isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,262 Commits 1 Branch 0 Tags
cc82c3193e1682161f00d9ab25a7fc534fb1e091
Commit Graph

1712 Commits

Author SHA1 Message Date
Todd C. Miller
cc82c3193e Fix compilation error and export sample_policy struct. 
From Michael Evans
 2016-05-06 11:12:45 -06:00
Todd C. Miller
7b302e09ae Check return value of restore_perms() in vlog_warning(). 
Coverity CID 104079.
 2016-05-06 09:26:45 -06:00
Todd C. Miller
b4cb1c0a1f Fix memory leaks in resolve_editor() in the error path. 
Coverity CID 104109, 104110
 2016-05-06 09:23:22 -06:00
Todd C. Miller
61c53c8e66 Fix memory leak of gid_list in sudoers_policy_exec_setup() in the 
error path.  Coverity CID 104111.
 2016-05-06 09:17:14 -06:00
Todd C. Miller
0690793c25 Fix fd leak in do_logfile() if we fail to lock the log file. 
Coverity CID 104115.
 2016-05-06 09:12:39 -06:00
Todd C. Miller
7a5149d738 Fix memory leak of sss_result in sudo_sss_lookup() 
Coverity CID 104106
 2016-05-06 08:22:03 -06:00
Todd C. Miller
4bfdf0c2b4 Fix fd leak in open_io_fd() if gzdopen/fdopen fails. 
Coverity CID 104105
 2016-05-06 08:11:34 -06:00
Todd C. Miller
444d2a5c3e Fix fd leak in io_nextid() in error path. 
Coverity CID 104104
 2016-05-06 08:07:40 -06:00
Todd C. Miller
562b5cb59b Check lseek() return value. 
Coverity CID 104061.
 2016-05-05 16:46:25 -06:00
Todd C. Miller
60e740dd60 Ignore ts_write() return value when disabling an entry with a bogus 
timestamp.  We ignore the timestamp entry even it doesn't succeed.
Coverity CID 104062.
 2016-05-05 16:30:11 -06:00
Todd C. Miller
6473d55aa7 Cast the return value of fcntl() to void when setting FD_CLOEXEC. 
Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073, 104074
 2016-05-05 16:16:24 -06:00
Todd C. Miller
9471ec45a1 Cast the return value of fcntl() to void when setting FD_CLOEXEC. 
Coverity CID 104075, 104076, 104077.
 2016-05-05 16:09:51 -06:00
Todd C. Miller
a7fa036d42 Avoid a false positive. Coverity CID 104056. 2016-05-05 15:54:06 -06:00
Todd C. Miller
c0a3c6bb9d Avoid calling fclose(NULL) on error in export_sudoers(). 
Coverity CID 104091.
 2016-05-05 15:14:57 -06:00
Todd C. Miller
a09e45d339 In fill_args(), check for "arg_size == 0" instead of 
"sudoerslval.command.args == NULL" since the latter leads Coverity
to imply that sudoerslval.command.args could be NULL later on.
Coverity CID 104093.
 2016-05-05 15:12:37 -06:00
Todd C. Miller
64142f9da2 Avoid calling fclose(NULL) if the sudoers file is not secure and 
restore_perms() fails.  Coverity CID 104090.
 2016-05-05 15:01:22 -06:00
Todd C. Miller
5725acd1c4 In fill_args(), replace loop that increments arg_size() with 
a simple add and mask.  Should prevent a false positive from
Coverity CID 104094.
 2016-05-04 16:59:04 -06:00
Todd C. Miller
bf734419bf In parse_expr(), move the "bad" label after the "default" case in 
the switch(), not before it.  This seemed to confuse Covertity,
resulting in a false positive, CID 104095.
 2016-05-04 16:48:02 -06:00
Todd C. Miller
20ff6023aa Fix cut and paste error when checking cols for 0. 
Coverity CID 104081
 2016-05-04 11:15:20 -06:00
Todd C. Miller
2152f053b1 Use a single debug message for cache hit or store to avoid another 
situation where they get out of sync.  Bug #743
 2016-05-04 09:15:12 -06:00
Todd C. Miller
a152afaeb5 Sync the "cache hit" debug messages with the "cached" debug messages. 
This fixes a bug where we could dereference a NULL pointer when we
look up a negative cached entry which is stored as a NULL passwd
or group struct pointer.  Bug #743.
