]> granicus.if.org Git - sudo/log
sudo
8 years agoDon't try to fflush(export_fp) or ferror(export_fp) if export_fp
Todd C. Miller [Mon, 16 May 2016 20:16:08 +0000 (14:16 -0600)]
Don't try to fflush(export_fp) or ferror(export_fp) if export_fp
is NULL, which can happen on the error path.

8 years agoO_NOCTTY has no effect when opening /dev/tty as the open can only
Todd C. Miller [Mon, 16 May 2016 17:17:20 +0000 (11:17 -0600)]
O_NOCTTY has no effect when opening /dev/tty as the open can only
succeed if there is already a controlling tty.

8 years agoDo not need to open /dev/tty with O_NONBLOCK, it doesn't block on
Todd C. Miller [Mon, 16 May 2016 17:12:54 +0000 (11:12 -0600)]
Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on
first open like a physical terminal.  By definition, if you have a
controlling tty, the first open (which might block) has already
occurred.

8 years agoUse O_NOCTTY when opening a tty.
Todd C. Miller [Mon, 16 May 2016 17:00:31 +0000 (11:00 -0600)]
Use O_NOCTTY when opening a tty.

8 years agoregen
Todd C. Miller [Mon, 16 May 2016 16:29:30 +0000 (10:29 -0600)]
regen

8 years agoNo need to set pass to NULL after freeing at the end of the loop
Todd C. Miller [Mon, 16 May 2016 16:18:31 +0000 (10:18 -0600)]
No need to set pass to NULL after freeing at the end of the loop
it since it is already set to NULL each time through the loop.

8 years agoSELinux fixes in 1.8.17.
Todd C. Miller [Sun, 15 May 2016 01:40:12 +0000 (19:40 -0600)]
SELinux fixes in 1.8.17.

8 years agoCheck fprintf() return value in writeln_wrap() and return the number
Todd C. Miller [Sun, 15 May 2016 01:38:23 +0000 (19:38 -0600)]
Check fprintf() return value in writeln_wrap() and return the number
of characters actually written, or -1 on error.

8 years agoCheck fputs() return value.
Todd C. Miller [Sun, 15 May 2016 01:34:42 +0000 (19:34 -0600)]
Check fputs() return value.

8 years agoDo not write directly to stdout/stderr, use sudo_printf which calls
Todd C. Miller [Sun, 15 May 2016 01:34:13 +0000 (19:34 -0600)]
Do not write directly to stdout/stderr, use sudo_printf which calls
the conversation function.

8 years agoDo not write directly to stdout/stderr, use sudo_printf which calls
Todd C. Miller [Sun, 15 May 2016 01:33:28 +0000 (19:33 -0600)]
Do not write directly to stdout/stderr, use sudo_printf which calls
the conversation function.

8 years agoUse ferror() after fflush() to check the error status of the stdio
Todd C. Miller [Sun, 15 May 2016 00:48:20 +0000 (18:48 -0600)]
Use ferror() after fflush() to check the error status of the stdio
stream we wrote to.

8 years agoprintf() returns < 0 on error, not explicitly -1
Todd C. Miller [Fri, 13 May 2016 20:48:00 +0000 (14:48 -0600)]
printf() returns < 0 on error, not explicitly -1

8 years agoRegen for 1.8.17
Todd C. Miller [Fri, 13 May 2016 18:02:53 +0000 (12:02 -0600)]
Regen for 1.8.17

8 years agoDocument that you need to preserve EDITOR and/or VISUAL for env_editor
Todd C. Miller [Fri, 13 May 2016 18:02:23 +0000 (12:02 -0600)]
Document that you need to preserve EDITOR and/or VISUAL for env_editor
to be useful.

8 years agoFix last commit, now that argc is not reset we need to explicitly
Todd C. Miller [Fri, 13 May 2016 12:40:59 +0000 (06:40 -0600)]
Fix last commit, now that argc is not reset we need to explicitly
start the copy from argv[1].  From Daniel Kopecek

8 years agocosmetic change to warning string
Todd C. Miller [Thu, 12 May 2016 16:35:06 +0000 (10:35 -0600)]
cosmetic change to warning string

8 years agoAvoid adding an extraneous warning string to sudoers.pot.
Todd C. Miller [Thu, 12 May 2016 16:33:32 +0000 (10:33 -0600)]
Avoid adding an extraneous warning string to sudoers.pot.

