isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,111 Commits 1 Branch 0 Tags
99129ba41fc1f77497c46216cec05ca2f9f5db2f
Commit Graph

2687 Commits

Author SHA1 Message Date
Todd C. Miller
af4eb80dfb Fix typo 2020-04-17 15:37:41 -06:00
Todd C. Miller
132b943a2d Only display error string once on I/O error. 
We already include the error string in the format so no need to use
errno too.
 2020-04-17 15:36:45 -06:00
Todd C. Miller
ae7bb12335 Free passwd and group caches in I/O plugin after log_warning(), not before. 
The logging functions may try to use the cache via set_perms(PERM_ROOT).
 2020-04-17 15:07:25 -06:00
Todd C. Miller
75b9a26a37 If the signal.Signals enum is not present, search the dictionary. 
The Signals enum was added in Python 3.5.  If it is not present we
need to iterate over the dictionary items, looking for signal name
to number mappings.  Fixes the signal tests with Python 3.4.
 2020-04-09 10:49:59 -06:00
Todd C. Miller
57cef10ce9 Python dictionaries are sparse so we cannot use pos as an index. 
When converting sudo options from a dictionary to a tuple we need
to track the current index into the tuple separately from the
position of the dictionary entry.
 2020-04-09 08:34:29 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug. 
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
 2020-04-08 09:26:41 -06:00
Todd C. Miller
6a2b5fd82f Handle dependencies for .h files in the same directory as the source. 
Fixes missing header dependencies for the sudoers and python plugins.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
5b488f313c Increase the maximum delay again for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21 Make most python tests pass with Python 3.4 
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569 Use regex to match __init__.py instead of hacking it in verify_log_lines() 2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a Use regular expressions when matching expected and actual text. 2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f Sort the list of possible plugins before printing it. 
This gives more reproducible error messages for the tests.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336 Avoid using typing annotations so tests run with Python 3.4. 2020-04-07 14:03:58 -06:00
Todd C. Miller
e31e0c4d3f Don't pass a NULL submitcwd or ttyname value to the server. 
It is possible for the cwd and/or tty to be missing.  If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
 2020-04-06 07:18:58 -06:00
Todd C. Miller
93f5e1be36 Fall back to using Py_Finalize() for Python version < 3.6 2020-04-06 07:05:20 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND. 
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
 2020-04-02 13:01:58 -06:00
Todd C. Miller
9b8cb1a57a Do not try to delete creds we did not set. 
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
 2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup. 
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
 2020-04-01 14:41:38 -06:00
Todd C. Miller
5e95c24d81 Increase the maximum delay for slower systems. 
Otherwise we may get a spurious test failure.
 2020-04-01 10:23:50 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
5b1de6cfc8 Updated translations from translationproject.org 2020-03-29 05:05:09 -06:00
Todd C. Miller
0f0d03a575 Update sudoers.pot with json parser warnings. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
f24dacdee2 Create files for check_iolog_plugin in the build dir, not src dir. 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present. 
The JSON version includes more information than the original "log"
file in the I/O log dir.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
390ace9253 Only set errstr for plugin API version 1.15 and above. 2020-03-16 14:26:56 -06:00
Todd C. Miller
7ace49a333 regen 2020-03-12 17:39:56 -06:00
Todd C. Miller
a23048bbb2 Avoid using sprintf(), vsprintf(), strcat(), and strncat(). 
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
 2020-03-11 19:46:07 -06:00
Todd C. Miller
1015b493b0 Work around two Coverity false positives; CID 208813 208815 2020-03-11 19:30:00 -06:00
Todd C. Miller
ec78f06890 Don't hard-code path to logging/__init__.py or line numbers. 
Allows python plugin tests to success on versions other than 3.7.
 2020-03-11 17:18:10 -06:00
Todd C. Miller
277b297ae0 Fix typo introduced on systems with O_PATH or O_EXEC 2020-03-11 15:42:46 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
3edd30a27d A struct member of type ALL should have its name field set to NULL. 2020-03-11 11:17:52 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Todd C. Miller
bf2bc931ab Revert change to initialize io_operations earlier. 
Instead, check io_operations.open for NULL which is the case for
"sudo -V".  Also move the early return in sudoers_io_open() for
"sudo -V" until after we have initialized debugging.
 2020-03-01 13:36:54 -07:00
Todd C. Miller
f590f81b3c Initialize io_operations earlier. 2020-02-28 07:03:15 -07:00
Robert Manner
6c9515496d plugins/python/regress: add a test and example of using the python logger 2020-02-28 05:46:54 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Todd C. Miller
34972e834f Mark up some remaining TODOs 2020-02-27 14:11:54 -07:00
Todd C. Miller
de9a143a3e Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ 2020-02-27 14:10:53 -07:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Robert Manner
9cc46f115d plugins/python/regress: update tests for show_version changes 
- plugin->show_version is not marked NULL any more.
- if verbose, it also displays which python class was loaded from which file
 2020-02-26 13:15:52 -07:00
Robert Manner
f387cdf53f plugins/python: make show_version display the plugin in verbose mode 
Before it only displayed the plugin version, now it also displays
which python plugin is loaded to be more useful.
 2020-02-26 13:15:52 -07:00