Rose
45fdfa18f1
Mark functions not returning as sudo_noreturn
...
We also put NOTREACHED where it applies.
2023-07-01 17:40:16 -04:00
Todd C. Miller
5fbf431c42
Fix a few memory leaks in the tests.
2023-06-30 19:08:04 -06:00
Todd C. Miller
ac9b6c94d9
Add test for runas_check_shell and check_user_shell()
2023-06-30 10:43:39 -06:00
Todd C. Miller
bdc8a7f35e
testsudoers: add -D and -R options to set cwd and chroot like sudo
2023-06-30 10:43:37 -06:00
Todd C. Miller
689efe3cdd
testsudoers: make lbuf private to dump_sudoers()
...
It is no longer used directly in main.
2023-06-29 20:17:22 -06:00
Todd C. Miller
260c2fb835
testsudoers: display "Parse error" if there was a parse error.
...
Previously, we just printed "Command unmatched" which makes it
harder to see that an error occurred.
2023-06-29 20:10:15 -06:00
Todd C. Miller
6a21aec0a6
testsudoers: use allowed/denied/unmatched instead of just matched/unmatched
...
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
2023-06-29 20:02:32 -06:00
Todd C. Miller
fd25bfc892
testsudoers: use sudoers_lookup() instead of a custom loop.
2023-06-29 17:31:55 -06:00
Todd C. Miller
41b82006de
Merge pull request #278 from AtariDreams/types
...
Avoid compiler casting warnings Part 2
2023-06-29 12:26:07 -06:00
Todd C. Miller
2c1a473ddc
testsudoers: add support for NOTBEFORE and NOTAFTER
...
Also adds -T option to set the value of "now".
2023-06-29 11:13:01 -06:00
Rose
22079c3072
Avoid compiler casting warnings Part 2
...
This saves instructions that are related to casting as well as compiler warnings.
2023-06-29 13:10:27 -04:00
Todd C. Miller
bde363e060
Rename parser_conf -> sudoers_conf in all but the parser itself.
2023-05-09 07:29:06 -06:00
Todd C. Miller
8cbd5462a6
Move sudoers search path to struct sudoers_parser_config.
...
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8
Add struct sudoers_parser_config and pass it to init_parser().
...
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
2023-05-08 17:03:31 -06:00
Todd C. Miller
bbbaea5b2f
Rename init_parser_ext() to init_parser() and remove old wrapper.
...
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
2023-05-02 13:29:49 -06:00
Todd C. Miller
5446b009e3
Support adminconfdir for relative include paths in sudoers.
2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f
Support sudoers_file being a colon-separated path of files.
...
The first file found is used.
2023-05-02 10:37:38 -06:00
Todd C. Miller
8049e4e32f
Replace sudoers_warnings with sudoers_verbose.
...
This is now an int, with values > 1 reserved for visudo.
2023-03-20 18:27:27 -06:00
Todd C. Miller
87ce692468
Fix potential double free for rules that include a CHROOT= option.
...
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
2023-02-21 20:01:13 -07:00
Todd C. Miller
1bcddb9602
Stub out pivot_root() and unpivot_root() for all but the sudoers module.
2023-02-21 14:46:27 -07:00
Todd C. Miller
e707ffe58b
Place C23 attributes before keywords in function declarations.
...
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
2022-12-01 12:54:53 -07:00
Todd C. Miller
3940020c94
sudo_secure_open_{file,dir}: always check thatreturn value is not -1.
...
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
2022-10-04 09:33:44 -06:00
Todd C. Miller
88ac5e09b6
Use sudo_secure_open_file() instead of sudo_secure_file() where possible.
...
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
2022-09-21 19:08:10 -06:00
Todd C. Miller
304726a215
Move gcc-style __attribute__ macros to config.h.in
...
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
2022-09-07 07:48:31 -06:00
Todd C. Miller
13672f28df
Make sudo pass -Wwrite-strings
2022-06-28 16:33:15 -06:00
Todd C. Miller
65e5b89f1d
Pass file, line and column to sudoers defaults callbacks.
