isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,785 Commits 1 Branch 0 Tags
17514b55ea3a8c1a3d10f194e56e68133e20597d
Commit Graph

172 Commits

Author SHA1 Message Date
Todd C. Miller
e45b388a37 Make get_boottime() return bool. 2014-04-28 08:40:32 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
2a290f812e Return MODE_ERROR from sudoers_policy_deserialize_info() instead 
of calling fatalx().
 2014-04-07 05:34:56 -06:00
Todd C. Miller
9b7dfa7522 Remove calls to log_fatal() in I/O log functions and just pass an 
error back to the caller.
 2014-04-04 15:30:12 -06:00
Todd C. Miller
2d1484fe84 Make a password/group cache collision a warning rather than fatal. 
This should not be possible in practice and we can safely return
the new (potentially duplicate) item as it will be freed by the
caller.  Make sudo_set_grlist() return an error on failure instead
of calling fatalx().
 2014-03-26 16:44:29 -06:00
Todd C. Miller
639ac92e6d In find_path(), return NOT_FOUND_ERROR instead of calling fatal() 
if the path is too long.  Remove an extraneous check against PATH_MAX
in set_cmnd() since find_path() already contains such a check.
 2014-03-26 14:15:15 -06:00
Todd C. Miller
4848b5691d Remove unused MODE_LISTDEFS define and correct a comment. 2014-03-26 14:03:04 -06:00
Todd C. Miller
3cdb944de4 Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw 
or targetpw is set.  Bug #639
 2014-03-19 16:55:37 -06:00
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
b2c456341a Move symbol extern defs into sudoers.h 2013-12-16 14:18:42 -07:00
Todd C. Miller
3e2d818ed9 Move prototypes for functions provided by libcommon that don't have 
their own header files into sudo_util.h.
 2013-12-12 18:29:07 -07:00
Todd C. Miller
d83bfb9fe6 Add atomode() function for parsing a file mode. 2013-12-10 16:56:54 -07:00
Todd C. Miller
2508da6f68 Better match debugging. 
Sprinkle const in match functions.
 2013-12-05 14:34:56 -07:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
7a76844d98 When merging the PAM environment, allow environment variables set 
in PAM to override ones set by sudo as long as they do not match
the env_keep or env_check lists.
 2013-08-17 06:34:09 -06:00
Todd C. Miller
99352d6738 Rename error.h -> fatal.h now that there is no error() function. 2013-08-15 14:24:29 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
8b4fbc5cc0 Refactor code to parse list of gids into its own function that is 
shared by the sudo front-end and the sudoers module.
Make uid/gid parse error be fatal, not just a warning.
 2013-08-08 11:40:36 -06:00
Todd C. Miller
fe23e7c038 Add endpointer and separator args to atoid() 2013-08-08 06:11:52 -06:00
Todd C. Miller
5dc56ea81d Add atoid() function to convert a string to an id_t (uid, gid or 
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
 2013-08-07 11:23:19 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
5337da144b Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an 
error if the entry already exists in the cache.
 2013-04-19 14:48:23 -04:00
Todd C. Miller
38dac1e0a4 Stash umask in struct sudo_user so we don't need to look it up later. 2013-03-28 15:40:32 -04:00
Todd C. Miller
6e50087010 Add sudo_set_grlist(), currently unused by the back end. 2013-03-26 13:27:51 -04:00
Todd C. Miller
d6b5ffbbd8 expand_prompt() is now in prompt.c 
sudo_printf extern is now in error.h
 2013-03-25 11:19:56 -04:00
Todd C. Miller
a803b4d2ec Change multiple inclusion guards to be _SUDOERS_FOO_H 2013-03-25 11:17:46 -04:00
Todd C. Miller
d3ff0f31ee Dummy out close function if there is no end_session for the auth 
method and the front-end can handle a NULL close function.  Avoids
the extra sudo process when we don't actually need it.
 2013-02-24 05:54:57 -05:00
Todd C. Miller
b9159ecb26 Add maxseq sudoers option to limit the max number of I/O log files. 2013-02-18 15:06:23 -05:00
Todd C. Miller
d837700341 Use max_groups in front-end and plugin. 2013-02-14 15:52:27 -05:00
Todd C. Miller
2e08777f25 Store the session ID in the tty ticket file too. A tty may only 
be in one session at a time so if the session ID doesn't match we
ignore the ticket.
 2013-02-08 10:43:14 -05:00
Todd C. Miller
b7ae7977a6 Cannot wrap sigsetjmp() or we end up returning to the wrong place. 
Use a macro instead.
 2012-11-29 06:37:13 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
5496ffe1e8 Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't 
need error_jmp to be extern.  Also add plugin_clearjmp() that clears
a flag so error()/errorx() knows when to call exit() vs. longjmp().
 2012-11-25 09:34:26 -05:00
Todd C. Miller
90147bb605 Allow sudoers programs (visudo, sudoreplay, visudo) to use 
plugin_error.c instead of the error.c from the front-end.  This
means sudoers_setlocale() needs to be independent of the sudo_user
struct and the defaults table.  The sudoers locale is now updated
via a callback.
 2012-11-25 09:33:52 -05:00
Todd C. Miller
3e5bd8dc52 Include setjmp.h in sudoers.h 
Move error_jmp into plugin_error.c
Rename sudoers_plugin_cleanup sudoers_cleanup
Make sudoers warning/error functions work when sudo_conv is NULL
 2012-11-25 09:33:33 -05:00
Todd C. Miller
cab6b976dc For PERM_ROOT set egid to 0 so log files are not created with 
the gid of the user.
 2012-11-12 15:20:10 -05:00
Todd C. Miller
336021a9c0 Fix compilation on systems w/o setlocale() 2012-11-12 05:36:43 -05:00
Todd C. Miller
6a7884d474 Make expand_prompt() args const and free the prompt when we are 
done with it.
 2012-11-08 16:40:37 -05:00
Todd C. Miller
4207589fe2 Add simple locale switching to make it easy to switch from the 
user's locale to the sudoers locale without making excessive
setlocale() calls when we don't need to.
 2012-11-08 15:37:43 -05:00
Todd C. Miller
475662aaa4 Refactor policy plugin interface code from sudoers.c into policy.c 2012-10-25 16:58:31 -04:00
Todd C. Miller
319fe95d08 Make user_cwd const since it is either a string literal or passed 
in from the front-end.
 2012-10-24 16:32:43 -04:00
Todd C. Miller
2b23d2b12c Move expand_prompt() into its own source file for easier unit testing. 2012-10-23 14:27:52 -04:00
Todd C. Miller
0a7af23038 Make check.c independent of the underlying timestamp implementation. 2012-10-23 14:16:57 -04:00
Todd C. Miller
5276ab3a5f Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. 2012-09-14 16:19:25 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
4abd2a6cf4 Merge in Solaris privilege support by Darren Moffat and John Zolnowsky 2012-07-26 13:49:21 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00