mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00
Code Issues Releases Wiki Activity
6,420 Commits 6 Branches 326 Tags
3ba8da4ab6748c7c39b43cf7f6c43cae19afc082
Commit Graph

6420 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
3ba8da4ab6 Cast 2nd argument of lseek() to off_t if it is a constant for systems 
with 64-bit off_t but without a proper lseek() prototype.
 2012-08-07 14:42:08 -04:00
Todd C. Miller
7d255e42cb Fix some warnings from clang checker-267 2012-08-07 11:01:28 -04:00
Todd C. Miller
487c8abb08 Fix memory leak found by clang checker-267 2012-08-07 10:27:55 -04:00
Todd C. Miller
dc08cf3c99 If we receive a signal from the command we executed, do not forward 
it back to the command.  This fixes a problem with BSD-derived
versions of the reboot command which send SIGTERM to all other
processes, including the sudo process.  Sudo would then deliver
SIGTERM to reboot which would die before calling the reboot() system
call, effectively leaving the system in single user mode.
 2012-08-06 14:38:35 -04:00
Todd C. Miller
d10fb81fe5 Remove section about Solaris 10 on other systems. 
Add missing sudoers.man.in bit to fixman.sh.
 2012-08-03 09:27:39 -04:00
Todd C. Miller
61dfad9c52 Expand section on Solaris privileges. 2012-08-02 21:11:25 -04:00
Todd C. Miller
e7d1f8d54f Expand a bit on the Solaris priv set changes. 2012-08-02 16:48:35 -04:00
Todd C. Miller
355d40aa86 The second argument to init_parser() is now bool. 2012-08-02 15:40:11 -04:00
Todd C. Miller
80597710c1 Fix printing of parse error message to stderr. 2012-08-02 15:37:48 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00
Todd C. Miller
acba09fbbf Fix HP-UX, just use ".TH name section" like the vendor manuals. 2012-08-01 15:28:02 -04:00
Todd C. Miller
b1d1d89899 Fix compilation on Solaris 2012-08-01 14:57:14 -04:00
Todd C. Miller
602510f1bb Generate a sed script file when munging *.mdoc or *.man instead of 
passing sed expressions on the command line.  Older seds do not
support \n in a replacement so generate and run a sed script instead.
 2012-08-01 14:38:52 -04:00
Todd C. Miller
37cfbc8eaa Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" 2012-08-01 10:54:09 -04:00
Todd C. Miller
5e502bd6d6 When checking whether a signal is user-generated, compare si_code 
against SI_USER instead of <= 0 since on HP-UX, terminal-related
signals get a code of 0.
 2012-07-31 13:36:48 -04:00
Todd C. Miller
9c321baa78 SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX interchangably. 
This causes problems when setting RLIMIT_NPROC to RLIM_INFINITY due
to a bug in bash where bash tries to honor the value of _SC_CHILD_MAX
but treats a value of -1 as an error, and uses a default value of
32 instead.

Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
restored the previous value of RLIMIT_NPROC.  However, that makes
it impossible to set nproc to unlimited.  We now only restore the
nproc resource limit if sysconf(_SC_CHILD_MAX) is negative.  In
most cases, pam_limits will set RLIMIT_NPROC for us.
 2012-07-31 11:11:25 -04:00
Todd C. Miller
f205243bd7 Active Directory apparently requires that tenths of a second be 
present in a date so append .0 to the "now" value in the time filter.
Also remove space for the global AND from TIMEFILTER_LENGTH since
it was not being used consistently.  Buffers of TIMEFILTER_LENGTH
now need to account for the terminating NUL byte.
 2012-07-30 11:09:11 -04:00
Todd C. Miller
a9623c29c2 Fix SELinux build 2012-07-30 11:01:32 -04:00
Todd C. Miller
82c808c7ca Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they 
were not being kept in sync.
 2012-07-29 14:17:57 -04:00
Todd C. Miller
e470b86cbf Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they 
were not being kept in sync.
