isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,210 Commits 1 Branch 0 Tags
f047377a078ba6496afb37cd05ef0ce258d3fbab
Commit Graph

944 Commits

Author SHA1 Message Date
Todd C. Miller
026caf0081 Add basic support for --runstatedir 
If the user specifies --runstatedir but not --with-rundir, use
runstatdir as the parent directory of the sudo rundir.

In the future we may deprecate --with-rundir in favor of --runstatedir
but that will require changes for systems with no /var/run directory.
 2020-05-20 18:51:52 -06:00
Todd C. Miller
5a69831dd4 Sudo 1.9.1 2020-05-18 18:50:50 -06:00
Todd C. Miller
d3b710b0da cfmakeraw(3) is broken on AIX, don't use it there 
The cfmakeraw(3) function exists but does not set VMIN to 1 or VTIME
to 0 in c_cc[] in struct termios, which makes it useless.  The AIX
version also doesn't clear the CSIZE and PARENB flags from c_cflag.
 2020-05-12 09:52:27 -06:00
Todd C. Miller
04cb06160a Fix a few more typos. 2020-05-07 07:49:54 -06:00
Todd C. Miller
a212ee64e3 Use the --embed when running "python3-config --ldflags" if supported. 
Newer versions of python3-config only include libpython in the
output when the --embed is used.  Otherwise, "python3-config --libs"
and "python3-config --ldflags" only list the libraries python is
dependent on and not the python library itself.
 2020-05-03 12:56:26 -06:00
Todd C. Miller
024b146d06 1.9.0 final 2020-04-14 19:26:41 -06:00
Todd C. Miller
55eb0a633c Install the example sudo_logsrvd.conf unless one already exists 2020-04-08 08:54:27 -06:00
Todd C. Miller
dfd5a88772 Sudo 1.9.0rc1 2020-04-07 15:08:26 -06:00
Todd C. Miller
0a10c702be Split sudo_logsrvd and the python plugin into their own packages. 2020-04-07 14:03:58 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
0fcb647160 Check for presence of fseeko() regardless of utmp type. 2020-01-28 13:00:54 -07:00
Todd C. Miller
c9b68ccb34 Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version 
Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
 2020-01-23 09:38:09 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Robert Manner
b66ecf6e13 plugins/python: various portability improvements 2020-01-20 06:30:20 -07:00
Todd C. Miller
aed69fb471 We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. 
Otherwise, LD_LIBRARY_PATH does not work when running the tests.
The GNU linker's --enable-new-dtags can be used to do this.
We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
 2020-01-15 10:13:54 -07:00
Todd C. Miller
8747a9554e If --enable-openssl or --enable-gcrypt is given a path, append to LDFLAGS. 
Previously we appended the path to SUDOERS_LDFLAGS but now that we
use OpenSSL in the log server, LDFLAGS is the correct one to use.
 2020-01-07 11:33:26 -07:00
Todd C. Miller
5bf0752021 Substitute plugin dir into examples/sudo.conf 2020-01-02 12:53:30 -07:00
Todd C. Miller
c8532ae7a9 Enable OpenBSD extensions on NetBSD to get reallocarray(3) prototype. 2019-12-25 11:21:49 -07:00
Todd C. Miller
c6f8f4b545 Move init.d and sudo.pp to the etc dir. 2019-12-23 14:29:27 -07:00
Todd C. Miller
4690d3ecf6 Add cfmakeraw() for systems without it. 2019-12-23 13:15:34 -07:00
Todd C. Miller
96a03a0891 regen 2019-12-14 13:02:53 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
58cede6fee Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv 2019-11-15 13:35:58 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Laszlo Orban
e201f104d4 make audit server openssl dependency optional; tls layer is compiled only if sudo is built with --enable-openssl feature switch 2019-11-15 09:52:48 +01:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
240d589136 Command line option processing for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
2272430716 Import proof of concept sudo log server. 2019-10-24 20:04:29 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b6aa80b5f8 Sudo 1.8.28p1 2019-10-16 05:57:58 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
fd5d0f511e Back out compiler override for now. 2019-10-06 10:46:18 -06:00
Todd C. Miller
364821602d Only prefer clang over gcc on BSD systems. 2019-10-06 08:35:28 -06:00
Todd C. Miller
7355363d6a Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred compiler. 2019-09-20 11:30:08 -06:00
Todd C. Miller
0faf5eed7c If no mandoc or nroff is present, install mdoc format manuals. 
If there is no installed nroff/mandoc they will need to install groff
or heirloom doctools to format the manual pages.
 2019-09-19 11:16:45 -06:00
Todd C. Miller
e49e8c1e8b Prefer clang over gcc. 
We want to use clang on systems where clang is the system compiler.
It is less common to have clang installed on systems where gcc is
the system compiler.
 2019-09-17 08:46:37 -06:00
Todd C. Miller
0bbfdc9920 Add regress tests for str2sig() and sig2str(). 2019-08-19 08:37:08 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
aa73c86a5b Revert version back to 1.8.28 2019-07-26 15:14:52 -06:00
Todd C. Miller
5e424640b9 Use strftime(3) instead of formatting struct tm by hand. 
Fixes a warning on newer versions of gcc.
 2019-07-19 20:14:44 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00