Todd C. Miller
3bf4172272
Explicitly include stdio.h for getdelim(3)
2020-04-08 12:42:58 -06:00
Todd C. Miller
ce92674cc2
Reload sudo.conf upon SIGUP
...
This makes it possible to update the Debug settings in sudo.conf and
have them take effect on reload.
2020-04-08 10:19:55 -06:00
Todd C. Miller
69b6783be6
Store the result of ERR_get_error() so we can use it for both warn and debug.
...
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
2020-04-08 09:26:41 -06:00
Todd C. Miller
18ff60f6ff
Disable IPv4-mapped IPv6 addresses in the listener.
...
Also store the host + port string and use it in error messages.
2020-04-08 08:54:28 -06:00
Todd C. Miller
55eb0a633c
Install the example sudo_logsrvd.conf unless one already exists
2020-04-08 08:54:27 -06:00
Todd C. Miller
700becabc0
Make the path to logsrvd_cert.pem match the documentation.
2020-04-07 19:40:08 -06:00
Todd C. Miller
e86106f2e1
Create the pid file parent directory if it doesn't already exist.
...
Also package the run directory in the sudo_logsrvd PolyPkg file.
2020-04-07 19:26:37 -06:00
Todd C. Miller
dfd5a88772
Sudo 1.9.0rc1
2020-04-07 15:08:26 -06:00
Todd C. Miller
d6684b851a
Build python packages where possible.
2020-04-07 14:03:58 -06:00
Todd C. Miller
0a10c702be
Split sudo_logsrvd and the python plugin into their own packages.
2020-04-07 14:03:58 -06:00
Todd C. Miller
ab18c22ab4
Remove bits for Tru64 kit-style packages
2020-04-07 14:03:58 -06:00
Todd C. Miller
6a2b5fd82f
Handle dependencies for .h files in the same directory as the source.
...
Fixes missing header dependencies for the sudoers and python plugins.
2020-04-07 14:03:58 -06:00
Todd C. Miller
5b488f313c
Increase the maximum delay again for slower systems.
...
Otherwise we may get a spurious test failure.
2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21
Make most python tests pass with Python 3.4
...
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569
Use regex to match __init__.py instead of hacking it in verify_log_lines()
2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a
Use regular expressions when matching expected and actual text.
2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f
Sort the list of possible plugins before printing it.
...
This gives more reproducible error messages for the tests.
2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336
Avoid using typing annotations so tests run with Python 3.4.
2020-04-07 14:03:58 -06:00
Todd C. Miller
ee868776de
Include all python plugin files in MANIFEST, not the directory itself.
2020-04-07 14:10:36 -06:00
Robert Manner
468a5d228e
logsrvd/eventlog.c: add a newline after each log message for logfile output
2020-04-06 07:31:01 -06:00
Robert Manner
8f0370cd8e
lib/iolog/iolog_fileio.c: do not call fchown on invalid fd
...
Fixes the warning in the log:
iolog_write_info_file_json: unable to fchown 0:0 /var/log/...: Bad file descriptor
2020-04-06 07:31:01 -06:00
Robert Manner
ace8e18953
logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually ==root)
2020-04-06 07:31:01 -06:00
Todd C. Miller
e31e0c4d3f
Don't pass a NULL submitcwd or ttyname value to the server.
...
It is possible for the cwd and/or tty to be missing. If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
2020-04-06 07:18:58 -06:00
Todd C. Miller
93f5e1be36
Fall back to using Py_Finalize() for Python version < 3.6
2020-04-06 07:05:20 -06:00
Todd C. Miller
4e44bd46fe
Disable -Wstrict-prototypes for sudo_hook_fn_t typedef.
2020-04-06 07:05:20 -06:00
Todd C. Miller
725f9f6521
Updated translations from translationproject.org
2020-04-05 13:26:28 -06:00
Todd C. Miller
4ee7ae6471
Install example sudo_logsrvd.conf file
2020-04-03 13:20:17 -06:00
Todd C. Miller
79d3bd8223
Fixed Debian bugs #571621 , #596631 and #669687
2020-04-02 13:58:13 -06:00
Todd C. Miller
66c8f69f8d
Make it clear in the sudoers grammar that sudoedit needs file args.
...
Debian bug #571621
2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5
Truncate the command args at 4096 chars when formatting SUDO_COMMAND.
...
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a
Do not try to delete creds we did not set.
...
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8
Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
...
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command. Debian bug #669687
2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81
Increase the maximum delay for slower systems.
...
Otherwise we may get a spurious test failure.
2020-04-01 10:23:50 -06:00
Todd C. Miller
835984adc2
Document when cwd_optional was added.
2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90
Add cwd_optional to command details and enable it in the sudoers plugin.
...
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244
The policy close function is responsible for closing the PAM session.
2020-03-31 17:23:37 -06:00
Todd C. Miller
8b35753a21
Config file for clang-format 8.x and higher based on webkit style.
...
This approximates what I want the sudo coding style to look like.
Only deviations from webkit style are included.
2020-03-31 13:35:24 -06:00
Todd C. Miller
3221c8b4d8
Don't kill the command just because the loop exited unexpectedly.
...
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.
In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.
For now, only kill the command if cstat is left uninitialized.
2020-03-31 08:49:30 -06:00
Todd C. Miller
c122e9bf62
Write process ID as an unsigned int (with a cast).
...
On Solaris, pid_t may be typedef'd as a long but the actual range
is 32 bits at most.
2020-03-29 09:11:57 -06:00
Todd C. Miller
d4b2db9078
Add license info for a few other files.
...
These are all ISC licensed but it is still best to have them
all listed in one place.
2020-03-29 06:54:59 -06:00
Todd C. Miller
5b1de6cfc8
Updated translations from translationproject.org
2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575
Update sudoers.pot with json parser warnings.
2020-03-29 05:05:08 -06:00
Todd C. Miller
891872336f
Add sudo_logsrvd as a service so it gets started at boot.
2020-03-29 05:05:08 -06:00
Todd C. Miller
f908ddd1bf
Create a pidfile for sudo_logsrvd when not run with the -n flag.
2020-03-29 05:05:08 -06:00
Todd C. Miller
1b90f65609
sudo_logsrvd now exits with an error if it cannot open any listen sockets.
2020-03-29 05:05:08 -06:00
Todd C. Miller
baccc0f5c3
Update NEWS for 1.9.0b5 changes
2020-03-29 05:05:08 -06:00
Todd C. Miller
01ceba0445
Simply the JSON parsing code a bit.
...
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf
Add tests for the simple json parser.
2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20
Do not use JSON_ARRAY with sudo_json_add_value()
2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2
Create files for check_iolog_plugin in the build dir, not src dir.
2020-03-29 05:05:08 -06:00