]> granicus.if.org Git - sudo/log
sudo
6 years agoCast uid/gid to unsigned int before printing.
Todd C. Miller [Wed, 22 Aug 2018 18:58:24 +0000 (12:58 -0600)]
Cast uid/gid to unsigned int before printing.

6 years agoOnly include stdarg.h if we need it.
Todd C. Miller [Wed, 22 Aug 2018 18:36:28 +0000 (12:36 -0600)]
Only include stdarg.h if we need it.

6 years agoInclude stddef.h for offsetof() definition.
Todd C. Miller [Wed, 22 Aug 2018 16:27:33 +0000 (10:27 -0600)]
Include stddef.h for offsetof() definition.

6 years agofix compiler warnings on Solaris 11
Todd C. Miller [Wed, 22 Aug 2018 16:40:11 +0000 (10:40 -0600)]
fix compiler warnings on Solaris 11

6 years agoFix setting of errno when gotdata() fails.
Todd C. Miller [Wed, 22 Aug 2018 16:36:00 +0000 (10:36 -0600)]
Fix setting of errno when gotdata() fails.

6 years agoBugs 846 and 847
Todd C. Miller [Wed, 22 Aug 2018 14:23:29 +0000 (08:23 -0600)]
Bugs 846 and 847

6 years agoWe still need to include string.h for AIX (and possibly others)
Todd C. Miller [Wed, 22 Aug 2018 14:22:56 +0000 (08:22 -0600)]
We still need to include string.h for AIX (and possibly others)
when we are not using the system memset_r() function and rsize_t
is defined by the system headers.

6 years agoAdd --enable-package-build to give configure a hint that we are
Todd C. Miller [Wed, 22 Aug 2018 14:09:46 +0000 (08:09 -0600)]
Add --enable-package-build to give configure a hint that we are
building a package.  This can be used to avoid relying on libc
functions that may not be present in all libc versions for a
particular system.  For instance, AIX 7.1 may or may not have
memset_s() and getline() present.

6 years agoAIX defines rsize_t in string.h, not stddef.h for use by the
Todd C. Miller [Wed, 22 Aug 2018 13:43:13 +0000 (07:43 -0600)]
AIX defines rsize_t in string.h, not stddef.h for use by the
memset_s() prototype.  We use our own memset_s() on AIX since it
is not available on all BOS levels which makes package building
problematic.

6 years agoFix printing of T_TIMESPEC values.
Todd C. Miller [Tue, 21 Aug 2018 23:35:44 +0000 (17:35 -0600)]
Fix printing of T_TIMESPEC values.

6 years agoRemove unused struct script_buf
Todd C. Miller [Tue, 21 Aug 2018 16:30:42 +0000 (10:30 -0600)]
Remove unused struct script_buf

6 years agoDocument when the I/O log timing file entry bug was introduced.
Todd C. Miller [Mon, 20 Aug 2018 18:49:24 +0000 (12:49 -0600)]
Document when the I/O log timing file entry bug was introduced.

6 years agosync
Todd C. Miller [Mon, 20 Aug 2018 17:24:53 +0000 (11:24 -0600)]
sync

6 years agoHP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead.
Todd C. Miller [Mon, 20 Aug 2018 16:56:34 +0000 (10:56 -0600)]
HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime() instead.

6 years agoClose the pty slave in the parent so that when the command and
Todd C. Miller [Mon, 20 Aug 2018 16:04:15 +0000 (10:04 -0600)]
Close the pty slave in the parent so that when the command and
monitor exit, the pty gets recycled without our having to close
it directly.

6 years agoMove updating of the window size to the monitor process.
Todd C. Miller [Mon, 20 Aug 2018 16:04:14 +0000 (10:04 -0600)]
Move updating of the window size to the monitor process.
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.

