isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,974 Commits 1 Branch 0 Tags
7a309d70bbd9a6acf3699af28b48280a24bcc0f7
Commit Graph

10974 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
7a309d70bb Don't assume that the number of groups returned by getgroups() is static. 
On systems where getgroups() returns results based on more than
just the per-process group vector in the kernel it is possible for
the number of groups to change in between invocations.
Based on GitHub PR #106 from Pierre-Olivier Martel.
 2021-06-26 18:45:28 -06:00
Todd C. Miller
555596e57a Use "mandoc -Tlint -Wwarning" instead of -Wstyle. 
The style checks now include "referenced manual not found" warnings
which is not helpful.
 2021-06-26 18:20:25 -06:00
Todd C. Miller
0b809cdafe regen 2021-06-22 15:23:00 -06:00
Todd C. Miller
90b4f4c4fe Change ms from size_t to long. 
Avoids a spurious test failure on Solaris 9
 2021-06-21 10:19:10 -06:00
Todd C. Miller
ae0e25cf2e Move definition of INADDR_NONE from interfaces.c to net_ifs.c. 
Fixes compilation on Solaris 9.
 2021-06-21 10:09:32 -06:00
Todd C. Miller
030746ce57 Fix dead store found by clang analyzer. 2021-06-19 12:56:31 -06:00
Todd C. Miller
442778aee1 Fix prefix skipping when the prefix is embedded and not separate. 
This doesn't currently matter since the progname and the ": " are
stored in separate messages.  Found by clang analyzer.
 2021-06-19 12:56:04 -06:00
Todd C. Miller
f3deb3737d Remove dead store found by clang analyzer. 2021-06-19 12:53:34 -06:00
Todd C. Miller
b7e81c46b1 Make sure we store an octal number (like umask) as a string. 
JSON doesn't (portably) support octal numbers with a leading zero.
 2021-06-16 16:19:12 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
1d41937ca1 Silence a compiler warning on Solaris. 2021-06-15 14:59:59 -06:00
Todd C. Miller
74f034cbfb Reduce scope of errstr variable so it is only declared for OpenSSL. 2021-06-15 14:37:59 -06:00
Todd C. Miller
024f4475b7 regen 2021-06-15 14:25:26 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
d311c7b2ee If logsrvd_config not set fall back to using stderr for warnings. 
Also fix fuzz_logsrvd_conf link error.
 2021-06-13 18:42:09 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
df1895f66f Sudo 1.9.7p1 2021-06-11 12:50:23 -06:00
Todd C. Miller
8f7cae69cc Check arrays that are passed in for NULL before using them. 2021-06-09 16:07:49 -06:00
Todd C. Miller
f7f1617826 Disable nss_search()-based group lookups on HP-UX for now. 
There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to debug.  Since HP-UX doesn't ship the
appropriate headers it is likely that there is a mismatch between
include/compat/nss_dbdefs.h and what HP actually uses.
 2021-06-09 10:43:04 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
3104d8ba0b Make sure we don't read or write past the end of the group buffer. 
We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->maxgids if we ran out of room.
 2021-06-07 13:08:10 -06:00
Todd C. Miller
4b73c98c06 Add some debugging to sudo_getgrouplist2(). 2021-06-04 11:28:48 -06:00
Radovan Sroka
f44adcdf3c Fixed bad condition for sesh args 
In selinux_edit_copy_tfiles() when there is only one file and the open()
fails then number of arguments is lower than expected.
Sudo should return error with or without "Defaults !sudoedit_checkdir" set.

This was found with regression testing of CVE-2021-23240.

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2021-06-02 11:38:26 -06:00
Todd C. Miller
97f6fc259c Fix some debug_decl typos and remove an unneeded cast. 2021-06-02 07:22:11 -06:00
Todd C. Miller
82f5592d67 T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. 2021-06-02 07:21:40 -06:00
Todd C. Miller
b1d4a02eab sudo_stat_plugin(): set errno but do not warn if plugin path too long. 
The caller will display the warning (using errno) so there is no
need to do it twice.
 2021-05-28 14:15:46 -06:00
Todd C. Miller
5087f68853 sudoreplay does not parse sudoers to find the value of iolog_dir. 
The default value for the I/O log directory is set at build time.
 2021-05-26 08:10:22 -06:00
Todd C. Miller
cc647c32e1 Fix group list ref leak in sudoers_policy_store_result() on error path. 2021-05-26 07:31:19 -06:00
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
0645a2ade6 Use /usr/bin/cc on FreeBSD and macOS. 2021-05-12 15:19:43 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
d9b8311122 Fix compiler warning on FreeBSD. 2021-05-12 07:53:19 -06:00
Todd C. Miller
96fb72e7cb Explicitly include netinet/in.h for struct sockaddr_in and sockaddr+_in6. 
Fixes a compilation problem on FreeBSD.
 2021-05-12 07:27:09 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
0f5c8fe121 Remove line causing store_suspend_local() to return false on success. 
This is something that should have been removed as part of the local
I/O logging refactor.
 2021-05-10 13:44:31 -06:00
Todd C. Miller
3147bbeb24 Don't set the command status in the closure when the command is suspended. 
This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument.
 2021-05-10 13:42:06 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
7033f1c1d8 The -g option may also be used with any group the target user belongs to. 
The description in the Runas_Spec section incorrectly stated that
the -g option could not be used if no runas group was set.  Bug #975.
 2021-05-07 13:42:40 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
3018c1cd2d Build python plugin for RHEL 6 as well. 2021-05-06 18:59:51 -06:00
Todd C. Miller
9b33594a43 Remove shell-style quotes in configure warning/error/notice messages. 
Square bracket quotes are used, no need for shell-style double quotes.
 2021-05-06 14:41:35 -06:00