]> granicus.if.org Git - sudo/log
sudo
6 years agosudo 1.8.25p1
Todd C. Miller [Wed, 12 Sep 2018 15:03:28 +0000 (09:03 -0600)]
sudo 1.8.25p1

6 years agoFix a crash in the event system's poll() backend introduced with
Todd C. Miller [Wed, 12 Sep 2018 13:02:13 +0000 (07:02 -0600)]
Fix a crash in the event system's poll() backend introduced with
support for nanosecond timers.  Only affects systems without ppoll().
Bug #851

6 years agoregen
Todd C. Miller [Sun, 2 Sep 2018 12:29:32 +0000 (06:29 -0600)]
regen

6 years agoAllow for some clock drift due to ntpd, etc.
Todd C. Miller [Fri, 31 Aug 2018 15:22:59 +0000 (09:22 -0600)]
Allow for some clock drift due to ntpd, etc.

6 years agoIf sudo_lock_file() fails for a reason other than the file already
Todd C. Miller [Fri, 31 Aug 2018 14:08:45 +0000 (08:08 -0600)]
If sudo_lock_file() fails for a reason other than the file already
being locked, give the user a chance to edit anyway.

6 years agoQuick sort is not a stable sort; use distinct sudoOrder values so
Todd C. Miller [Thu, 30 Aug 2018 20:43:24 +0000 (14:43 -0600)]
Quick sort is not a stable sort; use distinct sudoOrder values so
the output is predictable.

6 years agoFix warnings on OpenIndiana (Illumos)
Todd C. Miller [Thu, 30 Aug 2018 20:06:18 +0000 (14:06 -0600)]
Fix warnings on OpenIndiana (Illumos)

6 years agoCorrect ldap_to_sudoers() return value.
Todd C. Miller [Thu, 30 Aug 2018 19:47:02 +0000 (13:47 -0600)]
Correct ldap_to_sudoers() return value.

6 years agoBug #849
Todd C. Miller [Thu, 30 Aug 2018 15:22:16 +0000 (09:22 -0600)]
Bug #849

6 years agoThe sssd backend used to take the first match, assuming that entries
Todd C. Miller [Thu, 30 Aug 2018 14:36:09 +0000 (08:36 -0600)]
The sssd backend used to take the first match, assuming that entries
were sorted in descending order by sudoOrder.  That allowed it to
avoid iterating over the entire list of rules.  Now that we convert
to a sudoers parse tree, we need to convert rules in ascending
order, not descending.  The simplest way to accomplish this is to
simply iterate over the rules from last to first, reversing the
sort order.  Bug #849

6 years agoAdd some more ldif -> sudoers tests to verify sudoOrder.
Todd C. Miller [Thu, 30 Aug 2018 13:49:59 +0000 (07:49 -0600)]
Add some more ldif -> sudoers tests to verify sudoOrder.

6 years agoFor conversion to a sudoers parse tree, ldap_entry_compare() now
Todd C. Miller [Thu, 30 Aug 2018 13:48:16 +0000 (07:48 -0600)]
For conversion to a sudoers parse tree, ldap_entry_compare() now
needs to sort in ascending order, not descending.  Bug #849

6 years agoNo need to set input_file for stdin in parse_ldif(); noted by clang analyzer.
Todd C. Miller [Wed, 29 Aug 2018 16:57:37 +0000 (10:57 -0600)]
No need to set input_file for stdin in parse_ldif(); noted by clang analyzer.

6 years agoUse TIME_T_MAX when parsing the I/O log file timestamp and disallow
Todd C. Miller [Wed, 29 Aug 2018 16:54:32 +0000 (10:54 -0600)]
Use TIME_T_MAX when parsing the I/O log file timestamp and disallow
negative times.

6 years agoWhen parsing an I/O log timing line, store the result in a timespec,
Todd C. Miller [Wed, 29 Aug 2018 15:57:12 +0000 (09:57 -0600)]
When parsing an I/O log timing line, store the result in a timespec,
not a double.  The speed factor (for scaling the delay) in sudoreplay
is still a double but we only need to adjust the delay if the factor
is something other than 1.0.