 2016-05-04 08:55:21 -06:00
Todd C. Miller
57b1dc5e1d Add missing newline when logging to a file (not syslog) and 
loglinelen is set to a non-positive number.  Bug #742
 2016-04-26 14:39:42 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
6717c32022 When determining whether or not "sudo -l" or "sudo -b" should prompt 
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.
 2016-04-19 10:08:51 -06:00
Todd C. Miller
b2d1c457ce If the auth_type setting in /etc/security/login.cfg is set to 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
 2016-03-22 16:31:28 -06:00
Todd C. Miller
c5cafb4331 hook_version and hook_type are unsigned so use 0, not -1 in the 
final (empty) entry.  Quiets a warning on Solaris Studio 12.2.
 2016-03-16 10:53:43 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
9353672608 sync with translationproject.org 2016-03-08 10:04:46 -07:00
Todd C. Miller
514c62fc24 sync with translationproject.org 2016-02-26 14:39:00 -07:00
Todd C. Miller
159aa2ba6c sync with translationproject.org 2016-02-26 11:02:29 -07:00
Todd C. Miller
95dd64ea75 Fix the check for whether a user is allowed to lists another user's 
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738
 2016-02-26 09:32:08 -07:00
Todd C. Miller
5dd7ac20e1 Log the number of PAM messages in the conversation function at debug 
level.
 2016-02-26 09:30:31 -07:00
Todd C. Miller
99978e4a70 Fix documented bug with duplicate role names and turn on perl warnings. 
Based on a diff from Aaron Peschel
 2016-02-22 11:07:33 -07:00
Todd C. Miller
6848a7f1a6 regen 2016-02-19 15:50:38 -07:00
Todd C. Miller
fafbc9a55a sync with translationproject.org 2016-02-19 15:48:39 -07:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
73163c750a Plug some memory leaks in the tests. 2016-01-29 11:34:09 -07:00
Todd C. Miller
2224cfd000 If realloc of sudoerslval.command.args fails, reset sudoerslval.command.args 
as well as arg_len and arg_size after freeing sudoerslval.command.args.
 2016-01-29 11:10:36 -07:00
Todd C. Miller
5cbe1edcfe iolog_compress should be bool, not int 2016-01-28 15:36:15 -07:00
Todd C. Miller
3bebdfea79 Quiet address sanitizer leak detector. 2016-01-28 15:07:54 -07:00
Todd C. Miller
21d6fc3d8f Simple garbage collection (really a to-be-freed list) for the sudoers 
plugin.  Almost identical to what sudo.c uses.  Currenly only the
environment strings are collected at exit time which is enough to
quiet address sanitizer's leak detector.
 2016-01-28 14:53:48 -07:00
Todd C. Miller
873d5cc5ff Try to deconfuse static analyzers a bit. 2016-01-27 16:19:22 -07:00
Todd C. Miller
23a82ab2e8 Avoid possible NULL deref found by clang analyzer. 2016-01-27 16:07:35 -07:00
Todd C. Miller
ab11cdde2c auth_getpass() returns a dynamically allocated copy of the plaintext 
password which needs to be freed after checking (and clearing) it.
 2016-01-27 15:36:50 -07:00
Todd C. Miller
e48ceebf14 fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles 
a NULL poiner so there's no need to check before calling it.  Add
missing initialization of sss_sudo_result to NULL in sudo_sss_setdefs().
 2016-01-27 09:28:08 -07:00
Todd C. Miller
60ea106cc4 Add missing return when user is not found in sudo_sss_result_get(). 
Previously we fell through to the default case which just logged a
debug message and returned so this just avoids the extra (generic)
debug message.
 2016-01-27 09:20:04 -07:00
Todd C. Miller
a6886d2345 Add check for I/O log file handle being NULL. This could only 
happen if the front-end calls iolog_open with argc == 0 but actually
runs a command.
 2016-01-25 16:18:22 -07:00
Todd C. Miller
c28f59271a Additional debugging for pwutil functions. 2016-01-22 17:04:59 -07:00
Todd C. Miller
578be4f39c Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. 2016-01-22 11:22:58 -07:00
Todd C. Miller
7ed519125e Set sudoedit_checkdir=false in command_details when it is disabled 
in sudoers.
 2016-01-20 15:51:43 -07:00