Merge sudo 1.9.15 from tip.

--HG--
branch : 1.9

Author: millert

.circleci/config.yml

@@ -4,6 +4,10 @@ jobs:
   build_linux:
     description: Configure, build and package sudo (Linux)
     parameters:
+      krb5:
+        description: if true, build sudo's Kerberos V support
+        default: false
+        type: boolean
       ldap:
         description: if true, build sudo's LDAP support
         default: false
@@ -31,7 +35,7 @@ jobs:
       - checkout
       - run:
           name: "Building and packaging sudo (Linux)"
-          command: ./scripts/mkpkg <<# parameters.ldap >>--flavor=ldap --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu <</ parameters.ldap >><<# parameters.wolfssl >>--enable-wolfssl <</ parameters.wolfssl >><<^ parameters.logsrvd >>--disable-log-server --disable-log-client <</ parameters.logsrvd >><<^ parameters.intercept >>--disable-intercept <</ parameters.intercept >><<# parameters.static_sudoers >>--enable-static-sudoers <</ parameters.static_sudoers >>--enable-warnings --enable-werror --enable-sanitizer
+          command: ./scripts/mkpkg <<# parameters.krb5 >>--without-pam --with-kerb5 <</ parameters.krb5 >><<# parameters.ldap >>--flavor=ldap --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu <</ parameters.ldap >><<# parameters.wolfssl >>--enable-wolfssl <</ parameters.wolfssl >><<^ parameters.logsrvd >>--disable-log-server --disable-log-client <</ parameters.logsrvd >><<^ parameters.intercept >>--disable-intercept <</ parameters.intercept >><<# parameters.static_sudoers >>--enable-static-sudoers <</ parameters.static_sudoers >>--enable-warnings --enable-werror --enable-sanitizer
       # Save workspace for subsequent jobs (i.e. test)
       - persist_to_workspace:
           root: .
@@ -56,7 +60,7 @@ jobs:
   build_macos:
     description: Configure, build and package sudo (macOS)
     macos:
-      xcode: 13.4.1 # indicate our selected version of Xcode
+      xcode: 14.2.0 # indicate our selected version of Xcode
     steps:
       - checkout
       - run:
@@ -70,7 +74,7 @@ jobs:
   test_macos:
     description: run sudo tests in a pre-built workspace (macOS)
     macos:
-      xcode: 13.2.1 # indicate our selected version of Xcode
+      xcode: 14.2.0 # indicate our selected version of Xcode
     steps:
       # Reuse the workspace from the build job
       - attach_workspace:
@@ -84,6 +88,12 @@ workflows:
   version: 2
   build_and_test:
     jobs:
+      - build_linux:
+          name: build-linux-krb5
+          krb5: true
+          filters:
+            branches:
+              only: main
       - build_linux:
           name: build-linux-ldap
           ldap: true
@@ -119,6 +129,10 @@ workflows:
           filters:
             branches:
               only: main
+      - test_linux:
+          name: test-linux-krb5
+          requires:
+            - build-linux-krb5
       - test_linux:
           name: test-linux-ldap
           requires:

.gitignore

@@ -79,6 +79,7 @@ plugins/sudoers/sudoers
 plugins/sudoers/sudoreplay
 plugins/sudoers/testsudoers
 plugins/sudoers/tsdump
+plugins/sudoers/tsgetusershell.c
 plugins/sudoers/visudo
 plugins/sudoers/prologue
 plugins/sudoers/check_[a-z]*

.hgignore

@@ -67,7 +67,7 @@ Makefile$
 ^logsrvd/fuzz_logsrvd_conf$
 ^logsrvd/logsrvd_conf_test$
 
-^plugins/sudoers/(cvtsudoers|sudoers|sudoreplay|testsudoers|tsdump|visudo|prologue|check_[a-z0-9_]+)$
+^plugins/sudoers/(cvtsudoers|sudoers|sudoreplay|testsudoers|tsdump|tsgetusershell\.c|visudo|prologue|check_[a-z0-9_]+)$
 ^plugins/sudoers/fuzz_(policy|sudoers(_ldif)?)$
 ^plugins/sudoers/.*\.(out|toke|err|json|ldif|sudo|ldif2sudo)$
 ^plugins/sudoers/regress/harness

