Todd C. Miller [Tue, 30 Jul 2019 17:37:26 +0000 (11:37 -0600)]
Replace non-essential strncpy() calls.
Todd C. Miller [Fri, 26 Jul 2019 21:14:52 +0000 (15:14 -0600)]
Revert version back to 1.8.28
Todd C. Miller [Fri, 26 Jul 2019 21:09:13 +0000 (15:09 -0600)]
Link util functions being tested directly with the test harness.
Otherwise we may get the version from the installed libsudo_util.so.
Todd C. Miller [Tue, 23 Jul 2019 14:16:22 +0000 (08:16 -0600)]
Updated translations from translationproject.org
Todd C. Miller [Sat, 20 Jul 2019 02:14:44 +0000 (20:14 -0600)]
Use strftime(3) instead of formatting struct tm by hand.
Fixes a warning on newer versions of gcc.
Todd C. Miller [Fri, 19 Jul 2019 23:46:57 +0000 (17:46 -0600)]
Update error message when the password cannot be read from the terminal.
Todd C. Miller [Fri, 19 Jul 2019 20:10:57 +0000 (14:10 -0600)]
Fix for Bug #888
Todd C. Miller [Fri, 19 Jul 2019 19:51:23 +0000 (13:51 -0600)]
If the command in sudoers does not exist on the file system, match by name.
We still want to match the command even if it doesn't exist so that the
NOPASSWD flag on sudoers entries with non-existant paths works as expected.
Bug #888.
Todd C. Miller [Fri, 19 Jul 2019 17:51:20 +0000 (11:51 -0600)]
More verbose error message when a password is required and no terminal
is present. Bug #828.
Todd C. Miller [Fri, 19 Jul 2019 16:42:50 +0000 (10:42 -0600)]
regen
Todd C. Miller [Fri, 19 Jul 2019 16:38:53 +0000 (10:38 -0600)]
Document that PAM session modules are now run with the silent flag.
Todd C. Miller [Mon, 15 Jul 2019 01:37:33 +0000 (19:37 -0600)]
Simpler change to retry sudo_secure_file() as root as needed.
Todd C. Miller [Mon, 15 Jul 2019 00:51:50 +0000 (18:51 -0600)]
If we are unable to stat() sudoers as non-root, try again as root.
By default, sudo relies soley on group permissions to read sudoers
to make it possible to store sudoers on NFS. However, if /etc/sudoers
is not accessible to non-root uids for some reason, sudo will fail.
Bug #880.
Todd C. Miller [Fri, 12 Jul 2019 14:24:07 +0000 (08:24 -0600)]
Clarify that ttyin contains raw terminal input.
Todd C. Miller [Thu, 11 Jul 2019 19:42:12 +0000 (13:42 -0600)]
Expand the description of the I/O log files.
Todd C. Miller [Thu, 11 Jul 2019 19:41:48 +0000 (13:41 -0600)]
Remove trailing whitespace.
Todd C. Miller [Wed, 3 Jul 2019 19:15:47 +0000 (13:15 -0600)]
Rename PLUGINDIR -> plugindir
Todd C. Miller [Wed, 3 Jul 2019 19:13:04 +0000 (13:13 -0600)]
Use $libexecdir in default settings used by the documentation.
The web and pdf pages will substitute /usr/local/libexec for $noexec_file.
Also do substitution of variables using exec_prefix even if we don't use
them in the Makefile since the documentation may reference them.
Todd C. Miller [Wed, 3 Jul 2019 15:06:45 +0000 (09:06 -0600)]
Add conditional for sesh path in sudo.conf manual.
Todd C. Miller [Wed, 3 Jul 2019 13:39:54 +0000 (07:39 -0600)]
Update plugindir even when --disable-shared is specified.
Otherwise, the default value is substituted into the Makefiles and
documentation which may not match --prefix. Bug #886
Todd C. Miller [Tue, 25 Jun 2019 15:45:10 +0000 (09:45 -0600)]
Add ssizeof macro that returns ssize_t.
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
Todd C. Miller [Fri, 21 Jun 2019 20:54:09 +0000 (14:54 -0600)]
sudoedit should be used for editing files instead of "sudo editor"
That way the user's editor config files are used by the editor.
Todd C. Miller [Fri, 21 Jun 2019 19:26:02 +0000 (13:26 -0600)]
Move the section on HOME to be after the environment section.
Also strongly discourage the disabling of env_reset.
Todd C. Miller [Fri, 21 Jun 2019 03:49:11 +0000 (21:49 -0600)]
Remove the Solaris last login question, add one about HOME.
The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to preserve HOME from the user's environment.
