isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,469 Commits 1 Branch 0 Tags
24d812d0373dd06a03cae5d7f02f843e7f048b51
Commit Graph

10469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8c5befaae8 Set pp_macos_service_id instead of pp_macos_default_service_id_prefix. 
It is only effective to set pp_macos_default_service_id_prefix in
the indivisual %service sections (and not %set) so we may was well
use pp_macos_service_id which includes the service name.
 2020-04-22 12:40:52 -06:00
Todd C. Miller
c70606c3c9 Set launchd service id prefix to "ws.sudo." 
The default value in PolyPkg is "com.quest.rc."
 2020-04-22 10:45:03 -06:00
Todd C. Miller
d5b06ff7fa Fix macOS package creation. 2020-04-22 08:58:07 -06:00
Todd C. Miller
557be2b0b1 Shut down the TLS connection cleanly in client_closure_free(). 
Also free the SSL data which is part of the client closure.
 2020-04-21 15:01:44 -06:00
Todd C. Miller
76bf9a73bc Fix sudoedit when running with SELinux RBAC mode. 
We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a pty!).
There's no need to relabel the tty when copying files.
Get the path to sesh from sudo.conf.

Currently, for SELinux RBAC, the editor runs with the target user's
security context. This defeats the purpose of sudoedit.  Fixing
that requires passing file descriptors between the main sudo process
(running with the invoking user's security context) and sesh (runnning
with the target user's security context).
 2020-04-21 14:29:23 -06:00
Todd C. Miller
009876bf36 Refactor the sudoedit code to copy files so it can be shared. 
The SELinux sudoedit code now extends the destination file the
same way the non-SELinux version does.
 2020-04-21 11:05:32 -06:00
Todd C. Miller
0bd39701b4 Do not remove sudoedit temporary files if we cannot overwrite the real file. 
The warning message says the files were preserved but they actually
got removed.
 2020-04-21 11:05:30 -06:00
Todd C. Miller
d22800edd5 Only remove the systemd unit service file if we copied it manually. 
If the service file was installed as part of the package it will
be removed automatically when the package is uninstalled.
 2020-04-21 11:05:29 -06:00
Todd C. Miller
99129ba41f Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX. 2020-04-21 11:05:29 -06:00
Todd C. Miller
c161f68b43 Document TLS settings in ServerHello 2020-04-20 11:12:03 -06:00
Todd C. Miller
adb4360c40 Extend the original file before to the new size before updating it. 
Instead of opening the original file for writing w/ tuncation, we
first extend the file with zeroes (by writing, not seeking), then
overwrite it.  This should allow sudo to fail early if the disk is
out of space before it overwrites the original file.
 2020-04-17 19:08:56 -06:00
Todd C. Miller
2a60816f75 I/O log plugins should be closed *before* the policy plugin, not after. 2020-04-17 15:57:06 -06:00
Todd C. Miller
af4eb80dfb Fix typo 2020-04-17 15:37:41 -06:00
Todd C. Miller
132b943a2d Only display error string once on I/O error. 
We already include the error string in the format so no need to use
errno too.
 2020-04-17 15:36:45 -06:00
Todd C. Miller
ae7bb12335 Free passwd and group caches in I/O plugin after log_warning(), not before. 
The logging functions may try to use the cache via set_perms(PERM_ROOT).
 2020-04-17 15:07:25 -06:00
Laszlo Orban
481427f9f0 add missing shudown of TLS connection 2020-04-17 07:00:19 -06:00
Todd C. Miller
a89ddb63fd Disable systemd support on Linux systems that don't use it. 2020-04-16 15:32:07 -06:00
Todd C. Miller
024b146d06 1.9.0 final 2020-04-14 19:26:41 -06:00
Todd C. Miller
1034d3f5b6 Update PolyPkg from my branch with systemd support. 2020-04-14 19:25:49 -06:00
Todd C. Miller
75b9a26a37 If the signal.Signals enum is not present, search the dictionary. 
The Signals enum was added in Python 3.5.  If it is not present we
need to iterate over the dictionary items, looking for signal name
to number mappings.  Fixes the signal tests with Python 3.4.
 2020-04-09 10:49:59 -06:00
Todd C. Miller
57cef10ce9 Python dictionaries are sparse so we cannot use pos as an index. 
