isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,723 Commits 1 Branch 0 Tags
04d83c41c716e663d644f00abea2cf92b9c86d12
Commit Graph

1996 Commits

Author SHA1 Message Date
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
4621e43676 quiet a warning on older zlib 2017-03-22 08:47:10 -06:00
Todd C. Miller
8d1e994d84 cast mode_t to unsigned int when printing with %o 2017-03-22 08:37:12 -06:00
Todd C. Miller
7f1fa00be9 regen 2017-03-21 16:34:17 -06:00
Todd C. Miller
7668b4b42b Set umask temporarily when creating files instead of changing the 
mode after the fact.  This is slightly less error prone.
 2017-03-21 16:21:17 -06:00
Todd C. Miller
2a37590b7d remove now-useless variable 2017-03-21 15:04:47 -06:00
Todd C. Miller
2caddff3f9 Don't set owner/mode on directories that already exist, only on 
newly-created ones.
 2017-03-21 14:55:19 -06:00
Todd C. Miller
1bd90d8fff Explicitly set the file mode of I/O log files so the mode is not 
affected by the invoking user's umask.
 2017-03-21 13:54:27 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
cfb15106e3 Restore the '/' in the path before returning if we encounter an error. 2017-03-21 10:15:31 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
a1322d7dd9 zero out nss->handle after it has been freed to make sure we cannot free it twice 2017-03-21 09:52:51 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
b63df21ba5 Fix declaration of sudo_krb5_verify() in the case where krb5_verify_user() 
is not present.  Bug #777
 2017-03-10 11:52:49 -07:00
Todd C. Miller
453360666c Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. 
Bug #778
 2017-03-10 11:49:07 -07:00
Todd C. Miller
a86d399ef6 regen 2017-03-09 12:00:18 -07:00
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
143620bb25 fix copyright years 2017-02-21 09:03:57 -07:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
00b76afe46 Check for gmtime() or localtime() returning NULL and just use a 
zero offset in that case.  Should not be possible.
 2017-02-20 16:44:02 -07:00
Todd C. Miller
b3fdb26c41 Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE 
and NOTAFTER.
 2017-02-18 16:44:56 -07:00
Todd C. Miller
fd40d88ba7 strftime() was in C89 so use it unconditionally. 2017-02-18 16:23:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3b19d05fe9 regen 2017-02-16 10:28:13 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
9b0622b58f Better error message when the timeout value does not parse. 2017-02-15 15:13:37 -07:00
Todd C. Miller
8bffd09881 set errno to ERANGE not EOVERFLOW on range error 2017-02-15 10:51:39 -07:00
Todd C. Miller
635f330a43 regen 2017-02-14 16:24:10 -07:00
Todd C. Miller
e5266f9eba Only inhibit ASAN leak detector for tests that result in a parse 
error.  The parser cannot currently clean up completely on error.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
0f3f4e028a Plug some memory leaks found by ASAN. 2017-02-14 15:56:34 -07:00
Todd C. Miller
e954facb9d List SELinux role/type for "sudo -l" with LDAP and SSSd backends. 
Also fix printing of the timeout.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
d7f7cf7a79 Only inherit SELinux role/type and Solaris privilege sets if 
the command does not include any.  Previously, a command with
only a role would inherit a type from the previous command
which is not what was intended.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
fb419ba066 supress cppcheck memory leak false positive 2017-02-14 14:38:31 -07:00
Todd C. Miller
09438e5b42 Include parse.h in timestr.c which is where function prototype lives. 2017-02-13 13:44:11 -07:00
Todd C. Miller
359cacc40f Fix for including a sudoers file that begins with the letter 'i'. 
The hack to determine whether we are parsing an include or includedir
is no longer safe now that relative include paths are permitted.
Bug #776.
 2017-02-13 13:38:24 -07:00
Todd C. Miller
8c1da9b69e Display the value of syslog_maxlen in sudo -V output. 2017-02-10 15:08:44 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
ba8f756695 Always set the close-on-exec bit on the fd used to generate the 
digest (i.e. the command to run) on systems that lack fexecve(2).
That way we don't need to explicitly close it using #ifdefs.
 2017-01-27 09:26:51 -07:00