isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

2841 Commits

Author SHA1 Message Date
Todd C. Miller
6286ce1d16 Store column number for aliases, defaults and userspecs too. 
This is used to provided the column number along with the line
number in error messages.  For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
 2020-11-02 05:39:06 -07:00
Todd C. Miller
982012dbb1 Display column number in parse error messages too. 
Bug #841
 2020-11-01 15:34:11 -07:00
Todd C. Miller
6f7e5b104b Move tls initialized flag into client_closure. 
We may call tls_init() from multiple places in the future so a
static initialized flag will cause problems.
 2020-11-01 15:03:02 -07:00
Todd C. Miller
10b09e4d89 Fix -Wshadow warnings caused by json enum member. 2020-11-01 15:01:16 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
c8c7e1f607 Use ssl_err2string() in message on ldap_ssl_client_init() failure. 
Displaying SSL reason code directly is not user-friendly.
 2020-10-28 09:40:11 -06:00
Todd C. Miller
28d6771d24 Add log_format sudoers setting to select sudo or json format logs. 
Defaults to sudo-format logs.
 2020-10-27 15:26:02 -06:00
Todd C. Miller
4fc39cfb0a Don't warn about log failure more than once. 2020-10-27 06:36:58 -06:00
Todd C. Miller
fdae4bdbbb Add support for file log line wrapping in libeventlog. 2020-10-26 16:16:46 -06:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
39b540ff33 Log the short version of the tty in sudoers-format logs. 
This is consistent with historical practice.
 2020-10-26 16:10:40 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
bd1ca79cca Add support for mailing eventlog entries and for logging raw messages. 
These will be used by the sudoers plugin.
 2020-10-26 16:10:37 -06:00
Todd C. Miller
3ca3bfaab7 Make a copy of the strings stored in iolog_details and struct eventlog. 
Previously, we just made the strings const and relied on the front-end
not changing them.  Now the sudoers I/O log plugin behavior is
consistent with the policy plugin.
 2020-10-26 15:40:04 -06:00
Todd C. Miller
2d45becd4a Use struct eventlog in iolog_details. 2020-10-26 15:40:01 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
5c7c94b83a Explicitly set umask when running tests. 
Some tests create files that must not be world-writable.
 2020-10-16 13:57:28 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
b0a6e1c1e7 Pass path to testsudoers, visudo or cvtsudoers in the environment. 
Falls back on the unqualified command if the environment variable
is not set.
 2020-10-10 07:07:37 -06:00
Todd C. Miller
807857a2ca Init cmnds to NULL in rule_to_priv() so we don't free a bogus pointer. 
In the sssd backend, the rule_to_priv() cleanup code assumes cmnds
can be passed to fn_free_values(), which was not the case if we
receive an error getting values for "sudoCommand".  This is a
regression introduced in sudo 1.9.1.  Fix from Ron Bowes.
GitHub issue #67.
 2020-10-09 14:16:06 -06:00
Todd C. Miller
607076d8a0 Pass runchroot to match_digest() too. 
We use the open fd for the actual I/O but having runchroot makes
it possible to report the correct file name in error messages.
 2020-10-06 10:54:39 -06:00
Todd C. Miller
ea57249e29 Fix indentation of enum def_tuple. 2020-09-29 21:16:34 -06:00
Todd C. Miller
772619b7ef Remove special case EOF handling; lines now always end in a newline. 
Previously we needed to emulate some of the state transitions that
happen at end-of-line at end-of-file as well.  Those are no longer
needed now that we are guaranteed to always have a newline at the end.
 2020-09-28 10:10:16 -06:00
Todd C. Miller
f984f49c38 Increment sudolinebuf.size after realloc(). 2020-09-27 21:31:44 -06:00
Todd C. Miller
e8747a33f8 Add a newline at end of line if one is missing. 
This is simpler than having to support entries that end at EOF too.
 2020-09-27 20:21:05 -06:00
Todd C. Miller
32db528689 Add tests for entries without a newline. 2020-09-27 10:31:14 -06:00
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
7a36d70fc1 Add test for syntax error when defining an alias using a reserved word. 2020-09-25 15:09:36 -06:00
Todd C. Miller
70ada21c5b Detect when a reserved word is used when declaring an alias. 
Now instead of "syntax error, unexpected CHROOT, expecting ALIAS"
the message is "syntax error, reserved word used as an alias name"
Bug #941
 2020-09-25 12:24:45 -06:00
Todd C. Miller
f1d19f1d6e Add SLOG_AUDIT flag for log_warningx() to also audit the message. 
This lets us combine audit_failure() and log_warningx() calls with
the same message.
 2020-09-23 08:18:55 -06:00
Todd C. Miller
6ee731caff Log when user-specified command line options are rejected by sudoers. 
We already audit those but in some cases they were not logged as well.
 2020-09-23 08:02:43 -06:00
Todd C. Miller
6f8e1b9741 Fix potential NULL deref in debug code. 2020-09-23 08:59:18 -06:00
Todd C. Miller
09835b7198 Close the passwd db before calling getpwnam_shadow(3). 
Otherwise, we will get the non-shadow passwd entry ("*") since we
called setpassent(3) earlier to keep the passwd db open.
 2020-09-23 08:55:43 -06:00
Todd C. Miller
d4428133b4 Updated translations from translationproject.org 2020-09-19 09:57:33 -06:00
Todd C. Miller
874c2b27c6 Use a simple string compare on systems without crypt(3). 
This is only used on systems without PAM, BSD authentication or AIX
authentication.  Bug #940.
 2020-09-18 08:18:07 -06:00
Todd C. Miller
9f6a3d35cb Updated translations from translationproject.org 2020-09-16 13:28:03 -06:00
Todd C. Miller
1154e1d605 Back out sudo 1.9.3b1 version change. 2020-09-16 06:19:42 -06:00
Todd C. Miller
def99ffd78 Fix typo in warning for T_CHPATH, list '~' not '*' twice. 
Bug #938
 2020-09-14 06:54:15 -06:00
Todd C. Miller
86df234e14 Update .pot files for 1.9.3. 2020-09-12 08:29:18 -06:00
Todd C. Miller
3fc3b62d72 Add missing check for strdup() failure. 
Coverity CID 214243
 2020-09-10 08:10:05 -06:00
Todd C. Miller
c200e71637 Add callback for runchroot Defaults and require password -D/-R checks. 
Using a command-based Default for runchroot will still only work for
paths that exist both in and outside the chroot.
 2020-09-09 19:18:24 -06:00
Todd C. Miller
10d3d69aa1 Pass a struct to the match functions to track the resolved command. 
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
 2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
e561f5b857 Use the same pattern of redefining TESTDIR as test10.sh. 
Adapted from a diff from Tim Rice.
 2020-09-04 17:24:09 -06:00