isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,322 Commits 1 Branch 0 Tags
978aa90021c439235a504b2405d0d6ca2cb15c1c
Commit Graph

12322 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
b81c5e8dac Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). 
We want it to execute in the main sudo process, not the monitor.
 2023-03-24 11:01:58 -06:00
Todd C. Miller
11739e3def Make ttyblock private to exec_iolog.c 2023-03-24 10:58:49 -06:00
Todd C. Miller
3303dd98c0 exec_pty.c: move foreground flag to struct exec_closure. 
Also make pipeline flag private to exec_pty() and remove the unneeded
check_foreground() prototype.
 2023-03-23 19:35:57 -06:00
Todd C. Miller
51cdb194b8 On resume, always sync the pty terminal settings with /dev/tty. 
Changes made to the terminal settings while the command is suspended
are now reflected in the pty when the command is resumed.  This is
more consistent with the non-pty behavior and allows for the removal
of the "tty_initialized" global.  One downside to this change is
that if a terminal-based program using the pty is stopped with
SIGSTOP it may have the wrong terminal settings on resume.
However, this is no different from the non-pty case.
 2023-03-23 10:39:28 -06:00
Todd C. Miller
3e734fa51b Correct a comment. 2023-03-23 08:20:48 -06:00
Todd C. Miller
2a5d8bfea1 GitHub sponsor settings. 2023-03-22 19:26:07 -06:00
Todd C. Miller
f0f5e1b5bc Use built-in tests for bit types instead of using AC_CHECK_TYPES. 
This should be more portable as it handles the quirks of some older
systems.
 2023-03-22 15:37:12 -06:00
Todd C. Miller
a17491972b Quiet compiler warnings on systems where pid_t is not an int. 
Historically, pid_t was a long on some 32-bit systems like Solaris.
 2023-03-22 14:48:49 -06:00
Todd C. Miller
775059156f Silence "used uninitialized" false positives with older gcc versions. 2023-03-22 13:52:43 -06:00
Todd C. Miller
9d55ae892f exec_pty: always copy the terminal settings from /dev/tty the pty. 
Previously, we only did this when running in the foreground but
this can cause problems when running a program that reads the
terminal settings or window size in the background.  If sudo is
running in the background, the terminal settings will be updated
if it transitions to the foreground process.
Based on a suggestion from From Duncan Overbruck.
 2023-03-22 12:44:41 -06:00
Todd C. Miller
98ec786b44 check_foreground: use SFD_LEADER not SFD_FOLLOWER (which was closed). 
Also use SFD_LEADER for sudo_term_copy() in exec_pty() for consistency.
From Duncan Overbruck.
 2023-03-22 11:21:15 -06:00
Todd C. Miller
acbe617fb4 suspend_sudo_pty: fix cut & pasto in last commit to catch SIGCONT. 
Also set sa.sa_handler to SIG_DFL instead of SIG_IGN.  There is no
difference for SIGCONT but it means we can re-use sa as-is later.
 2023-03-22 08:26:36 -06:00
Todd C. Miller
0fcbcaede0 Catch SIGCONT and restore terminal settings on resume from SIGSTOP. 
While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set
/dev/tty to raw mode when running in the foreground.  Ignore SIGCONT
in suspend_sudo_pty() so we don't call resume_terminal() twice.
 2023-03-21 19:11:31 -06:00
Todd C. Miller
1772fc7b66 Only convert a signal number to a name if we are going to use it. 
It is mostly used for debug logging.
 2023-03-21 15:50:39 -06:00
Todd C. Miller
adb84293ab Move updating of the window size back to the main sudo process. 
We can use the leader file descriptor with TIOCGWINSZ to set the
window size of the pty.  Thanks to Duncan Overbruck for the hint.
 2023-03-21 15:30:54 -06:00
Todd C. Miller
c64993a0b3 visudo: restore controlling terminal after running the editor. 
Otherwise, visudo will get SIGTTOU if it tries to write to the
terminal after the editor finishes.  Also avoid races by setting
the process group ID in both the parent and child, and grant the
controlling terminal in the parent, not the child.
