Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
Otherwise it is possible to decrement the reference more than once.
bc82430a6f86ccaad80831c5c2e19fb67d1574b0 authored over 3 years ago by Todd C. Miller <[email protected]>The "log_server_verify" setting passed from the policy plugin was
applied to the "keepalive" opti...
This can be used to debug client problems such as a connection
not being closed as expected.
cefa72c6a6d0e4237894020ec9d784731ae9e3c6 authored over 3 years ago by Todd C. Miller <[email protected]>
This will make it possible to process completed journal files
periodically if the relay server is...
For an immediate relay we will close the connection when the client
disconnects (or there is a ti...
d883213f55c67b85fa8f0378fdae6b857eba333e authored over 3 years ago by Todd C. Miller <[email protected]>
d4bdc85d74934ca5dca1bd1bd8de030e73521290 authored over 3 years ago by Todd C. Miller <[email protected]>
ac878d3e271958f40e1e31b591dad83dd1e8681b authored over 3 years ago by Todd C. Miller <[email protected]>
84a01d3a935c161422cb4c5634396235355c14e7 authored over 3 years ago by Todd C. Miller <[email protected]>
More detailed error messages may be found in the debug log.
6d8942e82cf123e24e28e84289e685a2e5adc19d authored over 3 years ago by Todd C. Miller <[email protected]>e55991f2443525133bf33c145d31aecb46165d09 authored over 3 years ago by Todd C. Miller <[email protected]>
This got broken by some code rearrangement when relay mode was added.
f25275ad5b25c3502891e3a4fbe46692f72dff1f authored over 3 years ago by Todd C. Miller <[email protected]>The other end of the connection should perform a proper TLS shutdown
but as long as we are in the...
66c6edada205840e19dce8dfbd93b3bc3b816619 authored over 3 years ago by Todd C. Miller <[email protected]>
This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed...
Also add check_editor to sudoers "make check".
6907376ae93ffaf23a44a8b9efea4a3f7c4e14f2 authored over 3 years ago by Todd C. Miller <[email protected]>GitHub issue #99
5e5131dec3c30d5e768a4e59567232cb56dcd53a authored over 3 years ago by Todd C. Miller <[email protected]>d6d2e3488bffb14b82965924d5bc5b332d5489d2 authored over 3 years ago by Todd C. Miller <[email protected]>
Coverit CID 221401
a85c6b41a68714f55622d83c94b76c902b251546 authored over 3 years ago by Todd C. Miller <[email protected]>Coverity CID 221399
65a55497ec6df6934d5895b9b57a8898abe47278 authored over 3 years ago by Todd C. Miller <[email protected]>Coverity CID 221402
d9f0eba1faf11d108dccded942059cba09bc8cc5 authored over 3 years ago by Todd C. Miller <[email protected]>When relaying from a journal there will be no socket.
Coverity CID 221403
Coverity CID 221400
57b8122cf31a3fa5643044ceca302007600d8663 authored over 3 years ago by Todd C. Miller <[email protected]>Coverity CID 221397 and 221398
21641a27e4c2e0df196c7b24fed190e9ff5d2393 authored over 3 years ago by Todd C. Miller <[email protected]>This separats out the message handler from the functions that store
or relay the message contents.
Formats and enqueues an error message and enables the write event.
64ac63918eb8f80d40d36a79c0efc66d3c2679c4 authored over 3 years ago by Todd C. Miller <[email protected]>050e91f8d15bbbf3b31e31bc3bf823ab461d61a0 authored over 3 years ago by Todd C. Miller <[email protected]>
If the configuration changes it should not affect a connection that
is already in progress.
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will ...
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section. Also ad...
If SIGCHLD is ignored there is a race condition between when the
process is executed and when the...
b0a32fe738af5c20594e2f8320e72f64a83f63c9 authored over 3 years ago by Todd C. Miller <[email protected]>
Currently only used for RLIMIT_DATA and RLIMIT_AS.
This works around a problem on HP-UX where se...
6717415e7375d3af830a645c1087410432dcc107 authored over 3 years ago by Todd C. Miller <[email protected]>32f742389b310401c5004b1fdce7117e7a1c75e1 authored over 3 years ago by Todd C. Miller <[email protected]>
There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.
