isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,359 Commits 1 Branch 0 Tags
a2d27bc9ec55b569c25ffa0481855b9c94fe8b8c
Commit Graph

11359 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a2d27bc9ec Fix return value for non-interactive mode for non-standalone auth methods. 
AUTH_NONINTERACTIVE was being stored in the wrong variable.
 2022-01-05 16:41:19 -07:00
Todd C. Miller
513574ce10 Updated translations from translationproject.org 2022-01-05 11:13:01 -07:00
Todd C. Miller
d6ff97d837 defaults_var_matches() should return bool, not enum match_result. 
Remove enum match_result as it is no longer used.
 2022-01-05 11:12:07 -07:00
Todd C. Miller
72989bf83f Quiet two PVS-studio warnings. 2022-01-05 11:04:18 -07:00
Todd C. Miller
1b72f138e3 Remove PAM_TTY workaround for old, buggy PAM modules. 
In the past, some PAM modules assumed that PAM_TTY was set and would
misbehave (or crash) if not.  This was primarily obsolete versions
of Linux-PAM, so it should now be safe to remove this.  Setting
PAM_TTY to an empty string can cause its own set of issues.
GitHub issue #74
 2022-01-05 10:59:27 -07:00
Todd C. Miller
8c42a29a1e Mention fix for Bug #956 and GitHub issue #83. 2022-01-04 19:42:58 -07:00
Todd C. Miller
521ef37aea Push non-interactive mode checking down into the auth methods. 
For "sudo -n" we only want to reject a command if user input is
actually required.  In the case of PAM at least, we may not need
to interact with the user.  Bug #956, GitHub issue #83
 2022-01-04 18:57:36 -07:00
Todd C. Miller
296d876b76 userspec_overridden: fix checks when there is more than one userspec 2022-01-03 16:40:32 -07:00
Todd C. Miller
835079fa3f Fix merging of global/ALL entries when each input file has a host. 
If a host is specified for the input file, cvtsudoers will bind
global Defaults to that host and change host "ALL" in a userspec
to the host name.  However, if all the input files have matching
hosts we can simplify the merged file by converting back to ALL
after resolving conflicts.
 2022-01-03 13:23:22 -07:00
Todd C. Miller
d02ba52fa4 Welcome to 2022. 2022-01-03 10:27:07 -07:00
Todd C. Miller
59d55c5308 LICENSE.md moved to the top-level src dir. 2022-01-03 10:26:15 -07:00
Todd C. Miller
dabd8d80a2 Merge pull request #127 from Tyler887/main 
Typo
 2021-12-22 15:01:33 -07:00
Tyler887
d9594cb216 Typo 2021-12-22 21:56:34 +00:00
Todd C. Miller
e22cc72530 Back out changes to enable SELinux by default. 
This may return in a future release in a different form.
 2021-12-22 11:13:22 -07:00
Todd C. Miller
0ed92e6165 Move LICENSE.md out of docs and back to the top-level. 
GitHub expects it to be in the top-level directory.
 2021-12-22 11:05:00 -07:00
Todd C. Miller
149e8208b5 cvtsudoers: fix a regression when merging matching Defaults. 
If a host is specified with a sudoers file, we have to treat Defaults
as Defaults@host checking for duplicates.
 2021-12-20 12:57:02 -07:00
Todd C. Miller
4ffc3142c5 add_defaults: add defs == NULL check to quiet coverity false positive 2021-12-18 07:54:26 -07:00
Todd C. Miller
dfc11d7483 When merging Defaults, allow a subsequent global Defaults (no 
binding) to override a prior Defaults setting with a binding.
 2021-12-17 18:59:29 -07:00
Todd C. Miller
6a2c5043a9 add_defaults: defs can never be NULL 2021-12-17 16:04:33 -07:00
Todd C. Miller
546d4f6246 Plug memory leak when making a default host-specific. 
We don't need to allocate new space for the binding list,
just the members of the list.
 2021-12-17 16:01:11 -07:00
Todd C. Miller
5d95345e60 Add an example cvtsudoers.conf file. 2021-12-16 15:42:21 -07:00
Todd C. Miller
991ef32508 Add group_file, match_local, and passwd_file to cvtsudoers.conf. 
Previously, these were only settable via command line options.
 2021-12-16 15:42:06 -07:00
Todd C. Miller
537f75dc74 Remove question about running Solaris 11 binaries on Solaris 10. 
Current versions of sudo use many APIs that are not present on
Solaris 10.  If you want a sudo Solaris 10 binary, build it on
Solaris 10, not 11.
