isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,181 Commits 1 Branch 0 Tags
71e98d94930ea253ce9c702b4be9de1d94ad0d78
Commit Graph

2257 Commits

Author SHA1 Message Date
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
cc3428398a Parse "ALL" as a command correctly. 2018-05-14 08:35:48 -06:00
Todd C. Miller
4a3aa5f6e6 Add debug warning if lseek() fails (should not be possible). 2018-05-11 07:51:43 -06:00
Todd C. Miller
7b1e78d6df Fix swapped args of lseek() when rewinding. This didn't cause a 
problem because the value of SEEK_SET is 0.
 2018-05-11 07:45:22 -06:00
Todd C. Miller
6e290763ca Fix a format-truncation warning in newer gcc by avoiding using %0x 
and %0X in the test.  We are formatting a single byte so just do
it one nybble at a time.
 2018-05-10 21:17:03 -06:00
Todd C. Miller
7a940ce30b No need to explicitly free role on EOF, it will be freed after the 
loop is done.
 2018-05-03 11:06:02 -06:00
Todd C. Miller
29d188f4b4 Garbage collect the command argv, envp and info vectors since they are 
not available at policy close time.
 2018-05-03 10:52:17 -06:00
Todd C. Miller
b0c13e995c Plug memory leaks on parse error or when an LDIF entry doesn't match 
the dn filter.
 2018-05-03 10:51:11 -06:00
Todd C. Miller
620070f493 Rename variables now that the string list functions are not ldap-specific. 2018-05-03 10:49:54 -06:00
Todd C. Miller
23b2879e08 sync with translationproject.org 2018-04-29 13:33:29 -06:00
Todd C. Miller
a18e811485 O_EXEC for fexecve() not O_SEARCH. 2018-04-25 14:55:55 -06:00
Todd C. Miller
f53e5e2bdf Fix compilation error with older Sun Studio compilers. 2018-04-24 16:40:16 -06:00
Todd C. Miller
cfdae3a4fd Move the check for /dev/fd/N until *after* the digest has been 
checked.  We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().
 2018-04-24 07:21:08 -06:00
Todd C. Miller
64c78a61cb Rewind the fd after calling sudo_filedigest(). Otherwise, when 
running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N.  This only appears to affect BSD systems with
fdescfs.  Bug #831.
 2018-04-23 20:43:04 -06:00
Todd C. Miller
6e22da3412 In open_cmnd(), return true, not false, if we the /dev/fd/N pathname 
is not present.  We don't want to fail a match because of this.
 2018-04-23 14:42:35 -06:00
Todd C. Miller
def2e761e3 We can only use fexecve() on a script if /dev/fd/N exists. 
Some systems, such as FreeBSD, don't have /dev/fd mounted
by default.  Bug #831
 2018-04-23 10:54:51 -06:00
Todd C. Miller
16093ee8d9 sync with translationproject.org 2018-04-22 06:58:53 -06:00
Todd C. Miller
388ef262de sync with translationproject.org 2018-04-21 13:56:36 -06:00
Todd C. Miller
c64e57dad5 Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers 
and LDIF -> sudoers -> LDIF.
 2018-04-21 06:23:02 -06:00
Todd C. Miller
48f74db604 Test the -b option when converting from LDIF. 2018-04-19 09:24:08 -06:00
Todd C. Miller
e1392cd28a Fix the -b option when converting from LDIF. 2018-04-19 09:23:45 -06:00
Todd C. Miller
109160df35 sync with translationproject.org 2018-04-18 21:14:10 -06:00
Todd C. Miller
523f0eeeab Monty Python insults from Philip Hudson 2018-04-17 07:10:43 -06:00
Todd C. Miller
9de8a0bd05 sync with translationproject.org 2018-04-15 08:21:40 -06:00
Todd C. Miller
4be8aba9f8 cvtsudoers regress tests 2018-04-15 08:14:46 -06:00
Todd C. Miller
1bfe03000d Prune alias contents when pruning and expanding aliases. 