INSTALL.md

@@ -434,24 +434,30 @@ Defaults are listed in brackets after the description.
         This is also used to support the "log_subcmds" sudoers
         setting.  For example, this means that for a shell run
         through sudo, the individual commands run by the shell are
-        also subject to rules in the sudoers file.  See the
-        "Preventing Shell Escapes" section in the sudoers man page
-        for details.  If specified, PATH should be a fully qualified
-        path name, e.g.  /usr/local/libexec/sudo/sudo_intercept.so.
-        If PATH is "no", intercept support will not be compiled in.
-        The default is to compile intercept support if libtool
-        supports building shared objects on your system.
+        also subject to rules in the sudoers file.  See the "Preventing
+        Shell Escapes" section in the sudoers man page for details.
+        If specified, PATH should either be a fully-qualified path
+        name such as /usr/local/libexec/sudo/sudo_intercept.so, or,
+        for AIX and Solaris systems, it may optionally be set to a
+        32-bit shared library followed by a 64-bit shared library,
+        separated by a colon.  If PATH is "no", intercept support
+        will not be compiled in.  The default is to compile intercept
+        support if libtool supports building shared objects on your
+        system.
 
     --with-noexec[=PATH]
         Enable support for the "noexec" functionality which prevents
         a dynamically-linked program being run by sudo from executing
         another program (think shell escapes).  See the "Preventing
         Shell Escapes" section in the sudoers man page for details.
-        If specified, PATH should be a fully qualified path name,
-        e.g. /usr/local/libexec/sudo/sudo_noexec.so.  If PATH is
-        "no", noexec support will not be compiled in.  The default
-        is to compile noexec support if libtool supports building
-        shared objects on your system.
+        If specified, PATH should either be a fully-qualified path
+        name such as /usr/local/libexec/sudo/sudo_noexec.so, or,
+        for AIX and Solaris systems, it may optionally be set to a
+        32-bit shared library followed by a 64-bit shared library,
+        separated by a colon.  If PATH is "no", noexec support
+        will not be compiled in.  The default is to compile noexec
+        support if libtool supports building shared objects on your
+        system.
 
     --with-selinux
         Enable support for role based access control (RBAC) on systems
@@ -703,6 +709,11 @@ Defaults are listed in brackets after the description.
         enables extra checks to make sure the environment does not
         become corrupted.
 
+    --enable-postinstall=PATH
+        Enable the use of a postinstall script that is run after
+        the "install" target but before packages as built as part
+        of the "package" target.
+
     --enable-warnings
         Enable compiler warnings when building sudo with gcc or clang.
 
@@ -836,7 +847,7 @@ Defaults are listed in brackets after the description.
         Sudoers option: exempt_group
 
     --with-fqdn
-        Define this if you want to put fully qualified host names in the sudoers
+        Define this if you want to put fully-qualified host names in the sudoers
         file.  Ie: instead of myhost you would use myhost.mydomain.edu.  You may
         still use the short form if you wish (and even mix the two).  Beware
         that turning FQDN on requires sudo to make DNS lookups which may make

