isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,255 Commits 1 Branch 0 Tags
8049e4e32f81424b01ac9c83eacefc3de3640ef5
Commit Graph

3535 Commits

Author SHA1 Message Date
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
738387aa4d Split push_include() into push_include() and push_includedir(). 
This moves the "isdir" function argument to the internal version.
 2023-03-20 13:01:02 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
1f19a6b72b Pass around const struct sudoers_parse_tree pointers where possible. 2023-03-17 13:31:36 -06:00
Todd C. Miller
70c533ec79 Move non-config-related macros to from sudo_ldap_conf.h to sudo_ldap.h. 2023-03-17 10:59:30 -06:00
Todd C. Miller
b965d222d8 sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. 
We already check for a NULL value above so "str == NULL" is always
false.  Found by PVS-Studio.
 2023-03-15 10:06:04 -06:00
Todd C. Miller
d8e6396c55 Declare domain even if the system lacks innetgr(). 
Fixes a build error on musl-based systems like Alpine.
 2023-03-13 15:21:38 -06:00
Todd C. Miller
34933ef9d0 Remove unused sudoers_gc_init() function. 2023-03-11 08:06:54 -07:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
c09aabecdc Plugin a memory leak in intercept mode. 2023-03-10 15:00:20 -07:00
Todd C. Miller
33c385a78e Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. 2023-03-10 13:45:53 -07:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation. 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
 2023-03-10 10:05:33 -07:00
Todd C. Miller
554df8d934 Move some functions from ldap.c to ldap_util.c. 
These will be used by the LDAP innetgr() implementation.
 2023-03-10 10:02:36 -07:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
689022978c A user with "list" privs for root may not list all users. 
A user with "sudo ALL" for root _is_ allowed to list any user.
 2023-03-03 13:57:27 -07:00
Todd C. Miller
452d63d6c1 sudoers_policy_list: do not set runas_pw to list_pw when listing 
This change introduced in sudo 1.9.13 is not actually needed.  The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw.  GitHub issue #248
 2023-03-03 11:16:44 -07:00
Todd C. Miller
d9e9307d98 Fix "sudo -l command args", broken in sudo 1.9.13. 
The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior.  GitHub issue #249
 2023-03-03 11:12:18 -07:00
Todd C. Miller
b013711e48 Check for sudo_pow2_roundup() overflow. 
Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX+1 that fits in an unsigned int.
This is not an issue in practice since we restrict messages to 2Mib.
 2023-03-01 13:58:32 -07:00
Todd C. Miller
43378de75e Test non-fully qualified path name. 2023-02-28 09:11:26 -07:00
Todd C. Miller
7356a77969 Fix removal of y.tab.[ch] when generating gram.[ch]. 2023-02-28 09:06:48 -07:00
Todd C. Miller
172515c94d Add test for using "list" as user, runas and host. 2023-02-28 08:56:44 -07:00
Todd C. Miller
0197491e9c Move handling of the "list" pseudo-command from lexer to parser. 
The special handling of "list" in the lexer meant it could not
be used as a user, group or host, which was unintentional.
GitHub issue #246.
 2023-02-28 08:47:45 -07:00
Todd C. Miller
a4f31cff2b Plug memory leak with multiple matching CHROOT= entries. 
Found by oss-fuzz.
 2023-02-27 08:57:17 -07:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
6c52056d36 Include error string when formatting a SLOG_PARSE_ERROR message if present. 2023-02-23 11:37:04 -07:00
Todd C. Miller
fb6740fa2e Add sudoers open errors to the list of parse errors sent via mail. 
Previously there would be one email for the open failure and a
separate one describing the parse error.  Now a single email message
contains everything.
 2023-02-22 18:49:09 -07:00
Todd C. Miller
1641c30ed6 visudo: quiet a compiler warning on Solaris 10. 
Also explicitly close /dev/tty fd instead of relying on closefrom()
in case the fd ends up being a value 0-2.
 2023-02-22 10:55:27 -07:00
Todd C. Miller
ba7b126451 Check tcsetpgrp() return value. 2023-02-21 16:34:12 -07:00
Todd C. Miller
0339337103 Run the editor in its own process group. 
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
 2023-02-21 16:14:14 -07:00
Todd C. Miller
1bcddb9602 Stub out pivot_root() and unpivot_root() for all but the sudoers module. 2023-02-21 14:46:27 -07:00
Todd C. Miller
8b9c1b962f Fix build when SUDOERS_NAME_MATCH is defined. 2023-02-21 13:47:27 -07:00
Todd C. Miller
b52631e877 Match using canonicalized directories where possible. 2023-02-21 13:24:33 -07:00
Todd C. Miller
0ef5373678 Add canon_path(), a realpath() wrapper that performs caching. 
This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the command to be run.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
78ff514358 match_command: apply runchroot if set when matching the command 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
13a311bc71 Add pivot_root() and unpivot_root() to switch the root dir and restore it. 
This will be used to more accurately handling command resolution and
path matching when a new root directory is specified.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
a72bc5e6bf get_starttime: add support for GNU Hurd using the mach task_info call. 
This is currently Hurd-specific but could be made Mach-generic as
long as the equivalent of pid2task() is available.
 2023-02-19 07:18:37 -07:00
Todd C. Miller
0b000aab86 Only test get_starttime() on platforms where we support it. 
Fixes a test failure on systems where we have no way to determine
a process's start time.
 2023-02-18 11:46:33 -07:00
Todd C. Miller
2845ceafb0 Handle "locale -a" returning both C.UTF-8 and C.utf8. 
It is possible to have mutiple matches from the output of "locale
-a".  Just take the first one.  Fixes GitHub issue #241.
 2023-02-15 13:49:04 -07:00
Todd C. Miller
4f50692acc Add some missing files to the clean and distclean targets. 2023-02-15 10:22:42 -07:00
Todd C. Miller
a80dcc6aca Add compiled version of the sudoers Georgian translation. 2023-02-14 09:52:06 -07:00
Todd C. Miller
f1b07aed47 Regenerate .mo files. 2023-02-14 09:44:59 -07:00
Todd C. Miller
bdef2ad6d2 No longer need to define sudoers_recovery here. 2023-02-09 16:39:25 -07:00
Todd C. Miller
26385b45cf Recover from missing include file unless error_recovery is disabled. 
It is still treated as an error from a logging perspective, and
mail is still sent.
 2023-02-09 15:33:58 -07:00
Todd C. Miller
8960f50961 Updated translations from translationproject.org 2023-02-03 10:26:24 -07:00
Todd C. Miller
b333d16878 Add eventlog_mail() to send a log message via mail. 
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
 2023-02-09 11:09:24 -07:00
Todd C. Miller
1758c49d3e Get rid of sudoersdir and just use sysconfdir. 
There is no need for sudoersdir when it is always just set to sysconfdir.
 2023-02-02 19:29:26 -07:00
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00
Todd C. Miller
0b2e662b2e Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. 
From Tim Rice.
 2023-01-31 12:22:47 -07:00