Todd C. Miller [Wed, 4 Jun 2014 17:43:39 +0000 (11:43 -0600)]
Add Greek PO file for sudoers from translationproject.org
Todd C. Miller [Wed, 28 May 2014 15:50:14 +0000 (09:50 -0600)]
Ignore signals sent by the command's process group, not just the
command itself. If we cannot determine the process group ID of the
sender (as it may no longer exist), just check the process ID.
Todd C. Miller [Tue, 27 May 2014 16:51:31 +0000 (10:51 -0600)]
In handler_user_only() only forward the signal if it was not generated
by the command. This should fix a problem with programs that catch
SIGTSTP, perform cleanup, and then re-send the signal to their
process group (of which sudo is the leader).
Todd C. Miller [Tue, 27 May 2014 16:16:49 +0000 (10:16 -0600)]
Handle EINTR from write(2) when writing to pipes and socket pairs.
Todd C. Miller [Sat, 24 May 2014 13:35:35 +0000 (07:35 -0600)]
Norwegian Bokmaal translation for sudoers from translationproject.com
Todd C. Miller [Fri, 23 May 2014 19:29:20 +0000 (13:29 -0600)]
Norwegian Bokmaal translation for sudo from translationproject.com
Todd C. Miller [Tue, 13 May 2014 21:00:43 +0000 (15:00 -0600)]
Try to be clearer about which are the input and output files in
export mode.
Todd C. Miller [Tue, 13 May 2014 20:18:06 +0000 (14:18 -0600)]
In -x mode, require that the input and output files be different.
This won't currently catch collisions between the output file
and an include file.
Todd C. Miller [Tue, 13 May 2014 16:25:43 +0000 (10:25 -0600)]
BSM and Linux audit do not yet use the argc function argument.
Todd C. Miller [Tue, 13 May 2014 15:41:53 +0000 (09:41 -0600)]
Pass argc to audit functions too. Will be needed for Solaris audit
support.
Todd C. Miller [Mon, 12 May 2014 17:45:17 +0000 (11:45 -0600)]
Do not allow the same callback function to be registered more that
once in fatal_callback_register().
Add fatal_callback_deregister() to deregister a callback.
Todd C. Miller [Mon, 12 May 2014 15:52:29 +0000 (09:52 -0600)]
Add trivial sudoedit parsing tests.
Todd C. Miller [Mon, 12 May 2014 15:51:47 +0000 (09:51 -0600)]
Catalan translation for sudoers from translationproject.org.
Todd C. Miller [Sat, 10 May 2014 21:55:03 +0000 (15:55 -0600)]
Sync with translationproject.org
Todd C. Miller [Fri, 9 May 2014 16:03:17 +0000 (10:03 -0600)]
lockf() is broken on the Hurd -- use flock instead
Bug #647
Todd C. Miller [Fri, 9 May 2014 15:29:42 +0000 (09:29 -0600)]
Don't try to install the temporary sudoers file if we didn't edit it.
By default, visudo does not edit files in a #includedir.
Fixes a NULL pointer defef on GNU hurd; Bug #647
Todd C. Miller [Wed, 7 May 2014 21:25:05 +0000 (15:25 -0600)]
When comparing tty names, resolve the tty for fds 0-3 and compare
each one instead of just using the first that resolves.
Todd C. Miller [Wed, 7 May 2014 15:03:02 +0000 (09:03 -0600)]
Solaris 8 doesn't export _nss_initf_group() so we need to provide
out own for getgrouplist().
Todd C. Miller [Wed, 7 May 2014 01:32:34 +0000 (19:32 -0600)]
deal with NULL gr_mem here too
Todd C. Miller [Tue, 6 May 2014 14:46:56 +0000 (08:46 -0600)]
Sudo 1.8.10p3
Todd C. Miller [Sat, 3 May 2014 02:54:01 +0000 (20:54 -0600)]
Rename log_warning flags and only send mail if SLOG_SEND_MAIL is
set instead of mailing by default like we used to.
Todd C. Miller [Fri, 2 May 2014 22:40:30 +0000 (16:40 -0600)]
Add log_warningx
Todd C. Miller [Fri, 2 May 2014 20:58:01 +0000 (14:58 -0600)]
Add debugging info for when we delete I/O events that still have
buffered data in them.
Todd C. Miller [Fri, 2 May 2014 20:57:36 +0000 (14:57 -0600)]
Fix non-blocking mode. We only want to exit the event loop when
poll() or select() returns 0 and there are no active events. This
fixes a problem on some systems where the last buffer was not being
written when the command exited.
Todd C. Miller [Fri, 2 May 2014 13:57:29 +0000 (07:57 -0600)]
Change return value of switch_dir() to an int so we can distinguish
between an error and an empty dir in push_includedir().
