isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

93 Commits

Author SHA1 Message Date
Todd C. Miller
0cfce655bd Fix potential double free of the cookie when sudo is suspended at 
the password prompt.
 2015-09-21 15:07:00 -06:00
Todd C. Miller
9dedc65a7f Avoid touching the time stamp directory for "sudo -k command" 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
caf5d45e0f Previously, debug_return_bool was the same as debug_return_int 
except that it logged true/false for 1/0.  However, this appears
to trigger a bug in some compilers.  To avoid this, debug_return_bool
now uses bool, not int.  Callers that were passing it an int have
been converted to use debug_return_int instead.
 2015-05-07 10:33:23 -06:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
b1cdb3708c Remove a few more unnecessary uses of fatal(). 2014-04-07 19:52:28 -06:00
Todd C. Miller
3cdb944de4 Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw 
or targetpw is set.  Bug #639
 2014-03-19 16:55:37 -06:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
99b7351de0 Fix some #if vs. #ifdef and remove an extraneous semicolon. 
Bug #624; from Daniel Richard G.
 2013-11-17 16:15:36 -07:00
Todd C. Miller
3389108f10 Don't allow root to change its SELinux role without a password. 
Bug #611
 2013-08-26 07:04:19 -06:00
Todd C. Miller
faf150c4d0 Split up check_user(). 2013-04-04 10:04:22 -04:00
Todd C. Miller
073989aa68 Neded sys/time.h for struct timeval in struct sudo_tty_info. 2013-04-01 14:48:00 -04:00
Todd C. Miller
4d3fc204f7 Pass auth_pw to the timestamp functions. 2013-03-28 13:22:09 -04:00
Todd C. Miller
ec19ea97f2 DEFAULT_LECTURE is no longer used. 2013-03-27 15:01:26 -04:00
Todd C. Miller
8b4c192058 Move contents of timestamp.h into check.h. 2013-03-25 11:28:21 -04:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
69cb0c3215 Make the sudo lecture translatable. 2012-11-09 15:37:03 -05:00
Todd C. Miller
6a7884d474 Make expand_prompt() args const and free the prompt when we are 
done with it.
 2012-11-08 16:40:37 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
2b23d2b12c Move expand_prompt() into its own source file for easier unit testing. 2012-10-23 14:27:52 -04:00
Todd C. Miller
0a7af23038 Make check.c independent of the underlying timestamp implementation. 2012-10-23 14:16:57 -04:00
Todd C. Miller
0fa33ccf0f Split off timestamp functions into their own source file. 2012-09-27 10:21:13 -04:00
Todd C. Miller
778895adfd Correct the check_user() comment header. 2012-08-22 12:52:07 -04:00
Todd C. Miller
241b2395cf Reduce the number of "internal error, foo overflow" messages that 
need to be translated.
 2012-08-10 12:18:38 -04:00
Todd C. Miller
7d255e42cb Fix some warnings from clang checker-267 2012-08-07 11:01:28 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
8b03f3e7d0 Move log_denial() calls and logic to log_failure(). 
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.

This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password.  Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed".  Fixes bug #563
 2012-07-10 12:42:33 -04:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
2b7659f709 Don't prompt for a password if the user is in the exempt group, is 
root, or is running the command as themselves even if the -k option
was specified.  This makes "sudo -k command" consistent with the
behavior one would get if the user ran "sudo -k" immediately before
running the command.
 2012-05-17 10:20:14 -04:00
Todd C. Miller
087059b295 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". 
Update tty_is_devpts() to match so we can determine when the tty
has been reused.
 2012-04-05 13:21:22 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
f190bcf94b Don't print garbage at the end of the custom lecture. 2011-11-12 13:08:13 -05:00
Todd C. Miller
9b2c889812 We need to init the auth system regardless of whether we need a 
password since we will be closing the PAM session in the monitor
process.  Fixes a crash in the monitor on Solaris; bugzilla #518
 2011-10-25 10:08:26 -04:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
45ad681cd6 Delref auth_pw at the end of check_user() instead of getting a ref 
twice.
 2011-09-27 16:21:21 -04:00
Todd C. Miller
1e93d1fbb6 Make sudo_auth_{init,cleanup} return TRUE on success and check for 
sudo_auth_init() return value in check_user().
 2011-09-27 15:41:22 -04:00