isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,572 Commits 1 Branch 0 Tags
9eeedb470f03f7753d202aa5fe54df5d10c0691c
Commit Graph

9572 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
6eadaddc99 Add SUDO_CONV_PREFER_TTY flag for conversation function to tell 
sudo to try writing to /dev/tty first.  Can be used in conjunction
with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
 2018-06-13 11:19:33 -06:00
Todd C. Miller
89c83f0321 Update for arc4random.c, arc4random_uniform.c and getentropy.c 2018-06-08 06:32:02 -06:00
Todd C. Miller
8b63ec654a FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell 
process.  Since we've prevented execve() from succeeding this is
the error we get back from wordexp() on FreeBSD.
 2018-06-05 15:37:16 -06:00
Todd C. Miller
ec2dae8104 Fix conversion of usec to nsec; from Scott Cheloha 2018-06-04 20:00:41 -06:00
Todd C. Miller
dafb5f523a Fix typo. 2018-06-01 21:15:57 -06:00
Todd C. Miller
919b567229 The getdefs() function now get called multiple times so use the 
cached data if present.
 2018-05-29 10:53:47 -06:00
Todd C. Miller
899aedfd10 Return an empty defaults list, not NULL if there is no global sudoers 
defaults entry in sss.
 2018-05-29 10:24:57 -06:00
Todd C. Miller
1202beafba Fix memory leak of handle pointer on close. 2018-05-29 10:10:20 -06:00
Todd C. Miller
c990d93a4e Remove a needless copy when parsing options. 2018-05-29 09:39:42 -06:00
Todd C. Miller
0b31f186cd Move cached userspecs and defaults into the handle object. 2018-05-29 09:39:40 -06:00
Todd C. Miller
1ad2290a27 Quiet a clang analyzer warning. It should not be possible for 
pop_include() to be called when YY_CURRENT_BUFFER is NULL.
 2018-05-28 08:30:57 -06:00
Todd C. Miller
e401f92830 Reorder things to avoid the need to declare static functions. 2018-05-28 07:35:51 -06:00
Todd C. Miller
43003d29d8 Use arc4random for mkstemp() and insults. 2018-05-24 21:04:23 -06:00
Todd C. Miller
ddd663a5f2 Import arc4random() from libressl. This takes an all-in-one approach 
instead of the one-file-per-OS approach that libressl takes.
The fallback code does not have as many OS-specific bits as libressl.
 2018-05-24 21:04:23 -06:00
Todd C. Miller
154a5f59a9 Move digest code into libutil 2018-05-24 21:04:07 -06:00
Todd C. Miller
1cd472c051 Check for invalid bas64 attributes. 2018-05-20 08:09:25 -06:00
Todd C. Miller
a04cb53e37 Fix pointer sign warnings. 2018-05-20 07:42:54 -06:00
Todd C. Miller
5c113e59ec Add missing variable declaration for SELinux and Solaris. 2018-05-20 07:36:46 -06:00
Todd C. Miller
03aa84ed03 Handle empty string and treat it as safe. 2018-05-20 07:36:00 -06:00
Todd C. Miller
1bc8e9abfd Add support for base64-encoding non-safe strings in LDIF output. 2018-05-20 07:01:26 -06:00
Todd C. Miller
574c9fcd7a Add base64_encode() by Jon Mayo. 2018-05-19 19:03:47 -06:00
Todd C. Miller
1ab3606019 Add support for parsing base64-encoded attributes 2018-05-18 10:11:51 -06:00
Todd C. Miller
7d42a609d9 rfc2253 says we need to escape " and leading and trailing space. 2018-05-17 11:16:44 -06:00
Todd C. Miller
dfb66044ed Define ZLIB_CONST so we get the const version of the API. 2018-05-17 09:31:48 -06:00
Todd C. Miller
1494f25ba3 Fix logic inversion when handing the authenticate Defaults option 
for "sudo -l" and "sudo -v" in long list mode.