6 years agoFix memory leak in test.
Todd C. Miller [Wed, 29 Aug 2018 13:38:27 +0000 (07:38 -0600)]
Fix memory leak in test.

6 years agoregen
Todd C. Miller [Wed, 29 Aug 2018 12:39:41 +0000 (06:39 -0600)]
regen

6 years agoUpdate conversion of DID_* to KEPT_* to match the new values of
Todd C. Miller [Wed, 29 Aug 2018 02:25:06 +0000 (20:25 -0600)]
Update conversion of DID_* to KEPT_* to match the new values of
DID_* and KEPT_*.

6 years agoSet the LOGIN environment variable on AIX like we do LOGNAME.
Todd C. Miller [Wed, 29 Aug 2018 00:32:39 +0000 (18:32 -0600)]
Set the LOGIN environment variable on AIX like we do LOGNAME.

6 years agoAdd a test for the 4-argument au_close() function found in Solaris
Todd C. Miller [Mon, 27 Aug 2018 19:50:23 +0000 (13:50 -0600)]
Add a test for the 4-argument au_close() function found in Solaris
11 instead of assuming it is present if __sun is defined.  Fixes a
compilation error on OpenIndiana and older Solaris versions.

6 years agoAdd Miguel Sanders and Scott Cheloha
Todd C. Miller [Mon, 27 Aug 2018 17:09:50 +0000 (11:09 -0600)]
Add Miguel Sanders and Scott Cheloha

6 years agotestsudoers changes
Todd C. Miller [Mon, 27 Aug 2018 15:25:40 +0000 (09:25 -0600)]
testsudoers changes

6 years agoAdd ldif support to testsudoers
Todd C. Miller [Mon, 27 Aug 2018 11:21:04 +0000 (05:21 -0600)]
Add ldif support to testsudoers

6 years agoMove ldif -> sudoers conversion code into parse_ldif.c
Todd C. Miller [Mon, 27 Aug 2018 02:02:49 +0000 (20:02 -0600)]
Move ldif -> sudoers conversion code into parse_ldif.c

6 years agoMove string list functions to their own file.
Todd C. Miller [Mon, 27 Aug 2018 01:48:14 +0000 (19:48 -0600)]
Move string list functions to their own file.

6 years agosync
Todd C. Miller [Mon, 27 Aug 2018 01:31:20 +0000 (19:31 -0600)]
sync

6 years agoBackward ABI compatibility for even functions that use a timeval.
Todd C. Miller [Sun, 26 Aug 2018 03:02:07 +0000 (21:02 -0600)]
Backward ABI compatibility for even functions that use a timeval.

6 years agoUse a monotonic timer for the event subsystem.
Todd C. Miller [Sun, 26 Aug 2018 03:02:06 +0000 (21:02 -0600)]
Use a monotonic timer for the event subsystem.

6 years agoUse struct timespec, not struct timeval in the event subsystem.
Todd C. Miller [Sun, 26 Aug 2018 03:02:05 +0000 (21:02 -0600)]
Use struct timespec, not struct timeval in the event subsystem.
Use ppoll() or pselect() if avaialble which use timespec.

6 years agosync
Todd C. Miller [Fri, 24 Aug 2018 17:34:31 +0000 (11:34 -0600)]
sync

6 years agoEliminate most use of parsed_sudoers in cvtsudoers
Todd C. Miller [Fri, 24 Aug 2018 16:27:00 +0000 (10:27 -0600)]
Eliminate most use of parsed_sudoers in cvtsudoers

6 years agoMake alias_apply() take 3 arguments, the first being a pointer to the
Todd C. Miller [Fri, 24 Aug 2018 15:52:53 +0000 (09:52 -0600)]
Make alias_apply() take 3 arguments, the first being a pointer to the
struct sudoers_parse_tree.

6 years agoHandle systems where root's gid is not 0.
Todd C. Miller [Thu, 23 Aug 2018 22:21:28 +0000 (16:21 -0600)]
Handle systems where root's gid is not 0.

