isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,424 Commits 1 Branch 0 Tags
caf064e17bbdfa0d3a0149b61c4f427ebb4fee8c
Commit Graph

8424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4d36fbec2f sync with translationproject.org 2016-05-25 08:41:45 -06:00
Todd C. Miller
63dbb74250 Korean translation for sudo and sudoers from translationproject.org. 2016-05-25 08:41:27 -06:00
Todd C. Miller
5e1084c08a Ignore PAM_SESSION_ERR from pam_open_session() since this can 
apparently happen on systems using Solaris-derived PAM.  Other
errors from pam_open_session() are treated as fatal.  This avoids
the "policy plugin failed session initialization" error message
seen on some systems.
 2016-05-25 08:33:57 -06:00
Todd C. Miller
356e74e1db Don't read from stdin when flushing final buffers in blocking mode. 
Reading from the pipe can block too if the other end is not closed.
 2016-05-24 11:16:44 -06:00
Todd C. Miller
e3514817df Mention visudo -x change. 2016-05-23 11:32:01 -06:00
Todd C. Miller
58ffab1dfa There's no need to escape forward slashes in JSON output. While 
it is legal to escape a forward slash, it is not required.
 2016-05-23 11:29:17 -06:00
Todd C. Miller
ab861b92d2 Document that in 1.8.12 sudo started being able to check the NIS 
domain on Solaris.
 2016-05-23 11:21:34 -06:00
Todd C. Miller
ccece8c01d Better description of the I/O logging pipe issue. 2016-05-20 11:00:18 -06:00
Todd C. Miller
8f694cc228 In del_io_events(), avoid reading from the pty master in blocking 
mode.  We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
another that could block if stdin is a pipe.  This ensures we consume
the pipe until EOF.
 2016-05-20 10:17:23 -06:00
Todd C. Miller
223b251c19 Improve debug info in sudo_ev_add() and sudo_ev_del() 2016-05-20 10:14:38 -06:00
Todd C. Miller
994f86b40f In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag 
so the event loop will exit after a single run through.  Otherwise,
we may hang at exit on non-BSD systems.
 2016-05-20 08:12:46 -06:00
Todd C. Miller
d8cfe62113 regen 2016-05-18 14:31:04 -06:00
Todd C. Miller
38f4ba2249 Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF 
for this because that corresponds to the value for atomic pipe
writes.  The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.
 2016-05-17 08:31:23 -06:00
Todd C. Miller
fb247aa76a I/O logging bug fix 2016-05-17 08:19:21 -06:00
Todd C. Miller
3b6cb9d65b Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close 
time, only when the user suspends sudo.  Fixes a problem where all
buffers might not get flushed at exit when logging I/O.  Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
 2016-05-17 08:16:43 -06:00
Todd C. Miller
eb4510597b Don't try to fflush(export_fp) or ferror(export_fp) if export_fp 
is NULL, which can happen on the error path.
 2016-05-16 14:16:08 -06:00
Todd C. Miller
a2e541aef8 O_NOCTTY has no effect when opening /dev/tty as the open can only 
succeed if there is already a controlling tty.
 2016-05-16 11:17:20 -06:00
Todd C. Miller
3b39377246 Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on 
first open like a physical terminal.  By definition, if you have a
controlling tty, the first open (which might block) has already
occurred.
 2016-05-16 11:12:54 -06:00
Todd C. Miller
4e6b6fd0fa Use O_NOCTTY when opening a tty. 2016-05-16 11:00:31 -06:00
Todd C. Miller
3161c05a04 regen 2016-05-16 10:29:30 -06:00
Todd C. Miller
b9dde14808 No need to set pass to NULL after freeing at the end of the loop 
it since it is already set to NULL each time through the loop.
 2016-05-16 10:18:31 -06:00
Todd C. Miller
67eb6dad0f SELinux fixes in 1.8.17. 2016-05-14 19:40:12 -06:00
Todd C. Miller
787912fa91 Check fprintf() return value in writeln_wrap() and return the number 
of characters actually written, or -1 on error.
 2016-05-14 19:38:23 -06:00
Todd C. Miller
009f3e6456 Check fputs() return value. 2016-05-14 19:34:42 -06:00
Todd C. Miller
9d526c1af5 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:34:13 -06:00
Todd C. Miller
90fdb6a316 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:33:28 -06:00
Todd C. Miller
578af5af4d Use ferror() after fflush() to check the error status of the stdio 
stream we wrote to.
