From: Todd C. Miller Date: Tue, 11 May 2010 14:55:59 +0000 (-0400) Subject: Add separate test for getresuid() since HP-UX has setresuid() but no X-Git-Tag: SUDO_1_8_0~650 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f38afc97791141206d0cb8afc0ee7b76fc2576c2;p=sudo Add separate test for getresuid() since HP-UX has setresuid() but no getresuid(). --- diff --git a/config.h.in b/config.h.in index 223593879..9c0927a9e 100644 --- a/config.h.in +++ b/config.h.in @@ -179,6 +179,9 @@ passwords) */ #undef HAVE_GETPWANAM +/* Define to 1 if you have the `getresuid' function. */ +#undef HAVE_GETRESUID + /* Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords) */ #undef HAVE_GETSPNAM diff --git a/configure b/configure index cc51ccba1..c8626aed4 100755 --- a/configure +++ b/configure @@ -1460,7 +1460,7 @@ Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sysconfdir=DIR read-only single-machine data [etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] @@ -2279,7 +2279,7 @@ if test "${with_bsm_audit+set}" = set; then _ACEOF SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" - SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" + SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.o" ;; no) ;; *) { { echo "$as_me:$LINENO: error: \"--with-bsm-audit does not take an argument.\"" >&5 @@ -6611,7 +6611,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6615 "configure"' > conftest.$ac_ext + echo '#line 6614 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -6870,7 +6870,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_header_stdc=no fi -rm -f -r conftest* +rm -f conftest* fi @@ -6891,7 +6891,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_header_stdc=no fi -rm -f -r conftest* +rm -f conftest* fi @@ -8475,11 +8475,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8479: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8478: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8483: \$? = $ac_status" >&5 + echo "$as_me:8482: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8765,11 +8765,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8769: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8768: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8773: \$? = $ac_status" >&5 + echo "$as_me:8772: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8869,11 +8869,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8873: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8872: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8877: \$? = $ac_status" >&5 + echo "$as_me:8876: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -11229,7 +11229,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 | else ac_cv_prog_gcc_traditional=no fi -rm -f -r conftest* +rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then @@ -13200,7 +13200,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then ac_cv_prog_gcc_traditional=yes fi -rm -f -r conftest* +rm -f conftest* fi fi @@ -13722,7 +13722,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_header_stdc=no fi -rm -f -r conftest* +rm -f conftest* fi @@ -13743,7 +13743,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_header_stdc=no fi -rm -f -r conftest* +rm -f conftest* fi @@ -14872,7 +14872,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_type_uid_t=no fi -rm -f -r conftest* +rm -f conftest* fi { echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5 @@ -15302,7 +15302,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else sudo_cv_type_size_t=no fi -rm -f -r conftest* +rm -f conftest* fi { echo "$as_me:$LINENO: result: $sudo_cv_type_size_t" >&5 @@ -15341,7 +15341,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else sudo_cv_type_ssize_t=no fi -rm -f -r conftest* +rm -f conftest* fi { echo "$as_me:$LINENO: result: $sudo_cv_type_ssize_t" >&5 @@ -15380,7 +15380,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else sudo_cv_type_dev_t=no fi -rm -f -r conftest* +rm -f conftest* fi { echo "$as_me:$LINENO: result: $sudo_cv_type_dev_t" >&5 @@ -15419,7 +15419,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else sudo_cv_type_ino_t=no fi -rm -f -r conftest* +rm -f conftest* fi { echo "$as_me:$LINENO: result: $sudo_cv_type_ino_t" >&5 @@ -15861,7 +15861,7 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | else ac_cv_type_getgroups=int fi -rm -f -r conftest* +rm -f conftest* fi fi @@ -17933,7 +17933,103 @@ if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <<_ACEOF #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF - SKIP_SETREUID=yes + + SKIP_SETREUID=yes + +for ac_func in getresuid +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + fi done @@ -20894,7 +20990,7 @@ else echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;} { echo "$as_me:$LINENO: checking for socket in -lsocket" >&5 echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6; } -if test "${ac_cv_lib_socket_socket+set}" = set; then +if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -20939,21 +21035,21 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then - ac_cv_lib_socket_socket=yes + ac_cv_lib_socket_socket_lnsl=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_socket_socket=no + ac_cv_lib_socket_socket_lnsl=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5 -echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6; } -if test $ac_cv_lib_socket_socket = yes; then +{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket_lnsl" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_socket_lnsl" >&6; } +if test $ac_cv_lib_socket_socket_lnsl = yes; then NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" fi @@ -21263,7 +21359,7 @@ else echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;} { echo "$as_me:$LINENO: checking for inet_addr in -lsocket" >&5 echo $ECHO_N "checking for inet_addr in -lsocket... $ECHO_C" >&6; } -if test "${ac_cv_lib_socket_inet_addr+set}" = set; then +if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -21308,21 +21404,21 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then - ac_cv_lib_socket_inet_addr=yes + ac_cv_lib_socket_inet_addr_lnsl=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_socket_inet_addr=no + ac_cv_lib_socket_inet_addr_lnsl=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr" >&5 -echo "${ECHO_T}$ac_cv_lib_socket_inet_addr" >&6; } -if test $ac_cv_lib_socket_inet_addr = yes; then +{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_inet_addr_lnsl" >&6; } +if test $ac_cv_lib_socket_inet_addr_lnsl = yes; then NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl" fi @@ -22819,7 +22915,7 @@ if test ${with_SecurID-'no'} != "no"; then # { echo "$as_me:$LINENO: checking for SD_Init in -laceclnt" >&5 echo $ECHO_N "checking for SD_Init in -laceclnt... $ECHO_C" >&6; } -if test "${ac_cv_lib_aceclnt_SD_Init+set}" = set; then +if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -22867,21 +22963,21 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then - ac_cv_lib_aceclnt_SD_Init=yes + ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_aceclnt_SD_Init=no + ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init" >&5 -echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init" >&6; } -if test $ac_cv_lib_aceclnt_SD_Init = yes; then +{ echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5 +echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6; } +if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then AUTH_OBJS="$AUTH_OBJS securid5.lo"; SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" @@ -23368,9 +23464,10 @@ echo "${ECHO_T}no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { echo "$as_me:$LINENO: checking for main in -lkrb" >&5 + as_ac_Lib=`echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for main in -lkrb" >&5 echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6; } -if test "${ac_cv_lib_krb_main+set}" = set; then +if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -23409,27 +23506,29 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then - ac_cv_lib_krb_main=yes + eval "$as_ac_Lib=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_krb_main=no + eval "$as_ac_Lib=no" fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5 -echo "${ECHO_T}$ac_cv_lib_krb_main" >&6; } -if test $ac_cv_lib_krb_main = yes; then +ac_res=`eval echo '${'$as_ac_Lib'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_Lib'}'` = yes; then K4LIBS="-lkrb $K4LIBS" else - { echo "$as_me:$LINENO: checking for main in -lkrb4" >&5 + as_ac_Lib=`echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for main in -lkrb4" >&5 echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6; } -if test "${ac_cv_lib_krb4_main+set}" = set; then +if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -23468,21 +23567,22 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test ! -s conftest.err } && test -s conftest$ac_exeext && $as_test_x conftest$ac_exeext; then - ac_cv_lib_krb4_main=yes + eval "$as_ac_Lib=yes" else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_krb4_main=no + eval "$as_ac_Lib=no" fi rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5 -echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6; } -if test $ac_cv_lib_krb4_main = yes; then +ac_res=`eval echo '${'$as_ac_Lib'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_Lib'}'` = yes; then K4LIBS="-lkrb4 $K4LIBS" else K4LIBS="-lkrb $K4LIBS" diff --git a/configure.in b/configure.in index e3f112582..546f89ad0 100644 --- a/configure.in +++ b/configure.in @@ -1919,7 +1919,10 @@ AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [ AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then - AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) + AC_CHECK_FUNCS(setresuid, [ + SKIP_SETREUID=yes + AC_CHECK_FUNCS(getresuid) + ]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c index 601e0c105..16233df81 100644 --- a/plugins/sudoers/set_perms.c +++ b/plugins/sudoers/set_perms.c @@ -140,6 +140,7 @@ set_perms(int perm) switch (perm) { case PERM_INITIAL: /* Stash initial state */ +#ifdef HAVE_GETRESUID if (getresuid(&state->ruid, &state->euid, &state->suid)) { errstr = "getresuid"; goto bad; @@ -148,8 +149,16 @@ set_perms(int perm) if (getresgid(&state->rgid, &state->egid, &state->sgid)) { errstr = "getresgid"; goto bad; - } +#else + state->ruid = getuid(); + state->euid = geteuid(); + state->suid = state->euid; /* in case we are setuid */ + + state->rgid = getgid(); + state->egid = getegid(); + state->sgid = state->egid; /* in case we are setgid */ +#endif state->groups = user_groups; state->ngroups = user_ngroups; break;