isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,374 Commits 1 Branch 0 Tags
2ff8f8601b8f348ee932aa6b65756d0723dfa9cb
Commit Graph

9374 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2ff8f8601b Fix trimming of non-escaped trailing space in ldif_parse_attribute(). 
Found by PVS-Studio.
 2018-10-18 14:29:33 -06:00
Todd C. Miller
c2d93b8c97 Simplify the logic surrounding sudoers_args in command_args_match(). 
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.
 2018-10-18 14:24:55 -06:00
Todd C. Miller
54784a234c If sudo_ldap_get_values_len() fails goto cleanup instead of oom. 
This is not strictly necessary as there's not anything to cleanup
in this case but it is more consistent with the code that follows.
 2018-10-18 14:19:09 -06:00
Todd C. Miller
63afa569f7 Fix handling of timeout values in sudoers. 
When passing the timeout back to the front end, ignore the
user-specified timeout if it is not set (initialized to 0).
Otherwise, sudo would choose a zero user-specified timeout over
the sudoers-specified timeout (non-zero).
 2018-10-18 08:08:44 -06:00
Todd C. Miller
675fc34c3d Fix cut & pastos in cvtsudoers_make_gritem() 2018-10-17 09:54:53 -06:00
Todd C. Miller
60f0d65e22 Fix expected test output now that command_timeout is parsed correctly 
in LDIF.
 2018-10-17 06:57:06 -06:00
Todd C. Miller
939585e906 tv_nsec can never be negative after timespecsub. 
Found by PVS Studio
 2018-10-17 06:21:48 -06:00
Todd C. Miller
25a58ba1ca Avoid potentially undefined behavior. 
Found by PVS Studio.
 2018-10-16 12:50:43 -06:00
Todd C. Miller
e1a402f1d6 sudo_ldap_parse_option() never returns '=' as the operator. 
When parsing command_timeout, role, type, privs and limitprivs,
check that val is non-NULL instead.  Found by PVS Studio.
 2018-10-16 12:49:34 -06:00
Todd C. Miller
a9fd783f20 Fix up #line entries that reference lex.sudoers.c. 2018-10-16 10:31:43 -06:00
Todd C. Miller
387672583e Fix workaround for broken sudo 1.8.7 timing files. 2018-10-13 08:08:16 -06:00
Todd C. Miller
fa7e6f3f04 Fix memory leak when reusing the runas list. We need to free the 
member list itself as well as its contents.
 2018-10-13 07:31:34 -06:00
Todd C. Miller
75d9c6f165 Some DIAGNOSTICS updates: 
Update error message for when the user's uid does not exist in passwd.
Remove "This error indicates" and some other cosmetic cleanups.
 2018-10-13 06:21:52 -06:00
Todd C. Miller
fbf396e336 If the user's passwd entry cannot be resolved via the uid, use the 
same error message as visudo.
 2018-10-13 06:19:03 -06:00
Todd C. Miller
ae7198a247 Add a DIAGNOSTICS section with an explanation of the more non-trivial 
error messages.
 2018-10-12 09:40:37 -06:00
Todd C. Miller
b89cf34b53 Replace sudo_fatal(NULL) with an "unable to allocate memory" message 
that includes the function name.
 2018-10-12 08:39:12 -06:00
Todd C. Miller
9e269e0acd Make EOF handling while reading the password prompt more like getpass(3). 
We now return the password as long as at least one character has
been read.  Previously, EOF at the password prompt was treated as
if nothing was entered.
 2018-10-09 14:20:13 -06:00
Todd C. Miller
7b395aad89 regen 2018-10-09 14:13:28 -06:00
Todd C. Miller
ab2cba0f5d Print a warning for password read issues. 
Issues include: timeout at the password prompt, read error while
reading the password, and EOF reading the password.
 2018-10-09 13:25:52 -06:00
Todd C. Miller
2b56252210 Handle EOF on password input when pwfedback is enabled. 2018-10-08 06:47:53 -06:00
Todd C. Miller
013e0025c9 Fix remaining instances of "e.g." without a trailing ','. 2018-10-07 07:35:36 -06:00
Todd C. Miller
675802b71c Use mdoc macros for BSD systems. 
All manuals now pass "make lint"
 2018-10-07 07:34:22 -06:00
Todd C. Miller
244be23301 Use -Wstyle with -Tlint since sudo is not part of the base system. 