 2016-05-14 18:48:20 -06:00
Todd C. Miller
6d63ed8a92 printf() returns < 0 on error, not explicitly -1 2016-05-13 14:48:00 -06:00
Todd C. Miller
7461dcf9a8 Regen for 1.8.17 2016-05-13 12:02:53 -06:00
Todd C. Miller
d25500afa8 Document that you need to preserve EDITOR and/or VISUAL for env_editor 
to be useful.
 2016-05-13 12:02:23 -06:00
Todd C. Miller
a2085809fa Fix last commit, now that argc is not reset we need to explicitly 
start the copy from argv[1].  From Daniel Kopecek
 2016-05-13 06:40:59 -06:00
Todd C. Miller
ea5bd18b92 cosmetic change to warning string 2016-05-12 10:35:06 -06:00
Todd C. Miller
4f46e07209 Avoid adding an extraneous warning string to sudoers.pot. 2016-05-12 10:33:32 -06:00
Todd C. Miller
e014159fe8 Use EOVERFLOW, not ENOMEM for overflow conditions. 
For snprintf() and vsnprintf(), POSIX says we should return -1 and
set errno to EOVERFLOW if the size param is > INT_MAX; also zero
out the string in this case (not mandated by POSIX) for safety.
 2016-05-12 10:07:59 -06:00
Todd C. Miller
b0be9895d9 Now that pam_open_session() failure is fatal we should print and log 
an error from it.  Bug #744
 2016-05-11 15:01:45 -06:00
Todd C. Miller
d3622b0f2c Repair SELinux support, broken by 397722cdd7ec. 
From Daniel Kopecek.
 2016-05-11 14:02:43 -06:00
Todd C. Miller
05db5aa3b8 Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the 
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.
 2016-05-11 09:40:31 -06:00
Todd C. Miller
23d288563e Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). 
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
 2016-05-11 07:06:45 -06:00
Todd C. Miller
8b4de84049 Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The 
only place where the pointers could be NULL is in visudo_json.c but
we already check for "next" being NULL there.  Quiets a cppcheck
warning.
 2016-05-10 06:32:55 -06:00
Todd C. Miller
398ddd0467 In replay_session() free iov at the end of the function (if needed) 
instead of after processing each line from the timing file.
Coverity CID 104843.
 2016-05-09 14:54:26 -06:00
Todd C. Miller
e528cad795 Add io_log_read() and io_log_gets() to hide differences between 
gzread/fread and gzgets/fgets.  Check for premature EOF and error
from io_log_read().  Also sanity check the index in the timing file.
Coverity CID 104630.
 2016-05-09 14:27:33 -06:00
Todd C. Miller
b04c49dbd3 Break up io_callback() into read_callback() and write_callback() 
to make it clear that we can't get an event with both read and write
set.
 2016-05-09 10:53:20 -06:00
Todd C. Miller
094854adfe In io_callback() make sure we clear SUDO_EV_READ if we close the 
fd.  It should not be possible for SUDO_EV_READ to be set when
revent is non-NULL but this makes static analyzers happier.
Coverity CID 104124.
 2016-05-07 14:51:37 -06:00
Todd C. Miller
194c7c8069 In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label 
so we only have to cleanup in one place.  Coverity CID 104577.
 2016-05-07 08:18:27 -06:00
Todd C. Miller
0568fa90cf Fix memory leak in sudo_netgroup_lookup() in the non-error case. 
Coverity CID 104572, 104573, 104574, 104575.
 2016-05-07 07:57:15 -06:00
Todd C. Miller
334b8f36a8 Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. 
Coverity CID 104571.
 2016-05-07 07:49:35 -06:00
Todd C. Miller
b84b2e6805 Free the events and event base before returning from replay_session(). 
Coverity CID 104116, 104117.
 2016-05-07 05:16:03 -06:00
Todd C. Miller
e99e3c26c8 In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp() fails. 
Coverity CID 104114.
 2016-05-07 05:10:11 -06:00
Todd C. Miller
355cce4570 Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable() 
returns an error.  Coverity CID 104113.
 2016-05-07 05:07:38 -06:00
Todd C. Miller
d733dd7783 Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). 
Coverity CID 104112.
 2016-05-07 05:05:30 -06:00