Todd C. Miller [Mon, 12 Nov 2012 14:41:56 +0000 (09:41 -0500)]
Add calls to set_perms(PERM_ROOT) becore logging to a file. We
should already be root but since we cache the current permission
status it is basically free. That way, if more of sudoers runs as
non-root in the future logging will still work correctly.
Todd C. Miller [Sun, 11 Nov 2012 12:11:22 +0000 (07:11 -0500)]
Add os-specific initialization functions for solaris (workaround
setuid locale problem in Solaris 11) and openbsd (set malloc_options
if SUDO_DEVEL). Also move set_project() to solaris.c.
Todd C. Miller [Thu, 8 Nov 2012 20:37:44 +0000 (15:37 -0500)]
Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local.
Todd C. Miller [Thu, 8 Nov 2012 20:37:43 +0000 (15:37 -0500)]
Convert setlocale() to sudoers_setlocale() in the sudoers module.
This only converts existing uses, there are more places where we
need to sprinkle sudoers_setlocale() calls.
Todd C. Miller [Thu, 8 Nov 2012 20:37:43 +0000 (15:37 -0500)]
Add simple locale switching to make it easy to switch from the
user's locale to the sudoers locale without making excessive
setlocale() calls when we don't need to.
Todd C. Miller [Tue, 6 Nov 2012 16:19:51 +0000 (11:19 -0500)]
Do not inform the user that the command was not permitted by the
policy if they do not successfully authenticate. This is a regression
introduced in sudo 1.8.6.
Todd C. Miller [Tue, 23 Oct 2012 14:21:24 +0000 (10:21 -0400)]
Use a list for the possible values of Tag_Spec with a minimal indent
to improve readability. In the pod version, these were =head3.
Also use .St -p1003.1 instead of just POSIX when talking about
glob() and fnmatch().
Todd C. Miller [Tue, 25 Sep 2012 17:49:51 +0000 (13:49 -0400)]
Start commands in the background when I/O logging is enabled. We
can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
which returns EINTR on signal instead of restarting automatically.
Todd C. Miller [Mon, 24 Sep 2012 19:06:14 +0000 (15:06 -0400)]
Fix running commands that need the terminal in the background when
I/O logging is enabled. E.g. "sudo vi &". When the command is
foregrounded, it will now resume properly.
Todd C. Miller [Fri, 21 Sep 2012 20:25:01 +0000 (16:25 -0400)]
Split out implementation-specific back end code out of pwutil.c
into pwutil_impl.c. This will allow the main pwutil code to be
used for lookup methods other than getpw* and getgr*.
Todd C. Miller [Mon, 17 Sep 2012 21:03:17 +0000 (17:03 -0400)]
Rename yyerror() to sudoerserror() to match yacc prefix changes.
Not really needed due to the #defines that yacc makes but it is
less confusing this way as the lexer calls sudoerserror().
Todd C. Miller [Sun, 16 Sep 2012 19:18:58 +0000 (15:18 -0400)]
Replace the guts of sudo_setenv_nodebug() with our old setenv.c
which supports non-standard BSD and glibc semantics.
sudo_setenv() now simply calls sudo_setenv2().
Todd C. Miller [Tue, 28 Aug 2012 14:11:38 +0000 (10:11 -0400)]
Detect sys_sigabbrev[] and use it in place of sys_signame[] if
present. For some reason glibc does not declare sys_sigabbrev so
we must add an extern definition of our own.
Todd C. Miller [Mon, 27 Aug 2012 15:22:33 +0000 (11:22 -0400)]
Pass on SIGTSTP to the command if it was sent by a user process
(not the kernel or the terminal) when we are not I/O logging and
set the default SIGTSTP handler when we re-send the signal to
ourself, restoring our handler after we resume.
Todd C. Miller [Mon, 27 Aug 2012 14:29:59 +0000 (10:29 -0400)]
Shells typically change their process group when they start up so
that they can implement job control. Most well-behaved shells
change the pgrp back to its original value before suspending so we
must not try to restore in that case, lest we race with the child
upon resume, potentially stopping sudo with SIGTTOU while the command
continues to run. Some shells, such as pdksh, just suspend the
shell by sending SIGSTOP to themselves without restoring the pgrp.
In this case we need to change the pgrp back for them.
Should fix bug #568
Todd C. Miller [Thu, 23 Aug 2012 18:47:58 +0000 (14:47 -0400)]
When running regress tests, list pass/fail rate for each dir
(testsudoers and visudo) instead of the total. Also prevent the
result files from clobbering each other by keeping them in the
relevant directories.
Todd C. Miller [Thu, 23 Aug 2012 18:02:02 +0000 (14:02 -0400)]
Don't print an error message in yyerror() if open_sudoers() fails,
we've already printed an error message. Also restore the check
for sudoers_warnings in yyerror().