merge sudo 1.9.4p1 from tip

--HG--
branch : 1.9

Author: millert

NEWS

@@ -1,3 +1,35 @@
+What's new in Sudo 1.9.4p1
+
+ * Sudo on macOS now supports users with more than 16 groups without
+   needing to set "group_source" to "dynamic" in /etc/sudo.conf.
+   Previously, only the first 15 were used when matching group-based
+   rules in sudoers.  Bug #946.
+
+ * Fixed a regression introduced in version 1.9.4 where sudo would
+   not build when configured using the --without-sendmail option.
+   Bug #947.
+
+ * Fixed a problem where if I/O logging was disabled and sudo was
+   unable to connect to sudo_logsrvd, the command would still be
+   allowed to run even when the "ignore_logfile_errors" sudoers
+   option was enabled.
+
+ * Fixed a crash introduced in version 1.9.4 when attempting to run
+   a command as a non-existent user.  Bug #948.
+
+ * The installed sudo.conf file now has the default sudoers Plugin
+   lines commented out.  This fixes a potential conflict when there
+   is both a system-installed version of sudo and a user-installed
+   version.  GitHub issue #75.
+
+ * Fixed a regression introduced in sudo 1.9.4 where sudo would run
+   the command as a child process even when a pseudo-terminal was
+   not in use and the "pam_session" and "pam_setcred" options were
+   disabled.  GitHub issue #76.
+
+ * Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
+   sudoers option could not be set to a value of 3.  Bug #950.
+
 What's new in Sudo 1.9.4
 
  * The sudoers parser will now detect when an upper-case reserved
@@ -18,7 +50,7 @@ What's new in Sudo 1.9.4
    the sudoers plugin.
 
  * JSON log entries sent to syslog now use "minimal" JSON which
-   skips all non-essention whitespace.
+   skips all non-essential white space.
 
  * The sudoers plugin can now produce JSON-formatted logs.  The
    "log_format" sudoers option can be used to select sudo or json

config.h.in

@@ -1371,6 +1371,11 @@
 # undef _LINUX_SOURCE_COMPAT
 #endif
 
+/* Enable unlimited getgroups(2) support on macOS. */
+#ifndef _DARWIN_UNLIMITED_GETGROUPS
+# undef _DARWIN_UNLIMITED_GETGROUPS
+#endif
+
 /* Enable prototypes in GCC fixed includes on older systems.  */
 #ifndef __USE_FIXED_PROTOTYPES__
 # undef __USE_FIXED_PROTOTYPES__

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.9.4.
+# Generated by GNU Autoconf 2.69 for sudo 1.9.4p1.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.4'
-PACKAGE_STRING='sudo 1.9.4'
+PACKAGE_VERSION='1.9.4p1'
+PACKAGE_STRING='sudo 1.9.4p1'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1584,7 +1584,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.4 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.4p1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1650,7 +1650,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.4:";;
+     short | recursive ) echo "Configuration of sudo 1.9.4p1:";;
    esac
   cat <<\_ACEOF
 
@@ -1924,7 +1924,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.4
+sudo configure 1.9.4p1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2633,7 +2633,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.4, which was
+It was created by sudo $as_me 1.9.4p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -16183,6 +16183,10 @@ fi
 done
 
 
+		# macOS >= 10.6 getgroups(2) can support more than > 16 groups
+		$as_echo "#define _DARWIN_UNLIMITED_GETGROUPS 1" >>confdefs.h
+
+
 		# We need to force a flat namespace to make libc
 		# symbol hooking work like it does on ELF.
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-force_flat_namespace" >&5
@@ -28751,7 +28755,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.4, which was
+This file was extended by sudo $as_me 1.9.4p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28817,7 +28821,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.9.4
+sudo config.status 1.9.4p1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.9.4], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.4p1], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl
@@ -2292,6 +2292,9 @@ case "$host" in
 		# Undocumented API that dynamically allocates the groups.
 		AC_CHECK_FUNCS([getgrouplist_2], [AC_CHECK_DECLS([getgrouplist_2])])
 
+		# macOS >= 10.6 getgroups(2) can support more than > 16 groups
+		AC_DEFINE([_DARWIN_UNLIMITED_GETGROUPS])
+
 		# We need to force a flat namespace to make libc
 		# symbol hooking work like it does on ELF.
 		AX_CHECK_LINK_FLAG([-Wl,-force_flat_namespace], [AX_APPEND_FLAG([-Wl,-force_flat_namespace], [SUDO_LDFLAGS])])
@@ -5019,6 +5022,11 @@ AH_BOTTOM([/* Symbol visibility controls */
 # undef _LINUX_SOURCE_COMPAT
 #endif
 
+/* Enable unlimited getgroups(2) support on macOS. */
+#ifndef _DARWIN_UNLIMITED_GETGROUPS
+# undef _DARWIN_UNLIMITED_GETGROUPS
+#endif
+
 /* Enable prototypes in GCC fixed includes on older systems.  */
 #ifndef __USE_FIXED_PROTOTYPES__
 # undef __USE_FIXED_PROTOTYPES__

doc/sudo.conf.man.in

@@ -17,7 +17,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.TH "SUDO.CONF" "@mansectform@" "October 30, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO.CONF" "@mansectform@" "December 5, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -708,9 +708,9 @@ front end configuration
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy sudoers.so
+#Plugin sudoers_io sudoers.so
+#Plugin sudoers_audit sudoers.so
 
