isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,964 Commits 1 Branch 0 Tags
2781ec030bd3f9fd6a8d56c19d3cfe4b73f2376c
Commit Graph

9964 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Manner
2781ec030b src/sudo.c: call audit plugin close when result is a wait status 2020-02-10 05:31:30 -07:00
Robert Manner
0202dc67cc Makefile.in: fix install target for out of source build 
The scriptdir contained a path relative to where the target was started.
The scripts are called like "$scriptdir/script_name" which is fine with
relative path as well, until the current directory is not changed.
But things like
  cd $srcdir && $scriptdir/script_name
fails (if building in separate build directory).
 2020-02-10 05:28:34 -07:00
Robert Manner
ecdaaffd57 doc/sudo_plugin_python: document python audit plugin support 2020-02-10 05:24:16 -07:00
Robert Manner
bd465b3087 doc/sudo_plugin_python: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
8f79d5c1c7 doc/sudo_plugin_python: update python manual for constant -> enum changes 2020-02-10 05:24:16 -07:00
Robert Manner
1a1cb54975 plugins/python/regress/check_python_examples: add audit_plugin tests 2020-02-10 05:24:16 -07:00
Robert Manner
52d067b01f plugins/python: add example python audit plugin 2020-02-10 05:24:16 -07:00
Robert Manner
cbf60cff5d plugins/python: add python audit plugin wrapper 2020-02-10 05:24:16 -07:00
Robert Manner
bbbcb39334 plugins/python/example_*.py: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
9c4f076f85 plugins/python/regress: add test for callback error msg return 2020-02-10 05:24:16 -07:00
Robert Manner
3dd5f37af7 plugins/python: add support for callback errstr arguments 
Plugins can raise a sudo.PluginError exception to add context message
for the failure.

The callback's errstr gets filled up with the specified message.
But, as sudo expects a string constant (will not free the string),
we store it in the plugin context at least until next callback
invocation.
 2020-02-10 05:24:16 -07:00
Robert Manner
45d2638571 plugins/python/example*.py: pep8 fixes (mainly line too long) 2020-02-10 05:24:16 -07:00
Robert Manner
0f3631cc08 plugins/python/regress: load/unload module for each testcase 
so they can start from clean state. (My problem was optional argument
tests has destroyed the callbacks.)
 2020-02-10 05:24:16 -07:00
Robert Manner
36694fce86 plugins/python/python_plugin_common: close can get custom arguments 
For the audit plugin.
Ensure we do not fail if plugin_ctx->py_instance is NULL (because
plugin init has failed).
 2020-02-10 05:24:16 -07:00
Robert Manner
a7eb9d3412 plugins/python_plugin_io,policy: fix version display in verbose mode 
Unfortunately the test did not catch this mistake, because it only
searches that "Python policy plugin API version" string is present
and does not check the version.
 2020-02-10 05:24:16 -07:00
Robert Manner
99f99e8a56 plugins/python/sudo_python_module.c: fix options_as_dict if no equal sign 
The intented behaviour was that those get skipped, but the PyList_GetItem
sets the interpreter into error state, so python has raised exception.
 2020-02-10 05:24:16 -07:00
Robert Manner
21c02e1732 plugins/python/sudo_python_module.c: use IntEnums instead of constants 
It is a bit more code, but it is more "pythonic" and easier to debug
as the enum values also know their names.

It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as sudo.RC will
be the "type" of the enum, but I guess that is acceptable before the
initial release.
 2020-02-10 05:24:16 -07:00
Robert Manner
67ab6fd5d6 plugins/python/python_plugin_policy: add missing debug return 2020-02-10 05:24:16 -07:00
Robert Manner
62524416eb plugins/python/pyhelpers: add helpers for attribute handling 
to simplify code a bit.
 2020-02-10 05:24:16 -07:00
Robert Manner
4110800c14 plugins/python/example_io_plugin: close the file at destroy 
to avoid warning of debug python build.
 2020-02-10 05:24:16 -07:00
Robert Manner
a3a7630ff4 plugins/python: memleak fixes in test 
The main problem was that string array objects were constructed
differently:
- if constructed by the test, then the elements were constant
- if constructed by the plugin, then the elements were allocated

Modified it so that now each array contains allocated strings so
they can be handled similarly. For freeing, I have used the
str_array_free function from the plugin, so I have linked its object
into the test runner.

