isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,240 Commits 1 Branch 0 Tags
c70da6dcdfad1b5512f6350e57365e98dea19d55
Commit Graph

8240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c70da6dcdf In dispatch_signal() for stopped processes check for tcgetpgrp() 
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.
 2016-05-04 14:13:44 -06:00
Todd C. Miller
2cd22f2906 In relabel_tty() always jump to bad: on error, regardless of the 
value of se_state.enforcing.  On error, return -1 if enforcing,
else 0.  Coverity CID 104099.
 2016-05-04 13:48:44 -06:00
Todd C. Miller
b20b411e71 Define NO_LEAKS when sudo is built with Coverity. 2016-05-04 13:01:57 -06:00
Todd C. Miller
4ce39df38f In io_callback() if we write the complete buffer and find that there 
is no associated reader just return as there is nothing else to be
done.  In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand.  Coverity CID 104124.
 2016-05-04 12:53:20 -06:00
Todd C. Miller
6ea903623b Handle read() returning -1 when creating temporary files. 
Coverity CID 104100
 2016-05-04 12:48:17 -06:00
Todd C. Miller
20ff6023aa Fix cut and paste error when checking cols for 0. 
Coverity CID 104081
 2016-05-04 11:15:20 -06:00
Todd C. Miller
2152f053b1 Use a single debug message for cache hit or store to avoid another 
situation where they get out of sync.  Bug #743
 2016-05-04 09:15:12 -06:00
Todd C. Miller
a152afaeb5 Sync the "cache hit" debug messages with the "cached" debug messages. 
This fixes a bug where we could dereference a NULL pointer when we
look up a negative cached entry which is stored as a NULL passwd
or group struct pointer.  Bug #743.
 2016-05-04 08:55:21 -06:00
Todd C. Miller
9d5c6fbd64 Remove the check for __sprintf_chk when checking for _FORTIFY_SOURCE, 
Some implementations are purely header-file based.  As long as we
can link a test program using sprintf() when _FORTIFY_SOURCE=2 it
should be safe to use.
 2016-04-28 15:27:53 -06:00
Todd C. Miller
e0f12d81a7 Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t 
and ssize_t.  These have been specified by either ANSI C or POSIX
for long enough that if the system doesn't support them, it is
unlikely to be able to compile sudo anyway.
 2016-04-28 15:09:46 -06:00
Todd C. Miller
f88da1c1a0 Do group setup in policy_init_session() before calling out to the 
plugin.  This makes it possible for the pam_group module to change
the group in pam_setcred().  It's a bit bogus since pam_setcred()
is documented as not changing the group or user ID, but pam_group
is shipped with stock Linux-PAM so we need to support it.
 2016-04-28 11:01:58 -06:00
Todd C. Miller
57b1dc5e1d Add missing newline when logging to a file (not syslog) and 
loglinelen is set to a non-positive number.  Bug #742
 2016-04-26 14:39:42 -06:00
Todd C. Miller
3e9702580e style fix; fork_cmnd should start on a new line 2016-04-25 09:58:32 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
70cf5674b5 Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE 
from flask.h.  Avoids a warning with new SELinux includes.
 2016-04-22 11:36:08 -06:00
Todd C. Miller
6717c32022 When determining whether or not "sudo -l" or "sudo -b" should prompt 
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.
 2016-04-19 10:08:51 -06:00
Todd C. Miller
b2d1c457ce If the auth_type setting in /etc/security/login.cfg is set to 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
 2016-03-22 16:31:28 -06:00
Todd C. Miller
7cd6d4ec79 The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). 2016-03-17 10:46:23 -06:00
Todd C. Miller
c5cafb4331 hook_version and hook_type are unsigned so use 0, not -1 in the 
final (empty) entry.  Quiets a warning on Solaris Studio 12.2.
