isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,785 Commits 1 Branch 0 Tags
17514b55ea3a8c1a3d10f194e56e68133e20597d
Commit Graph

2016 Commits

Author SHA1 Message Date
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e453c97976 Restore the error message for sudo_ev_add() failure. 2017-05-12 10:02:17 -06:00
Todd C. Miller
246ed8777d Fix "make check" when openssl or gcrypt is used. Bug #787 2017-05-11 05:28:19 -06:00
Todd C. Miller
0244f931dd Only display string version of errno if sudo_ev_add() fails for now 2017-05-10 09:22:07 -06:00
Todd C. Miller
93c029f4f9 sync with translationproject.org 2017-05-07 06:44:33 -06:00
Todd C. Miller
4e67ac56bd In check_input() when switch()ing on the return value of read(), 
use the default label instead of 1 for the success case.  It is
only reading a single byte so the two are equivalent but it reads
better using default.
 2017-05-04 12:25:51 -06:00
Todd C. Miller
1a047b156d Check sudo_ev_add() return value. Coverity CID 168362 2017-05-04 11:10:42 -06:00
Todd C. Miller
1d1ebb6111 Add io_open() wrapper for open(2) that retries with PERM_IOLOG if 
open(2) fails with EACCES.  Use io_open() instead of duplicate
copies of the same fallback code.
 2017-05-04 11:00:22 -06:00
Todd C. Miller
8757691fc7 Don't retry the open() if set_perms() fails. 2017-05-04 10:45:05 -06:00
Todd C. Miller
237eddd95e Fix typo (fd2 vs. fd) caught by coverity, CID 168359. 2017-05-04 10:30:59 -06:00
Todd C. Miller
c379665556 Add tests for parsing tuples and syslog options. 2017-05-03 09:54:30 -06:00
Todd C. Miller
2d8717bdd2 Allow the syslog Defaults option to be used in a "true" boolean 
context and use the compiled in default log facility in this case.
 2017-05-03 09:53:03 -06:00
Todd C. Miller
631d458b6f Allow a tuple to be set to boolean true. Regression introduced by 
refactor of set_default_entry() in sudo 1.8.18.
 2017-05-03 09:28:36 -06:00
Todd C. Miller
9bccceaea1 In "make install", install sample sudoers file as /etc/sudoers.dist 
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).
 2017-04-26 13:52:49 -06:00
Todd C. Miller
f3daaba1c4 In sudo_sss_check_user() it is not possible for handle to be NULL. 2017-04-19 14:30:30 -06:00
Todd C. Miller
583fac17ea Fix a use after free when the fqdn sudoOption is set and no hostname 
value is present in sssd.conf.
 2017-04-19 14:15:18 -06:00
Todd C. Miller
871b912f46 sync with translationproject.org 2017-04-19 09:07:55 -06:00
Todd C. Miller
7c63dbf65e regen 2017-04-13 13:45:00 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
4621e43676 quiet a warning on older zlib 2017-03-22 08:47:10 -06:00
Todd C. Miller
8d1e994d84 cast mode_t to unsigned int when printing with %o 2017-03-22 08:37:12 -06:00
Todd C. Miller
7f1fa00be9 regen 2017-03-21 16:34:17 -06:00
Todd C. Miller
7668b4b42b Set umask temporarily when creating files instead of changing the 
mode after the fact.  This is slightly less error prone.
 2017-03-21 16:21:17 -06:00
Todd C. Miller
2a37590b7d remove now-useless variable 2017-03-21 15:04:47 -06:00
Todd C. Miller
2caddff3f9 Don't set owner/mode on directories that already exist, only on 
newly-created ones.
 2017-03-21 14:55:19 -06:00
Todd C. Miller
1bd90d8fff Explicitly set the file mode of I/O log files so the mode is not 
affected by the invoking user's umask.
 2017-03-21 13:54:27 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
cfb15106e3 Restore the '/' in the path before returning if we encounter an error. 2017-03-21 10:15:31 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
a1322d7dd9 zero out nss->handle after it has been freed to make sure we cannot free it twice 2017-03-21 09:52:51 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
b63df21ba5 Fix declaration of sudo_krb5_verify() in the case where krb5_verify_user() 
is not present.  Bug #777
 2017-03-10 11:52:49 -07:00
Todd C. Miller
453360666c Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. 
Bug #778
 2017-03-10 11:49:07 -07:00
Todd C. Miller
a86d399ef6 regen 2017-03-09 12:00:18 -07:00
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
143620bb25 fix copyright years 2017-02-21 09:03:57 -07:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
00b76afe46 Check for gmtime() or localtime() returning NULL and just use a 
zero offset in that case.  Should not be possible.
 2017-02-20 16:44:02 -07:00
Todd C. Miller
b3fdb26c41 Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE 
and NOTAFTER.
 2017-02-18 16:44:56 -07:00