Todd C. Miller
4ee7ae6471
Install example sudo_logsrvd.conf file
2020-04-03 13:20:17 -06:00
Todd C. Miller
79d3bd8223
Fixed Debian bugs #571621 , #596631 and #669687
2020-04-02 13:58:13 -06:00
Todd C. Miller
66c8f69f8d
Make it clear in the sudoers grammar that sudoedit needs file args.
...
Debian bug #571621
2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5
Truncate the command args at 4096 chars when formatting SUDO_COMMAND.
...
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a
Do not try to delete creds we did not set.
...
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8
Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
...
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command. Debian bug #669687
2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81
Increase the maximum delay for slower systems.
...
Otherwise we may get a spurious test failure.
2020-04-01 10:23:50 -06:00
Todd C. Miller
835984adc2
Document when cwd_optional was added.
2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90
Add cwd_optional to command details and enable it in the sudoers plugin.
...
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244
The policy close function is responsible for closing the PAM session.
2020-03-31 17:23:37 -06:00
Todd C. Miller
8b35753a21
Config file for clang-format 8.x and higher based on webkit style.
...
This approximates what I want the sudo coding style to look like.
Only deviations from webkit style are included.
2020-03-31 13:35:24 -06:00
Todd C. Miller
3221c8b4d8
Don't kill the command just because the loop exited unexpectedly.
...
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.
In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.
For now, only kill the command if cstat is left uninitialized.
2020-03-31 08:49:30 -06:00
Todd C. Miller
c122e9bf62
Write process ID as an unsigned int (with a cast).
...
On Solaris, pid_t may be typedef'd as a long but the actual range
is 32 bits at most.
2020-03-29 09:11:57 -06:00
Todd C. Miller
d4b2db9078
Add license info for a few other files.
...
These are all ISC licensed but it is still best to have them
all listed in one place.
2020-03-29 06:54:59 -06:00
Todd C. Miller
5b1de6cfc8
Updated translations from translationproject.org
2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575
Update sudoers.pot with json parser warnings.
2020-03-29 05:05:08 -06:00
Todd C. Miller
891872336f
Add sudo_logsrvd as a service so it gets started at boot.
2020-03-29 05:05:08 -06:00
Todd C. Miller
f908ddd1bf
Create a pidfile for sudo_logsrvd when not run with the -n flag.
2020-03-29 05:05:08 -06:00
Todd C. Miller
1b90f65609
sudo_logsrvd now exits with an error if it cannot open any listen sockets.
2020-03-29 05:05:08 -06:00
Todd C. Miller
baccc0f5c3
Update NEWS for 1.9.0b5 changes
2020-03-29 05:05:08 -06:00
Todd C. Miller
01ceba0445
Simply the JSON parsing code a bit.
...
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf
Add tests for the simple json parser.
2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20
Do not use JSON_ARRAY with sudo_json_add_value()
2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2
Create files for check_iolog_plugin in the build dir, not src dir.
2020-03-29 05:05:08 -06:00
Todd C. Miller
9b144069fc
Store runenv in the I/O log info file too.
2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572
Parse I/O JSON info file in JSON if present.
...
The JSON version includes more information than the original "log"
file in the I/O log dir.
2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70
Write an extended I/O info log in JSON format.
...
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2
iolog_parse_loginfo() now opens the log file itself.
2020-03-29 05:05:08 -06:00
Todd C. Miller
9ab8efa8f4
Ignore __pycache__ directories.
2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be
Some new source files got created with my old email address.
2020-03-29 05:05:08 -06:00
Todd C. Miller
a46d8bd11a
Enable OpenSSL on systems that can support it.
2020-03-19 06:05:32 -06:00
Todd C. Miller
84d9c7b241
Add configure check for SSL_CTX_get0_certificate().
...
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions. Rewriting this to work with old OpenSSL
is not worth the trouble.
2020-03-17 20:07:48 -06:00
Todd C. Miller
d75d36b68c
Include stdlib.h for malloc(3) prototype.
...
We shouldn't rely on it to be implicitly included via OpenSSL headers.
2020-03-17 17:24:46 -06:00
Todd C. Miller
390ace9253
Only set errstr for plugin API version 1.15 and above.
2020-03-16 14:26:56 -06:00
Todd C. Miller
26097a442a
Sudo 1.8.31p1
2020-03-14 11:23:26 -06:00
Todd C. Miller
712afe0319
Ignore a failure to restore the RLIMIT_CORE resource limit.
...
Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
if we set the limit to zero, even for root. This is not a problem
outside the container.
2020-03-14 11:13:55 -06:00
Todd C. Miller
7ace49a333
regen
2020-03-12 17:39:56 -06:00
Todd C. Miller
d83c09fb66
Add SUDO_EV_MASK to mask off invalid event values.
...
Now used by sudo_ev_init() to avoid bogus events.
2020-03-12 14:00:15 -06:00
Todd C. Miller
a23048bbb2
Avoid using sprintf(), vsprintf(), strcat(), and strncat().
...
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
2020-03-11 19:46:07 -06:00
Todd C. Miller
1015b493b0
Work around two Coverity false positives; CID 208813 208815
2020-03-11 19:30:00 -06:00
Todd C. Miller
b308b63b50
Fix potential use-after-free; Coverity CID 208814
2020-03-11 19:28:36 -06:00
Todd C. Miller
ec78f06890
Don't hard-code path to logging/__init__.py or line numbers.
...
Allows python plugin tests to success on versions other than 3.7.
2020-03-11 17:18:10 -06:00
Todd C. Miller
6c1b155fed
Add copyright for the Python bindings.
2020-03-11 15:43:48 -06:00
Todd C. Miller
277b297ae0
Fix typo introduced on systems with O_PATH or O_EXEC
2020-03-11 15:42:46 -06:00
Todd C. Miller
d31689211e
Update for sudo 1.9.0
2020-03-11 13:45:13 -06:00
Todd C. Miller
ea8445e364
Allow the ALL keyword to be specified with a digest list.
2020-03-11 11:19:37 -06:00
Todd C. Miller
3edd30a27d
A struct member of type ALL should have its name field set to NULL.
2020-03-11 11:17:52 -06:00
Todd C. Miller
4eca443246
Allow a list of digests to be specified for a command.
2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03
Allow Cmd_Alias in addition to Cmnd_Alias.
...
Some people find using Cmd_Alias more natural.
2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3
Add pam_ruser and pam_rhost sudoers flags.
2020-03-01 13:37:00 -07:00