isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,562 Commits 1 Branch 0 Tags
2d2529a15edd0937a7b58488f681feb5be1cc9a1
Commit Graph

212 Commits

Author SHA1 Message Date
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
d8a65715d6 Avoid duplicate warnings when we cannot write to the log file. 
Also send the warning in mail if possible.
 2016-08-17 14:51:20 -06:00
Todd C. Miller
9ccd260842 Make sure we print an error message to stderr (and not just send 
mail) if do_logfile() fails.  Bug #751
 2016-08-15 07:25:18 -06:00
Todd C. Miller
23d288563e Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). 
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
 2016-05-11 07:06:45 -06:00
Todd C. Miller
7b302e09ae Check return value of restore_perms() in vlog_warning(). 
Coverity CID 104079.
 2016-05-06 09:26:45 -06:00
Todd C. Miller
0690793c25 Fix fd leak in do_logfile() if we fail to lock the log file. 
Coverity CID 104115.
 2016-05-06 09:12:39 -06:00
Todd C. Miller
57b1dc5e1d Add missing newline when logging to a file (not syslog) and 
loglinelen is set to a non-positive number.  Bug #742
 2016-04-26 14:39:42 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
701534c63c Fix typo in error message. 2015-07-03 07:06:29 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
e2328479dd Use strtok_r() instead of strtok() 2015-06-19 12:35:51 -06:00
Todd C. Miller
138aa2ccd1 Remove BROKEN_SYSLOG define which was for obsolete versions of HP-UX. 
Remove last remnants of 4.2BSD syslog support.
 2015-06-18 17:53:49 -06:00
Todd C. Miller
ec7e467c58 Remove asprintf() return value warnings. 2015-06-17 17:00:25 -06:00
Todd C. Miller
8eff57f070 Bring back VALIDATE_ERROR which will be used in the case of memory 
allocation errors.
 2015-06-04 20:42:42 -06:00
Todd C. Miller
9d1c408b73 Non-exiting allocators for log functions. If log_allowed() fails 
the user may not run the command.  We don't try to return early for
log_failure(), log_auth_failure() or log_denial() as we would not
run the command in that case.
 2015-05-27 10:55:27 -06:00
Todd C. Miller
eea4e1afd9 Convert two debug_return_int to debug_return_bool. 2015-05-07 10:40:46 -06:00
Todd C. Miller
3b30984406 Use saved errno in vlog_warning() before calling sudo_vwarn_nodebug(). 
Fixes the error message printed if set_perms() fails.
 2015-03-21 15:41:59 -06:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
399d364a90 Remove now-unused VALIDATE_ERROR define. 2015-01-21 10:36:55 -07:00
Todd C. Miller
5415b3d2af should_mail() now returns bool. 2015-01-21 10:33:56 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
f029e3e744 Remove touch() from fileops.c and just call utimes/futimes directly. 
Rename lock_file -> sudo_lock_file to avoid namespace pollution
 2014-06-26 15:51:15 -06:00
Todd C. Miller
337a712745 Pass argc to audit functions too. Will be needed for Solaris audit 
support.
 2014-05-13 09:41:53 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
cbee9cc8cb Remove now-unused log_fatal() 2014-04-30 17:00:20 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
a48c00dc31 Elimate calls to fatal() in the logging code. 2014-04-10 16:03:01 -06:00
Todd C. Miller
ae6fb933f0 Do not assume localtime(), gmtime() and ctime() always return non-NULL. 2014-01-21 16:32:00 -07:00
Todd C. Miller
ef2cff1d33 Now that we have proper number parsing functions we should store 
T_UINT defaults values as unsigned int, not int.
 2013-12-11 14:43:04 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
7017c904c1 log_{fatal,warning} now logs to the debug file itself. 
log_{fatal,warning} now calls warningx2() after setting the
locale itself instead of using the wrapper macros.
This removes the only use of warningx(ngettext(...)).
 2013-11-16 09:21:43 -07:00
Todd C. Miller
702ec173de Move va_copy compat macro to missing.h 2013-11-11 14:35:10 -07:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
91e66c481f Fix setting of mailer argv[0] to basename of mailerpath. 
No need to strdup() mailerpath as it is not modified.
 2013-08-13 14:53:55 -06:00
Todd C. Miller
04b290e385 Make sure the mailer exists and is a regular file before trying 
to exec it.
 2013-08-13 14:48:24 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00