isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,255 Commits 1 Branch 0 Tags
8049e4e32f81424b01ac9c83eacefc3de3640ef5
Commit Graph

12255 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
738387aa4d Split push_include() into push_include() and push_includedir(). 
This moves the "isdir" function argument to the internal version.
 2023-03-20 13:01:02 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
1f19a6b72b Pass around const struct sudoers_parse_tree pointers where possible. 2023-03-17 13:31:36 -06:00
Todd C. Miller
70c533ec79 Move non-config-related macros to from sudo_ldap_conf.h to sudo_ldap.h. 2023-03-17 10:59:30 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
f2f233336e Use LIBPROTOBUF_C and LIBUTIL variables and use them. 2023-03-16 13:48:29 -06:00
Todd C. Miller
14dd995b89 Remove now-unused sudo_timeval* macros. 2023-03-15 14:09:06 -06:00
Todd C. Miller
708cdc61ba nanosleep: clear remainder on successful completion 
Also switch to doing everything in terms of struct timespec except
for the actual select(2) call.
 2023-03-15 13:50:33 -06:00
Todd C. Miller
3f5e7df3cd Add lib dependencies for fuzzer and test targets. 2023-03-15 13:13:38 -06:00
Todd C. Miller
7683ba1b88 eventlog_free: free peeraddr 2023-03-15 11:38:42 -06:00
Todd C. Miller
b965d222d8 sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. 
We already check for a NULL value above so "str == NULL" is always
false.  Found by PVS-Studio.
 2023-03-15 10:06:04 -06:00
Todd C. Miller
027b42d5a6 Fix static compilation. 2023-03-14 13:27:45 -06:00
Todd C. Miller
33cb885cf6 Replace eventlog_json.h with parse_json.h. 2023-03-14 13:09:43 -06:00
Todd C. Miller
1b3991b717 Add tests for JSON and sudo-style log output. 2023-03-13 19:42:54 -06:00
Todd C. Miller
0f46ffa9f1 Add support for parsing all fields of struct eventlog. 2023-03-14 11:24:02 -06:00
Todd C. Miller
d8e6396c55 Declare domain even if the system lacks innetgr(). 
Fixes a build error on musl-based systems like Alpine.
 2023-03-13 15:21:38 -06:00
Todd C. Miller
918af413f3 Add missing definition of $(SED). 2023-03-13 15:03:58 -06:00
Todd C. Miller
86ab362fd4 Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la 
It will be used in the upcoming log output tests.
 2023-03-13 15:02:03 -06:00
Todd C. Miller
12648b4e0a Add missing " ; " separator between environment variables and command. 
This is a regression introduced in sudo 1.9.13.
GitHub issue #254.
 2023-03-13 08:04:32 -06:00
Todd C. Miller
24f04c8cb3 Add example to verify support for searching by nisNetgroupTriple. 2023-03-12 12:04:47 -06:00
Todd C. Miller
34933ef9d0 Remove unused sudoers_gc_init() function. 2023-03-11 08:06:54 -07:00
Todd C. Miller
916d8b47c1 Sudo now does its own netgroup lookups if NETGROUP_BASE is set. 
Previously, it only performed netgroup queries to determine the
list of netgroups a user was a member of.
 2023-03-10 19:19:23 -07:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
c09aabecdc Plugin a memory leak in intercept mode. 2023-03-10 15:00:20 -07:00
Todd C. Miller
d5a7844423 Sync non-intercept version of intercept_cleanup() declaration. 2023-03-10 14:01:07 -07:00
Todd C. Miller
33c385a78e Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. 2023-03-10 13:45:53 -07:00
Todd C. Miller
c61306e583 Plug a memory leak with ptrace-based intercept. 2023-03-10 13:32:56 -07:00
Todd C. Miller
31dad6b179 Plug memory leak when log_subcmds is enabled. 2023-03-10 13:18:02 -07:00
Todd C. Miller
cb7b1dd89c Pass closure to callback, not the callback pointer itself. 2023-03-10 11:19:37 -07:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation. 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
 2023-03-10 10:05:33 -07:00
Todd C. Miller
554df8d934 Move some functions from ldap.c to ldap_util.c. 
These will be used by the LDAP innetgr() implementation.
 2023-03-10 10:02:36 -07:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
d2582c2cdb fix typo in uninstall target 2023-03-08 19:32:11 -07:00
Todd C. Miller
954980b566 Merge pull request #252 from bin-ly/main 
fix typo in uninstall target
 2023-03-08 19:29:01 -07:00
bin-ly
ec255dca1e fix command error for lib/util/Makefile.in 2023-03-09 10:10:45 +08:00
Todd C. Miller
dea110a848 Add tests for SHA2 digest support. 
This uses the NIST byte-oriented short message test vectors.
 2023-03-07 12:45:13 -07:00
Todd C. Miller
0df56634c3 Sudo 1.9.13p3 2023-03-04 09:59:19 -07:00
Todd C. Miller
689022978c A user with "list" privs for root may not list all users. 
A user with "sudo ALL" for root _is_ allowed to list any user.
 2023-03-03 13:57:27 -07:00
Todd C. Miller
452d63d6c1 sudoers_policy_list: do not set runas_pw to list_pw when listing 
This change introduced in sudo 1.9.13 is not actually needed.  The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw.  GitHub issue #248
 2023-03-03 11:16:44 -07:00
Todd C. Miller
d9e9307d98 Fix "sudo -l command args", broken in sudo 1.9.13. 
The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior.  GitHub issue #249
 2023-03-03 11:12:18 -07:00
Todd C. Miller
b013711e48 Check for sudo_pow2_roundup() overflow. 
Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX+1 that fits in an unsigned int.
This is not an issue in practice since we restrict messages to 2Mib.
 2023-03-01 13:58:32 -07:00
Todd C. Miller
19a660612f write_callback: only enable /dev/tty reader if the command is running 
This fixes a hang when there is /dev/tty data in a buffer to be
flushed by the final call to del_io_events().  We do not want to
re-enable the reader when flushing the buffers as part of pty_finish().
See PR #247 for analysis of the problem and how to reproduce it.
 2023-03-01 13:25:17 -07:00
Todd C. Miller
43378de75e Test non-fully qualified path name. 2023-02-28 09:11:26 -07:00
Todd C. Miller
7356a77969 Fix removal of y.tab.[ch] when generating gram.[ch]. 2023-02-28 09:06:48 -07:00
Todd C. Miller
172515c94d Add test for using "list" as user, runas and host. 2023-02-28 08:56:44 -07:00
Todd C. Miller
0197491e9c Move handling of the "list" pseudo-command from lexer to parser. 
The special handling of "list" in the lexer meant it could not
be used as a user, group or host, which was unintentional.
GitHub issue #246.
 2023-02-28 08:47:45 -07:00
Todd C. Miller
6c97b84c0c Make the check for HAVE_DECL_NSIG consistent with other decl checks. 2023-02-27 18:44:54 -07:00
Todd C. Miller
a4f31cff2b Plug memory leak with multiple matching CHROOT= entries. 
Found by oss-fuzz.
 2023-02-27 08:57:17 -07:00