MANIFEST

@@ -110,6 +110,7 @@ include/sudo_lbuf.h
 include/sudo_plugin.h
 include/sudo_queue.h
 include/sudo_rand.h
+include/sudo_ssl_compat.h
 include/sudo_util.h
 lib/eventlog/Makefile.in
 lib/eventlog/eventlog.c
@@ -227,6 +228,8 @@ lib/logsrv/log_server.pb-c.c
 lib/logsrv/log_server.proto
 lib/protobuf-c/Makefile.in
 lib/protobuf-c/protobuf-c.c
+lib/ssl_compat/Makefile.in
+lib/ssl_compat/ssl_compat.c
 lib/util/Makefile.in
 lib/util/aix.c
 lib/util/arc4random.c
@@ -452,6 +455,7 @@ m4/ax_check_compile_flag.m4
 m4/ax_check_link_flag.m4
 m4/ax_func_getaddrinfo.m4
 m4/ax_func_snprintf.m4
+m4/ax_gcc_builtin.m4
 m4/ax_prog_cc_for_build.m4
 m4/gettext.m4
 m4/hardening.m4
@@ -616,8 +620,8 @@ plugins/sudoers/bsm_audit.c
 plugins/sudoers/bsm_audit.h
 plugins/sudoers/canon_path.c
 plugins/sudoers/check.c
-plugins/sudoers/check.h
 plugins/sudoers/check_aliases.c
+plugins/sudoers/check_util.c
 plugins/sudoers/cvtsudoers.c
 plugins/sudoers/cvtsudoers.h
 plugins/sudoers/cvtsudoers_csv.c
@@ -631,6 +635,7 @@ plugins/sudoers/def_data.in
 plugins/sudoers/defaults.c
 plugins/sudoers/defaults.h
 plugins/sudoers/digestname.c
+plugins/sudoers/display.c
 plugins/sudoers/editor.c
 plugins/sudoers/env.c
 plugins/sudoers/env_pattern.c
@@ -671,15 +676,17 @@ plugins/sudoers/log_client.c
 plugins/sudoers/log_client.h
 plugins/sudoers/logging.c
 plugins/sudoers/logging.h
+plugins/sudoers/lookup.c
 plugins/sudoers/match.c
 plugins/sudoers/match_addr.c
 plugins/sudoers/match_command.c
 plugins/sudoers/match_digest.c
 plugins/sudoers/mkdefaults
-plugins/sudoers/parse.c
 plugins/sudoers/parse.h
 plugins/sudoers/parse_ldif.c
+plugins/sudoers/parser_warnx.c
 plugins/sudoers/pivot.c
+plugins/sudoers/pivot.h
 plugins/sudoers/po/README
 plugins/sudoers/po/ast.mo
 plugins/sudoers/po/ast.po
@@ -1087,8 +1094,24 @@ plugins/sudoers/regress/testsudoers/test22.out.ok
 plugins/sudoers/regress/testsudoers/test22.sh
 plugins/sudoers/regress/testsudoers/test23.out.ok
 plugins/sudoers/regress/testsudoers/test23.sh
+plugins/sudoers/regress/testsudoers/test24.out.ok
+plugins/sudoers/regress/testsudoers/test24.sh
+plugins/sudoers/regress/testsudoers/test25.out.ok
+plugins/sudoers/regress/testsudoers/test25.sh
+plugins/sudoers/regress/testsudoers/test26.out.ok
+plugins/sudoers/regress/testsudoers/test26.sh
+plugins/sudoers/regress/testsudoers/test27.out.ok
+plugins/sudoers/regress/testsudoers/test27.sh
+plugins/sudoers/regress/testsudoers/test28.out.ok
+plugins/sudoers/regress/testsudoers/test28.sh
+plugins/sudoers/regress/testsudoers/test29.out.ok
+plugins/sudoers/regress/testsudoers/test29.sh
 plugins/sudoers/regress/testsudoers/test3.out.ok
 plugins/sudoers/regress/testsudoers/test3.sh
+plugins/sudoers/regress/testsudoers/test30.out.ok
+plugins/sudoers/regress/testsudoers/test30.sh
+plugins/sudoers/regress/testsudoers/test31.out.ok
+plugins/sudoers/regress/testsudoers/test31.sh
 plugins/sudoers/regress/testsudoers/test4.out.ok
 plugins/sudoers/regress/testsudoers/test4.sh
 plugins/sudoers/regress/testsudoers/test5.out.ok
@@ -1125,8 +1148,10 @@ plugins/sudoers/regress/visudo/test8.out.ok
 plugins/sudoers/regress/visudo/test8.sh
 plugins/sudoers/regress/visudo/test9.out.ok
 plugins/sudoers/regress/visudo/test9.sh
+plugins/sudoers/resolve_cmnd.c
 plugins/sudoers/serialize_list.c
 plugins/sudoers/set_perms.c
+plugins/sudoers/sethost.c
 plugins/sudoers/solaris_audit.c
 plugins/sudoers/solaris_audit.h
 plugins/sudoers/sssd.c
@@ -1145,15 +1170,19 @@ plugins/sudoers/sudoers.c
 plugins/sudoers/sudoers.exp
 plugins/sudoers/sudoers.h
 plugins/sudoers/sudoers.in
+plugins/sudoers/sudoers_cb.c
+plugins/sudoers/sudoers_ctx_free.c
 plugins/sudoers/sudoers_debug.c
 plugins/sudoers/sudoers_debug.h
 plugins/sudoers/sudoers_hooks.c
 plugins/sudoers/sudoers_version.h
 plugins/sudoers/sudoreplay.c
 plugins/sudoers/testsudoers.c
 plugins/sudoers/testsudoers_pwutil.c
+plugins/sudoers/testsudoers_pwutil.h
 plugins/sudoers/timeout.c
 plugins/sudoers/timestamp.c
+plugins/sudoers/timestamp.h
 plugins/sudoers/timestr.c
 plugins/sudoers/toke.c
 plugins/sudoers/toke.h
@@ -1164,6 +1193,7 @@ plugins/sudoers/tsgetgrpw.c
 plugins/sudoers/tsgetgrpw.h
 plugins/sudoers/unesc_str.c
 plugins/sudoers/visudo.c
+plugins/sudoers/visudo_cb.c
 plugins/system_group/Makefile.in
 plugins/system_group/system_group.c
 plugins/system_group/system_group.exp
@@ -1198,6 +1228,8 @@ po/hr.mo
 po/hr.po
 po/hu.mo
 po/hu.po
+po/id.mo
+po/id.po
 po/it.mo
 po/it.po
 po/ja.mo