6 years agoAdd missing files from last commit.
Todd C. Miller [Thu, 23 Aug 2018 21:50:17 +0000 (15:50 -0600)]
Add missing files from last commit.

6 years agoAdd regress test for I/O log plugin endpoints
Todd C. Miller [Thu, 23 Aug 2018 21:35:02 +0000 (15:35 -0600)]
Add regress test for I/O log plugin endpoints

6 years agoWe cannot reuse last_time for the I/O log info file now that it is
Todd C. Miller [Thu, 23 Aug 2018 19:50:00 +0000 (13:50 -0600)]
We cannot reuse last_time for the I/O log info file now that it is
a monotonic timer.  Just call time(3) in write_info_log() directly.

6 years agoMove the loop to free the monitor_messages list into free_exec_closure_pty()
Todd C. Miller [Thu, 23 Aug 2018 17:10:57 +0000 (11:10 -0600)]
Move the loop to free the monitor_messages list into free_exec_closure_pty()

6 years agoregen
Todd C. Miller [Thu, 23 Aug 2018 14:09:42 +0000 (08:09 -0600)]
regen

6 years agoFix typo in last commit.
Todd C. Miller [Thu, 23 Aug 2018 01:15:26 +0000 (19:15 -0600)]
Fix typo in last commit.

6 years agoDo not assume all Linux has linux/random.h.
Todd C. Miller [Wed, 22 Aug 2018 21:12:11 +0000 (15:12 -0600)]
Do not assume all Linux has linux/random.h.
Add missing sys/syscall.h include

6 years agoCast uid/gid to unsigned int before printing.
Todd C. Miller [Wed, 22 Aug 2018 18:58:24 +0000 (12:58 -0600)]
Cast uid/gid to unsigned int before printing.

6 years agoOnly include stdarg.h if we need it.
Todd C. Miller [Wed, 22 Aug 2018 18:36:28 +0000 (12:36 -0600)]
Only include stdarg.h if we need it.

6 years agoInclude stddef.h for offsetof() definition.
Todd C. Miller [Wed, 22 Aug 2018 16:27:33 +0000 (10:27 -0600)]
Include stddef.h for offsetof() definition.

6 years agofix compiler warnings on Solaris 11
Todd C. Miller [Wed, 22 Aug 2018 16:40:11 +0000 (10:40 -0600)]
fix compiler warnings on Solaris 11

6 years agoFix setting of errno when gotdata() fails.
Todd C. Miller [Wed, 22 Aug 2018 16:36:00 +0000 (10:36 -0600)]
Fix setting of errno when gotdata() fails.

6 years agoBugs 846 and 847
Todd C. Miller [Wed, 22 Aug 2018 14:23:29 +0000 (08:23 -0600)]
Bugs 846 and 847

6 years agoWe still need to include string.h for AIX (and possibly others)
Todd C. Miller [Wed, 22 Aug 2018 14:22:56 +0000 (08:22 -0600)]
We still need to include string.h for AIX (and possibly others)
when we are not using the system memset_r() function and rsize_t
is defined by the system headers.

6 years agoAdd --enable-package-build to give configure a hint that we are
Todd C. Miller [Wed, 22 Aug 2018 14:09:46 +0000 (08:09 -0600)]
Add --enable-package-build to give configure a hint that we are
building a package.  This can be used to avoid relying on libc
functions that may not be present in all libc versions for a
particular system.  For instance, AIX 7.1 may or may not have
memset_s() and getline() present.

6 years agoAIX defines rsize_t in string.h, not stddef.h for use by the
Todd C. Miller [Wed, 22 Aug 2018 13:43:13 +0000 (07:43 -0600)]
AIX defines rsize_t in string.h, not stddef.h for use by the
memset_s() prototype.  We use our own memset_s() on AIX since it
is not available on all BOS levels which makes package building
problematic.

6 years agoFix printing of T_TIMESPEC values.
Todd C. Miller [Tue, 21 Aug 2018 23:35:44 +0000 (17:35 -0600)]
Fix printing of T_TIMESPEC values.