6 years agosudo 1.8.25
Todd C. Miller [Mon, 20 Aug 2018 16:04:12 +0000 (10:04 -0600)]
sudo 1.8.25

6 years agoFix test output for bug #845
Todd C. Miller [Mon, 20 Aug 2018 11:49:57 +0000 (05:49 -0600)]
Fix test output for bug #845

6 years agoFix pasto when converting sudoNotAfter; from Miguel Sanders
Todd C. Miller [Mon, 20 Aug 2018 11:48:14 +0000 (05:48 -0600)]
Fix pasto when converting sudoNotAfter; from Miguel Sanders
Bug #845

6 years agoUse a monotonic timer that only runs while not suspended for the
Todd C. Miller [Sun, 19 Aug 2018 15:55:08 +0000 (09:55 -0600)]
Use a monotonic timer that only runs while not suspended for the
iolog timing values and write nsec-precision entries.

6 years agoAdd sudo_gettime_uptime() to measure time while not sleeping.
Todd C. Miller [Sun, 19 Aug 2018 15:55:08 +0000 (09:55 -0600)]
Add sudo_gettime_uptime() to measure time while not sleeping.

6 years agoDetect number of CPUs on AIX.
Todd C. Miller [Sun, 19 Aug 2018 02:29:39 +0000 (20:29 -0600)]
Detect number of CPUs on AIX.

6 years agoFix I/O log timing file on systems without a C99-compatible snprintf().
Todd C. Miller [Sun, 19 Aug 2018 02:29:30 +0000 (20:29 -0600)]
Fix I/O log timing file on systems without a C99-compatible snprintf().
On those systems we use our own snprintf() that doesn't support
floating point.  We don't actually need floating point in this case
since the we can print seconds and microseconds without using it.

6 years agoFix for Bug #844
Todd C. Miller [Sat, 18 Aug 2018 13:08:20 +0000 (07:08 -0600)]
Fix for Bug #844

6 years agoHandle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
Todd C. Miller [Sat, 18 Aug 2018 13:06:54 +0000 (07:06 -0600)]
Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
is not.  In theory, O_DIRECTORY is redundant when O_SEARCH is
specified but it is legal for O_EXEC and O_SEARCH to have the same
value.  Bug #844

6 years agosync
Todd C. Miller [Fri, 17 Aug 2018 23:38:35 +0000 (17:38 -0600)]
sync

6 years agoFix get_starttime() on HP-UX.
Todd C. Miller [Fri, 17 Aug 2018 21:58:17 +0000 (15:58 -0600)]
Fix get_starttime() on HP-UX.

6 years agoAvoid a compilation problem on HP-UX 11.31 with gcc and machine/sys/getppdp.h
Todd C. Miller [Fri, 17 Aug 2018 19:25:46 +0000 (13:25 -0600)]
Avoid a compilation problem on HP-UX 11.31 with gcc and machine/sys/getppdp.h

6 years agoDetect number of CPUs on HP-UX.
Todd C. Miller [Fri, 17 Aug 2018 19:27:01 +0000 (13:27 -0600)]
Detect number of CPUs on HP-UX.
Use MAKE environment variable if set.

6 years agoAdd CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX
Todd C. Miller [Fri, 17 Aug 2018 03:07:36 +0000 (21:07 -0600)]
Add CHECK_SYMBOLS_LDFLAGS to check_symbols target.  Non-ELF HP-UX
executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld
is passed the +s flag.  This lets the check_symbols test pass on
systems where the ldap libraries aren't installed in the standard
location.

6 years agoFor the lint target, don't stop after the first manual that fails lint.
Todd C. Miller [Wed, 15 Aug 2018 16:02:40 +0000 (10:02 -0600)]
For the lint target, don't stop after the first manual that fails lint.

6 years agoAdd debugging info so we can tell why a timestamp record doesn't match.
Todd C. Miller [Wed, 15 Aug 2018 15:19:50 +0000 (09:19 -0600)]
Add debugging info so we can tell why a timestamp record doesn't match.

