Commit Graph

10095 Commits

Author SHA1 Message Date
Todd C. Miller
3bf4172272 Explicitly include stdio.h for getdelim(3) 2020-04-08 12:42:58 -06:00
Todd C. Miller
ce92674cc2 Reload sudo.conf upon SIGUP
This makes it possible to update the Debug settings in sudo.conf and
have them take effect on reload.
2020-04-08 10:19:55 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug.
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
2020-04-08 09:26:41 -06:00
Todd C. Miller
18ff60f6ff Disable IPv4-mapped IPv6 addresses in the listener.
Also store the host + port string and use it in error messages.
2020-04-08 08:54:28 -06:00
Todd C. Miller
55eb0a633c Install the example sudo_logsrvd.conf unless one already exists 2020-04-08 08:54:27 -06:00
Todd C. Miller
700becabc0 Make the path to logsrvd_cert.pem match the documentation. 2020-04-07 19:40:08 -06:00
Todd C. Miller
e86106f2e1 Create the pid file parent directory if it doesn't already exist.
Also package the run directory in the sudo_logsrvd PolyPkg file.
2020-04-07 19:26:37 -06:00
Todd C. Miller
dfd5a88772 Sudo 1.9.0rc1 2020-04-07 15:08:26 -06:00
Todd C. Miller
d6684b851a Build python packages where possible. 2020-04-07 14:03:58 -06:00
Todd C. Miller
0a10c702be Split sudo_logsrvd and the python plugin into their own packages. 2020-04-07 14:03:58 -06:00
Todd C. Miller
ab18c22ab4 Remove bits for Tru64 kit-style packages 2020-04-07 14:03:58 -06:00
Todd C. Miller
6a2b5fd82f Handle dependencies for .h files in the same directory as the source.
Fixes missing header dependencies for the sudoers and python plugins.
2020-04-07 14:03:58 -06:00
Todd C. Miller
5b488f313c Increase the maximum delay again for slower systems.
Otherwise we may get a spurious test failure.
2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21 Make most python tests pass with Python 3.4
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569 Use regex to match __init__.py instead of hacking it in verify_log_lines() 2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a Use regular expressions when matching expected and actual text. 2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f Sort the list of possible plugins before printing it.
This gives more reproducible error messages for the tests.
2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336 Avoid using typing annotations so tests run with Python 3.4. 2020-04-07 14:03:58 -06:00
Todd C. Miller
ee868776de Include all python plugin files in MANIFEST, not the directory itself. 2020-04-07 14:10:36 -06:00
Robert Manner
468a5d228e logsrvd/eventlog.c: add a newline after each log message for logfile output 2020-04-06 07:31:01 -06:00
Robert Manner
8f0370cd8e lib/iolog/iolog_fileio.c: do not call fchown on invalid fd
Fixes the warning in the log:
iolog_write_info_file_json: unable to fchown 0:0 /var/log/...: Bad file descriptor
2020-04-06 07:31:01 -06:00
Robert Manner
ace8e18953 logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually ==root) 2020-04-06 07:31:01 -06:00
Todd C. Miller
e31e0c4d3f Don't pass a NULL submitcwd or ttyname value to the server.
It is possible for the cwd and/or tty to be missing.  If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
2020-04-06 07:18:58 -06:00
Todd C. Miller
93f5e1be36 Fall back to using Py_Finalize() for Python version < 3.6 2020-04-06 07:05:20 -06:00
Todd C. Miller
4e44bd46fe Disable -Wstrict-prototypes for sudo_hook_fn_t typedef. 2020-04-06 07:05:20 -06:00
Todd C. Miller
725f9f6521 Updated translations from translationproject.org 2020-04-05 13:26:28 -06:00
Todd C. Miller
4ee7ae6471 Install example sudo_logsrvd.conf file 2020-04-03 13:20:17 -06:00
Todd C. Miller
79d3bd8223 Fixed Debian bugs #571621, #596631 and #669687 2020-04-02 13:58:13 -06:00
Todd C. Miller
66c8f69f8d Make it clear in the sudoers grammar that sudoedit needs file args.
Debian bug #571621
2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND.
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a Do not try to delete creds we did not set.
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems.
Otherwise we may get a spurious test failure.
2020-04-01 10:23:50 -06:00
Todd C. Miller
835984adc2 Document when cwd_optional was added. 2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin.
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244 The policy close function is responsible for closing the PAM session. 2020-03-31 17:23:37 -06:00
Todd C. Miller
8b35753a21 Config file for clang-format 8.x and higher based on webkit style.
This approximates what I want the sudo coding style to look like.
Only deviations from webkit style are included.
2020-03-31 13:35:24 -06:00
Todd C. Miller
3221c8b4d8 Don't kill the command just because the loop exited unexpectedly.
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.

In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.

For now, only kill the command if cstat is left uninitialized.
2020-03-31 08:49:30 -06:00
Todd C. Miller
c122e9bf62 Write process ID as an unsigned int (with a cast).
On Solaris, pid_t may be typedef'd as a long but the actual range
is 32 bits at most.
2020-03-29 09:11:57 -06:00
Todd C. Miller
d4b2db9078 Add license info for a few other files.
These are all ISC licensed but it is still best to have them
all listed in one place.
2020-03-29 06:54:59 -06:00
Todd C. Miller
5b1de6cfc8 Updated translations from translationproject.org 2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575 Update sudoers.pot with json parser warnings. 2020-03-29 05:05:08 -06:00
Todd C. Miller
891872336f Add sudo_logsrvd as a service so it gets started at boot. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
1b90f65609 sudo_logsrvd now exits with an error if it cannot open any listen sockets. 2020-03-29 05:05:08 -06:00
Todd C. Miller
baccc0f5c3 Update NEWS for 1.9.0b5 changes 2020-03-29 05:05:08 -06:00
Todd C. Miller
01ceba0445 Simply the JSON parsing code a bit.
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf Add tests for the simple json parser. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00