isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,761 Commits 1 Branch 0 Tags
3ce19efca958e607ab5a24fea3baf3adfbc4aac6
Commit Graph

193 Commits

Author SHA1 Message Date
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
9048ee6c48 Set def_mailerflags even if sendmail was not found at configure time. 
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
 2019-04-19 10:14:10 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
2121693879 Move definition of TIME_T_MAX to sudo_util.h 2018-09-24 14:21:58 -06:00
Todd C. Miller
9e6c14b091 Fix printing of T_TIMESPEC values. 2018-08-21 17:35:44 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
bc5e2d06a7 Add free_default() to free a struct defaults pointer so we have a 
single place where we free the defaults.  A pointer to the previous
Default's binding may be passed in to avoid freeing an already free
binding.
 2018-03-21 12:11:19 -06:00
Todd C. Miller
e26ef96a65 Add case_insensitive_group and case_insensitive_user sudoers options, 
which are enabled by default.
 2018-03-05 10:42:02 -07:00
Todd C. Miller
bcfb092a4e Convert from time in minutes to timespec directly instead of 
converting to double via strtod().  This makes it easier to catch
overflow.
 2018-01-26 10:17:47 -07:00
Todd C. Miller
2e37959fec Better conversion from double to nanoseconds. 2018-01-22 17:27:25 -07:00
Todd C. Miller
4c0c225062 Store passwd_timeout and timestamp_timeout as a struct timespec 
instead of as a float.  Remove timeout argument to auth_getpass()
as it was never used.
 2018-01-22 12:18:48 -07:00
Todd C. Miller
b16912da1d Don't include syslog.h from logging.h, just include it in the two 
.c files it is actually needed.
 2017-12-08 15:00:41 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
507ab6fdcd Sprinkle a few more debugging printfs. 2017-09-01 09:22:31 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
2d8717bdd2 Allow the syslog Defaults option to be used in a "true" boolean 
context and use the compiled in default log facility in this case.
 2017-05-03 09:53:03 -06:00
Todd C. Miller
631d458b6f Allow a tuple to be set to boolean true. Regression introduced by 
refactor of set_default_entry() in sudo 1.8.18.
 2017-05-03 09:28:36 -06:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
0d9255b2f7 Fix logic bug when matching syslog priority and facility. 2016-12-20 10:24:55 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
1d9b8ca32e Zero out sd_un before calling parse_default() so we don't try 
to free stack garbage in the ldap/sssd backends.
 2016-11-08 12:58:28 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
1f24108969 Use "struct defaults *d" instead of "struct defaults *def" throughout 
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
 2016-11-06 18:55:18 -07:00
Todd C. Miller
4f532dcc50 Avoid passing in a struct sudo_defs_types pointer to the store 
functions.  Pass in a pointer to the union to fill instead.
 2016-11-03 11:02:48 -06:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
75e29f163e Add file:linenumber prefix to all Defaults warnings so we can see 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
 2016-11-02 17:07:32 -06:00
Todd C. Miller
8a48085184 Instead of checking Defaults values after the fact, check them at 
sudoers parse time.  This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
 2016-11-01 14:22:32 -06:00
Todd C. Miller
484b5718d8 s/rval/ret/g -- old habits die hard 2016-11-01 12:34:24 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
3423d0af7c Don't try to syntax check an unrecognized Defaults value in visudo. 2016-10-28 08:24:51 -06:00
Todd C. Miller
e3825cbedd When checking syslog facility or priority, move the string 
compare into the body of the loop and return if it matches.
If we finish the loop it means we didn't find a match.
This makes the code a little bit more readable.
 2016-10-26 10:46:03 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
43084d8f91 Apply match_group_by_gid early. 2016-09-05 06:21:23 -06:00
Todd C. Miller
7918f7e7eb Use sudo_strsplit() instead of doing the equivalent manually. 2016-08-26 11:07:19 -06:00
Todd C. Miller
a246c9570a Fix memset size typo in previous commit. 2016-08-25 10:36:53 -06:00
Todd C. Miller
99b9699793 Fix use-after-free in check_defaults(), reported by Radovan Sroka 
of RedHat.
 2016-08-25 08:32:45 -06:00