isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 0 Tags
21f5753b7daf348d8ef4b57c208fd8c6e7cf996c
Commit Graph

1535 Commits

Author SHA1 Message Date
Todd C. Miller
21f5753b7d Restore old behavior where visudo prevents you from making the main 
sudoers file zero length.
 2015-05-27 13:34:28 -06:00
Todd C. Miller
9d1c408b73 Non-exiting allocators for log functions. If log_allowed() fails 
the user may not run the command.  We don't try to return early for
log_failure(), log_auth_failure() or log_denial() as we would not
run the command in that case.
 2015-05-27 10:55:27 -06:00
Todd C. Miller
4da9e10971 Use non-exiting allocators in the parser (much of it already did). 2015-05-27 10:36:03 -06:00
Todd C. Miller
6b7be032af Use non-existing allocators in the passwd/group cache functions. 2015-05-27 10:26:49 -06:00
Todd C. Miller
2bf454b74d Use non-exiting allocators in the redblack tree and fix the fallout. 
Also switch to non-exiting allocators in affected code blocks.
 2015-05-27 09:51:54 -06:00
Todd C. Miller
46770c9588 The error string returned by alias_add should be const. 2015-05-27 09:48:34 -06:00
Todd C. Miller
c5e4c3055a Fix typo, efree vs. free. 2015-05-27 09:48:31 -06:00
Todd C. Miller
4131449ffb Add a few missing sudo_new_key_val() return value checks. 
Also use non-exiting allocators for consistency.
 2015-05-27 09:42:51 -06:00
Todd C. Miller
8d1708434f Add sudo_strsplit(), similar to strtok_r() but non-destructive and 
operates on non-C strings (requires a length parameter).
 2015-05-26 15:46:41 -06:00
Todd C. Miller
69e62f316e Use reallocarray() instead of sudo_emallocarray() and return an 
error on allocation failure.
 2015-05-20 10:59:03 -06:00
Todd C. Miller
212ff5d964 In our krb5_get_init_creds_opt_alloc() replacement use malloc() 
instead of sudo_emalloc() and return KRB5_CC_NOMEM on allocation
failure.  Only old versions of Kerberos V will need this.
 2015-05-20 10:58:17 -06:00
Todd C. Miller
04128f5985 Get rid of SUDO_MAIN. Modern compilers don't warn about mixing 
extern and auto declarations unless they conflict.
 2015-05-21 11:26:44 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
1298ea9107 Add target for "make splint". A few files need extra guards to avoid 
errors on systems where they would not otherwise be compiled.
No warnings from splint.
 2015-05-21 11:07:13 -06:00
Todd C. Miller
cbcaaa299a No need to cast malloc() return value. 2015-05-14 10:47:09 -06:00
Todd C. Miller
c75eb5bf0d Use reallocarray where possible. 2015-05-14 10:21:58 -06:00
Todd C. Miller
8bc70a635c Instead of trying to make weak functions work on all platforms, 
just use a registration function for a plugin-specific setlocale
function.  The sudoers version just wraps sudoers_setlocale().
 2015-05-11 14:51:32 -06:00
Todd C. Miller
c80b9c9457 In usergr_matches() matched should be bool but we have to take care 
to handle group_plugin_query() returning a value other than 0/1.
 2015-05-07 10:56:12 -06:00
Todd C. Miller
d16434f977 sudo_ldap_check_non_unix_group() returns bool, not int. 2015-05-07 10:43:26 -06:00
Todd C. Miller
eea4e1afd9 Convert two debug_return_int to debug_return_bool. 2015-05-07 10:40:46 -06:00
Todd C. Miller
caf5d45e0f Previously, debug_return_bool was the same as debug_return_int 
except that it logged true/false for 1/0.  However, this appears
to trigger a bug in some compilers.  To avoid this, debug_return_bool
now uses bool, not int.  Callers that were passing it an int have
been converted to use debug_return_int instead.
 2015-05-07 10:33:23 -06:00
Todd C. Miller
ff89dde116 Sync with translationproject.org 2015-04-27 14:12:11 -06:00
Todd C. Miller
8930db0e09 Only fall back on AUE_DARWIN_sudo if au_preselect() fails. 2015-04-26 07:55:33 -06:00
Todd C. Miller