8 years agoUse EOVERFLOW, not ENOMEM for overflow conditions.
Todd C. Miller [Thu, 12 May 2016 16:07:59 +0000 (10:07 -0600)]
Use EOVERFLOW, not ENOMEM for overflow conditions.
For snprintf() and vsnprintf(), POSIX says we should return -1 and
set errno to EOVERFLOW if the size param is > INT_MAX; also zero
out the string in this case (not mandated by POSIX) for safety.

8 years agoNow that pam_open_session() failure is fatal we should print and log
Todd C. Miller [Wed, 11 May 2016 21:01:45 +0000 (15:01 -0600)]
Now that pam_open_session() failure is fatal we should print and log
an error from it.  Bug #744

8 years agoRepair SELinux support, broken by 397722cdd7ec.
Todd C. Miller [Wed, 11 May 2016 20:02:43 +0000 (14:02 -0600)]
Repair SELinux support, broken by 397722cdd7ec.
From Daniel Kopecek.

8 years agoRemove sudo_mkpwcache() and sudo_mkgrcache(). We now create the
Todd C. Miller [Wed, 11 May 2016 15:40:31 +0000 (09:40 -0600)]
Remove sudo_mkpwcache() and sudo_mkgrcache().  We now create the
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.

8 years agoEliminate use of setpwent()/endpwent() and setgrent()/endgrent().
Todd C. Miller [Wed, 11 May 2016 13:06:45 +0000 (07:06 -0600)]
Eliminate use of setpwent()/endpwent() and setgrent()/endgrent().
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().

8 years agoRemove unnecessary NULL checks in the RUNAS_CHANGED macro. The
Todd C. Miller [Tue, 10 May 2016 12:32:55 +0000 (06:32 -0600)]
Remove unnecessary NULL checks in the RUNAS_CHANGED macro.  The
only place where the pointers could be NULL is in visudo_json.c but
we already check for "next" being NULL there.  Quiets a cppcheck
warning.

8 years agoIn replay_session() free iov at the end of the function (if needed)
Todd C. Miller [Mon, 9 May 2016 20:54:26 +0000 (14:54 -0600)]
In replay_session() free iov at the end of the function (if needed)
instead of after processing each line from the timing file.
Coverity CID 104843.

8 years agoAdd io_log_read() and io_log_gets() to hide differences between
Todd C. Miller [Mon, 9 May 2016 20:27:33 +0000 (14:27 -0600)]
Add io_log_read() and io_log_gets() to hide differences between
gzread/fread and gzgets/fgets.  Check for premature EOF and error
from io_log_read().  Also sanity check the index in the timing file.
Coverity CID 104630.

8 years agoBreak up io_callback() into read_callback() and write_callback()
Todd C. Miller [Mon, 9 May 2016 16:53:20 +0000 (10:53 -0600)]
Break up io_callback() into read_callback() and write_callback()
to make it clear that we can't get an event with both read and write
set.

8 years agoIn io_callback() make sure we clear SUDO_EV_READ if we close the
Todd C. Miller [Sat, 7 May 2016 20:51:37 +0000 (14:51 -0600)]
In io_callback() make sure we clear SUDO_EV_READ if we close the
fd.  It should not be possible for SUDO_EV_READ to be set when
revent is non-NULL but this makes static analyzers happier.
Coverity CID 104124.

8 years agoIn sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
Todd C. Miller [Sat, 7 May 2016 14:18:27 +0000 (08:18 -0600)]
In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
so we only have to cleanup in one place.  Coverity CID 104577.

8 years agoFix memory leak in sudo_netgroup_lookup() in the non-error case.
Todd C. Miller [Sat, 7 May 2016 13:57:15 +0000 (07:57 -0600)]
Fix memory leak in sudo_netgroup_lookup() in the non-error case.
Coverity CID 104572, 104573, 104574, 104575.

8 years agoFix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
Todd C. Miller [Sat, 7 May 2016 13:49:35 +0000 (07:49 -0600)]
Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
Coverity CID 104571.

8 years agoFree the events and event base before returning from replay_session().
Todd C. Miller [Sat, 7 May 2016 11:16:03 +0000 (05:16 -0600)]
Free the events and event base before returning from replay_session().
Coverity CID 104116, 104117.

