Commit Graph

10469 Commits

Author SHA1 Message Date
Todd C. Miller
4ee7ae6471 Install example sudo_logsrvd.conf file 2020-04-03 13:20:17 -06:00
Todd C. Miller
79d3bd8223 Fixed Debian bugs #571621, #596631 and #669687 2020-04-02 13:58:13 -06:00
Todd C. Miller
66c8f69f8d Make it clear in the sudoers grammar that sudoedit needs file args.
Debian bug #571621
2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND.
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a Do not try to delete creds we did not set.
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems.
Otherwise we may get a spurious test failure.
2020-04-01 10:23:50 -06:00
Todd C. Miller
835984adc2 Document when cwd_optional was added. 2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin.
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244 The policy close function is responsible for closing the PAM session. 2020-03-31 17:23:37 -06:00
Todd C. Miller
8b35753a21 Config file for clang-format 8.x and higher based on webkit style.
This approximates what I want the sudo coding style to look like.
Only deviations from webkit style are included.
2020-03-31 13:35:24 -06:00
Todd C. Miller
3221c8b4d8 Don't kill the command just because the loop exited unexpectedly.
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.

In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.

For now, only kill the command if cstat is left uninitialized.
2020-03-31 08:49:30 -06:00
Todd C. Miller
c122e9bf62 Write process ID as an unsigned int (with a cast).
On Solaris, pid_t may be typedef'd as a long but the actual range
is 32 bits at most.
2020-03-29 09:11:57 -06:00
Todd C. Miller
d4b2db9078 Add license info for a few other files.
These are all ISC licensed but it is still best to have them
all listed in one place.
2020-03-29 06:54:59 -06:00
Todd C. Miller
5b1de6cfc8 Updated translations from translationproject.org 2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575 Update sudoers.pot with json parser warnings. 2020-03-29 05:05:08 -06:00
Todd C. Miller
891872336f Add sudo_logsrvd as a service so it gets started at boot. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
1b90f65609 sudo_logsrvd now exits with an error if it cannot open any listen sockets. 2020-03-29 05:05:08 -06:00
Todd C. Miller
baccc0f5c3 Update NEWS for 1.9.0b5 changes 2020-03-29 05:05:08 -06:00
Todd C. Miller
01ceba0445 Simply the JSON parsing code a bit.
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf Add tests for the simple json parser. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00
Todd C. Miller
9b144069fc Store runenv in the I/O log info file too. 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present.
The JSON version includes more information than the original "log"
file in the I/O log dir.
2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format.
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
9ab8efa8f4 Ignore __pycache__ directories. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
a46d8bd11a Enable OpenSSL on systems that can support it. 2020-03-19 06:05:32 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate().
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
2020-03-17 20:07:48 -06:00
Todd C. Miller
d75d36b68c Include stdlib.h for malloc(3) prototype.
We shouldn't rely on it to be implicitly included via OpenSSL headers.
2020-03-17 17:24:46 -06:00
Todd C. Miller
390ace9253 Only set errstr for plugin API version 1.15 and above. 2020-03-16 14:26:56 -06:00
Todd C. Miller
26097a442a Sudo 1.8.31p1 2020-03-14 11:23:26 -06:00
Todd C. Miller
712afe0319 Ignore a failure to restore the RLIMIT_CORE resource limit.
Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
if we set the limit to zero, even for root.  This is not a problem
outside the container.
2020-03-14 11:13:55 -06:00
Todd C. Miller
7ace49a333 regen 2020-03-12 17:39:56 -06:00
Todd C. Miller
d83c09fb66 Add SUDO_EV_MASK to mask off invalid event values.
Now used by sudo_ev_init() to avoid bogus events.
2020-03-12 14:00:15 -06:00
Todd C. Miller
a23048bbb2 Avoid using sprintf(), vsprintf(), strcat(), and strncat().
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
2020-03-11 19:46:07 -06:00
Todd C. Miller
1015b493b0 Work around two Coverity false positives; CID 208813 208815 2020-03-11 19:30:00 -06:00
Todd C. Miller
b308b63b50 Fix potential use-after-free; Coverity CID 208814 2020-03-11 19:28:36 -06:00
Todd C. Miller
ec78f06890 Don't hard-code path to logging/__init__.py or line numbers.
Allows python plugin tests to success on versions other than 3.7.
2020-03-11 17:18:10 -06:00
Todd C. Miller
6c1b155fed Add copyright for the Python bindings. 2020-03-11 15:43:48 -06:00
Todd C. Miller
277b297ae0 Fix typo introduced on systems with O_PATH or O_EXEC 2020-03-11 15:42:46 -06:00
Todd C. Miller
d31689211e Update for sudo 1.9.0 2020-03-11 13:45:13 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
3edd30a27d A struct member of type ALL should have its name field set to NULL. 2020-03-11 11:17:52 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias.
Some people find using Cmd_Alias more natural.
2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00