2022-03-10 13:35:58 -07:00
Todd C. Miller
6ec279532e
Add a source to struct sudo_nss and use it if getdefs() fails.
...
Also remove useless "Problem with defaults entries" warning in testsudoers.
2022-03-09 12:38:25 -07:00
Todd C. Miller
4e3a48f2d1
testsudoers: disable argument permutation in GNU getopt
...
This makes it easier to test commands with arguments.
2022-02-10 10:36:03 -07:00
Todd C. Miller
86f123cd9d
Pass the operator to the Defaults callback too.
...
That way we can tell what to do in callbacks for lists.
2022-01-28 08:52:41 -07:00
Todd C. Miller
bb5843055e
Replace messages like "unknown foo: %s" with "unknown foo %s".
...
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
2021-08-19 09:44:11 -06:00
Todd C. Miller
3e5cf7baa3
Do not redefine system group and passwd functions for testsudoers.
...
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
2021-03-18 11:39:54 -06:00
Todd C. Miller
322e0b3693
Return NOT_FOUND from the set_cmnd_path() stub since we don't set user_cmnd.
...
The purpose of set_cmnd_path() is to reset user_cmnd based on a new
runchroot. For the stub version we don't modify user_cmnd and so
must not return a status of FOUND.
Fixes oss-fuzz issue #31250 which only affected the fuzzer and not sudo.
2021-02-22 19:53:08 -07:00
Todd C. Miller
0663ffbc3f
Use sudo_basename() instead of doing the equivalent manually.
2021-02-10 15:14:08 -07:00
Todd C. Miller
d899fe5936
Use real setters for the eventlog config.
...
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
2020-10-26 16:10:42 -06:00
Todd C. Miller
4416bd5977
Use libeventlog in sudoers instead of doing our own logging.
2020-10-26 16:10:40 -06:00
Todd C. Miller
88dcdcd11d
Fix -Wshadow warnings.
2020-09-25 15:09:45 -06:00
Todd C. Miller
10d3d69aa1
Pass a struct to the match functions to track the resolved command.
...
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094
Take the chroot into account when search for the command.
...
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
2020-09-09 15:26:44 -06:00
Todd C. Miller
961a4afe67
Fix some warnings from pvs-studio
2020-08-12 13:45:09 -06:00
Todd C. Miller
985af422d2
Rename __dso_public -> sudo_dso_public and move to config.h.
2020-08-12 09:57:42 -06:00
Todd C. Miller
3235e4353c
Display more specific parser error messages when possible.
2020-08-07 14:20:45 -06:00
Todd C. Miller
741c6f274e
Add support for @include and @includedir
...
These are less confusing than #include and #includedir when the
hash character is also the comment character.
This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously. As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
2020-05-20 13:10:53 -06:00
Todd C. Miller
446ae3f507
Include string.h unconditionally and only use strings.h for strn?casecmp()
...
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800
We no longer need to include headers we don't use for sudo*.h files.
...
Previously we needed to include headers required by the various
sudo*h files. Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
2020-05-18 06:47:04 -06:00
Todd C. Miller
ac61b5655d
Use EXIT_SUCCESS and EXIT_FAILURE more consistently.
2020-02-08 12:43:00 -07:00
Todd C. Miller
486ee2b71f
debug_decl and debug_decl_vars now require a semicolon at the end.
2019-12-22 08:48:16 -07:00
Todd C. Miller
635445d471
Transparently handle the "sudo sudoedit" problem.
...
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning. If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly. In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
2019-11-05 15:18:34 -07:00
Todd C. Miller
c3ce3a84fb
Refer to user-ID and group-ID instead of "user ID" and "group ID"
2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be
Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid()
2019-10-20 10:21:29 -06:00
Todd C. Miller
1e1ef61902
Add SPDX-License-Identifier to files.
2019-04-29 07:21:51 -06:00