isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
7,468 Commits 1 Branch 0 Tags
ebbd62eac825cbb0d59ab587ce78baf0c5cb579c
Commit Graph

7468 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
02d86aafe8 When emulating DSO_NEXT with shl_get() we need to skip the program's 
handle.  This used to be documented as being index -2 but now it
seems to be index 0.  As this is not guaranteed we need to look up
the real handle value for PROG_HANDLE and skip it when interating
through all the DSOs.  Fixes infinite recursion on HP-UX in the
getenv() replacement.
 2014-02-11 07:43:13 -07:00
Todd C. Miller
151f001d81 Export getenv() so it is visible to shared objects we link with. 2014-02-11 07:34:04 -07:00
Todd C. Miller
d748ebe48b Add some initprogname() calls to the test programs. 2014-02-08 06:24:01 -07:00
Todd C. Miller
8b94d558df regen 2014-02-07 15:15:09 -07:00
Todd C. Miller
414edf65e8 Mention that there is now a default LDAP search filter. 2014-02-07 15:03:18 -07:00
Todd C. Miller
a54e52d588 Minor word choice change. 2014-02-07 15:03:00 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7a1cd11c0d Update copyright year. 2014-02-06 16:00:56 -07:00
Todd C. Miller
4727c52e1e Mention LDAP changes. 2014-02-06 16:00:47 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
b299763e34 Don't warn about an insecure lecture dir twice. 
Display warnings in the user's locale.
 2014-02-06 15:46:27 -07:00
Todd C. Miller
4e733589e7 Mention the fix for ^Z at the password prompt when sudo was started 
in the background.
 2014-02-05 12:57:47 -07:00
Todd C. Miller
135c85e152 In term_restore(), only restores the terminal if we are in the 
foregroup process group.  Instead of calling tcgetpgrp(), which is
racy, we set a temporary handler for SIGTTOU and check whether it
was received after a failed call to tcsetattr().
 2014-02-05 12:03:58 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
91141e5cc1 Quiet a gcc warning. 2014-02-05 09:55:31 -07:00
Todd C. Miller
fbfe7caba4 Need to include limits.h for USHRT_MAX. 2014-02-05 09:55:30 -07:00
Todd C. Miller
08af9d0516 Use bool for function return values instead of 1 or 0. 2014-02-04 15:18:16 -07:00
Todd C. Miller
249becb1ac Warn the user if the rundir needs to be cleared in the rc files. 
Neither AIX not HP-UX clear /var/run (if it even exists).
 2014-02-04 15:14:48 -07:00
Todd C. Miller
b1851f6936 Update for sudo 1.8.9p5 2014-02-04 10:24:35 -07:00
Todd C. Miller
31858894c4 When the closefrom limit is greater than any of the preserved fds, 
the pfds list will be non-empty but lastfd will be -1 triggering
an ecalloc(0) assertion.  Instead, test for lastfd being -1 and
make sure we always update it, even if dup() fails.
Also restore initial value of lowfd after we are done relocating.
Fixes bug #633
 2014-02-04 06:22:19 -07:00
Todd C. Miller
c8984598e8 Document function return values. 2014-02-04 06:13:43 -07:00
Todd C. Miller
b1de1bce33 term_restore() now restarts itself so we don't need to do it ourselves. 2014-02-03 20:36:48 -07:00
Todd C. Miller
a61abeb364 syscall restarting is broken on Mac OS X when interrupted by a tty 
signal so restart tcsetattr() by hand.  For details, see.
http://openradar.appspot.com/radar?id=6402578615107584
 2014-02-03 16:51:51 -07:00
Todd C. Miller
26f2dd3b9b Add regress for atobool(), atoid() and atomode() 2014-02-03 10:47:19 -07:00
Todd C. Miller
efd31a31ec Add back boottime.lo 2014-02-03 08:08:54 -07:00
Todd C. Miller
7292e607fc Mention that rundir and vardir may be the same and what to do if they are. 2014-02-03 06:16:51 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
b590182abf Check libraries for inet_pton() if not in libc. 2014-02-03 05:42:39 -07:00
Todd C. Miller
719e58740b Fix clock_gettime() detection when it lives in librt. 
Some systems have inet_aton() in libresolv (older Solaris).
 2014-02-02 08:34:53 -07:00
Todd C. Miller
4831eeaac2 Avoid duplicate directories if vardir and rundir are the same. 2014-02-02 06:39:05 -07:00
Todd C. Miller
a9a7768d56 regen 2014-02-02 05:23:54 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
17ab16824b Remove the time stamp dir and its contents when uninstalling. We 
currently leave the lecture status files installed until there is
a better way to detect upgrades.
 2014-02-01 06:30:40 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
32b897ac67 Restore warning when sudoers is unable to update the time stamp file. 2014-02-01 06:11:29 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
fb29e91ef0 Fix use of timestampowner in the new time stamp world order. Parent 
directories for timestampdir and lecture_dir are now created with
the execute bit set so that we can traverse them as non-root.
 2014-02-01 05:47:16 -07:00
Todd C. Miller
a2dc10ece7 Regen Makefiles. 2014-01-31 15:46:25 -07:00
Todd C. Miller
d0f343ba2e Move ctim_get and mtim_get to sudo_util.h 2014-01-31 15:43:34 -07:00
Todd C. Miller
32b4713d6d sprinkle some debug printfs and add function header comments 2014-01-31 15:28:41 -07:00
Todd C. Miller
d7257a63e7 Properly handle the case where /var/run/sudo/ts doesn't exist. 2014-01-31 15:02:31 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
f04f6eeb4a Mention "sudo -K" change. 2014-01-31 10:05:57 -07:00
Todd C. Miller
51cab56795 Upgrade info for 1.8.10 2014-01-31 10:05:49 -07:00
Todd C. Miller
596fc68aca Warn on ftruncate failure(). 2014-01-30 16:24:48 -07:00
Todd C. Miller
63e7aa9942 Fix checking of lecture status. 2014-01-30 16:15:03 -07:00
Todd C. Miller
f4e037a0da Do not override timedir on Debian. 2014-01-30 16:07:28 -07:00
Todd C. Miller
b813c4de48 Use sudo_timeval macros and remove compat macros from missing.h 2014-01-30 15:51:59 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00