Todd C. Miller [Fri, 2 May 2014 13:14:06 +0000 (07:14 -0600)]
Move code to fill in the list of dirs out of switch_dir and into
its own function. Quiets a false positive from cppcheck which got
confused due to variable reuse.
Todd C. Miller [Fri, 2 May 2014 11:25:57 +0000 (05:25 -0600)]
Avoid unused variable warning if auditing is not supported.
Todd C. Miller [Thu, 1 May 2014 16:04:09 +0000 (10:04 -0600)]
Fix library order when linking binaries.
Todd C. Miller [Thu, 1 May 2014 15:51:49 +0000 (09:51 -0600)]
Include limits.h and inttypes.h for SIZE_MAX define.
Todd C. Miller [Thu, 1 May 2014 14:38:43 +0000 (08:38 -0600)]
Move SIZE_MAX compat define into missing.h where it belongs.
Todd C. Miller [Wed, 30 Apr 2014 23:00:20 +0000 (17:00 -0600)]
Remove now-unused log_fatal()
Todd C. Miller [Wed, 30 Apr 2014 22:57:12 +0000 (16:57 -0600)]
Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just
pass back a return value.
Todd C. Miller [Mon, 28 Apr 2014 14:40:32 +0000 (08:40 -0600)]
Make get_boottime() return bool.
Todd C. Miller [Mon, 28 Apr 2014 14:36:22 +0000 (08:36 -0600)]
Fix fd leak on Linux when determing boot time. This is usually
masked by the closefrom() call in sudo. From Jamie Anderson.
Bug #645
Todd C. Miller [Thu, 24 Apr 2014 17:17:05 +0000 (11:17 -0600)]
Handle the (currently impossible) case where both BSM and Linux
auditing are supported. Pacifies cppcheck.
Todd C. Miller [Thu, 24 Apr 2014 17:12:18 +0000 (11:12 -0600)]
Don't call ferror() on a closed stream, just check the return value
of fclose() instead. Found by cppcheck.
Todd C. Miller [Tue, 22 Apr 2014 22:06:04 +0000 (16:06 -0600)]
Use calloc() instead of malloc(n * s) followed by memset().
From Jean-Philippe Ouellet.
Todd C. Miller [Tue, 22 Apr 2014 22:03:57 +0000 (16:03 -0600)]
Format string safety in error path.
Todd C. Miller [Tue, 22 Apr 2014 22:02:28 +0000 (16:02 -0600)]
Rename emalloc2() -> emallocarray() and erealloc3() -> ereallocarray().
Todd C. Miller [Tue, 22 Apr 2014 15:18:43 +0000 (09:18 -0600)]
Add missing rule for building sha2.lo when not supported by libc or libmd.
Todd C. Miller [Tue, 15 Apr 2014 17:26:01 +0000 (11:26 -0600)]
Disable I/O logging for halt and poweroff in addition to reboot in
commented out example.
Todd C. Miller [Tue, 15 Apr 2014 13:16:57 +0000 (07:16 -0600)]
Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
changing the user. This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris. From Gary Winiger; Bug #642
Todd C. Miller [Tue, 15 Apr 2014 13:11:29 +0000 (07:11 -0600)]
pam_setcred should default to true; from Gary Winiger
Bug #642
Todd C. Miller [Thu, 10 Apr 2014 22:11:47 +0000 (16:11 -0600)]
Make set_perms() and restore_perms() return an error instead of
calling exit() on failure.
Todd C. Miller [Thu, 10 Apr 2014 22:03:26 +0000 (16:03 -0600)]
Eliminate calls to fatal() in sudoers.c and just pass back a return
value.
Todd C. Miller [Thu, 10 Apr 2014 22:03:01 +0000 (16:03 -0600)]
Elimate calls to fatal() in the logging code.
Todd C. Miller [Wed, 9 Apr 2014 22:33:28 +0000 (16:33 -0600)]
Quiet a compiler warning on Solaris.
Todd C. Miller [Wed, 9 Apr 2014 22:31:13 +0000 (16:31 -0600)]
Move the sha2 code into libreplace and add configure checks for
SHA224Update in libc and libmd. Solaris uses "void *" where we use
"unsigned char *" so we need a check for that too. Solaris sha2.h
defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens.
Adapted from changes from Vladimir Marek in bug #641.
Todd C. Miller [Wed, 9 Apr 2014 16:22:09 +0000 (10:22 -0600)]
Fix matching of uids and gids broken in sudo 1.8.9.
Todd C. Miller [Wed, 9 Apr 2014 16:22:07 +0000 (10:22 -0600)]
Fix -P option in usage()
Todd C. Miller [Tue, 8 Apr 2014 01:52:28 +0000 (19:52 -0600)]
Remove a few more unnecessary uses of fatal().
