isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,264 Commits 1 Branch 0 Tags
151e03fb5b51e3d4efd69c37d71bf62c91d3a7ba
Commit Graph

150 Commits

Author SHA1 Message Date
Todd C. Miller
6d8b078e2b Add support to visudo to export sudoers in JSON format. 2013-11-15 15:11:55 -07:00
Todd C. Miller
b38d253e98 Add "headless" tail queues and use them in place of the semi-circular 
lists in sudoers.  Once the headless tail queue is built up it is
converted to a normal TAILQ.  This removes the last consumer of
list.c and list.h so those can now be removed.
 2013-10-22 09:08:38 -06:00
Todd C. Miller
f85106ea67 Use SLIST and STAILQ macros instead of doing headless singly linked 
lists manually.  As a bonus we now use a tail queue for ldap.c and
sudoreplay.c.
 2013-10-22 09:08:09 -06:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
020fb00948 When checking for unused Runas_Aliases, count those used as part 
of a Runas Group too.  Fixes a false positive warning.
 2013-10-04 16:22:25 -06:00
Todd C. Miller
de566ac2ce Fix setting of quiet flag when -q / --quiet is specified. 
Do not print "sudoers: parsed OK" in quiet mode.
 2013-08-26 14:40:25 -06:00
Todd C. Miller
bd589f2342 Quiet some gcc -Wformat=2 false positives 2013-08-19 06:39:33 -06:00
Todd C. Miller
acac6ae2a8 Use lower case for the long option arguments to match the manual. 
This is inconsistent with GNU but it is better to match the sudo
documentation.
 2013-08-16 10:17:47 -06:00
Todd C. Miller
ea65c82b66 Initialize user_runhost and user_srunhost to user_host and user_shost 
in visudo and testsudoers.
 2013-08-15 14:26:51 -06:00
Todd C. Miller
8b1d645534 Simplify usage messages a bit and make --help output more closely 
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
 2013-08-14 10:30:51 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
39575aecf2 Long option support for visudo and sudoreplay. 2013-07-19 09:42:25 -06:00
Todd C. Miller
ab61c02546 Replace sequence number-based cycle detection in visudo with a 
"used" flag in struct alias.  The caller is required to call
alias_put() when it is done with the alias.  Inspired by a patch
from Daniel Kopecek.
 2013-05-22 11:32:08 -04:00
Todd C. Miller
368a6558ca Change some error/errorx -> fatal/fatalx in comments and xgettext 
flags.
 2013-04-26 16:06:05 -04:00
Todd C. Miller
50bdd5f131 Clear up an llvm checker warning which appears to be a false positive 
and fix an old XXX while I'm at it.
 2013-04-24 11:55:21 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
39acd2fcba Rename error/errorx -> fatal/fatalx and remove the exit value as 
it was always 1.
 2013-04-18 14:07:59 -04:00
Todd C. Miller
328994740e Only warn once when we are unable to open the sudoers file. 2013-04-01 11:23:29 -04:00
Todd C. Miller
0c40e82c16 Add simple regress tests for sudo.conf parsing. 2013-02-15 14:42:10 -05:00
Todd C. Miller
6fe6ccb048 Fix potential stack overflow due to infinite recursion in alias 
cycle detection.  From Daniel Kopecek.
 2013-01-23 07:52:09 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
3c9da162e4 Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN (sys/param.h 
or netdb.h).
 2012-12-04 10:18:41 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
c2c6616a0c Move _sudo_printf from src/conversation.c to common/sudo_printf.c. 
Add sudo_printf function pointer that is initialized to _sudo_printf()
instead of requiring a sudo_conv function pointer everywhere.  The
plugin will reset sudo_printf to point to the version passed in via
the plugin open function.  Now plugin_error.c can just call sudo_printf
in all cases.  The sudoers binaries no longer need their own version
of sudo_printf.
 2012-11-25 09:34:33 -05:00
Todd C. Miller
4bde57b8b2 Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). 2012-11-25 09:34:10 -05:00
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
90147bb605 Allow sudoers programs (visudo, sudoreplay, visudo) to use 
plugin_error.c instead of the error.c from the front-end.  This
means sudoers_setlocale() needs to be independent of the sudo_user
struct and the defaults table.  The sudoers locale is now updated
via a callback.
 2012-11-25 09:33:52 -05:00
Todd C. Miller
056c08a5b7 Avoid NULL deref for unknown Defaults in strict mode. 2012-11-25 08:12:54 -05:00
Todd C. Miller
acf8af9aac #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. 2012-11-12 08:51:58 -05:00
Todd C. Miller
c1db4b1546 Always include locale.h from gettext.h so we no longer need to 
include locale.h from the .c files.
 2012-11-11 20:23:53 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
475662aaa4 Refactor policy plugin interface code from sudoers.c into policy.c 2012-10-25 16:58:31 -04:00
Todd C. Miller
929aef0754 Make interfaces pointer private to interfaces.c and add get_interfaces() 
accessor.
 2012-10-25 13:15:52 -04:00
Todd C. Miller
a3a1574cdf Explicitly mark main() as public in executables to avoid an HP-UX 
ld warning.
 2012-10-02 15:08:02 -04:00
Todd C. Miller
5276ab3a5f Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. 2012-09-14 16:19:25 -04:00
Todd C. Miller
7aeadbd5b3 Add new check_defaults() function to check (but not update) the 
Defaults entries.  Visudo can now use this instead of update_defaults
to check all the defaults regardless instead of just the global
Defaults entries.
 2012-08-14 10:45:55 -04:00
Todd C. Miller
7d255e42cb Fix some warnings from clang checker-267 2012-08-07 11:01:28 -04:00
Todd C. Miller
355d40aa86 The second argument to init_parser() is now bool. 2012-08-02 15:40:11 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
238186abc9 Quiet a clang-analyzer dead store warning. 2012-03-26 11:03:23 -04:00
Todd C. Miller
55d1a1a79d Use ecalloc() when allocating structs. 2012-03-19 11:24:24 -04:00
Todd C. Miller
35280a8437 Check the owner and mode in -c (check) mode unless the -f option 
is specified.  Previously, the owner and mode were checked on the
main sudoers file when the -s (strict) option was given, but this
was not documented.
 2012-02-28 14:16:39 -05:00
Todd C. Miller
315b998a6d For "visudo -c" also list include files that were checked when 
everything is OK.
 2012-01-11 16:25:39 -05:00
Todd C. Miller
efbf020d42 Use SUDO_DEBUG_ALIAS for alias checking functions. 2012-01-07 12:24:43 -05:00
Todd C. Miller
38526ca149 Enable debugging via sudo.conf. 2012-01-06 10:58:13 -05:00
Todd C. Miller
baa9273dd5 Allow "visudo -c" to work when we only have read-only access to the 
sudoers include files.
 2012-01-06 10:54:30 -05:00
Todd C. Miller
47bcaf57bc parse_error is now bool, not int 2012-01-04 15:45:27 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
21a1460d4c Fix mode on sudoers as needed when the -f option is not specified. 2011-11-30 15:33:26 -05:00