isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,975 Commits 1 Branch 0 Tags
86680255bafef76296d3a1f1520ebdff8c8a8a7f
Commit Graph

10975 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
86680255ba Mention log server and fuzzers under Quest contributions. 2021-07-02 14:19:37 -06:00
Todd C. Miller
7a309d70bb Don't assume that the number of groups returned by getgroups() is static. 
On systems where getgroups() returns results based on more than
just the per-process group vector in the kernel it is possible for
the number of groups to change in between invocations.
Based on GitHub PR #106 from Pierre-Olivier Martel.
 2021-06-26 18:45:28 -06:00
Todd C. Miller
555596e57a Use "mandoc -Tlint -Wwarning" instead of -Wstyle. 
The style checks now include "referenced manual not found" warnings
which is not helpful.
 2021-06-26 18:20:25 -06:00
Todd C. Miller
0b809cdafe regen 2021-06-22 15:23:00 -06:00
Todd C. Miller
90b4f4c4fe Change ms from size_t to long. 
Avoids a spurious test failure on Solaris 9
 2021-06-21 10:19:10 -06:00
Todd C. Miller
ae0e25cf2e Move definition of INADDR_NONE from interfaces.c to net_ifs.c. 
Fixes compilation on Solaris 9.
 2021-06-21 10:09:32 -06:00
Todd C. Miller
030746ce57 Fix dead store found by clang analyzer. 2021-06-19 12:56:31 -06:00
Todd C. Miller
442778aee1 Fix prefix skipping when the prefix is embedded and not separate. 
This doesn't currently matter since the progname and the ": " are
stored in separate messages.  Found by clang analyzer.
 2021-06-19 12:56:04 -06:00
Todd C. Miller
f3deb3737d Remove dead store found by clang analyzer. 2021-06-19 12:53:34 -06:00
Todd C. Miller
b7e81c46b1 Make sure we store an octal number (like umask) as a string. 
JSON doesn't (portably) support octal numbers with a leading zero.
 2021-06-16 16:19:12 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
1d41937ca1 Silence a compiler warning on Solaris. 2021-06-15 14:59:59 -06:00
Todd C. Miller
74f034cbfb Reduce scope of errstr variable so it is only declared for OpenSSL. 2021-06-15 14:37:59 -06:00
Todd C. Miller
024f4475b7 regen 2021-06-15 14:25:26 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
d311c7b2ee If logsrvd_config not set fall back to using stderr for warnings. 
Also fix fuzz_logsrvd_conf link error.
 2021-06-13 18:42:09 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
df1895f66f Sudo 1.9.7p1 2021-06-11 12:50:23 -06:00
Todd C. Miller
8f7cae69cc Check arrays that are passed in for NULL before using them. 2021-06-09 16:07:49 -06:00
Todd C. Miller
f7f1617826 Disable nss_search()-based group lookups on HP-UX for now. 
There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to debug.  Since HP-UX doesn't ship the
appropriate headers it is likely that there is a mismatch between
include/compat/nss_dbdefs.h and what HP actually uses.
 2021-06-09 10:43:04 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
3104d8ba0b Make sure we don't read or write past the end of the group buffer. 
We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->maxgids if we ran out of room.
 2021-06-07 13:08:10 -06:00
Todd C. Miller
4b73c98c06 Add some debugging to sudo_getgrouplist2(). 2021-06-04 11:28:48 -06:00
Radovan Sroka
f44adcdf3c Fixed bad condition for sesh args 
In selinux_edit_copy_tfiles() when there is only one file and the open()
fails then number of arguments is lower than expected.
Sudo should return error with or without "Defaults !sudoedit_checkdir" set.

This was found with regression testing of CVE-2021-23240.

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2021-06-02 11:38:26 -06:00
Todd C. Miller
97f6fc259c Fix some debug_decl typos and remove an unneeded cast. 2021-06-02 07:22:11 -06:00
Todd C. Miller
82f5592d67 T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. 2021-06-02 07:21:40 -06:00
Todd C. Miller
b1d4a02eab sudo_stat_plugin(): set errno but do not warn if plugin path too long. 
The caller will display the warning (using errno) so there is no
need to do it twice.
 2021-05-28 14:15:46 -06:00
Todd C. Miller
5087f68853 sudoreplay does not parse sudoers to find the value of iolog_dir. 
The default value for the I/O log directory is set at build time.
 2021-05-26 08:10:22 -06:00
Todd C. Miller
cc647c32e1 Fix group list ref leak in sudoers_policy_store_result() on error path. 2021-05-26 07:31:19 -06:00
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
0645a2ade6 Use /usr/bin/cc on FreeBSD and macOS. 2021-05-12 15:19:43 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
d9b8311122 Fix compiler warning on FreeBSD. 2021-05-12 07:53:19 -06:00
Todd C. Miller
96fb72e7cb Explicitly include netinet/in.h for struct sockaddr_in and sockaddr+_in6. 
Fixes a compilation problem on FreeBSD.
 2021-05-12 07:27:09 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
0f5c8fe121 Remove line causing store_suspend_local() to return false on success. 
This is something that should have been removed as part of the local
I/O logging refactor.
 2021-05-10 13:44:31 -06:00
Todd C. Miller
3147bbeb24 Don't set the command status in the closure when the command is suspended. 
This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument.
 2021-05-10 13:42:06 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
7033f1c1d8 The -g option may also be used with any group the target user belongs to. 
The description in the Runas_Spec section incorrectly stated that
the -g option could not be used if no runas group was set.  Bug #975.
 2021-05-07 13:42:40 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
3018c1cd2d Build python plugin for RHEL 6 as well. 2021-05-06 18:59:51 -06:00