Todd C. Miller [Mon, 7 Apr 2014 14:59:48 +0000 (08:59 -0600)]
Use log_warning() not log_fatal() for the "Invalid authentication
methods compiled into sudo" message. We return -1 on error anyway.
Todd C. Miller [Mon, 7 Apr 2014 11:34:56 +0000 (05:34 -0600)]
Return MODE_ERROR from sudoers_policy_deserialize_info() instead
of calling fatalx().
Todd C. Miller [Mon, 7 Apr 2014 11:33:36 +0000 (05:33 -0600)]
parse_gid_list() now returns -1 on error instead of calling fatalx().
Todd C. Miller [Fri, 4 Apr 2014 21:30:15 +0000 (15:30 -0600)]
Forward SIGINFO to running command if supported. If the command
is being run in the background (or exec_background is set in sudoers),
it is the sudo process, not the actual command, that receives the ^T.
Todd C. Miller [Fri, 4 Apr 2014 21:30:12 +0000 (15:30 -0600)]
Remove calls to log_fatal() in I/O log functions and just pass an
error back to the caller.
Todd C. Miller [Tue, 1 Apr 2014 22:42:13 +0000 (16:42 -0600)]
Make "internal error, %s overflow" arguments consistent, using
__func__ where possible (when debugging is allowed).
Todd C. Miller [Mon, 31 Mar 2014 21:58:24 +0000 (15:58 -0600)]
Use common printf format when warning of buffer overflow prevention.
Todd C. Miller [Mon, 31 Mar 2014 21:47:02 +0000 (15:47 -0600)]
Remove init.d/*.sh in distclean
Todd C. Miller [Mon, 31 Mar 2014 21:46:47 +0000 (15:46 -0600)]
Correctly ignore init.d/*.sh
Todd C. Miller [Mon, 31 Mar 2014 21:43:52 +0000 (15:43 -0600)]
Remove remaining calls to fatalx(); just pass the error to the caller.
Todd C. Miller [Wed, 26 Mar 2014 22:44:29 +0000 (16:44 -0600)]
Make a password/group cache collision a warning rather than fatal.
This should not be possible in practice and we can safely return
the new (potentially duplicate) item as it will be freed by the
caller. Make sudo_set_grlist() return an error on failure instead
of calling fatalx().
Todd C. Miller [Wed, 26 Mar 2014 20:22:46 +0000 (14:22 -0600)]
Use log_warning() instead of log_fatal() if the ticket or lecture
path is too long and just return an error. This can only happen
from a misconfiguration so just ignoring the ticket/lecture file
is safe.
Todd C. Miller [Wed, 26 Mar 2014 20:15:15 +0000 (14:15 -0600)]
In find_path(), return NOT_FOUND_ERROR instead of calling fatal()
if the path is too long. Remove an extraneous check against PATH_MAX
in set_cmnd() since find_path() already contains such a check.
Todd C. Miller [Wed, 26 Mar 2014 20:03:04 +0000 (14:03 -0600)]
Remove unused MODE_LISTDEFS define and correct a comment.
Todd C. Miller [Wed, 26 Mar 2014 19:50:51 +0000 (13:50 -0600)]
Make hexchar() return -1 on invalid input instead of calling fatalx().
Callers used to check that the string was hex before calling hexchar().
Now callers must check for a -1 return value instead.
Todd C. Miller [Wed, 26 Mar 2014 19:00:56 +0000 (13:00 -0600)]
Propagate errors in audit code to caller instead of using fatal().
If we fail to audit an otherwise successful command, return an error
from the policy. For Linux audit, sudo may be compiled with audit
support but auditing may not be setup, so we don't consider that
an error.
Todd C. Miller [Wed, 26 Mar 2014 17:10:20 +0000 (11:10 -0600)]
Remove unused variable on Linux.
Todd C. Miller [Wed, 26 Mar 2014 17:09:57 +0000 (11:09 -0600)]
Fix warning on systems where mode_t is not unsigned int (Solaris).
Todd C. Miller [Tue, 25 Mar 2014 22:46:00 +0000 (16:46 -0600)]
Audit path too long errror. Add comments about non-audit events
and placeholders for future audit hooks.
Todd C. Miller [Thu, 27 Feb 2014 22:51:40 +0000 (15:51 -0700)]
Remove unused FLAG_USER auth flag. We have no auth methods that
require that authentication be run as the invoking user.
Todd C. Miller [Tue, 25 Mar 2014 22:16:19 +0000 (16:16 -0600)]
Fix aliasing warning in old-style interface probe code.
Todd C. Miller [Tue, 25 Mar 2014 22:16:11 +0000 (16:16 -0600)]
Fix some sign comparision warnings.
