mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity
6,596 Commits 6 Branches 326 Tags
Commit Graph

66 Commits

Author SHA1 Message Date
Todd C. Miller
8195fe1bd2 repair spacing 2012-11-13 08:54:31 -05:00
Todd C. Miller
c1db4b1546 Always include locale.h from gettext.h so we no longer need to 
include locale.h from the .c files.
 2012-11-11 20:23:53 -05:00
Todd C. Miller
83dde2fbb6 Add os-specific initialization functions for solaris (workaround 
setuid locale problem in Solaris 11) and openbsd (set malloc_options
if SUDO_DEVEL).  Also move set_project() to solaris.c.
 2012-11-11 07:11:22 -05:00
Todd C. Miller
dc08cf3c99 If we receive a signal from the command we executed, do not forward 
it back to the command.  This fixes a problem with BSD-derived
versions of the reboot command which send SIGTERM to all other
processes, including the sudo process.  Sudo would then deliver
SIGTERM to reboot which would die before calling the reboot() system
call, effectively leaving the system in single user mode.
 2012-08-06 14:38:35 -04:00
Todd C. Miller
4abd2a6cf4 Merge in Solaris privilege support by Darren Moffat and John Zolnowsky 2012-07-26 13:49:21 -04:00
Todd C. Miller
af9492d117 Provide unhooked version of getenv() and use it when looking up 
DISPLAY and SUDO_ASKPASS in the environment.
 2012-05-27 12:48:55 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
886ee33603 Move struct passwd pointer into struct command details. 2012-04-21 13:37:46 -04:00
Todd C. Miller
5f969cc12a Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. 2012-04-13 15:18:40 -04:00
Todd C. Miller
d35a8b4de4 Fetch the value of "askpass" from the sudo conf struct. 2012-03-27 12:25:04 -04:00
Todd C. Miller
6d10909949 Pass a pointer to user_env in to the init_session policy plugin 
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time.  We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
 2012-03-15 09:18:36 -04:00
Todd C. Miller
20a7633a3f Disable environment hooks after we get user_env back to make sure 
a plugin can't to modify user_env after we "own" it.  This is kind
of a hack but we don't want the init_session plugin function to
modify user_env.
 2012-03-08 11:30:21 -05:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
d11e7febbc Refactor disable_execute() and my_execve() into exec_common.c for 
use by sesh.c.  This fixes NOEXEC when SELinux is used.  Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command.  Adapted from a diff by Arno Schuring.
 2012-01-25 14:58:02 -05:00
Todd C. Miller
106bbebba7 Move tty name lookup code to its own file. 2012-01-13 06:01:58 -05:00
Todd C. Miller
0771c981de Update copyright year. 2012-01-06 14:23:55 -05:00
Todd C. Miller
72a4e0943e Remove -D debug_level option. 2012-01-05 11:48:24 -05:00
Todd C. Miller
089ee42228 Fix warnings related to sudo.conf accessors. 2011-12-20 13:39:19 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
47af0fc2b8 Add configure test for missing errno declaration and only 
declare it ourselves if it is missing.
 2011-08-30 10:05:30 -04:00
Todd C. Miller
022591f4bf Add a wrapper for setgroups() that trims off extra groups and retries 
if setgroups() fails.  Also add some missing addrefs for PERM_USER
and PERM_FULL_USER.
 2011-07-20 16:54:12 -04:00
Todd C. Miller
bf7e7b5752 Add gettext.h convenience header. This is similar to but distinct from 
the one included with the gettext package.
 2011-05-20 11:48:17 -04:00
Todd C. Miller
15bc74bd67 Include libint.h where needed. 2011-05-16 16:37:11 -04:00
Todd C. Miller
3506f01077 Add support for controlling whether utmp is updated and which user is 
listed in the entry.
 2011-03-15 15:53:49 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
7debf44742 Move noexec path into sudo.conf now that sudo itself handles noexec. 
Currently can be configured in sudoers too but is now undocumented
and will be removed in a future release.
 2011-03-10 16:12:33 -05:00
Todd C. Miller
a092d2fdcf Move noexec handling to sudo front-end where it is documented as being. 2011-03-10 15:11:49 -05:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
59515a4a6d add help text to sudo, visudo and sudoreplay for the -h option 2011-02-21 11:33:36 -05:00
Todd C. Miller
c18468d1a5 Save signal state before changing handlers and restore before 
we execute the command.
 2011-02-02 12:44:35 -05:00
Todd C. Miller
5966b67dda Don't need iolog variables in struct command_details, they are for 
the I/O log plugins to handle.
 2010-12-28 10:50:45 -05:00
Todd C. Miller
c833ff02b6 Add use_pty command_info flag for policies to indicate that a 
pty should be allocated even if no I/O logging is performed.
 2010-12-20 16:27:46 -05:00
Todd C. Miller
9948dae706 Change I/O log API to pass in command info to the I/O log open function. 
Add iolog_file and iolog_dir parameters to command info.
This allows the policy plugin to specify the I/O log pathname.
Add convenience functions for calling plugin functions that
handle ABI backwards compatibility.
 2010-12-20 16:20:11 -05:00
Todd C. Miller
e2f253e51d Fix TCGETWINSZ compat. 2010-10-07 14:11:10 -04:00
Todd C. Miller
1009d7a3e6 Query local network interfaces in the main sudo driver and pass to 
the plugin as "network_addrs" in the settings list.
 2010-09-08 14:20:11 -04:00
Todd C. Miller
10c3bb62c4 Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
Also g/c unused compat.h.
 2010-09-07 16:45:19 -04:00
Todd C. Miller
f454727bb8 Merge compat.h and missing.h into missing.h 2010-08-16 14:05:44 -04:00
Todd C. Miller
6bcd9efc0c Use gettimeofday() directly instead of via the gettime() wrapper. 2010-08-10 13:50:40 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
d018936b4e Move functions and symbols shared between exec.c and exec_pty.c 
into sudo_exec.h.
 2010-06-16 16:46:56 -04:00
Todd C. Miller
4fb8a83e6f Fix -A flag when askpass is specified in sudo.conf or if sudo doesn't need 
to read a password.
 2010-06-15 15:11:10 -04:00
Todd C. Miller
f64bb67c6c Clean up some XXXs 2010-06-15 15:01:11 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
e146aaaa29 Fix visiblepw sudoers option; the plugin API portion still needs documenting 2010-06-10 15:02:32 -04:00
Todd C. Miller
34613c8465 Use a flag bit in struct command_details for selinux instead of a separate 
field.
 2010-06-09 16:25:44 -04:00
Todd C. Miller
4c1ef12648 Implement background mode. If I/O logging we use pipes instead of a pty. 2010-06-09 16:19:45 -04:00
Todd C. Miller
a4a6620b24 Add SUDO_CONV_PROMPT_MASK define which corresponds to the "pwfeedback" 
sudoers option.  Do not disable echo if TGP_ECHO is set.
 2010-06-09 10:31:05 -04:00
Todd C. Miller
edd34a2d7e Add selinux_enabled flag into struct command_details and 
set it in command_info_to_details().
Return an error from selinux_setup() instead of exiting.
Call selinux_setup() from exec_setup().
 2010-06-08 17:59:18 -04:00
Todd C. Miller
6717c59d77 Split exec.c into exec.c and exec_pty.c 2010-06-07 18:06:22 -04:00