This avoids "referenced manual not found" and "operating system
explicitly specified" warnings.
 2018-10-07 07:26:28 -06:00
Todd C. Miller
5433eb546a Document log_suspend() and fix the description of the change_winsize() return value. 2018-10-07 07:18:29 -06:00
Todd C. Miller
dd6a6e4013 Fix problems found by igor. Bug #854 2018-10-06 06:00:56 -06:00
Todd C. Miller
a814da673f Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed twice). 2018-10-06 05:55:41 -06:00
Todd C. Miller
ec2cc68c0b Add igor target to run igor(1) on the manuals. 2018-10-06 05:39:20 -06:00
Todd C. Miller
a71eb86a71 Add new -S option to sleep while the command was suspended. 
The default behavior is now to not consider the time the command
was suspended as part of the normal inter-event delay.
 2018-10-05 14:48:35 -06:00
Todd C. Miller
cf07dc0757 Add a suspend event type to the I/O log to log suspend/resume of 
the command so we can skip that delay during replay.
 2018-10-05 14:16:08 -06:00
Todd C. Miller
e2570307e6 Initialize the pty rows/cols based on the values we stored in user_details. 
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
 2018-10-05 14:04:29 -06:00
Todd C. Miller
c0e8bde104 Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf. 2018-09-27 09:58:10 -06:00
Todd C. Miller
2121693879 Move definition of TIME_T_MAX to sudo_util.h 2018-09-24 14:21:58 -06:00
Todd C. Miller
4c4f44621f Changes in 1.8.26 (so far). 2018-09-24 06:09:07 -06:00
Todd C. Miller
d537daf787 Treat LOGIN, LOGNAME and USER specially. If one is preserved 
or deleted we want to preserve or delete all of them.
 2018-09-24 05:30:28 -06:00
Todd C. Miller
5f61f2c0f4 Remove special handling of the USERNAME environment variable. It 
used to be set on old versions of Fedora but that hasn't been the
case for some time.  It's worth noting that ssh doesn't set USERNAME
either.
 2018-09-24 05:30:03 -06:00
Todd C. Miller
ce9a7dd25a sudo 1.8.26 2018-09-24 05:29:21 -06:00
Todd C. Miller
9abcd61607 Remove unused system_maxgroups argument from fill_group_list(). 2018-09-22 12:56:11 -06:00
Todd C. Miller
d8870177c2 Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room 
for the primary gid.
 2018-09-22 12:55:44 -06:00
Todd C. Miller
72ce2c807b In print_member_json_int() eliminate the need_newline variable 
and just move the non-alias expansion printing bits into the
else clause, including the newline and comma printing.
 2018-09-20 15:15:14 -06:00
Todd C. Miller
8bf279b11e Add regress test for bug #853 2018-09-20 15:10:15 -06:00
Todd C. Miller
8aad365082 When expanding an alias in print_member_json_int() avoid printing 
an extra comma at the end of the entry.  Bug #853.
 2018-09-20 14:56:25 -06:00
Todd C. Miller
8e1e464331 Add Kan Sasaki 2018-09-12 09:07:07 -06:00
Todd C. Miller
365a1ecd46 sudo 1.8.25p1 2018-09-12 09:03:28 -06:00
Todd C. Miller
c639c965cf Fix a crash in the event system's poll() backend introduced with 
support for nanosecond timers.  Only affects systems without ppoll().
Bug #851
 2018-09-12 07:02:13 -06:00
Todd C. Miller
1a9b932ffd regen 2018-09-02 06:29:32 -06:00
Todd C. Miller
27e549a3ef Allow for some clock drift due to ntpd, etc. 2018-08-31 09:22:59 -06:00
Todd C. Miller
470a7830dc If sudo_lock_file() fails for a reason other than the file already 
being locked, give the user a chance to edit anyway.
 2018-08-31 08:08:45 -06:00
Todd C. Miller
0715b55474 Quick sort is not a stable sort; use distinct sudoOrder values so 
the output is predictable.
 2018-08-30 14:43:24 -06:00
Todd C. Miller
a924b4610b Fix warnings on OpenIndiana (Illumos) 2018-08-30 14:06:18 -06:00
Todd C. Miller
765d99e1f9 Correct ldap_to_sudoers() return value. 2018-08-30 13:47:02 -06:00