Todd C. Miller [Tue, 25 Mar 2014 22:16:10 +0000 (16:16 -0600)]
Don't call fatal/fatalx in common/*.c
Todd C. Miller [Wed, 19 Mar 2014 22:55:37 +0000 (16:55 -0600)]
Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
or targetpw is set. Bug #639
Todd C. Miller [Mon, 17 Mar 2014 14:09:39 +0000 (08:09 -0600)]
Sudo 1.8.10p2
Todd C. Miller [Mon, 17 Mar 2014 13:14:55 +0000 (07:14 -0600)]
Don't write an empty timestamp record when timestamp_timeout is
zero. If we find an empty record in the timestamp file, overwrite
it with a good one, truncating the file as needed.
Todd C. Miller [Sat, 15 Mar 2014 15:15:36 +0000 (09:15 -0600)]
Fix typos in description of the -x option. Bug #637
Todd C. Miller [Thu, 13 Mar 2014 20:41:36 +0000 (14:41 -0600)]
Sudo 1.8.10p1
Todd C. Miller [Thu, 13 Mar 2014 19:38:42 +0000 (13:38 -0600)]
Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
Todd C. Miller [Thu, 13 Mar 2014 14:21:04 +0000 (08:21 -0600)]
Fix "sudo -l command" output when the matching command is negated.
Bug #636
Todd C. Miller [Tue, 11 Mar 2014 15:16:45 +0000 (09:16 -0600)]
The atofoo_test and hltq_test tests now display their own test error rate.
Display pass/fail count separately for sudo_conf and sudo_parseln tests.
Check stderr output for the sudo_conf test.
Todd C. Miller [Tue, 11 Mar 2014 15:16:21 +0000 (09:16 -0600)]
Don't run the check_ttyname test if cross compiling.
Todd C. Miller [Tue, 11 Mar 2014 15:00:48 +0000 (09:00 -0600)]
CWD no longer used.
Todd C. Miller [Tue, 11 Mar 2014 14:52:52 +0000 (08:52 -0600)]
Fix diff of toke and err output files in "make check"
Todd C. Miller [Fri, 7 Mar 2014 21:48:13 +0000 (14:48 -0700)]
sync with translationproject.org
Todd C. Miller [Thu, 6 Mar 2014 22:26:09 +0000 (15:26 -0700)]
Check whether ber.h is needed before ldap.h even if we are not using
any ber functions. Needed for older versions of nss ldap.
Todd C. Miller [Thu, 6 Mar 2014 22:21:49 +0000 (15:21 -0700)]
Fix compiler warning in debug code.
Todd C. Miller [Thu, 6 Mar 2014 18:58:08 +0000 (11:58 -0700)]
Catalan translation for sudo from translationproject.org.
Todd C. Miller [Wed, 5 Mar 2014 12:57:41 +0000 (05:57 -0700)]
Document negation fix in JSON output.
Todd C. Miller [Tue, 4 Mar 2014 23:18:35 +0000 (16:18 -0700)]
Fix handling of '!' operator when converting sudoers. We now add
a "negated" boolean flag to objects that have the '!' operator.
Todd C. Miller [Sat, 1 Mar 2014 14:53:17 +0000 (07:53 -0700)]
Czech translation for sudoers from translationproject.org
Todd C. Miller [Fri, 28 Feb 2014 18:05:13 +0000 (11:05 -0700)]
Try -libmldap before -lldap in case there is no link from libibmldap.so
to libldap.so. Since IBM ldap is installed under /opt we should only
be able to reach it if --with-ldap was given an explicit path.
Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
Todd C. Miller [Thu, 27 Feb 2014 23:40:28 +0000 (16:40 -0700)]
Fix typo in setreuid() PERM_ROOT error message.
Todd C. Miller [Thu, 27 Feb 2014 20:57:11 +0000 (13:57 -0700)]
No longer need to disable setresuid() on debian.
Todd C. Miller [Wed, 26 Feb 2014 17:29:52 +0000 (10:29 -0700)]
Fix conversion of timestamp_timeout from double to struct timeval.
Also quiet a printf format warning on 32-bit systems.
Todd C. Miller [Wed, 26 Feb 2014 00:14:51 +0000 (17:14 -0700)]
Serbian translation for sudoers from translationproject.org.
Todd C. Miller [Mon, 24 Feb 2014 23:39:39 +0000 (16:39 -0700)]
Add Ingo Schwarze
Todd C. Miller [Mon, 24 Feb 2014 16:31:14 +0000 (09:31 -0700)]
When exporting sudoers in JSON format, use the same type of Options
object for both Defaults and Cmnd_Specs.
Todd C. Miller [Mon, 17 Feb 2014 20:45:17 +0000 (13:45 -0700)]
Silence cppcheck false positive.