isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
bfb1cead60 When decoding base64, avoid using '=' in the decoded temporary array 
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
 2015-09-01 10:24:59 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
531bcc8aa6 regen 2015-08-06 13:21:37 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
4501b7416a Check JSON output of sudoers test files too. 2015-08-06 10:57:42 -06:00
Todd C. Miller
4abc13bfca Move comment to match moved code. 2015-08-04 16:15:11 -06:00
Todd C. Miller
8f84857977 Fix creation of the timestamp file; bug #704 2015-07-20 20:16:14 -06:00
Todd C. Miller
db8607fe4e Fix typo in sudo_sss_attrcpy() that caused a memory allocation error. 2015-07-17 13:58:26 -06:00
Todd C. Miller
6eb4d142e3 rebuild 2015-07-15 12:36:02 -06:00
Todd C. Miller
d4211081c0 Add some debugging printfs when malloc fails and we don't have an 
explicit call to sudo_warnx().
 2015-07-14 15:28:01 -06:00
Todd C. Miller
108bfb7af3 Add missing warnings for memory allocation failure. 
Add function name to memory allocation warnings.
 2015-07-14 14:50:36 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
ff5b6dbb60 Add missing check for calloc(3) return value. 2015-07-14 13:56:29 -06:00
Todd C. Miller
374146f70f Avoid calling dlerror() multiple times since it clear the error 
status after printing the error.
Problem caused by sudo_warn/sudo_fatal being macros...
 2015-07-10 10:31:21 -06:00
Todd C. Miller
43a57126ea Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in 
resolv.h.
 2015-07-09 10:11:25 -06:00
Todd C. Miller
b73d96804b Sprinkle debugging for boottime. 2015-07-09 10:10:34 -06:00
Todd C. Miller
c3b4e4ce3e Update Debian/Ubuntu packages to be more like the vendor ones. One 
notable exception is that sudo.ws packages use /var/run, not /var/lib
for timestamp files.
 2015-07-08 16:15:53 -06:00
Todd C. Miller
06ad0f6424 Strip newline from /proc/stat btime line to avoid a strtonum() failure. 
From Jakub Wilk.
 2015-07-08 15:13:14 -06:00
Todd C. Miller
445e6f2e9a Check sudo_conf_read() return value and exit on fatal error (a 
warning was already printed by sudo_conf_read()).
 2015-07-07 13:17:50 -06:00
Todd C. Miller
ea85db3ecd Add support for parsing quoted strings in a sudoOption just like 
sudoers Defaults settings.
 2015-07-07 10:58:05 -06:00
Todd C. Miller
e3586e2a43 Sync with translationproject.org 2015-07-07 10:34:37 -06:00
Todd C. Miller
d0be015178 Update year. 2015-07-06 16:45:33 -06:00
Todd C. Miller
d4dcc65059 Sync with translationproject.org 2015-07-06 16:44:23 -06:00
Todd C. Miller
ef69b7c734 Sync with translationproject.org 2015-07-03 07:28:00 -06:00
Todd C. Miller
b3353b99d4 regen 2015-07-03 07:12:30 -06:00
Todd C. Miller
701534c63c Fix typo in error message. 2015-07-03 07:06:29 -06:00
Todd C. Miller
d77941c2be We require POSIX so no need to conditionally include dirent.h. 
Add a check for d_namlen and use the result in the NAMLEN macro.
 2015-07-02 09:24:48 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
54f9de6cce Add an error flag to the lbuf struct to simplify error checking. 
Callers of the lbuf functions now check the error flag to tell if
a memory allocation error ocurred.
 2015-06-26 15:58:04 -06:00
Todd C. Miller
2751413464 display_privs() and display_cmnd() may need to return -1 on error. 2015-06-26 10:33:28 -06:00
Todd C. Miller
d3bc17a611 Return -1, not 0 from sudoers when there is an error (as opposed to 
a policy denial).
 2015-06-25 11:12:36 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
ea5ce39c92 When checking whether the PAM prompt matches "Password:", also check 
for the untranslated version.  The PAM module might not be using the
localized string even though it exists.  From Joel Pelaez Jorge.
Fixes Bug #701
 2015-06-25 09:12:15 -06:00
Todd C. Miller
d84757951f Silence clang analyzer warning on glibc systems where the first 
argument to qsort() is marked as non-NULL.
Also change some counters from into to unsigned int and two flags
from int to bool.
 2015-06-24 10:32:08 -06:00
Todd C. Miller
aedaac8cca Silence clang analyzer warning on glibc systems where the first 
argument to qsort() is marked as non-NULL.
 2015-06-23 16:37:01 -06:00
Todd C. Miller
d7224ea502 It's safe to rely on C89 semantics for realloc(NULL, size). 2015-06-20 19:27:31 -06:00
Todd C. Miller
887a76489a malloc() sets errno to ENOMEM on failure so we don't need to set 
it explicitly.
 2015-06-20 19:26:43 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
941bfe3092 regen 2015-06-19 16:50:54 -06:00
Todd C. Miller
d8dd6512ce Better handling of setlocale() returning NULL. 2015-06-19 16:49:02 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00