isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,624 Commits 1 Branch 0 Tags
17a2a27e46f76ebc348ae9533d81c4360b73f84d
Commit Graph

62 Commits

Author SHA1 Message Date
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
b1cdb3708c Remove a few more unnecessary uses of fatal(). 2014-04-07 19:52:28 -06:00
Todd C. Miller
a5aeaf20da Fix some sign comparision warnings. 2014-03-25 16:16:11 -06:00
Todd C. Miller
d75e5f6fef Fix typo in setreuid() PERM_ROOT error message. 2014-02-27 16:40:28 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
0817429583 More sign compare fixes. On Solaris id_t is signed so use uid_t 
in the set_perms.c ID macro instead.
 2013-10-23 15:19:41 -06:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
23a2bdbcba In rewind_perms() there is nothing to do if perm_stack_depth == 0. 2013-08-07 09:42:14 -06:00
Todd C. Miller
f6e8fb8b1c Quiet a few -Wunused-result compiler warnings. 2013-05-01 11:02:09 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
d658d12195 Let warning() call gettext() for us. 2012-11-25 09:34:20 -05:00
Todd C. Miller
cab6b976dc For PERM_ROOT set egid to 0 so log files are not created with 
the gid of the user.
 2012-11-12 15:20:10 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
0d82c4c7ee If sudoers_mode is group-readable but the actual sudoers file is 
not, open the file as uid 0, not uid 1.  This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
 2012-05-21 13:59:02 -04:00
Todd C. Miller
53357633f1 Fix restoration of AIX permissions. 2012-04-09 15:39:01 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
c85afe4b9c Remove unused label 2012-03-16 20:13:43 -04:00
Todd C. Miller
2ff9d0318c Remove bogus optimization that could lead to a double free of the 
group list.
 2012-03-16 12:00:32 -04:00
Todd C. Miller
1e8f5d4aa4 Use normal error path if unable to set sudoers gid. 2012-03-10 16:38:14 -05:00
Todd C. Miller
7971a5e499 Make this work again on systems w/o seteuid(). 2012-03-10 15:29:46 -05:00
Todd C. Miller
9c2dd5eec6 Fix compilation if no seteuid/setreuid/setresuid available. 2012-03-09 17:28:59 -05:00
Todd C. Miller
b49bb17c3e Better error messages, and added debugging throughout. 
Fixed seteuid() version of set_perms()/restore_perms().
Fixed logic bug in AIX version of restore_perms().
Added checks to avoid changing uid/gid when we don't have to.
Never set gid/uid state to -1, use the old value instead.
 2012-03-09 17:07:41 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
e066ff5caf More complete fix for LDR_PRELOAD on AIX. The addition of 
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD.  Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
 2012-02-06 15:46:17 -05:00
Todd C. Miller
656807823d For PERM_ROOT when using setreuid(), only set the euid to 0 prior 
to the call to setuid(0) if the current euid is non-zero.  This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
 2012-02-06 13:29:19 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
b743b77a0d Better warning message on setuid() failure for the setreuid() 
version of set_perms().
 2011-10-04 11:13:28 -04:00
Todd C. Miller
d81c14005f Silence compiler warnings on Solaris with gcc 3.4.3 2011-08-23 16:42:18 -04:00
Todd C. Miller
4f9a93f658 Fix some potential problems found by the clang static analyzer, 
none serious.
 2011-07-28 10:59:37 -04:00
Todd C. Miller
1f9fb7609f Fix two PERM_INITIAL cases that were still using user_gids. 2011-07-22 15:13:35 -04:00
Todd C. Miller
022591f4bf Add a wrapper for setgroups() that trims off extra groups and retries 
if setgroups() fails.  Also add some missing addrefs for PERM_USER
and PERM_FULL_USER.
 2011-07-20 16:54:12 -04:00
Todd C. Miller
b124635b04 Instead of keeping separate groups and gids arrays, create struct 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
 2011-07-20 11:58:45 -04:00
Todd C. Miller
37873051a8 Make error strings translatable. 2011-07-13 16:50:25 -04:00
Todd C. Miller
56321ec778 Resolve the list of gids passed in from the sudo frontend (the 
result of getgroups()) to names and store both the group names and
ids in the sudo_user struct.  When matching groups in the sudoers
file, match based on the names in the groups list first and
only do a gid-based match when we absolutely have to.  By matching
on the group name (as it is listed in sudoers) instead of id
(which we would have to resolve) we save a lot of group lookups
for sudoers files with a lot of groups in them.
 2011-07-01 14:13:47 -04:00
Todd C. Miller
6f8cd91928 can't -> "unable to" in warning/error messages 2011-05-18 12:36:26 -04:00
Todd C. Miller
b643b190a7 Prepare sudoers module messages for translation. 2011-05-16 16:32:05 -04:00
Todd C. Miller
7c35601cf3 Be explicit when setting euid to 0 before call to setreuid(0, 0) 2011-04-23 06:13:48 -04:00
Todd C. Miller
b08ad6083b Work around weird AIX saved uid semantics on setuid() and setreuid(). 
On AIX, setuid() will only set the saved uid if the euid is already 0.
 2011-04-15 12:30:08 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
6bea3f524e Fix running commands as non-root on systems where setreuid() changes 
the saved uid based on the effective uid we are changing to.
 2011-03-11 10:48:12 -05:00
Todd C. Miller
47968912a2 Fix passing of login class back to sudo front end. 2011-03-07 16:55:08 -05:00
Todd C. Miller
3c0672e2e3 Allow sudoers file name, mode, uid and gid to be specified in the 
settings list.  The sudo front end does not currently set these
but may in the future.
 2011-02-23 13:38:52 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
94de54b19d If runas_pw changes, reset the stashed runas aux group vector. 
Otherwise, if runas_default is set in a per-command Defaults statement,
the command runs with root's aux group vector (i.e. the one that
was used when locating the command).
 2010-08-26 11:40:04 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00