6 years agoRemove unused struct script_buf
Todd C. Miller [Tue, 21 Aug 2018 16:30:42 +0000 (10:30 -0600)]
Remove unused struct script_buf

6 years agoDocument when the I/O log timing file entry bug was introduced.
Todd C. Miller [Mon, 20 Aug 2018 18:49:24 +0000 (12:49 -0600)]
Document when the I/O log timing file entry bug was introduced.

6 years agosync
Todd C. Miller [Mon, 20 Aug 2018 17:24:53 +0000 (11:24 -0600)]
sync

6 years agoHP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead.
Todd C. Miller [Mon, 20 Aug 2018 16:56:34 +0000 (10:56 -0600)]
HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead.

6 years agoClose the pty slave in the parent so that when the command and
Todd C. Miller [Mon, 20 Aug 2018 16:04:15 +0000 (10:04 -0600)]
Close the pty slave in the parent so that when the command and
monitor exit, the pty gets recycled without our having to close
it directly.

6 years agoMove updating of the window size to the monitor process.
Todd C. Miller [Mon, 20 Aug 2018 16:04:14 +0000 (10:04 -0600)]
Move updating of the window size to the monitor process.
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.

6 years agosudo 1.8.25
Todd C. Miller [Mon, 20 Aug 2018 16:04:12 +0000 (10:04 -0600)]
sudo 1.8.25

6 years agoFix test output for bug #845
Todd C. Miller [Mon, 20 Aug 2018 11:49:57 +0000 (05:49 -0600)]
Fix test output for bug #845

6 years agoFix pasto when converting sudoNotAfter; from Miguel Sanders
Todd C. Miller [Mon, 20 Aug 2018 11:48:14 +0000 (05:48 -0600)]
Fix pasto when converting sudoNotAfter; from Miguel Sanders
Bug #845

6 years agoUse a monotonic timer that only runs while not suspended for the
Todd C. Miller [Sun, 19 Aug 2018 15:55:08 +0000 (09:55 -0600)]
Use a monotonic timer that only runs while not suspended for the
iolog timing values and write nsec-precision entries.

6 years agoAdd sudo_gettime_uptime() to measure time while not sleeping.
Todd C. Miller [Sun, 19 Aug 2018 15:55:08 +0000 (09:55 -0600)]
Add sudo_gettime_uptime() to measure time while not sleeping.

6 years agoDetect number of CPUs on AIX.
Todd C. Miller [Sun, 19 Aug 2018 02:29:39 +0000 (20:29 -0600)]
Detect number of CPUs on AIX.

6 years agoFix I/O log timing file on systems without a C99-compatible snprintf().
Todd C. Miller [Sun, 19 Aug 2018 02:29:30 +0000 (20:29 -0600)]
Fix I/O log timing file on systems without a C99-compatible snprintf().
On those systems we use our own snprintf() that doesn't support
floating point.  We don't actually need floating point in this case
since the we can print seconds and microseconds without using it.

6 years agoFix for Bug #844
Todd C. Miller [Sat, 18 Aug 2018 13:08:20 +0000 (07:08 -0600)]
Fix for Bug #844

6 years agoHandle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
Todd C. Miller [Sat, 18 Aug 2018 13:06:54 +0000 (07:06 -0600)]
Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
is not.  In theory, O_DIRECTORY is redundant when O_SEARCH is
specified but it is legal for O_EXEC and O_SEARCH to have the same
value.  Bug #844

6 years agosync
Todd C. Miller [Fri, 17 Aug 2018 23:38:35 +0000 (17:38 -0600)]
sync

6 years agoFix get_starttime() on HP-UX.
Todd C. Miller [Fri, 17 Aug 2018 21:58:17 +0000 (15:58 -0600)]
Fix get_starttime() on HP-UX.

