isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

10583 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a19f242796 Use correct error message when the TLS connection is dropped. 
Was: "recv: Unknown error 0", now: "lost connection to log server".
 2020-12-03 11:42:20 -07:00
Todd C. Miller
d98374753c Change alias_add() to return bool and set errno on failure. 
This fixes a localization problem where the error message could
have been reported in the wrong locale.
 2020-12-02 13:12:09 -07:00
Todd C. Miller
e22817e3ab Fix build when configured using --without-sendmail 
Bug #947
 2020-11-30 13:18:12 -07:00
Todd C. Miller
833e273ad9 Updated translations from translationproject.org 2020-11-29 15:11:34 -07:00
Todd C. Miller
7ac951bb62 sudo_logsrvd.conf pid_file change. 2020-11-24 11:49:10 -07:00
Todd C. Miller
293911eed6 Don't try to unlink a NULL pointer. 2020-11-24 09:53:54 -07:00
Todd C. Miller
0f6d581abd If pid_file is set to an empty value, disable the use of a pid file. 2020-11-24 09:43:00 -07:00
Todd C. Miller
d0042eda9e Don't overwrite sudo_logsrvd.pid if it is a symbolic link. 2020-11-24 09:00:25 -07:00
Todd C. Miller
94c5052ebf Fix typo detected by codespell 2.0.0 
Also avoid some new false positives
 2020-11-24 07:40:38 -07:00
Todd C. Miller
bdf5530014 Set pp_ignore_define_body=false in uncrustify config. 
Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/uncrustify/issues/2569
 2020-11-23 10:47:47 -07:00
Todd C. Miller
7bbd7c8e05 Updated translations from translationproject.org 2020-11-23 09:09:32 -07:00
Todd C. Miller
4a6ca4ba22 Fix calling sudo_conf_read() multiple times with different conf_types. 
The change to reinitialize the configuration data when sudo_conf_read()
is called again didn't take into account that sudo calls sudo_conf_read()
twice--once for the debug info and once for everything else.
 2020-11-18 09:36:05 -07:00
Todd C. Miller
7d0b19d2a0 Don't free the private copy of the environment until the close function. 
We may need to use it when logging from the audit reject function.
 2020-11-17 13:44:32 -07:00
Todd C. Miller
cb87253d1e It is possible for evlog->argv or evlog->envp to be NULL. 2020-11-17 13:43:31 -07:00
Todd C. Miller
24d812d037 Pass command_info[] to audit plugin on I/O log plugin reject or error. 
The audit plugin should cope with a NULL command_info but there's no
reason not to pass the info when we have it.
 2020-11-17 13:15:15 -07:00
Todd C. Miller
27615b5582 For the audit plugin, command_info may be NULL. 
Fixes a NULL dereference in sudoers_audit when an I/O logging
plugin rejects input/output or returns an error.
 2020-11-17 13:04:57 -07:00
Todd C. Miller
e4a2765cce Add missing initialization of def_log_format to sudo. 2020-11-17 11:11:52 -07:00
Todd C. Miller
a96b9a1373 Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled. 
Add a check for the function declaration in openssl/ssl.h.
 2020-11-16 14:39:52 -07:00
Todd C. Miller
38dd0f63b6 Event log data is sent to sudo_logsrvd even when not I/O logging. 2020-11-16 06:30:52 -07:00
Todd C. Miller
061b53e338 Regenerate sudoers.pot for 1.9.4 2020-11-14 11:42:31 -07:00
Todd C. Miller
1aa76e9b7a Update for sudo 1.9.4. 2020-11-14 11:42:29 -07:00
Todd C. Miller
2b71b61044 Update struct eventlog based on command_info[] from front-end. 
The I/O log path is not known until the I/O log plugins have
run and other plugins may alter the execution environment.
 2020-11-14 11:42:27 -07:00
Todd C. Miller
95fb8eb727 Add sudoerserrorf(), a printf-style yyerror() function. 
Use this to display a better error message when using a reserved
work in an alias definition.
 2020-11-14 06:17:41 -07:00
Todd C. Miller
d28b4291c4 Build universal binaries on macOS 11.0 and higher. 
The resulting package should work on Macs based on Apple Silicon.
 2020-11-13 09:46:00 -07:00
Todd C. Miller
aeef6db85e Support EDITOR environment variable that includes quotes. 
Quote support is limited to the beginning of a word.
Also handles characters escaped with a backslash.
 2020-11-12 16:04:05 -07:00
Todd C. Miller
d688f4d34e Back out regex use in python tests, filter the output instead. 
This makes it possible to regenerate the test output again.
Also adds an update_test_data target to the Makefile.
