mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity
12,309 Commits 6 Branches 326 Tags
Commit Graph

274 Commits

Author SHA1 Message Date
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
592f6fefb0 Start commands in the background when I/O logging is enabled. We 
can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
which returns EINTR on signal instead of restarting automatically.
 2012-09-25 13:49:51 -04:00
Todd C. Miller
616d713e9b Handle SIGCONT_FG and SIGCONT_BG when converting signal number to 
string in deliver_signal().
 2012-09-25 13:31:20 -04:00
Todd C. Miller
0e94e8ca91 Fix running commands that need the terminal in the background when 
I/O logging is enabled.  E.g. "sudo vi &".  When the command is
foregrounded, it will now resume properly.
 2012-09-24 15:06:14 -04:00
Todd C. Miller
ab7dda035a Replace strsigname() with sig2str(), emulating it as needed. 2012-08-29 14:25:09 -04:00
Todd C. Miller
537dc94b9e Use strsigname() to print signal names in the debug output. 
If the system has no strsigname(), use our own.
 2012-08-26 20:12:51 -04:00
Todd C. Miller
0655deab57 Fix a comment, update a variable name in a prototype; all cosmetic. 2012-08-07 14:47:58 -04:00
Todd C. Miller
dc08cf3c99 If we receive a signal from the command we executed, do not forward 
it back to the command.  This fixes a problem with BSD-derived
versions of the reboot command which send SIGTERM to all other
processes, including the sudo process.  Sudo would then deliver
SIGTERM to reboot which would die before calling the reboot() system
call, effectively leaving the system in single user mode.
 2012-08-06 14:38:35 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
ce9863358a Add missing initialization of a sigaction structure when I/O logging. 
Fixes a potential problem when suspending the command.
 2012-04-23 14:56:31 -04:00
Todd C. Miller
eb8274bdcc Treat a tty read failure like EOF as it usually means the pty has 
gone away.  Handle write() on the tty returning EIO.
 2012-04-10 10:18:59 -04:00
Todd C. Miller
df04ccb207 Linux select() may return ENOMEM if there is a kernel resource 
shortage.  Older Solaris select() may return EIO instead of EBADF
when the tty goes away.  If we get an unhandled select() failure,
kill the child and exit cleanly.
 2012-04-10 10:18:39 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
bb898cd5df Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. 
It is better to receive EIO from read()/write() than to be suspended
when we don't expect it.  Fixes a problem when our terminal is
revoked which can happen when, e.g. our sshd is killed unceremoniously.
Also, only change the value of "alive" from true to false, never
from false to true.  It is possible for us to receive notification
of the child having stopped after it is already dead.  This does
not mean it has risen from the grave.
 2012-04-06 12:45:30 -04:00
Todd C. Miller
b4acbc9fe0 Distinguish between signals we received from the parent vs. those 
delivered explicitly to the monitor process in debugging info.
 2012-04-06 12:40:13 -04:00
Todd C. Miller
2311fed457 Make this compile after last change. 2012-04-05 12:59:26 -04:00
Todd C. Miller
c0a75ce9d9 Don't try to restore the terminal if we are not the foreground 
process.  Otherwise, we may be stopped by SIGTTOU when we try to
update the terminal settings when cleaning up.
 2012-04-05 12:40:51 -04:00
Todd C. Miller
7e6d00ed12 Don't need zero_bytes() after ecalloc() 2012-03-30 14:59:27 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
55d1a1a79d Use ecalloc() when allocating structs. 2012-03-19 11:24:24 -04:00
Todd C. Miller
f745a041e2 Fix format string warning on Solaris with gcc 3.4.3. 2012-03-09 12:45:24 -05:00
Todd C. Miller
6a37b4bf73 Fix typo in safe_close() made while converting to debug framework 
that prevented it from actually closing anything.
 2012-02-27 14:46:11 -05:00
Todd C. Miller
cc97c2e75c Add some more debugging. 2012-02-27 14:42:22 -05:00
Todd C. Miller
d11e7febbc Refactor disable_execute() and my_execve() into exec_common.c for 
use by sesh.c.  This fixes NOEXEC when SELinux is used.  Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command.  Adapted from a diff by Arno Schuring.
 2012-01-25 14:58:02 -05:00
Todd C. Miller
6bcf470fe9 Catch common signals in the monitor process so they get passed to 
the command.  Fixes a problem when the entire login session is
killed when ssh is disconnected or the terminal window is closed.
Previously, the monitor would exit and plugin's close method would
not be called.
 2011-12-08 11:15:53 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
a64f1eaea8 Do not close error pipe or debug fd via closefrom() as we need them 
to report an exec error should one occur.
 2011-11-29 19:51:24 -05:00
Todd C. Miller
3ee9cef0da Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR 2011-11-07 16:33:49 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
d81c14005f Silence compiler warnings on Solaris with gcc 3.4.3 2011-08-23 16:42:18 -04:00
Todd C. Miller
3c9e5f28fc Fix compressed io log corruption in background mode by using _exit() 
instead of exit() to avoid flushing buffers twice.