6 years agoAvoid a compilation problem on HP-UX 11.31 with gcc and machine/sys/getppdp.h
Todd C. Miller [Fri, 17 Aug 2018 19:25:46 +0000 (13:25 -0600)]
Avoid a compilation problem on HP-UX 11.31 with gcc and machine/sys/getppdp.h

6 years agoDetect number of CPUs on HP-UX.
Todd C. Miller [Fri, 17 Aug 2018 19:27:01 +0000 (13:27 -0600)]
Detect number of CPUs on HP-UX.
Use MAKE environment variable if set.

6 years agoAdd CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX
Todd C. Miller [Fri, 17 Aug 2018 03:07:36 +0000 (21:07 -0600)]
Add CHECK_SYMBOLS_LDFLAGS to check_symbols target.  Non-ELF HP-UX
executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld
is passed the +s flag.  This lets the check_symbols test pass on
systems where the ldap libraries aren't installed in the standard
location.

6 years agoFor the lint target, don't stop after the first manual that fails lint.
Todd C. Miller [Wed, 15 Aug 2018 16:02:40 +0000 (10:02 -0600)]
For the lint target, don't stop after the first manual that fails lint.

6 years agoAdd debugging info so we can tell why a timestamp record doesn't match.
Todd C. Miller [Wed, 15 Aug 2018 15:19:50 +0000 (09:19 -0600)]
Add debugging info so we can tell why a timestamp record doesn't match.

6 years agotypo
Todd C. Miller [Mon, 13 Aug 2018 12:25:44 +0000 (06:25 -0600)]
typo

6 years agosync with translationproject.org
Todd C. Miller [Mon, 13 Aug 2018 12:16:28 +0000 (06:16 -0600)]
sync with translationproject.org

6 years agosync
Todd C. Miller [Wed, 8 Aug 2018 15:02:37 +0000 (09:02 -0600)]
sync

6 years agoFix the return value of sudoers_io_change_winsize() on success.
Todd C. Miller [Sun, 12 Aug 2018 03:29:43 +0000 (21:29 -0600)]
Fix the return value of sudoers_io_change_winsize() on success.
Otherwise, we only log a single window size change.

6 years agosync with translationproject.org
Todd C. Miller [Sun, 12 Aug 2018 01:57:14 +0000 (19:57 -0600)]
sync with translationproject.org

6 years agoFix ambiguity when talking about Aliases. We can't use User_Alias
Todd C. Miller [Tue, 7 Aug 2018 16:03:05 +0000 (10:03 -0600)]
Fix ambiguity when talking about Aliases.  We can't use User_Alias
in the grammar as both the definition of the Alias as well as its
name.  This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
between the name of the alias and its definition.  Bug #834

6 years agoregen
Todd C. Miller [Tue, 7 Aug 2018 15:58:57 +0000 (09:58 -0600)]
regen

6 years agoWarn if unable to run xgettext or msgfmt.
Todd C. Miller [Tue, 7 Aug 2018 12:10:21 +0000 (06:10 -0600)]
Warn if unable to run xgettext or msgfmt.

6 years agosync with translationproject.org
Todd C. Miller [Mon, 6 Aug 2018 19:14:43 +0000 (13:14 -0600)]
sync with translationproject.org

6 years agoRefactor code to convert defaults to tags and do conversion on
Todd C. Miller [Sun, 5 Aug 2018 13:17:34 +0000 (07:17 -0600)]
Refactor code to convert defaults to tags and do conversion on
output for "sudo -l".

Remove the short_list (was long_list) global in favor of a verbose
argument.

6 years agoAssign short_list true, not 1 now that it is a boolean.
Todd C. Miller [Sun, 5 Aug 2018 02:02:00 +0000 (20:02 -0600)]
Assign short_list true, not 1 now that it is a boolean.

6 years agofix typo
Todd C. Miller [Sat, 4 Aug 2018 13:38:47 +0000 (07:38 -0600)]
fix typo

6 years agoFix a warning on FreeBSD which has a fancier __containerof implementation.
Todd C. Miller [Fri, 3 Aug 2018 17:45:01 +0000 (11:45 -0600)]
Fix a warning on FreeBSD which has a fancier __containerof implementation.

