isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,911 Commits 1 Branch 0 Tags
1f3ea50afd89baf6c6557b42a3971e67bc838f6b
Commit Graph

209 Commits

Author SHA1 Message Date
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
368a6558ca Change some error/errorx -> fatal/fatalx in comments and xgettext 
flags.
 2013-04-26 16:06:05 -04:00
Todd C. Miller
5337da144b Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an 
error if the entry already exists in the cache.
 2013-04-19 14:48:23 -04:00
Todd C. Miller
1162b55040 Rename log_error() -> log_warning() for consistency with warning()/fatal() 2013-04-18 14:14:03 -04:00
Todd C. Miller
39acd2fcba Rename error/errorx -> fatal/fatalx and remove the exit value as 
it was always 1.
 2013-04-18 14:07:59 -04:00
Todd C. Miller
41ab8da22c Fall back to opening /dev/tty to determine whether there is a tty 
if the system doesn't have kernel support for determing the tty.
 2013-04-01 10:40:17 -04:00
Todd C. Miller
37b4b5d15e Now that we can determine the terminal even when file descriptors 
are redirected we can check user_ttypath rather than opening
/dev/tty when enforcing requiretty.
 2013-03-28 15:46:52 -04:00
Todd C. Miller
38dac1e0a4 Stash umask in struct sudo_user so we don't need to look it up later. 2013-03-28 15:40:32 -04:00
Todd C. Miller
5bac16f5cc Minor cosmetic change 2013-03-28 14:25:24 -04:00
Todd C. Miller
213f7ff113 Don't need to include sudoers_version.h here. 2013-03-28 10:49:18 -04:00
Todd C. Miller
13dbba174e Move sudo_conv into policy.c 2013-03-27 13:42:40 -04:00
Todd C. Miller
29becec0e7 Make "sudo -l non_existent_command" warn that non_existent_command 
doesn't exist, not the "list" pseudo-command.
 2013-02-20 15:35:26 -05:00
Todd C. Miller
b9159ecb26 Add maxseq sudoers option to limit the max number of I/O log files. 2013-02-18 15:06:23 -05:00
Todd C. Miller
af0bb55283 Move tzset() call from sudoers plugin to sudo front end. 2013-02-07 14:31:48 -05:00
Todd C. Miller
99704cc101 Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute 
the command.  If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted.  If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
 2013-01-17 09:20:45 -05:00
Todd C. Miller
9479bb623b Add exec_background option in plugin command info and a sudoers 
option to match.  When set, commands are started in the background
and automatically foregrounded as needed.  There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
 2013-01-11 14:34:09 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
b7ae7977a6 Cannot wrap sigsetjmp() or we end up returning to the wrong place. 
Use a macro instead.
 2012-11-29 06:37:13 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
c2c6616a0c Move _sudo_printf from src/conversation.c to common/sudo_printf.c. 
Add sudo_printf function pointer that is initialized to _sudo_printf()
instead of requiring a sudo_conv function pointer everywhere.  The
plugin will reset sudo_printf to point to the version passed in via
the plugin open function.  Now plugin_error.c can just call sudo_printf
in all cases.  The sudoers binaries no longer need their own version
of sudo_printf.
 2012-11-25 09:34:33 -05:00
Todd C. Miller
5496ffe1e8 Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't 
need error_jmp to be extern.  Also add plugin_clearjmp() that clears
a flag so error()/errorx() knows when to call exit() vs. longjmp().
 2012-11-25 09:34:26 -05:00
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
90147bb605 Allow sudoers programs (visudo, sudoreplay, visudo) to use 
plugin_error.c instead of the error.c from the front-end.  This
means sudoers_setlocale() needs to be independent of the sudo_user
struct and the defaults table.  The sudoers locale is now updated
via a callback.
 2012-11-25 09:33:52 -05:00
Todd C. Miller
3e5bd8dc52 Include setjmp.h in sudoers.h 
Move error_jmp into plugin_error.c
Rename sudoers_plugin_cleanup sudoers_cleanup
Make sudoers warning/error functions work when sudo_conv is NULL
 2012-11-25 09:33:33 -05:00
Todd C. Miller
acf8af9aac #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. 2012-11-12 08:51:58 -05:00
Todd C. Miller
c1db4b1546 Always include locale.h from gettext.h so we no longer need to 
include locale.h from the .c files.
 2012-11-11 20:23:53 -05:00
Todd C. Miller
56de023de8 Avoid strerror() when possible and just rely on warning/error 
to handle errno in the proper locale.
 2012-11-09 16:32:29 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
f454a852cb audit_failure() now calls gettext itself using the sudoers locale. 2012-11-08 15:37:43 -05:00
Todd C. Miller
3f82a3407e Convert setlocale() to sudoers_setlocale() in the sudoers module. 
This only converts existing uses, there are more places where we
need to sprinkle sudoers_setlocale() calls.
 2012-11-08 15:37:43 -05:00
Todd C. Miller
4207589fe2 Add simple locale switching to make it easy to switch from the 
user's locale to the sudoers locale without making excessive
setlocale() calls when we don't need to.
 2012-11-08 15:37:43 -05:00
Todd C. Miller
5d052aeb60 Do not inform the user that the command was not permitted by the 
policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.
 2012-11-06 11:19:51 -05:00
Todd C. Miller
475662aaa4 Refactor policy plugin interface code from sudoers.c into policy.c 2012-10-25 16:58:31 -04:00
Todd C. Miller
3651377e12 Refactor command_info setting into its own function. 2012-10-25 13:16:58 -04:00
Todd C. Miller
929aef0754 Make interfaces pointer private to interfaces.c and add get_interfaces() 
accessor.
 2012-10-25 13:15:52 -04:00
Todd C. Miller
4134b24ec2 Avoid nested strtok() calls. 2012-10-24 14:24:36 -04:00
Todd C. Miller
d787df3c1d Add support for [SUCCESS=return] in nsswitch.conf; from Daniel Kopecek 2012-09-04 09:22:10 -04:00
Todd C. Miller
6260a75891 Use AI_FQDN instead of AI_CANONNAME if available since "canonical" 
is not always the same as "fully qualified".
 2012-08-15 09:52:26 -04:00
Todd C. Miller
241b2395cf Reduce the number of "internal error, foo overflow" messages that 
need to be translated.
 2012-08-10 12:18:38 -04:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
4abd2a6cf4 Merge in Solaris privilege support by Darren Moffat and John Zolnowsky 2012-07-26 13:49:21 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00
Todd C. Miller
7d5048a5be Zero pointers in sudo_user struct after freeing, just in case. 2012-06-27 17:04:39 -04:00
Todd C. Miller
899fcc05ac Free user_gids in close function if it has not already been freed. 2012-06-27 16:56:55 -04:00
Todd C. Miller
1cd50d0bce Defer group ID to name resolution until we actually need it. 2012-06-27 16:50:56 -04:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
6f6b0dec6c Use gcc's visibility attribute to specify when symbols are visible 
or hidden, if available.  If not available, use an ELF version
script if it is supported.  If all else fails, fall back to using
libtool's -export-symbols.
 2012-06-13 14:01:16 -04:00
Todd C. Miller
0d82c4c7ee If sudoers_mode is group-readable but the actual sudoers file is 
not, open the file as uid 0, not uid 1.  This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
 2012-05-21 13:59:02 -04:00