Todd C. Miller [Thu, 21 Feb 2013 12:01:53 +0000 (07:01 -0500)]
Avoid calling realloc3() with a zero size parameter when all retrieved
sssd rules fail. Otherwise we'll get a run-time error due to
malloc(0) checking.
Todd C. Miller [Wed, 20 Feb 2013 20:09:21 +0000 (15:09 -0500)]
Make sudoers file long list output better match the format used by
ldap sudoers. Tags are now converted to options and there is a
single command per line.
Todd C. Miller [Tue, 19 Feb 2013 21:29:17 +0000 (16:29 -0500)]
For "sudo -l" and "sudo -ll" only print the runas info for subsequent
commands in a list if the runas info has changed. If we have new
runas info, print out the tags again so as to be less confusing to
the user. For "sudo -ll" set the line continuation indent to 8.
Todd C. Miller [Fri, 15 Feb 2013 17:31:49 +0000 (12:31 -0500)]
Always display the I/O plugin version as long as its open functions
doesn't return an error. Previously it was only displayed if the
plugin open returned 1.
Todd C. Miller [Wed, 6 Feb 2013 19:06:51 +0000 (14:06 -0500)]
Sudo now stores its libexec files in a "sudo" subdirectory instead
of in libexec itself. For backwards compatibility, if the plugin
is not found in the default plugin directory, sudo will check the
parent directory default directory ends in "/sudo".
Todd C. Miller [Thu, 31 Jan 2013 16:05:56 +0000 (11:05 -0500)]
Remove ttyname() fall back code on systems where we can query the
kernel for the tty device via /proc or sysctl(). If there is no
controlling tty, it is better to just treat the tty as unknown
rather than to blindly use what is hooked up to std{in,out,err}.
Todd C. Miller [Sun, 27 Jan 2013 18:53:11 +0000 (13:53 -0500)]
Add group_source setting in sudo.conf to allow the admin to specify
how a user's groups are looked up. Legal values are static (just
the kernel list from getgroups), dynamic (whatever the group database
includes) and adaptive (only use group db if kernel group list is
full).
Todd C. Miller [Tue, 22 Jan 2013 20:41:15 +0000 (15:41 -0500)]
Use nss_search() to implement getgrouplist() where available. Tested
on Solaris and HP-UX. We need to include a compatibility header
for HP-UX which uses the Solaris nsswitch implementation but doesn't
ship nss_dbdefs.h.
Todd C. Miller [Sat, 19 Jan 2013 20:10:01 +0000 (15:10 -0500)]
Remove extra flag to sudo_sigaction(). We want to trap the signal
regardless of whether or not it is ignored by the underlying command
since there's no way to know what signal handlers the command will
install. Now we just use sudo_sigaction() to set a flag in
saved_signals[] to indicate whether a signal needs to be restored
before exec.
Todd C. Miller [Fri, 18 Jan 2013 19:58:12 +0000 (14:58 -0500)]
Use _getgroupsbymember() on Solaris to get the groups list. Fixes
performance problems with the getgroupslist() compat on Solaris
systems with network-based group databases.
Todd C. Miller [Thu, 17 Jan 2013 18:29:46 +0000 (13:29 -0500)]
Move signal code into its own source file and add sudo_sigaction()
wrapper that has an extra flag to check the saved_signals list to
only install the handler if the signal is not already ignored.
Bump plugin API version for the new front-end signal behavior.
Todd C. Miller [Thu, 17 Jan 2013 14:20:45 +0000 (09:20 -0500)]
Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
the command. If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted. If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
Todd C. Miller [Fri, 11 Jan 2013 19:34:09 +0000 (14:34 -0500)]
Add exec_background option in plugin command info and a sudoers
option to match. When set, commands are started in the background
and automatically foregrounded as needed. There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
Todd C. Miller [Fri, 11 Jan 2013 15:09:06 +0000 (10:09 -0500)]
Always resume the command in the foreground if sudo itself is the
foreground process. This helps work around poorly behaved programs
that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
worst, sudo will go into the background but upon resume the command
will be runnable. Otherwise, we can get into a situation where the
command will immediately suspend itself.
Todd C. Miller [Fri, 28 Dec 2012 16:03:23 +0000 (11:03 -0500)]
No need to restore default signal handler for SIGSTOP as it is not
catchable. Attempting to do so is harmless but sigaction() will
fail and set errno to EINVAL which makes it looks like there is an
error.
Todd C. Miller [Tue, 4 Dec 2012 15:40:47 +0000 (10:40 -0500)]
Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.