isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,802 Commits 1 Branch 0 Tags
5bbfaa8e68b5ee6f27d4fbfa3c4e789341724f9c
Commit Graph

12802 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
56b829f66b sudo_module_register_conv_message: fix copy pasta in debug_decl 2023-07-24 10:47:15 -06:00
Todd C. Miller
0462a4ee8c sudo_module_register_loghandler: clear sudo_type_LogHandler on error 
Also add comments about PyModule_AddObject stealing a ref on success.
 2023-07-22 08:33:04 -06:00
Todd C. Miller
b52c32f234 Use Py_XDECREF instead of manual NULL check + Py_DECREF 2023-07-22 08:32:17 -06:00
Todd C. Miller
4e6254fea2 Work around a crash with Python 3.12. 
In sudo_module_set_default_loghandler() if we don't leak the reference
to py_loghandler we get a crash in Py_EndInterpreter() with Python
3.12.  This probably indicates a reference counting bug elsewhere.
 2023-07-21 12:20:18 -06:00
Todd C. Miller
91ea599459 Unbuffer stdout so we don't miss output during a crash. 2023-07-21 10:48:20 -06:00
Todd C. Miller
8c4cec148e Use PyObject_CallNoArgs() where possible. 2023-07-21 10:47:28 -06:00
Todd C. Miller
ba5ef624f2 Make sudo_type_ConvMessage and sudo_type_LogHandler static. 
They are not used outside their respective compilation units.
 2023-07-21 10:46:16 -06:00
Todd C. Miller
432ac12128 Pass TEST_VERBOSE to all test programs. 2023-07-20 10:13:40 -06:00
Todd C. Miller
7499b2d274 All test programs should accept the -v option, even if it is ignored. 2023-07-20 10:10:05 -06:00
Todd C. Miller
e710f79420 Revert last change, wrong diff committed. 2023-07-20 07:49:17 -06:00
Todd C. Miller
a12dbfe909 We can rely on Py_FinalizeEx() to free sub-interpreters. 2023-07-19 09:16:51 -06:00
Todd C. Miller
2cb4835781 Adapt to changed formatting of a rejected result in Python 3.12 2023-07-20 07:46:28 -06:00
Todd C. Miller
adaba9c0f0 Remove trailing whitespace from test output. 2023-07-20 06:57:19 -06:00
Todd C. Miller
7a10cdc286 _python_plugin_new_interpreter switches to the new interpreter 
No need to do PyThreadState_Swap in the caller.
 2023-07-20 06:58:53 -06:00
Todd C. Miller
cc939297a1 Call PyImport_AppendInittab after pre-initialization. 
Also remove redundant PyConfig settings.
 2023-07-19 09:13:23 -06:00
Todd C. Miller
da60384ad8 Use Py_InitializeFromConfig() not Py_InitializeEx() for Python >= 3.8. 
Avoids deprecation warnings on Python 3.12.
 2023-07-18 20:18:38 -06:00
Todd C. Miller
0efdd7632a The sudoers option is "use_pty", not "log_pty" 
GitHub issue #291
 2023-07-18 07:26:53 -06:00
Todd C. Miller
4b5480cf76 Quiet a warning false positive with older versions of gcc. 2023-07-17 11:23:04 -06:00
Todd C. Miller
fa66c16689 sudoers_check_common: MODE_PRESERVE_ENV is not valid with MODE_CHECK. 
We should only check for MODE_PRESERVE_ENV when running a command.
 2023-07-17 10:52:23 -06:00
Todd C. Miller
c29a27e840 Document bug fixes in 1.9.14p2. 2023-07-14 15:29:52 -06:00
Todd C. Miller
db704c22ec runas_userlist_matches: fix matching a Runas_Spec with an empty runas user. 
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
 2023-07-15 08:44:57 -06:00
Todd C. Miller
78b712101e Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped. 
This fixes a problem with "stair-stepped" output when the sudo-run
command's output is piped to another program and the command reads
input from the terminal.
 2023-07-14 14:12:18 -06:00
Todd C. Miller
db4bdb7327 Simplify the exec_monitor() foreground flag. 
Add cmnd_foreground flag that is only true if sudo is the foreground
process and the CD_EXEC_BG flag is not set and pass it to exec_monitor().
This means exec_monitor() no longer needs to check for CD_EXEC_BG.
