isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,204 Commits 1 Branch 0 Tags
73c1b04306d5291abde9857b51e6aaee936e57c4
Commit Graph

206 Commits

Author SHA1 Message Date
Todd C. Miller
741c6f274e Add support for @include and @includedir 
These are less confusing than #include and #includedir when the
hash character is also the comment character.

This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously.  As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
 2020-05-20 13:10:53 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
5b488f313c Increase the maximum delay again for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-01 10:23:50 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8ef5b734c4 Rework the JSON API to write to a memory buffer, not a stdio stream. 2020-02-17 16:10:55 -07:00
Todd C. Miller
e7bd19bd1e Add test for #include directive without a trailing newline. 2020-02-14 14:13:55 -07:00
Todd C. Miller
9e2e79b6fa Add regress test for parsing Defaults lists. 
Currently only env_check, env_delete, env_keep and log_servers are lists.
 2020-02-10 17:58:59 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
45e589d443 Pass back a failure or error string to the front end. 
The audit_failure() function now stores the failure string.
This will allow an audit plugin to log the reason if the user's
request is a rejected.
 2020-01-30 13:25:36 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
13e3eaad5f Simplify iolog_set_user and iolog_set_group 2019-10-24 20:04:33 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
37670a008b Fix parsing of double-quoted Defaults bindings that start with % or +. 
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
 2019-08-20 10:25:38 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
e31ac5a998 Fix test failure when run by a user other than the file owner. 2019-03-08 09:07:20 -07:00
Todd C. Miller
0c31cf15fe Test cvtsudoers stdout and stderr separately. 
Fixes a test failure on systems with musl libc.  Bug #873
 2019-03-08 06:58:30 -07:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
60f0d65e22 Fix expected test output now that command_timeout is parsed correctly 
in LDIF.
 2018-10-17 06:57:06 -06:00
Todd C. Miller
cf07dc0757 Add a suspend event type to the I/O log to log suspend/resume of 
the command so we can skip that delay during replay.
 2018-10-05 14:16:08 -06:00
Todd C. Miller
2121693879 Move definition of TIME_T_MAX to sudo_util.h 2018-09-24 14:21:58 -06:00
Todd C. Miller
5f61f2c0f4 Remove special handling of the USERNAME environment variable. It 
used to be set on old versions of Fedora but that hasn't been the
case for some time.  It's worth noting that ssh doesn't set USERNAME
either.
 2018-09-24 05:30:03 -06:00
Todd C. Miller
8bf279b11e Add regress test for bug #853 2018-09-20 15:10:15 -06:00
Todd C. Miller
27e549a3ef Allow for some clock drift due to ntpd, etc. 2018-08-31 09:22:59 -06:00
Todd C. Miller
0715b55474 Quick sort is not a stable sort; use distinct sudoOrder values so 
the output is predictable.
 2018-08-30 14:43:24 -06:00
Todd C. Miller
a924b4610b Fix warnings on OpenIndiana (Illumos) 2018-08-30 14:06:18 -06:00
Todd C. Miller
2221fbe2f1 Add some more ldif -> sudoers tests to verify sudoOrder. 2018-08-30 07:49:59 -06:00
Todd C. Miller
e318f27fba When parsing an I/O log timing line, store the result in a timespec, 
not a double.  The speed factor (for scaling the delay) in sudoreplay
is still a double but we only need to adjust the delay if the factor
is something other than 1.0.
 2018-08-29 09:57:12 -06:00
Todd C. Miller
f1f632665c Fix memory leak in test. 2018-08-29 07:38:27 -06:00
Todd C. Miller
4b3c8a73a0 Handle systems where root's gid is not 0. 2018-08-23 16:21:28 -06:00
Todd C. Miller
aaad554cda Add regress test for I/O log plugin endpoints 2018-08-23 15:35:02 -06:00
Todd C. Miller
3c562facca Fix test output for bug #845 2018-08-20 05:49:57 -06:00
Todd C. Miller
154a5f59a9 Move digest code into libutil 2018-05-24 21:04:07 -06:00