isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,258 Commits 1 Branch 0 Tags
c5f64b7416cab00b8d3974d4d10acea3cbf1454c
Commit Graph

9258 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c5f64b7416 sync 2018-08-08 09:02:37 -06:00
Todd C. Miller
418bf793f7 Fix the return value of sudoers_io_change_winsize() on success. 
Otherwise, we only log a single window size change.
 2018-08-11 21:29:43 -06:00
Todd C. Miller
d026469289 sync with translationproject.org 2018-08-11 19:57:14 -06:00
Todd C. Miller
0484e3d6a9 Fix ambiguity when talking about Aliases. We can't use User_Alias 
in the grammar as both the definition of the Alias as well as its
name.  This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
between the name of the alias and its definition.  Bug #834
 2018-08-07 10:03:05 -06:00
Todd C. Miller
9722b304b6 regen 2018-08-07 09:58:57 -06:00
Todd C. Miller
78190bb9cb Warn if unable to run xgettext or msgfmt. 2018-08-07 06:10:21 -06:00
Todd C. Miller
0053b07ed3 sync with translationproject.org 2018-08-06 13:14:43 -06:00
Todd C. Miller
1e5af35564 Refactor code to convert defaults to tags and do conversion on 
output for "sudo -l".

Remove the short_list (was long_list) global in favor of a verbose
argument.
 2018-08-05 07:17:34 -06:00
Todd C. Miller
413b53cda3 Assign short_list true, not 1 now that it is a boolean. 2018-08-04 20:02:00 -06:00
Todd C. Miller
db387a53a6 fix typo 2018-08-04 07:38:47 -06:00
Todd C. Miller
9cc09e4372 Fix a warning on FreeBSD which has a fancier __containerof implementation. 2018-08-03 11:45:01 -06:00
Todd C. Miller
6a692fec31 sync with translationproject.org 2018-08-03 10:14:58 -06:00
Todd C. Miller
f4a5d2b3e2 Regen with aclocal 1.15.1. 2018-08-02 15:32:28 -06:00
Todd C. Miller
608574a219 For ldap/sssd, include defaults in the generate privilege unless 
we are listing in short mode (in which case we convert them to tags
if possible).  Fixes a problem where sudoOptions were not being
applied to the command.
 2018-08-02 14:45:00 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
34655148e0 regen 2018-07-31 07:14:26 -06:00
Todd C. Miller
3b57230851 Update 2018-07-30 10:57:55 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
86413f95ec Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. 
For BSD/Linux, getgrouplist(3) will tell us the number of groups if
we don't have enough.  For AIX, we can count the entries in the
group set before allocating the group vector.
 2018-07-26 15:12:26 -06:00
Todd C. Miller
394524fd5d Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from 
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843
 2018-07-26 12:31:29 -06:00
Todd C. Miller
dc1e0e7168 Work around a bug on AIX where closing the pty slave causes the 
main sudo process to lose its controlling tty (which was *not* the
pty slave).
 2018-07-23 11:37:26 -06:00
Todd C. Miller
5d31be96a7 Add missing aix_restoreauthdb() call to match the aix_setauthdb() 
added in b8a011be9af7.  Fixes issues on AIX where local users/groups
may not be resolved when some NIS/AD/LDAP is used for users.
 2018-07-23 10:36:08 -06:00
Todd C. Miller
e7daff062f Linux getgrouplist(3) returns the number of groups on success instead 
of 0 like BSD.
 2018-07-23 07:23:17 -06:00
Todd C. Miller
36e21a216f When both a .o and .lo file was used in a Makefile, we used to make 
the .o depend on the .lo.  Unfortunately, this creates a race
condition for parallel make since libtool is not atomic (it creates
a .o and then renames it when building PIC objects for shared libs).

We always link with libtool so the only reason to prefer the .o
over the .lo file is to avoid mixing .o and .lo in the dependencies.
That's not a good enough reason so change mkdep.pl to warn when
both a .o and .lo are referenced in a Makefile and do nothing else.

