isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,204 Commits 1 Branch 0 Tags
73c1b04306d5291abde9857b51e6aaee936e57c4
Commit Graph

2717 Commits

Author SHA1 Message Date
Todd C. Miller
194968eaf0 Plug a memory leak on user/group lookup failure found by ASAN. 2019-03-14 11:31:05 -06:00
Todd C. Miller
e31ac5a998 Fix test failure when run by a user other than the file owner. 2019-03-08 09:07:20 -07:00
Todd C. Miller
28b0bff4f3 Updated translations from translationproject.org 2019-03-08 08:36:01 -07:00
Todd C. Miller
0c31cf15fe Test cvtsudoers stdout and stderr separately. 
Fixes a test failure on systems with musl libc.  Bug #873
 2019-03-08 06:58:30 -07:00
Todd C. Miller
0766e0c647 Better comment about EOVERFLOW and pstat_getproc(). 
Also remove some useless casts.
 2019-03-06 20:15:11 -07:00
Todd C. Miller
ea3ede690f Ignore carriage return before a linefeed. 
This allows sudo to parse files with DOS-style line endings.
 2019-03-03 14:41:59 -07:00
Todd C. Miller
e1205f08d6 Add simple API for to allow reading environment data from different sources. 
Currently, this is used to read a file like /etc/environment.
 2019-02-20 17:05:02 -07:00
Todd C. Miller
f3344b5881 Fix pasto; the unrestricted env file was read when we want the restricted one. 2019-02-19 11:03:02 -07:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
36d4373403 Split command match code out into match_command.c. 
Also remove unused SUDOERS_NAME_MATCH code.
 2019-02-18 11:35:52 -07:00
Todd C. Miller
cf2bfbcd3f Split out digest matching into its own file. 2019-02-17 08:21:13 -07:00
Todd C. Miller
a04409747c Split out digest matching into its own file. 2019-02-17 06:47:37 -07:00
Todd C. Miller
1e6e048180 Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. 
Fixes a namespace collision on Solaris when bison is used.
 2019-02-12 12:02:02 -07:00
Todd C. Miller
bc25915050 Add stub definition of digest_matches() for SUDOERS_NAME_MATCH 2019-02-06 13:12:33 -07:00
Todd C. Miller
694999487b No longer need to include sudo_lbuf.h 2019-02-06 10:25:52 -07:00
Todd C. Miller
6dceca47cc Use SET macro instead of bitwise OR. 2019-02-05 16:47:08 -07:00
Todd C. Miller
c92f80b79e In sudo_make_grlist_item() the calculation of total did not include 
space for pointers to the group names.
 2019-02-05 16:46:30 -07:00
Todd C. Miller
4f74fe3a8e Use correct debug_decl() names. 2019-02-05 14:29:39 -07:00
Todd C. Miller
928faf27f2 Add fallback values for sudoers uid, gid and mode if not set in Makefile. 2019-02-05 10:02:17 -07:00
Todd C. Miller
ecc9c366e4 Fix listpw=never and verifypw=never. Bug #869 2019-01-22 06:41:16 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
e2675d8f1e Use PAM_SILENT to prevent pam_lastlog from printing last login 
information on RedHat except when explicitly running a shell.
Adapted from a patch from Nir Soffer.  Bug #867
 2019-01-07 09:50:40 -07:00
Todd C. Miller
32dc90c28e regen 2019-01-03 13:26:57 -07:00
Todd C. Miller
efe35e5b1e Use debug_return_int not debug_return_bool in resolve_host 2018-12-24 20:31:26 -07:00
Todd C. Miller
dc9338ffe7 Allow the sudoers file to be specified without the -f option. 
Bug #864
 2018-12-24 08:26:18 -07:00
Todd C. Miller
3d84150736 Updated translations from translationproject.org 2018-12-12 10:47:01 -07:00
Todd C. Miller
72050203bc Add -n and -R options to help; reported by Radovan Sroka 2018-12-11 09:17:15 -07:00
Todd C. Miller
142b370c1f The -c option was missing from the help info; from Radovan Sroka 2018-12-11 09:05:04 -07:00
Todd C. Miller
5242773489 In sudo_pam_approval(), for the exempt case, only overwrite pam 
status when the passwd is expired or needs to be updated.
 2018-12-08 08:10:04 -07:00
Todd C. Miller
4125808a85 The fix for bug #843 was incomplete and caused pam_end() to be called early. 
sudo_pam_approval() must not set the global pam status to an error
value if it returns AUTH_SUCCESS.  Otherwise, sudo_pam_cleanup()
will call pam_end() before sudo_pam_begin_session().  This resulted
in a NULL PAM handle being used in sudo_pam_begin_session().
 2018-12-07 09:51:34 -07:00
Todd C. Miller
733669ec38 Updated translations from translationproject.org 2018-11-07 11:21:05 -07:00
Todd C. Miller
cad10fbd2e Portuguese translation for sudo and sudoers from translationproject.org. 2018-11-07 11:20:27 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
9c2f4b8f19 regen 2018-10-29 08:32:36 -06:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
03c56db408 Include getpwent() version of sudo_getgrouplist2_v1() from getgrouplist.c 2018-10-27 12:10:43 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
0597969301 Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT 
Fixes problems building on older LDAP sdks.
 2018-10-26 10:34:16 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
45652e6d71 Simplify range checks. 
No need to check for ERANGE in the cases where we also check
that the value is <= INT_MAX.  Found by PVS-Studio.
 2018-10-20 08:47:12 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
6786d53d45 In timestamp_open() no need to free cookie on error, it is NULL. 
Found by PVS-Studio.
 2018-10-19 13:32:24 -06:00
Todd C. Miller
deccfe68f1 Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). 
Coverity CID 188804
 2018-10-18 15:38:54 -06:00