isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,632 Commits 1 Branch 0 Tags
a957a657b08346ba032bfee0f8a41da3715cbb6d
Commit Graph

1939 Commits

Author SHA1 Message Date
Todd C. Miller
414b28dc45 move va_start() in mysyslog() 2017-01-13 16:30:08 -07:00
Todd C. Miller
269b8602d8 Only treat failure of expand_iolog_path() as fatal if ignore_iolog_errors 
is not set.
 2017-01-13 15:45:59 -07:00
Todd C. Miller
fabb38c918 regen 2017-01-09 10:45:44 -07:00
Todd C. Miller
90e1f4ec3e Fix crash in visudo introduced in sudo 1.8.9 when an IP address or 
network is used in a host-based Defaults entry.  Bug #766
 2017-01-07 19:50:05 -07:00
Todd C. Miller
0d9255b2f7 Fix logic bug when matching syslog priority and facility. 2016-12-20 10:24:55 -07:00
Todd C. Miller
cc03054800 sync with translationproject.org 2016-12-15 14:26:11 -07:00
Todd C. Miller
2eeb191b94 sync with translationproject.org 2016-12-13 10:39:48 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
56cc9aa02d regen 2016-12-03 19:25:17 -07:00
Todd C. Miller
c62b7dc2ee In set_interfaces() treat a parse error as fatal. 2016-12-03 16:39:43 -07:00
Todd C. Miller
2884816c8e sync with translationproject.org 2016-12-01 11:42:50 -07:00
Todd C. Miller
852ffa5938 Ignore a boot time that is in the future, which can happen when the 
clock is corrected down after boot.  Otherwise, the timestamp file
will be unlinked each time sudo is run and a password is always
required.
 2016-12-01 10:52:05 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
cb1f044017 Allow stdin and ttyin to be displayed too. The only one that is 
really useful in sudoreplay is stdin when input is from a pipe.
 2016-11-30 13:38:01 -07:00
Todd C. Miller
aaf6fff736 Fix the "all" setting for verifypw and listpw; nopass would never 
be true even if all the user's entries had the NOPASSWD tag.
Regression introduce in sudo 1.8.17.  Bug #762
 2016-11-29 19:46:25 -07:00
Todd C. Miller
7bcd0285e1 sync with translationproject.org 2016-11-28 10:47:09 -07:00
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
4d06a612f7 Update year in license 2016-11-22 11:30:00 -07:00
Todd C. Miller
0382a2d47f regen 2016-11-21 17:47:07 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
695784e6ee Add support for getpwnam_shadow() on OpenBSD 2016-11-17 17:55:44 -07:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
0cde3f5de4 Fix sign compare warning. 2016-11-17 10:27:26 -07:00
Todd C. Miller
a77ecca7d3 Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where 
crypt() was not exported.
 2016-11-17 08:11:59 -07:00
Todd C. Miller
d6c30ba273 Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions 
and use them to parse negated entries instead of doing it manually.
 2016-11-16 13:46:38 -07:00
Todd C. Miller
da73733724 Fix printing of sudoedit_follow in "sudo -l" 2016-11-16 11:03:50 -07:00
Todd C. Miller
c7d6521b49 For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. 2016-11-16 11:03:12 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
8820ff3efb Use readline() in sudo_ldap_read_secret() 2016-11-16 09:22:18 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
deb6259765 In strict mode, go to the file/line with an undefined aliases 
or aliases cycle directly.
 2016-11-13 06:41:09 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
90995c0acf Add simple reference-counted string allocator and use it for passing 
around references to the sudoers path.  This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
 2016-11-11 16:18:27 -07:00
Todd C. Miller
52e136863f Add checks for sudoers_locale early Defaults 2016-11-10 14:36:11 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
cefcb6f501 add missing sudo_pw_delref/sudo_gr_delref to plug memory leak 2016-11-09 16:07:12 -07:00
Todd C. Miller
17868f89d7 Fix a bug in host matching where a negated sudoHost entry would 
prevent other sudoHosts following it from matching.
 2016-11-08 14:35:23 -07:00
Todd C. Miller
1d9b8ca32e Zero out sd_un before calling parse_default() so we don't try 
to free stack garbage in the ldap/sssd backends.
 2016-11-08 12:58:28 -07:00
Todd C. Miller
738c3cbf3e Use "ret", not "rc" for the function return value. 2016-11-07 13:39:42 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
1f24108969 Use "struct defaults *d" instead of "struct defaults *def" throughout 
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
 2016-11-06 18:55:18 -07:00
Todd C. Miller
4ca0838ba9 In display_bound_defaults() rename dtype arg -> deftype. 2016-11-06 18:41:31 -07:00
Todd C. Miller
f3c7e0f83b Update error output to match quoting changes. 2016-11-03 11:16:09 -06:00
Todd C. Miller
4f532dcc50 Avoid passing in a struct sudo_defs_types pointer to the store 
functions.  Pass in a pointer to the union to fill instead.
 2016-11-03 11:02:48 -06:00
Todd C. Miller
3c28810feb no longer need struct defaults forward referebce 2016-11-03 10:15:18 -06:00