isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 0 Tags
4ea6f73060c6b7c7fc24fbff78fc4c89a828e30f
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4ea6f73060 Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. 2021-01-04 14:48:42 -07:00
Todd C. Miller
7f34b8bbbd Make sure lecture file is a regular file before reading it. 2021-01-03 14:29:38 -07:00
Todd C. Miller
6e1986e915 Remove #ifdefs around code using pread(3) and pwrite(3). 2021-01-02 10:43:34 -07:00
Todd C. Miller
06bfbecd64 Add emulation of pread(3) and pwrite(3) for systems without them. 
This makes it possible to remove some ugly #ifdefs and only affects
very old systems.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
267b9a8a23 Cannot do direct exec of a command when SELinux RBAC is enabled. 2021-01-02 10:43:34 -07:00
Todd C. Miller
f6452c7caf Avoid potential use after free with eventlog-only connections. 
Coverity CID 215884.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
8ea19e294b Regen now that ldap.c and sssd.c no longer need gram.h 2021-01-02 10:32:21 -07:00
Todd C. Miller
9547755c3f Fix deregistration of a callback that is not at the head of the list. 
The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought it did.
Just store our own prev pointer and use that instead.
 2020-12-30 07:09:35 -07:00
Todd C. Miller
4151d8fc80 Sudo 1.9.4p2 2020-12-20 08:50:48 -07:00
Todd C. Miller
b3173fdedc The runas user must be set before applying runas-based Defaults. 
This effectively backs out changeset f738f5ac5350, which made
it possible to log the command when an invalid user was specified.
The policy plugin API doesn't supply the command until the check
function, at which point we've already denied the command due to
the invalid user.  Bug #951.
 2020-12-20 08:43:34 -07:00
Todd C. Miller
4c00a4e5b7 Don't enable mod_remove_empty_return 
We like to use an empty return for stub functions.
 2020-12-18 09:01:53 -07:00
Todd C. Miller
4949fd2913 Sudo 1.9.4p1 2020-12-15 16:01:05 -07:00
Todd C. Miller
4551b19f6c The lower bounds for the "closefrom" option is 3, not 4. 
This is a regression introduced in sudo 1.8.9 with the strtonum()
conversion.  Bug #950.
 2020-12-16 18:22:40 -07:00
Todd C. Miller
f41b2c1f59 Direct execution of a command is incompatible with using a log server. 2020-12-11 09:45:14 -07:00
Todd C. Miller
5c66e9532e Set sudoers_audit.close to NULL if not using a log server. 2020-12-11 08:46:39 -07:00
Todd C. Miller
0e3e13d872 Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups. 
On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is defined.
Bug #946
 2020-12-07 13:15:25 -07:00
Todd C. Miller
1cdc4716c2 Comment out the default plugin lines in the example sudo.conf. 
Fixes a problem when there are multiple versions of sudo installed
and not all suport the audit plugin, such as on macOS.
GitHub issue #75
 2020-12-05 09:08:43 -07:00
Todd C. Miller
63739dd326 Store the user-provided runas user and group name in struct sudo_user. 
This makes it available for event logging in case the name doesn't resolve.
 2020-12-05 09:05:42 -07:00
Todd C. Miller
bac76512fb Log submit group to event log. 2020-12-05 08:51:06 -07:00
Todd C. Miller
008a0e8dc1 Store iolog_path in struct sudo_user for use in the event log. 2020-12-05 08:31:46 -07:00
Todd C. Miller
fd39e2d7d6 Defer lookup of runas user until sudoers_main() for better logging. 
The log message now includes user info and the command attempted.
 2020-12-04 13:49:37 -07:00
Todd C. Miller
567e5167d1 Don't assume that just because command is non-NULL, argv is non-NULL. 2020-12-04 13:48:16 -07:00
Todd C. Miller
a7d670ee34 Fix a crash introduced in 1.9.4 when running command as an unknown user. 
Bug #948
 2020-12-04 06:45:48 -07:00
Todd C. Miller
c5a7f0eb42 When shutting down the server, close non-I/O log connections immediately. 
Avoids a timeout during server shutdown while the server waits for
active connections to close.
 2020-12-03 14:40:30 -07:00
Todd C. Miller
cbb7b4afa6 Audit errors from policy_init_session(), audit_accept(), and audit_reject(). 2020-12-03 14:10:30 -07:00
Todd C. Miller
02ebdfd7f2 Do not run the command if the audit accept function fails. 
