isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,592 Commits 1 Branch 0 Tags
cb7e82accad273eb15d70e5b51b4b08a4c059bd7
Commit Graph

229 Commits

Author SHA1 Message Date
Todd C. Miller
e797fc643f Plug memory leak when a particular Path is set more than once. 2016-11-16 13:57:50 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
8cb9f298bd Get rid of struct sudo_conf_paths and just use #defined index values 
to access the path values.
Make all accessors available even when the feature is not enabled.
 2016-11-15 15:41:41 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
b5e3a7aef2 Cast len from size_t to uint64_t before bit shifting since we are 
adding to count which is also uint64_t.  Quiets a PVS-Studio warning.
 2016-11-11 10:59:42 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
f3c7e0f83b Update error output to match quoting changes. 2016-11-03 11:16:09 -06:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
b058ac5299 Add vsyslog.lo 2016-10-29 12:22:40 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
d078450fb5 Use a static buffer if possible. 2016-10-19 12:56:34 -06:00
Todd C. Miller
19c96da44d add vsyslog() for systems without it. 2016-10-19 11:32:36 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
2a4ba64c84 Add flag to sudo_parseln() to disable line continuation support. 2016-09-01 10:50:39 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00
Todd C. Miller
f17f9ba9b2 Add missing break in switch that sets the max limit for RLIMIT_NOFILE. 
Found by cppcheck.
 2016-08-12 09:24:41 -06:00
Todd C. Miller
6f5b8cf757 Only remove backup files as part of "make uninstall" when INSTALL_BACKUP 
is set.
 2016-07-08 12:56:47 -06:00
Todd C. Miller
144e3bb53f Only keep backups of installed files on HP-UX where you cannot 
unlink a shared library that is in use.
 2016-07-08 12:37:41 -06:00
Todd C. Miller
f683cbd582 Add definition of nitems for those without it and use it throughout. 2016-06-23 10:58:07 -06:00
Todd C. Miller
72f18cff9a Fold lines at 80 characters for the clean: target 2016-06-13 15:12:44 -06:00
Todd C. Miller
5348d32ab6 Remove mksiglist, siglist.c, mksigname, signame.c as part of "distclean" 2016-06-13 13:45:17 -06:00
Todd C. Miller
1052a7205f Fix setting of hard stack limit when stack_hard is not specified 
in /etc/security/limits.  When 64-bit resource limits are supported
we can use the default value of 8388608 512-byte blocks directly.
We should only resort to using RLIM_SAVED_MAX for 32-bit resource
limits.
 2016-06-07 13:06:27 -06:00
Todd C. Miller
223b251c19 Improve debug info in sudo_ev_add() and sudo_ev_del() 2016-05-20 10:14:38 -06:00
Todd C. Miller
e014159fe8 Use EOVERFLOW, not ENOMEM for overflow conditions. 
For snprintf() and vsnprintf(), POSIX says we should return -1 and
set errno to EOVERFLOW if the size param is > INT_MAX; also zero
out the string in this case (not mandated by POSIX) for safety.
 2016-05-12 10:07:59 -06:00
Todd C. Miller
70f2f4eee9 Better test for negated character classes. 2016-02-26 11:24:25 -07:00
Todd C. Miller
f222a20b13 Add test for negated character class 2016-02-26 11:14:50 -07:00
Todd C. Miller
547a9b7d9c Fix negation of character classes. 2016-02-26 10:52:55 -07:00
Todd C. Miller
47adf0d3cb Add declaration of getauthdb() for AIX 5.1 2016-02-20 16:42:34 -07:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
6635f97b33 Fix a warning on AIX. 2016-01-26 14:35:14 -07:00
Todd C. Miller
41a32a1c58 When calling setauthdb(), save the old registry value so we can 
restore it properly.  Previously we were setting the registry to
unrestricted instead of actually restoring it.
 2016-01-22 17:04:58 -07:00
Todd C. Miller
5016fa23df When parsing debug entries, don't make a lower value override a 
higher one.  For example, for "pcomm@debug,all@warn" the "all@warn"
should not set pcomm to "warn" when it is already at "debug".
 2016-01-21 07:43:25 -07:00
Todd C. Miller
f4e5b135bb Update copyright year 2016-01-20 15:40:51 -07:00
Todd C. Miller
399ec8b2b0 Log an error for invalid boolean strings. 2016-01-20 15:34:00 -07:00
Todd C. Miller
12a8becd70 Remove gzopen_w which is only defined on Windows. 2016-01-13 13:40:19 -07:00
Todd C. Miller
f97eba71f0 Add missing sudo_debug_exit_ssize_t_v1 symbol. 2016-01-12 14:28:58 -07:00
Todd C. Miller
0123cf63f1 The Path setting for the plugin directory is "plugin_dir" not "plugin". 2015-12-18 14:03:59 -07:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
a2979ed809 Remove checks for __sys_siglist and __sys_signame. They are internal 
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.
 2015-09-10 16:44:57 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
448b18de2b Set errno to EINVAL if sudo_lock_* is called with a bad type. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
1965da8c33 Avoid a potential out of bounds read found by enh while fuzzing 
with address sanitizer enabled.
 2015-07-31 16:10:03 -06:00
Todd C. Miller
e941f97eb4 Replace two "return 0" with debug_return_bool(false). 2015-07-22 19:11:32 -06:00
Todd C. Miller
d4211081c0 Add some debugging printfs when malloc fails and we don't have an 
explicit call to sudo_warnx().
 2015-07-14 15:28:01 -06:00
Todd C. Miller
3c644f5bc0 Return -1 if realloc() fails. 2015-07-14 14:48:04 -06:00