We always know the size of the data buffer we need at allocation time.
935daf6b7e1b1bd4fbdd5d8a7a6b2ddb78c17d4d authored over 3 years ago by Todd C. Miller <[email protected]>3dce67ec100e8885110fb4b625f8586fb66a7471 authored over 3 years ago by Todd C. Miller <[email protected]>
Also adjust debug tests so they pass on older python versions
7c2224584d163d179b8b69a84069f70576be3c4c authored over 3 years ago by Todd C. Miller <[email protected]>from upstream automake
5ffa915c9c36956f4cd7ca304e363d2060dc38a2 authored over 3 years ago by Todd C. Miller <[email protected]>Previously they were inline in aclocal.m4.
fbbf602664879993256b06c581d4b88c3d257c11 authored over 3 years ago by Todd C. Miller <[email protected]>Also move the HP-UX 11.00 pread(2) workaround into the section where
pread(2) is tested for, not ...
Otherwise we end up with weird paths for a prefix like /opt/sudo.
620b0dec86de8ca523faea95d0fdb88c7c9680ab authored over 3 years ago by Todd C. Miller <[email protected]>a1323ba43bfa169a8062426f1aa375bc57541de0 authored over 3 years ago by Todd C. Miller <[email protected]>
556b8f62cb42f07a44f3d836350434c2d2a31d13 authored over 3 years ago by Todd C. Miller <[email protected]>
Normally, mkpkg will figure this out, but if the user does "make
package" outside of the mkpkg sc...
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sud...
b8fda5b0a97099ccb017e143f8ecf5f71bc10c63 authored over 3 years ago by Todd C. Miller <[email protected]>
Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd itself).
Also fix linking fuzz_log...
e4e0e734b90dccda1223a131a8722e3ed464e236 authored over 3 years ago by Todd C. Miller <[email protected]>
ae77355eda796dd1510a53b81b4812d7fa53f386 authored over 3 years ago by Todd C. Miller <[email protected]>
TLS options in the relay section will be used if specified, otherwise
the TLS options from the se...
25d4dd8e6d09d37c663605ef76317cec90c509f3 authored over 3 years ago by Todd C. Miller <[email protected]>
Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configura...
9779996c3c6d9cfcace36736217f283f368cdcdc authored over 3 years ago by Todd C. Miller <[email protected]>
This way we get certificate errors at configuration time, not after.
It also means that a change ...
8f0c16f06ee93f14540d9c4203cc8c148bbe0048 authored over 3 years ago by Todd C. Miller <[email protected]>
Coverity CID 220564
c2909e20ee76529e374f277302ac45a6f6af48a3 authored over 3 years ago by Todd C. Miller <[email protected]>Not actually possible in practice. Coverity CID 220568.
394673cbf5db51c8cbbbd63252ad62eabfc9de80 authored over 3 years ago by Todd C. Miller <[email protected]>42865567d7acd8976f6c595c1e68dd355ab2665a authored over 3 years ago by Todd C. Miller <[email protected]>
52c29aa7a0f002ff5acd8587f6097efaa8727a48 authored over 3 years ago by Todd C. Miller <[email protected]>
It is the caller's responsibility to free resources on error.
Coverity CID 220557
Avoids a portability issue on systems where NULL is not a pointer.
a2e4f53642b9b4237937a7370473d12a4dedd97b authored over 3 years ago by Todd C. Miller <[email protected]>d92610ee437a037562917ae32dcbc0605262e213 authored over 3 years ago by Todd C. Miller <[email protected]>
5cb5a45bab478bf4e16364f719417129a96d0d56 authored over 3 years ago by Todd C. Miller <[email protected]>
Fixes a warning when sudo is not configured to use OpenSSL.
3f1a76cb83a89e35dc54da8e0f689dfd6fd95c9f authored over 3 years ago by Todd C. Miller <[email protected]>3aec794b75be726f4686ca05eba197fb7dcb6892 authored over 3 years ago by Todd C. Miller <[email protected]>
There is no longer a need to do anything in shutdown_cb() other
than break out of the event loop.
