isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,420 Commits 1 Branch 0 Tags
28d6771d248dc80137ce17261fc913a19a4c34d7
Commit Graph

157 Commits

Author SHA1 Message Date
Todd C. Miller
9a1889a61c Move debug_decl() in log_failure() to be after the variable 
declarations for C89.
 2012-11-30 11:39:27 -05:00
Todd C. Miller
b7ae7977a6 Cannot wrap sigsetjmp() or we end up returning to the wrong place. 
Use a macro instead.
 2012-11-29 06:37:13 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
5496ffe1e8 Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't 
need error_jmp to be extern.  Also add plugin_clearjmp() that clears
a flag so error()/errorx() knows when to call exit() vs. longjmp().
 2012-11-25 09:34:26 -05:00
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
3e5bd8dc52 Include setjmp.h in sudoers.h 
Move error_jmp into plugin_error.c
Rename sudoers_plugin_cleanup sudoers_cleanup
Make sudoers warning/error functions work when sudo_conv is NULL
 2012-11-25 09:33:33 -05:00
Todd C. Miller
02aa965a2d Add calls to set_perms(PERM_ROOT) becore logging to a file. We 
should already be root but since we cache the current permission
status it is basically free.  That way, if more of sudoers runs as
non-root in the future logging will still work correctly.
 2012-11-12 09:41:56 -05:00
Todd C. Miller
e28ce01fe0 Set sudoers locale in log_allowed() 2012-11-09 16:31:23 -05:00
Todd C. Miller
693e6767f0 Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked 
up by xgettext.
 2012-11-09 15:30:06 -05:00
Todd C. Miller
cac7ca6a69 Expand def_mailsub in the sudoers locale, not the user's. 2012-11-08 16:39:44 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
f454a852cb audit_failure() now calls gettext itself using the sudoers locale. 2012-11-08 15:37:43 -05:00
Todd C. Miller
3f82a3407e Convert setlocale() to sudoers_setlocale() in the sudoers module. 
This only converts existing uses, there are more places where we
need to sprinkle sudoers_setlocale() calls.
 2012-11-08 15:37:43 -05:00
Todd C. Miller
5d052aeb60 Do not inform the user that the command was not permitted by the 
policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.
 2012-11-06 11:19:51 -05:00
Todd C. Miller
475662aaa4 Refactor policy plugin interface code from sudoers.c into policy.c 2012-10-25 16:58:31 -04:00
Todd C. Miller
319fe95d08 Make user_cwd const since it is either a string literal or passed 
in from the front-end.
 2012-10-24 16:32:43 -04:00
Todd C. Miller
2b5d43b8aa Add missing debug_return 2012-08-22 10:20:27 -04:00
Todd C. Miller
383e0c860b Fix printing of the permission denied message to standard error 
when a user is not allowed to run a command.  This got broken by
the recent logging changes.
 2012-07-27 16:22:09 -04:00
Todd C. Miller
f7dc1d849f Use "a password is required" instead of "password required" when 
the -n flag is used and we need to read a password.
 2012-07-11 16:28:40 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00
Todd C. Miller
45fea137f9 Fix compilation on gcc 2.95 and other compilers that only allow 
variable declarations at the beginning of a block.
 2012-06-18 13:47:01 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
3ee9cef0da Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR 2011-11-07 16:33:49 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
f90731596a Split out log file word wrap code into its own file and add unit 
tests.  Fixes an off-by one in the word wrap when the log line
length matches loglinelen.
 2011-07-11 15:22:25 -04:00
Todd C. Miller
9ba98ef7b5 Rewrite logfile word wrapping code to be more straight-forward 
and actually wrap at the correct place.
 2011-06-23 14:17:38 -04:00
Todd C. Miller
7960bde2db Minor warning/error message cleanup 2011-05-18 13:04:24 -04:00
Todd C. Miller
fce0b906eb cannot -> "unable to" in warning/error messages 2011-05-18 12:41:06 -04:00
Todd C. Miller
b643b190a7 Prepare sudoers module messages for translation. 2011-05-16 16:32:05 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
6e2778eb22 Move sessid out of sudo_user. 2011-03-11 14:07:26 -05:00
Todd C. Miller
383aef00b1 Log the TSID even if it is not a simple session ID. 2011-03-11 12:11:05 -05:00
Todd C. Miller
21d8f01fac return foo not return(foo) 2011-02-07 06:47:29 -05:00
Todd C. Miller
807a9ca94b Do logging and email sending in the locale specified by the 
"sudoers_locale" setting ("C" by default).  Email send by sudo
includes MIME headers when the sudoers locale is not "C".
 2011-01-28 16:11:47 -05:00
Todd C. Miller
51515c6c01 Prepend "list " to the command logged when "sudo -l command" is 
used to make it clear that the command was listed, not run.
 2011-01-24 15:39:09 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
420db23714 Quiet gcc warnings on glibc systems that use warn_unused_result for 
write(2) and others.
 2010-08-03 11:17:56 -04:00
Todd C. Miller
10e6e572ea Fix check for dup2() return value. 2010-07-19 12:54:30 -04:00
Todd C. Miller
5b9e39ac87 Use _PATH_STDPATH instead of _PATH_DEFPATH 2010-07-12 18:07:52 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
54ffb19ccb remove setsid check, we require a POSIX system 2010-06-15 09:24:56 -04:00
Todd C. Miller
c2f8d24f20 Check for dup2() failure. 2010-06-15 09:02:23 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
047fc3876d Remove sigaction emulation 
Use SA_INTERRUPT in sa_flags
 2010-06-10 15:18:23 -04:00
Todd C. Miller
8ebd909982 Always use a printf format string for send_mail() 2010-06-03 09:48:39 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
13966481c7 Add print_error() function that uses the conversation function to 
print a variable number of error strings and use it in log_error().
 2010-05-03 16:53:05 -04:00