isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,772 Commits 1 Branch 0 Tags
1e03cbd0b406c492c12b7fa39a22c45bb208503f
Commit Graph

67 Commits

Author SHA1 Message Date
Todd C. Miller
097bec06bd sudo_conf_debug_files: special handling of DSO members for AIX 
When matching debug files for AIX-style DSOs like sudoers.a(sudoers.so)
we want to match on the full name, the name without the member and
on the member itself.  This makes it possible to use the existing
examples in the sudo.conf fiile on AIX.
 2023-11-03 11:29:20 -06:00
Rose
a4cbd7fe7b Swap calloc arguments to use them properly. 2023-10-15 10:19:58 -06:00
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
5768d374cc libsudo_util: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
bianguangze@uniontech.com
8797f0ceb9 Modify return value parameter 2023-01-29 11:08:38 +08:00
trackers-love
326f013cfa Return value does not match 2023-01-17 12:24:45 +08:00
Todd C. Miller
2e9e1c80f5 Avoid compiling some code paths that are unreachable when fuzzing. 2022-12-29 10:40:48 -07:00
Todd C. Miller
50958a05da Remove developer mode from sudo.conf, it is no longer used. 2022-12-26 07:43:55 -07:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
0663ffbc3f Use sudo_basename() instead of doing the equivalent manually. 2021-02-10 15:14:08 -07:00
Todd C. Miller
4a6ca4ba22 Fix calling sudo_conf_read() multiple times with different conf_types. 
The change to reinitialize the configuration data when sudo_conf_read()
is called again didn't take into account that sudo calls sudo_conf_read()
twice--once for the debug info and once for everything else.
 2020-11-18 09:36:05 -07:00
Todd C. Miller
deb217adf9 On SIGHUP, deregister the old debug instance before registering a new one. 
Otherwise, if debugging is enabled we will get an extra log instance
each time sudo_logsrvd reeives SIGHUP which results in duplicate
lines in the debug log.
 2020-11-10 19:36:55 -07:00
Todd C. Miller
8ef5c4cf9d Set DEFAULT_TEXT_DOMAIN in lib/util's Makefile not individual .c files. 
We no longer need to include sudo_gettext.h before sudo_compat.h
 2020-05-18 11:19:58 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Robert Manner
c0d53d75eb src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
 2019-12-14 12:55:42 -07:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
e797fc643f Plug memory leak when a particular Path is set more than once. 2016-11-16 13:57:50 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
8cb9f298bd Get rid of struct sudo_conf_paths and just use #defined index values 
to access the path values.
Make all accessors available even when the feature is not enabled.
 2016-11-15 15:41:41 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00
Todd C. Miller
0123cf63f1 The Path setting for the plugin directory is "plugin_dir" not "plugin". 2015-12-18 14:03:59 -07:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
d8dd6512ce Better handling of setlocale() returning NULL. 2015-06-19 16:49:02 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
86fb8e15a8 Use sudo_strsplit() instead of doing the equivalent manually. 2015-06-18 16:14:49 -06:00
Todd C. Miller
5ce50a885c Use non-exiting allocators in libsudo_util. 2015-06-17 17:00:53 -06:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
1be81d5720 Fix path settings broken in rev 9731. 2014-10-27 16:31:33 -06:00