isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

2927 Commits

Author SHA1 Message Date
Todd C. Miller
9ff960457a Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. 2020-09-01 06:26:05 -06:00
Todd C. Miller
86513c78b6 Unit test for exptilde 2020-09-01 06:26:05 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
c4a579cf8a Pass resource limits values to the plugin in user_info[] 
Sudo resets the resource limits early in its execution so
the plugin cannot tell what the original limits were itself.
 2020-08-31 16:37:01 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
1b300f78de Remove superfluous "parse error in sudoers near line N" message. 
The sudoers parser now produces better syntax error messages so we
don't need visudo to print its own.
 2020-08-27 16:08:18 -06:00
Todd C. Miller
03eb3d6db9 Don't override errorfile and errorlineno set by check_aliases(). 
Now that alias parsing stores the file and line number, visudo can
use that information to go to the line with an error when re-editing.
 2020-08-27 16:06:45 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
360c264760 Make this test pass with bison's verbose error messages. 2020-08-17 07:41:48 -06:00
Todd C. Miller
c7bc24d40b Recover from a syntax error after the ':' in a privilege spec. 
For compound privilege specs, don't throw away the entire thing if
we have a syntax error, only the part after the error is encountered.
 2020-08-16 15:19:53 -06:00
Todd C. Miller
11803027c6 Add explicit end-of-line matching in the parser for better error messages. 
A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not documented) to have multiple
user specs on a single line.  Now, each must be on its own line.
 2020-08-16 14:59:45 -06:00
Todd C. Miller
d72a48dc78 Add NOMATCH token and use it in the lexer for an unmatched pattern. 
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error.  This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
 2020-08-16 06:42:15 -06:00
Todd C. Miller
de9c77ba7e Enable error recovery for syntax erorrs that don't end with a newline. 
A syntax error on the last line of a sudoers file with no trailing
newline is now recoverable.
 2020-08-15 11:38:56 -06:00
Todd C. Miller
94eb14c214 Add error recovery for unexpected tokens after include/includedir. 2020-08-15 11:29:46 -06:00
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
fb8ed8ba66 Use angle quotes when including gram.h and def_data.c. 
Otherwise, we can include the wrong file when doing an out-of-source
build when configured using --with-devel.
 2020-08-12 10:28:33 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
8a97150f56 Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' 
This results in better error messages when there is a parse error
 2020-08-10 13:59:31 -06:00
Todd C. Miller
6702f4ac4e Some minor cleanup. 
Use ntuples instead of tuple_last
Strip leading and trailing double quotes using a single gsub()
ntuples will never be zero so don't bother checking
No need to explicitly close files in END
 2020-08-10 13:30:10 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
5f5f28ac7c Require that a @include line end with a newline or EOF. 
We now parse the entire line before reading the include file.  This
is less surprising behavior and results in better error messages.
 2020-08-07 14:22:24 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
7c342e5862 Let the sudoers parser recover after a parse error. 
We currently just discard the line with the error.
 2020-08-07 14:20:21 -06:00
Todd C. Miller
91cc68d7fd Keep track of the position of the current token for error messages. 2020-08-07 14:13:25 -06:00
Todd C. Miller
99f43f8a00 Store the current line in our own buffer for better error messages. 2020-08-06 21:16:35 -06:00
Todd C. Miller
03816d020b Sync sample_approval.exp with sample_approval.c 2020-08-06 21:16:35 -06:00
Todd C. Miller
a8bfeba581 regen 2020-08-06 21:16:35 -06:00
Todd C. Miller
2a58b19f96 Add workaround for yyless() not resetting yy_at_bol. 2020-08-05 09:13:09 -06:00
Todd C. Miller
38e28dcbf5 Rename python_plugin.exp.in -> python_plugin.exp 
There is nothing dynamic in this file.
 2020-08-03 10:15:28 -06:00
Todd C. Miller
3b4d4ab8dd Add missing python_plugin.exp.in file and remove unneeded __dso_public 
This fixes building the python plugin on systems where the compiler
doesn't support symbol hiding (but wherethe linker does).
 2020-08-03 09:53:12 -06:00
Todd C. Miller
974f833e17 Use "foo in bar" syntax for testing existence of a key. 2020-08-02 06:43:35 -06:00
Todd C. Miller
838255bb80 Replace /*FALLTHROUGH*/ in generated code. 2020-08-02 06:42:57 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
20fd3b6363 Rewrite mkdefaults in awk. 2020-07-30 13:12:29 -06:00
Todd C. Miller
bcf96c153f Updated translations from translationproject.org 2020-07-19 11:32:42 -06:00
Todd C. Miller
ac00a07018 Initialize sudo_conv and sudo_printf in sudoers_audit_open(). 
We will need them if there is an error parsing sudoers and leaving
them unset can result in NULL deref.  Also set the text domain to
"sudoers" like we do for the policy and I/O logging open functions.
Bug #934.
 2020-07-12 10:13:53 -06:00
Todd C. Miller
1e4ce8525a Updated translations from translationproject.org 2020-07-11 09:19:41 -06:00
Todd C. Miller
b9ad3704d7 Export sudoers_audit symbol for compilers without symbol visibility. 2020-07-06 13:28:21 -06:00
Todd C. Miller
e9a39c149a Add some debugging statements around Defaults lookup. 2020-07-06 09:03:15 -06:00
Todd C. Miller
660738139b Replace #includedir with @includedir in default sudoers file. 2020-07-06 08:45:04 -06:00
Todd C. Miller
820d6ae207 regen without `scare quotes' 2020-06-24 05:40:42 -06:00
Todd C. Miller
df49897bd0 Replace or remove use of `scare quotes' 
These don't translate well and look odd in many fonts.
 2020-06-24 05:40:18 -06:00
Todd C. Miller
65edf6344d regen to fix a typo 2020-06-18 15:23:30 -06:00
Todd C. Miller
88393fc96f Updated translations from translationproject.org 2020-06-18 07:13:05 -06:00
Todd C. Miller
f093cb2e52 Replace terms master and blacklist in docs and examples. 2020-06-15 14:38:46 -06:00