isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,678 Commits 1 Branch 0 Tags
b3fdb26c41e9ca5146414525ac0b8a8c901b5222
Commit Graph

1967 Commits

Author SHA1 Message Date
Todd C. Miller
0cde3f5de4 Fix sign compare warning. 2016-11-17 10:27:26 -07:00
Todd C. Miller
a77ecca7d3 Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where 
crypt() was not exported.
 2016-11-17 08:11:59 -07:00
Todd C. Miller
d6c30ba273 Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions 
and use them to parse negated entries instead of doing it manually.
 2016-11-16 13:46:38 -07:00
Todd C. Miller
da73733724 Fix printing of sudoedit_follow in "sudo -l" 2016-11-16 11:03:50 -07:00
Todd C. Miller
c7d6521b49 For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. 2016-11-16 11:03:12 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
8820ff3efb Use readline() in sudo_ldap_read_secret() 2016-11-16 09:22:18 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
deb6259765 In strict mode, go to the file/line with an undefined aliases 
or aliases cycle directly.
 2016-11-13 06:41:09 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
90995c0acf Add simple reference-counted string allocator and use it for passing 
around references to the sudoers path.  This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
 2016-11-11 16:18:27 -07:00
Todd C. Miller
52e136863f Add checks for sudoers_locale early Defaults 2016-11-10 14:36:11 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
cefcb6f501 add missing sudo_pw_delref/sudo_gr_delref to plug memory leak 2016-11-09 16:07:12 -07:00
Todd C. Miller
17868f89d7 Fix a bug in host matching where a negated sudoHost entry would 
prevent other sudoHosts following it from matching.
 2016-11-08 14:35:23 -07:00
Todd C. Miller
1d9b8ca32e Zero out sd_un before calling parse_default() so we don't try 
to free stack garbage in the ldap/sssd backends.
 2016-11-08 12:58:28 -07:00
Todd C. Miller
738c3cbf3e Use "ret", not "rc" for the function return value. 2016-11-07 13:39:42 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
1f24108969 Use "struct defaults *d" instead of "struct defaults *def" throughout 
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
 2016-11-06 18:55:18 -07:00
Todd C. Miller
4ca0838ba9 In display_bound_defaults() rename dtype arg -> deftype. 2016-11-06 18:41:31 -07:00
Todd C. Miller
f3c7e0f83b Update error output to match quoting changes. 2016-11-03 11:16:09 -06:00
Todd C. Miller
4f532dcc50 Avoid passing in a struct sudo_defs_types pointer to the store 
functions.  Pass in a pointer to the union to fill instead.
 2016-11-03 11:02:48 -06:00
Todd C. Miller
3c28810feb no longer need struct defaults forward referebce 2016-11-03 10:15:18 -06:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
75e29f163e Add file:linenumber prefix to all Defaults warnings so we can see 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
 2016-11-02 17:07:32 -06:00
Todd C. Miller
f6ce83ea76 Only treat an unknown Defaults entry as a parse error in visudo, 
not in sudo itself.
 2016-11-01 15:08:11 -06:00
Todd C. Miller
8a48085184 Instead of checking Defaults values after the fact, check them at 
sudoers parse time.  This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
 2016-11-01 14:22:32 -06:00
Todd C. Miller
0aa216ed55 Refactor freeing of a member_list into free_members(). 2016-11-01 14:15:07 -06:00
Todd C. Miller
9de491dc27 add_defaults() now calls sudoerserror() itself instead of the caller 
assuming any error means out of member.
 2016-11-01 14:13:47 -06:00
Todd C. Miller
484b5718d8 s/rval/ret/g -- old habits die hard 2016-11-01 12:34:24 -06:00
Todd C. Miller
2dbe50d1e1 Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error. 2016-10-31 16:21:50 -06:00
Todd C. Miller
b5f444111e The fix for Bug #408 broke editing of files in an include dir that 
have a syntax error.  Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.
 2016-10-31 15:57:05 -06:00
Todd C. Miller
5a8b60e4b4 Make a copy of the current sudoers path when assigning errorfile. 
Fixes a potential use after free in visudo when there is an error
in one of the include files.
 2016-10-31 15:21:18 -06:00
Todd C. Miller
a3a545e416 sudoers_debug_register() was not setting the active debug instance 
to sudoers_debug_instance when called from the I/O log plugin.  This
is because it relied on sudo_debug_register to do that but
sudoers_debug_parse_flags() doesn't set debug_files[]
sudoers_debug_instance is already set (we can only init sudoers
debug once).

To work around this, just make sudoers_debug_instance the active
debug instance in sudoers_debug_register() when it is already set.
 2016-10-31 13:36:35 -06:00
Todd C. Miller
1fdcce7faf use cp instead of *cur when comparing against plugin_path 2016-10-31 12:54:53 -06:00
Todd C. Miller
9f903d3bdd In sudo_mkdir_parents() inherit the gid of / instead of using gid 
0 for the first component.
 2016-10-30 09:09:12 -06:00
Todd C. Miller
cf707cf5f0 We want to inherit the gid from the parent directory when not setting 
permissions on intermerdiate directories.
 2016-10-30 06:36:55 -06:00
Todd C. Miller
bf62530acf Move io_mkdir_parents() to its own file and use it in ts_mkdirs(). 2016-10-29 12:45:57 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
3423d0af7c Don't try to syntax check an unrecognized Defaults value in visudo. 2016-10-28 08:24:51 -06:00
Todd C. Miller
7122a733ac Create I/O log files with the same gid as the parent directory. 2016-10-26 14:18:58 -06:00
Todd C. Miller
a401107564 Check for sudo_ldap_result_last_search() returning NULL. This can't 
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.
 2016-10-26 13:49:05 -06:00
Todd C. Miller
dbd5252798 Fix incorrect strncmp() lengths. The check for USERNAME was only 
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.
 2016-10-26 11:25:59 -06:00
Todd C. Miller
4c8988d483 When checking for old-style bash functions in the environment, check 
for values starting with "() " (note the trailing space) rather
than "()".  Bash will only treat the value as a function if the
space after "()" is present.  The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio.  No security impact.
 2016-10-26 11:22:30 -06:00
Todd C. Miller
63adb21cea Add some missing casts from uid_t/gid_t to int when printing uid/gid 
values.  We print these as signed so a value of -1 (no change) is
obvious.  Quiets PVS-Studio warnings.
 2016-10-26 11:08:33 -06:00