isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,726 Commits 1 Branch 0 Tags
0f40753d46bfd704869e77d25c765a81ff1e3457
Commit Graph

3813 Commits

Author SHA1 Message Date
Todd C. Miller
e0d912d1db Use C99 designated struct initializers. 
This is less error-prone and would have avoided GitHub issue #325.
 2023-11-07 14:47:48 -07:00
Todd C. Miller
87c193f3f9 Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER. 
Fixes GitHub issue #325, a bug introduced in sudo 1.9.15.
 2023-11-07 13:38:30 -07:00
Todd C. Miller
24351bdadc sudo_set_grlist and sudo_set_gidlist: set auth registry based on username 
Previously we used the global registry but since we have the user's
passwd info we should use that when storing the group and gid lists.
 2023-11-03 10:30:56 -06:00
Todd C. Miller
2ffcda8e15 role_to_sudoers: only try to reuse a privilege if one is present 2023-11-02 14:42:42 -06:00
Todd C. Miller
1a11be4d9f store_plugin: avoid potential NULL deref in boolean context 
Coverity CID 330466
 2023-11-02 14:26:44 -06:00
Todd C. Miller
4833ac0f01 Avoid passing sudo_term_is_raw() -1 for the fd. 
Coverity CID 330472
Coverity CID 330468
 2023-11-02 14:17:51 -06:00
Todd C. Miller
886f1414eb Move the check for running setid commands in intercept mode to later. 
Checking for setid commands in intercept mode after command matching
allows us to log a proper error message.  Previously, we simply
ignored setid commands when matching and the only indication of why
was in the debug logs.
 2023-11-02 13:44:17 -06:00
Todd C. Miller
45e3c0dd17 timestamp_open: add some debugging 2023-11-02 09:10:49 -06:00
Todd C. Miller
3297ffa267 sudo_sia_begin_session: add missing struct sudoers_context * arg. 2023-10-31 10:26:57 -06:00
Todd C. Miller
747114f331 verify_krb_v5_tgt: auth name must be const to match struct sudo_auth. 2023-10-31 10:13:19 -06:00
Todd C. Miller
145faa3fe9 Updated translations from translationproject.org 2023-10-30 16:25:36 -06:00
Renato Botelho
75e829b740 Add missing sudoers_context to verify_krb_v5_tgt() 
Commit 2440174954 added ctx variable to log_warningx() call but that
variable was not declared in that context, breaking the build.
 2023-10-31 07:50:45 -06:00
Todd C. Miller
bf722e18b7 Updated translations from translationproject.org 2023-10-23 07:52:36 -06:00
Todd C. Miller
392ae0f030 Avoid a double-free in fuzz_policy caused by the early env_init(NULL). 
This adds an env_free() function to explicitly free both the old
and new copies of the environment.  It is really only needed by
fuzz_policy, which calls the policy module multiple times.
 2023-10-22 09:56:16 -06:00
Todd C. Miller
3bbc7c8f85 Store submitenv in eventlog and pass it to sudo_logsrvd. 2023-10-22 08:36:44 -06:00
Todd C. Miller
726b646b48 struct eventlog: rename argv/env to runargv/runenv. 
This matches the JSON logs.
 2023-10-21 19:15:46 -06:00
Todd C. Miller
c7a61a9438 struct sudoers_user_context: rename env_vars to env_add 2023-10-21 19:15:45 -06:00
Todd C. Miller
2b87749f8f Only log the run environment for commands that are allowed. 
It may not be available otherwise and unless the command is being
run it has no real meaning.
 2023-10-21 19:15:44 -06:00
Todd C. Miller
077826292c Free the private copy of the environment in sudoers_check_cmnd(). 
This reverts 5118eb5797fb, which had the side-effect of the PAM
session code running with the run environment instead of the invoking
user's environment.  Issue #318
 2023-10-21 19:15:42 -06:00
Todd C. Miller
29f7967420 Update .pot files for 1.9.15 2023-10-19 10:03:50 -06:00
Todd C. Miller
e3edd7a09a Add example for disabling intercept/log_subcmds for certain commands. 2023-10-18 17:35:40 -06:00
Todd C. Miller
385d506d35 tsdump: fix compiler warnings 2023-10-18 10:02:16 -06:00
Todd C. Miller
14d514e5ac Avoid using %zu or %zd with printf() and fprintf(). 
This prevents problems on systems where the system printf(3) is not
C99-compliant.  We use our own snprintf() on such systems so that
is safe.
 2023-10-17 20:14:53 -06:00
Todd C. Miller
58d6554a78 Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid 
problems on systems where the system printf(3) is not C99-compliant.
