isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,592 Commits 1 Branch 0 Tags
cb7e82accad273eb15d70e5b51b4b08a4c059bd7
Commit Graph

8592 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cb7e82acca Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct 
modification of LDFLAGS.
 2016-11-17 10:16:51 -07:00
Todd C. Miller
a77ecca7d3 Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where 
crypt() was not exported.
 2016-11-17 08:11:59 -07:00
Todd C. Miller
80217f0bbc Remove obsolete solaris issue with snprintf 2016-11-17 08:11:01 -07:00
Todd C. Miller
c3373f03be SunOS 4.x is no longer supported 2016-11-17 08:09:06 -07:00
Todd C. Miller
e797fc643f Plug memory leak when a particular Path is set more than once. 2016-11-16 13:57:50 -07:00
Todd C. Miller
d6c30ba273 Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions 
and use them to parse negated entries instead of doing it manually.
 2016-11-16 13:46:38 -07:00
Todd C. Miller
da73733724 Fix printing of sudoedit_follow in "sudo -l" 2016-11-16 11:03:50 -07:00
Todd C. Miller
c7d6521b49 For "sudo -l" print sudoOption sudoedit_follow as FOLLOW. 2016-11-16 11:03:12 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
8820ff3efb Use readline() in sudo_ldap_read_secret() 2016-11-16 09:22:18 -07:00
Todd C. Miller
8cb9f298bd Get rid of struct sudo_conf_paths and just use #defined index values 
to access the path values.
Make all accessors available even when the feature is not enabled.
 2016-11-15 15:41:41 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
589e129c87 Disable noexec for HP-UX 10.x which probably doesn't support LD_PRELOAD 2016-11-14 16:42:16 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
068f96a213 Unbreak sudo_noexec on macOS where shared libraries and dynamic 
modules are different.  We still want to install sudo_noexec.so
without the "lib" prefix so some hackery is required.
 2016-11-14 11:04:29 -07:00
Todd C. Miller
60bf139451 Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. 2016-11-14 11:00:43 -07:00
Todd C. Miller
07cc9d8153 Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. 
Otherwise, the wordexp(3) wrapper will fail due to an undefined
symbol.  Bug #761
 2016-11-13 16:00:31 -07:00
Todd C. Miller
deb6259765 In strict mode, go to the file/line with an undefined aliases 
or aliases cycle directly.
 2016-11-13 06:41:09 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
90995c0acf Add simple reference-counted string allocator and use it for passing 
around references to the sudoers path.  This lets us avoid making
copies of the sudoers path for the errorfile as well as each Defaults
entry.
 2016-11-11 16:18:27 -07:00
Todd C. Miller
b5e3a7aef2 Cast len from size_t to uint64_t before bit shifting since we are 
adding to count which is also uint64_t.  Quiets a PVS-Studio warning.
 2016-11-11 10:59:42 -07:00
Todd C. Miller
52e136863f Add checks for sudoers_locale early Defaults 2016-11-10 14:36:11 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
efe957544f Add the argument vector allocated for -s and -i mode to the garbage 
collector list.  Avoids an ASAN warning on exit when the -s or -i
flags are used.
 2016-11-10 10:11:18 -07:00
Todd C. Miller
cefcb6f501 add missing sudo_pw_delref/sudo_gr_delref to plug memory leak 2016-11-09 16:07:12 -07:00
Todd C. Miller
dbf07431d0 Use expr instead of POSIX sh numerical expression to avoid 
a syntax error on older shells.
 2016-11-09 06:03:31 -07:00
Todd C. Miller
541ffbeec8 Bump plugin minor version to 10 for sudo_mode, sudo_group and sudo_user. 2016-11-08 20:34:46 -07:00
Todd C. Miller
17868f89d7 Fix a bug in host matching where a negated sudoHost entry would 
prevent other sudoHosts following it from matching.
 2016-11-08 14:35:23 -07:00
Todd C. Miller
1d9b8ca32e Zero out sd_un before calling parse_default() so we don't try 
to free stack garbage in the ldap/sssd backends.
 2016-11-08 12:58:28 -07:00
Todd C. Miller
738c3cbf3e Use "ret", not "rc" for the function return value. 2016-11-07 13:39:42 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
1f24108969 Use "struct defaults *d" instead of "struct defaults *def" throughout 
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
 2016-11-06 18:55:18 -07:00
Todd C. Miller
4ca0838ba9 In display_bound_defaults() rename dtype arg -> deftype. 2016-11-06 18:41:31 -07:00
Todd C. Miller
f3c7e0f83b Update error output to match quoting changes. 2016-11-03 11:16:09 -06:00
Todd C. Miller
4f532dcc50 Avoid passing in a struct sudo_defs_types pointer to the store 
functions.  Pass in a pointer to the union to fill instead.
 2016-11-03 11:02:48 -06:00
Todd C. Miller
3c28810feb no longer need struct defaults forward referebce 2016-11-03 10:15:18 -06:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
75e29f163e Add file:linenumber prefix to all Defaults warnings so we can see 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
 2016-11-02 17:07:32 -06:00
Todd C. Miller
a9715211a8 Use sudoedit in examples instead of "sudo vi" 2016-11-02 17:07:25 -06:00
Todd C. Miller
f6ce83ea76 Only treat an unknown Defaults entry as a parse error in visudo, 
not in sudo itself.
 2016-11-01 15:08:11 -06:00
Todd C. Miller
8a48085184 Instead of checking Defaults values after the fact, check them at 
sudoers parse time.  This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
 2016-11-01 14:22:32 -06:00
Todd C. Miller
0aa216ed55 Refactor freeing of a member_list into free_members(). 2016-11-01 14:15:07 -06:00
Todd C. Miller
9de491dc27 add_defaults() now calls sudoerserror() itself instead of the caller 
assuming any error means out of member.
 2016-11-01 14:13:47 -06:00
Todd C. Miller
484b5718d8 s/rval/ret/g -- old habits die hard 2016-11-01 12:34:24 -06:00
Todd C. Miller
2dbe50d1e1 Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error. 2016-10-31 16:21:50 -06:00