isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

10433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
24b35393e3 Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. 
Fixes loading of sudoers_audit when configured with --enable-static-sudoers.
GitHub issue #61
 2020-09-04 10:59:41 -06:00
Todd C. Miller
8a8a24560e Fix copy and paste error; Coverity CID 214191 2020-09-03 13:23:27 -06:00
Todd C. Miller
24d5ee5893 Fix memory leak on error found by the clang 10.01 analyzer. 2020-09-03 13:07:38 -06:00
Todd C. Miller
0106343032 Use correct size for curlim and maxlim. 2020-09-03 10:20:28 -06:00
Todd C. Miller
049430ee5b Only install man pages for logsrvd and python plugin if we build them. 
GitHub issue #58
 2020-09-03 06:44:43 -06:00
Todd C. Miller
21a2dce506 Remove obsolete mansrcdir variable, add _SRC suffix to LOGSRV and LOGSRVD 2020-09-03 06:03:28 -06:00
Todd C. Miller
fd06e588ee If the command was run in a chroot, add it to the log. 2020-09-02 16:57:55 -06:00
Todd C. Miller
226307591c Log the runcwd not submitcwd in the sudo-style log file. 
The log entry should reflect the working directory the command
actually ran in.
 2020-09-02 11:23:26 -06:00
Todd C. Miller
a51d194a73 Add test of multiple syntax errors. 
Where possible, the portion of the line before the error should be
still be interpreted.
 2020-09-02 12:40:39 -06:00
Todd C. Miller
578789c56f Fix error recovery in a privilege after a ':' separator. 2020-09-02 11:01:09 -06:00
Todd C. Miller
fc563286ff Initialize runchroot and runcwd in init_options() 2020-09-02 09:34:43 -06:00
Todd C. Miller
2adde428c5 Fix path to check_exptilde.c 2020-09-02 09:20:19 -06:00
Todd C. Miller
965ad74482 Update to protobuf-c 1.3.3 2020-09-02 09:06:29 -06:00
Todd C. Miller
e3b85171f8 Regenerate the parser with "bison -y" for verbose syntax error messages. 2020-09-01 21:34:30 -06:00
Todd C. Miller
b7130775f1 Add chroot/chdir changes. 2020-09-01 15:06:14 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
bd254e1042 Read/write runchroot and runcwd entries in the JSON event log. 2020-09-01 06:26:05 -06:00
Todd C. Miller
9ff960457a Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. 2020-09-01 06:26:05 -06:00
Todd C. Miller
86513c78b6 Unit test for exptilde 2020-09-01 06:26:05 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
c4a579cf8a Pass resource limits values to the plugin in user_info[] 
Sudo resets the resource limits early in its execution so
the plugin cannot tell what the original limits were itself.
 2020-08-31 16:37:01 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
47ed1721be Refer to "syntax error" instead of "parse error". 
This is the term the parser uses when there is an actual error.
 2020-08-27 16:12:09 -06:00
Todd C. Miller
1b300f78de Remove superfluous "parse error in sudoers near line N" message. 
The sudoers parser now produces better syntax error messages so we
don't need visudo to print its own.
 2020-08-27 16:08:18 -06:00
Todd C. Miller
03eb3d6db9 Don't override errorfile and errorlineno set by check_aliases(). 
Now that alias parsing stores the file and line number, visudo can
use that information to go to the line with an error when re-editing.
 2020-08-27 16:06:45 -06:00
Todd C. Miller
019f1f6b93 Use sigabbrev_np(3) to access signal abbreviations if supported. 
glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
 2020-08-25 16:48:13 -06:00
Todd C. Miller
3235687d96 Briefly describe how to restore historical parse error behavior. 2020-08-17 19:37:09 -06:00
Todd C. Miller
da5afe11bf Mention eof-of-line terminator and plugin argument changes. 2020-08-17 16:02:29 -06:00
Todd C. Miller
a3364c1e95 Fix sudoers_policy plugin options when sudoers_audit is not listed. 
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin.  As a result, plugin options set for
sudoers_policy have no effect.  If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
 2020-08-17 13:45:16 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
360c264760 Make this test pass with bison's verbose error messages. 2020-08-17 07:41:48 -06:00
Todd C. Miller
c7bc24d40b Recover from a syntax error after the ':' in a privilege spec. 
For compound privilege specs, don't throw away the entire thing if
we have a syntax error, only the part after the error is encountered.
 2020-08-16 15:19:53 -06:00
Todd C. Miller
11803027c6 Add explicit end-of-line matching in the parser for better error messages. 
A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not documented) to have multiple
user specs on a single line.  Now, each must be on its own line.
 2020-08-16 14:59:45 -06:00
Todd C. Miller
d72a48dc78 Add NOMATCH token and use it in the lexer for an unmatched pattern. 
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error.  This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
 2020-08-16 06:42:15 -06:00
Todd C. Miller
de9c77ba7e Enable error recovery for syntax erorrs that don't end with a newline. 
A syntax error on the last line of a sudoers file with no trailing
newline is now recoverable.
 2020-08-15 11:38:56 -06:00
Todd C. Miller
94eb14c214 Add error recovery for unexpected tokens after include/includedir. 2020-08-15 11:29:46 -06:00
Todd C. Miller
9c258de89e Sudo 1.9.3 changes so far. 2020-08-15 09:16:59 -06:00
Todd C. Miller
31d41853b6 sudo 1.9.3 2020-08-15 09:03:20 -06:00
Todd C. Miller
086aaeb446 Format the macOS minor version number with two digits. 
This way we get consistent 4-digit version numbers even for macOS
verions like 10.3 or 11.0 where the minor number is a single digit.
For example. 10.3 will be formatted as 1003 and 11.0 will be 1100.
 2020-08-14 14:53:27 -06:00
Todd C. Miller
cb2eb8ea94 Add missing ZFALLTHROUGH and use spaces not tabs. 2020-08-13 21:10:08 -06:00
Todd C. Miller
d12f7ccf25 Fix probe for macOS Big Sur 
"sw_vers -productName" now returns "macOS", not "Mac OS X"
 2020-08-13 20:40:33 -06:00
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
fb8ed8ba66 Use angle quotes when including gram.h and def_data.c. 
Otherwise, we can include the wrong file when doing an out-of-source
build when configured using --with-devel.
 2020-08-12 10:28:33 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
4b0783b0b4 Add *.map to the ignore file. 2020-08-12 09:11:20 -06:00
Todd C. Miller
4193f54826 Update to uncrustify 0.71.0 2020-08-11 16:58:47 -06:00
Todd C. Miller
71a879d905 Mention visudo in sudo(8) and document sudoers error recovery. 2020-08-11 14:07:31 -06:00