isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

10433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
5b488f313c Increase the maximum delay again for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21 Make most python tests pass with Python 3.4 
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569 Use regex to match __init__.py instead of hacking it in verify_log_lines() 2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a Use regular expressions when matching expected and actual text. 2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f Sort the list of possible plugins before printing it. 
This gives more reproducible error messages for the tests.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336 Avoid using typing annotations so tests run with Python 3.4. 2020-04-07 14:03:58 -06:00
Todd C. Miller
ee868776de Include all python plugin files in MANIFEST, not the directory itself. 2020-04-07 14:10:36 -06:00
Robert Manner
468a5d228e logsrvd/eventlog.c: add a newline after each log message for logfile output 2020-04-06 07:31:01 -06:00
Robert Manner
8f0370cd8e lib/iolog/iolog_fileio.c: do not call fchown on invalid fd 
Fixes the warning in the log:
iolog_write_info_file_json: unable to fchown 0:0 /var/log/...: Bad file descriptor
 2020-04-06 07:31:01 -06:00
Robert Manner
ace8e18953 logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually ==root) 2020-04-06 07:31:01 -06:00
Todd C. Miller
e31e0c4d3f Don't pass a NULL submitcwd or ttyname value to the server. 
It is possible for the cwd and/or tty to be missing.  If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
 2020-04-06 07:18:58 -06:00
Todd C. Miller
93f5e1be36 Fall back to using Py_Finalize() for Python version < 3.6 2020-04-06 07:05:20 -06:00
Todd C. Miller
4e44bd46fe Disable -Wstrict-prototypes for sudo_hook_fn_t typedef. 2020-04-06 07:05:20 -06:00
Todd C. Miller
725f9f6521 Updated translations from translationproject.org 2020-04-05 13:26:28 -06:00
Todd C. Miller
4ee7ae6471 Install example sudo_logsrvd.conf file 2020-04-03 13:20:17 -06:00
Todd C. Miller
79d3bd8223 Fixed Debian bugs #571621, #596631 and #669687 2020-04-02 13:58:13 -06:00
Todd C. Miller
66c8f69f8d Make it clear in the sudoers grammar that sudoedit needs file args. 
Debian bug #571621
 2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND. 
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
 2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a Do not try to delete creds we did not set. 
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
 2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup. 
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
 2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-01 10:23:50 -06:00
Todd C. Miller
835984adc2 Document when cwd_optional was added. 2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244 The policy close function is responsible for closing the PAM session. 2020-03-31 17:23:37 -06:00
Todd C. Miller
8b35753a21 Config file for clang-format 8.x and higher based on webkit style. 
This approximates what I want the sudo coding style to look like.
Only deviations from webkit style are included.
 2020-03-31 13:35:24 -06:00
Todd C. Miller
3221c8b4d8 Don't kill the command just because the loop exited unexpectedly. 
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.

In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.

For now, only kill the command if cstat is left uninitialized.
 2020-03-31 08:49:30 -06:00
Todd C. Miller
c122e9bf62 Write process ID as an unsigned int (with a cast). 
On Solaris, pid_t may be typedef'd as a long but the actual range
is 32 bits at most.
 2020-03-29 09:11:57 -06:00
Todd C. Miller
d4b2db9078 Add license info for a few other files. 
These are all ISC licensed but it is still best to have them
all listed in one place.
 2020-03-29 06:54:59 -06:00
Todd C. Miller
5b1de6cfc8 Updated translations from translationproject.org 2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575 Update sudoers.pot with json parser warnings. 2020-03-29 05:05:08 -06:00
Todd C. Miller
891872336f Add sudo_logsrvd as a service so it gets started at boot. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
1b90f65609 sudo_logsrvd now exits with an error if it cannot open any listen sockets. 2020-03-29 05:05:08 -06:00
Todd C. Miller
baccc0f5c3 Update NEWS for 1.9.0b5 changes 2020-03-29 05:05:08 -06:00
Todd C. Miller
01ceba0445 Simply the JSON parsing code a bit. 
We can use a single stack for nested objects and arrays.
There is also no need to track the current object and array separately.
This allows us to remove the array special case when assigning a value.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
3cd9cbbadf Add tests for the simple json parser. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00
Todd C. Miller
9b144069fc Store runenv in the I/O log info file too. 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present. 
The JSON version includes more information than the original "log"
file in the I/O log dir.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
9ab8efa8f4 Ignore __pycache__ directories. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
a46d8bd11a Enable OpenSSL on systems that can support it. 2020-03-19 06:05:32 -06:00
Todd C. Miller
84d9c7b241 Add configure check for SSL_CTX_get0_certificate(). 
Dummy out verify_server_cert() if it is not present to allow building
on older OpenSSL versions.  Rewriting this to work with old OpenSSL
is not worth the trouble.
 2020-03-17 20:07:48 -06:00
Todd C. Miller
d75d36b68c Include stdlib.h for malloc(3) prototype. 
We shouldn't rely on it to be implicitly included via OpenSSL headers.
 2020-03-17 17:24:46 -06:00
Todd C. Miller
390ace9253 Only set errstr for plugin API version 1.15 and above. 2020-03-16 14:26:56 -06:00
Todd C. Miller
26097a442a Sudo 1.8.31p1 2020-03-14 11:23:26 -06:00
Todd C. Miller
712afe0319 Ignore a failure to restore the RLIMIT_CORE resource limit. 
Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
if we set the limit to zero, even for root.  This is not a problem
outside the container.
 2020-03-14 11:13:55 -06:00