mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 05:17:54 +00:00
Code Issues Releases Wiki Activity
8,350 Commits 6 Branches 326 Tags
Commit Graph

928 Commits

Author SHA1 Message Date
Todd C. Miller
21166d4da9 Make sure that SIGCHLD is not treated as a user-generated signal 
in which case it could be ignored.  Bug #676
 2014-11-04 09:24:41 -07:00
Todd C. Miller
55098ff6ec Mark the putenv(), setenv() and unsetenv() symbols as global, not 
hidden.  Fixes a mismatch where a plugin (or its loaded dso) would
call setenv() to set a variables but be unable to find it later
with getenv().
 2014-10-29 10:54:40 -06:00
Todd C. Miller
ef6dfb3ced Adapt to new debug subsystem registration. 2014-10-28 07:36:08 -06:00
Todd C. Miller
6b1b734ffa Add a flag argument to sudo_conf_read() so we can decide which 
bits get parsed.  This lets us parse Debug statements first and
init the debug subsystem early.
 2014-10-26 08:33:08 -06:00
Todd C. Miller
4c8573ac2b Free up plugin info structs after converting to plugin containers. 2014-10-24 15:09:35 -06:00
Todd C. Miller
4bf641df69 In the plugin registers with the debug framework at open time, the 
sudo front-end will now set the default debug instance appropriately
before calling into the plugin.  This means the plugin no longer needs
to do the sudo_debug_set_default_instance() dance.
 2014-10-24 11:17:48 -06:00
Todd C. Miller
d0cc4d9e4b Fix inet_ntop() replacement on older systems without it. 
We only expose the prototype for net_ifs.c due to the
use of socklen_t.
 2014-10-23 15:44:03 -06:00
Todd C. Miller
17a2a27e46 Use generic bitmap macros instead of select-style fd_set. 2014-10-23 14:37:27 -06:00
Todd C. Miller
119c13d8b3 Fix includes order. 2014-10-23 10:16:13 -06:00
Todd C. Miller
fe9e035ccf Set debug instance for standalone programs. 2014-10-23 09:40:36 -06:00
Todd C. Miller
1ca52382a4 Fix compilation issues, fallout from the debug changes. 2014-10-23 09:26:13 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
346ff6766e Pass plugin path in the settings array. 2014-10-22 13:13:00 -06:00
Todd C. Miller
1e0b8903f2 Return settings from parse_args as struct sudo_settings and format 
for the plugin at plugin open time.  This will allow for additional,
plugin-specific settings to be added to the array.
 2014-10-22 13:13:00 -06:00
Todd C. Miller
837fb1f81d Only check stdin for the tty and avoid the check entirely if we 
don't have a way to get the tty from the kernel.  Bug #643
 2014-10-07 13:50:53 -06:00
Todd C. Miller
dc67442151 Avoid comparing new cwd with old one if getcwd() failed. 
Bug #670
 2014-10-07 10:56:50 -06:00
Todd C. Miller
bd99dcc028 Add sudo_warn_set_conversation() to specify a conversation function 
to use for warn/fatal.  If no conversation function is specified,
the standard error will be used.  We now only need sudo_printf()
for things that use the parser.
 2014-10-05 16:41:52 -06:00
Todd C. Miller
5f9e84ea51 Use inet_ntop() instead of inet_ntoa() and include a version for 
systems that are missing it.
 2014-10-02 07:55:08 -06:00
Todd C. Miller
2f3ebce118 Always use --tag=disable-static to avoid installing a static 
sudo_noexec.
 2014-10-01 14:39:20 -06:00
Todd C. Miller
1d0b5422ae Include sys/types.h to get gid_t, etc used in sudo_compat.h. 
Fixes a build issue on Solaris.
 2014-10-01 09:30:17 -06:00
Todd C. Miller
b2e138bde0 Fix cust & pasto in error message when there is a mismatch between 
the sudo and libc ttys.  From Diego Elio Petteno'.  Bug #643
 2014-09-29 15:33:39 -06:00
Todd C. Miller
7ab40be5c0 On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh 
(which is usually ksh).  This makes sudo's behavior when executing
a shell without the #! magic number match execvp() on AIX.
 2014-09-20 09:21:51 -06:00
Todd C. Miller
d1fe802f08 Fix compilation on systems without openpty(), _getpty() or grantpt(). 