8 years agoIn sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails.
Todd C. Miller [Sat, 7 May 2016 11:10:11 +0000 (05:10 -0600)]
In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails.
Coverity CID 104114.

8 years agoFix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
Todd C. Miller [Sat, 7 May 2016 11:07:38 +0000 (05:07 -0600)]
Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
returns an error.  Coverity CID 104113.

8 years agoFix memory leak of sesh_args in selinux_edit_copy_tfiles().
Todd C. Miller [Sat, 7 May 2016 11:05:30 +0000 (05:05 -0600)]
Fix memory leak of sesh_args in selinux_edit_copy_tfiles().
Coverity CID 104112.

8 years agoFix memory leak in get_editor() if resolve_editor() fails with
Todd C. Miller [Sat, 7 May 2016 10:59:56 +0000 (04:59 -0600)]
Fix memory leak in get_editor() if resolve_editor() fails with
an error.  Coverity CID 104107.

8 years agoFix memory leak on error if sudo_new_key_val() fails.
Todd C. Miller [Sat, 7 May 2016 10:57:11 +0000 (04:57 -0600)]
Fix memory leak on error if sudo_new_key_val() fails.
Coverity CID 104103.

8 years agoIgnore the return value of the initial sudoersparse(), before
Todd C. Miller [Sat, 7 May 2016 10:52:21 +0000 (04:52 -0600)]
Ignore the return value of the initial sudoersparse(), before
we have actually edited any files.  Coverity CID 104078.

8 years agoIgnore the result of send() on exec error, if it fails the other
Todd C. Miller [Sat, 7 May 2016 10:47:12 +0000 (04:47 -0600)]
Ignore the result of send() on exec error, if it fails the other
end of the pipe is gone and we are headed for exit.
Coverity CID 104066.

8 years agoIn fill_args() clean up properly if there is an internal overflow
Todd C. Miller [Sat, 7 May 2016 10:37:55 +0000 (04:37 -0600)]
In fill_args() clean up properly if there is an internal overflow
(which should not be possible).  Coverity CID 104569.

8 years agoFix logic inversion in sudoers_gc_remove(), currently unused.
Todd C. Miller [Sat, 7 May 2016 10:33:45 +0000 (04:33 -0600)]
Fix logic inversion in sudoers_gc_remove(), currently unused.
Coverity CID 104568

8 years agoIn io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:42:42 +0000 (16:42 -0600)]
In io_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104120.

8 years agoIn ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
Todd C. Miller [Fri, 6 May 2016 22:37:20 +0000 (16:37 -0600)]
In ts_mkdirs(), change the order from stat then mkdir, to mkdir then stat.
This more closely matches what "mkdir -p" does.
Coverity CID 104119.

8 years agoNewer versions of Ubuntu have switched from using the "admin" group
Todd C. Miller [Fri, 6 May 2016 20:30:46 +0000 (14:30 -0600)]
Newer versions of Ubuntu have switched from using the "admin" group
to the "sudo" group to align with Debian.  create_admin_success_flag()
now accepts either one.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347

8 years agoCast off_t printed via printf(3) instead of assuming it is long long.
Todd C. Miller [Fri, 6 May 2016 20:17:32 +0000 (14:17 -0600)]
Cast off_t printed via printf(3) instead of assuming it is long long.

8 years agoInstead of using stat(2) to see if the admin flag file exists and
Todd C. Miller [Fri, 6 May 2016 20:12:08 +0000 (14:12 -0600)]
Instead of using stat(2) to see if the admin flag file exists and
creating it if not, just try to create the file and treat EEXIST
as a non-error.  Coverity CID 104121.

8 years agoREADME file for the sample plugin that tells the user how to build,
Todd C. Miller [Fri, 6 May 2016 17:30:02 +0000 (11:30 -0600)]
README file for the sample plugin that tells the user how to build,
install and enable it.

8 years agoFix compilation error and export sample_policy struct.
Todd C. Miller [Fri, 6 May 2016 17:12:45 +0000 (11:12 -0600)]
Fix compilation error and export sample_policy struct.
From Michael Evans

8 years agoUpdate for 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:44:52 +0000 (09:44 -0600)]
Update for 1.8.17

8 years agoSudo 1.8.17
Todd C. Miller [Fri, 6 May 2016 15:28:42 +0000 (09:28 -0600)]
Sudo 1.8.17

8 years agoCheck return value of restore_perms() in vlog_warning().
Todd C. Miller [Fri, 6 May 2016 15:26:45 +0000 (09:26 -0600)]
Check return value of restore_perms() in vlog_warning().
Coverity CID 104079.