Bug #842
 2018-07-20 10:17:51 -06:00
Todd C. Miller
2270b1e89f Avoid duplicate free when netgroup_base is invalid. 2018-07-15 07:46:34 -06:00
Todd C. Miller
33f96a0347 Use madvise(2) with MADV_WIPEONFORK if available. 2018-07-03 13:58:49 -06:00
Todd C. Miller
4b54799ddb sync with translationproject.org 2018-07-01 12:00:35 -06:00
Todd C. Miller
c84c32d9e6 Update. 2018-07-01 11:58:58 -06:00
Todd C. Miller
4859b78797 sync with schema.OpenLDAP 2018-06-25 13:20:34 -06:00
Todd C. Miller
433a74d1dc RFC 2849 specifies whitespace as the space character only so replace 
tabs with spaces. Bug #840
 2018-06-25 13:20:04 -06:00
Todd C. Miller
dd33661066 Fix typo; bug #839 2018-06-25 12:51:41 -06:00
Todd C. Miller
e1ecc7142c Should no longer need to set max_groups. 2018-06-16 11:32:14 -06:00
Todd C. Miller
c57ca74405 Use new sudo_getgrouplist2() function instead of getgrouplist(). 2018-06-15 14:05:14 -06:00
Todd C. Miller
0ae9662833 Add sudo_getgrouplist2() to dynamically allocate the group vector. 
This allows us to avoid repeatedly calling getgrouplist() with
a statically sized vector on macOS, Solaris, HP-UX, and AIX.
 2018-06-15 14:05:13 -06:00
Todd C. Miller
1385613797 Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID 186605. 2018-06-15 13:31:58 -06:00
Todd C. Miller
b67915c6e4 Fix some issues pointed out by mandoc -Tlint 2018-06-13 11:19:35 -06:00
Todd C. Miller
6eadaddc99 Add SUDO_CONV_PREFER_TTY flag for conversation function to tell 
sudo to try writing to /dev/tty first.  Can be used in conjunction
with SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
 2018-06-13 11:19:33 -06:00
Todd C. Miller
89c83f0321 Update for arc4random.c, arc4random_uniform.c and getentropy.c 2018-06-08 06:32:02 -06:00
Todd C. Miller
8b63ec654a FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell 
process.  Since we've prevented execve() from succeeding this is
the error we get back from wordexp() on FreeBSD.
 2018-06-05 15:37:16 -06:00
Todd C. Miller
ec2dae8104 Fix conversion of usec to nsec; from Scott Cheloha 2018-06-04 20:00:41 -06:00
Todd C. Miller
dafb5f523a Fix typo. 2018-06-01 21:15:57 -06:00
Todd C. Miller
919b567229 The getdefs() function now get called multiple times so use the 
cached data if present.
 2018-05-29 10:53:47 -06:00
Todd C. Miller
899aedfd10 Return an empty defaults list, not NULL if there is no global sudoers 
defaults entry in sss.
 2018-05-29 10:24:57 -06:00
Todd C. Miller
1202beafba Fix memory leak of handle pointer on close. 2018-05-29 10:10:20 -06:00
Todd C. Miller
c990d93a4e Remove a needless copy when parsing options. 2018-05-29 09:39:42 -06:00
Todd C. Miller
0b31f186cd Move cached userspecs and defaults into the handle object. 2018-05-29 09:39:40 -06:00
Todd C. Miller
1ad2290a27 Quiet a clang analyzer warning. It should not be possible for 
pop_include() to be called when YY_CURRENT_BUFFER is NULL.
 2018-05-28 08:30:57 -06:00
Todd C. Miller
e401f92830 Reorder things to avoid the need to declare static functions. 2018-05-28 07:35:51 -06:00
Todd C. Miller
43003d29d8 Use arc4random for mkstemp() and insults. 2018-05-24 21:04:23 -06:00
Todd C. Miller
ddd663a5f2 Import arc4random() from libressl. This takes an all-in-one approach 
instead of the one-file-per-OS approach that libressl takes.
The fallback code does not have as many OS-specific bits as libressl.
 2018-05-24 21:04:23 -06:00