 2023-03-21 09:22:53 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
738387aa4d Split push_include() into push_include() and push_includedir(). 
This moves the "isdir" function argument to the internal version.
 2023-03-20 13:01:02 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
1f19a6b72b Pass around const struct sudoers_parse_tree pointers where possible. 2023-03-17 13:31:36 -06:00
Todd C. Miller
70c533ec79 Move non-config-related macros to from sudo_ldap_conf.h to sudo_ldap.h. 2023-03-17 10:59:30 -06:00
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
f2f233336e Use LIBPROTOBUF_C and LIBUTIL variables and use them. 2023-03-16 13:48:29 -06:00
Todd C. Miller
14dd995b89 Remove now-unused sudo_timeval* macros. 2023-03-15 14:09:06 -06:00
Todd C. Miller
708cdc61ba nanosleep: clear remainder on successful completion 
Also switch to doing everything in terms of struct timespec except
for the actual select(2) call.
 2023-03-15 13:50:33 -06:00
Todd C. Miller
3f5e7df3cd Add lib dependencies for fuzzer and test targets. 2023-03-15 13:13:38 -06:00
Todd C. Miller
7683ba1b88 eventlog_free: free peeraddr 2023-03-15 11:38:42 -06:00
Todd C. Miller
b965d222d8 sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. 
We already check for a NULL value above so "str == NULL" is always
false.  Found by PVS-Studio.
 2023-03-15 10:06:04 -06:00
Todd C. Miller
027b42d5a6 Fix static compilation. 2023-03-14 13:27:45 -06:00
Todd C. Miller
33cb885cf6 Replace eventlog_json.h with parse_json.h. 2023-03-14 13:09:43 -06:00
Todd C. Miller
1b3991b717 Add tests for JSON and sudo-style log output. 2023-03-13 19:42:54 -06:00
Todd C. Miller
0f46ffa9f1 Add support for parsing all fields of struct eventlog. 2023-03-14 11:24:02 -06:00
Todd C. Miller
d8e6396c55 Declare domain even if the system lacks innetgr(). 
Fixes a build error on musl-based systems like Alpine.
 2023-03-13 15:21:38 -06:00
Todd C. Miller
918af413f3 Add missing definition of $(SED). 2023-03-13 15:03:58 -06:00
Todd C. Miller
86ab362fd4 Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la 
It will be used in the upcoming log output tests.
 2023-03-13 15:02:03 -06:00
Todd C. Miller
12648b4e0a Add missing " ; " separator between environment variables and command. 
This is a regression introduced in sudo 1.9.13.
GitHub issue #254.
 2023-03-13 08:04:32 -06:00
Todd C. Miller
24f04c8cb3 Add example to verify support for searching by nisNetgroupTriple. 2023-03-12 12:04:47 -06:00
Todd C. Miller
34933ef9d0 Remove unused sudoers_gc_init() function. 2023-03-11 08:06:54 -07:00
Todd C. Miller
916d8b47c1 Sudo now does its own netgroup lookups if NETGROUP_BASE is set. 
Previously, it only performed netgroup queries to determine the
list of netgroups a user was a member of.
 2023-03-10 19:19:23 -07:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
c09aabecdc Plugin a memory leak in intercept mode. 2023-03-10 15:00:20 -07:00
Todd C. Miller
d5a7844423 Sync non-intercept version of intercept_cleanup() declaration. 2023-03-10 14:01:07 -07:00
Todd C. Miller
33c385a78e Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. 2023-03-10 13:45:53 -07:00
Todd C. Miller
c61306e583 Plug a memory leak with ptrace-based intercept. 2023-03-10 13:32:56 -07:00
Todd C. Miller
31dad6b179 Plug memory leak when log_subcmds is enabled. 2023-03-10 13:18:02 -07:00
Todd C. Miller
cb7b1dd89c Pass closure to callback, not the callback pointer itself. 2023-03-10 11:19:37 -07:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation. 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
 2023-03-10 10:05:33 -07:00
Todd C. Miller
554df8d934 Move some functions from ldap.c to ldap_util.c. 
These will be used by the LDAP innetgr() implementation.
 2023-03-10 10:02:36 -07:00