isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,902 Commits 1 Branch 0 Tags
a62cd4b4fe25eda6f99d73d7277a6db90a36337c
Commit Graph

311 Commits

Author SHA1 Message Date
Todd C. Miller
a62cd4b4fe If passwd_tries is less than 1, check_user() will always return 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
 2017-11-14 13:58:35 -07:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
48459292ff Don't send email about an unresolvable host name if fqdn is 
enabled and the user specified the run host via the -h flag.
 2017-08-01 13:45:32 -06:00
Todd C. Miller
879ba68879 Don't set passprompt_override when SUDO_PROMPT is present. 
This effectively reverts ed77d255f383.

We treat the SUDO_PROMPT environment variable similar to passprompt
in sudoers: it will only override a PAM prompt if the PAM prompt
is either "Password:" or "username's Password:".
 2017-07-21 09:07:00 -06:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
269b8602d8 Only treat failure of expand_iolog_path() as fatal if ignore_iolog_errors 
is not set.
 2017-01-13 15:45:59 -07:00
Todd C. Miller
aaf6fff736 Fix the "all" setting for verifypw and listpw; nopass would never 
be true even if all the user's entries had the NOPASSWD tag.
Regression introduce in sudo 1.8.17.  Bug #762
 2016-11-29 19:46:25 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
2dbe50d1e1 Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error. 2016-10-31 16:21:50 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
ead485b96b Fix typo that broke short host name matching when the fqdn 
flag is enabled.  Bug #757
 2016-09-09 16:26:22 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
b80309e6d8 In sudoers_main() avoid setting rval prematurely. Prevents a crash 
when auditing fails after successfully authenticating.  Bug #756
 2016-09-05 19:44:46 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
256ca993b9 Update defaults in visudo after sudoers has been edited so we pick 
up locale changes.  The init_defaults() function will now re-init
the sudoers locale.
 2016-07-22 10:41:56 -06:00
Todd C. Miller
e257f2c9e3 Set the warn/fatal locale helper function in sudoers_policy_init() 
so warning messages during sudoers loading are displayed in the
user's own locale.
 2016-07-20 15:52:32 -06:00
Todd C. Miller
b5c2ca2fe5 Move sudoers locale callback function to locale.c and user it in 
visudo and testsudoers.
 2016-07-20 14:16:00 -06:00
Todd C. Miller
30f7ecca10 In cb_sudoers_locale() actually set the locale in addition to storing 
its name.  Otherwise, it won't take effect until sudoers lookup time.
 2016-07-20 13:36:45 -06:00
Todd C. Miller
6daf3c5ce1 Only set early defaults once, regardless of how many times the 
variable is set in sudoers.  This avoids running an early callback
more than once.  For example, we don't want to call cb_fqdn() if
sudo is compiled with FQDN set but sudoers has "Defaults !fqdn".
 2016-07-19 14:58:06 -06:00
Todd C. Miller
08e369572e In cb_fqdn() just return if the fqdn flag is set to false. 2016-07-19 14:52:33 -06:00
Todd C. Miller
d92a396da5 add debug_decl for cb_runas_default and cb_sudoers_locale 2016-07-18 12:20:46 -06:00
Todd C. Miller
36b18c6e64 Convert fqdn to a callback and add it to the list of early defaults. 2016-07-18 12:19:07 -06:00
Todd C. Miller
9b42640ef5 Change defaults callbacks to take a union sudo_defs_val * instead 
of a char *.
 2016-07-18 12:11:25 -06:00
Todd C. Miller
7bfe2e7969 Set the sudoers locale before opening the sudoers file. 
Previously the sudoers locale was used when evaluating sudoers
but not during the inital parse.  Bug #748
 2016-06-30 12:40:19 -06:00
Todd C. Miller
a2e541aef8 O_NOCTTY has no effect when opening /dev/tty as the open can only 
succeed if there is already a controlling tty.
 2016-05-16 11:17:20 -06:00
Todd C. Miller
05db5aa3b8 Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the 
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.
 2016-05-11 09:40:31 -06:00
Todd C. Miller
23d288563e Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). 
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
 2016-05-11 07:06:45 -06:00
Todd C. Miller
5ee1e5bbcb Newer versions of Ubuntu have switched from using the "admin" group 
to the "sudo" group to align with Debian.  create_admin_success_flag()
now accepts either one.
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347
 2016-05-06 14:30:46 -06:00
Todd C. Miller
151e03fb5b Instead of using stat(2) to see if the admin flag file exists and 
creating it if not, just try to create the file and treat EEXIST
as a non-error.  Coverity CID 104121.
 2016-05-06 14:12:08 -06:00
Todd C. Miller
64142f9da2 Avoid calling fclose(NULL) if the sudoers file is not secure and 
restore_perms() fails.  Coverity CID 104090.
 2016-05-05 15:01:22 -06:00
Todd C. Miller
6717c32022 When determining whether or not "sudo -l" or "sudo -b" should prompt 
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.
 2016-04-19 10:08:51 -06:00
Todd C. Miller
578be4f39c Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. 2016-01-22 11:22:58 -07:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
4abc13bfca Move comment to match moved code. 2015-08-04 16:15:11 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
d3bc17a611 Return -1, not 0 from sudoers when there is an error (as opposed to 
a policy denial).
 2015-06-25 11:12:36 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
4f9cabd005 Remove obsolete memory.h include. 2015-06-18 21:02:57 -06:00