isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,387 Commits 1 Branch 0 Tags
9bb91cb64b5e3f470d03992deb006ea51115edab
Commit Graph

2813 Commits

Author SHA1 Message Date
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
fb8ed8ba66 Use angle quotes when including gram.h and def_data.c. 
Otherwise, we can include the wrong file when doing an out-of-source
build when configured using --with-devel.
 2020-08-12 10:28:33 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
8a97150f56 Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' 
This results in better error messages when there is a parse error
 2020-08-10 13:59:31 -06:00
Todd C. Miller
6702f4ac4e Some minor cleanup. 
Use ntuples instead of tuple_last
Strip leading and trailing double quotes using a single gsub()
ntuples will never be zero so don't bother checking
No need to explicitly close files in END
 2020-08-10 13:30:10 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
5f5f28ac7c Require that a @include line end with a newline or EOF. 
We now parse the entire line before reading the include file.  This
is less surprising behavior and results in better error messages.
 2020-08-07 14:22:24 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
7c342e5862 Let the sudoers parser recover after a parse error. 
We currently just discard the line with the error.
 2020-08-07 14:20:21 -06:00
Todd C. Miller
91cc68d7fd Keep track of the position of the current token for error messages. 2020-08-07 14:13:25 -06:00
Todd C. Miller
99f43f8a00 Store the current line in our own buffer for better error messages. 2020-08-06 21:16:35 -06:00
Todd C. Miller
03816d020b Sync sample_approval.exp with sample_approval.c 2020-08-06 21:16:35 -06:00
Todd C. Miller
a8bfeba581 regen 2020-08-06 21:16:35 -06:00
Todd C. Miller
2a58b19f96 Add workaround for yyless() not resetting yy_at_bol. 2020-08-05 09:13:09 -06:00
Todd C. Miller
38e28dcbf5 Rename python_plugin.exp.in -> python_plugin.exp 
There is nothing dynamic in this file.
 2020-08-03 10:15:28 -06:00
Todd C. Miller
3b4d4ab8dd Add missing python_plugin.exp.in file and remove unneeded __dso_public 
This fixes building the python plugin on systems where the compiler
doesn't support symbol hiding (but wherethe linker does).
 2020-08-03 09:53:12 -06:00
Todd C. Miller
974f833e17 Use "foo in bar" syntax for testing existence of a key. 2020-08-02 06:43:35 -06:00
Todd C. Miller
838255bb80 Replace /*FALLTHROUGH*/ in generated code. 2020-08-02 06:42:57 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
20fd3b6363 Rewrite mkdefaults in awk. 2020-07-30 13:12:29 -06:00
Todd C. Miller
bcf96c153f Updated translations from translationproject.org 2020-07-19 11:32:42 -06:00
Todd C. Miller
ac00a07018 Initialize sudo_conv and sudo_printf in sudoers_audit_open(). 
We will need them if there is an error parsing sudoers and leaving
them unset can result in NULL deref.  Also set the text domain to
"sudoers" like we do for the policy and I/O logging open functions.
Bug #934.
 2020-07-12 10:13:53 -06:00
Todd C. Miller
1e4ce8525a Updated translations from translationproject.org 2020-07-11 09:19:41 -06:00
Todd C. Miller
b9ad3704d7 Export sudoers_audit symbol for compilers without symbol visibility. 2020-07-06 13:28:21 -06:00
Todd C. Miller
e9a39c149a Add some debugging statements around Defaults lookup. 2020-07-06 09:03:15 -06:00
Todd C. Miller
660738139b Replace #includedir with @includedir in default sudoers file. 2020-07-06 08:45:04 -06:00
Todd C. Miller
820d6ae207 regen without `scare quotes' 2020-06-24 05:40:42 -06:00
Todd C. Miller
df49897bd0 Replace or remove use of `scare quotes' 
These don't translate well and look odd in many fonts.
 2020-06-24 05:40:18 -06:00
Todd C. Miller
65edf6344d regen to fix a typo 2020-06-18 15:23:30 -06:00
Todd C. Miller
88393fc96f Updated translations from translationproject.org 2020-06-18 07:13:05 -06:00
Todd C. Miller
f093cb2e52 Replace terms master and blacklist in docs and examples. 2020-06-15 14:38:46 -06:00
Todd C. Miller
7f96e4537c Updated translations from translationproject.org 2020-06-11 15:19:31 -06:00
Todd C. Miller
d003da33dd Romanian translation from translationproject.org. 2020-06-11 15:15:58 -06:00
Todd C. Miller
852d8c7953 Fix a typo in the audit string when "sudo -E" is not allowed. 2020-06-07 08:37:32 -06:00
Todd C. Miller
3e12b99eed Check asprintf() return value. 2020-06-06 19:13:21 -06:00
Todd C. Miller
d4e92164f5 regen for sudo 1.9.1 2020-06-05 10:26:31 -06:00
Todd C. Miller
f047377a07 Add basic support for reject and error audit events to sudoers. 
This is only used when logging events from plugins other than sudoers,
such as an approval plugin.  With this change, if an approval
plugin rejects the command the denial will be logged in the
sudoers log file using the message from the approval plugin.
 2020-06-04 14:41:35 -06:00
Todd C. Miller
15d93a1ca7 Fix Solaris and BSM audit warnings. 
Use BSM audit on Illumos, which lacks Solaris audit.
 2020-06-04 14:41:28 -06:00
Todd C. Miller
a5a7215936 Track whether the session was opened in sudoers. 
In sudoers_policy_close() only warn about being unable to run the
command if we actually opened the session (and thus passed all
approval plugins).
 2020-06-04 13:34:20 -06:00
Todd C. Miller
49e43f580c Avoid passing NULL to printf in match debug code for LDAP/SSSD. 
The file name in struct userspec was not set for the LDAP and SSSD
backends.  There is no actual file in this case so set the name to
LDAP/SSSD.  Also add a guard to make sure we don't try to print
NULL in sudoers_lookup_check() if name is left unset.
 2020-06-04 11:31:12 -06:00
Todd C. Miller
b40551dc32 Add missing const to linux_audit_command()'s argv function argument. 2020-06-03 20:22:25 -06:00
Todd C. Miller
73c1b04306 When converting LDAP to sudoers, ignore entries with no sudoHost attribute. 
Otherwise, sudo_ldap_role_to_priv() will treat a NULL host list as
as the "ALL" wildcard.  This regression was introduced in sudo 1.8.23,
which was the first version to convert LDAP sudoRole objects to
sudoers internal data structures.
Thanks to Andreas Mueller for reporting and debugging this problem.
 2020-06-03 20:12:04 -06:00
Todd C. Miller
b519481912 Defer logging of the successful command until approval plugins have run. 
This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.
 2020-06-02 09:07:46 -06:00
Todd C. Miller
f0dc48548c Add support for "accept" audit events sent by the sudo front-end. 
With this change, the sudo front-end will send an "accept" audit
event to the audit plugins after all the I/O logging plugins have
been initialized.  This can be used by an audit plugin that does
not care about the result of the individual policy and approval
plugins and only wants to receive a single "accept" event if all
policy and approval plugins have succeeded.  The plugin_type argument
for events sent by the front-end is SUDO_FRONT_END (0).
 2020-06-02 09:07:44 -06:00
Todd C. Miller
51dc8ad83c Add missing stdlib.h include and fix solaris_audit_failure() error return. 2020-06-01 12:52:00 -06:00