 2021-12-12 18:57:17 -07:00
Todd C. Miller
7158b03b50 Add simple test for cvtsudoers merge functionality. 2021-12-12 10:28:09 -07:00
Todd C. Miller
955359af5d Updated translations from translationproject.org 2021-12-12 10:25:04 -07:00
Todd C. Miller
869994433f Add sudoers Spanish translation from translationproject.org 2021-12-12 10:24:53 -07:00
Todd C. Miller
7d7e24d167 Bugs #1013 and #1014 2021-12-11 16:27:58 -07:00
Todd C. Miller
c53192eb7e sudo_mkdir_parents: make sure the path we created is a directory 
For extra paranoia, verify that the directory we created is still
a directory before we fchown() it.
 2021-12-11 16:27:33 -07:00
Todd C. Miller
e66e1ca383 In SECURITY NOTES, clarify that PATH may be overridden by the policy. 
Bug #1014
 2021-12-11 09:08:03 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
55db239243 Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set the options. 
The switch() in the sudo_ldap_set_options_table() function needed to be
updated to treat CONF_DEREF_VAL and CONF_REQCERT_VAL data types as int.
Fix from Dennis Filder.  Bug #1013.
 2021-12-11 08:35:14 -07:00
Todd C. Miller
a2aa709707 Minor formatting tweak so we can import into the sudo web site. 2021-12-10 20:14:48 -07:00
Todd C. Miller
83defd3a6f Fix CodeQL "Multiplication result converted to larger type" warnings. 2021-12-10 13:33:07 -07:00
Todd C. Miller
014339948c Surround email addresses with angle brackets, not square backets. 2021-12-09 18:51:37 -07:00
Todd C. Miller
3cd0ffade8 Updated translations from translationproject.org 2021-12-08 10:23:37 -07:00
Todd C. Miller
27121cff65 Update .pot files for 1.9.9 2021-12-08 10:22:02 -07:00
Todd C. Miller
d324a53065 Minor formatting tweaks. 2021-12-06 09:27:54 -07:00
Todd C. Miller
3bd572ba80 Convert README and docs files to markdown. 
This makes things look better on GitHub and we can use the
markdown version directly in the new sudo web site.
 2021-12-05 21:02:04 -07:00
Todd C. Miller
2c754a8d49 Policy -> Disclosure Policy 2021-12-04 16:29:49 -07:00
Todd C. Miller
9497ab99c6 Merge pull request #124 from juspence/main 
Allow sudo -g anyone and sudo -u anyone -g anytwo
 2021-12-04 16:27:24 -07:00
juspence
1d13533ea3 Allow sudo -g anyone and sudo -u anyone -g anytwo 
When only the user (ALL) is specified explicitly, and the group is implied, only sudo -u works. Specifying both the user and group, like (ALL:ALL), is required to:

1) Use sudo -g by itself (with no -u user)
2) Use sudo -u and -g together, with a -g group that is different from the -u user's primary group
 2021-12-04 17:41:13 -05:00
Todd C. Miller
aae130eb73 Add build dir to include search path for mksiglist.h and mksigname.h 
Fixes out of tree builds on systems without sys_siglist[] or
sys_signame[].  GitHub issue #123.
 2021-12-02 07:19:43 -07:00
Todd C. Miller
0608a4ea6f cvtsudoers: better merging of lists that are not exact duplicates 
When merging rules, if one list would be overridden by another,
remove the overridden rule and continue merging.
 2021-11-29 11:50:40 -07:00
Todd C. Miller
a9f3032b5b Update NEWS with latest changes. 2021-11-28 08:45:31 -07:00
Todd C. Miller
f9f39cde20 dir_is_writable: don't treat EPERM from faccessat() as a fatal error. 
We can get EPERM on Linux with SELinux.  GitHub issue #122.
 2021-11-27 12:34:16 -07:00
Todd C. Miller
003f9550f1 cvtsudoers: add -l option to log merge actions 
The "-l logfile" option can be used to store a log of what
actions cvtsudoers took when merging multiple files.
For example, which aliases were renamed, which entries were overriden
or removed as duplicated.
 2021-11-24 06:52:51 -07:00
Todd C. Miller
ce9c6d17c5 Sudo 1.9.9 2021-11-24 06:52:50 -07:00
Todd C. Miller
409410b029 New Persian (Farsi) translation from translationproject.org 2021-11-21 09:53:50 -07:00
Todd C. Miller
d83321388d Quiet a PVS Studio warning. 
The warning that need_comma is always false is correct but in this
case it is better to use a consistent construct so that if the code
is re-ordered no bugs are introduced.
 2021-11-20 09:40:06 -07:00
Todd C. Miller
dc5ac7424b Pass correct size to free_zero(). 
Coverity CID 241233
 2021-11-20 09:14:04 -07:00