 2012-07-29 14:17:22 -04:00
Todd C. Miller
383e0c860b Fix printing of the permission denied message to standard error 
when a user is not allowed to run a command.  This got broken by
the recent logging changes.
 2012-07-27 16:22:09 -04:00
Todd C. Miller
2c7df29251 Bump grammar version for Solaris privs. 2012-07-27 15:32:42 -04:00
Todd C. Miller
ab64e36e54 Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder 
were added.  From David Hicks.
 2012-07-27 14:25:48 -04:00
Todd C. Miller
6ce246f0b0 Remove lex.yy.c when building toke.c 2012-07-26 14:31:05 -04:00
Todd C. Miller
ecb74d3e26 Fix building docs in a build dir. 2012-07-26 14:05:55 -04:00
Todd C. Miller
12bad90ba3 Remove pod versions of the manual; we now use mdoc. 2012-07-26 13:51:43 -04:00
Todd C. Miller
336233c2e5 Add post-processing scripts to strip out login class, BSD auth, 
SELinux and privilege set bits when they are not supported.
 2012-07-26 13:50:26 -04:00
Todd C. Miller
4abd2a6cf4 Merge in Solaris privilege support by Darren Moffat and John Zolnowsky 2012-07-26 13:49:21 -04:00
Todd C. Miller
a726a1ccfa Sync with CONTRIBUTORS file 2012-07-25 13:52:04 -04:00
Todd C. Miller
d29991f41b Regen .man.in files with my private mandoc. 2012-07-25 10:34:20 -04:00
Todd C. Miller
84a8573aab add MANDOC variable 2012-07-25 06:32:05 -04:00
Todd C. Miller
a06f7540f7 Regen .man.in files with hacked mandoc to avoid issues with historic 
nroff.
 2012-07-20 14:28:41 -04:00
Todd C. Miller
05e7cac89b Fix groff warnings. 2012-07-19 17:13:19 -04:00
Todd C. Miller
909f3da4d5 Fix dependencies for .man.in files. 2012-07-19 16:21:07 -04:00
Todd C. Miller
42e6496ed0 Add doc/*.mdoc to ignore file 2012-07-19 13:42:41 -04:00
Todd C. Miller
90f2cfa589 Build .man.in and .cat files from .mdoc.in files. 
Add new --with-man and --with-mdoc configure options.
 2012-07-19 13:41:14 -04:00
Todd C. Miller
0d8aa46bb1 Sudo manuals formatted in mdoc, to replace the pod versions. 2012-07-18 09:56:53 -04:00
Todd C. Miller
c5b374fac6 More minor costmetic fixes. 2012-07-18 09:16:09 -04:00
Todd C. Miller
f31f58a967 Minor cosmetic fixes. 2012-07-12 15:16:04 -04:00
Todd C. Miller
f7dc1d849f Use "a password is required" instead of "password required" when 
the -n flag is used and we need to read a password.
 2012-07-11 16:28:40 -04:00
Todd C. Miller
7aaa101736 Mention logging changes. 2012-07-10 14:59:30 -04:00
Todd C. Miller
5f83d35f78 regen 2012-07-10 14:53:52 -04:00
Todd C. Miller
6cc8c161a2 Document that other mail_* flags have precedence over mail_badpass. 2012-07-10 14:42:57 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00
Todd C. Miller
9c9cf9da41 Do not set a resource limit to zero when we are unable to fetch a 
value from /etc/security/limits.
 2012-07-06 10:10:03 -04:00
Todd C. Miller
5904f7ede9 Add "Provides: sudo" to debian sudo-ldap package 2012-07-05 09:34:20 -04:00
Todd C. Miller
958e39fc6a Define NO_VIZ for zlib when gcc doesn't support symbol visibility 
attributes.
 2012-07-02 13:34:35 -04:00
Todd C. Miller
f38349a026 Use the autoconf cache when checking for symbol export control support. 2012-07-02 11:20:05 -04:00
Todd C. Miller
f8f0021710 Add configure check for building PIE executables instead of doing 
it in mkpkg.
 2012-07-02 10:12:41 -04:00