Todd C. Miller
9c3eb2feca
Add missing print_member_list_csv() return value check.
2023-12-01 15:14:59 -07:00
Todd C. Miller
79ed29c4a3
Check sudoers_debug_register() return value.
2023-12-01 15:00:08 -07:00
Todd C. Miller
77700a4b7a
Add cmddenial_message to def_data.in
2023-11-28 15:19:24 -07:00
THE-Spellchecker
5eba4b48cf
Typographical and Grammatical fixes
2023-11-28 15:00:04 -07:00
Guillaume Destuynder
a4cbfecdae
Add support for a custom message when the command execution is denied.
2023-11-28 14:19:26 -07:00
Todd C. Miller
522f1b634f
tsdump: quiet compiler warnings on some platforms.
...
Quiet a -Wshadow warning from gcc.
Cast major() and minor() to unsigned int when printing.
2023-11-26 09:27:46 -07:00
Todd C. Miller
288593875d
tsdump: display both the terminal path and device number.
...
If no terminal device can be found, print "major, minor" device
numbers instead.
2023-11-26 09:07:25 -07:00
Todd C. Miller
66c9a636d1
Build tsdump by default so it does not suffer bit rot.
2023-11-26 08:45:43 -07:00
Todd C. Miller
5ff6f49653
tsdump: update to use a uid-based path by default
...
This matches the changes in sudo 1.9.15 to the sudoers policy module.
2023-11-26 08:21:05 -07:00
Todd C. Miller
ce74f50b44
Update for plugin version 1.22.
2023-11-25 18:51:28 -07:00
Todd C. Miller
a85494b5c4
Add ttydev to sudoers_user_context and use for timestamp file.
...
GitHub issue #329
2023-11-25 16:26:45 -07:00
Todd C. Miller
b9275b7eab
Rename submit_time -> event_time in struct eventlog.
2023-11-23 09:08:04 -05:00
Todd C. Miller
0e53d5fddf
We can use evlog.submit_time in the call to eventlog_alert().
...
This is set to the current wallclock time by sudoers_to_eventlog().
2023-11-23 09:08:04 -05:00
Todd C. Miller
39ea3176c1
Replace submit_time in struct sudoers_context with start_time.
...
We need to track the (monotonic) command start time to be able to
generate an accurate run time. Instead of setting submit time when
the policy initializes (and using that time for logging purposes),
set evlog->submit_time to the current wallclock time when we need
to perform logging. This is more consistent with how sudo logging
was performed in the past. Fixes GitHub issues #327 .
2023-11-23 09:08:04 -05:00
Todd C. Miller
432b085558
log_server_open: always pass in awake time, not wallclock time.
...
The timespec passed to log_server_open() should be from
sudo_gettime_awake() since it is used to build the command run time.
2023-11-23 09:08:04 -05:00
Todd C. Miller
6965e1b0aa
log_server_alert: use fmt_alert_message not fmt_reject_message
...
Only affects intercepted commands.
2023-11-23 09:08:04 -05:00
Todd C. Miller
13dec64f3d
log_server_alert: struct timespec argument was not actually used
...
The struct timespec argument is used to initialize the command
start time, which is not used for an alert message.
2023-11-23 09:08:04 -05:00
Todd C. Miller
47a43c5404
cvtsudoers_csv.c: remove most sudo_fatal() calls.
...
Errors are now propagated up the call stack.
2023-11-11 10:22:14 -07:00
Todd C. Miller
dd5f7a4505
No need for sudo_fatalx() here, just pass back an error.
2023-11-11 08:31:23 -07:00
Todd C. Miller
2c06aa321b
cvtsudoers_ldif: display warning on write error
2023-11-11 08:19:19 -07:00
Todd C. Miller
7e4632691b
cvtsudoers_merge.c: remove sudo_fatal() calls.
...
Errors are now propagated up the call stack.
2023-11-11 08:15:06 -07:00
Todd C. Miller
8cfd4467f4
Make new_member() return NULL on failure and adjust callers.
2023-11-10 16:53:57 -07:00
Todd C. Miller
564d8ac01d
Pass return values back instead of using sudo_fatal().
2023-11-10 14:05:35 -07:00
Todd C. Miller
d28884b1c7
Add printf_attribute_ldif() to printf-format an LDIF attribute.
...
This replaces multiple sequences of asprintf() and print_attribute_ldif().
2023-11-10 13:34:13 -07:00
Todd C. Miller
12e55dcd78
cvtsudoers_json.c: check sudo_json_* return values.
...
Previously, we set memfatal to true in sudo_json_init() instead.
This also gets rid of a number of sudo_fatalx() calls.