6 years agosync with translationproject.org
Todd C. Miller [Fri, 3 Aug 2018 16:14:58 +0000 (10:14 -0600)]
sync with translationproject.org

6 years agoRegen with aclocal 1.15.1.
Todd C. Miller [Thu, 2 Aug 2018 21:32:28 +0000 (15:32 -0600)]
Regen with aclocal 1.15.1.

6 years agoFor ldap/sssd, include defaults in the generate privilege unless
Todd C. Miller [Thu, 2 Aug 2018 20:45:00 +0000 (14:45 -0600)]
For ldap/sssd, include defaults in the generate privilege unless
we are listing in short mode (in which case we convert them to tags
if possible).  Fixes a problem where sudoOptions were not being
applied to the command.

6 years agoupdate_defaults() needs to be able to take a defaults_list for
Todd C. Miller [Thu, 2 Aug 2018 20:06:36 +0000 (14:06 -0600)]
update_defaults() needs to be able to take a defaults_list for
the ldap/sssd backends which support per-role defaults.

6 years agoregen
Todd C. Miller [Tue, 31 Jul 2018 13:14:26 +0000 (07:14 -0600)]
regen

6 years agoUpdate
Todd C. Miller [Mon, 30 Jul 2018 16:57:55 +0000 (10:57 -0600)]
Update

6 years agoo Move userspecs, defaults and aliases into a new struct sudoers_parse_tree.
Todd C. Miller [Thu, 26 Jul 2018 21:12:33 +0000 (15:12 -0600)]
o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree.
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.

6 years agoDon't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux.
Todd C. Miller [Thu, 26 Jul 2018 21:12:26 +0000 (15:12 -0600)]
Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux.
For BSD/Linux, getgrouplist(3) will tell us the number of groups if
we don't have enough.  For AIX, we can count the entries in the
group set before allocating the group vector.

6 years agoIgnore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
Todd C. Miller [Thu, 26 Jul 2018 18:31:29 +0000 (12:31 -0600)]
Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843

6 years agoWork around a bug on AIX where closing the pty slave causes the
Todd C. Miller [Mon, 23 Jul 2018 17:37:26 +0000 (11:37 -0600)]
Work around a bug on AIX where closing the pty slave causes the
main sudo process to lose its controlling tty (which was *not* the
pty slave).

6 years agoAdd missing aix_restoreauthdb() call to match the aix_setauthdb()
Todd C. Miller [Mon, 23 Jul 2018 16:36:08 +0000 (10:36 -0600)]
Add missing aix_restoreauthdb() call to match the aix_setauthdb()
added in b8a011be9af7.  Fixes issues on AIX where local users/groups
may not be resolved when some NIS/AD/LDAP is used for users.

6 years agoLinux getgrouplist(3) returns the number of groups on success instead
Todd C. Miller [Mon, 23 Jul 2018 13:23:17 +0000 (07:23 -0600)]
Linux getgrouplist(3) returns the number of groups on success instead
of 0 like BSD.

6 years agoWhen both a .o and .lo file was used in a Makefile, we used to make
Todd C. Miller [Fri, 20 Jul 2018 16:17:51 +0000 (10:17 -0600)]
When both a .o and .lo file was used in a Makefile, we used to make
the .o depend on the .lo.  Unfortunately, this creates a race
condition for parallel make since libtool is not atomic (it creates
a .o and then renames it when building PIC objects for shared libs).

We always link with libtool so the only reason to prefer the .o
over the .lo file is to avoid mixing .o and .lo in the dependencies.
That's not a good enough reason so change mkdep.pl to warn when
both a .o and .lo are referenced in a Makefile and do nothing else.

Bug #842

6 years agoAvoid duplicate free when netgroup_base is invalid.
Todd C. Miller [Sun, 15 Jul 2018 13:46:34 +0000 (07:46 -0600)]
Avoid duplicate free when netgroup_base is invalid.

6 years agoUse madvise(2) with MADV_WIPEONFORK if available.
Todd C. Miller [Tue, 3 Jul 2018 19:58:49 +0000 (13:58 -0600)]
Use madvise(2) with MADV_WIPEONFORK if available.