isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,387 Commits 1 Branch 0 Tags
9bb91cb64b5e3f470d03992deb006ea51115edab
Commit Graph

137 Commits

Author SHA1 Message Date
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
d72a48dc78 Add NOMATCH token and use it in the lexer for an unmatched pattern. 
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error.  This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
 2020-08-16 06:42:15 -06:00
Todd C. Miller
8a97150f56 Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' 
This results in better error messages when there is a parse error
 2020-08-10 13:59:31 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
91cc68d7fd Keep track of the position of the current token for error messages. 2020-08-07 14:13:25 -06:00
Todd C. Miller
99f43f8a00 Store the current line in our own buffer for better error messages. 2020-08-06 21:16:35 -06:00
Todd C. Miller
2a58b19f96 Add workaround for yyless() not resetting yy_at_bol. 2020-08-05 09:13:09 -06:00
Todd C. Miller
838255bb80 Replace /*FALLTHROUGH*/ in generated code. 2020-08-02 06:42:57 -06:00
Todd C. Miller
741c6f274e Add support for @include and @includedir 
These are less confusing than #include and #includedir when the
hash character is also the comment character.

This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously.  As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
 2020-05-20 13:10:53 -06:00
Todd C. Miller
a41d7b545a Fix a memory leak on error when including a file or directory. 2020-05-19 10:09:34 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
d2314acae8 Don't require a newline at the end of include or includedir directives. 2020-02-14 14:06:45 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
37670a008b Fix parsing of double-quoted Defaults bindings that start with % or +. 
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
 2019-08-20 10:25:38 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
ea3ede690f Ignore carriage return before a linefeed. 
This allows sudo to parse files with DOS-style line endings.
 2019-03-03 14:41:59 -07:00
Todd C. Miller
1e6e048180 Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. 
Fixes a namespace collision on Solaris when bison is used.
 2019-02-12 12:02:02 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
a9fd783f20 Fix up #line entries that reference lex.sudoers.c. 2018-10-16 10:31:43 -06:00
Todd C. Miller
1ad2290a27 Quiet a clang analyzer warning. It should not be possible for 
pop_include() to be called when YY_CURRENT_BUFFER is NULL.
 2018-05-28 08:30:57 -06:00
Todd C. Miller
154a5f59a9 Move digest code into libutil 2018-05-24 21:04:07 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
359cacc40f Fix for including a sudoers file that begins with the letter 'i'. 
The hack to determine whether we are parsing an include or includedir
is no longer safe now that relative include paths are permitted.
Bug #776.
 2017-02-13 13:38:24 -07:00
Todd C. Miller
90995c0acf Add simple reference-counted string allocator and use it for passing 
around references to the sudoers path.  This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
 2016-11-11 16:18:27 -07:00
Todd C. Miller
19c80f8aee Ignore a missing or insecure #includedir, it is not a fatal error. 2016-07-03 06:19:43 -06:00
Todd C. Miller
026b403f27 Make sure we always call sudoerserror() on error in read_dir_files(), 
otherwise sudo will not treat it as a fatal error.
 2016-07-03 06:16:19 -06:00
Todd C. Miller
fc517ba9f8 Back out cfa26b99228f, it was already fixed differently. 
Caught by regress checks.
 2016-06-01 12:38:53 -06:00
Todd C. Miller
6c3c03ea26 Allow double-quoted groups and netgroups to be part of a Defaults spec. 
From Daniel Kopecek.
 2016-05-31 13:50:38 -06:00
Todd C. Miller
90e6bf3180 Use yy_size_t for digest_len since newer flex uses yy_size_t for 
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.
 2015-11-22 09:19:12 -07:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
108bfb7af3 Add missing warnings for memory allocation failure. 
Add function name to memory allocation warnings.
 2015-07-14 14:50:36 -06:00
Todd C. Miller
d77941c2be We require POSIX so no need to conditionally include dirent.h. 
Add a check for d_namlen and use the result in the NAMLEN macro.
 2015-07-02 09:24:48 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
a50555faa2 Remove support for the obsolete malloc.h header. 2015-06-18 20:30:59 -06:00
Todd C. Miller
4da9e10971 Use non-exiting allocators in the parser (much of it already did). 2015-05-27 10:36:03 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
c75eb5bf0d Use reallocarray where possible. 2015-05-14 10:21:58 -06:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00