2023-11-09 17:12:56 -07:00
Todd C. Miller
1a68935ae3
add_timestamp: check sudo_json_* return values.
2023-11-09 17:12:55 -07:00
Todd C. Miller
a2998a6701
alias_apply: change return type to bool
...
We can use the rbapply() return value to detect failure.
2023-11-09 15:31:26 -07:00
Todd C. Miller
e0d912d1db
Use C99 designated struct initializers.
...
This is less error-prone and would have avoided GitHub issue #325 .
2023-11-07 14:47:48 -07:00
Todd C. Miller
87c193f3f9
Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER.
...
Fixes GitHub issue #325 , a bug introduced in sudo 1.9.15.
2023-11-07 13:38:30 -07:00
Todd C. Miller
24351bdadc
sudo_set_grlist and sudo_set_gidlist: set auth registry based on username
...
Previously we used the global registry but since we have the user's
passwd info we should use that when storing the group and gid lists.
2023-11-03 10:30:56 -06:00
Todd C. Miller
2ffcda8e15
role_to_sudoers: only try to reuse a privilege if one is present
2023-11-02 14:42:42 -06:00
Todd C. Miller
1a11be4d9f
store_plugin: avoid potential NULL deref in boolean context
...
Coverity CID 330466
2023-11-02 14:26:44 -06:00
Todd C. Miller
4833ac0f01
Avoid passing sudo_term_is_raw() -1 for the fd.
...
Coverity CID 330472
Coverity CID 330468
2023-11-02 14:17:51 -06:00
Todd C. Miller
886f1414eb
Move the check for running setid commands in intercept mode to later.
...
Checking for setid commands in intercept mode after command matching
allows us to log a proper error message. Previously, we simply
ignored setid commands when matching and the only indication of why
was in the debug logs.
2023-11-02 13:44:17 -06:00
Todd C. Miller
45e3c0dd17
timestamp_open: add some debugging
2023-11-02 09:10:49 -06:00
Todd C. Miller
3297ffa267
sudo_sia_begin_session: add missing struct sudoers_context * arg.
2023-10-31 10:26:57 -06:00
Todd C. Miller
747114f331
verify_krb_v5_tgt: auth name must be const to match struct sudo_auth.
2023-10-31 10:13:19 -06:00
Todd C. Miller
145faa3fe9
Updated translations from translationproject.org
2023-10-30 16:25:36 -06:00
Renato Botelho
75e829b740
Add missing sudoers_context to verify_krb_v5_tgt()
...
Commit 2440174954
2023-10-31 07:50:45 -06:00
Todd C. Miller
bf722e18b7
Updated translations from translationproject.org
2023-10-23 07:52:36 -06:00
Todd C. Miller
392ae0f030
Avoid a double-free in fuzz_policy caused by the early env_init(NULL).
...
This adds an env_free() function to explicitly free both the old
and new copies of the environment. It is really only needed by
fuzz_policy, which calls the policy module multiple times.
2023-10-22 09:56:16 -06:00
Todd C. Miller
3bbc7c8f85
Store submitenv in eventlog and pass it to sudo_logsrvd.
2023-10-22 08:36:44 -06:00
Todd C. Miller
726b646b48
struct eventlog: rename argv/env to runargv/runenv.
...
This matches the JSON logs.
2023-10-21 19:15:46 -06:00
Todd C. Miller
c7a61a9438
struct sudoers_user_context: rename env_vars to env_add
2023-10-21 19:15:45 -06:00
Todd C. Miller
2b87749f8f
Only log the run environment for commands that are allowed.
...
It may not be available otherwise and unless the command is being
run it has no real meaning.
2023-10-21 19:15:44 -06:00
Todd C. Miller
077826292c
Free the private copy of the environment in sudoers_check_cmnd().
...
This reverts 5118eb5797fb, which had the side-effect of the PAM
session code running with the run environment instead of the invoking
user's environment. Issue #318
2023-10-21 19:15:42 -06:00
Todd C. Miller
29f7967420
Update .pot files for 1.9.15
2023-10-19 10:03:50 -06:00
Todd C. Miller
e3edd7a09a
Add example for disabling intercept/log_subcmds for certain commands.
2023-10-18 17:35:40 -06:00
Todd C. Miller
385d506d35
tsdump: fix compiler warnings
2023-10-18 10:02:16 -06:00
Todd C. Miller
14d514e5ac
Avoid using %zu or %zd with printf() and fprintf().
...
This prevents problems on systems where the system printf(3) is not
C99-compliant. We use our own snprintf() on such systems so that
is safe.
2023-10-17 20:14:53 -06:00
