isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,876 Commits 1 Branch 0 Tags
280fabac3854a63a7d15a9c0af2a12c8fa6e7fe3
Commit Graph

309 Commits

Author SHA1 Message Date
Todd C. Miller
fbf396e336 If the user's passwd entry cannot be resolved via the uid, use the 
same error message as visudo.
 2018-10-13 06:19:03 -06:00
Todd C. Miller
e2570307e6 Initialize the pty rows/cols based on the values we stored in user_details. 
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
 2018-10-05 14:04:29 -06:00
Todd C. Miller
9abcd61607 Remove unused system_maxgroups argument from fill_group_list(). 2018-09-22 12:56:11 -06:00
Todd C. Miller
5d31be96a7 Add missing aix_restoreauthdb() call to match the aix_setauthdb() 
added in b8a011be9af7.  Fixes issues on AIX where local users/groups
may not be resolved when some NIS/AD/LDAP is used for users.
 2018-07-23 10:36:08 -06:00
Todd C. Miller
c57ca74405 Use new sudo_getgrouplist2() function instead of getgrouplist(). 2018-06-15 14:05:14 -06:00
Todd C. Miller
18e06825fb Plug memory leak when an I/O plugin is specified in sudo.conf 
but the I/O plugin is not configured.
 2018-04-17 13:41:44 -06:00
Todd C. Miller
b06e046835 Add aix_setauthdb() before the initial getpwuid() call. 2018-03-17 07:49:08 -06:00
Todd C. Miller
faa5baac9b Use setpassent() and setgroupent() on systems that support it to 
keep the passwd and group database open.  Sudo does a lot of passwd
and group lookups so it can be beneficial to just leave the file
open.
 2018-02-20 13:22:59 -07:00
Todd C. Miller
a885b952fb Remove use of AC_HEADER_TIME, only obsolete platforms actually 
need this.  Also stop removing sys/time.h unless the source file
uses struct timeval.
 2018-01-17 09:52:15 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
4168668f53 Add debug printfs around group list retrieval. 2017-12-01 12:58:37 -07:00
Todd C. Miller
a7759b6261 Store the debug instance ID for I/O plugins too. 
Now iolog_open() is consistent with policy_open().
 2017-07-10 16:28:10 -06:00
Todd C. Miller
6a8eaef4b8 Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c 
to exec.c.
 2017-05-15 09:01:10 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
f57629c953 On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE 
to 0.  This will prevent sudo itself from dumping core in this case.
 2017-04-27 12:28:08 -06:00
Todd C. Miller
91aec9730e If the command terminated due to a signal, sudo will send that same 
signal to itself so the parent shell knows the command died from
a signal.  However, we don't want sudo itself to dump core.
 2017-04-27 10:34:30 -06:00
Todd C. Miller
9ee50beaa7 The fix for Bug #722 contained a typo/thinko that resulted in the 
exit status being 0 when a command was killed by a signal other
than SIGINT.  This fixes the signal handler setup so sudo will
terminate with the same signal as the command.  Bug #784.
 2017-04-26 20:17:34 -06:00
Todd C. Miller
a245fedc22 Avoid unused variable when getgrouplist_2() is available. 
It would be nicer to just provide getgrouplist_2() (or the equivalent)
and avoid the ugly #ifdefs.
 2017-04-19 09:39:55 -06:00
Todd C. Miller
0ef26ff0b7 Use ROOT_UID instead of 0 2017-01-12 10:42:26 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
efe957544f Add the argument vector allocated for -s and -i mode to the garbage 
collector list.  Avoids an ASAN warning on exit when the -s or -i
flags are used.
 2016-11-10 10:11:18 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
04340eea60 If get_process_ttyname() fails for errno != ENOENT, just warn 
instead of making it a fatal error.  Bug #755
 2016-09-01 08:23:19 -06:00
Todd C. Miller
e147ba1fec Use W_EXITCODE to construct the wait status if sudo could not execute 
the command.  Fixes the sudo exit value for exec(3) failure.
 2016-08-31 08:39:26 -06:00
Todd C. Miller
ef4e808103 It is possible for get_user_info() to fail for reasons other than 
ENOMEM so print the warning message there rather than in main().
 2016-08-31 05:47:36 -06:00
Todd C. Miller
3e4c7eed31 Move the ignoring of I/O log plugin errors into the I/O log plugin 
itself.
 2016-08-17 14:38:00 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
ed9b457eb2 Set user groups in exec_setup() if they were not already set by 
policy_init_session().  Bug #749
 2016-06-22 10:21:29 -06:00
Todd C. Miller
a2e541aef8 O_NOCTTY has no effect when opening /dev/tty as the open can only 
succeed if there is already a controlling tty.
 2016-05-16 11:17:20 -06:00
Todd C. Miller
3b39377246 Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on 
first open like a physical terminal.  By definition, if you have a
controlling tty, the first open (which might block) has already
occurred.
 2016-05-16 11:12:54 -06:00
Todd C. Miller
0f359e038c Fix memory leak on error if sudo_new_key_val() fails. 
Coverity CID 104103.
 2016-05-07 04:57:11 -06:00
Todd C. Miller
6473d55aa7 Cast the return value of fcntl() to void when setting FD_CLOEXEC. 
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074
 2016-05-05 16:16:24 -06:00
Todd C. Miller
829917f008 pid_t is defined by POSIX as a signed integer type so we don't need 
a cast when comparing to -1.
 2016-05-04 14:14:38 -06:00
Todd C. Miller
f88da1c1a0 Do group setup in policy_init_session() before calling out to the 
plugin.  This makes it possible for the pam_group module to change
the group in pam_setcred().  It's a bit bogus since pam_setcred()
is documented as not changing the group or user ID, but pam_group
is shipped with stock Linux-PAM so we need to support it.
 2016-04-28 11:01:58 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
7b2fbed45d Rename gc_cleanup to gc_run and remove I/O plugins from the plugin 
list when freeing them.
 2016-01-28 14:48:11 -07:00
Todd C. Miller
23aeb0b5ec Free up the garbage via an atexit() handler instead of requiring 
a call to gc_exit.
 2016-01-28 11:01:42 -07:00
Todd C. Miller
9b3ef072f9 Add support for garbage collecting info passed to the plugin before 
exit to appease address sanitizer's leak detector (and valgrind's
leak checker).  We can't free these sooner since the plugin may be
using the memory.  For plugin API 2.0 it should be make clear that
the plugin must make a copy of the data in the arrays passed in to
the plugin's open() function.  Only enabled if NO_LEAKS is defined.
 2016-01-27 15:37:15 -07:00
Todd C. Miller
91bce65e29 Remove sudo_fatalx() calls from format_plugin_settings(). 2016-01-27 13:59:04 -07:00
Todd C. Miller
5507b2328c Pass updated user_env_out, not envp, to the I/O open function. 2016-01-26 07:42:57 -07:00
Todd C. Miller
ca330adada Pass updated argv/envp to the I/O open function like the plugin API 
documents.
 2016-01-26 07:39:43 -07:00
Todd C. Miller
5bae35c05c Fix off by one error in new SET_FLAG macro. 2016-01-20 15:09:32 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
e719d954e7 Add a SET_FLAG macro to simplify parsing command details boolean 
flags.  Previously, flags were only set and never cleared even if
the boolean value was false.  This was not a problem as there were
no default flags for the plugin to enable.  That will change in the
future.
 2016-01-19 10:32:33 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00