8 years agoFix memory leaks in resolve_editor() in the error path.
Todd C. Miller [Fri, 6 May 2016 15:23:22 +0000 (09:23 -0600)]
Fix memory leaks in resolve_editor() in the error path.
Coverity CID 104109, 104110

8 years agoFix memory leak of gid_list in sudoers_policy_exec_setup() in the
Todd C. Miller [Fri, 6 May 2016 15:17:14 +0000 (09:17 -0600)]
Fix memory leak of gid_list in sudoers_policy_exec_setup() in the
error path.  Coverity CID 104111.

8 years agoFix fd leak in do_logfile() if we fail to lock the log file.
Todd C. Miller [Fri, 6 May 2016 15:12:39 +0000 (09:12 -0600)]
Fix fd leak in do_logfile() if we fail to lock the log file.
Coverity CID 104115.

8 years agoFix memory leak of sss_result in sudo_sss_lookup()
Todd C. Miller [Fri, 6 May 2016 14:22:03 +0000 (08:22 -0600)]
Fix memory leak of sss_result in sudo_sss_lookup()
Coverity CID 104106

8 years agoFix fd leak in open_io_fd() if gzdopen/fdopen fails.
Todd C. Miller [Fri, 6 May 2016 14:11:34 +0000 (08:11 -0600)]
Fix fd leak in open_io_fd() if gzdopen/fdopen fails.
Coverity CID 104105

8 years agoFix fd leak in io_nextid() in error path.
Todd C. Miller [Fri, 6 May 2016 14:07:40 +0000 (08:07 -0600)]
Fix fd leak in io_nextid() in error path.
Coverity CID 104104

8 years agoCheck lseek() return value.
Todd C. Miller [Thu, 5 May 2016 22:46:25 +0000 (16:46 -0600)]
Check lseek() return value.
Coverity CID 104061.

8 years agoIgnore ts_write() return value when disabling an entry with a bogus
Todd C. Miller [Thu, 5 May 2016 22:30:11 +0000 (16:30 -0600)]
Ignore ts_write() return value when disabling an entry with a bogus
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:16:24 +0000 (16:16 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074

8 years agoCast the return value of fcntl() to void when setting FD_CLOEXEC.
Todd C. Miller [Thu, 5 May 2016 22:09:51 +0000 (16:09 -0600)]
Cast the return value of fcntl() to void when setting FD_CLOEXEC.
Coverity CID 104075, 104076, 104077.

8 years agoAvoid a false positive. Coverity CID 104056.
Todd C. Miller [Thu, 5 May 2016 21:54:06 +0000 (15:54 -0600)]
Avoid a false positive.  Coverity CID 104056.

8 years agoAvoid calling fclose(NULL) on error in export_sudoers().
Todd C. Miller [Thu, 5 May 2016 21:14:57 +0000 (15:14 -0600)]
Avoid calling fclose(NULL) on error in export_sudoers().
Coverity CID 104091.

8 years agoIn fill_args(), check for "arg_size == 0" instead of
Todd C. Miller [Thu, 5 May 2016 21:12:37 +0000 (15:12 -0600)]
In fill_args(), check for "arg_size == 0" instead of
"sudoerslval.command.args == NULL" since the latter leads Coverity
to imply that sudoerslval.command.args could be NULL later on.
Coverity CID 104093.

8 years agoAvoid calling fclose(NULL) if the sudoers file is not secure and
Todd C. Miller [Thu, 5 May 2016 21:01:22 +0000 (15:01 -0600)]
Avoid calling fclose(NULL) if the sudoers file is not secure and
restore_perms() fails.  Coverity CID 104090.

8 years agoIn fill_args(), replace loop that increments arg_size() with
Todd C. Miller [Wed, 4 May 2016 22:59:04 +0000 (16:59 -0600)]
In fill_args(), replace loop that increments arg_size() with
a simple add and mask.  Should prevent a false positive from
Coverity CID 104094.