When converting sudo options from a dictionary to a tuple we need
to track the current index into the tuple separately from the
position of the dictionary entry.
 2020-04-09 08:34:29 -06:00
Todd C. Miller
324b237245 Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package. 
For rpm and deb we include the file directly and mark it volatile.
For all others we copy it in the postinstall script from the example
dir if the file doesn't already exist.
 2020-04-08 15:46:30 -06:00
Todd C. Miller
eebe68233c Check for the Sun Studio C compiler on Solaris under /opt. 
Also intialize with_python to false.
 2020-04-08 14:10:03 -06:00
Todd C. Miller
6d32858b4f regen 2020-04-08 12:50:39 -06:00
Todd C. Miller
3bf4172272 Explicitly include stdio.h for getdelim(3) 2020-04-08 12:42:58 -06:00
Todd C. Miller
ce92674cc2 Reload sudo.conf upon SIGUP 
This makes it possible to update the Debug settings in sudo.conf and
have them take effect on reload.
 2020-04-08 10:19:55 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug. 
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
 2020-04-08 09:26:41 -06:00
Todd C. Miller
18ff60f6ff Disable IPv4-mapped IPv6 addresses in the listener. 
Also store the host + port string and use it in error messages.
 2020-04-08 08:54:28 -06:00
Todd C. Miller
55eb0a633c Install the example sudo_logsrvd.conf unless one already exists 2020-04-08 08:54:27 -06:00
Todd C. Miller
700becabc0 Make the path to logsrvd_cert.pem match the documentation. 2020-04-07 19:40:08 -06:00
Todd C. Miller
e86106f2e1 Create the pid file parent directory if it doesn't already exist. 
Also package the run directory in the sudo_logsrvd PolyPkg file.
 2020-04-07 19:26:37 -06:00
Todd C. Miller
dfd5a88772 Sudo 1.9.0rc1 2020-04-07 15:08:26 -06:00
Todd C. Miller
d6684b851a Build python packages where possible. 2020-04-07 14:03:58 -06:00
Todd C. Miller
0a10c702be Split sudo_logsrvd and the python plugin into their own packages. 2020-04-07 14:03:58 -06:00
Todd C. Miller
ab18c22ab4 Remove bits for Tru64 kit-style packages 2020-04-07 14:03:58 -06:00
Todd C. Miller
6a2b5fd82f Handle dependencies for .h files in the same directory as the source. 
Fixes missing header dependencies for the sudoers and python plugins.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
5b488f313c Increase the maximum delay again for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21 Make most python tests pass with Python 3.4 
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569 Use regex to match __init__.py instead of hacking it in verify_log_lines() 2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a Use regular expressions when matching expected and actual text. 2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f Sort the list of possible plugins before printing it. 
This gives more reproducible error messages for the tests.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336 Avoid using typing annotations so tests run with Python 3.4. 2020-04-07 14:03:58 -06:00
Todd C. Miller
ee868776de Include all python plugin files in MANIFEST, not the directory itself. 2020-04-07 14:10:36 -06:00
Robert Manner
468a5d228e logsrvd/eventlog.c: add a newline after each log message for logfile output 2020-04-06 07:31:01 -06:00
Robert Manner
8f0370cd8e lib/iolog/iolog_fileio.c: do not call fchown on invalid fd 
Fixes the warning in the log:
iolog_write_info_file_json: unable to fchown 0:0 /var/log/...: Bad file descriptor
 2020-04-06 07:31:01 -06:00
Robert Manner
ace8e18953 logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually ==root) 2020-04-06 07:31:01 -06:00
Todd C. Miller
e31e0c4d3f Don't pass a NULL submitcwd or ttyname value to the server. 
It is possible for the cwd and/or tty to be missing.  If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
 2020-04-06 07:18:58 -06:00
Todd C. Miller
93f5e1be36 Fall back to using Py_Finalize() for Python version < 3.6 2020-04-06 07:05:20 -06:00
Todd C. Miller
4e44bd46fe Disable -Wstrict-prototypes for sudo_hook_fn_t typedef. 2020-04-06 07:05:20 -06:00
Todd C. Miller
725f9f6521 Updated translations from translationproject.org 2020-04-05 13:26:28 -06:00