Todd C. Miller [Thu, 20 Jun 2019 22:52:49 +0000 (16:52 -0600)]
Use the term pseudo-terminal more consistently.
Todd C. Miller [Thu, 20 Jun 2019 22:32:18 +0000 (16:32 -0600)]
Document why HOME should not be preserved from the user's environment.
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
Todd C. Miller [Thu, 20 Jun 2019 22:12:32 +0000 (16:12 -0600)]
Refer to command line options, not flags.
Todd C. Miller [Thu, 20 Jun 2019 20:14:03 +0000 (14:14 -0600)]
sync
Todd C. Miller [Thu, 20 Jun 2019 20:03:03 +0000 (14:03 -0600)]
sudo will now prompt for a password as long as /dev/tty is available.
Todd C. Miller [Thu, 20 Jun 2019 19:15:46 +0000 (13:15 -0600)]
Remove .cat pages, there is no need for them in the modern world.
Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multiple open source nroff options.
Todd C. Miller [Thu, 20 Jun 2019 17:51:47 +0000 (11:51 -0600)]
Make env_editor the default.
It is already the default in the package script.
Todd C. Miller [Thu, 20 Jun 2019 17:40:47 +0000 (11:40 -0600)]
Don't describe env_editor as a security hole.
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
Todd C. Miller [Thu, 20 Jun 2019 17:05:15 +0000 (11:05 -0600)]
Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved.
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
Todd C. Miller [Thu, 20 Jun 2019 16:11:26 +0000 (10:11 -0600)]
Modern visudo locks the actual sudoers file, not the sudoers.tmp file.
Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos
Todd C. Miller [Thu, 20 Jun 2019 02:32:22 +0000 (20:32 -0600)]
In tty_present(), check for /dev/tty if sudo was unable to get the tty name.
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from the kernel (missing /proc?) that is OK.
Todd C. Miller [Thu, 20 Jun 2019 02:29:08 +0000 (20:29 -0600)]
Don't refuse to use the tty unless /dev/tty is unavailable.
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters is whether we are able to disable echo as needed.
Todd C. Miller [Wed, 19 Jun 2019 20:36:59 +0000 (14:36 -0600)]
Use of "they" was ambiguous.
Todd C. Miller [Wed, 19 Jun 2019 20:29:25 +0000 (14:29 -0600)]
Better description of secure_path.
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
Todd C. Miller [Wed, 19 Jun 2019 20:02:56 +0000 (14:02 -0600)]
Add Sander Bos
Todd C. Miller [Wed, 19 Jun 2019 20:02:16 +0000 (14:02 -0600)]
Fix a few typos and awkward wording.
Use the singular "they" instead of he/she.
Add back missing text in description of variables starting with ().
Based on changes from Sander Bos.
Todd C. Miller [Sat, 15 Jun 2019 15:41:39 +0000 (09:41 -0600)]
Clarify which environment variables are set based on the target user.
Todd C. Miller [Mon, 10 Jun 2019 19:27:12 +0000 (13:27 -0600)]
libsudo_util depends on LT_DEP_LIBS even when building a static lib
Todd C. Miller [Mon, 10 Jun 2019 18:12:57 +0000 (12:12 -0600)]
Solaris getentropy() requires that sys/random.h be included.
Todd C. Miller [Wed, 29 May 2019 21:26:57 +0000 (15:26 -0600)]
Use the runhost for "User foo is not allowed to run sudo on bar."
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host specified via -h.
Todd C. Miller [Tue, 28 May 2019 14:42:26 +0000 (08:42 -0600)]
Document that "no tty present and no askpass program specified" may
happen when /proc is not accessible.
Todd C. Miller [Mon, 27 May 2019 14:51:06 +0000 (08:51 -0600)]
Add Sangamesh Mallayya and Michael Spradling
Todd C. Miller [Mon, 27 May 2019 14:49:43 +0000 (08:49 -0600)]
Add -B option to ring the bell before the password prompt.
Todd C. Miller [Mon, 27 May 2019 12:35:48 +0000 (06:35 -0600)]
Allow the user to change their password if expired on AIX.
Bug #883
Todd C. Miller [Sun, 26 May 2019 22:29:08 +0000 (16:29 -0600)]
When using AIX auth, don't display the AIX password incorrect message.
Avoids a "3004-300 You entered an invalid login name or password"
message in addition to sudo's own "Sorry, try again" message.
Todd C. Miller [Fri, 24 May 2019 22:02:58 +0000 (16:02 -0600)]
AIX packages were not being build with optimization enabled.
Todd C. Miller [Wed, 22 May 2019 14:58:51 +0000 (08:58 -0600)]
Fix a typo.
