isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,206 Commits 1 Branch 0 Tags
49e43f580c67609dfa123e35d2394a9af8d076ab
Commit Graph

2719 Commits

Author SHA1 Message Date
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-01 10:23:50 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
5b1de6cfc8 Updated translations from translationproject.org 2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575 Update sudoers.pot with json parser warnings. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present. 
The JSON version includes more information than the original "log"
file in the I/O log dir.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
390ace9253 Only set errstr for plugin API version 1.15 and above. 2020-03-16 14:26:56 -06:00
Todd C. Miller
7ace49a333 regen 2020-03-12 17:39:56 -06:00
Todd C. Miller
a23048bbb2 Avoid using sprintf(), vsprintf(), strcat(), and strncat(). 
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
 2020-03-11 19:46:07 -06:00
Todd C. Miller
1015b493b0 Work around two Coverity false positives; CID 208813 208815 2020-03-11 19:30:00 -06:00
Todd C. Miller
ec78f06890 Don't hard-code path to logging/__init__.py or line numbers. 
Allows python plugin tests to success on versions other than 3.7.
 2020-03-11 17:18:10 -06:00
Todd C. Miller
277b297ae0 Fix typo introduced on systems with O_PATH or O_EXEC 2020-03-11 15:42:46 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
3edd30a27d A struct member of type ALL should have its name field set to NULL. 2020-03-11 11:17:52 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Todd C. Miller
bf2bc931ab Revert change to initialize io_operations earlier. 
Instead, check io_operations.open for NULL which is the case for
"sudo -V".  Also move the early return in sudoers_io_open() for
"sudo -V" until after we have initialized debugging.
 2020-03-01 13:36:54 -07:00
Todd C. Miller
f590f81b3c Initialize io_operations earlier. 2020-02-28 07:03:15 -07:00
Robert Manner
6c9515496d plugins/python/regress: add a test and example of using the python logger 2020-02-28 05:46:54 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Todd C. Miller
34972e834f Mark up some remaining TODOs 2020-02-27 14:11:54 -07:00
Todd C. Miller
de9a143a3e Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ 2020-02-27 14:10:53 -07:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Robert Manner
9cc46f115d plugins/python/regress: update tests for show_version changes 
- plugin->show_version is not marked NULL any more.
- if verbose, it also displays which python class was loaded from which file
 2020-02-26 13:15:52 -07:00
Robert Manner
f387cdf53f plugins/python: make show_version display the plugin in verbose mode 
Before it only displayed the plugin version, now it also displays
which python plugin is loaded to be more useful.
 2020-02-26 13:15:52 -07:00
Robert Manner
38fc37b214 plugins/python/approval: fix show_version crash when it is not implemented 
For approval plugins show_version is not optional.
 2020-02-26 13:15:52 -07:00
Todd C. Miller
f6a264e719 Avoid calling sudoers_policy_exec_setup() on error. 
We only want to pass the execution environment back for commands
that are accepted or rejected.
Also avoid potentially freeing the wrong pointer when garbage
collection is enabled.
 2020-02-24 19:59:44 -07:00
Todd C. Miller
4b4db9694a Regenerate dependencies to match the recent JSON changes. 2020-02-20 11:35:28 -07:00
Todd C. Miller
4d1454ebab Add missing check for calloc(3) failure. 2020-02-20 11:31:27 -07:00
Robert Manner
06b1f58e9f plugins/python/sudo_python_module.c: remove unused declaration 
We do not use structsequence any more.
 2020-02-19 11:48:16 -07:00
Robert Manner
3be61db35c plugins/python: restore the original python inittab after interpreter deinit 2020-02-19 11:48:16 -07:00
Robert Manner
27de7dd24d plugins/python: only deinit interpreters when sudo unlinks the plugin 
This only happens when sudo unloads the last python plugin.
The reason doing so is because there are some python modules which
does not support importing them again after destroying the interpreter
which has imported them previously.

Another solution would be to just leak the interpreters (let the kernel
free up), but then there might be some python resources like open files
would not get cleaned up correctly if the plugin is badly written.

Tests are meant to test the scenario sudo does, so I have modified them
to generally do not unlink but only a few times (~per plugin type) so it
does not use 48 interpreters (one gets started on every plugin->open) and
it is visible at least which type of plugin fails deinit if there is an
error.
 2020-02-19 11:48:16 -07:00
Robert Manner
8a9218d161 plugins/python/debug: adapt debug refcount solution of sudoers plugin 2020-02-19 11:48:16 -07:00
Todd C. Miller
8ef5b734c4 Rework the JSON API to write to a memory buffer, not a stdio stream. 2020-02-17 16:10:55 -07:00
Todd C. Miller
2e836cc571 The environment in the accept message is runenv not submitenv. 
The I/O logging plugin is passed the environment the command will
run with, not the user's original environment.
 2020-02-16 16:37:14 -07:00
Todd C. Miller
92e42ff548 Add compatibility define for fseeko(3). 
This is better than cluttering up the code with #ifdefs for obsolete
systems.
 2020-02-15 10:22:15 -07:00
Todd C. Miller
e7bd19bd1e Add test for #include directive without a trailing newline. 2020-02-14 14:13:55 -07:00
Todd C. Miller
d2314acae8 Don't require a newline at the end of include or includedir directives. 2020-02-14 14:06:45 -07:00
Robert Manner
8395a20a20 plugins/python/regress/testhelpers.c: replace fromisoformat 
fromisoformat is only supported from python >=3.7
 2020-02-14 09:25:37 -07:00
Robert Manner
efa97b5b97 plugins/python/python_plugin_approval: fix negative ref count 
The python_plugin_api_rc_call function already decrements the
refcount of py_args.
Python avoids the double free, but the error gets shown if using python
debug build.
 2020-02-14 09:25:37 -07:00
Robert Manner
a71828b385 plugins/python/python_plugin_common.c: release py_args in close 
even if the arguments are not used (eg. when there is no "close" call
in the plugin).

It was not really a memleak, because interpreter is deinitialized anyway,
which frees the object.
 2020-02-14 09:25:37 -07:00
Robert Manner
b2ae79c2be plugins/python: add missing annotations to help cpychecker 2020-02-14 09:25:37 -07:00
Robert Manner
43e256e34f plugins/python/regress: add tests for approval plugin 2020-02-12 11:16:00 -07:00