isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,711 Commits 1 Branch 0 Tags
c702957879e42f0d1067003b6043c80a6a3ea020
Commit Graph

119 Commits

Author SHA1 Message Date
Todd C. Miller
14c71eaa86 Add clean rules to .PHONY target. 2021-02-19 08:54:04 -07:00
Todd C. Miller
9f1e016cde Add install-fuzz Makefile target to install the fuzzers and seed corpus. 
The FUZZ_DESTDIR make variable needs to be set in the environment
or on the command line.
 2021-02-18 19:38:54 -07:00
Todd C. Miller
de2a47f273 Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets. 2021-02-15 13:17:46 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
bca213959b Remove Py_SSIZE2SIZE to quiet cppcheck warnings. 
Tuple size cannot be negative and we already handle the case where
it is zero.
 2021-01-26 11:33:06 -07:00
Todd C. Miller
4603da02af Add a comment to verify_import() to clarify its purpose. 2021-01-06 19:16:26 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
bdf5530014 Set pp_ignore_define_body=false in uncrustify config. 
Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/uncrustify/issues/2569
 2020-11-23 10:47:47 -07:00
Todd C. Miller
d688f4d34e Back out regex use in python tests, filter the output instead. 
This makes it possible to regenerate the test output again.
Also adds an update_test_data target to the Makefile.
 2020-11-11 19:04:01 -07:00
Todd C. Miller
fe9e65754c Add event_alloc to the audit plugin API. 
The sudoers audit plugin will use this to communicate with sudo_logsrvd.
 2020-11-02 15:28:21 -07:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
c4a579cf8a Pass resource limits values to the plugin in user_info[] 
Sudo resets the resource limits early in its execution so
the plugin cannot tell what the original limits were itself.
 2020-08-31 16:37:01 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
38e28dcbf5 Rename python_plugin.exp.in -> python_plugin.exp 
There is nothing dynamic in this file.
 2020-08-03 10:15:28 -06:00
Todd C. Miller
3b4d4ab8dd Add missing python_plugin.exp.in file and remove unneeded __dso_public 
This fixes building the python plugin on systems where the compiler
doesn't support symbol hiding (but wherethe linker does).
 2020-08-03 09:53:12 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
3e12b99eed Check asprintf() return value. 2020-06-06 19:13:21 -06:00
Todd C. Miller
f0dc48548c Add support for "accept" audit events sent by the sudo front-end. 
With this change, the sudo front-end will send an "accept" audit
event to the audit plugins after all the I/O logging plugins have
been initialized.  This can be used by an audit plugin that does
not care about the result of the individual policy and approval
plugins and only wants to receive a single "accept" event if all
policy and approval plugins have succeeded.  The plugin_type argument
for events sent by the front-end is SUDO_FRONT_END (0).
 2020-06-02 09:07:44 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
26b599a5b1 Add missing sys/wait.h include; fixes a compilation problem on musl libc. 2020-05-15 19:08:16 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
75b9a26a37 If the signal.Signals enum is not present, search the dictionary. 
The Signals enum was added in Python 3.5.  If it is not present we
need to iterate over the dictionary items, looking for signal name
to number mappings.  Fixes the signal tests with Python 3.4.
 2020-04-09 10:49:59 -06:00
Todd C. Miller
57cef10ce9 Python dictionaries are sparse so we cannot use pos as an index. 
When converting sudo options from a dictionary to a tuple we need
to track the current index into the tuple separately from the
position of the dictionary entry.
 2020-04-09 08:34:29 -06:00
Todd C. Miller
6a2b5fd82f Handle dependencies for .h files in the same directory as the source. 
Fixes missing header dependencies for the sudoers and python plugins.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
cd74b83c21 Make most python tests pass with Python 3.4 
Dictionary order is not stable in Python < 3.6 so we need to sort
by key to have consistent results.
The LogHandler output is also different on older Python versions.
Also, don't stop running python tests after the first error.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
fa5025a569 Use regex to match __init__.py instead of hacking it in verify_log_lines() 2020-04-07 14:03:58 -06:00
Todd C. Miller
a77ef93f8a Use regular expressions when matching expected and actual text. 2020-04-07 14:03:58 -06:00
Todd C. Miller
8a2c0d784f Sort the list of possible plugins before printing it. 
This gives more reproducible error messages for the tests.
 2020-04-07 14:03:58 -06:00
Todd C. Miller
02a117f336 Avoid using typing annotations so tests run with Python 3.4. 2020-04-07 14:03:58 -06:00
Todd C. Miller
93f5e1be36 Fall back to using Py_Finalize() for Python version < 3.6 2020-04-06 07:05:20 -06:00
Todd C. Miller
a23048bbb2 Avoid using sprintf(), vsprintf(), strcat(), and strncat(). 
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
 2020-03-11 19:46:07 -06:00
Todd C. Miller
ec78f06890 Don't hard-code path to logging/__init__.py or line numbers. 
Allows python plugin tests to success on versions other than 3.7.
 2020-03-11 17:18:10 -06:00
Robert Manner
6c9515496d plugins/python/regress: add a test and example of using the python logger 2020-02-28 05:46:54 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Todd C. Miller
de9a143a3e Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ 2020-02-27 14:10:53 -07:00
Robert Manner
9cc46f115d plugins/python/regress: update tests for show_version changes 
- plugin->show_version is not marked NULL any more.
- if verbose, it also displays which python class was loaded from which file
 2020-02-26 13:15:52 -07:00
Robert Manner
f387cdf53f plugins/python: make show_version display the plugin in verbose mode 
Before it only displayed the plugin version, now it also displays
which python plugin is loaded to be more useful.
 2020-02-26 13:15:52 -07:00
Robert Manner
38fc37b214 plugins/python/approval: fix show_version crash when it is not implemented 
For approval plugins show_version is not optional.
 2020-02-26 13:15:52 -07:00
Todd C. Miller
4d1454ebab Add missing check for calloc(3) failure. 2020-02-20 11:31:27 -07:00
Robert Manner
06b1f58e9f plugins/python/sudo_python_module.c: remove unused declaration 
We do not use structsequence any more.
 2020-02-19 11:48:16 -07:00
Robert Manner
3be61db35c plugins/python: restore the original python inittab after interpreter deinit 2020-02-19 11:48:16 -07:00
Robert Manner
27de7dd24d plugins/python: only deinit interpreters when sudo unlinks the plugin 
This only happens when sudo unloads the last python plugin.
The reason doing so is because there are some python modules which
does not support importing them again after destroying the interpreter
which has imported them previously.

Another solution would be to just leak the interpreters (let the kernel
free up), but then there might be some python resources like open files
would not get cleaned up correctly if the plugin is badly written.

Tests are meant to test the scenario sudo does, so I have modified them
to generally do not unlink but only a few times (~per plugin type) so it
does not use 48 interpreters (one gets started on every plugin->open) and
it is visible at least which type of plugin fails deinit if there is an
error.
 2020-02-19 11:48:16 -07:00
Robert Manner
8a9218d161 plugins/python/debug: adapt debug refcount solution of sudoers plugin 2020-02-19 11:48:16 -07:00