8 years agoIn parse_expr(), move the "bad" label after the "default" case in
Todd C. Miller [Wed, 4 May 2016 22:48:02 +0000 (16:48 -0600)]
In parse_expr(), move the "bad" label after the "default" case in
the switch(), not before it.  This seemed to confuse Covertity,
resulting in a false positive, CID 104095.

8 years agoFor "sudoreplay -l", not all predicates may be shortened to a single
Todd C. Miller [Wed, 4 May 2016 22:44:52 +0000 (16:44 -0600)]
For "sudoreplay -l", not all predicates may be shortened to a single
character.  Both 'c' and 't' have more than one possibility.

8 years agopid_t is defined by POSIX as a signed integer type so we don't need
Todd C. Miller [Wed, 4 May 2016 20:14:38 +0000 (14:14 -0600)]
pid_t is defined by POSIX as a signed integer type so we don't need
a cast when comparing to -1.

8 years agoIn dispatch_signal() for stopped processes check for tcgetpgrp()
Todd C. Miller [Wed, 4 May 2016 20:13:44 +0000 (14:13 -0600)]
In dispatch_signal() for stopped processes check for tcgetpgrp()
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.

8 years agoIn relabel_tty() always jump to bad: on error, regardless of the
Todd C. Miller [Wed, 4 May 2016 19:48:44 +0000 (13:48 -0600)]
In relabel_tty() always jump to bad: on error, regardless of the
value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.

8 years agoDefine NO_LEAKS when sudo is built with Coverity.
Todd C. Miller [Wed, 4 May 2016 19:01:57 +0000 (13:01 -0600)]
Define NO_LEAKS when sudo is built with Coverity.

8 years agoIn io_callback() if we write the complete buffer and find that there
Todd C. Miller [Wed, 4 May 2016 18:53:20 +0000 (12:53 -0600)]
In io_callback() if we write the complete buffer and find that there
is no associated reader just return as there is nothing else to be
done.  In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand.  Coverity CID 104124.

8 years agoHandle read() returning -1 when creating temporary files.
Todd C. Miller [Wed, 4 May 2016 18:48:17 +0000 (12:48 -0600)]
Handle read() returning -1 when creating temporary files.
Coverity CID 104100

8 years agoFix cut and paste error when checking cols for 0.
Todd C. Miller [Wed, 4 May 2016 17:15:20 +0000 (11:15 -0600)]
Fix cut and paste error when checking cols for 0.
Coverity CID 104081

8 years agoUse a single debug message for cache hit or store to avoid another
Todd C. Miller [Wed, 4 May 2016 15:15:12 +0000 (09:15 -0600)]
Use a single debug message for cache hit or store to avoid another
situation where they get out of sync.  Bug #743

8 years agoSync the "cache hit" debug messages with the "cached" debug messages.
Todd C. Miller [Wed, 4 May 2016 14:55:21 +0000 (08:55 -0600)]
Sync the "cache hit" debug messages with the "cached" debug messages.
This fixes a bug where we could dereference a NULL pointer when we
look up a negative cached entry which is stored as a NULL passwd
or group struct pointer.  Bug #743.

8 years agoRemove the check for __sprintf_chk when checking for _FORTIFY_SOURCE,
Todd C. Miller [Thu, 28 Apr 2016 21:27:53 +0000 (15:27 -0600)]
Remove the check for __sprintf_chk when checking for _FORTIFY_SOURCE,
Some implementations are purely header-file based.  As long as we
can link a test program using sprintf() when _FORTIFY_SOURCE=2 it
should be safe to use.

8 years agoRemove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
Todd C. Miller [Thu, 28 Apr 2016 21:09:46 +0000 (15:09 -0600)]
Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
and ssize_t.  These have been specified by either ANSI C or POSIX
for long enough that if the system doesn't support them, it is
unlikely to be able to compile sudo anyway.

8 years agoDo group setup in policy_init_session() before calling out to the
Todd C. Miller [Thu, 28 Apr 2016 17:01:58 +0000 (11:01 -0600)]
Do group setup in policy_init_session() before calling out to the
plugin.  This makes it possible for the pam_group module to change
the group in pam_setcred().  It's a bit bogus since pam_setcred()
is documented as not changing the group or user ID, but pam_group
is shipped with stock Linux-PAM so we need to support it.

