isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,292 Commits 1 Branch 0 Tags
ad890acf6c63fc19ffcd8c236e3a99d9cec1b649
Commit Graph

439 Commits

Author SHA1 Message Date
Todd C. Miller
7ba7c5835e Enable sudo_logsrvd.conf settings. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
c49760e55d Simpler change to retry sudo_secure_file() as root as needed. 2019-07-14 19:37:33 -06:00
Todd C. Miller
cecf69ff3c If we are unable to stat() sudoers as non-root, try again as root. 
By default, sudo relies soley on group permissions to read sudoers
to make it possible to store sudoers on NFS.  However, if /etc/sudoers
is not accessible to non-root uids for some reason, sudo will fail.
Bug #880.
 2019-07-14 18:51:50 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
29223d7f64 In tty_present(), check for /dev/tty if sudo was unable to get the tty name. 
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from the kernel (missing /proc?) that is OK.
 2019-06-19 20:32:22 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
f3344b5881 Fix pasto; the unrestricted env file was read when we want the restricted one. 2019-02-19 11:03:02 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
efe35e5b1e Use debug_return_int not debug_return_bool in resolve_host 2018-12-24 20:31:26 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
25a58ba1ca Avoid potentially undefined behavior. 
Found by PVS Studio.
 2018-10-16 12:50:43 -06:00
Todd C. Miller
1e5af35564 Refactor code to convert defaults to tags and do conversion on 
output for "sudo -l".

Remove the short_list (was long_list) global in favor of a verbose
argument.
 2018-08-05 07:17:34 -06:00
Todd C. Miller
608574a219 For ldap/sssd, include defaults in the generate privilege unless 
we are listing in short mode (in which case we convert them to tags
if possible).  Fixes a problem where sudoOptions were not being
applied to the command.
 2018-08-02 14:45:00 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
899aedfd10 Return an empty defaults list, not NULL if there is no global sudoers 
defaults entry in sss.
 2018-05-29 10:24:57 -06:00
Todd C. Miller
0b31f186cd Move cached userspecs and defaults into the handle object. 2018-05-29 09:39:40 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
217e0a9b4b Less confusing sysctl checks for kinfo_proc. 2018-03-05 17:35:02 -07:00
Todd C. Miller
23ac62cfb5 Also honor SUDO_EDITOR in visudo. Previously is was only used 
by sudoedit.
 2017-12-22 10:22:33 -07:00
Todd C. Miller
fa2ab63da9 Stop looking for an editor as soon as we find one. 
A similar fix was made to visudo some time ago.
 2017-12-21 16:31:42 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
250209d7a8 When running a command as the invoking user we cannot use the gid 
list from the front-end since it may not correspond to the user's
aux group vector as defined by the group database.
 2017-11-28 09:48:43 -07:00
Todd C. Miller
a62cd4b4fe If passwd_tries is less than 1, check_user() will always return 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
 2017-11-14 13:58:35 -07:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
48459292ff Don't send email about an unresolvable host name if fqdn is 
enabled and the user specified the run host via the -h flag.
 2017-08-01 13:45:32 -06:00
Todd C. Miller
879ba68879 Don't set passprompt_override when SUDO_PROMPT is present. 
This effectively reverts ed77d255f383.

We treat the SUDO_PROMPT environment variable similar to passprompt
in sudoers: it will only override a PAM prompt if the PAM prompt
is either "Password:" or "username's Password:".
 2017-07-21 09:07:00 -06:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
269b8602d8 Only treat failure of expand_iolog_path() as fatal if ignore_iolog_errors 
is not set.
 2017-01-13 15:45:59 -07:00
Todd C. Miller
aaf6fff736 Fix the "all" setting for verifypw and listpw; nopass would never 
be true even if all the user's entries had the NOPASSWD tag.
Regression introduce in sudo 1.8.17.  Bug #762
 2016-11-29 19:46:25 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
2dbe50d1e1 Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error. 2016-10-31 16:21:50 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
ead485b96b Fix typo that broke short host name matching when the fqdn 
flag is enabled.  Bug #757
 2016-09-09 16:26:22 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
b80309e6d8 In sudoers_main() avoid setting rval prematurely. Prevents a crash 
when auditing fails after successfully authenticating.  Bug #756
 2016-09-05 19:44:46 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00