We use our own snprintf() on such systems.
 2023-10-17 20:09:16 -06:00
Todd C. Miller
cf9fc5317e strlcpy_expand_host, sudo_getdelim, sudo_realpath: add restrict qualifier 2023-10-17 10:47:43 -06:00
Rose
97f8052427 Add restrict to strlcpy and expand_prompt 2023-10-17 10:33:15 -06:00
Rose
b2a44430b5 Redundant cast removal in sudoers_hooks 
def_sudoers_locale is already a char*
 2023-10-15 11:25:28 -06:00
Rose
e095069d2a Prefer fputs over fprintf where possible 
fprintf does extra work and meant for formatting strings.
 2023-10-15 10:28:57 -06:00
Todd C. Miller
2d437c793d Fix spelling: resistent -> resistant 2023-10-12 10:20:34 -06:00
Alexander F. Rødseth
07426f8a1a Add Orbiton ("o") to the list of editors that supports +lineno 2023-10-02 14:44:10 -06:00
Alexander F. Rødseth
356ea96ef7 Sort the list of editors that supports +lineno 2023-10-02 14:44:10 -06:00
Todd C. Miller
9a715b6941 Fix compatibility with older versions of (new) awk. 
Do not rely on awk supporting "-f -" to read the program from stdin.
Avoid using POSIX character classes in regular expressions.
 2023-10-02 10:31:55 -06:00
Todd C. Miller
344e0daecc Use long, not long long, when getting/setting numeric attributes. 
We use int or long, not long long, in the Python plugin.
 2023-09-27 16:35:39 -06:00
Todd C. Miller
1398289fab Add casts when storing values in a struct timespec. 
Fixes -Wconversion warnings on some 32-bit systems where time_t is
still 32-bit.
 2023-09-27 15:11:10 -06:00
Todd C. Miller
9cc57f4936 sudo_file_open: initialize parser before calling open_sudoers(). 
Otherwise, the parser_conf settings in the context passed to
sudo_file_open() will not be honored by open_sudoers().
Affected settings include ignore_perms, sudoers mode, uid and gid.
 2023-09-27 15:16:18 -06:00
Todd C. Miller
837f400ac8 digest_matches: actually use fd2 in place of fd as needed. 2023-09-26 11:51:10 -06:00
Todd C. Miller
ff2d8464cf digest_matches: if fd argument is -1, try to open path before failing 2023-09-26 11:44:37 -06:00
Todd C. Miller
4d4279d0ca Add missing execute bit on some test scripts. 2023-09-26 10:58:36 -06:00
Todd C. Miller
29feb41da2 max_groups in sudoers_plugin_settings is no longer used. 2023-09-25 11:32:15 -06:00
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
1c13b8a628 Add support for "plugin" defaults type. 2023-09-24 16:28:36 -06:00
Todd C. Miller
c1708f0cf1 Support multiple input files. 2023-09-24 16:27:22 -06:00
Todd C. Miller
1c7d757b79 check_user: fix return value for intercept mode 
Also use early return on error to quiet a PVS-Studio warning.
 2023-09-22 10:38:46 -06:00
Todd C. Miller
f2d267bfb4 Only define _PATH_ENVIRONMENT on systems where we use /etc/environment. 2023-09-20 16:49:27 -06:00
Todd C. Miller
d9da92951a Replace '/' with '_' in paths using the user, group or host name. 2023-09-20 09:00:27 -06:00
Todd C. Miller
7363ad7b32 Use the user-ID instead of user-name for the timestamp and lecture file. 
This avoids problems if the user name itself contains a path separator.
 2023-09-11 10:27:35 -06:00
Todd C. Miller
94b80e3ad4 Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED. 2023-09-19 15:16:30 -06:00
Todd C. Miller
d53bbb54b2 Add macros to determine the length of an integer type in string form. 
Adapted from answer #6 in:
https://stackoverflow.com/questions/10536207/ansi-c-maximum-number-of-characters-printing-a-decimal-int
 2023-09-19 15:15:02 -06:00
Todd C. Miller
221a10340c visudo: use verbose and strict in parser_conf 
Where the sudoers_context is available we can use the values
of verbose and strict instead of passing around quiet and
strict flags.
 2023-09-18 13:47:25 -06:00
Todd C. Miller
6e75f2311d Add resolve_cmnd(), a wrapper around find_path(). 
This is a convenience function that sets PERM_RUNAS and calls
find_path().  If the command is not found it will retry with PERM_USER
instead.
 2023-09-18 12:42:51 -06:00