Also add warnings if the audit reject or error functions fail.
 2020-12-03 13:20:32 -07:00
Todd C. Miller
67e6e2085a Reduce the number of error messages when we can't connect to the audit server. 
Add the error string to "unable to connect to log server" instead of
using an extra error message for the connect(2) failure.
 2020-12-03 13:20:18 -07:00
Todd C. Miller
a19f242796 Use correct error message when the TLS connection is dropped. 
Was: "recv: Unknown error 0", now: "lost connection to log server".
 2020-12-03 11:42:20 -07:00
Todd C. Miller
d98374753c Change alias_add() to return bool and set errno on failure. 
This fixes a localization problem where the error message could
have been reported in the wrong locale.
 2020-12-02 13:12:09 -07:00
Todd C. Miller
e22817e3ab Fix build when configured using --without-sendmail 
Bug #947
 2020-11-30 13:18:12 -07:00
Todd C. Miller
833e273ad9 Updated translations from translationproject.org 2020-11-29 15:11:34 -07:00
Todd C. Miller
7ac951bb62 sudo_logsrvd.conf pid_file change. 2020-11-24 11:49:10 -07:00
Todd C. Miller
293911eed6 Don't try to unlink a NULL pointer. 2020-11-24 09:53:54 -07:00
Todd C. Miller
0f6d581abd If pid_file is set to an empty value, disable the use of a pid file. 2020-11-24 09:43:00 -07:00
Todd C. Miller
d0042eda9e Don't overwrite sudo_logsrvd.pid if it is a symbolic link. 2020-11-24 09:00:25 -07:00
Todd C. Miller
94c5052ebf Fix typo detected by codespell 2.0.0 
Also avoid some new false positives
 2020-11-24 07:40:38 -07:00
Todd C. Miller
bdf5530014 Set pp_ignore_define_body=false in uncrustify config. 
Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/uncrustify/issues/2569
 2020-11-23 10:47:47 -07:00
Todd C. Miller
7bbd7c8e05 Updated translations from translationproject.org 2020-11-23 09:09:32 -07:00
Todd C. Miller
4a6ca4ba22 Fix calling sudo_conf_read() multiple times with different conf_types. 
The change to reinitialize the configuration data when sudo_conf_read()
is called again didn't take into account that sudo calls sudo_conf_read()
twice--once for the debug info and once for everything else.
 2020-11-18 09:36:05 -07:00
Todd C. Miller
7d0b19d2a0 Don't free the private copy of the environment until the close function. 
We may need to use it when logging from the audit reject function.
 2020-11-17 13:44:32 -07:00
Todd C. Miller
cb87253d1e It is possible for evlog->argv or evlog->envp to be NULL. 2020-11-17 13:43:31 -07:00
Todd C. Miller
24d812d037 Pass command_info[] to audit plugin on I/O log plugin reject or error. 
The audit plugin should cope with a NULL command_info but there's no
reason not to pass the info when we have it.
 2020-11-17 13:15:15 -07:00
Todd C. Miller
27615b5582 For the audit plugin, command_info may be NULL. 
Fixes a NULL dereference in sudoers_audit when an I/O logging
plugin rejects input/output or returns an error.
 2020-11-17 13:04:57 -07:00
Todd C. Miller
e4a2765cce Add missing initialization of def_log_format to sudo. 2020-11-17 11:11:52 -07:00
Todd C. Miller
a96b9a1373 Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled. 
Add a check for the function declaration in openssl/ssl.h.
 2020-11-16 14:39:52 -07:00
Todd C. Miller
38dd0f63b6 Event log data is sent to sudo_logsrvd even when not I/O logging. 2020-11-16 06:30:52 -07:00
Todd C. Miller
061b53e338 Regenerate sudoers.pot for 1.9.4 2020-11-14 11:42:31 -07:00
Todd C. Miller
1aa76e9b7a Update for sudo 1.9.4. 2020-11-14 11:42:29 -07:00
Todd C. Miller
2b71b61044 Update struct eventlog based on command_info[] from front-end. 
The I/O log path is not known until the I/O log plugins have
run and other plugins may alter the execution environment.
 2020-11-14 11:42:27 -07:00