6 years agotypo
Todd C. Miller [Mon, 13 Aug 2018 12:25:44 +0000 (06:25 -0600)]
typo

6 years agosync with translationproject.org
Todd C. Miller [Mon, 13 Aug 2018 12:16:28 +0000 (06:16 -0600)]
sync with translationproject.org

6 years agosync
Todd C. Miller [Wed, 8 Aug 2018 15:02:37 +0000 (09:02 -0600)]
sync

6 years agoFix the return value of sudoers_io_change_winsize() on success.
Todd C. Miller [Sun, 12 Aug 2018 03:29:43 +0000 (21:29 -0600)]
Fix the return value of sudoers_io_change_winsize() on success.
Otherwise, we only log a single window size change.

6 years agosync with translationproject.org
Todd C. Miller [Sun, 12 Aug 2018 01:57:14 +0000 (19:57 -0600)]
sync with translationproject.org

6 years agoFix ambiguity when talking about Aliases. We can't use User_Alias
Todd C. Miller [Tue, 7 Aug 2018 16:03:05 +0000 (10:03 -0600)]
Fix ambiguity when talking about Aliases.  We can't use User_Alias
in the grammar as both the definition of the Alias as well as its
name.  This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
between the name of the alias and its definition.  Bug #834

6 years agoregen
Todd C. Miller [Tue, 7 Aug 2018 15:58:57 +0000 (09:58 -0600)]
regen

6 years agoWarn if unable to run xgettext or msgfmt.
Todd C. Miller [Tue, 7 Aug 2018 12:10:21 +0000 (06:10 -0600)]
Warn if unable to run xgettext or msgfmt.

6 years agosync with translationproject.org
Todd C. Miller [Mon, 6 Aug 2018 19:14:43 +0000 (13:14 -0600)]
sync with translationproject.org

6 years agoRefactor code to convert defaults to tags and do conversion on
Todd C. Miller [Sun, 5 Aug 2018 13:17:34 +0000 (07:17 -0600)]
Refactor code to convert defaults to tags and do conversion on
output for "sudo -l".

Remove the short_list (was long_list) global in favor of a verbose
argument.

6 years agoAssign short_list true, not 1 now that it is a boolean.
Todd C. Miller [Sun, 5 Aug 2018 02:02:00 +0000 (20:02 -0600)]
Assign short_list true, not 1 now that it is a boolean.

6 years agofix typo
Todd C. Miller [Sat, 4 Aug 2018 13:38:47 +0000 (07:38 -0600)]
fix typo

6 years agoFix a warning on FreeBSD which has a fancier __containerof implementation.
Todd C. Miller [Fri, 3 Aug 2018 17:45:01 +0000 (11:45 -0600)]
Fix a warning on FreeBSD which has a fancier __containerof implementation.

6 years agosync with translationproject.org
Todd C. Miller [Fri, 3 Aug 2018 16:14:58 +0000 (10:14 -0600)]
sync with translationproject.org

6 years agoRegen with aclocal 1.15.1.
Todd C. Miller [Thu, 2 Aug 2018 21:32:28 +0000 (15:32 -0600)]
Regen with aclocal 1.15.1.

6 years agoFor ldap/sssd, include defaults in the generate privilege unless
Todd C. Miller [Thu, 2 Aug 2018 20:45:00 +0000 (14:45 -0600)]
For ldap/sssd, include defaults in the generate privilege unless
we are listing in short mode (in which case we convert them to tags
if possible).  Fixes a problem where sudoOptions were not being
applied to the command.

6 years agoupdate_defaults() needs to be able to take a defaults_list for
Todd C. Miller [Thu, 2 Aug 2018 20:06:36 +0000 (14:06 -0600)]
update_defaults() needs to be able to take a defaults_list for
the ldap/sssd backends which support per-role defaults.

6 years agoregen
Todd C. Miller [Tue, 31 Jul 2018 13:14:26 +0000 (07:14 -0600)]
regen

6 years agoUpdate
Todd C. Miller [Mon, 30 Jul 2018 16:57:55 +0000 (10:57 -0600)]
Update

6 years agoo Move userspecs, defaults and aliases into a new struct sudoers_parse_tree.
Todd C. Miller [Thu, 26 Jul 2018 21:12:33 +0000 (15:12 -0600)]
o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree.
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.