 2023-07-14 14:08:59 -06:00
Todd C. Miller
625653de08 sudo_term_raw: change the isig argument into a flags field 
There are current two flags: SUDO_TERM_ISIG (enable terminal signals)
and SUDO_TERM_OFLAG (preserve output flags).
 2023-07-14 13:12:51 -06:00
Todd C. Miller
ff6ddff39b Fix a crash in intercept mode running a command with NULL argv[0]. 
Newer Linux kernels replace a NULL argv[0] with the empty string,
we should as well.
 2023-07-12 09:29:00 -06:00
Todd C. Miller
b47f1799c5 sudo_conversation_printf: simplify \n -> \r\n handling 2023-07-12 08:39:18 -06:00
Todd C. Miller
a014b0f2aa sudo_conversation: zero out reply even if no password is requested. 
This avoids a potential invalid free in the err label and provides
more predictable behavior when mixing message types in a conversation.
 2023-07-12 08:16:35 -06:00
Todd C. Miller
9afb1851b2 Docume bug fixes in 1.9.14p1. 2023-07-11 14:24:42 -06:00
Todd C. Miller
56828f6412 fmt_info_messages: don't include ttyname if it is NULL 
The NULL check was commented out for testing but should have been
restored.  Fixes a potential protocol error message from sudo_logsrvd.
 2023-07-11 14:15:46 -06:00
Todd C. Miller
2eee45ef96 evlog_new: store a new copy of peeraddr, not a pointer to a buffer. 
Starting in sudo 1.9.14, eventlog_free() will free the peeraddr
member too so it needs to be dynamically allocated.
 2023-07-11 13:51:16 -06:00
Todd C. Miller
a432aed4f0 realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX) 
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure.  Also quiet some -Wconversion
warnings.
 2023-07-10 15:52:16 -06:00
Todd C. Miller
dc1a5d7b40 sudo_krb5_ccname_path: avoid gcc false positive for ccname being NULL 
The callers all verify that they don't pass a NULL ccname so I'm
not sure how the compiler is getting confused (and why now?).
 2023-07-10 15:21:31 -06:00
Todd C. Miller
c6a11b4fed Work around unused variable warning when fuzzing in enabled. 2023-07-10 14:50:21 -06:00
Todd C. Miller
d1625f9c83 Only allow the user to specify -D or -R for the special "*" value. 
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*".  If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
 2023-07-10 14:30:40 -06:00
Todd C. Miller
44cfa9e132 Add restrict keyword to sudo_printf_t in plugin docs. 2023-07-10 14:30:39 -06:00
Todd C. Miller
db6baf2caf Convert sudo_debug_enter and sudo_debug_exit into macros. 
In most cases, these simply expand to a call to sudo_debug_printf2().
We need to keep the function versions around in libsudo_util for
backwards compatibility.
 2023-07-10 14:30:38 -06:00
Todd C. Miller
2d12a41940 Fix sudo_debug_exit_uint_v1 declaration for fuzzers. 2023-07-10 11:27:28 -06:00
Todd C. Miller
eff4e1c0c5 Add missing sudo_debug_exit_uint_v1 stub for fuzzers. 2023-07-10 11:23:06 -06:00
Todd C. Miller
dbb95ad214 sudo frontend: make more bit flags unsigned. 2023-07-10 11:06:34 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
4f097eebd3 libsudo_util: make more bit flags unsigned. 2023-07-10 11:06:04 -06:00
Todd C. Miller
9f7128fe83 parse_timeout: move overflow check to the correct location 
It was not covering all cases in its original location.
Fixes oss-fuzz issue 60454 with fuzz_sudoers.
 2023-07-08 10:16:35 -06:00
Todd C. Miller
fc02df111c Merge pull request #287 from AtariDreams/restrict 
Give every printf-like function restrict qualifiers
 2023-07-07 19:48:05 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
92860c717d struct exec_closure: make rows and cols int, not short 
There's no real space saved by using short and using int avoids a
few casts.
 2023-07-07 15:42:53 -06:00
Todd C. Miller
548e3e3125 testsudoers: avoid extern definitions where possible 2023-07-07 15:23:54 -06:00
Todd C. Miller
32f4b98f6b sudo frontend: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
0c85f10c80 python plugin: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
4891f37a45 sudo_logsrvd: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00