isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,469 Commits 1 Branch 0 Tags
0181bf2c2358e6a3e81320eafcb3a9857d1b51fe
Commit Graph

8469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
0181bf2c23 update 2016-09-02 10:30:35 -06:00
Todd C. Miller
40d0ecc7d6 Don't disable large file support for Linux, just SVR4-style /proc. 
Otherwise, stat(2) may fail on Linux when running a 32-bit sudo
on a 64-bit machine.  Bug #755
 2016-09-02 08:05:07 -06:00
Todd C. Miller
5b86d2d298 Make sudo_parseln() flags hex to make it more obvious that they are 
bit flags.
 2016-09-01 14:36:24 -06:00
Todd C. Miller
881814c9f9 Don't try to support line continuation in /etc/environment. 2016-09-01 14:35:40 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
2a4ba64c84 Add flag to sudo_parseln() to disable line continuation support. 2016-09-01 10:50:39 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00
Todd C. Miller
04340eea60 If get_process_ttyname() fails for errno != ENOENT, just warn 
instead of making it a fatal error.  Bug #755
 2016-09-01 08:23:19 -06:00
Todd C. Miller
c9572db75a use strict 2016-08-31 14:33:24 -06:00
Todd C. Miller
7a54b49fc4 Define def_foo in terms of the I_FOO index instead of a bare number. 2016-08-31 14:27:40 -06:00
Todd C. Miller
8ee6f0d1de sync with translationproject.org 2016-08-31 12:31:27 -06:00
Todd C. Miller
dba28a945c Mention that match_group_by_gid has no effect when sudoers is stored 
in LDAP.
 2016-08-31 12:29:54 -06:00
Todd C. Miller
e147ba1fec Use W_EXITCODE to construct the wait status if sudo could not execute 
the command.  Fixes the sudo exit value for exec(3) failure.
 2016-08-31 08:39:26 -06:00
Todd C. Miller
a9570e64ff fix brace style 2016-08-31 08:34:07 -06:00
Todd C. Miller
b610137efa regen 2016-08-31 05:50:18 -06:00
Todd C. Miller
ef4e808103 It is possible for get_user_info() to fail for reasons other than 
ENOMEM so print the warning message there rather than in main().
 2016-08-31 05:47:36 -06:00
Todd C. Miller
edcb137f60 match_group_by_gid is only available in sudo 1.8.18 and above 2016-08-30 14:37:57 -06:00
Todd C. Miller
7aeb11a920 Mention match_group_by_gid 2016-08-30 14:37:11 -06:00
Todd C. Miller
c57979bfb6 Document match_group_by_gid 2016-08-30 14:35:16 -06:00
Todd C. Miller
9cfd556853 Add match_group_by_gid Defaults option to allow sites with slow 
group lookups and a small number of groups in sudoers to match
groups by group ID instead of by group name.
 2016-08-30 13:42:42 -06:00
Todd C. Miller
12ab1383a4 Mention "sudo -l command" bug fix. 2016-08-29 10:42:17 -06:00
Todd C. Miller
5b51b7f11a Fix "sudo -l command" in the LDAP and SSS backends when the command 
is not allowed.
 2016-08-29 10:04:24 -06:00
Todd C. Miller
7918f7e7eb Use sudo_strsplit() instead of doing the equivalent manually. 2016-08-26 11:07:19 -06:00
Todd C. Miller
c50b835255 Move SIGPIPE bug fix to 1.8.18 where it belongs 2016-08-25 13:24:03 -06:00
Todd C. Miller
a246c9570a Fix memset size typo in previous commit. 2016-08-25 10:36:53 -06:00
Todd C. Miller
c5cfc9584c Add regress for check_defaults() use-after-free bug. 2016-08-25 08:33:07 -06:00
Todd C. Miller
99b9699793 Fix use-after-free in check_defaults(), reported by Radovan Sroka 
of RedHat.
 2016-08-25 08:32:45 -06:00
Todd C. Miller
403b904abe SIGPIPE bug fix 2016-08-24 09:01:28 -06:00
Todd C. Miller
7625f06841 Now that we ignore SIGPIPE in sudo we need to restore it at exec 
time.  Problem reported by Radovan Sroka of RedHat.
 2016-08-24 08:59:37 -06:00
Todd C. Miller
d54148bbdd Fix appending to make_opts 2016-08-22 07:13:02 -06:00
Todd C. Miller
5a432b9612 Add Bug #753 and fix reference to Bug #752. 2016-08-22 06:32:54 -06:00
Todd C. Miller
8d89d8395f sync with translationproject.org 2016-08-21 19:23:52 -06:00
Todd C. Miller
ba91ebb14b regen pot files 2016-08-21 14:10:56 -06:00
Todd C. Miller
8f9869df7e Update with logging changes. 2016-08-17 15:23:33 -06:00
Todd C. Miller
d8a65715d6 Avoid duplicate warnings when we cannot write to the log file. 
Also send the warning in mail if possible.
 2016-08-17 14:51:20 -06:00
Todd C. Miller
3e4c7eed31 Move the ignoring of I/O log plugin errors into the I/O log plugin 
itself.
 2016-08-17 14:38:00 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
9ccd260842 Make sure we print an error message to stderr (and not just send 
mail) if do_logfile() fails.  Bug #751
 2016-08-15 07:25:18 -06:00
Todd C. Miller
043b3d223b Separate out the supplemental group ID checks from the supplemental 
group name checks in user_in_group().  We now call sudo_get_gidlist()
only when the group name in sudoers begins with a '#' (which is
seldom used).
 2016-08-13 21:12:22 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
c3b8e97a6e Remove the "op" parameter from all the store_foo() functions except 
store_list() where it is actually needed.  For the others, a NULL
value indicates the setting was negated.  This unconfuses static
analyzers (and perhaps humans too).
 2016-08-12 16:41:51 -06:00
Todd C. Miller
8c2b6fb34e Flags always have a NULL value. Regression introduced by refactor 
of set_default_entry().
 2016-08-12 15:03:54 -06:00
Todd C. Miller
1ca261c305 Set rc to true when setting a flag Defaults value. 2016-08-12 11:32:36 -06:00
Todd C. Miller
25f39ff31d suppress a cppcheck false positive 2016-08-12 11:11:49 -06:00
Todd C. Miller
caf064e17b Refactor the error parts of set_default_entry() so the switch() is 
mostly just calls to store_foo() functions.  Avoids a lot of
duplicated error checking and silences a cppcheck false positive.
 2016-08-12 10:37:41 -06:00
Todd C. Miller
9051c92cb3 In set_default_entry() check for unsupported Defaults type. 2016-08-12 09:37:11 -06:00
Todd C. Miller
f17f9ba9b2 Add missing break in switch that sets the max limit for RLIMIT_NOFILE. 
Found by cppcheck.
 2016-08-12 09:24:41 -06:00
Todd C. Miller
7ac77b094c Check sudoers_initlocale return value and treat as oom. 
Coverity CID 141832
 2016-08-12 06:00:17 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00