isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

11089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
3f1a76cb83 Move connect_relay_tls() so we don't need a prototype for it. 
Fixes a warning when sudo is not configured to use OpenSSL.
 2021-04-06 16:53:35 -06:00
Todd C. Miller
3aec794b75 Document relay and connect_timeout server settings. 2021-04-06 16:30:41 -06:00
Todd C. Miller
86c815fd61 Add logsrvd_conf_cleanup() to free the conf data structures on exit. 
There is no longer a need to do anything in shutdown_cb() other
than break out of the event loop.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
ec52810c0b Don't allow a wildcard address for the relay parameter. 2021-04-06 14:44:19 -06:00
Todd C. Miller
30f57bcdce Add sa_host to struct server_address as a ref counted string. 
Also convert sa_str to ref counted string.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
b1c4de2088 Add support for relaying to another sudo_logsrvd via TLS. 2021-04-06 14:44:19 -06:00
Todd C. Miller
d60b8a791c Add a relay mode to sudo_logsrvd where it forwards instead of stores. 
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
343100307d Split most of server_commit_cb() out into schedule_commit_point(). 
This allows it to be used by the relay code too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
533fcc3f02 Try to send an error message to client for some client_msg_cb() failures. 2021-04-06 14:44:19 -06:00
Todd C. Miller
8101b23e54 Rename listen_address -> server_address and add reference counting. 
This will be used by the upcoming relay mode.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
72c40ae0e1 Move common TLS client code to tls_client.c and use it in sendlog.c. 2021-04-06 14:44:19 -06:00
Todd C. Miller
71e5275a1c Move common TLS initialization code to tls_init.c. 2021-03-10 16:29:27 -07:00
Todd C. Miller
7bb5eef9d9 Use a tailq of write buffers instead of a single one per connection. 
This allows us to queue up multiple messages for writing like the
sudoers client supports.  Currently, each connection has its own
free list.  In the future we may want a single free list with low
and high water marks.
 2021-04-06 14:30:16 -06:00
Todd C. Miller
e3ff4e663c Set user group list when executing the askpass helper. 
Under normal circumstances the existing group list will match the
list fetched by sudo.  However, if sudo is executed by a process
that has changed the group list via setgroups(2) and "group_source"
in sudo.conf is set to "dynamic" it is possible for them to be
different.

If group_source in sudo.conf is set to "dynamic" it is possible
for the group list
 2021-04-06 14:30:16 -06:00
Todd C. Miller
f1f8515bd6 Increase autoconf minimum version to 2.70. 
Some of the macros deprecated in 2.70 are required by older versions.
For example, AC_PROG_CC now does the work of AC_PROG_CC_STDC.
Bug #972
 2021-04-06 14:28:06 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Radovan Sroka
c2a63690c8 Removed depricated security_context_t 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2021-04-06 06:06:46 -06:00
Todd C. Miller
28d65159ed Document SUCCESS=return support in sudoers nsswitch.conf entries. 
Based on a patch from Dennis Filder.  Bug #971.
 2021-04-05 20:13:50 -06:00
Todd C. Miller
8fa897d3ae Move log_server_accept() out from under the #ifdef SUDOERS_LOG_CLIENT 
Fixes a link error when sudo is configured with --disable-log-client.
 2021-04-01 15:10:32 -06:00
Todd C. Miller
5a79841208 Return NULL if init_tls_client_context() fails. 
Otherwise, we will call SSL_new with a freed SSL context.
Bug #970
 2021-03-31 07:57:09 -06:00
Todd C. Miller
4f9d2374c8 Do not include parent directories in rpm and deb files. 
Fixes a directory conflict with the AIX sudo rpm package.
Other deb/rpm packages were not affected because parent dirs are
omitted for a prefix of /usr.
 2021-03-30 12:49:20 -06:00
Todd C. Miller
a40e4b3867 Use separate getopt config for sudoedit. 
Avoids a problem where the user gets an exclusive usage error message
when using a sudo-specific option.
GitHub issue #95
 2021-03-30 16:07:28 -06:00
Todd C. Miller
a4c710ccfd Add -h and -V to sudoedit usage and customize help output for sudoedit. 
Also add missing -B option to usage strings.
 2021-03-30 15:53:38 -06:00
Todd C. Miller
b9a0c72fd1 Don't report a usage error for "sudo -V". 
GitHub issue #95
 2021-03-30 15:17:31 -06:00
Todd C. Miller
ce1f0da845 SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. 
On OpenServer, SIOCGIFNUM is the number of network interfaces,
not the number of ifreq structs.
 2021-03-29 09:59:09 -06:00
Todd C. Miller
b269da75b8 Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. 
We need to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF
only returns IPv6 addresses.
 2021-03-27 13:55:07 -06:00
Todd C. Miller
00cdc83cb6 Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN def. 2021-03-24 20:36:49 -06:00
Todd C. Miller
0e49dd2381 No longer need ifr_tmp variable, just reuse ifr. 
Now that we store the string version of the address before fetching
the netmask we can just re-use ifr.  This simplifies things and is
safer since if there is space for the address there must also be
space for the mask.
 2021-03-24 14:18:40 -06:00
Todd C. Miller
423e231229 SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. 
Gleaned from sendmail.
 2021-03-24 08:57:43 -06:00
Todd C. Miller
45ca46d735 Use SIOCGSIZIFCONF or SIOCGIFNUM where available. 
Still falls back to a loop if not but now maxes out at 2048
interfaces instead of potentially looping forever.
 2021-03-24 08:57:40 -06:00
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
9d6a37a49b Use SIOCGLIFCONF to get interface list where supported (Solaris). 
HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also add IPv6 support using SIOCGIFCONF (probably AIX only) and make
sure ifr_tmpbuf[] is properly aligned.
 2021-03-22 19:51:40 -06:00
Todd C. Miller
06df3a1b47 Add simple regress check to display the network interfaces found. 2021-03-22 12:26:36 -06:00
Todd C. Miller
009069115c Suggest clang 11 or higher, some fuzzers may hang when used with clang 10. 2021-03-19 08:04:39 -06:00
Todd C. Miller
977f238d35 Add dictionary file for fuzz_logsrvd_conf. 2021-03-18 19:46:08 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
5498c6a938 We can now rely on LLVMFuzzerTestOneInput to flush stdout. 2021-03-18 13:40:26 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
f57ab1a638 fix typo 2021-03-13 08:44:46 -07:00
Todd C. Miller
bc32789af2 Bug #968 2021-03-10 19:20:24 -07:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00