isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

10433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
6286ce1d16 Store column number for aliases, defaults and userspecs too. 
This is used to provided the column number along with the line
number in error messages.  For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
 2020-11-02 05:39:06 -07:00
Todd C. Miller
982012dbb1 Display column number in parse error messages too. 
Bug #841
 2020-11-01 15:34:11 -07:00
Todd C. Miller
6f7e5b104b Move tls initialized flag into client_closure. 
We may call tls_init() from multiple places in the future so a
static initialized flag will cause problems.
 2020-11-01 15:03:02 -07:00
Todd C. Miller
10b09e4d89 Fix -Wshadow warnings caused by json enum member. 2020-11-01 15:01:16 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
973da9a591 Refernce IBM LDAP libs, not Tivoli since that is how it is packaged. 
We still use Tivoli when talking about the server itself but refer
to it as the "IBM Tivoli Directory Server".
 2020-10-29 09:16:06 -06:00
Todd C. Miller
f4c5f34ab7 Add a newline before "This option is ..." 2020-10-29 06:32:03 -06:00
Todd C. Miller
8dee1b1ecf regen 2020-10-29 06:31:45 -06:00
Todd C. Miller
1910b1924f Test eventlog_writeln() when word wrap is disabled. 2020-10-28 13:47:40 -06:00
Todd C. Miller
3078d67c13 Bison generates an extra enum containing the parser tokens. 
This conflicts with the IBM ldap.h at least.  Prevent it from being
exposed by defining YYTOKENTYPE.
 2020-10-28 10:13:39 -06:00
Todd C. Miller
c8c7e1f607 Use ssl_err2string() in message on ldap_ssl_client_init() failure. 
Displaying SSL reason code directly is not user-friendly.
 2020-10-28 09:40:11 -06:00
Todd C. Miller
488aeff532 IBM LDAP packages use a lib64 directory for 64-bit libraries. 
We need to add this to LDFLAGS so the linker is able to find
the correct libs when building 64-bit binaries.
 2020-10-28 09:49:10 -06:00
Todd C. Miller
8c43eeb293 For JSON logs, write the most important log elements first. 
This is important for syslog where the record could be truncated.
 2020-10-27 16:28:16 -06:00
Todd C. Miller
28d6771d24 Add log_format sudoers setting to select sudo or json format logs. 
Defaults to sudo-format logs.
 2020-10-27 15:26:02 -06:00
Todd C. Miller
6bc729aa36 Support "minimal" JSON which skips all non-essention whitespace. 
This replaces the old "compact" mode which is only used for syslog.
 2020-10-27 13:26:22 -06:00
Todd C. Miller
4fc39cfb0a Don't warn about log failure more than once. 2020-10-27 06:36:58 -06:00
Todd C. Miller
34c1651514 Check for fdopen(3) failure in send_mail(). 2020-10-26 21:23:36 -06:00
Todd C. Miller
fdae4bdbbb Add support for file log line wrapping in libeventlog. 2020-10-26 16:16:46 -06:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
39b540ff33 Log the short version of the tty in sudoers-format logs. 
This is consistent with historical practice.
 2020-10-26 16:10:40 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
541252beb1 Add default values in eventlog_setconf(). 2020-10-26 16:10:39 -06:00
Todd C. Miller
bd1ca79cca Add support for mailing eventlog entries and for logging raw messages. 
These will be used by the sudoers plugin.
 2020-10-26 16:10:37 -06:00
Todd C. Miller
fe6e0fb215 If no JSON callback is provided, store the contents of struct eventlog. 
This moves the JSON formatting of struct eventlog out of libsudo_iolog
and into libsudo_eventlog where it belongs.
 2020-10-26 15:43:43 -06:00
Todd C. Miller
4652698f8e struct eventlog contains submit_time, no need to pass it in directly. 2020-10-26 15:43:02 -06:00
Todd C. Miller
c0e91d7586 Add an errstr argument to eventlog_alert(). 2020-10-26 15:41:47 -06:00
Todd C. Miller
3ca3bfaab7 Make a copy of the strings stored in iolog_details and struct eventlog. 
Previously, we just made the strings const and relied on the front-end
not changing them.  Now the sudoers I/O log plugin behavior is
consistent with the policy plugin.
 2020-10-26 15:40:04 -06:00
Todd C. Miller
2d45becd4a Use struct eventlog in iolog_details. 2020-10-26 15:40:01 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
b9aff696fb No longer need eventlog-related getters in logsrvd.c 2020-10-26 15:29:44 -06:00
Todd C. Miller
8c43340474 Use libeventlog in sudo_logsrvd. 2020-10-26 15:26:02 -06:00
Todd C. Miller
707437f6cb Refactor eventlog code into a library 2020-10-26 15:24:35 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
866b0b77f2 Build 64-bit binaries on HP-UX ia64 2020-10-20 14:40:32 -06:00
Todd C. Miller
5c7c94b83a Explicitly set umask when running tests. 
Some tests create files that must not be world-writable.
 2020-10-16 13:57:28 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
b0a6e1c1e7 Pass path to testsudoers, visudo or cvtsudoers in the environment. 
Falls back on the unqualified command if the environment variable
is not set.
 2020-10-10 07:07:37 -06:00
Todd C. Miller
807857a2ca Init cmnds to NULL in rule_to_priv() so we don't free a bogus pointer. 
In the sssd backend, the rule_to_priv() cleanup code assumes cmnds
can be passed to fn_free_values(), which was not the case if we
receive an error getting values for "sudoCommand".  This is a
regression introduced in sudo 1.9.1.  Fix from Ron Bowes.
GitHub issue #67.
 2020-10-09 14:16:06 -06:00
Todd C. Miller
607076d8a0 Pass runchroot to match_digest() too. 
We use the open fd for the actual I/O but having runchroot makes
it possible to report the correct file name in error messages.
 2020-10-06 10:54:39 -06:00
Todd C. Miller
645eda55ab GitHub issue #61 was fixed in sudo 1.9.3. 2020-10-04 06:05:05 -06:00
Todd C. Miller
ea57249e29 Fix indentation of enum def_tuple. 2020-09-29 21:16:34 -06:00
Todd C. Miller
772619b7ef Remove special case EOF handling; lines now always end in a newline. 
Previously we needed to emulate some of the state transitions that
happen at end-of-line at end-of-file as well.  Those are no longer
needed now that we are guaranteed to always have a newline at the end.
 2020-09-28 10:10:16 -06:00
Todd C. Miller
f984f49c38 Increment sudolinebuf.size after realloc(). 2020-09-27 21:31:44 -06:00
Todd C. Miller
e8747a33f8 Add a newline at end of line if one is missing. 
This is simpler than having to support entries that end at EOF too.
 2020-09-27 20:21:05 -06:00
Todd C. Miller
32db528689 Add tests for entries without a newline. 2020-09-27 10:31:14 -06:00
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00