8 years agoAdd missing newline when logging to a file (not syslog) and
Todd C. Miller [Tue, 26 Apr 2016 20:39:42 +0000 (14:39 -0600)]
Add missing newline when logging to a file (not syslog) and
loglinelen is set to a non-positive number.  Bug #742

8 years agostyle fix; fork_cmnd should start on a new line
Todd C. Miller [Mon, 25 Apr 2016 15:58:32 +0000 (09:58 -0600)]
style fix; fork_cmnd should start on a new line

8 years agoIgnore SIGPIPE for the duration of sudo and not just in a few select
Todd C. Miller [Fri, 22 Apr 2016 22:36:36 +0000 (16:36 -0600)]
Ignore SIGPIPE for the duration of sudo and not just in a few select
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.

8 years agoUse string_to_security_class() instead of pulling SECCLASS_CHR_FILE
Todd C. Miller [Fri, 22 Apr 2016 17:36:08 +0000 (11:36 -0600)]
Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE
from flask.h.  Avoids a warning with new SELinux includes.

8 years agoWhen determining whether or not "sudo -l" or "sudo -b" should prompt
Todd C. Miller [Tue, 19 Apr 2016 16:08:51 +0000 (10:08 -0600)]
When determining whether or not "sudo -l" or "sudo -b" should prompt
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.

8 years agoIf the auth_type setting in /etc/security/login.cfg is set to
Todd C. Miller [Tue, 22 Mar 2016 22:31:28 +0000 (16:31 -0600)]
If the auth_type setting in /etc/security/login.cfg is set to
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.

8 years agoThe header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).
Todd C. Miller [Thu, 17 Mar 2016 16:46:23 +0000 (10:46 -0600)]
The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).

8 years agohook_version and hook_type are unsigned so use 0, not -1 in the
Todd C. Miller [Wed, 16 Mar 2016 16:53:43 +0000 (10:53 -0600)]
hook_version and hook_type are unsigned so use 0, not -1 in the
final (empty) entry.  Quiets a warning on Solaris Studio 12.2.

8 years agoWork around an ambiguity in the PAM spec with respect to the conversation
Todd C. Miller [Wed, 9 Mar 2016 16:39:46 +0000 (09:39 -0700)]
Work around an ambiguity in the PAM spec with respect to the conversation
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.

8 years agosync with translationproject.org
Todd C. Miller [Tue, 8 Mar 2016 17:04:46 +0000 (10:04 -0700)]
sync with translationproject.org

8 years agoBug #738
Todd C. Miller [Sat, 27 Feb 2016 23:56:56 +0000 (16:56 -0700)]
Bug #738

8 years agosync with translationproject.org
Todd C. Miller [Fri, 26 Feb 2016 21:39:00 +0000 (14:39 -0700)]
sync with translationproject.org

8 years agoBetter test for negated character classes.
Todd C. Miller [Fri, 26 Feb 2016 18:24:25 +0000 (11:24 -0700)]
Better test for negated character classes.

8 years agoAdd test for negated character class
Todd C. Miller [Fri, 26 Feb 2016 18:14:50 +0000 (11:14 -0700)]
Add test for negated character class

8 years agosync with translationproject.org
Todd C. Miller [Fri, 26 Feb 2016 18:02:29 +0000 (11:02 -0700)]
sync with translationproject.org

8 years agosync
Todd C. Miller [Fri, 26 Feb 2016 17:58:52 +0000 (10:58 -0700)]
sync

8 years agoFix negation of character classes.
Todd C. Miller [Fri, 26 Feb 2016 17:52:55 +0000 (10:52 -0700)]
Fix negation of character classes.

8 years agoFix the check for whether a user is allowed to lists another user's
Todd C. Miller [Fri, 26 Feb 2016 16:32:08 +0000 (09:32 -0700)]
Fix the check for whether a user is allowed to lists another user's
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738

8 years agoLog the number of PAM messages in the conversation function at debug
Todd C. Miller [Fri, 26 Feb 2016 16:30:31 +0000 (09:30 -0700)]
Log the number of PAM messages in the conversation function at debug
level.

8 years agoDon't check for posix_spawn() or posix_spawnp() if we were unable
Todd C. Miller [Wed, 24 Feb 2016 23:00:08 +0000 (16:00 -0700)]
Don't check for posix_spawn() or posix_spawnp() if we were unable
to find spawn.h.  This should only be a problem on systems with
broken headers.  Bug #730