This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions.  A better approach would be to call the correct function
from user_matches() and host_matches().
 2018-04-15 08:14:46 -06:00
Todd C. Miller
d85e244c6c Fix cut & pasto that prevented "-d command" from working. 2018-04-14 06:13:44 -06:00
Todd C. Miller
38ff661621 Fix a user after free crash as well as a memory leak when filtering 
Defaults.
 2018-04-13 10:49:05 -06:00
Todd C. Miller
df7a6ea4e8 Don't always expand aliases when formatting a host-based Defaults 
line.  This was missed when expand_aliases support was added.
 2018-04-12 06:25:35 -06:00
Todd C. Miller
2b2565b2c3 Allow host and user aliases to be specified in match filters. 2018-04-12 06:21:20 -06:00
Todd C. Miller
aa900c0f24 Update copyright year. 2018-04-12 05:13:49 -06:00
Todd C. Miller
7a3472cb07 sync with translationproject.org 2018-04-10 16:07:42 -06:00
Todd C. Miller
9e91d3f451 When the -d option is used, remove aliases used by the non-converted 
Defaults settings if the aliases are not also referenced by userspecs.
 2018-04-09 11:13:33 -06:00
Todd C. Miller
8c64cd97d2 regen 2018-04-05 07:00:25 -06:00
Todd C. Miller
512e0be834 Use btime in /proc/stat to determine system start time instead of 
/proc/uptime.  Fixes the process start time test when run from a
container where /proc/uptime is the uptime of the container but the
process start time is relative to the host system boot time.
Bug #829
 2018-04-04 11:28:53 -06:00
Todd C. Miller
7663ae7b27 Add option to prune non-matching entries from cvtsudoers output with -m 
option is used.
 2018-04-04 09:51:05 -06:00
Todd C. Miller
5c1d9899e1 Allow defaults types and suppression list to be specified in 
the config file.
 2018-04-02 07:41:56 -06:00
Todd C. Miller
18ba38ef4c Refactor common alias code out of cvtsudoers and visudo and into alias.c. 2018-04-02 07:41:09 -06:00
Todd C. Miller
dbd5613b1a Avoid NULL deref in an error path. CID 183467 2018-03-29 18:53:53 -06:00
Todd C. Miller
18371cacba No need to initialize the last pointer passed to strtok_r(). 
This was originally added to appease newer gcc but no longer
seems to be required.  CID 183466, CID 183468, CID 183469
 2018-03-29 18:53:51 -06:00
Todd C. Miller
6f66216441 Avoid false positive NULL dereference by uses value.u.string 
instead of name as the former is guaranteed not to be NULL.
Fixes CID 183465.
 2018-03-29 18:53:50 -06:00
Todd C. Miller
b4b5243bff regen 2018-03-29 10:20:26 -06:00
Todd C. Miller
dd545f38ca Add support for "cvtsudoers -d all" 2018-03-28 17:43:58 -06:00
Todd C. Miller
aa402cdc3c Add -d option to control what type of Defaults entries are converted. 2018-03-28 08:33:07 -06:00
Todd C. Miller
6da40a7b5b Fix typo in strcmp(), we are comparing var not val. 2018-03-23 09:54:52 -06:00
Todd C. Miller
30f8174084 regen 2018-03-22 13:30:25 -06:00
Todd C. Miller
14ee65c525 Add -M option to cvtsudoers to force the use of the local passwd 
and group databases when matching.
 2018-03-22 13:24:41 -06:00
Todd C. Miller
8a237eb07d Add cvtsudoers command line option to suppress certain parts of the 
security policy.  Can be used to suppress displaying of Defaults
entries, aliases or privileges.
 2018-03-22 11:38:39 -06:00
Todd C. Miller
af6e1cd7c6 Silence a false positive from the clang static analyzer. 2018-03-21 15:03:17 -06:00
Todd C. Miller
821e8a07da Silence a false positive from the clang static analyzer. 2018-03-21 14:55:17 -06:00