isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,206 Commits 1 Branch 0 Tags
49e43f580c67609dfa123e35d2394a9af8d076ab
Commit Graph

65 Commits

Author SHA1 Message Date
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
3e0dcae6c9 Use canonical pattern when freeing a tail queue. 
Avoids some coverity false positives when using TAILQ_FOREACH_SAFE
to free the tail queue.
 2020-01-05 07:48:46 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
142b370c1f The -c option was missing from the help info; from Radovan Sroka 2018-12-11 09:05:04 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
58445393a7 No need to set input_file for stdin in parse_ldif(); noted by clang analyzer. 2018-08-29 10:57:37 -06:00
Todd C. Miller
4782b22a47 Move ldif -> sudoers conversion code into parse_ldif.c 2018-08-26 20:02:49 -06:00
Todd C. Miller
52d54997ee Move string list functions to their own file. 2018-08-26 19:48:14 -06:00
Todd C. Miller
5d1dddc467 Eliminate most use of parsed_sudoers in cvtsudoers 2018-08-24 10:27:00 -06:00
Todd C. Miller
b2e3adccf3 Make alias_apply() take 3 arguments, the first being a pointer to the 
struct sudoers_parse_tree.
 2018-08-24 09:52:53 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
620070f493 Rename variables now that the string list functions are not ldap-specific. 2018-05-03 10:49:54 -06:00
Todd C. Miller
1bfe03000d Prune alias contents when pruning and expanding aliases. 
This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions.  A better approach would be to call the correct function
from user_matches() and host_matches().
 2018-04-15 08:14:46 -06:00
Todd C. Miller
d85e244c6c Fix cut & pasto that prevented "-d command" from working. 2018-04-14 06:13:44 -06:00
Todd C. Miller
38ff661621 Fix a user after free crash as well as a memory leak when filtering 
Defaults.
 2018-04-13 10:49:05 -06:00
Todd C. Miller
2b2565b2c3 Allow host and user aliases to be specified in match filters. 2018-04-12 06:21:20 -06:00
Todd C. Miller
9e91d3f451 When the -d option is used, remove aliases used by the non-converted 
Defaults settings if the aliases are not also referenced by userspecs.
 2018-04-09 11:13:33 -06:00
Todd C. Miller
7663ae7b27 Add option to prune non-matching entries from cvtsudoers output with -m 
option is used.
 2018-04-04 09:51:05 -06:00
Todd C. Miller
5c1d9899e1 Allow defaults types and suppression list to be specified in 
the config file.
 2018-04-02 07:41:56 -06:00
Todd C. Miller
18ba38ef4c Refactor common alias code out of cvtsudoers and visudo and into alias.c. 2018-04-02 07:41:09 -06:00
Todd C. Miller
dbd5613b1a Avoid NULL deref in an error path. CID 183467 2018-03-29 18:53:53 -06:00
Todd C. Miller
18371cacba No need to initialize the last pointer passed to strtok_r(). 
This was originally added to appease newer gcc but no longer
seems to be required.  CID 183466, CID 183468, CID 183469
 2018-03-29 18:53:51 -06:00
Todd C. Miller
dd545f38ca Add support for "cvtsudoers -d all" 2018-03-28 17:43:58 -06:00
Todd C. Miller
aa402cdc3c Add -d option to control what type of Defaults entries are converted. 2018-03-28 08:33:07 -06:00
Todd C. Miller
14ee65c525 Add -M option to cvtsudoers to force the use of the local passwd 
and group databases when matching.
 2018-03-22 13:24:41 -06:00
Todd C. Miller
8a237eb07d Add cvtsudoers command line option to suppress certain parts of the 
security policy.  Can be used to suppress displaying of Defaults
entries, aliases or privileges.
 2018-03-22 11:38:39 -06:00
Todd C. Miller
821e8a07da Silence a false positive from the clang static analyzer. 2018-03-21 14:55:17 -06:00
Todd C. Miller
fbed17e1a4 Fix memory leak on error path. 2018-03-21 14:43:17 -06:00
Todd C. Miller
bbd3e558b1 Move cvtsudoers string functions into cvtsudoers.c 2018-03-21 13:29:47 -06:00
Todd C. Miller
ff79de8592 Initial support filtering by user, group and host in cvtsudoers. 
Currently forces alias expansion when a filter is applied and the
entire matching user or host list is printed, even the non-matching
entries.  This effectively allows you to grep sudoers by user, group
and host.
 2018-03-21 12:24:11 -06:00
Todd C. Miller
5c36f9dec3 Initial support for adding comments that will be emitted when 
sudoers is formatted.  Currently adds a comment for the source
sudoRole when converting from ldif -> sudoers.
 2018-03-04 07:03:43 -07:00
Todd C. Miller
670d8e6d77 Special case comment lines in lbufs. 2018-03-04 07:03:41 -07:00
Todd C. Miller
c9b70940cf When formatting as sudoers, flush the lbuf after each userspec. 2018-03-03 07:42:10 -07:00
Todd C. Miller
8275ab873f Fix use of uninitialized variable (conf) if sudoers_debug_register() 
happens to fail.
 2018-03-01 10:18:48 -07:00
Todd C. Miller
6f097eb023 We may need the hostname to resolve %h escapes in include files. 2018-02-24 18:46:00 -07:00
Todd C. Miller
b3a0c3272b Setting a sudoOrder start point of 0 will disable creation of 
sudoOrder attributes in the resulting LDIF output.
 2018-02-24 14:35:38 -07:00
Todd C. Miller
111d79b53c Don't need to fill in struct sudo_user since we don't do matching. 2018-02-24 09:28:01 -07:00
Todd C. Miller
5999cfb906 Add support for setting default options in a config file. In 
addition to expand_aliases, input_format and output_format, both
the initial sudoOrder and the increment when updating sudoOrder for
subsequent sudoRole objects can be specified.  Command line options
have also been added for the start order and increment.
 2018-02-24 09:23:14 -07:00
Todd C. Miller
ceea24b965 Initial support for parsing sudoers LDIF files in cvtsudoers. 
This makes it possible to convert from LDAP sudoers to a traditional
sudoers file.  Semantic differences between file sudoers and LDAP
sudoers mean that LDIF -> sudoers is not completely equivalent.
 2018-02-22 09:53:12 -07:00
Todd C. Miller
4f9296928c Add option to cvtsudoers to expand aliases in the output. 2018-02-19 15:32:56 -07:00