Todd C. Miller [Wed, 22 May 2019 14:57:48 +0000 (08:57 -0600)]
Support using macOS SDKs from /Library/Developer/CommandLineTools/SDKs
Todd C. Miller [Thu, 16 May 2019 18:24:48 +0000 (12:24 -0600)]
It is safe to assume _POSIX_VDISABLE is defined.
The old compat defines were to support pre-termios systems.
Todd C. Miller [Mon, 6 May 2019 16:04:07 +0000 (10:04 -0600)]
Remove second catopen() which is never called.
Todd C. Miller [Wed, 1 May 2019 16:56:43 +0000 (10:56 -0600)]
Sudo's conversation functions now filters out the last login information.
Todd C. Miller [Tue, 30 Apr 2019 01:44:13 +0000 (19:44 -0600)]
Add pam_acct_mgmt setting to enable/disable PAM account validation.
Todd C. Miller [Tue, 30 Apr 2019 01:43:17 +0000 (19:43 -0600)]
regen
Todd C. Miller [Tue, 30 Apr 2019 01:40:51 +0000 (19:40 -0600)]
Sudo 1.8.28
Todd C. Miller [Mon, 29 Apr 2019 13:21:51 +0000 (07:21 -0600)]
Add SPDX-License-Identifier to files.
Todd C. Miller [Sun, 28 Apr 2019 13:26:45 +0000 (07:26 -0600)]
Filter out last login messages on HP-UX unless running a shell.
HP-UX in trusted mode will display last login messages as part of
the PAM account management module by libpam_comsec. There is no
way to suppress these messages from the PAM configuration in trusted
mode so we need to filter them in the conversation function. In
regular mode, similar (but different) messages may be produced by
libpam_hpsec.
Todd C. Miller [Fri, 26 Apr 2019 21:21:29 +0000 (15:21 -0600)]
FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted.
In practice this doesn't matter since FreeBSD >= 8 has a native closefrom
Todd C. Miller [Sat, 20 Apr 2019 23:28:45 +0000 (17:28 -0600)]
Keep debug fds open in send_mail() to aid in debugging.
Adds closefrom_nodebug() which acts like closefrom(3) but doesn't
close debug fds for use by send_mail().
Also moves the code to exec the mailer to its own function.
Todd C. Miller [Fri, 19 Apr 2019 16:14:10 +0000 (10:14 -0600)]
Set def_mailerflags even if sendmail was not found at configure time.
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
Todd C. Miller [Mon, 8 Apr 2019 16:37:30 +0000 (10:37 -0600)]
Add a proper getdelim(3) replacement and use it instead of getline(3).
Todd C. Miller [Mon, 8 Apr 2019 14:50:03 +0000 (08:50 -0600)]
Restrict the PAM_TTY kludge to Solaris and Linux-PAM.
Setting PAM_TTY to the empty string causes problems with some modules
on HP-UX so restrict it to systems where it is fixes known issues.
Todd C. Miller [Mon, 18 Mar 2019 20:08:21 +0000 (14:08 -0600)]
Fix the counting of supplementary groups on AIX.
We should not assume that basegid will be present in the list of
gids returned by getgrset().
Todd C. Miller [Thu, 14 Mar 2019 17:31:05 +0000 (11:31 -0600)]
Plug a memory leak on user/group lookup failure found by ASAN.
Todd C. Miller [Fri, 8 Mar 2019 16:07:20 +0000 (09:07 -0700)]
Fix test failure when run by a user other than the file owner.
Todd C. Miller [Fri, 8 Mar 2019 15:36:01 +0000 (08:36 -0700)]
Updated translations from translationproject.org
Todd C. Miller [Fri, 8 Mar 2019 13:58:30 +0000 (06:58 -0700)]
Test cvtsudoers stdout and stderr separately.
Fixes a test failure on systems with musl libc. Bug #873
Todd C. Miller [Thu, 7 Mar 2019 03:15:11 +0000 (20:15 -0700)]
Better comment about EOVERFLOW and pstat_getproc().
Also remove some useless casts.
Todd C. Miller [Thu, 7 Mar 2019 03:13:40 +0000 (20:13 -0700)]
Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error.
It just means that one of the fields in pstat lacks the precision to
store a value. That's not an issue for pst_highestfd.
Todd C. Miller [Wed, 6 Mar 2019 17:46:23 +0000 (10:46 -0700)]
update copyright year
Todd C. Miller [Tue, 5 Mar 2019 17:23:07 +0000 (10:23 -0700)]
Fix error message when a fully-qualified plugin path does not exist.