Happy path is now free of "definitely lost" memleaks, so the test
can be used for valgrind.
 2020-02-10 05:24:16 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
c5afbf00fc Mark main sudo usage() function __noreturn__. 
This splits the usage printing out into display_usage().
 2020-02-08 12:17:33 -07:00
Todd C. Miller
c92f39ed3d Use json functions from libsudo_util in cvtsudoers. 2020-02-08 09:11:02 -07:00
Todd C. Miller
d25ce46c56 Check localtime() return value; coverity CID 208156 2020-02-07 13:58:31 -07:00
Todd C. Miller
a75992897c Check fseeko() return value; coverity CID 207993 2020-02-07 13:24:11 -07:00
Todd C. Miller
630fc9b17b Make restart and elapsed members of the closure structs not pointers. 
Fixes coverity CID 207992
 2020-02-07 13:12:38 -07:00
Todd C. Miller
9d5f066180 Check return value of sudo_lock_file(); coverity CID 207991 2020-02-07 12:59:52 -07:00
Todd C. Miller
589adfee2d Only keepalive if accept() succeeded; coverity CID 207990 2020-02-07 12:54:53 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
aa1ca9c9ba Add sample approval plugin that simply tests for "business hours" 2020-02-06 13:53:09 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
0972dafb1f Refactor code to alloc and insert a new plugin_container. 
The only outlier is the policy plugin which is not part of a list
since there can only be a single policy plugin.
 2020-02-06 12:49:15 -07:00
Todd C. Miller
ce21233fbe Tech audit_json about approval plugin accept/reject 2020-02-06 12:49:13 -07:00
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
404b28c4d0 Exported symbol is audit_json 2020-02-05 21:12:49 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
c2faa9e6ef Add runas_user and runas_group (if set) to command_info for audit plugin. 
Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.
 2020-02-05 10:53:50 -07:00
Todd C. Miller
d219c64635 Only enable pwfeedback when reading password from /dev/tty. 
This effectively disables pwfeedback when the -S or -A options are used.
 2020-02-05 10:53:49 -07:00
Laszlo Orban
0ca2d1427b fixed compiler error when sudo is configured without --enable-openssl 2020-02-03 06:09:47 -07:00
Todd C. Miller
cec6b1708a Regenerate .man.in files from .mdoc.in 2020-02-02 16:13:05 -07:00
Todd C. Miller
b35cc96f0e Update documentation for setbase when the given base is NULL. 2020-02-02 16:12:39 -07:00
Todd C. Miller
658702b6d4 For plugin events, set the sudo event base for setbase(NULL). 
This makes it possible for a plugin to change the event base
to a local one and then reset it back to its original value.
 2020-02-02 12:37:11 -07:00
Todd C. Miller
49e7e4ecd5 Don't display "error in event loop" on loop break reading ServerHello. 
We should already have displayed a more useful error message.
Otherwise, we can get two "error in event loop" warnings if
the TLS handshake fails (in addition to other error messages).
 2020-02-01 08:32:27 -07:00
Todd C. Miller
b9bea25592 Read ServerHello message synchronously before the command is executed. 
Otherwise, the command could be run before the TLS handshake completes.
 2020-01-31 19:48:27 -07:00
Laszlo Orban
1e5562df93 Refactor sudo_sendlog in order to be able to send one I/O log multiple times in parallel (for testing purposes) 2020-01-31 13:45:13 -07:00
Todd C. Miller
790f8bb629 Document audit plugin in the sudo_plugin manual. 2020-01-30 20:57:40 -07:00
Todd C. Miller
1b7dc82fee Change audit close arguments to a type and value. 
That way we can distinguish between different error types.
 2020-01-30 17:05:27 -07:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00