6 years agoDon't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux.
Todd C. Miller [Thu, 26 Jul 2018 21:12:26 +0000 (15:12 -0600)]
Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux.
For BSD/Linux, getgrouplist(3) will tell us the number of groups if
we don't have enough.  For AIX, we can count the entries in the
group set before allocating the group vector.

6 years agoIgnore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
Todd C. Miller [Thu, 26 Jul 2018 18:31:29 +0000 (12:31 -0600)]
Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843

6 years agoWork around a bug on AIX where closing the pty slave causes the
Todd C. Miller [Mon, 23 Jul 2018 17:37:26 +0000 (11:37 -0600)]
Work around a bug on AIX where closing the pty slave causes the
main sudo process to lose its controlling tty (which was *not* the
pty slave).

6 years agoAdd missing aix_restoreauthdb() call to match the aix_setauthdb()
Todd C. Miller [Mon, 23 Jul 2018 16:36:08 +0000 (10:36 -0600)]
Add missing aix_restoreauthdb() call to match the aix_setauthdb()
added in b8a011be9af7.  Fixes issues on AIX where local users/groups
may not be resolved when some NIS/AD/LDAP is used for users.

6 years agoLinux getgrouplist(3) returns the number of groups on success instead
Todd C. Miller [Mon, 23 Jul 2018 13:23:17 +0000 (07:23 -0600)]
Linux getgrouplist(3) returns the number of groups on success instead
of 0 like BSD.

6 years agoWhen both a .o and .lo file was used in a Makefile, we used to make
Todd C. Miller [Fri, 20 Jul 2018 16:17:51 +0000 (10:17 -0600)]
When both a .o and .lo file was used in a Makefile, we used to make
the .o depend on the .lo.  Unfortunately, this creates a race
condition for parallel make since libtool is not atomic (it creates
a .o and then renames it when building PIC objects for shared libs).

We always link with libtool so the only reason to prefer the .o
over the .lo file is to avoid mixing .o and .lo in the dependencies.
That's not a good enough reason so change mkdep.pl to warn when
both a .o and .lo are referenced in a Makefile and do nothing else.

Bug #842

6 years agoAvoid duplicate free when netgroup_base is invalid.
Todd C. Miller [Sun, 15 Jul 2018 13:46:34 +0000 (07:46 -0600)]
Avoid duplicate free when netgroup_base is invalid.

6 years agoUse madvise(2) with MADV_WIPEONFORK if available.
Todd C. Miller [Tue, 3 Jul 2018 19:58:49 +0000 (13:58 -0600)]
Use madvise(2) with MADV_WIPEONFORK if available.

6 years agosync with translationproject.org
Todd C. Miller [Sun, 1 Jul 2018 18:00:35 +0000 (12:00 -0600)]
sync with translationproject.org

6 years agoUpdate.
Todd C. Miller [Sun, 1 Jul 2018 17:58:58 +0000 (11:58 -0600)]
Update.

6 years agosync with schema.OpenLDAP
Todd C. Miller [Mon, 25 Jun 2018 19:20:34 +0000 (13:20 -0600)]
sync with schema.OpenLDAP

6 years agoRFC 2849 specifies whitespace as the space character only so replace
Todd C. Miller [Mon, 25 Jun 2018 19:20:04 +0000 (13:20 -0600)]
RFC 2849 specifies whitespace as the space character only so replace
tabs with spaces. Bug #840

6 years agoFix typo; bug #839
Todd C. Miller [Mon, 25 Jun 2018 18:51:41 +0000 (12:51 -0600)]
Fix typo; bug #839

6 years agoShould no longer need to set max_groups.
Todd C. Miller [Sat, 16 Jun 2018 17:32:14 +0000 (11:32 -0600)]
Should no longer need to set max_groups.

6 years agoUse new sudo_getgrouplist2() function instead of getgrouplist().
Todd C. Miller [Fri, 15 Jun 2018 20:05:14 +0000 (14:05 -0600)]
Use new sudo_getgrouplist2() function instead of getgrouplist().