This will be used by the upcoming relay mode.
8101b23e544357e3c59e96920e360231f486bd1c authored over 3 years ago by Todd C. Miller <[email protected]>It will be used by sudo_logsrvd too.
2db9e642148e0f3eb683b5b9a666d8b42eeda455 authored over 3 years ago by Todd C. Miller <[email protected]>Also convert sa_str to ref counted string.
30f57bcdce3f2109f7c63c0e57104d834b64c6e3 authored over 3 years ago by Todd C. Miller <[email protected]>This allows it to be used by the relay code too.
343100307dc8537f6a3aa96368bc44a07cb8ef06 authored over 3 years ago by Todd C. Miller <[email protected]>533fcc3f02e0d3ea49b9d1c01804bf76901e2d2f authored over 3 years ago by Todd C. Miller <[email protected]>
ec52810c0b46586d298d41236065d96dcb54256b authored over 3 years ago by Todd C. Miller <[email protected]>
b1c4de2088365e1d24409d21d4df5c6a01dcdcea authored over 3 years ago by Todd C. Miller <[email protected]>
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
d60b8a791cf47237294192560921a4c8fce70ae1 authored over 3 years ago by Todd C. Miller <[email protected]>72c40ae0e164493dde6940efd1ed36c2e13414f2 authored over 3 years ago by Todd C. Miller <[email protected]>
This allows us to queue up multiple messages for writing like the
sudoers client supports. Curre...
Under normal circumstances the existing group list will match the
list fetched by sudo. However,...
Some of the macros deprecated in 2.70 are required by older versions.
For example, AC_PROG_CC now...
d4517e0a1c60749cc7eb0e8993dca4d02a5ddead authored over 3 years ago by Todd C. Miller <[email protected]>
Signed-off-by: Radovan Sroka <[email protected]>
c2a63690c8f78bf019a4e8295ff642aea272699e authored over 3 years ago by Radovan Sroka <[email protected]>Based on a patch from Dennis Filder. Bug #971.
28d65159ed2dd3fd4c7b880b6c48c7e46f105512 authored over 3 years ago by Todd C. Miller <[email protected]>Fixes a link error when sudo is configured with --disable-log-client.
8fa897d3ae8a2a783686924cebaedb8f04205b3a authored over 3 years ago by Todd C. Miller <[email protected]>Otherwise, we will call SSL_new with a freed SSL context.
Bug #970
Avoids a problem where the user gets an exclusive usage error message
when using a sudo-specific ...
Also add missing -B option to usage strings.
a4c710ccfdbd8d1e8af726ac6afe4ed3ca0feba7 authored over 3 years ago by Todd C. Miller <[email protected]>GitHub issue #95
b9a0c72fd1ffa668b2e725f01fce66e3a2c82b05 authored over 3 years ago by Todd C. Miller <[email protected]>Fixes a directory conflict with the AIX sudo rpm package.
Other deb/rpm packages were not affecte...
On OpenServer, SIOCGIFNUM is the number of network interfaces,
not the number of ifreq structs.
We need to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF
only returns IPv6 addresses.
00cdc83cb672afb3a2bab93bfe57552c9b60ea6b authored over 3 years ago by Todd C. Miller <[email protected]>
Now that we store the string version of the address before fetching
the netmask we can just re-us...
Gleaned from sendmail.
423e231229f7db9feeb3c9498508a1dfe45cfce1 authored over 3 years ago by Todd C. Miller <[email protected]>Still falls back to a loop if not but now maxes out at 2048
interfaces instead of potentially loo...
They were getting in the way of net_its.c simplification.
cf8feb2876762a24f0ee7b7991a7a53e7567537c authored over 3 years ago by Todd C. Miller <[email protected]>HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also...
06df3a1b47540318bfe4cfaf2f2c67b6282b467e authored over 3 years ago by Todd C. Miller <[email protected]>
009069115cfe7e2a39836053675bba121679480d authored over 3 years ago by Todd C. Miller <[email protected]>
977f238d35004beb1f78a5cb939c38f2dcc7afca authored over 3 years ago by Todd C. Miller <[email protected]>