isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,316 Commits 1 Branch 0 Tags
9ff960457a5a89db56247b70d8049f46fd2bdd02
Commit Graph

10316 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
9ff960457a Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. 2020-09-01 06:26:05 -06:00
Todd C. Miller
86513c78b6 Unit test for exptilde 2020-09-01 06:26:05 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
c4a579cf8a Pass resource limits values to the plugin in user_info[] 
Sudo resets the resource limits early in its execution so
the plugin cannot tell what the original limits were itself.
 2020-08-31 16:37:01 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
47ed1721be Refer to "syntax error" instead of "parse error". 
This is the term the parser uses when there is an actual error.
 2020-08-27 16:12:09 -06:00
Todd C. Miller
1b300f78de Remove superfluous "parse error in sudoers near line N" message. 
The sudoers parser now produces better syntax error messages so we
don't need visudo to print its own.
 2020-08-27 16:08:18 -06:00
Todd C. Miller
03eb3d6db9 Don't override errorfile and errorlineno set by check_aliases(). 
Now that alias parsing stores the file and line number, visudo can
use that information to go to the line with an error when re-editing.
 2020-08-27 16:06:45 -06:00
Todd C. Miller
019f1f6b93 Use sigabbrev_np(3) to access signal abbreviations if supported. 
glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3) instead.
 2020-08-25 16:48:13 -06:00
Todd C. Miller
3235687d96 Briefly describe how to restore historical parse error behavior. 2020-08-17 19:37:09 -06:00
Todd C. Miller
da5afe11bf Mention eof-of-line terminator and plugin argument changes. 2020-08-17 16:02:29 -06:00
Todd C. Miller
a3364c1e95 Fix sudoers_policy plugin options when sudoers_audit is not listed. 
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin.  As a result, plugin options set for
sudoers_policy have no effect.  If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
 2020-08-17 13:45:16 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
360c264760 Make this test pass with bison's verbose error messages. 2020-08-17 07:41:48 -06:00
Todd C. Miller
c7bc24d40b Recover from a syntax error after the ':' in a privilege spec. 
For compound privilege specs, don't throw away the entire thing if
we have a syntax error, only the part after the error is encountered.
 2020-08-16 15:19:53 -06:00
Todd C. Miller
11803027c6 Add explicit end-of-line matching in the parser for better error messages. 
A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not documented) to have multiple
user specs on a single line.  Now, each must be on its own line.
 2020-08-16 14:59:45 -06:00
Todd C. Miller
d72a48dc78 Add NOMATCH token and use it in the lexer for an unmatched pattern. 
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error.  This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
 2020-08-16 06:42:15 -06:00
Todd C. Miller
de9c77ba7e Enable error recovery for syntax erorrs that don't end with a newline. 
A syntax error on the last line of a sudoers file with no trailing
newline is now recoverable.
 2020-08-15 11:38:56 -06:00
Todd C. Miller
94eb14c214 Add error recovery for unexpected tokens after include/includedir. 2020-08-15 11:29:46 -06:00
Todd C. Miller
9c258de89e Sudo 1.9.3 changes so far. 2020-08-15 09:16:59 -06:00
Todd C. Miller
31d41853b6 sudo 1.9.3 2020-08-15 09:03:20 -06:00
Todd C. Miller
086aaeb446 Format the macOS minor version number with two digits. 
This way we get consistent 4-digit version numbers even for macOS
verions like 10.3 or 11.0 where the minor number is a single digit.
For example. 10.3 will be formatted as 1003 and 11.0 will be 1100.
 2020-08-14 14:53:27 -06:00
Todd C. Miller
cb2eb8ea94 Add missing ZFALLTHROUGH and use spaces not tabs. 2020-08-13 21:10:08 -06:00
Todd C. Miller
d12f7ccf25 Fix probe for macOS Big Sur 
"sw_vers -productName" now returns "macOS", not "Mac OS X"
 2020-08-13 20:40:33 -06:00
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
fb8ed8ba66 Use angle quotes when including gram.h and def_data.c. 
Otherwise, we can include the wrong file when doing an out-of-source
build when configured using --with-devel.
 2020-08-12 10:28:33 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
4b0783b0b4 Add *.map to the ignore file. 2020-08-12 09:11:20 -06:00
Todd C. Miller
4193f54826 Update to uncrustify 0.71.0 2020-08-11 16:58:47 -06:00
Todd C. Miller
71a879d905 Mention visudo in sudo(8) and document sudoers error recovery. 2020-08-11 14:07:31 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
8a97150f56 Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' 
This results in better error messages when there is a parse error
 2020-08-10 13:59:31 -06:00
Todd C. Miller
6702f4ac4e Some minor cleanup. 
Use ntuples instead of tuple_last
Strip leading and trailing double quotes using a single gsub()
ntuples will never be zero so don't bother checking
No need to explicitly close files in END
 2020-08-10 13:30:10 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
63dadad9df Refactor freeing of InfoMessage list into free_info_messages(). 
Also fixes a false positive from the clang analyzer.
 2020-08-07 14:22:28 -06:00
Todd C. Miller
5f5f28ac7c Require that a @include line end with a newline or EOF. 
We now parse the entire line before reading the include file.  This
is less surprising behavior and results in better error messages.
 2020-08-07 14:22:24 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
7c342e5862 Let the sudoers parser recover after a parse error. 
We currently just discard the line with the error.
 2020-08-07 14:20:21 -06:00
Todd C. Miller
91cc68d7fd Keep track of the position of the current token for error messages. 2020-08-07 14:13:25 -06:00
Todd C. Miller
99f43f8a00 Store the current line in our own buffer for better error messages. 2020-08-06 21:16:35 -06:00
Todd C. Miller
03816d020b Sync sample_approval.exp with sample_approval.c 2020-08-06 21:16:35 -06:00
Todd C. Miller
a8bfeba581 regen 2020-08-06 21:16:35 -06:00
Todd C. Miller
c90539015f Fix libssl dependency on Debian-based systems. 
Older systems may still have libssl1.0.0, not libssl1.1.
 2020-08-05 12:58:02 -06:00
Todd C. Miller
2a58b19f96 Add workaround for yyless() not resetting yy_at_bol. 2020-08-05 09:13:09 -06:00
Todd C. Miller
4bc70c02c1 Always use a linker script to hide symbols if it is supported. 
We use this even if the compiler has symbol visibility support so
we will notice mismatches between the exports file and __dso_public
annotations in the source code.
 2020-08-03 10:27:27 -06:00
Todd C. Miller
38e28dcbf5 Rename python_plugin.exp.in -> python_plugin.exp 
There is nothing dynamic in this file.
 2020-08-03 10:15:28 -06:00