6 years agoAdd sudo_getgrouplist2() to dynamically allocate the group vector.
Todd C. Miller [Fri, 15 Jun 2018 20:05:13 +0000 (14:05 -0600)]
Add sudo_getgrouplist2() to dynamically allocate the group vector.
This allows us to avoid repeatedly calling getgrouplist() with
a statically sized vector on macOS, Solaris, HP-UX, and AIX.

6 years agoFix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID 186605.
Todd C. Miller [Fri, 15 Jun 2018 19:31:58 +0000 (13:31 -0600)]
Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit.  Coverity CID 186605.

6 years agoFix some issues pointed out by mandoc -Tlint
Todd C. Miller [Wed, 13 Jun 2018 17:19:35 +0000 (11:19 -0600)]
Fix some issues pointed out by mandoc -Tlint

6 years agoAdd SUDO_CONV_PREFER_TTY flag for conversation function to tell
Todd C. Miller [Wed, 13 Jun 2018 17:19:33 +0000 (11:19 -0600)]
Add SUDO_CONV_PREFER_TTY flag for conversation function to tell
sudo to try writing to /dev/tty first.  Can be used in conjunction
with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.

6 years agoUpdate for arc4random.c, arc4random_uniform.c and getentropy.c
Todd C. Miller [Fri, 8 Jun 2018 12:32:02 +0000 (06:32 -0600)]
Update for arc4random.c, arc4random_uniform.c and getentropy.c

6 years agoFreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell
Todd C. Miller [Tue, 5 Jun 2018 21:37:16 +0000 (15:37 -0600)]
FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell
process.  Since we've prevented execve() from succeeding this is
the error we get back from wordexp() on FreeBSD.

6 years agoFix conversion of usec to nsec; from Scott Cheloha
Todd C. Miller [Tue, 5 Jun 2018 02:00:41 +0000 (20:00 -0600)]
Fix conversion of usec to nsec; from Scott Cheloha

6 years agoFix typo.
Todd C. Miller [Sat, 2 Jun 2018 03:15:57 +0000 (21:15 -0600)]
Fix typo.

6 years agoThe getdefs() function now get called multiple times so use the
Todd C. Miller [Tue, 29 May 2018 16:53:47 +0000 (10:53 -0600)]
The getdefs() function now get called multiple times so use the
cached data if present.

6 years agoReturn an empty defaults list, not NULL if there is no global sudoers
Todd C. Miller [Tue, 29 May 2018 16:24:57 +0000 (10:24 -0600)]
Return an empty defaults list, not NULL if there is no global sudoers
defaults entry in sss.

6 years agoFix memory leak of handle pointer on close.
Todd C. Miller [Tue, 29 May 2018 16:10:20 +0000 (10:10 -0600)]
Fix memory leak of handle pointer on close.

6 years agoRemove a needless copy when parsing options.
Todd C. Miller [Tue, 29 May 2018 15:39:42 +0000 (09:39 -0600)]
Remove a needless copy when parsing options.

6 years agoMove cached userspecs and defaults into the handle object.
Todd C. Miller [Tue, 29 May 2018 15:39:40 +0000 (09:39 -0600)]
Move cached userspecs and defaults into the handle object.

6 years agoQuiet a clang analyzer warning. It should not be possible for
Todd C. Miller [Mon, 28 May 2018 14:30:57 +0000 (08:30 -0600)]
Quiet a clang analyzer warning.  It should not be possible for
pop_include() to be called when YY_CURRENT_BUFFER is NULL.

6 years agoReorder things to avoid the need to declare static functions.
Todd C. Miller [Mon, 28 May 2018 13:35:51 +0000 (07:35 -0600)]
Reorder things to avoid the need to declare static functions.

6 years agoUse arc4random for mkstemp() and insults.
Todd C. Miller [Fri, 25 May 2018 03:04:23 +0000 (21:04 -0600)]
Use arc4random for mkstemp() and insults.

