isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,802 Commits 1 Branch 0 Tags
5bbfaa8e68b5ee6f27d4fbfa3c4e789341724f9c
Commit Graph

12802 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f5b3f99098 user_in_group: the user's group vector already includes the primary group. 
There's no need to look up the name of user's primary group (pw_gid),
we always include the primary group ID in the group vector.
 2023-08-30 13:36:41 -06:00
Todd C. Miller
05f823df22 Move sudoers_debug.c prototypes to sudoers_debug.h. 2023-08-29 13:54:45 -06:00
Todd C. Miller
35a7283dd9 sudo_conv, sudo_printf and plugin_event_alloc live in policy.c. 2023-08-29 13:46:43 -06:00
Todd C. Miller
68a9e91860 Move default value for "iolog_file" to sudo_iolog.h. 2023-08-29 11:46:58 -06:00
Todd C. Miller
75209e2718 Rename check.h -> timestamp.h and add remaining timestamp.c prototypes. 2023-08-29 11:16:23 -06:00
Todd C. Miller
8cd0d74fbb Restore AUTH_INTR support, it is still needed. 
We still need AUTH_INTR to know when to break out of the password
prompt loop.
 2023-08-29 10:02:09 -06:00
Todd C. Miller
3c05e748a4 Add ignore_perms plugin argument to skip the sudoers file security checks. 
This is not intended to be used in a production environment.
 2023-08-29 09:55:09 -06:00
Todd C. Miller
1eb4392e14 Fix test for unsetenv() returning void with clang 16. 
Clang has dropped support for K&R function definitions so rewrite
the test to require a unsetenv() prototype in stdlib.h.
Fixes GitHub issue #302.
 2023-08-28 18:37:06 -06:00
Todd C. Miller
07003d9020 Disable fast_glob and fdexec if SUDOERS_NAME_MATCH is defined. 
We use SUDOERS_NAME_MATCH for fuzzing when we want to avoid searching
the file system for commands.
 2023-08-28 13:18:37 -06:00
Todd C. Miller
c858acc481 Rename AUTH_FATAL -> AUTH_ERROR. 2023-08-26 10:45:29 -06:00
Todd C. Miller
cf00568d88 Do not rely on the definition of ALLOW/DENY being true/false. 
We now explicitly check for ALLOW and DENY when checking return
values and negating values.
 2023-08-26 10:32:37 -06:00
Todd C. Miller
bae716642c Replace AUTH_INTR return with AUTH_FAILURE. 
The two were treated identically by the caller.
 2023-08-26 10:08:32 -06:00
Todd C. Miller
b42cab112f Call log_allowed() even when "log_allowed" is disabled. 
Otherwise, sudo will not send mail if "mail_always" or "mail_all_cmnds"
is set.
 2023-08-25 11:19:42 -06:00
Todd C. Miller
4cdee2e312 Don't set defaults values for features that are not present. 
This means that lecture_status_dir and timestampdir are only set
if _PATH_SUDO_LECTURE_DIR and _PATH_SUDO_TIMEDIR respectively are
set.  Also, the log server defaults are only set when SUDOERS_LOG_CLIENT
is defined.
 2023-08-25 11:19:42 -06:00
Todd C. Miller
993ee338d9 Only set I/O logging callbacks if SESSID_MAX is defined. 2023-08-25 11:19:42 -06:00
Todd C. Miller
30fc288291 Move tty_present() into policy.c as sudoers_tty_present(). 
This function is policy-dependent.  For the modern sudo front-end
it will simply check tcpgid and/or ttypath.
 2023-08-25 11:19:42 -06:00
Todd C. Miller
df969d30b4 Silence a few remaining -Wconversion warnings. 2023-08-23 14:56:50 -06:00
Todd C. Miller
522ac12f21 No need to inclue auth/sudo_auth.h 2023-08-23 14:27:19 -06:00
Todd C. Miller
18aba49843 --enable-pvs-studio: check for license file in the default location 2023-08-23 09:56:39 -06:00
ken
60e5842014 modify ret type from int to bool (#298) 
* modify ret type from int to bool