 2018-05-16 12:14:14 -06:00
Todd C. Miller
c30ad97107 Set handle->pw before sss_to_sudoers() since sss_check_user() 
uses it.  Coverity CID 185651
 2018-05-16 10:48:50 -06:00
Todd C. Miller
8ce49ecb2b Fix memory leak on error, CID 185602 2018-05-16 10:45:00 -06:00
Todd C. Miller
8ad51fe089 Some ldap_get_values_len -> sudo_ldap_get_values_len that were 
missed before.
 2018-05-16 10:37:15 -06:00
Todd C. Miller
b7e6d04907 When building up the cmndspec, add the actual command member last. 
This simplifies the logic regarding the SETENV tag and alsomakes
"out of memory" cleanup simpler.
 2018-05-16 10:27:28 -06:00
Todd C. Miller
2102800824 Fix format string mismatch, sudo_order is unsigned. 2018-05-16 10:15:15 -06:00
Todd C. Miller
b31656b7f1 Add cppcheck annotation to suppress memory leak false positive. 2018-05-16 10:14:39 -06:00
Todd C. Miller
3ca0882d14 Sudo "ALL" implies the SETENV tag. 2018-05-16 10:01:52 -06:00
Todd C. Miller
cf9c0102d4 Only set MODE_PRESERVE_ENV when preserving the entire environment. 
Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
used in conjunction with --preserve-env=VARIABLE.  Bug #835
 2018-05-16 09:10:43 -06:00
Todd C. Miller
f38317269d Add free_userspecs() and free_default() and use them instead of 
looping over the lists and calling free_userspec() and free_default().
 2018-05-15 16:35:07 -06:00
Todd C. Miller
3a4c0e06c1 Depending on the bos level, AIX 6.1 may or may not include 
getline/getdelim and AIX 7.1 may or may not include memset_s.
Since we need to build packages that will work on all AIX 6.1 and
7.1 machines, use our getline() and memset_s emulation.
 2018-05-15 09:53:46 -06:00
Todd C. Miller
93eec5fb9f Do not leak struct sudo_command when the command is ALL. 
Coverity CID 185602.
 2018-05-14 13:47:00 -06:00
Todd C. Miller
808ec34ab4 Sudo 1.8.24 2018-05-14 13:04:14 -06:00
Todd C. Miller
9f36ae62f0 Improve comments about why we need to do a user check and how it 
related to netgroups.
 2018-05-14 10:43:51 -06:00
Todd C. Miller
d052f8a68b Add checks for ldap/sss functions failing due to memory allocation 
errors.
 2018-05-14 09:05:05 -06:00
Todd C. Miller
904f37e03f Let the main sudoers lookup code check the host name. We still 
check the user name so it is possible to use a single userspec
but this may change in the future.
 2018-05-14 09:05:04 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
cc3428398a Parse "ALL" as a command correctly. 2018-05-14 08:35:48 -06:00
Todd C. Miller
4a3aa5f6e6 Add debug warning if lseek() fails (should not be possible). 2018-05-11 07:51:43 -06:00
Todd C. Miller
7b1e78d6df Fix swapped args of lseek() when rewinding. This didn't cause a 
problem because the value of SEEK_SET is 0.
 2018-05-11 07:45:22 -06:00
Todd C. Miller
6e290763ca Fix a format-truncation warning in newer gcc by avoiding using %0x 
and %0X in the test.  We are formatting a single byte so just do
it one nybble at a time.
 2018-05-10 21:17:03 -06:00
Todd C. Miller
3359d7290f Regen with autoconf git commit e17a30e987d7ee695fb4294a82d987ec3dc9b974 
AC_HEADER_MAJOR: port to glibc 2.25
 2018-05-10 20:44:09 -06:00
Todd C. Miller
7a940ce30b No need to explicitly free role on EOF, it will be freed after the 
loop is done.
 2018-05-03 11:06:02 -06:00
Todd C. Miller
29d188f4b4 Garbage collect the command argv, envp and info vectors since they are 
not available at policy close time.
 2018-05-03 10:52:17 -06:00
Todd C. Miller
b0c13e995c Plug memory leaks on parse error or when an LDIF entry doesn't match 
the dn filter.
 2018-05-03 10:51:11 -06:00