isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,317 Commits 1 Branch 0 Tags
f492e530569d49a79c7043f0f238f2b6ff04511f
Commit Graph

274 Commits

Author SHA1 Message Date
Todd C. Miller
f492e53056 Add bsm audit support from Christian S.J. Peron 2009-02-11 01:18:02 +00:00
Todd C. Miller
0bfb3394bb Don't try to build sudo_noexec.so on HP-UX with the bundled compiler as 
it cannot generate shared objects.
 2008-12-09 21:13:02 +00:00
Todd C. Miller
02a894a09c Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX 2008-12-02 17:30:39 +00:00
Todd C. Miller
2464ba1f58 correctly enable SIA on Digital UNIX 2008-11-26 20:10:23 +00:00
Todd C. Miller
48329f0e43 Add isblank() function for systems without it. Needed for POSIX 
character class matching in fnmatch.c and glob.c.
 2008-11-03 18:19:14 +00:00
Todd C. Miller
13e2ccea68 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT krb5. 
Really old heimdal has no krb5_get_init_creds_opt_alloc() at all.  Add
configure tests to handle all the cases.
 2008-10-23 16:06:23 +00:00
Todd C. Miller
99cdf6dc8d Add tests for __signed char and signed char. 2008-10-03 13:59:39 +00:00
Todd C. Miller
ca6eddf0df Replace the double fork with a fork + daemonize. 2008-06-22 20:19:42 +00:00
Todd C. Miller
c372928c38 Fix configure test for dirfd() on Linux where DIR is opaque. 2008-06-20 21:16:09 +00:00
Todd C. Miller
cfb45078b2 Add description for NO_PAM_SESSION, from a redhat patch. 2008-06-08 21:37:25 +00:00
Todd C. Miller
e2cbaa50a3 Redo the test for dgettext() in a way that hopefully will work around 
the libintl_dgettext() undefined problem.
 2008-05-18 17:54:48 +00:00
Todd C. Miller
f0a6827feb There was a missing space before the ldap libs in SUDO_LIBS for 
some configurations.
 2008-04-10 16:51:17 +00:00
Todd C. Miller
7fe25e284e remove duplicate check for dgettext 2008-04-07 18:26:13 +00:00
Todd C. Miller
241d0750f0 Back out AIX-specific change to set the sudo_noexec path to the .a 
file, we do really want to use the .so file.  Since libtool doesn't
do that correctly, just install the .so file ourselves in the Makefile.
 2008-03-23 14:18:56 +00:00
Todd C. Miller
52710ce517 AIX shared libs end in .a, not .so. 2008-03-14 12:11:57 +00:00
Todd C. Miller
229a79b6b8 update to libtool-1.5.26 2008-03-06 19:43:25 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
64d226e1d7 we are not going to ship a sudo-specific askpass 2008-03-04 22:16:49 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
f20935284b Disable use of gss_krb5_ccache_name() by default and add 
--enable-gss-krb5-ccache-name configure option to enable it.  It
seems that gss_krb5_ccache_name() doesn't work properly with some
combinations of Heimdal and OpenLDAP.
 2008-02-27 14:26:28 +00:00
Todd C. Miller
cf6bca4b07 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
279ee07ee0 comment out SELinux manual bits unless --with-selinux was specified 2008-02-17 13:11:38 +00:00
Todd C. Miller
506285209d Treat k*bsd*-gnu like Linux, not BSD. 
Fixes compilation problems on Debian GNU/kFreeBSD.
 2008-02-15 20:23:54 +00:00
Todd C. Miller
9635907f29 regen 2008-02-09 14:48:21 +00:00
Todd C. Miller
f0dc1caa45 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent 
ldap.conf and ldap.secret paths from going into config.h.
Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
since in some versions of bash they will end up literally in the resulting
define.
 2008-01-23 11:33:27 +00:00
Todd C. Miller
48df9c481b ldap_ssl.h depends on ldap.h being included first 2008-01-21 16:43:10 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
c268627f90 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into 
sudoers.ldap.man.
 2008-01-20 15:15:47 +00:00
Todd C. Miller
49f2264ad6 substitute for sudoers.ldap.man 2008-01-20 01:35:54 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
63f224f045 Don't add -llber twice. 2008-01-15 12:28:33 +00:00
Todd C. Miller
dde5143f08 Fix check that determines whether -llber is required. 2008-01-13 19:57:34 +00:00
Todd C. Miller
9a07c1a7f1 For netscape-based LDAP, use ldapssl_set_strength() to implement 
the checkpeer ldap.conf option.
 2008-01-13 19:22:11 +00:00
Todd C. Miller
1df9ca2dc1 Add check for ber_set_option() in -llber 2008-01-09 17:08:30 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s() 
Remove -DLDAP_DEPRECATED from CFLAGS
 2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn 
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
 2008-01-03 21:11:33 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00
Todd C. Miller
c148eb52d6 Move the dgettext check. 2007-12-02 00:34:54 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
a85dd4b861 Fix typos; Martynas Venckus 2007-11-27 17:13:03 +00:00
Todd C. Miller
bfd781ff65 fix setting of mandir 2007-11-21 20:02:39 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
c50e7d4c06 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. 2007-10-21 13:29:18 +00:00