isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,681 Commits 1 Branch 0 Tags
356287557f9954092ecf8cfa1fef884bdac4bd11
Commit Graph

136 Commits

Author SHA1 Message Date
Todd C. Miller
399d364a90 Remove now-unused VALIDATE_ERROR define. 2015-01-21 10:36:55 -07:00
Todd C. Miller
5415b3d2af should_mail() now returns bool. 2015-01-21 10:33:56 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
f029e3e744 Remove touch() from fileops.c and just call utimes/futimes directly. 
Rename lock_file -> sudo_lock_file to avoid namespace pollution
 2014-06-26 15:51:15 -06:00
Todd C. Miller
337a712745 Pass argc to audit functions too. Will be needed for Solaris audit 
support.
 2014-05-13 09:41:53 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
cbee9cc8cb Remove now-unused log_fatal() 2014-04-30 17:00:20 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
a48c00dc31 Elimate calls to fatal() in the logging code. 2014-04-10 16:03:01 -06:00
Todd C. Miller
ae6fb933f0 Do not assume localtime(), gmtime() and ctime() always return non-NULL. 2014-01-21 16:32:00 -07:00
Todd C. Miller
ef2cff1d33 Now that we have proper number parsing functions we should store 
T_UINT defaults values as unsigned int, not int.
 2013-12-11 14:43:04 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
7017c904c1 log_{fatal,warning} now logs to the debug file itself. 
log_{fatal,warning} now calls warningx2() after setting the
locale itself instead of using the wrapper macros.
This removes the only use of warningx(ngettext(...)).
 2013-11-16 09:21:43 -07:00
Todd C. Miller
702ec173de Move va_copy compat macro to missing.h 2013-11-11 14:35:10 -07:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
91e66c481f Fix setting of mailer argv[0] to basename of mailerpath. 
No need to strdup() mailerpath as it is not modified.
 2013-08-13 14:53:55 -06:00
Todd C. Miller
04b290e385 Make sure the mailer exists and is a regular file before trying 
to exec it.
 2013-08-13 14:48:24 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
95b50f84af Use time(&now) instead of now = time(NULL) when storing the current 
time in a time_t (better compiler error checking).
Better parsing and printing of 64-bit time_t on 32-bit platforms.
 2013-04-23 13:15:22 -04:00
Todd C. Miller
1162b55040 Rename log_error() -> log_warning() for consistency with warning()/fatal() 2013-04-18 14:14:03 -04:00
Todd C. Miller
39acd2fcba Rename error/errorx -> fatal/fatalx and remove the exit value as 
it was always 1.
 2013-04-18 14:07:59 -04:00
Todd C. Miller
b7e3516833 Fix compilation in SUDOERS_NO_SEQ case 2013-03-28 14:23:31 -04:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
9a1889a61c Move debug_decl() in log_failure() to be after the variable 
declarations for C89.
 2012-11-30 11:39:27 -05:00
Todd C. Miller
b7ae7977a6 Cannot wrap sigsetjmp() or we end up returning to the wrong place. 
Use a macro instead.
 2012-11-29 06:37:13 -05:00
Todd C. Miller
2632ec7e69 Move warn/error into common and make static builds work. 2012-11-25 09:34:40 -05:00
Todd C. Miller
5496ffe1e8 Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't 
need error_jmp to be extern.  Also add plugin_clearjmp() that clears
a flag so error()/errorx() knows when to call exit() vs. longjmp().
 2012-11-25 09:34:26 -05:00
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
3e5bd8dc52 Include setjmp.h in sudoers.h 
Move error_jmp into plugin_error.c
Rename sudoers_plugin_cleanup sudoers_cleanup
Make sudoers warning/error functions work when sudo_conv is NULL
 2012-11-25 09:33:33 -05:00
Todd C. Miller
02aa965a2d Add calls to set_perms(PERM_ROOT) becore logging to a file. We 
should already be root but since we cache the current permission
status it is basically free.  That way, if more of sudoers runs as
non-root in the future logging will still work correctly.
 2012-11-12 09:41:56 -05:00
Todd C. Miller
e28ce01fe0 Set sudoers locale in log_allowed() 2012-11-09 16:31:23 -05:00
Todd C. Miller
693e6767f0 Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked 
up by xgettext.
 2012-11-09 15:30:06 -05:00
Todd C. Miller
cac7ca6a69 Expand def_mailsub in the sudoers locale, not the user's. 2012-11-08 16:39:44 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
f454a852cb audit_failure() now calls gettext itself using the sudoers locale. 2012-11-08 15:37:43 -05:00
Todd C. Miller
3f82a3407e Convert setlocale() to sudoers_setlocale() in the sudoers module. 
This only converts existing uses, there are more places where we
need to sprinkle sudoers_setlocale() calls.
 2012-11-08 15:37:43 -05:00
Todd C. Miller
5d052aeb60 Do not inform the user that the command was not permitted by the 
policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.
 2012-11-06 11:19:51 -05:00
Todd C. Miller
475662aaa4 Refactor policy plugin interface code from sudoers.c into policy.c 2012-10-25 16:58:31 -04:00
Todd C. Miller
319fe95d08 Make user_cwd const since it is either a string literal or passed 
in from the front-end.
 2012-10-24 16:32:43 -04:00
Todd C. Miller
2b5d43b8aa Add missing debug_return 2012-08-22 10:20:27 -04:00
Todd C. Miller
383e0c860b Fix printing of the permission denied message to standard error 
when a user is not allowed to run a command.  This got broken by
the recent logging changes.
 2012-07-27 16:22:09 -04:00
Todd C. Miller
f7dc1d849f Use "a password is required" instead of "password required" when 
the -n flag is used and we need to read a password.
 2012-07-11 16:28:40 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00