* change debug_return_int to debug_return_bool

* modify ret type
 2023-08-23 08:37:09 -06:00
Todd C. Miller
091051125b Move timestampowner sudoers callback to timestamp.c. 2023-08-22 17:04:08 -06:00
Todd C. Miller
593998cb62 Quiet a PVS-Studio false positive about possible NULL dereference. 
set_perms() is only called with a NULL ctx for PERM_ROOT, PERM_SUDOERS
and PERM_TIMESTAMP.
 2023-08-22 09:58:05 -06:00
Todd C. Miller
821799d1f4 set_perms: ctx may be NULL for PERM_ROOT, PERM_SUDOERS, PERM_TIMESTAMP. 2023-08-21 16:53:35 -06:00
Todd C. Miller
c7157ce0b1 Move a few fields from sudoers_user_contect to sudoers_context. 
They are not really specific to the user or user-specified.
 2023-08-21 15:30:12 -06:00
Todd C. Miller
9aaba80a04 Remove dead code dealing with unknown user and MODE_INVALIDATE. 
The timestamp unlink code does not need the user's struct passwd
pointer, just the user name (which we already have).  Found by
PVS-Studio.
 2023-08-21 13:21:51 -06:00
Todd C. Miller
df730dec5d Suppress some other PVS-Studio false positives. 2023-08-21 13:21:49 -06:00
Todd C. Miller
49cd7463c5 Quiet a PVS-Studio false positive about possible NULL dereference. 
set_perms() is only called with a NULL ctx for PERM_ROOT, PERM_SUDOERS
and PERM_TIMESTAMP.
 2023-08-21 13:19:10 -06:00
Todd C. Miller
8161205447 MODE_KILL is never set in the sudoers plugin, remove it. 2023-08-21 12:52:21 -06:00
Todd C. Miller
c6987aa26e Cast int to size_t before adding instead of casting the result. 
Quiets PVS-Studio warning V1028.
 2023-08-21 12:50:31 -06:00
Todd C. Miller
9f05bfd298 Fix log_server_accept() definition for --disable-log-client builds. 2023-08-21 11:35:23 -06:00
Todd C. Miller
e933fc7ba3 Use a global static struct exec_closure for the cleanup hook. 
This is safer than storing a pointer to a stack variable in the
cleanup function since we don't need to worry about it ever going
out of scope.  Quiets a clang 15 analyzer warning.
 2023-08-21 10:47:34 -06:00
Todd C. Miller
6fa4786534 Plug memory leak if journal_parse_error() fails. 
Found by the clang 15 analyzer.
 2023-08-21 10:47:32 -06:00
Todd C. Miller
46e6955ba6 Eliminate some clang analyzer false positives. 2023-08-21 10:47:32 -06:00
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
837da1bef0 Move NewArgv, NewArgc and saved_argv into struct sudoers_context. 2023-08-21 09:22:24 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
1b9fb405a3 free_parse_tree: clear the nss pointer when freeing. 2023-08-18 12:24:00 -06:00
Todd C. Miller
a712af5a26 sudoers_parse_ldif: do not free parse_tree before using 
The user is expected to pass in an initialized and empty parse_tree
so there is no need to free it first.
 2023-08-18 12:22:43 -06:00
Todd C. Miller
902453a829 Update embedded copy of zlib to version 1.3. 2023-08-18 11:26:27 -06:00
Todd C. Miller
cb01b90a5c We still need to clamp ngids if getgrouplist2() returns -1. 
Otherwise, we end up with ngids set to the number of gids the user
belongs to which may be larger than what the front-end specified.
Fixes a regression introduced in the last commit here.
 2023-08-15 08:52:02 -06:00
Todd C. Miller
f17aebe6aa No need to clear errno when using sudo_strtonum(). 2023-08-14 16:29:47 -06:00
Todd C. Miller
20baa39007 Move max_groups out of sudoers_user_context and into pwutil.c. 
It is only used by the local password pwutil implementation.
 2023-08-14 16:29:15 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
2e8648ea0f check_exptilde: don't need runas_ctx here 2023-08-14 12:37:44 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00