Improved background mode support.  When not allocating a pty, the
command is run in its own process group.  This prevents write access
to the tty.  When running in a pty, stdin is not hooked up and we
never read from /dev/tty, which results in similar behavior.
 2011-05-31 12:49:22 -04:00
Todd C. Miller
7960bde2db Minor warning/error message cleanup 2011-05-18 13:04:24 -04:00
Todd C. Miller
fce0b906eb cannot -> "unable to" in warning/error messages 2011-05-18 12:41:06 -04:00
Todd C. Miller
6f8cd91928 can't -> "unable to" in warning/error messages 2011-05-18 12:36:26 -04:00
Todd C. Miller
917c8d48ad We don't want to translate debugging messages. 2011-05-17 18:37:18 -04:00
Todd C. Miller
c865a462cc Prepare sudo front end messages for translation. 2011-05-06 17:47:51 -04:00
Todd C. Miller
5d7889c0d7 Save the controlling tty process group before suspending in pty 
mode.  Previously, we assumed that the child pgrp == child pid
(which is usually, but not always, the case).
 2011-03-18 10:04:50 -04:00
Todd C. Miller
2041d39db7 Add support for ut_exit 2011-03-15 16:18:33 -04:00
Todd C. Miller
3506f01077 Add support for controlling whether utmp is updated and which user is 
listed in the entry.
 2011-03-15 15:53:49 -04:00
Todd C. Miller
8653ccc809 Redo utmp handling. If no getutent()/getutxent() is available, 
assume a ttyslot-based utmp.  If getttyent() is available, use
that directly instead of ttyslot() so we don't have to do the
stdin dup2 dance.
 2011-03-14 10:20:47 -04:00
Todd C. Miller
1e9def1efa Move utmp handling into utmp.c 2011-03-11 15:54:12 -05:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
1496bfed6c Add support for adding a utmp entry when allocating a new pty. 
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
Currently only creates a new entry if the existing tty has
a utmp entry.
 2011-03-08 15:37:40 -05:00
Todd C. Miller
39d9feb438 The howmany macro lives in sys/sysmacros.h on SVR5 systems 
Closes Bug 470
 2011-02-19 08:23:46 -05:00
Todd C. Miller
5fc2f8f454 Pass SIGUSR1/SIGUSR2 through to the child. 2011-02-03 10:25:42 -05:00
Todd C. Miller
2959d5dadd Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and 
SIGUSR2 to indicate whether the child should be continued in the
foreground or background.
 2011-02-03 09:59:41 -05:00
Todd C. Miller
82c85571c9 Remove obsolete comment 2011-02-02 14:24:48 -05:00
Todd C. Miller
8a64a8c798 If we get a signal other than SIGCHLD in the monitor, pass it directly 
to the child.
 2011-02-02 13:27:24 -05:00