isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,430 Commits 1 Branch 0 Tags
10b09e4d89a8db27a6ece9c7175df827a61b4b6a
Commit Graph

2838 Commits

Author SHA1 Message Date
Todd C. Miller
10b09e4d89 Fix -Wshadow warnings caused by json enum member. 2020-11-01 15:01:16 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
c8c7e1f607 Use ssl_err2string() in message on ldap_ssl_client_init() failure. 
Displaying SSL reason code directly is not user-friendly.
 2020-10-28 09:40:11 -06:00
Todd C. Miller
28d6771d24 Add log_format sudoers setting to select sudo or json format logs. 
Defaults to sudo-format logs.
 2020-10-27 15:26:02 -06:00
Todd C. Miller
4fc39cfb0a Don't warn about log failure more than once. 2020-10-27 06:36:58 -06:00
Todd C. Miller
fdae4bdbbb Add support for file log line wrapping in libeventlog. 2020-10-26 16:16:46 -06:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
39b540ff33 Log the short version of the tty in sudoers-format logs. 
This is consistent with historical practice.
 2020-10-26 16:10:40 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
bd1ca79cca Add support for mailing eventlog entries and for logging raw messages. 
These will be used by the sudoers plugin.
 2020-10-26 16:10:37 -06:00
Todd C. Miller
3ca3bfaab7 Make a copy of the strings stored in iolog_details and struct eventlog. 
Previously, we just made the strings const and relied on the front-end
not changing them.  Now the sudoers I/O log plugin behavior is
consistent with the policy plugin.
 2020-10-26 15:40:04 -06:00
Todd C. Miller
2d45becd4a Use struct eventlog in iolog_details. 2020-10-26 15:40:01 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
5c7c94b83a Explicitly set umask when running tests. 
Some tests create files that must not be world-writable.
 2020-10-16 13:57:28 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
b0a6e1c1e7 Pass path to testsudoers, visudo or cvtsudoers in the environment. 
Falls back on the unqualified command if the environment variable
is not set.
 2020-10-10 07:07:37 -06:00
Todd C. Miller
807857a2ca Init cmnds to NULL in rule_to_priv() so we don't free a bogus pointer. 
In the sssd backend, the rule_to_priv() cleanup code assumes cmnds
can be passed to fn_free_values(), which was not the case if we
receive an error getting values for "sudoCommand".  This is a
regression introduced in sudo 1.9.1.  Fix from Ron Bowes.
GitHub issue #67.
 2020-10-09 14:16:06 -06:00
Todd C. Miller
607076d8a0 Pass runchroot to match_digest() too. 
We use the open fd for the actual I/O but having runchroot makes
it possible to report the correct file name in error messages.
 2020-10-06 10:54:39 -06:00
Todd C. Miller
ea57249e29 Fix indentation of enum def_tuple. 2020-09-29 21:16:34 -06:00
Todd C. Miller
772619b7ef Remove special case EOF handling; lines now always end in a newline. 
Previously we needed to emulate some of the state transitions that
happen at end-of-line at end-of-file as well.  Those are no longer
needed now that we are guaranteed to always have a newline at the end.
 2020-09-28 10:10:16 -06:00
Todd C. Miller
f984f49c38 Increment sudolinebuf.size after realloc(). 2020-09-27 21:31:44 -06:00
Todd C. Miller
e8747a33f8 Add a newline at end of line if one is missing. 
This is simpler than having to support entries that end at EOF too.
 2020-09-27 20:21:05 -06:00
Todd C. Miller
32db528689 Add tests for entries without a newline. 2020-09-27 10:31:14 -06:00
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
7a36d70fc1 Add test for syntax error when defining an alias using a reserved word. 2020-09-25 15:09:36 -06:00
Todd C. Miller
70ada21c5b Detect when a reserved word is used when declaring an alias. 
Now instead of "syntax error, unexpected CHROOT, expecting ALIAS"
the message is "syntax error, reserved word used as an alias name"
Bug #941
 2020-09-25 12:24:45 -06:00
Todd C. Miller
f1d19f1d6e Add SLOG_AUDIT flag for log_warningx() to also audit the message. 
This lets us combine audit_failure() and log_warningx() calls with
the same message.
 2020-09-23 08:18:55 -06:00
Todd C. Miller
6ee731caff Log when user-specified command line options are rejected by sudoers. 
We already audit those but in some cases they were not logged as well.
 2020-09-23 08:02:43 -06:00
Todd C. Miller
6f8e1b9741 Fix potential NULL deref in debug code. 2020-09-23 08:59:18 -06:00
Todd C. Miller
09835b7198 Close the passwd db before calling getpwnam_shadow(3). 
Otherwise, we will get the non-shadow passwd entry ("*") since we
called setpassent(3) earlier to keep the passwd db open.
 2020-09-23 08:55:43 -06:00
Todd C. Miller
d4428133b4 Updated translations from translationproject.org 2020-09-19 09:57:33 -06:00
Todd C. Miller
874c2b27c6 Use a simple string compare on systems without crypt(3). 
This is only used on systems without PAM, BSD authentication or AIX
authentication.  Bug #940.
 2020-09-18 08:18:07 -06:00
Todd C. Miller
9f6a3d35cb Updated translations from translationproject.org 2020-09-16 13:28:03 -06:00
Todd C. Miller
1154e1d605 Back out sudo 1.9.3b1 version change. 2020-09-16 06:19:42 -06:00
Todd C. Miller
def99ffd78 Fix typo in warning for T_CHPATH, list '~' not '*' twice. 
Bug #938
 2020-09-14 06:54:15 -06:00
Todd C. Miller
86df234e14 Update .pot files for 1.9.3. 2020-09-12 08:29:18 -06:00
Todd C. Miller
3fc3b62d72 Add missing check for strdup() failure. 
Coverity CID 214243
 2020-09-10 08:10:05 -06:00
Todd C. Miller
c200e71637 Add callback for runchroot Defaults and require password -D/-R checks. 
Using a command-based Default for runchroot will still only work for
paths that exist both in and outside the chroot.
 2020-09-09 19:18:24 -06:00
Todd C. Miller
10d3d69aa1 Pass a struct to the match functions to track the resolved command. 
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
 2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
e561f5b857 Use the same pattern of redefining TESTDIR as test10.sh. 
Adapted from a diff from Tim Rice.
 2020-09-04 17:24:09 -06:00
Todd C. Miller
f6a14c9414 Include strings.h for strcasecmp(3). 
From Tim Rice
 2020-09-04 15:59:27 -06:00
Todd C. Miller
f6d477692f Regen for check_exptilde.o 2020-09-04 15:53:41 -06:00
Todd C. Miller
fb64210f75 Be consistent and use __hpux not __hpux__ like the rest of sudo. 2020-09-04 15:28:56 -06:00