isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,616 Commits 1 Branch 0 Tags
38f1e55cdc48245bf0b402011e34e2bbf087c73c
Commit Graph

10616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
fdae4bdbbb Add support for file log line wrapping in libeventlog. 2020-10-26 16:16:46 -06:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
39b540ff33 Log the short version of the tty in sudoers-format logs. 
This is consistent with historical practice.
 2020-10-26 16:10:40 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
541252beb1 Add default values in eventlog_setconf(). 2020-10-26 16:10:39 -06:00
Todd C. Miller
bd1ca79cca Add support for mailing eventlog entries and for logging raw messages. 
These will be used by the sudoers plugin.
 2020-10-26 16:10:37 -06:00
Todd C. Miller
fe6e0fb215 If no JSON callback is provided, store the contents of struct eventlog. 
This moves the JSON formatting of struct eventlog out of libsudo_iolog
and into libsudo_eventlog where it belongs.
 2020-10-26 15:43:43 -06:00
Todd C. Miller
4652698f8e struct eventlog contains submit_time, no need to pass it in directly. 2020-10-26 15:43:02 -06:00
Todd C. Miller
c0e91d7586 Add an errstr argument to eventlog_alert(). 2020-10-26 15:41:47 -06:00
Todd C. Miller
3ca3bfaab7 Make a copy of the strings stored in iolog_details and struct eventlog. 
Previously, we just made the strings const and relied on the front-end
not changing them.  Now the sudoers I/O log plugin behavior is
consistent with the policy plugin.
 2020-10-26 15:40:04 -06:00
Todd C. Miller
2d45becd4a Use struct eventlog in iolog_details. 2020-10-26 15:40:01 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
b9aff696fb No longer need eventlog-related getters in logsrvd.c 2020-10-26 15:29:44 -06:00
Todd C. Miller
8c43340474 Use libeventlog in sudo_logsrvd. 2020-10-26 15:26:02 -06:00
Todd C. Miller
707437f6cb Refactor eventlog code into a library 2020-10-26 15:24:35 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
866b0b77f2 Build 64-bit binaries on HP-UX ia64 2020-10-20 14:40:32 -06:00
Todd C. Miller
5c7c94b83a Explicitly set umask when running tests. 
Some tests create files that must not be world-writable.
 2020-10-16 13:57:28 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
b0a6e1c1e7 Pass path to testsudoers, visudo or cvtsudoers in the environment. 
Falls back on the unqualified command if the environment variable
is not set.
 2020-10-10 07:07:37 -06:00
Todd C. Miller
807857a2ca Init cmnds to NULL in rule_to_priv() so we don't free a bogus pointer. 
In the sssd backend, the rule_to_priv() cleanup code assumes cmnds
can be passed to fn_free_values(), which was not the case if we
receive an error getting values for "sudoCommand".  This is a
regression introduced in sudo 1.9.1.  Fix from Ron Bowes.
GitHub issue #67.
 2020-10-09 14:16:06 -06:00
Todd C. Miller
607076d8a0 Pass runchroot to match_digest() too. 
We use the open fd for the actual I/O but having runchroot makes
it possible to report the correct file name in error messages.
 2020-10-06 10:54:39 -06:00
Todd C. Miller
645eda55ab GitHub issue #61 was fixed in sudo 1.9.3. 2020-10-04 06:05:05 -06:00
Todd C. Miller
ea57249e29 Fix indentation of enum def_tuple. 2020-09-29 21:16:34 -06:00
Todd C. Miller
772619b7ef Remove special case EOF handling; lines now always end in a newline. 
Previously we needed to emulate some of the state transitions that
happen at end-of-line at end-of-file as well.  Those are no longer
needed now that we are guaranteed to always have a newline at the end.
 2020-09-28 10:10:16 -06:00
Todd C. Miller
f984f49c38 Increment sudolinebuf.size after realloc(). 2020-09-27 21:31:44 -06:00
Todd C. Miller
e8747a33f8 Add a newline at end of line if one is missing. 
This is simpler than having to support entries that end at EOF too.
 2020-09-27 20:21:05 -06:00
Todd C. Miller
32db528689 Add tests for entries without a newline. 2020-09-27 10:31:14 -06:00
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
7eda22c729 Add -Wshadow to warning flags if the compiler supports it. 2020-09-25 15:09:42 -06:00
Todd C. Miller
7a36d70fc1 Add test for syntax error when defining an alias using a reserved word. 2020-09-25 15:09:36 -06:00
Todd C. Miller
e826705b62 Fix pasto, TIMEOUT not CMND_TIMEOUT. 2020-09-25 15:07:25 -06:00
Todd C. Miller
b1a59accf7 Document reserved words that cannot be used as alias names. 
Bug #941
 2020-09-25 13:50:32 -06:00
Todd C. Miller
70ada21c5b Detect when a reserved word is used when declaring an alias. 
Now instead of "syntax error, unexpected CHROOT, expecting ALIAS"
the message is "syntax error, reserved word used as an alias name"
Bug #941
 2020-09-25 12:24:45 -06:00
Todd C. Miller
b2593b22b6 Update for sudo 1.9.3p1 2020-09-23 08:00:26 -06:00
Todd C. Miller
f1d19f1d6e Add SLOG_AUDIT flag for log_warningx() to also audit the message. 
This lets us combine audit_failure() and log_warningx() calls with
the same message.
 2020-09-23 08:18:55 -06:00
Todd C. Miller
6ee731caff Log when user-specified command line options are rejected by sudoers. 
We already audit those but in some cases they were not logged as well.
 2020-09-23 08:02:43 -06:00
Todd C. Miller
6f8e1b9741 Fix potential NULL deref in debug code. 2020-09-23 08:59:18 -06:00
Todd C. Miller
09835b7198 Close the passwd db before calling getpwnam_shadow(3). 
Otherwise, we will get the non-shadow passwd entry ("*") since we
called setpassent(3) earlier to keep the passwd db open.
 2020-09-23 08:55:43 -06:00
Todd C. Miller
75d53ee547 Fix configure test for crypt(3) when it is present in libc. 
Fixes a regression introduced in sudo 1.9.3.
 2020-09-23 08:28:44 -06:00
Todd C. Miller
d4428133b4 Updated translations from translationproject.org 2020-09-19 09:57:33 -06:00
Todd C. Miller
e2c72300cf Move warning about plaintext password to the end of configure. 
It is unlikely to be noticed at the beginning of the output.
 2020-09-20 19:18:39 -06:00
Todd C. Miller
874c2b27c6 Use a simple string compare on systems without crypt(3). 
This is only used on systems without PAM, BSD authentication or AIX
authentication.  Bug #940.
 2020-09-18 08:18:07 -06:00
Todd C. Miller
44a1058aa3 Fix typo in last commit. 2020-09-18 06:09:57 -06:00
Todd C. Miller
90bcae7986 Only use faccessat(3) if AT_EACCESS is defined. 
Apparently Android (bionic) has faccessat() but not AT_EACCESS.
Bug #940.
 2020-09-17 20:17:38 -06:00