8a18383644 Work around a problem on Mac OS X 10.10 which defines AUE_sudo but 
where au_preselect() only accepts AUE_DARWIN_sudo (the old value).
 2015-04-25 19:44:52 -06:00
Todd C. Miller
e98778b2a2 When creating a passwd struct from a uid that is not in the passwd 
database, set pw_gid to the user's gid instead of whatever the user
specified via the -g flag (or 0 if no -g).
 2015-04-16 13:19:04 -06:00
Todd C. Miller
3de14196c8 Add some ldap_err2string() debugging when the LDAP search fails. 
Adapted from a diff from Steven Soulen.
 2015-04-14 09:50:40 -06:00
Todd C. Miller
db74048989 Sync with translationproject.org 2015-04-13 14:04:49 -06:00
Todd C. Miller
a79f3790ee Add sys/types.h 2015-04-09 11:01:41 -06:00
Todd C. Miller
eeca3b0ca4 Include sys/types.h instead of unistd.h to get uid_t and gid_t. 
Add missing include of sys/types.h to a few places.
 2015-04-09 10:58:04 -06:00
Todd C. Miller
15037d3b7e Make libsudo_util depend on libintl instead of requiring users of 
libsudo_util to link with libintl directly.  Bug #690
 2015-03-22 08:16:22 -06:00
Todd C. Miller
3b30984406 Use saved errno in vlog_warning() before calling sudo_vwarn_nodebug(). 
Fixes the error message printed if set_perms() fails.
 2015-03-21 15:41:59 -06:00
Todd C. Miller
be4872f691 For sudoedit, run the editor with the user's original environment 
as per the documentation (and as in sudo 1.7.x).  Bug #688
 2015-03-16 20:19:24 -06:00
Todd C. Miller
d8d6fae793 Sync with translationproject.org 2015-03-16 14:11:19 -06:00
Todd C. Miller
0600a0d0a9 Sync with translationproject.org 2015-03-09 11:16:09 -06:00
Todd C. Miller
9896b2243d Sync with translationproject.org 2015-03-05 12:28:51 -07:00
Todd C. Miller
ee72cba937 Use futimens() and utimensat() instead of futimes() and utimes(). 2015-03-02 13:58:50 -07:00
Todd C. Miller
ea514dc391 Fix compiler warning on systems where mode_t is not unsigned int, 
such as 32-bit Solaris.
 2015-03-02 13:58:45 -07:00
Todd C. Miller
c9d4e1084c Fix logic for verifypw/listpw all in sudoers LDAP and sssd. 2015-03-02 11:37:43 -07:00
Todd C. Miller
74d3745cc6 regen 2015-02-27 14:48:41 -07:00
Todd C. Miller
233783511d Define YYDEBUG to 0 if not already defined so we can protect use 
of sudoersdebug with "#if YYDEBUG" like the generated parser does.
From David Michael.
 2015-02-27 07:10:20 -07:00
Todd C. Miller
d09a838939 regen 2015-02-26 09:40:10 -07:00
Todd C. Miller
8fdc46433c Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used. 2015-02-25 16:45:12 -07:00
Todd C. Miller
973286c7ac Check the return value of gettimeofday(), even though it should 
never fail.
 2015-02-25 07:10:25 -07:00
Todd C. Miller
5d2e9426b2 We cannot (easily) use clock_gettime(CLOCK_MONOTONIC) directly as 
it may be present but not implemented.  Add sudo_gettime_real() and
sudo_gettime_mono() functions to get the real and monotonic times
respectively.  Now sudo_gettime_mono() checks the value of
sysconf(_SC_MONOTONIC_CLOCK) before calling clock_gettime(CLOCK_MONOTONIC)
and falls back on sudo_gettime_real() as needed.  The Mach version
of sudo_gettime_mono() uses mach_absolute_time().

This should fix problems with timestamp files on systems where
the CLOCK_MONOTONIC is defined but not actually implemented.
 2015-02-24 11:19:21 -07:00
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
e11f32fd42 On AIX use the value of auth_type in /etc/security/login.cfg to 
determine whether to use LAM or PAM unless the user specified the
--with-pam or --with-aixauth configure flags.
 2015-02-23 11:12:43 -07:00
Todd C. Miller
1ca3e1834e Update the regression test that check that all tags are parsed. 2015-02-20 16:02:37 -07:00
Todd C. Miller
bd8eebd6f7 regen 2015-02-20 06:33:37 -07:00
Todd C. Miller
bb5093f40f Sync with translationproject.org 2015-02-20 06:33:02 -07:00