isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,843 Commits 1 Branch 0 Tags
c9f26ebbb4739d7db2a4fcdb3e69ac1ec2a0353c
Commit Graph

9843 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2102800824 Fix format string mismatch, sudo_order is unsigned. 2018-05-16 10:15:15 -06:00
Todd C. Miller
b31656b7f1 Add cppcheck annotation to suppress memory leak false positive. 2018-05-16 10:14:39 -06:00
Todd C. Miller
3ca0882d14 Sudo "ALL" implies the SETENV tag. 2018-05-16 10:01:52 -06:00
Todd C. Miller
cf9c0102d4 Only set MODE_PRESERVE_ENV when preserving the entire environment. 
Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
used in conjunction with --preserve-env=VARIABLE.  Bug #835
 2018-05-16 09:10:43 -06:00
Todd C. Miller
f38317269d Add free_userspecs() and free_default() and use them instead of 
looping over the lists and calling free_userspec() and free_default().
 2018-05-15 16:35:07 -06:00
Todd C. Miller
3a4c0e06c1 Depending on the bos level, AIX 6.1 may or may not include 
getline/getdelim and AIX 7.1 may or may not include memset_s.
Since we need to build packages that will work on all AIX 6.1 and
7.1 machines, use our getline() and memset_s emulation.
 2018-05-15 09:53:46 -06:00
Todd C. Miller
93eec5fb9f Do not leak struct sudo_command when the command is ALL. 
Coverity CID 185602.
 2018-05-14 13:47:00 -06:00
Todd C. Miller
808ec34ab4 Sudo 1.8.24 2018-05-14 13:04:14 -06:00
Todd C. Miller
9f36ae62f0 Improve comments about why we need to do a user check and how it 
related to netgroups.
 2018-05-14 10:43:51 -06:00
Todd C. Miller
d052f8a68b Add checks for ldap/sss functions failing due to memory allocation 
errors.
 2018-05-14 09:05:05 -06:00
Todd C. Miller
904f37e03f Let the main sudoers lookup code check the host name. We still 
check the user name so it is possible to use a single userspec
but this may change in the future.
 2018-05-14 09:05:04 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
cc3428398a Parse "ALL" as a command correctly. 2018-05-14 08:35:48 -06:00
Todd C. Miller
4a3aa5f6e6 Add debug warning if lseek() fails (should not be possible). 2018-05-11 07:51:43 -06:00
Todd C. Miller
7b1e78d6df Fix swapped args of lseek() when rewinding. This didn't cause a 
problem because the value of SEEK_SET is 0.
 2018-05-11 07:45:22 -06:00
Todd C. Miller
6e290763ca Fix a format-truncation warning in newer gcc by avoiding using %0x 
and %0X in the test.  We are formatting a single byte so just do
it one nybble at a time.
 2018-05-10 21:17:03 -06:00
Todd C. Miller
3359d7290f Regen with autoconf git commit e17a30e987d7ee695fb4294a82d987ec3dc9b974 
AC_HEADER_MAJOR: port to glibc 2.25
 2018-05-10 20:44:09 -06:00
Todd C. Miller
7a940ce30b No need to explicitly free role on EOF, it will be freed after the 
loop is done.
 2018-05-03 11:06:02 -06:00
Todd C. Miller
29d188f4b4 Garbage collect the command argv, envp and info vectors since they are 
not available at policy close time.
 2018-05-03 10:52:17 -06:00
Todd C. Miller
b0c13e995c Plug memory leaks on parse error or when an LDIF entry doesn't match 
the dn filter.
 2018-05-03 10:51:11 -06:00
Todd C. Miller
620070f493 Rename variables now that the string list functions are not ldap-specific. 2018-05-03 10:49:54 -06:00
Todd C. Miller
1a087cebab Fix typo 2018-04-30 09:56:40 -06:00
Todd C. Miller
82dfbf458d fix version 2018-04-29 13:58:49 -06:00
Todd C. Miller
929396fbce sync 2018-04-29 13:52:28 -06:00
Todd C. Miller
23b2879e08 sync with translationproject.org 2018-04-29 13:33:29 -06:00
Todd C. Miller
a18e811485 O_EXEC for fexecve() not O_SEARCH. 2018-04-25 14:55:55 -06:00
Todd C. Miller
95fb4458d5 Document how to suppress the last login message on Solaris. 2018-04-25 09:56:22 -06:00
Todd C. Miller
f53e5e2bdf Fix compilation error with older Sun Studio compilers. 2018-04-24 16:40:16 -06:00
Todd C. Miller
55869277bd Update Bug #831 decription. 2018-04-24 14:29:58 -06:00
Todd C. Miller
f23d73dfe1 Add Chinese(Taiwan) translation for sudo. 2018-04-24 10:45:30 -06:00
Todd C. Miller
cfdae3a4fd Move the check for /dev/fd/N until *after* the digest has been 
checked.  We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().
 2018-04-24 07:21:08 -06:00
Todd C. Miller
64c78a61cb Rewind the fd after calling sudo_filedigest(). Otherwise, when 
running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N.  This only appears to affect BSD systems with
fdescfs.  Bug #831.
 2018-04-23 20:43:04 -06:00
Todd C. Miller
6e22da3412 In open_cmnd(), return true, not false, if we the /dev/fd/N pathname 
is not present.  We don't want to fail a match because of this.
 2018-04-23 14:42:35 -06:00
Todd C. Miller
3f1ec0c5fd Bug #831. 2018-04-23 11:01:49 -06:00
Todd C. Miller
def2e761e3 We can only use fexecve() on a script if /dev/fd/N exists. 
Some systems, such as FreeBSD, don't have /dev/fd mounted
by default.  Bug #831
 2018-04-23 10:54:51 -06:00
Todd C. Miller
16093ee8d9 sync with translationproject.org 2018-04-22 06:58:53 -06:00
Todd C. Miller
388ef262de sync with translationproject.org 2018-04-21 13:56:36 -06:00
Todd C. Miller
c64e57dad5 Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers 
and LDIF -> sudoers -> LDIF.
 2018-04-21 06:23:02 -06:00
Todd C. Miller
48f74db604 Test the -b option when converting from LDIF. 2018-04-19 09:24:08 -06:00
Todd C. Miller
e1392cd28a Fix the -b option when converting from LDIF. 2018-04-19 09:23:45 -06:00
Todd C. Miller
109160df35 sync with translationproject.org 2018-04-18 21:14:10 -06:00
Todd C. Miller
3dd7d96933 Fix some more typos. 2018-04-18 14:25:11 -06:00
Todd C. Miller
93a8ddca2b mandoc now preserves the copyright notice, no need to do it ourselves 2018-04-18 14:24:51 -06:00
Todd C. Miller
1e26c6043e Describe the special handling of LOGNAME, USER and USERNAME. 
Fix typos reported by aspell.
 2018-04-18 14:14:47 -06:00
Todd C. Miller
8eccfbd7bd Fix a memory leak on the error path. 2018-04-18 10:09:22 -06:00
Todd C. Miller
3194a00e9e Document that the editor setting is also used by sudoedit. 2018-04-18 09:40:48 -06:00
Todd C. Miller
18e06825fb Plug memory leak when an I/O plugin is specified in sudo.conf 
but the I/O plugin is not configured.
 2018-04-17 13:41:44 -06:00
Todd C. Miller
523f0eeeab Monty Python insults from Philip Hudson 2018-04-17 07:10:43 -06:00
Todd C. Miller
f9994f79d7 add examples 2018-04-15 17:06:26 -06:00