Commit Graph

2449 Commits

Author SHA1 Message Date
Todd C. Miller
9eeedb470f If the sudoreplay ID option is a fully-qualified path, use it directly.
Previously, one had to use the -d option to override the I/O log directory.
2019-08-27 13:40:38 -06:00
Todd C. Miller
91d508d408 regen 2019-08-27 09:07:06 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication.
This prevents the password and PAM prompts from being redirected.
Bug #895
2019-08-26 19:30:11 -06:00
Todd C. Miller
2087f6354c Use fputs(), not printf() for plain strings. 2019-08-20 12:43:40 -06:00
Todd C. Miller
a7cd4f0d48 Add user ID to the search filter when matching sudoUser.
We already support group IDs but the user ID was missing.
From sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7.
2019-08-20 10:33:51 -06:00
Todd C. Miller
37670a008b Fix parsing of double-quoted Defaults bindings that start with % or +.
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
2019-08-20 10:25:38 -06:00
Todd C. Miller
e99082e05b Fix special handling of ipa_hostname that was lost in sudo 1.8.24.
We now include the long and short hostname in sudo parser container.
2019-08-15 14:20:12 -06:00
Todd C. Miller
b4bef30d31 Remove unused include file. 2019-08-14 15:09:39 -06:00
Todd C. Miller
7a7f02a7ec Asturian translation for sudoers from translationproject.org. 2019-08-05 16:38:41 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file.
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
2019-08-05 16:30:58 -06:00
Todd C. Miller
aa200cda6a Replace non-essential strncpy() calls. 2019-07-30 11:37:26 -06:00
Todd C. Miller
7117948421 Updated translations from translationproject.org 2019-07-23 08:16:22 -06:00
Todd C. Miller
5e424640b9 Use strftime(3) instead of formatting struct tm by hand.
Fixes a warning on newer versions of gcc.
2019-07-19 20:14:44 -06:00
Todd C. Miller
a7137a5225 If the command in sudoers does not exist on the file system, match by name.
We still want to match the command even if it doesn't exist so that the
NOPASSWD flag on sudoers entries with non-existant paths works as expected.
Bug #888.
2019-07-19 13:51:23 -06:00
Todd C. Miller
3c825e298d regen 2019-07-19 10:42:50 -06:00
Todd C. Miller
c49760e55d Simpler change to retry sudo_secure_file() as root as needed. 2019-07-14 19:37:33 -06:00
Todd C. Miller
cecf69ff3c If we are unable to stat() sudoers as non-root, try again as root.
By default, sudo relies soley on group permissions to read sudoers
to make it possible to store sudoers on NFS.  However, if /etc/sudoers
is not accessible to non-root uids for some reason, sudo will fail.
Bug #880.
2019-07-14 18:51:50 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t.
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
2019-06-25 09:45:10 -06:00
Todd C. Miller
29223d7f64 In tty_present(), check for /dev/tty if sudo was unable to get the tty name.
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from the kernel (missing /proc?) that is OK.
2019-06-19 20:32:22 -06:00
Todd C. Miller
12c29e91bd Use the runhost for "User foo is not allowed to run sudo on bar."
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host specified via -h.
2019-05-29 15:26:57 -06:00
Todd C. Miller
dae484213e Allow the user to change their password if expired on AIX.
Bug #883
2019-05-27 06:35:48 -06:00
Todd C. Miller
07ed5b86f2 When using AIX auth, don't display the AIX password incorrect message.
Avoids a "3004-300 You entered an invalid login name or password"
message in addition to sudo's own "Sorry, try again" message.
2019-05-26 16:29:08 -06:00
Todd C. Miller
e28ba02c78 Fix a typo. 2019-05-22 08:58:51 -06:00
Todd C. Miller
30a5ee9c5d Remove second catopen() which is never called. 2019-05-06 10:04:07 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
96ac6adae5 Filter out last login messages on HP-UX unless running a shell.
HP-UX in trusted mode will display last login messages as part of
the PAM account management module by libpam_comsec.  There is no
way to suppress these messages from the PAM configuration in trusted
mode so we need to filter them in the conversation function.  In
regular mode, similar (but different) messages may be produced by
libpam_hpsec.
2019-04-28 07:26:45 -06:00
Todd C. Miller
aa0146d68d Keep debug fds open in send_mail() to aid in debugging.
Adds closefrom_nodebug() which acts like closefrom(3) but doesn't
close debug fds for use by send_mail().
Also moves the code to exec the mailer to its own function.
2019-04-20 17:28:45 -06:00
Todd C. Miller
9048ee6c48 Set def_mailerflags even if sendmail was not found at configure time.
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
2019-04-19 10:14:10 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
f0910c01da Restrict the PAM_TTY kludge to Solaris and Linux-PAM.
Setting PAM_TTY to the empty string causes problems with some modules
on HP-UX so restrict it to systems where it is fixes known issues.
2019-04-08 08:50:03 -06:00
Todd C. Miller
194968eaf0 Plug a memory leak on user/group lookup failure found by ASAN. 2019-03-14 11:31:05 -06:00
Todd C. Miller
e31ac5a998 Fix test failure when run by a user other than the file owner. 2019-03-08 09:07:20 -07:00
Todd C. Miller
28b0bff4f3 Updated translations from translationproject.org 2019-03-08 08:36:01 -07:00
Todd C. Miller
0c31cf15fe Test cvtsudoers stdout and stderr separately.
Fixes a test failure on systems with musl libc.  Bug #873
2019-03-08 06:58:30 -07:00
Todd C. Miller
0766e0c647 Better comment about EOVERFLOW and pstat_getproc().
Also remove some useless casts.
2019-03-06 20:15:11 -07:00
Todd C. Miller
ea3ede690f Ignore carriage return before a linefeed.
This allows sudo to parse files with DOS-style line endings.
2019-03-03 14:41:59 -07:00
Todd C. Miller
e1205f08d6 Add simple API for to allow reading environment data from different sources.
Currently, this is used to read a file like /etc/environment.
2019-02-20 17:05:02 -07:00
Todd C. Miller
f3344b5881 Fix pasto; the unrestricted env file was read when we want the restricted one. 2019-02-19 11:03:02 -07:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
36d4373403 Split command match code out into match_command.c.
Also remove unused SUDOERS_NAME_MATCH code.
2019-02-18 11:35:52 -07:00
Todd C. Miller
cf2bfbcd3f Split out digest matching into its own file. 2019-02-17 08:21:13 -07:00
Todd C. Miller
a04409747c Split out digest matching into its own file. 2019-02-17 06:47:37 -07:00
Todd C. Miller
1e6e048180 Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK.
Fixes a namespace collision on Solaris when bison is used.
2019-02-12 12:02:02 -07:00
Todd C. Miller
bc25915050 Add stub definition of digest_matches() for SUDOERS_NAME_MATCH 2019-02-06 13:12:33 -07:00
Todd C. Miller
694999487b No longer need to include sudo_lbuf.h 2019-02-06 10:25:52 -07:00
Todd C. Miller
6dceca47cc Use SET macro instead of bitwise OR. 2019-02-05 16:47:08 -07:00
Todd C. Miller
c92f80b79e In sudo_make_grlist_item() the calculation of total did not include
space for pointers to the group names.
2019-02-05 16:46:30 -07:00
Todd C. Miller
4f74fe3a8e Use correct debug_decl() names. 2019-02-05 14:29:39 -07:00