-04-20 10:38:43 -04:00
Todd C. Miller
f490ff2288 Do not pass libtool the -static-libtool-libs option when building 
sudo and sesh.  Otherwise, libtool may prefer a static version of
an installed library over a dynamic one when linking.
 2012-04-20 09:41:18 -04:00
Todd C. Miller
4c36371ee1 Add German translation for sudo 
Add Croatian translation for sudoers
 2012-04-19 11:54:15 -04:00
Todd C. Miller
f3ab15b117 typo fix in comment 2012-04-19 11:49:18 -04:00
Todd C. Miller
15a9749364 Update with recent changes 2012-04-16 14:23:19 -04:00
Todd C. Miller
0ed6753914 Sort xgettext output by file name. 2012-04-16 12:55:11 -04:00
Todd C. Miller
b3f750b754 Clarify what "sudoreplay -l" displays and mention that it is sorted. 2012-04-16 11:45:29 -04:00
Todd C. Miller
cf3fce6651 Use AC_HEADER_MAJOR to determine where major/minor are defined. 2012-04-16 10:25:49 -04:00
Todd C. Miller
dbcd7222a1 Include sys/mkdev.h if present instead of sys/sysmacros.h for 
minor().  This is needed on Solaris (at least) where the makedev
macros in sysmacros.h are obsolete and library functions should be
used instead.
 2012-04-16 10:18:32 -04:00
Todd C. Miller
a714eb56f0 When building on Mac OS X, only set SDK_FLAGS if specified osversion 
doesn't match host.
 2012-04-16 10:14:56 -04:00
Todd C. Miller
21eddb5d60 Add back buf and tty variables for _ttyname() case that were 
inadvertantly removed.
 2012-04-15 13:10:26 -04:00
Todd C. Miller
28688e70a2 regen 2012-04-13 16:22:16 -04:00
Todd C. Miller
05eec0c627 Remove b8 from version number. 2012-04-13 16:16:40 -04:00
Todd C. Miller
8db20e6ae9 remove some XXX 2012-04-13 16:16:10 -04:00
Todd C. Miller
48d3b5aad1 When looking for a device match, do a breadth-first search instead 
of depth-first.  We already special case /dev/pts/ so chances are
good that if it is not a pseudo-tty it is in the base of /dev/.
Also avoid a stat(2) when possible if struct dirent has d_type.
 2012-04-13 16:00:32 -04:00
Todd C. Miller
5f969cc12a Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. 2012-04-13 15:18:40 -04:00
Todd C. Miller
89b90fa4cd sync with translationproject.org 2012-04-13 14:17:26 -04:00
Todd C. Miller
8f8ede3d25 New Croatian and Galician translations from translationproject.org 2012-04-13 14:15:22 -04:00
Todd C. Miller
08ad578b7c Add depth-first traversal of /dev/ for the /proc case when not /dev/pts/N 2012-04-13 12:54:03 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
45fcc29dd6 Sort output of "sudoreplay -l" 2012-04-13 08:35:19 -04:00
Todd C. Miller
dffaeb9cb5 Fix duplicate free introduced in last rev 2012-04-12 15:17:00 -04:00
Todd C. Miller
dfc90ff0b1 Instead of treating ^C from tgetpass() specially, always 
return AUTH_INTR if tgetpass() returned NULL.
Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X
returns this when there is no tty.
 2012-04-11 19:51:56 -04:00
Todd C. Miller
83fc02bc97 Rototill code to determine the tty. For Linux, we now look up the 
tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2].
The sudo_ttyname_dev() function maps the given device number to a
string.  On BSD, we can use devname().  On Solaris, _ttyname_dev()
does what we want.
TODO: write /dev/ traversal code for the generic sudo_ttyname_dev().
 2012-04-11 14:48:08 -04:00
Todd C. Miller
271f3e2054 Define PRNODEV for those w/o it. 2012-04-10 16:12:08 -04:00
Todd C. Miller
11f13be0dd Check for SVR4-style struct psinfo.pr_ttydev and use that to determine 
the tty if std{in,out,err} are not ttys.
 2012-04-10 15:53:41 -04:00
Todd C. Miller
2e59eafba6 Better support for SVR4-style /proc entries where we can't use 
ttyname() on the /proc/pid/fd/[0-2] entries.  We can, however,
attempt to map the device number back to the correct pseudo-tty
slave device.
 2012-04-10 14:35:30 -04:00
Todd C. Miller
329e224db9 When trying to determine the tty name, check parent's stderr in 
addition to its stdin and stdout.
 2012-04-10 13:49:49 -04:00
Todd C. Miller
eb8274bdcc Treat a tty read failure like EOF as it usually means the pty has 
gone away.  Handle write() on the tty returning EIO.
 2012-04-10 10:18:59 -04:00
Todd C. Miller
df04ccb207 Linux select() may return ENOMEM if there is a kernel resource 
shortage.  Older Solaris select() may return EIO instead of EBADF
when the tty goes away.  If we get an unhandled select() failure,
kill the child and exit cleanly.
 2012-04-10 10:18:39 -04:00
Todd C. Miller
30fee3aade Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might 
block in open.
 2012-04-10 09:26:52 -04:00
Todd C. Miller
53357633f1 Fix restoration of AIX permissions. 2012-04-09 15:39:01 -04:00
Todd C. Miller
df067cac47 Allow the -k flag to be used along with the -i and -s flags. 2012-04-09 14:27:33 -04:00
Todd C. Miller
5029c3cdce Plug memory leak in parse_logfile() in the error path. 2012-04-09 09:14:53 -04:00
Todd C. Miller
21f3e0deb2 sync with translationproject.org 2012-04-09 09:09:13 -04:00