Todd C. Miller [Wed, 4 Jan 2012 17:47:14 +0000 (12:47 -0500)]
Add devdir before srcdir in include path and fix up dependecies
accordingly and add better devdir support to mkdep.pl. We also
need to #include <gram.h> not "gram.h" and <def_data.h> and not
"def_data.h" when generating the parser in a build dir.
Todd C. Miller [Wed, 4 Jan 2012 17:46:02 +0000 (12:46 -0500)]
Change Debug sudo.conf setting to take a program name as the first
argument. In the future, this will allow visudo and sudoreplay to
use their own Debug entries.
Todd C. Miller [Wed, 4 Jan 2012 17:44:34 +0000 (12:44 -0500)]
Tests for empty sudoers (should parse OK) and syntax errors within
a line (should report correct line number) both with and without
the trailing newline.
Todd C. Miller [Wed, 4 Jan 2012 17:44:03 +0000 (12:44 -0500)]
Keep track of the last token returned. On error, if the last token was
COMMENT, decrement sudolineno since the error most likely occurred on
the preceding line. Previously we always uses sudolineno-1 which will
give the wrong line number for errors within a line.
Todd C. Miller [Wed, 4 Jan 2012 17:42:14 +0000 (12:42 -0500)]
We need to init the auth system regardless of whether we need a
password since we will be closing the PAM session in the monitor
process. Fixes a crash in the monitor on Solaris; bugzilla #518
Todd C. Miller [Wed, 4 Jan 2012 17:40:54 +0000 (12:40 -0500)]
Wrap error/errorx and warning/warningx functions with debug statements.
Disable wrapping for standalone sudoers programs as well as memory
allocation functions (to avoid infinite recursion).
Todd C. Miller [Tue, 8 Nov 2011 13:24:45 +0000 (08:24 -0500)]
Change Debug sudo.conf setting to take a program name as the first
argument. In the future, this will allow visudo and sudoreplay to
use their own Debug entries.
Todd C. Miller [Sun, 6 Nov 2011 22:04:55 +0000 (17:04 -0500)]
Tests for empty sudoers (should parse OK) and syntax errors within
a line (should report correct line number) both with and without
the trailing newline.
Todd C. Miller [Sat, 5 Nov 2011 11:37:14 +0000 (07:37 -0400)]
Keep track of the last token returned. On error, if the last token was
COMMENT, decrement sudolineno since the error most likely occurred on
the preceding line. Previously we always uses sudolineno-1 which will
give the wrong line number for errors within a line.
Todd C. Miller [Tue, 25 Oct 2011 14:08:26 +0000 (10:08 -0400)]
We need to init the auth system regardless of whether we need a
password since we will be closing the PAM session in the monitor
process. Fixes a crash in the monitor on Solaris; bugzilla #518
Todd C. Miller [Sat, 22 Oct 2011 18:28:33 +0000 (14:28 -0400)]
Wrap error/errorx and warning/warningx functions with debug statements.
Disable wrapping for standalone sudoers programs as well as memory
allocation functions (to avoid infinite recursion).
Todd C. Miller [Wed, 12 Oct 2011 12:30:23 +0000 (08:30 -0400)]
Override and ignore the --disable-static option. Sudo already runs
libtool with -tag=disable-static where applicable and we need non-PIC
objects to build the executables.
Todd C. Miller [Wed, 12 Oct 2011 12:24:13 +0000 (08:24 -0400)]
Override and ignore the --disable-static option. Sudo already runs
libtool with -tag=disable-static where applicable and we need non-PIC
objects to build the executables.
Todd C. Miller [Mon, 10 Oct 2011 17:13:04 +0000 (13:13 -0400)]
Ignore set_logname (which is now the default) for sudoedit since
we want the LOGNAME, USER and USERNAME environment variables to
refer to the calling user since that is who the editor runs as.
This allows the editor to find the user's startup files.
Fixes bugzilla #515
Todd C. Miller [Mon, 10 Oct 2011 17:10:24 +0000 (13:10 -0400)]
Ignore set_logname (which is now the default) for sudoedit since
we want the LOGNAME, USER and USERNAME environment variables to
refer to the calling user since that is who the editor runs as.
This allows the editor to find the user's startup files.
Fixes bugzilla #515
Todd C. Miller [Mon, 10 Oct 2011 16:43:45 +0000 (12:43 -0400)]
Instead of trying to grow the buffer in make_grlist_item(), simply
increase the total length, free the old buffer and allocate a new
one. This is less error prone and saves us from having to adjust
all the pointers in the buffer. This code path is only taken when
there are groups longer than the length of the user field in struct
utmp or utmpx, which should be quite rare.
Todd C. Miller [Mon, 10 Oct 2011 15:10:59 +0000 (11:10 -0400)]
Instead of trying to grow the buffer in make_grlist_item(), simply
increase the total length, free the old buffer and allocate a new
one. This is less error prone and saves us from having to adjust
all the pointers in the buffer. This code path is only taken when
there are groups longer than the length of the user field in struct
utmp or utmpx, which should be quite rare.
Todd C. Miller [Tue, 4 Oct 2011 16:09:00 +0000 (12:09 -0400)]
ldap_start_tls_s() on Debian (at least) sets the effective and saved
uids to the same value as the real uid. This prevents sudo from
setting the uid or gid later on. As a workaround, we now set perms
to root during sudoers_policy_open().
Todd C. Miller [Tue, 27 Sep 2011 17:59:12 +0000 (13:59 -0400)]
Modify the authentication API such that the init and cleanup functions
are always called, regardless of whether or not we are going to
verify a password. This is needed for proper PAM session support.
Todd C. Miller [Tue, 27 Sep 2011 17:58:17 +0000 (13:58 -0400)]
Fix a PAM_USER mismatch in session open/close. We update PAM_USER
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too. This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
projects / sudo / log