isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

11831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
7b5f0dfaf7 Use a 4n indent for code blocks instead of the default 6n. 2022-02-10 13:05:34 -07:00
Todd C. Miller
4e3a48f2d1 testsudoers: disable argument permutation in GNU getopt 
This makes it easier to test commands with arguments.
 2022-02-10 10:36:03 -07:00
Todd C. Miller
b6a2fcf59f iolog_pwfilt_run: fix types in error return 2022-02-10 09:43:33 -07:00
Todd C. Miller
c5027c796c Free potential leaks of passprompt_regex_handle. 
Coverity CID 249057
 2022-02-10 09:08:31 -07:00
Todd C. Miller
8dc2dc8bbc Merge pull request #133 from Dzejrou/main 
Do not unset user timeout when no default timeout is set.
 2022-02-09 10:09:05 -07:00
Jaroslav Jindrak
1f3815c4fb Do not unset user timeout when no default timeout is set. 2022-02-09 17:37:26 +01:00
Todd C. Miller
10ad934b77 Don't escape double quotes (") in a command when printing it. 
Previously, cvtsudoers and "sudo -l" would escape double quotes in
a command or command line argument, which is not valid sudoers syntax.
 2022-02-08 15:44:18 -07:00
Todd C. Miller
8adad85b4b A few minor (mostly cosmetic) fixes. 
Add missing ALL to Runas_Member and Host.
Replace some tabs with spaces.
Fix the syntax of a sudoedit example.
 2022-02-08 11:26:55 -07:00
Todd C. Miller
53d3e20099 Merge pull request #132 from ninedotnine/patch-1 
Sync example sudoers with default sudoers
 2022-02-04 12:33:50 -07:00
dan soucy
8130dc9cb7 Sync example sudoers with default sudoers 
`sudoers.in` was changed by 1d13533
 2022-02-04 19:29:34 +00:00
Todd C. Miller
c5133d84eb Upgrade http links to https where possible and fix some broken links. 2022-02-04 08:31:03 -07:00
Todd C. Miller
6aa320c96a Remove "This incident will be reported." from user warnings. 
This used to indicate that email had been sent to the administrator
telling them that someone tried to run sudo.  Whether or not sudo
sends email is now configurable, so the warning may not be accurate.
It is also confusing to the user since they will not know who the
incident is being reported to.  See also https://xkcd.com/838/
 2022-02-03 19:47:44 -07:00
Todd C. Miller
4d0aeea688 Log fn_get_values() return code in the debug log on error. 
Also move a nested switch() statement out of 'case 0' for
improved readability.
 2022-02-03 12:31:56 -07:00
Todd C. Miller
de0f4398e2 Do not return an error if we cannot connect to the SSSD connector. 
This may simply mean that nsswitch.conf lists sss as a sudoers
source but SSSD is not configured for sudo.  Otherwise, the user
will receive a useless "problem with defaults entries" when the
sssd backend tries to fetch the global defaults.  Bug #1022.
 2022-02-03 11:31:05 -07:00
Todd C. Miller
c236d58b5a Set client_closure to NULL after freeing it. 2022-02-03 10:55:45 -07:00
Todd C. Miller
3f1bb7bc97 client_closure_alloc: init write_bufs/free_bufs before other allocations. 
We must initialize the tail queues before any possible call to
client_closure_free(), such as due to malloc() failure.
 2022-02-03 10:40:03 -07:00
Todd C. Miller
c4e67624e3 Add missing default return in last commit. 2022-02-03 10:24:10 -07:00
Todd C. Miller
d18ee79354 sudo_logsrvd: make sure journal exists before writing the alert message. 
Fixes a potential NULL dereference when journaling an alert message.
 2022-02-03 10:19:40 -07:00
Todd C. Miller
2e957cd43d Fix compilation on Debian kFreeBSD. 
The configure script correctly detects that utimensat() and futimens()
are missing but the headers define stub versions of the functions.
Including sys/stat.h pulls in the system definitions  so we can override
them safely.  Bug #1021.
 2022-02-03 09:33:30 -07:00
Todd C. Miller
a299406291 Add fallback if /proc/self/stat or /proc/pid/psinfo is missing or invalid. 
If the /proc file indicates no terminal is present there is no fallback.
Bug #1020
 2022-02-02 08:32:44 -07:00
Todd C. Miller
85fef8b50f Add sudoers option to perform authentication even in non-interative mode. 
If noninteractive_auth is set, authentication methods that do not
require input from the user's terminal may proceed.  It is off by
default, which restores the pre-1.9.9 behavior of "sudo -n".