From Vasilyy Balyasnyy
 2014-09-10 05:57:31 -06:00
Todd C. Miller
398a16c6af Remove remaining use of SUDO_CONV_DEBUG_MSG. 2014-09-08 16:37:33 -06:00
Todd C. Miller
1cc2433428 If we were invoked with any name ending in "edit", treat as sudoedit. 2014-09-08 09:37:39 -06:00
Todd C. Miller
328c563791 Check return value of sigaction(), even though it should never fail. 2014-09-04 10:13:26 -06:00
Todd C. Miller
111136dc8b regen 2014-09-03 10:32:02 -06:00
Todd C. Miller
0546f0b6a2 Convert a debug printf to a user-visible warning. 2014-08-31 20:32:18 -06:00
Todd C. Miller
cfa4cebf13 Remove signal_event from evbase before calling sudo_ev_loopexit() 
when the command has exited or been killed.  It is possible that
we could receive another signal on the pipe if they are delivered
out of order.
 2014-08-30 16:24:53 -06:00
Todd C. Miller
26e61adc50 Treat EOF on signal pipe (which should never happen) as ECONNRESET. 2014-08-29 11:20:17 -06:00
Todd C. Miller
2b849b2687 Don't allow sudo_ev_loopcont() to override sudo_ev_loopexit() 2014-08-29 09:47:08 -06:00
Todd C. Miller
acdb6d3690 Change behavior when plugin I/O logging function returns 0 or -1. 
For -1 (error) return, we now kill the command and disable
the I/O logging function that returned the error.
For a 0 (reject) return, we no longer display the rejected
output to the user's terminal.  The plugin API revision is now 1.6.
 2014-08-26 12:07:57 -06:00
Todd C. Miller
79f209dbd7 Fix restoration of effective uid/gid in command_details. 
This masked the effects an unset (really zero) egid.
Bug 656
 2014-08-25 11:30:03 -06:00
Todd C. Miller
4f1deee575 Set runas egid to the same value as runas gid if egid not specified 
by the plugin.  Only affects new files created by sudoedit.  Bug #656
 2014-08-25 11:27:30 -06:00
Todd C. Miller
5676d9874d Don't leak temp fd in sudo_edit_copy_tfiles(). 
Fix fd leak in error path in sudo_edit_copy_tfiles().
 2014-08-25 10:42:59 -06:00
Todd C. Miller
db494700d6 We write an unsigned char, not an int, to the signal pipe. 2014-08-22 11:06:05 -06:00
Todd C. Miller
a8f63191ef Sprinkle some debugging around uid/gid setting in sudoedit. 2014-08-21 15:42:35 -06:00
Todd C. Miller
db35c7c0e4 Make sudoedit work with SELinux RBAC. 
Adapted from RedHat patches (Daniel Kopecek) but made to behave a
bit more like the non-SELinux bits.
 2014-08-21 15:28:36 -06:00
Todd C. Miller
a147330f3f Refactor code that copies temp files into separate functions. 2014-08-21 15:28:35 -06:00
Todd C. Miller
2c542178a3 Add missing call to initprogname(). 2014-08-18 16:46:55 -06:00
Todd C. Miller
dd43530f0a Remove two instances of -no-fast-install that were missed before. 2014-08-08 11:07:09 -06:00
Todd C. Miller
703263bf0e Fix "sudo -C" when we have internal fds to preserve from closefrom(). 2014-08-07 09:38:03 -06:00
Todd C. Miller
7a988d489c It is now sudo_efree() not efree(). 
Don't try to free a pointer to garbage on error.
 2014-07-30 09:46:48 -06:00
Todd C. Miller
edf0d39703 Plug memory leak, even though we are headed for exit. 2014-07-29 19:33:55 -06:00
Todd C. Miller
ae0014d6f4 Attempt to handle systems with SA_SIGINFO but that lack SI_USER. 2014-07-28 20:25:46 -06:00
Todd C. Miller
787a89ed0d Back out old workaround for sudoedit hang when debugging was enabled. 2014-07-26 06:07:34 -06:00
Todd C. Miller
6f77ffd7c7 Don't memcpy() the preserved_fds TAILQ as the pointers into the 
head will be wrong.  All we need to do is save the old command
details and restore them after calling run_command().  Fixes a hang
with sudoedit when debugging is enabled.
 2014-07-26 06:06:18 -06:00
Todd C. Miller
32a837623e The default policy close function should only print an error message 
if the error_code is non-zero.
 2014-07-25 17:07:23 -06:00
Todd C. Miller
7e5a239741 If there the preserved fds list is empty, add a new element with 
TAILQ_INSERT_HEAD instead of TAILQ_INSERT_TAIL to avoid an infinite
loop on AIX, Solaris and possibly others when debug mode is active.
 2014-07-25 17:00:10 -06:00