isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,204 Commits 1 Branch 0 Tags
73c1b04306d5291abde9857b51e6aaee936e57c4
Commit Graph

244 Commits

Author SHA1 Message Date
Todd C. Miller
14b454cc0d Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:44:05 -07:00
Todd C. Miller
d46d0fbc6f When parsing sudoOptions that include an operator (!, +, +=, -=) 
strip out any whitespace on either side of the operator.
 2015-12-09 14:57:33 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
ff5b6dbb60 Add missing check for calloc(3) return value. 2015-07-14 13:56:29 -06:00
Todd C. Miller
ea85db3ecd Add support for parsing quoted strings in a sudoOption just like 
sudoers Defaults settings.
 2015-07-07 10:58:05 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
54f9de6cce Add an error flag to the lbuf struct to simplify error checking. 
Callers of the lbuf functions now check the error flag to tell if
a memory allocation error ocurred.
 2015-06-26 15:58:04 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
d84757951f Silence clang analyzer warning on glibc systems where the first 
argument to qsort() is marked as non-NULL.
Also change some counters from into to unsigned int and two flags
from int to bool.
 2015-06-24 10:32:08 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
e2328479dd Use strtok_r() instead of strtok() 2015-06-19 12:35:51 -06:00
Todd C. Miller
ec7e467c58 Remove asprintf() return value warnings. 2015-06-17 17:00:25 -06:00
Todd C. Miller
f02874fe5b Remove extraneous semicolons in CHECK_* macros. 2015-06-17 10:25:29 -06:00
Todd C. Miller
5413637ae8 Use non-exiting allocators in the sudoers LDAP backend. 2015-06-16 13:58:45 -06:00
Todd C. Miller
ea34d01010 Use \28 and \29 instead of \( and \) in the ldap query as per RFC 
2254.  Fixes netgroup queries on AIX.  From Steven Soulen.
 2015-06-15 13:32:48 -06:00
Todd C. Miller
dee7a6ddaf Fix old gcc2 variadic macro support. 2015-05-27 16:38:59 -06:00
Todd C. Miller
d16434f977 sudo_ldap_check_non_unix_group() returns bool, not int. 2015-05-07 10:43:26 -06:00
Todd C. Miller
caf5d45e0f Previously, debug_return_bool was the same as debug_return_int 
except that it logged true/false for 1/0.  However, this appears
to trigger a bug in some compilers.  To avoid this, debug_return_bool
now uses bool, not int.  Callers that were passing it an int have
been converted to use debug_return_int instead.
 2015-05-07 10:33:23 -06:00
Todd C. Miller
3de14196c8 Add some ldap_err2string() debugging when the LDAP search fails. 
Adapted from a diff from Steven Soulen.
 2015-04-14 09:50:40 -06:00
Todd C. Miller
c9d4e1084c Fix logic for verifypw/listpw all in sudoers LDAP and sssd. 2015-03-02 11:37:43 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but 
also match nisNetgroupTriple entries that have no domain.
 2015-01-30 14:45:22 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there 
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
 2015-01-29 14:08:30 -07:00
Todd C. Miller
741bb8ec79 Add macros to ease the checking of strlcpy, strlcat and 
sudo_ldap_value_cat return values.
 2015-01-22 11:42:32 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
28f6ee5f9e Fix NULL deref if base64_decode returns -1. 2014-07-22 14:53:15 -06:00
Todd C. Miller
430ad0fa8a Be sure to NUL-terminate the decoded secret when converting from 
base64.
 2014-07-13 15:23:32 -06:00
Todd C. Miller
b5a6037a6c Fix a pointer signednes warning calling base64_decode(). 2014-07-13 14:27:20 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
c35d7f2b04 Add support for base64 secrets in ldap.conf and ldap.secret. 
Based on an idea from anthony AT rlost DOT com
 2014-07-10 15:31:11 -06:00
Todd C. Miller
a8fa112a53 atobool -> sudo_strtobool 
atoid-> sudo_strtoid
atomode -> sudo_strtomode
 2014-06-27 14:53:54 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
7bafa63c15 Don't pollute the namespace with lbuf struct and functions 2014-06-26 15:51:15 -06:00
Todd C. Miller
f029e3e744 Remove touch() from fileops.c and just call utimes/futimes directly. 
Rename lock_file -> sudo_lock_file to avoid namespace pollution
 2014-06-26 15:51:15 -06:00
Todd C. Miller
b5b75b2d8a Don't call gss_krb5_ccache_name() with a NULL pointer when restoring 
the old credential cache file name.  This can happen if there was
no old name returned by gss_krb5_ccache_name().  Fixes a crash on
kerberized LDAP on some platforms.
 2014-06-17 08:51:41 -06:00
Todd C. Miller
5086194c67 Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just 
pass back a return value.
 2014-04-30 16:57:12 -06:00
Todd C. Miller
134b2a4228 Rename emalloc2() -> emallocarray() and erealloc3() -> ereallocarray(). 2014-04-22 16:02:28 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
7d994b5032 Remove remaining calls to fatalx(); just pass the error to the caller. 2014-03-31 15:43:52 -06:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7a1cd11c0d Update copyright year. 2014-02-06 16:00:56 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
cbf41b8b96 The OpenBSD strtonum() uses very short error strings that can't 
be translated usefully.  Convert them to longer strings on error.
Also use the longer strings for atomode() and atoid().
 2013-12-11 13:43:10 -07:00