 2020-11-11 19:04:01 -07:00
Todd C. Miller
b2ccbb3a90 Stay setuid until just before executing the command. 
Fixes a problem with pam_xauth which checks effective and real uids
to get the real identity of the user.
 2020-11-11 09:34:50 -07:00
Todd C. Miller
6439b4cc01 Ignore sudoNotBefore and sudoNotAfter unless ldap.conf contains SUDOERS_TIMED 
This is consistent with the pre-1.8.24 behavior.  Bug #945
 2020-11-11 09:34:50 -07:00
Todd C. Miller
55c4f3bddd Introduce new_member_all() for code that doesn't include gram.h. 
The ldap and sssd back-ends no longer require gram.h which fixes a
compilation issue with IBM LDAP.
 2020-11-10 19:36:56 -07:00
Todd C. Miller
deb217adf9 On SIGHUP, deregister the old debug instance before registering a new one. 
Otherwise, if debugging is enabled we will get an extra log instance
each time sudo_logsrvd reeives SIGHUP which results in duplicate
lines in the debug log.
 2020-11-10 19:36:55 -07:00
Todd C. Miller
72df19088b Refactor code to format the client message after the hello. 2020-11-09 18:32:37 -07:00
Todd C. Miller
56fb16d3e8 Use sudoers_to_eventlog() and init_log_details() in sudoers_audit_accept(). 
log_deserialize_info() can be private to iolog.c again.
 2020-11-09 17:15:11 -07:00
Todd C. Miller
9779009fae Add info_msgs to AlertMessage and populate it. 
This lets us log eventlog info along with the alert if it is available.
 2020-11-09 17:15:11 -07:00
Todd C. Miller
62525dcc94 Log reject and alert messages to the log server if one is defined. 2020-11-09 17:15:02 -07:00
Todd C. Miller
e56c3b342b Rename iolog_plugin.h to log_client.h. 
It is no longer I/O log specific and is used by sudoers_audit too.
 2020-11-09 17:13:04 -07:00
Todd C. Miller
62547746d3 Rename iolog_client -> log_client. 
The logsrvd client code is now used for more than just I/O logging.
 2020-11-09 17:13:04 -07:00
Todd C. Miller
2112d9beb1 Log accept messages in sudoers_audit if not I/O logging. 2020-11-04 05:39:16 -07:00
Todd C. Miller
8f5290b19a Refactor code to format InfoMesage array into fmt_info_messages(). 
Add free_info_messages() to free the array.
 2020-11-04 05:46:07 -07:00
Todd C. Miller
e264767eaa Refactor sudoers_io_open_remote() into log_server_open(). 
Also rename client_close() to log_server_close().
This keeps more of the client code details out of iolog.c and
will be used when logging accept messages from the audit plugin.
 2020-11-04 05:29:03 -07:00
Todd C. Miller
2d888380a4 Move argv and envp setting into iolog_deserialize_info(). 2020-11-04 05:20:08 -07:00
Todd C. Miller
f1ded289e1 Avoid early return in handle_accept() if expect_iobufs not set. 2020-11-04 05:15:07 -07:00
Todd C. Miller
fe9e65754c Add event_alloc to the audit plugin API. 
The sudoers audit plugin will use this to communicate with sudo_logsrvd.
 2020-11-02 15:28:21 -07:00
Todd C. Miller
ad40241703 Treat an authentication failure as a reject, not an alert. 
This matters when logging via sudo_logsrvd.
It also lets us remove a special case in vlog_warning().
 2020-11-09 17:13:04 -07:00
Todd C. Miller
0dd4c5797a For logsrvd AlertMessages, evlog will be NULL. 2020-11-06 14:40:54 -07:00
Todd C. Miller
444ca3789e Append errstr to reason for alert and reject events if specified. 
Previously, we logged the error string separately but this is
not consistent with how it is logged in other formats.
 2020-11-06 13:09:21 -07:00
Todd C. Miller
f8a708dae3 Regenerate with bison 3.7.3 2020-11-09 16:52:26 -07:00
Todd C. Miller
08d236293b Remove hack to define YYTOKENTYPE, it breaks newer bison. 2020-11-09 16:52:26 -07:00
Todd C. Miller
a9cad13b11 Use struct eventlog *evlog, not struct eventlog *details. 2020-11-09 16:52:21 -07:00
Todd C. Miller
282a7e80f2 Fix cut & pasto in debug subsystem. 2020-11-06 08:51:38 -07:00
Todd C. Miller
de58c11dba Set server_name before initiating TLS connection so verify function works. 
Fixes a crash in the SSL_VERIFY_PEER callback.  Also call inet_ntop(3)
with addr pointer, not sockaddr pointer so we get the correct IP address.
 2020-11-02 09:30:45 -07:00