isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,879 Commits 1 Branch 0 Tags
171512b173f7eddf1928d49b7238210c7c7c0474
Commit Graph

181 Commits

Author SHA1 Message Date
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
a842913aa7 Use debug logging instead of ignore_result() where possible. 2017-05-12 10:02:18 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
90e1f4ec3e Fix crash in visudo introduced in sudo 1.8.9 when an IP address or 
network is used in a host-based Defaults entry.  Bug #766
 2017-01-07 19:50:05 -07:00
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
deb6259765 In strict mode, go to the file/line with an undefined aliases 
or aliases cycle directly.
 2016-11-13 06:41:09 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
90995c0acf Add simple reference-counted string allocator and use it for passing 
around references to the sudoers path.  This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
 2016-11-11 16:18:27 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
f6ce83ea76 Only treat an unknown Defaults entry as a parse error in visudo, 
not in sudo itself.
 2016-11-01 15:08:11 -06:00
Todd C. Miller
8a48085184 Instead of checking Defaults values after the fact, check them at 
sudoers parse time.  This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
 2016-11-01 14:22:32 -06:00
Todd C. Miller
b5f444111e The fix for Bug #408 broke editing of files in an include dir that 
have a syntax error.  Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.
 2016-10-31 15:57:05 -06:00
Todd C. Miller
5a8b60e4b4 Make a copy of the current sudoers path when assigning errorfile. 
Fixes a potential use after free in visudo when there is an error
in one of the include files.
 2016-10-31 15:21:18 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
54efa54c0e Only check SUDO_USER if euid is 0 2016-07-31 18:47:36 -06:00
Todd C. Miller
f85e95329f Initialize sudo_user based on the SUDO_USER environment variable 
if present.  This allows things like :Defaults:username editor=foo"
to work when visudo is run via sudo.
 2016-07-30 15:27:36 -06:00
Todd C. Miller
2c21663b22 Split set_default_entry() out of set_default() so we can call it 
from check_defaults() to validate the defaults value.  In visudo,
suppress warnings from update_defaults() and rely on check_defaults()
to provide warnings.
 2016-07-23 09:10:48 -06:00
Todd C. Miller
e0ac766473 Pass quiet flag to init_parser() and update_defaults() when doing 
first parse of sudoers.
 2016-07-23 05:53:35 -06:00
Todd C. Miller
256ca993b9 Update defaults in visudo after sudoers has been edited so we pick 
up locale changes.  The init_defaults() function will now re-init
the sudoers locale.
 2016-07-22 10:41:56 -06:00
Todd C. Miller
ef24bd5c3c Set the locale to the sudoers locale when parsing and restore the 
user's locale afterward.  Also set the warn/fatal locale helper
function so warning messages during a sudoers parse are displayed
in the user's own locale.
 2016-07-20 16:41:23 -06:00
Todd C. Miller
b5c2ca2fe5 Move sudoers locale callback function to locale.c and user it in 
visudo and testsudoers.
 2016-07-20 14:16:00 -06:00
Todd C. Miller
05db5aa3b8 Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the 
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.
 2016-05-11 09:40:31 -06:00
Todd C. Miller
23d288563e Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). 
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
 2016-05-11 07:06:45 -06:00
Todd C. Miller
bbda2e7b5b Fix memory leak in get_editor() if resolve_editor() fails with 
an error.  Coverity CID 104107.
 2016-05-07 04:59:56 -06:00
Todd C. Miller
96f5fe4cd0 Ignore the return value of the initial sudoersparse(), before 
we have actually edited any files.  Coverity CID 104078.
 2016-05-07 04:52:21 -06:00
Todd C. Miller
3bebdfea79 Quiet address sanitizer leak detector. 2016-01-28 15:07:54 -07:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
b6cb1b65c9 We reserved two slots at the end of the editor argv for the line 
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.
 2015-09-15 09:29:40 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
445e6f2e9a Check sudo_conf_read() return value and exit on fatal error (a 
warning was already printed by sudo_conf_read()).
 2015-07-07 13:17:50 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
ac13264b44 Use a common function for resolviong the user's editor in sudoedit 
and visudo.  The find_path() function now returns a dynamically
allocated path instead of using a static string.
 2015-06-18 09:51:36 -06:00
Todd C. Miller
07f9814450 Remove remaining SUDO_MAIN remnants. 2015-06-17 10:20:14 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
21f5753b7d Restore old behavior where visudo prevents you from making the main 
sudoers file zero length.
 2015-05-27 13:34:28 -06:00
Todd C. Miller
2bf454b74d Use non-exiting allocators in the redblack tree and fix the fallout. 
Also switch to non-exiting allocators in affected code blocks.
 2015-05-27 09:51:54 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00