Todd C. Miller [Mon, 4 Mar 2019 15:52:28 +0000 (08:52 -0700)]
Fix unescaped '\' and remove an extra '[' in the definition of digest.
Todd C. Miller [Sun, 3 Mar 2019 21:41:59 +0000 (14:41 -0700)]
Ignore carriage return before a linefeed.
This allows sudo to parse files with DOS-style line endings.
Todd C. Miller [Tue, 26 Feb 2019 20:15:40 +0000 (13:15 -0700)]
For sssd, the nsswitch.conf setting should be "sss" not "sssd".
From Johnathan Smith.
Todd C. Miller [Thu, 21 Feb 2019 00:05:02 +0000 (17:05 -0700)]
Add simple API for to allow reading environment data from different sources.
Currently, this is used to read a file like /etc/environment.
Todd C. Miller [Tue, 19 Feb 2019 18:03:02 +0000 (11:03 -0700)]
Fix pasto; the unrestricted env file was read when we want the restricted one.
Todd C. Miller [Tue, 19 Feb 2019 15:31:08 +0000 (08:31 -0700)]
Be sure to include sudo_queue.h where needed instead of relying on other headers.
Todd C. Miller [Mon, 18 Feb 2019 23:03:55 +0000 (16:03 -0700)]
Only export sudo_arc4random_uniform() if arc4random_uniform() is missing.
Todd C. Miller [Mon, 18 Feb 2019 22:56:12 +0000 (15:56 -0700)]
Quiet a warning on gcc 8
Todd C. Miller [Mon, 18 Feb 2019 22:45:31 +0000 (15:45 -0700)]
AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel.
Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is missing.
Todd C. Miller [Mon, 18 Feb 2019 18:35:52 +0000 (11:35 -0700)]
Split command match code out into match_command.c.
Also remove unused SUDOERS_NAME_MATCH code.
Todd C. Miller [Sun, 17 Feb 2019 15:21:13 +0000 (08:21 -0700)]
Split out digest matching into its own file.
Todd C. Miller [Sun, 17 Feb 2019 13:47:37 +0000 (06:47 -0700)]
Split out digest matching into its own file.
Todd C. Miller [Tue, 12 Feb 2019 19:02:02 +0000 (12:02 -0700)]
Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK.
Fixes a namespace collision on Solaris when bison is used.
Todd C. Miller [Wed, 6 Feb 2019 20:12:33 +0000 (13:12 -0700)]
Add stub definition of digest_matches() for SUDOERS_NAME_MATCH
Todd C. Miller [Wed, 6 Feb 2019 17:25:52 +0000 (10:25 -0700)]
No longer need to include sudo_lbuf.h
Todd C. Miller [Wed, 6 Feb 2019 13:30:00 +0000 (06:30 -0700)]
On RedHat/CentOS get the OS major version from /etc/redhat-release.
We cannot determine this from the output of "pp --probe" since it
doesn't contain a period to separate the major and minor numbers.
Todd C. Miller [Tue, 5 Feb 2019 23:47:08 +0000 (16:47 -0700)]
Use SET macro instead of bitwise OR.
Todd C. Miller [Tue, 5 Feb 2019 23:46:30 +0000 (16:46 -0700)]
In sudo_make_grlist_item() the calculation of total did not include
space for pointers to the group names.
Todd C. Miller [Tue, 5 Feb 2019 21:29:39 +0000 (14:29 -0700)]
Use correct debug_decl() names.
Todd C. Miller [Tue, 5 Feb 2019 17:02:17 +0000 (10:02 -0700)]
Add fallback values for sudoers uid, gid and mode if not set in Makefile.
Todd C. Miller [Mon, 4 Feb 2019 21:07:20 +0000 (14:07 -0700)]
include stddef.h to make sure we get NULL
Todd C. Miller [Sat, 2 Feb 2019 20:55:30 +0000 (13:55 -0700)]
Fix memory leak when there are no network interfaces or an error occurs.
Todd C. Miller [Fri, 25 Jan 2019 17:39:57 +0000 (10:39 -0700)]
Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res.
Fixes a problem where libcrypt is not used with autoconf caching.
Adapted from a diff from Adam Labbe.
Todd C. Miller [Thu, 24 Jan 2019 21:59:13 +0000 (14:59 -0700)]
Updated translations from translationproject.org
Todd C. Miller [Tue, 22 Jan 2019 13:41:16 +0000 (06:41 -0700)]
Fix listpw=never and verifypw=never. Bug #869
Todd C. Miller [Sun, 20 Jan 2019 14:49:48 +0000 (07:49 -0700)]
Minor snprintf() usage tweaks:
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail