isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

227 Commits

Author SHA1 Message Date
Todd C. Miller
8b009f62eb Plug memory leak in error path when sudoers cannot be opened. 2021-07-29 15:26:04 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
5a85543c16 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 18:42:37 -07:00
Todd C. Miller
0663ffbc3f Use sudo_basename() instead of doing the equivalent manually. 2021-02-10 15:14:08 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
6286ce1d16 Store column number for aliases, defaults and userspecs too. 
This is used to provided the column number along with the line
number in error messages.  For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
 2020-11-02 05:39:06 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
24d5ee5893 Fix memory leak on error found by the clang 10.01 analyzer. 2020-09-03 13:07:38 -06:00
Todd C. Miller
1b300f78de Remove superfluous "parse error in sudoers near line N" message. 
The sudoers parser now produces better syntax error messages so we
don't need visudo to print its own.
 2020-08-27 16:08:18 -06:00
Todd C. Miller
03eb3d6db9 Don't override errorfile and errorlineno set by check_aliases(). 
Now that alias parsing stores the file and line number, visudo can
use that information to go to the line with an error when re-editing.
 2020-08-27 16:06:45 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
7febc39137 In visudo check that an include file is regular file before using it. 
Avoids a generic "input in flex scanner failed" error message.
 2020-05-19 10:09:56 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Sebastian Rasmussen
3d73f05e3b Fix typo in warning message. 2020-05-16 10:44:27 -06:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
dc9338ffe7 Allow the sudoers file to be specified without the -f option. 
Bug #864
 2018-12-24 08:26:18 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
470a7830dc If sudo_lock_file() fails for a reason other than the file already 
being locked, give the user a chance to edit anyway.
 2018-08-31 08:08:45 -06:00
Todd C. Miller
b2e3adccf3 Make alias_apply() take 3 arguments, the first being a pointer to the 
struct sudoers_parse_tree.
 2018-08-24 09:52:53 -06:00
Todd C. Miller
fe58062547 Cast uid/gid to unsigned int before printing. 2018-08-22 12:58:24 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
18ba38ef4c Refactor common alias code out of cvtsudoers and visudo and into alias.c. 2018-04-02 07:41:09 -06:00
Todd C. Miller
3354cbd021 Add sudoers output format to cvtsudoers. In the future this may 
be used with filters to emit a partial sudoers file instead of a
full one.
 2018-02-02 14:29:19 -07:00
Todd C. Miller
7e5e1f6a6d Execute cvtsudoers if the user runs "visudo -x" but also emit a 
warning.
 2018-01-28 16:34:16 -07:00
Todd C. Miller
63321f19a9 Revert 04ec05108b2b, change the default input source back to stdin. 2018-01-28 16:11:02 -07:00
Todd C. Miller
98c19a68c9 Use the built-in sudoers file location as the default sudoers file 
for cvtsudoers and move parse_sudoers_options() to stubs.c since
it is shared between visudo.c and cvtsudoers.c.
 2018-01-26 13:15:10 -07:00
Todd C. Miller
0f3030d502 Move common stub functions required by the parser out of visudo.c 
and cvtsudoers.c and into stubs.c.
 2018-01-26 12:51:24 -07:00
Todd C. Miller
80cb1b5da9 Move sudoers JSON conversion to cvtsudoers which will eventually 
output to other formats too.
 2018-01-26 11:20:37 -07:00
Todd C. Miller
a885b952fb Remove use of AC_HEADER_TIME, only obsolete platforms actually 
need this.  Also stop removing sys/time.h unless the source file
uses struct timeval.
 2018-01-17 09:52:15 -07:00
Todd C. Miller
23ac62cfb5 Also honor SUDO_EDITOR in visudo. Previously is was only used 
by sudoedit.
 2017-12-22 10:22:33 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
a842913aa7 Use debug logging instead of ignore_result() where possible. 2017-05-12 10:02:18 -06:00