Todd C. Miller [Tue, 22 Oct 2013 22:52:23 +0000 (16:52 -0600)]
sudo_ldap_parse_uri() should join multiple URIs in the string list
together but it was clearing the host entry each time through the
loop. Fixes a bug with multiple URI entries in ldap.conf where
only the last one was being honored.
Todd C. Miller [Tue, 22 Oct 2013 21:54:41 +0000 (15:54 -0600)]
Avoid a double free introduced when plugging a memory leak in
safe_close(). A new ev_free_by_fd() function is used to remove and
free any events sharing the specified fd. This can be used after
safe_close() to make sure we don't try to select() on a closed fd.
Todd C. Miller [Tue, 22 Oct 2013 20:58:00 +0000 (14:58 -0600)]
Quiet some llvm check false positives. The common idiom of using
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in
a TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
probably faster anyway).
Todd C. Miller [Tue, 22 Oct 2013 15:08:38 +0000 (09:08 -0600)]
Add "headless" tail queues and use them in place of the semi-circular
lists in sudoers. Once the headless tail queue is built up it is
converted to a normal TAILQ. This removes the last consumer of
list.c and list.h so those can now be removed.
Todd C. Miller [Tue, 22 Oct 2013 15:00:37 +0000 (09:00 -0600)]
Convert sudo to use BSD TAILQ macros instead of home ground tail
queue functions. This includes a private queue.h header derived
from FreeBSD. It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
Todd C. Miller [Sat, 12 Oct 2013 11:53:52 +0000 (05:53 -0600)]
Convert the main sudo event loop to use the event subsystem.
Read events for I/O buffers are added before the loop starts.
Write events are added on demand as the buffers are filled.
Todd C. Miller [Sat, 12 Oct 2013 11:53:43 +0000 (05:53 -0600)]
Simple event subsystem that uses poll() or select(). Basically a
simplied subset of libevent2. Currently only fd events are supported
(since that's all we need). The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
Todd C. Miller [Sat, 12 Oct 2013 11:39:02 +0000 (05:39 -0600)]
Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
semantics when the other end closes. This should make the conversion
to poll() less problematic.
Todd C. Miller [Wed, 18 Sep 2013 17:48:26 +0000 (11:48 -0600)]
Change "next" back to 2. In the context of "next Friday" we really
do want the friday of the upcoming (not current) week. Unfortunately,
this means that things like "next week" and "next year" will match
one more than we really want. Fixing this will require some fairly
major changes to the grammar.
Todd C. Miller [Mon, 9 Sep 2013 22:41:27 +0000 (16:41 -0600)]
Make "this" and "next" qualifiers work a bit better. There is still
room for improvement as "this week" will use the current time instead
of the beginning of the week. That's a separate issue though.
Todd C. Miller [Wed, 21 Aug 2013 16:09:04 +0000 (10:09 -0600)]
Add configure checks for the exec functions we will dummy out. This
is only really needed on Mac OS X when symbol interposition is being
performed but won't hurt elsewhere.
Todd C. Miller [Tue, 20 Aug 2013 21:14:17 +0000 (15:14 -0600)]
Fix installation of sudo_noexec on Mac OS X.
Use library symbol interposition on Mac OS X 10.4 and higher so
we don't need to set DYLD_FORCE_FLAT_NAMESPACE=1.
Todd C. Miller [Sat, 17 Aug 2013 11:08:20 +0000 (07:08 -0400)]
Fix error display from ldap_ssl_client_init(). There are two error
codes. The return value can be decoded via ldap_err2string() but the
ssl reason code cannot (you have to look it up in a table online).
Todd C. Miller [Sat, 17 Aug 2013 12:34:09 +0000 (06:34 -0600)]
When merging the PAM environment, allow environment variables set
in PAM to override ones set by sudo as long as they do not match
the env_keep or env_check lists.
Todd C. Miller [Fri, 16 Aug 2013 19:50:48 +0000 (13:50 -0600)]
Don't redefine opterr, optind, optopt, optarg in getopt_long.c.
Add a check for optreset which is a BSD extension and provide a
definition in getopt_long.c if it is not present.
Todd C. Miller [Thu, 15 Aug 2013 20:09:53 +0000 (14:09 -0600)]
Add support to the debug subsystem for zero-length strings. This
can happen for things like warning(NULL) or fatal(NULL) where we
just want to log the errno string.
Todd C. Miller [Thu, 15 Aug 2013 15:56:17 +0000 (09:56 -0600)]
Move the -C (user_closefrom) check until after set_cmnd() so that
closefrom_override can be used in a command-specific Defaults line.
Fixes bug #610 from Mengtao Sun.
Todd C. Miller [Wed, 14 Aug 2013 22:36:41 +0000 (16:36 -0600)]
If not using a pty and the child process gets SIGTTOU or SIGTTIN
and sudo is the foreground process, make the child the foreground
process and continue it.
Todd C. Miller [Wed, 14 Aug 2013 19:49:14 +0000 (13:49 -0600)]
Add limited support for "sudo -l -h other_host". Since group lookups
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
Todd C. Miller [Wed, 14 Aug 2013 16:30:51 +0000 (10:30 -0600)]
Simplify usage messages a bit and make --help output more closely
resemble GNU usage wrt long options. Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
Todd C. Miller [Mon, 12 Aug 2013 15:14:38 +0000 (09:14 -0600)]
Don't allow max_groups to be set to zero, it just complicates things
needlessly. Fixes an assertion in visudo when there is a group-based
Defaults entry.
Todd C. Miller [Thu, 8 Aug 2013 17:40:36 +0000 (11:40 -0600)]
Refactor code to parse list of gids into its own function that is
shared by the sudo front-end and the sudoers module.
Make uid/gid parse error be fatal, not just a warning.