 #
 # Sudo askpass:

doc/sudo.conf.mdoc.in

@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.Dd October 30, 2020
+.Dd December 5, 2020
 .Dt SUDO.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -642,9 +642,9 @@ front end configuration
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy sudoers.so
+#Plugin sudoers_io sudoers.so
+#Plugin sudoers_audit sudoers.so
 
 #
 # Sudo askpass:

doc/sudoers.man.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "October 30, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "December 11, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -3049,7 +3049,9 @@ If
 \fIpam_setcred\fR,
 and
 \fIuse_pty\fR
-are disabled and I/O logging has not been configured,
+are disabled,
+\fIlog_servers\fR
+has not been set and I/O logging has not been configured,
 \fBsudo\fR
 will execute the command directly instead of running it as a child
 process.
@@ -3070,7 +3072,9 @@ If
 \fIpam_setcred\fR,
 and
 \fIuse_pty\fR
-are disabled and I/O logging has not been configured,
+are disabled,
+\fIlog_servers\fR
+has not been set and I/O logging has not been configured,
 \fBsudo\fR
 will execute the command directly instead of running it as a child
 process.

doc/sudoers.mdoc.in

@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd October 30, 2020
+.Dd December 11, 2020
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -2874,7 +2874,9 @@ If
 .Em pam_setcred ,
 and
 .Em use_pty
-are disabled and I/O logging has not been configured,
+are disabled,
+.Em log_servers
+has not been set and I/O logging has not been configured,
 .Nm sudo
 will execute the command directly instead of running it as a child
 process.
@@ -2894,7 +2896,9 @@ If
 .Em pam_setcred ,
 and
 .Em use_pty
-are disabled and I/O logging has not been configured,
+are disabled,
+.Em log_servers
+has not been set and I/O logging has not been configured,
 .Nm sudo
 will execute the command directly instead of running it as a child
 process.

examples/sudo.conf.in

@@ -11,9 +11,9 @@
 # The plugin_options are optional.
 #
 # The sudoers plugin is used by default if no Plugin lines are present.
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-Plugin sudoers_audit sudoers.so
+#Plugin sudoers_policy sudoers.so
+#Plugin sudoers_io sudoers.so
+#Plugin sudoers_audit sudoers.so
 
 #
 # Sudo askpass:

lib/eventlog/eventlog.c

@@ -78,7 +78,7 @@
 static FILE *eventlog_stub_open_log(int type, const char *logfile);
 static void eventlog_stub_close_log(int type, FILE *fp);
 
-/* Eventlog config settings */
+/* Eventlog config settings (default values). */
 static struct eventlog_config evl_conf = {
     EVLOG_NONE,			/* type */
     EVLOG_SUDO,			/* format */
@@ -91,7 +91,11 @@ static struct eventlog_config evl_conf = {
     false,			/* omit_hostname */
     _PATH_SUDO_LOGFILE,		/* logpath */
     "%h %e %T",			/* time_fmt */
+#ifdef _PATH_SUDO_SENDMAIL
     _PATH_SUDO_SENDMAIL,	/* mailerpath */
+#else
+    NULL,			/* mailerpath (disabled) */
+#endif
     "-t",			/* mailerflags */
     NULL,			/* mailfrom */
     MAILTO,			/* mailto */
@@ -191,8 +195,10 @@ new_logline(int flags, const char *message, const char *errstr,
     }
     if (evlog->command != NULL) {
 	len += sizeof(LL_CMND_STR) - 1 + strlen(evlog->command);
-	for (i = 1; evlog->argv[i] != NULL; i++)
-	    len += strlen(evlog->argv[i]) + 1;
+	if (evlog->argv != NULL) {
+	    for (i = 1; evlog->argv[i] != NULL; i++)
+		len += strlen(evlog->argv[i]) + 1;
+	}
     }
 
     /*
@@ -267,10 +273,12 @@ new_logline(int flags, const char *message, const char *errstr,
 	    goto toobig;
 	if (strlcat(line, evlog->command, len) >= len)
 	    goto toobig;
-	for (i = 1; evlog->argv[i] != NULL; i++) {
-	    if (strlcat(line, " ", len) >= len ||
-		strlcat(line, evlog->argv[i], len) >= len)
-		goto toobig;
+	if (evlog->argv != NULL) {
+	    for (i = 1; evlog->argv[i] != NULL; i++) {
+		if (strlcat(line, " ", len) >= len ||
+		    strlcat(line, evlog->argv[i], len) >= len)
+		    goto toobig;
+	    }
 	}
     }
 
@@ -1436,8 +1444,10 @@ eventlog_setconf(struct eventlog_config *conf)
 	evl_conf.logpath = _PATH_SUDO_LOGFILE;
     if (evl_conf.time_fmt == NULL)
 	evl_conf.time_fmt = "%h %e %T";
+#ifdef _PATH_SUDO_SENDMAIL
     if (evl_conf.mailerpath == NULL)
 	evl_conf.mailerpath = _PATH_SUDO_SENDMAIL;
+#endif
     if (evl_conf.mailerflags == NULL)
 	evl_conf.mailerflags = "-t";
     if (evl_conf.mailto == NULL)