 2022-02-01 20:08:26 -07:00
Todd C. Miller
6564f1ae4c Work around a glibc regcomp() bug with repeated '+' operators. 
Glibc regcomp() has a bug where it uses excessive memory for repeated
'+' ops.  Collapse them to avoid running the fuzzer out of memory.
 2022-02-01 13:12:19 -07:00
Todd C. Miller
ac555d454f Rebase seed corpus on updated sudo_logsrvd.conf example. 2022-02-01 13:10:05 -07:00
Todd C. Miller
ad719d06be Fix parsing of "retry_interval" in the relay section. 
The setting was present but the callback was missing so it could
not be parsed in the conf file.
 2022-02-01 13:08:40 -07:00
Todd C. Miller
2df2276d56 Use TIME_T_MAX as the upper limit when parsing timeouts. 2022-02-01 13:07:27 -07:00
Todd C. Miller
46ca288216 converse: don't set response pointer on error 
Linux pam_conv(3) says not to set the pointer on PAM_CONV_ERR.
 2022-02-01 10:57:40 -07:00
Todd C. Miller
3c84aef902 Add missing sudoers4 test file for new cvtsudoers test. 2022-01-31 19:28:06 -07:00
Todd C. Miller
960bf99656 defaults_check_conflict: it is only really a conflict if the binding match 
If the Defaults name matched but the binding does not, we can simply
leave it be.  Fixes a problem where given two sudoers sources that
have a host specified, if they contain conflicting Defaults entries
we would drop one of the Defaults instead of keeping both after
making them host-specific.
 2022-01-31 19:18:04 -07:00
Todd C. Miller
8f4351a897 Make it possible to merge a host-based Defaults with a global one. 
We convert the global Defaults to a host-based one with a single
"ALL" member.  Later, when we simplify the host list, we'll convert
this back to a global Defaults.
 2022-01-31 19:18:03 -07:00
Todd C. Miller
be4d62e9a4 Check for garbage after [section] in sudo_logsrvd.conf. 2022-01-29 10:50:03 -07:00
Todd C. Miller
9303aec0de Sync fuzzing dictionary with current configuration keyword list. 2022-01-29 10:30:37 -07:00
Todd C. Miller
5ea0bf4ee2 Escape/unescape commas when serializing/deserializing a stringlist. 2022-01-28 08:52:42 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
c58a080dd5 Add a flag to avoid splitting list entries on white space. 2022-01-28 08:52:41 -07:00
Todd C. Miller
0efe280037 Add a new sudoers settings log_passwords and passprompt_regex. 
When logging terminal input, if log_passwords is disabled and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
946404434e lib/iolog: add support for filtering password out of tty input 
If a password regex is found in the tty output, tty input will be
replaced with '*' chars until a newline or another tty output
character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
86f123cd9d Pass the operator to the Defaults callback too. 
That way we can tell what to do in callbacks for lists.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
be45d8fef4 "plain text" -> "plaintext" for consistency. 2022-01-27 12:43:19 -07:00
Todd C. Miller
cc5eb2bc4d Updated translations from translationproject.org 2022-01-25 16:02:17 -07:00
Todd C. Miller
f4dd590498 Sync with autoconf git. 2022-01-25 13:06:11 -07:00
Todd C. Miller
ada7d43825 Fix potential infinite loop when trying to format long lines. 2022-01-25 12:10:36 -07:00
Todd C. Miller
5f45fd907b Document how commands are passed to the shell for the -i and -s options. 
The concatenation of command and arguments and escaping of special
characters was not documented.
Text adapted from GitHub issue #121 from Kris Rinzwind
 2022-01-20 14:05:00 -07:00
Todd C. Miller
805e1b9470 Also mention no_new_privs error in the troubleshooting guide. 2022-01-20 10:26:01 -07:00
Todd C. Miller
e4ee1a8502 Replace uid and gid with user-ID and group-ID in more places. 2022-01-20 10:08:34 -07:00
Todd C. Miller
bdae9843ab PAM is enabled on NetBSD by default too. 2022-01-19 19:04:42 -07:00
Todd C. Miller
9d79a0767c Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 19:03:12 -07:00
Todd C. Miller
78e74c605e Document the error message when no_new_privs is set. 2022-01-19 18:53:03 -07:00
Todd C. Miller
17b7ac3460 Sudo now recovers from sudoers syntax errors. 2022-01-19 18:42:09 -07:00
Todd C. Miller
0d0e7de454 Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 18:41:23 -07:00
Todd C. Miller
144e578324 Mention docker configuration. 2022-01-19 13:18:38 -07:00