 2016-03-16 10:53:43 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
9353672608 sync with translationproject.org 2016-03-08 10:04:46 -07:00
Todd C. Miller
f5b8ad480e Bug #738 2016-02-27 16:56:56 -07:00
Todd C. Miller
514c62fc24 sync with translationproject.org 2016-02-26 14:39:00 -07:00
Todd C. Miller
70f2f4eee9 Better test for negated character classes. 2016-02-26 11:24:25 -07:00
Todd C. Miller
f222a20b13 Add test for negated character class 2016-02-26 11:14:50 -07:00
Todd C. Miller
159aa2ba6c sync with translationproject.org 2016-02-26 11:02:29 -07:00
Todd C. Miller
d1a3da4175 sync 2016-02-26 10:58:52 -07:00
Todd C. Miller
547a9b7d9c Fix negation of character classes. 2016-02-26 10:52:55 -07:00
Todd C. Miller
95dd64ea75 Fix the check for whether a user is allowed to lists another user's 
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738
 2016-02-26 09:32:08 -07:00
Todd C. Miller
5dd7ac20e1 Log the number of PAM messages in the conversation function at debug 
level.
 2016-02-26 09:30:31 -07:00
Todd C. Miller
4b079ee7e6 Don't check for posix_spawn() or posix_spawnp() if we were unable 
to find spawn.h.  This should only be a problem on systems with
broken headers.  Bug #730
 2016-02-24 16:00:08 -07:00
Todd C. Miller
1d796d629f update for 1.8.16 2016-02-22 17:03:42 -07:00
Todd C. Miller
99978e4a70 Fix documented bug with duplicate role names and turn on perl warnings. 
Based on a diff from Aaron Peschel
 2016-02-22 11:07:33 -07:00
Todd C. Miller
47adf0d3cb Add declaration of getauthdb() for AIX 5.1 2016-02-20 16:42:34 -07:00
Todd C. Miller
6848a7f1a6 regen 2016-02-19 15:50:38 -07:00
Todd C. Miller
fafbc9a55a sync with translationproject.org 2016-02-19 15:48:39 -07:00
Todd C. Miller
8509229eb1 Add a note that --with-solaris-audit is only for Solaris 11 and 
above.  Bug #737
 2016-02-19 13:37:43 -07:00
Todd C. Miller
4f7b0b1159 Remove last remnants of the deprecated --with-stow option. 2016-02-18 16:18:30 -07:00
Todd C. Miller
42548a1b01 src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be overridden 
via the Makefile like other consumers of _PATH_SUDO_CONF.  Bug #735
 2016-02-18 16:13:51 -07:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
9b19ea440c Fedora dropped "core" from the name some time ago so just match on 
f[0-9] for the rpm distro name provided by pp.  Since the version
numbers of Fedora and RHEL are so different switch to defining
variables to indicate which features should be enabled.  Works for
Fedora 23.
 2016-02-01 11:07:10 -07:00
Todd C. Miller
25abb72184 Treat fedora core like centos/rhel for package building. 2016-01-31 07:36:44 -07:00
Todd C. Miller
73163c750a Plug some memory leaks in the tests. 2016-01-29 11:34:09 -07:00
Todd C. Miller
2224cfd000 If realloc of sudoerslval.command.args fails, reset sudoerslval.command.args 
as well as arg_len and arg_size after freeing sudoerslval.command.args.
 2016-01-29 11:10:36 -07:00
Todd C. Miller
a7e5ae1e5b When freeing the iobs after pty tear-down, also free the associated 
event structures.  Quiets a memory leak warnings from address
sanitizer and valgrind.
 2016-01-29 10:31:54 -07:00
Todd C. Miller
5cbe1edcfe iolog_compress should be bool, not int 2016-01-28 15:36:15 -07:00
Todd C. Miller
3bebdfea79 Quiet address sanitizer leak detector. 2016-01-28 15:07:54 -07:00
Todd C. Miller
21d6fc3d8f Simple garbage collection (really a to-be-freed list) for the sudoers 
plugin.  Almost identical to what sudo.c uses.  Currenly only the
environment strings are collected at exit time which is enough to
quiet address sanitizer's leak detector.
 2016-01-28 14:53:48 -07:00
Todd C. Miller
7b2fbed45d Rename gc_cleanup to gc_run and remove I/O plugins from the plugin 
list when freeing them.
 2016-01-28 14:48:11 -07:00
Todd C. Miller
23aeb0b5ec Free up the garbage via an atexit() handler instead of requiring 
a call to gc_exit.
 2016-01-28 11:01:42 -07:00