Makefile.in

@@ -57,9 +57,10 @@ shlib_mode = @SHLIB_MODE@
 python_version = @PYTHON_VERSION@
 
 SUBDIRS = lib/util @ZLIB_SRC@ lib/eventlog lib/fuzzstub lib/iolog \
-	  lib/protobuf-c @LOGSRV_SRC@ @LOGSRVD_SRC@ plugins/audit_json \
-	  plugins/group_file plugins/sudoers plugins/system_group \
-	  @PYTHON_PLUGIN_SRC@ src include docs examples
+	  lib/protobuf-c @SSL_COMPAT_SRC@ @LOGSRV_SRC@ @LOGSRVD_SRC@ \
+	  plugins/audit_json plugins/group_file plugins/sudoers \
+	  plugins/system_group @PYTHON_PLUGIN_SRC@ src include \
+	  docs examples
 
 SAMPLES = plugins/sample plugins/sample_approval
 
@@ -193,6 +194,9 @@ install: config.status ChangeLog pre-install install-nls
 	    exit $$?; \
 	done
 
+postinstall:
+	@POSTINSTALL@
+
 uninstall: uninstall-nls
 	for d in $(SUBDIRS); do \
 	    (cd $$d && exec $(MAKE) $@) && continue; \
@@ -208,7 +212,10 @@ uninstall-nls:
 siglist.c signame.c:
 	cd lib/util && exec $(MAKE) $@
 
-depend: siglist.c signame.c
+tsgetusershell.c:
+	cd plugins/sudoers && exec $(MAKE) $@
+
+depend: siglist.c signame.c tsgetusershell.c
 	$(scriptdir)/mkdep.pl \
 	    --srcdir=$(abs_top_srcdir) --builddir=$(abs_top_builddir) \
 	    lib/util/Makefile.in lib/zlib/Makefile.in \
@@ -394,6 +401,7 @@ force-dist: ChangeLog $(srcdir)/MANIFEST
 package: @PPFILES@
 	DESTDIR=$(abs_top_builddir)/destdir; rm -rf $$DESTDIR; \
 	$(MAKE) install INSTALL_OWNER= DESTDIR=$$DESTDIR && \
+	$(MAKE) postinstall INSTALL_OWNER= DESTDIR=$$DESTDIR && \
 	for p in @PPFILES@; do \
 	    $(SHELL) $(scriptdir)/pp $(PPFLAGS) --destdir=$$DESTDIR $$p \
 		srcdir=$(top_srcdir) \