Todd C. Miller [Fri, 19 Oct 2018 19:33:37 +0000 (13:33 -0600)]
No need to check if fd_dst is -1 in sudoedit mode.
Failure to open the destination sudoedit file is fatal so there's
no need to check that fd_dst != -1 later on. Found by PVS-Studio.
Todd C. Miller [Thu, 18 Oct 2018 20:43:08 +0000 (14:43 -0600)]
Move the allocation of role to be immediately before in_role is set.
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.
Todd C. Miller [Thu, 18 Oct 2018 20:19:09 +0000 (14:19 -0600)]
If sudo_ldap_get_values_len() fails goto cleanup instead of oom.
This is not strictly necessary as there's not anything to cleanup
in this case but it is more consistent with the code that follows.
Todd C. Miller [Thu, 18 Oct 2018 14:08:44 +0000 (08:08 -0600)]
Fix handling of timeout values in sudoers.
When passing the timeout back to the front end, ignore the
user-specified timeout if it is not set (initialized to 0).
Otherwise, sudo would choose a zero user-specified timeout over
the sudoers-specified timeout (non-zero).
Todd C. Miller [Tue, 16 Oct 2018 18:49:34 +0000 (12:49 -0600)]
sudo_ldap_parse_option() never returns '=' as the operator.
When parsing command_timeout, role, type, privs and limitprivs,
check that val is non-NULL instead. Found by PVS Studio.
Todd C. Miller [Sat, 13 Oct 2018 12:21:52 +0000 (06:21 -0600)]
Some DIAGNOSTICS updates:
Update error message for when the user's uid does not exist in passwd.
Remove "This error indicates" and some other cosmetic cleanups.
Todd C. Miller [Tue, 9 Oct 2018 20:20:13 +0000 (14:20 -0600)]
Make EOF handling while reading the password prompt more like getpass(3).
We now return the password as long as at least one character has
been read. Previously, EOF at the password prompt was treated as
if nothing was entered.
Todd C. Miller [Tue, 9 Oct 2018 19:25:52 +0000 (13:25 -0600)]
Print a warning for password read issues.
Issues include: timeout at the password prompt, read error while
reading the password, and EOF reading the password.
Todd C. Miller [Sun, 7 Oct 2018 13:26:28 +0000 (07:26 -0600)]
Use -Wstyle with -Tlint since sudo is not part of the base system.
This avoids "referenced manual not found" and "operating system
explicitly specified" warnings.
Todd C. Miller [Fri, 5 Oct 2018 20:48:35 +0000 (14:48 -0600)]
Add new -S option to sleep while the command was suspended.
The default behavior is now to not consider the time the command
was suspended as part of the normal inter-event delay.
Todd C. Miller [Fri, 5 Oct 2018 20:04:29 +0000 (14:04 -0600)]
Initialize the pty rows/cols based on the values we stored in user_details.
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
Todd C. Miller [Mon, 24 Sep 2018 11:30:03 +0000 (05:30 -0600)]
Remove special handling of the USERNAME environment variable. It
used to be set on old versions of Fedora but that hasn't been the
case for some time. It's worth noting that ssh doesn't set USERNAME
either.
Todd C. Miller [Thu, 20 Sep 2018 21:15:14 +0000 (15:15 -0600)]
In print_member_json_int() eliminate the need_newline variable
and just move the non-alias expansion printing bits into the
else clause, including the newline and comma printing.
Todd C. Miller [Thu, 30 Aug 2018 14:36:09 +0000 (08:36 -0600)]
The sssd backend used to take the first match, assuming that entries
were sorted in descending order by sudoOrder. That allowed it to
avoid iterating over the entire list of rules. Now that we convert
to a sudoers parse tree, we need to convert rules in ascending
order, not descending. The simplest way to accomplish this is to
simply iterate over the rules from last to first, reversing the
sort order. Bug #849
Todd C. Miller [Wed, 29 Aug 2018 15:57:12 +0000 (09:57 -0600)]
When parsing an I/O log timing line, store the result in a timespec,
not a double. The speed factor (for scaling the delay) in sudoreplay
is still a double but we only need to adjust the delay if the factor
is something other than 1.0.
Todd C. Miller [Mon, 27 Aug 2018 19:50:23 +0000 (13:50 -0600)]
Add a test for the 4-argument au_close() function found in Solaris
11 instead of assuming it is present if __sun is defined. Fixes a
compilation error on OpenIndiana and older Solaris versions.
Todd C. Miller [Wed, 22 Aug 2018 14:22:56 +0000 (08:22 -0600)]
We still need to include string.h for AIX (and possibly others)
when we are not using the system memset_r() function and rsize_t
is defined by the system headers.
Todd C. Miller [Wed, 22 Aug 2018 14:09:46 +0000 (08:09 -0600)]
Add --enable-package-build to give configure a hint that we are
building a package. This can be used to avoid relying on libc
functions that may not be present in all libc versions for a
particular system. For instance, AIX 7.1 may or may not have
memset_s() and getline() present.
Todd C. Miller [Wed, 22 Aug 2018 13:43:13 +0000 (07:43 -0600)]
AIX defines rsize_t in string.h, not stddef.h for use by the
memset_s() prototype. We use our own memset_s() on AIX since it
is not available on all BOS levels which makes package building
problematic.