isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,132 Commits 1 Branch 0 Tags
0123cf63f1ba9a043689a68fcbc79d94b47e7a5d
Commit Graph

1645 Commits

Author SHA1 Message Date
Todd C. Miller
290dafda3b Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas 2015-12-10 17:14:56 -07:00
Todd C. Miller
d46d0fbc6f When parsing sudoOptions that include an operator (!, +, +=, -=) 
strip out any whitespace on either side of the operator.
 2015-12-09 14:57:33 -07:00
Todd C. Miller
e2add4ae20 Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. 2015-12-08 15:06:00 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
604d350344 Use size_t for length parameters in the fill functions used by the 
lexer.
 2015-11-22 09:22:38 -07:00
Todd C. Miller
90e6bf3180 Use yy_size_t for digest_len since newer flex uses yy_size_t for 
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.
 2015-11-22 09:19:12 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00
Todd C. Miller
9c0354730a When preserving variables from the invoking user's environment, if 
there are duplicates only keep the first instance.
 2015-11-20 09:55:18 -07:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
c6dad0001d Avoid compilation error on Solaris 10 with Stun Studio 12. 
Bug #727
 2015-11-01 15:08:50 -07:00
Todd C. Miller
c752d91a3c sync with translationproject.org 2015-10-31 17:33:51 -06:00
Todd C. Miller
a012fba17e sync with translationproject.org 2015-10-30 10:20:47 -06:00
Todd C. Miller
202dd1ccf5 regen 2015-10-24 06:27:55 -06:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
2afb2f2048 Repair challenge/response prompting for BSD authentication which 
got broken while it was converted to use the conversation function.
 2015-10-06 15:00:47 -06:00
Todd C. Miller
2ecda6d65c Use the auth_getpass (and the plugin conversation fuction) for Tru64 
SIA.  This prevents sudo from sleeping while holding the tty ticket
lock.
 2015-10-06 10:25:53 -06:00
Todd C. Miller
588460405f For env_reset, SHELL should be set based on the target user, not 
the invoking user unless preserved via env_keep.
 2015-10-06 10:25:43 -06:00
Todd C. Miller
e21a5a1cf2 sync with translationproject.org 2015-10-06 09:33:27 -06:00
Todd C. Miller
4c7431ecb4 Add new Slovak and Hungarian translations from translationproject.org 2015-10-05 06:03:42 -06:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
3f883a80a5 rebuild .mo files 2015-09-30 14:04:39 -06:00
Todd C. Miller
f98b2b260b sync with translationproject.org 2015-09-30 14:04:17 -06:00
Todd C. Miller
29a3fcd06c If some, but not all, of the LOGNAME, USER or USERNAME environment 
variables have been preserved from the invoking user's environment,
sudo will now use the preserved value to set the remaining variables
instead of using the runas user.  This ensures that if, for example,
only LOGNAME is present in the env_keep list, that sudo will not
set USER and USERNAME to the runas user.
 2015-09-25 11:15:22 -06:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
118680eabf Cast sizeof(entry) to off_t before making it a negative offset for 
lseek().  Fixes "sudo -k" on Solaris and probably others.
 2015-09-24 10:52:44 -06:00
Todd C. Miller
80673750cf sync with translationproject.org 2015-09-21 15:18:04 -06:00
Todd C. Miller
0cfce655bd Fix potential double free of the cookie when sudo is suspended at 
the password prompt.
 2015-09-21 15:07:00 -06:00
Todd C. Miller
71d0246322 sync with translationproject.org 2015-09-16 09:53:43 -06:00
Todd C. Miller
51c2ef7ae6 sync with translationproject.org 2015-09-15 14:04:43 -06:00
Todd C. Miller
b6cb1b65c9 We reserved two slots at the end of the editor argv for the line 
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.
 2015-09-15 09:29:40 -06:00
Todd C. Miller
9ff93c307b Sync with translationproject.org 2015-09-10 14:30:57 -06:00
Todd C. Miller
4132f184ef regen 2015-09-10 14:30:02 -06:00
Todd C. Miller
edfeee6a7a No need to have version macros for hooks, callbacks and the sudoers 
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.
 2015-09-09 14:56:52 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
9dedc65a7f Avoid touching the time stamp directory for "sudo -k command" 2015-09-07 06:06:08 -06:00
Todd C. Miller
69050f9345 Bring back the check for time stamp files that predate the boot 
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0487b6da9d Adjust new locking to work when tty_tickets is disabled. We need 
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
bfb1cead60 When decoding base64, avoid using '=' in the decoded temporary array 
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
 2015-09-01 10:24:59 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00