isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,572 Commits 1 Branch 0 Tags
9eeedb470f03f7753d202aa5fe54df5d10c0691c
Commit Graph

9572 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
23006c72c7 Sudo plugin manual updates and clarification from Guillem Jover: 
- Add missing return information for show_version().
- Fix prototypes for several function pointers.
- Update SUDO_API_VERSION_MINOR.
- Add missing references to log_suspend() and change_winsize().
- Add missing "array.".
- Clarify that argc can be zero on sudo -V.
- Clarify size requirements for conversation array arguments.
- Clarify timeout zero value for struct sudo_conv_message.
- Clarify initial and final state of reply in struct sudo_conv_reply.
 2018-11-24 08:39:09 -07:00
Todd C. Miller
7c0019d2a5 Revert changes to give arguments to the .Bx macro. 
This is intended for things like .Bx 4.3 to generate "4.3BSD" so
the argument ends up before the BSD, not after.  Just go back to
using "BSD authentication" and "BSD login classes" so fixmdoc.sh
can operate correctly.  Bug #861
 2018-11-24 08:34:03 -07:00
Todd C. Miller
0679f4529c Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals. 
Bug #861
 2018-11-23 06:42:23 -07:00
Todd C. Miller
ecd9688818 Add support for utmps as found in HP-UX. 2018-11-18 07:45:43 -07:00
Todd C. Miller
716aa6e4ab Support st_nmtime in struct stat as found in HP-UX. 2018-11-14 13:37:46 -07:00
Todd C. Miller
7c5469264d If fcntl fails, fall back to the /proc implementation. 2018-11-14 13:37:45 -07:00
Todd C. Miller
4f5acff6eb Mention schema.olcSudo 2018-11-12 08:31:02 -07:00
Todd C. Miller
5f5d4a285c Mention schema.olcSudo here too. 2018-11-09 11:02:34 -07:00
Todd C. Miller
5e098a782d OpenLDAP schema file for Sudo in on-line configuration (OLC) format. 
From Frederic Pasteleurs.
 2018-11-09 10:38:49 -07:00
Todd C. Miller
d6c2c53688 Updated translations from translationproject.org 2018-11-09 10:15:35 -07:00
Todd C. Miller
537a2f9773 Only use closefrom_fallback() if no better method exists. 
The previous logic was too fragile.
 2018-11-08 15:17:39 -07:00
Todd C. Miller
733669ec38 Updated translations from translationproject.org 2018-11-07 11:21:05 -07:00
Todd C. Miller
cad10fbd2e Portuguese translation for sudo and sudoers from translationproject.org. 2018-11-07 11:20:27 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
c88b859853 typo 2018-10-29 09:23:25 -06:00
Todd C. Miller
9c2f4b8f19 regen 2018-10-29 08:32:36 -06:00
Todd C. Miller
9378808b3a More updates for 1.8.26 2018-10-29 06:19:59 -06:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
fb015fac1b Document that the target user's groups may be specified via the -g option. 2018-10-27 12:52:17 -06:00
Todd C. Miller
03c56db408 Include getpwent() version of sudo_getgrouplist2_v1() from getgrouplist.c 2018-10-27 12:10:43 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
ffe2041a02 Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). 
sudo_getgrouplist2() is just a wrapper on such systems and this
avoids a test failure on macOS where a user is automatically a
member of certain groups.
 2018-10-26 11:11:58 -06:00
Todd C. Miller
e22410ba64 Add missing exported symbol sudo_term_eof 2018-10-26 10:45:12 -06:00
Todd C. Miller
0597969301 Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT 
Fixes problems building on older LDAP sdks.
 2018-10-26 10:34:16 -06:00
Todd C. Miller
5eb0fbd076 add getgrouplist_test.c 2018-10-26 10:26:27 -06:00
Todd C. Miller
a3cb22b467 Check the user's primary gid from the passwd file too. 2018-10-26 10:24:38 -06:00
Todd C. Miller
06035f193e ignore prologue 2018-10-26 10:10:52 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
404524c4ef Add regress test for sudo_getgrouplist2(). 
This test assumes all the groups in root's group list can
be resolved by group ID.
 2018-10-26 06:52:46 -06:00
Todd C. Miller
50b581ec3d More changes in 1.8.26 2018-10-25 09:04:52 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
78d35de935 Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). 
Bug #857
 2018-10-25 07:17:31 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
56cff772eb Asturian translation for sudo from translationproject.org 2018-10-22 06:21:59 -06:00
Todd C. Miller
3710d5ba07 Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present 
on macOS.
 2018-10-21 15:24:33 -06:00
Todd C. Miller
4c82e18ac1 Add --enable-pvs-studio configure option to create PVS-Studio.cfg. 2018-10-21 08:46:09 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
45652e6d71 Simplify range checks. 
No need to check for ERANGE in the cases where we also check
that the value is <= INT_MAX.  Found by PVS-Studio.
 2018-10-20 08:47:12 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
e9dec0f8d2 Remove some calls to sudo_fatalx(); just propagate the error return. 2018-10-19 13:35:05 -06:00
Todd C. Miller
6a85992b34 No need to check if fd_dst is -1 in sudoedit mode. 
Failure to open the destination sudoedit file is fatal so there's
no need to check that fd_dst != -1 later on.  Found by PVS-Studio.
 2018-10-19 13:33:37 -06:00
Todd C. Miller
6786d53d45 In timestamp_open() no need to free cookie on error, it is NULL. 
Found by PVS-Studio.
 2018-10-19 13:32:24 -06:00
Todd C. Miller
deccfe68f1 Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). 
Coverity CID 188804
 2018-10-18 15:38:54 -06:00
Todd C. Miller
84ef500061 Move the allocation of role to be immediately before in_role is set. 
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.
 2018-10-18 14:43:08 -06:00
Todd C. Miller
2ff8f8601b Fix trimming of non-escaped trailing space in ldif_parse_attribute(). 
Found by PVS-Studio.
 2018-10-18 14:29:33 -06:00
Todd C. Miller
c2d93b8c97 Simplify the logic surrounding sudoers_args in command_args_match(). 
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.
 2018-10-18 14:24:55 -06:00