isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,027 Commits 1 Branch 0 Tags
49f2d67070b51f6b72f8189b53abe9de6e2c727b
Commit Graph

50 Commits

Author SHA1 Message Date
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
kernelmethod
bd25b85a66 Add an apparmor_profile sudo setting 
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.
 2022-05-23 13:41:42 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
d85d370c63 Add dependent system includes to make sudo_*.h more standalone. 
In the past we've relied on the various .c files to include the
system headers that define types that the sudo_*.h headers require.
This is fragile and can cause issues when includes get re-ordered.
 2020-05-18 04:47:21 -06:00
Dan Robertson
f4e9e4337f Fix includes when building with musl 
Include sys/types.h for mode_t and id_t in sudo_debug.h
 2020-05-16 10:45:17 -06:00
Todd C. Miller
0e4c3c47d1 Move duplicated code to parse plugin debug flags to libsudo_util. 
There's no need for four copies of sudo_debug_parse_flags().
 2020-02-11 15:15:36 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Robert Manner
6710048c8d lib/util/sudo_debug.c: add a function for querying if debugging is needed 
for a level.
Rationale: this way we can avoid computing details for the log which will
not happen at all if the computation is slow.
 2019-12-14 12:55:42 -07:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
334350af45 id_t is 64-bits on FreeBSD so use strtoll() there. 
Fixes the strtoid regress.
 2016-11-30 07:32:59 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
105f199f6b Fix build on compilers w/o __func__ or __FUNCTION__ 2015-06-30 10:41:14 -06:00
Todd C. Miller
a76b93e23a Use our own bitmap macros instead of borrowing the ones from select. 2015-06-23 16:37:00 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
caf5d45e0f Previously, debug_return_bool was the same as debug_return_int 
except that it logged true/false for 1/0.  However, this appears
to trigger a bug in some compilers.  To avoid this, debug_return_bool
now uses bool, not int.  Callers that were passing it an int have
been converted to use debug_return_int instead.
 2015-05-07 10:33:23 -06:00
Todd C. Miller
6f8af4d26d Split variable declaration out of debug_decl into debug_decl_vars() 
so we can use it in main() when we know sudo_debug_enter() cannot
succeed.
 2015-04-22 13:30:58 -06:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
adfdad9ae0 Version the symbols for sudo_debug.c now that the API is stable. 2014-10-27 05:26:08 -06:00
Todd C. Miller
17a2a27e46 Use generic bitmap macros instead of select-style fd_set. 2014-10-23 14:37:27 -06:00
Todd C. Miller
5270ebf1f2 When registering with the debug subsystem, the caller now passes 
in an arrary of ints that gets filled in with the subsytem IDs to
be used in debug_decl.
 2014-10-23 06:36:50 -06:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
e20475922d There is no longer a reason for the plugin to init the debug subsystem 
itself.  It will always be initialized by the front-end if needed.
 2014-09-08 16:24:32 -06:00
Todd C. Miller
120f0684b5 For C89, use "const char __func__[]" instead of "const char *__func__". 2014-07-28 15:01:48 -06:00
Todd C. Miller
d7c309f702 Conver sudo_debug_write() to a macro 2014-07-21 09:13:47 -06:00
Todd C. Miller
088edcb6f5 Add exported libsudo_util functions to util.exp and mark in headers 
using __dso_public.
 2014-06-26 15:51:15 -06:00
Todd C. Miller
8ca711ee15 When relocating fds, update the debug fd if it is set so we are 
guaranteed to get debugging output.
 2014-01-15 06:00:59 -07:00
Todd C. Miller
1adeda54ef Add support for preventing fds from getting clobbered by closefrom(). 2013-12-20 11:14:32 -07:00
Todd C. Miller
3dab6bd8e9 Allow sudo to compile without variadic macro support in cpp. 
Debugging support will be limited (no file info from warnings.)
From Daniel Richard G.; Bug #621
 2013-11-18 09:10:09 -07:00
Todd C. Miller
6c71ad5c15 Add debug_return_const_str and debug_return_const_ptr for returning 
a const string or pointer.  Using const for the normal versions
produces warnings with the Tru64 compiler.
 2013-11-17 16:11:39 -07:00
Todd C. Miller
79acd5db49 Simple event subsystem that uses poll() or select(). Basically a 
simplied subset of libevent2.  Currently only fd events are supported
(since that's all we need).  The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
 2013-10-12 05:53:43 -06:00
Todd C. Miller
bec394dc11 Add support to the debug subsystem for zero-length strings. This 
can happen for things like warning(NULL) or fatal(NULL) where we
just want to log the errno string.
 2013-08-15 14:09:53 -06:00
Todd C. Miller
f8660f9988 Add variants of warn/error and sudo_debug_printf that take a va_list 
instead of a variable number of args.
 2012-11-08 15:37:42 -05:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00
Todd C. Miller
5ac272c03e Fix gcc 2.x variant macro support. 2012-06-18 14:03:11 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
abdff25703 Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() 
and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
This allows consumers of sudo_debug_printf() to log that data without
having to specify it manually.
 2012-04-05 13:04:00 -04:00
Todd C. Miller
2c84bd4d08 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. 
Log the function, file and line number in the debug log for warning()
and error().
 2012-04-05 12:37:15 -04:00
Todd C. Miller
2fe41248ac Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. 
Use this flag when wrapping error() and warning() so the debug
output includes the error string.
 2012-04-04 16:59:31 -04:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
e16ae617e4 g/c now-unused debug subsystems 2012-02-05 10:17:26 -05:00
Todd C. Miller
a64f1eaea8 Do not close error pipe or debug fd via closefrom() as we need them 
to report an exec error should one occur.
 2011-11-29 19:51:24 -05:00
Todd C. Miller
3ee9cef0da Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR 2011-11-07 16:33:49 -05:00
Todd C. Miller
53e3ad11b5 New debug framework for sudo and plugins using /etc/sudo.conf that 
also supports function call tracing.
 2011-10-22 14:00:52 -04:00