isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,599 Commits 1 Branch 0 Tags
b61a55eb1be4feaba503670cf80adc6e5c5f3554
Commit Graph

11599 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ecaa8ab428 INSTALL.md: Mention "make check" and "make check-verbose" 2022-03-02 13:53:02 -07:00
Todd C. Miller
9f47ea5cb0 Repair generate_test_coverage.sh after move to scripts directory. 2022-03-02 13:45:16 -07:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
43cc80d795 Add -v option parsing to regress tests, currently a no-op. 
This will be used by a "check-verbose" target in the future.
 2022-03-02 11:09:51 -07:00
Todd C. Miller
dda14cb57a Less verbose output unless the -v option is used. 
Also display a test summary at the end.
 2022-03-01 16:09:32 -07:00
Todd C. Miller
2c329dbe42 verbose flag is boolean, not int 2022-03-01 15:47:47 -07:00
Todd C. Miller
908ae9510d Update copyright year. 2022-03-01 12:31:36 -07:00
Todd C. Miller
e9155a067c Regenerate dependencies. 2022-03-01 11:32:23 -07:00
Todd C. Miller
75a0e51590 Add sudo_closefrom() regression test. 2022-03-01 11:31:19 -07:00
Todd C. Miller
f1a697a8ff Use close_range(2) in closefrom() emulation if available. 
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported.  On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
 2022-03-01 09:54:23 -07:00
Todd C. Miller
c3177ce831 Repair --enable-pvs-studio on Linux. 2022-03-01 09:42:07 -07:00
Todd C. Miller
10ca59097e Mention apple radar 3710161 in the comment about broken macOS poll(2). 2022-03-01 09:25:14 -07:00
Todd C. Miller
a199abe0e5 Only display test totals unless run in verbose mode. 2022-02-28 20:18:54 -07:00
Todd C. Miller
c2bd52edf8 Allow test harness to be run from any directory. 
Also add missing copyright notice.
 2022-02-28 19:39:33 -07:00
Todd C. Miller
a4f847b1d6 Adapt test harness for lib/util and move to regress directory. 2022-02-28 19:23:41 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
6a84523671 Make fuzzer stub main() quiet by default. 
LLVM LibFuzzer displays the input and running time by default but
we don't care about that for the stub fuzzer library.
 2022-02-28 13:33:54 -07:00
Todd C. Miller
f35bbd5a3f Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. 
It is easier to maintain these tests in script form.  The output
now more closely matches that of the other tests.  The harness
script can be invoked directly and supports running specific tests.
 2022-02-28 11:29:38 -07:00
Todd C. Miller
e7b7c902db Updated translations from translationproject.org 2022-02-27 09:03:54 -07:00
Todd C. Miller
e703feeae2 sudo_regex_compile_v1 stub: set errstr on error 2022-02-25 14:07:22 -07:00
Todd C. Miller
590c4cf62f fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). 
We want to fuzz our parser, not the libc regular expression code.
 2022-02-25 10:13:34 -07:00
Todd C. Miller
e5bbd33834 testsudoers/test18: don't rely on /usr/bin/w being present 
Fixes a test failure on Alpine Linux.
 2022-02-25 09:46:26 -07:00
Todd C. Miller
42f735c8dd Add configure check for gzclearerr() when using system zlib. 2022-02-24 19:13:53 -07:00
Todd C. Miller
68bc030c0c Fix PVS-Studio platform check for macOS. 2022-02-24 08:15:01 -07:00
Todd C. Miller
22a01410bd sudo_ldap_parse_options: fix memory leak of sudoRole cn string. 
Coverity CID 249976
 2022-02-24 07:56:38 -07:00
Todd C. Miller
f793042bec command_allowed: plug memory leak on strdup() failure. 
Coverity CID 249972
 2022-02-24 07:49:30 -07:00
Todd C. Miller
b1fd1ec0fc display_lecture: just return if callback is NULL 2022-02-23 21:09:33 -07:00
Todd C. Miller
330b4e821b For alert messages it is possible for evlog to be NULL. 
Coverity CID 238641
 2022-02-23 20:55:46 -07:00
Todd C. Miller
8290a1e57a iolog_seekto: initialize struct timing_closure before using. 
Coverity CID 249977
 2022-02-23 20:47:18 -07:00
Todd C. Miller
2315c0b3bb iolog_rewrite: initialize struct timing_closure before using. 
Coverity CID 249971
 2022-02-23 20:17:58 -07:00
Todd C. Miller
79d8500347 Allow ARCH_FLAGS to be overridden and handle macOS 12. 2022-02-23 20:04:21 -07:00
Todd C. Miller
9f427b0172 Prefer if [ ... ]; then over if test ...; then. 2022-02-23 20:03:33 -07:00
Todd C. Miller
77164836f1 Do not build with -Werror on macOS. 
Some macOS warnings are bogus, for instance it has an incorrect
getgrouplist(3) definition.
 2022-02-23 10:21:52 -07:00
Todd C. Miller
cf84511273 Build and test macos with circleci. 2022-02-23 10:10:39 -07:00
Todd C. Miller
c7fb513594 Mention lecture behavior change. 2022-02-22 17:02:40 -07:00
Todd C. Miller
eaf76278ec Fix compilation on systems without a real openat(2). 2022-02-22 14:13:15 -07:00
Todd C. Miller
b0fa769504 Better warning message when the digest in sudoers is the wrong length. 2022-02-22 12:15:34 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
2911c31dd7 Display the lecture immediately before prompting for a password. 
This means we no longer display the lecture unless the user is going
to enter a password.  Authentication methods that don't interact
with the user via the terminal don't trigger the lecture.
 2022-02-21 19:34:06 -07:00
Todd C. Miller
9757d29a24 Add back warning when a user is not allowed to run a command. 
Previously, the warning was displayed when a user was not in the
sudoers file, or was present but not listed for the local host.
The new behavior is to display the warning if a command is denied
and mail is sent to the administrator.  Whether or not mail is sent
is controlled by the "mail_*" flags in sudoers.  The warning text
is now "This incident has been reported to the administrator." which
is hopefully less confusing.  The message will not be printed if
either the "mailto" or "mailerpath" sudoers settings are disabled.
 2022-02-21 14:03:05 -07:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
98ac09de38 Don't try to send mail if mailto not set or the mailer is not present. 2022-02-20 19:11:33 -07:00
Todd C. Miller
81d63244e9 Remove obsolete TODO file. 2022-02-21 13:22:07 -07:00
Todd C. Miller
bde48fb4c5 Updated translations from translationproject.org 2022-02-18 09:45:52 -07:00
Todd C. Miller
cadfbfedb9 Add tests for iolog filtering. 
This is the functionality used by the log_passwords and passprompt_regex
options.
 2022-02-18 09:40:40 -07:00
Todd C. Miller
b19bd98531 iolog_pwfilt_run: apply regex on ttyout even if we disabled filtering. 
The heuristic used to decide when to disable filtering is when we
see another ttyout buffer or find a cr or nl in the ttyin buffer.
However, we should also check the buffer that caused us to disable
filtering for a matching regex that would re-enable filtering.
Programs that prompt for a password twice might otherwise not have
the second password filtered.
 2022-02-18 09:14:35 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
c4fc9b695b Mention regular expressions and "sudo -l -U user" behavior change. 2022-02-16 11:01:59 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00