6 years agoImport arc4random() from libressl. This takes an all-in-one approach
Todd C. Miller [Fri, 25 May 2018 03:04:23 +0000 (21:04 -0600)]
Import arc4random() from libressl.  This takes an all-in-one approach
instead of the one-file-per-OS approach that libressl takes.
The fallback code does not have as many OS-specific bits as libressl.

6 years agoMove digest code into libutil
Todd C. Miller [Fri, 25 May 2018 03:04:07 +0000 (21:04 -0600)]
Move digest code into libutil

6 years agoCheck for invalid bas64 attributes.
Todd C. Miller [Sun, 20 May 2018 14:09:25 +0000 (08:09 -0600)]
Check for invalid bas64 attributes.

6 years agoFix pointer sign warnings.
Todd C. Miller [Sun, 20 May 2018 13:42:54 +0000 (07:42 -0600)]
Fix pointer sign warnings.

6 years agoAdd missing variable declaration for SELinux and Solaris.
Todd C. Miller [Sun, 20 May 2018 13:36:46 +0000 (07:36 -0600)]
Add missing variable declaration for SELinux and Solaris.

6 years agoHandle empty string and treat it as safe.
Todd C. Miller [Sun, 20 May 2018 13:36:00 +0000 (07:36 -0600)]
Handle empty string and treat it as safe.

6 years agoAdd support for base64-encoding non-safe strings in LDIF output.
Todd C. Miller [Sun, 20 May 2018 13:01:26 +0000 (07:01 -0600)]
Add support for base64-encoding non-safe strings in LDIF output.

6 years agoAdd base64_encode() by Jon Mayo.
Todd C. Miller [Sun, 20 May 2018 01:03:47 +0000 (19:03 -0600)]
Add base64_encode() by Jon Mayo.

6 years agoAdd support for parsing base64-encoded attributes
Todd C. Miller [Fri, 18 May 2018 16:11:51 +0000 (10:11 -0600)]
Add support for parsing base64-encoded attributes

6 years agorfc2253 says we need to escape " and leading and trailing space.
Todd C. Miller [Thu, 17 May 2018 17:16:44 +0000 (11:16 -0600)]
rfc2253 says we need to escape " and leading and trailing space.

6 years agoDefine ZLIB_CONST so we get the const version of the API.
Todd C. Miller [Thu, 17 May 2018 15:31:48 +0000 (09:31 -0600)]
Define ZLIB_CONST so we get the const version of the API.

6 years agoFix logic inversion when handing the authenticate Defaults option
Todd C. Miller [Wed, 16 May 2018 18:14:14 +0000 (12:14 -0600)]
Fix logic inversion when handing the authenticate Defaults option
for "sudo -l" and "sudo -v" in long list mode.

6 years agoSet handle->pw before sss_to_sudoers() since sss_check_user()
Todd C. Miller [Wed, 16 May 2018 16:48:50 +0000 (10:48 -0600)]
Set handle->pw before sss_to_sudoers() since sss_check_user()
uses it.  Coverity CID 185651

6 years agoFix memory leak on error, CID 185602
Todd C. Miller [Wed, 16 May 2018 16:45:00 +0000 (10:45 -0600)]
Fix memory leak on error, CID 185602

6 years agoSome ldap_get_values_len -> sudo_ldap_get_values_len that were
Todd C. Miller [Wed, 16 May 2018 16:37:15 +0000 (10:37 -0600)]
Some ldap_get_values_len -> sudo_ldap_get_values_len that were
missed before.

6 years agoWhen building up the cmndspec, add the actual command member last.
Todd C. Miller [Wed, 16 May 2018 16:27:28 +0000 (10:27 -0600)]
When building up the cmndspec, add the actual command member last.
This simplifies the logic regarding the SETENV tag and alsomakes
"out of memory" cleanup simpler.

6 years agoFix format string mismatch, sudo_order is unsigned.
Todd C. Miller [Wed, 16 May 2018 16:15:15 +0000 (10:15 -0600)]
Fix format string mismatch, sudo_order is unsigned.