isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,082 Commits 1 Branch 0 Tags
cd74b83c213b03028c7a5da79c1b315ab03aeec4
Commit Graph

10082 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d83c09fb66 Add SUDO_EV_MASK to mask off invalid event values. 
Now used by sudo_ev_init() to avoid bogus events.
 2020-03-12 14:00:15 -06:00
Todd C. Miller
a23048bbb2 Avoid using sprintf(), vsprintf(), strcat(), and strncat(). 
It is less error-prone to use functions with a return value that
indicates when truncation ocurred.
 2020-03-11 19:46:07 -06:00
Todd C. Miller
1015b493b0 Work around two Coverity false positives; CID 208813 208815 2020-03-11 19:30:00 -06:00
Todd C. Miller
b308b63b50 Fix potential use-after-free; Coverity CID 208814 2020-03-11 19:28:36 -06:00
Todd C. Miller
ec78f06890 Don't hard-code path to logging/__init__.py or line numbers. 
Allows python plugin tests to success on versions other than 3.7.
 2020-03-11 17:18:10 -06:00
Todd C. Miller
6c1b155fed Add copyright for the Python bindings. 2020-03-11 15:43:48 -06:00
Todd C. Miller
277b297ae0 Fix typo introduced on systems with O_PATH or O_EXEC 2020-03-11 15:42:46 -06:00
Todd C. Miller
d31689211e Update for sudo 1.9.0 2020-03-11 13:45:13 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
3edd30a27d A struct member of type ALL should have its name field set to NULL. 2020-03-11 11:17:52 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Todd C. Miller
f561e2cafe Store the event base in the client closure. 
Explicitly passing the event base removes the need to set a default base.
 2020-03-01 13:36:59 -07:00
Todd C. Miller
bf2bc931ab Revert change to initialize io_operations earlier. 
Instead, check io_operations.open for NULL which is the case for
"sudo -V".  Also move the early return in sudoers_io_open() for
"sudo -V" until after we have initialized debugging.
 2020-03-01 13:36:54 -07:00
Todd C. Miller
f590f81b3c Initialize io_operations earlier. 2020-02-28 07:03:15 -07:00
Robert Manner
6c9515496d plugins/python/regress: add a test and example of using the python logger 2020-02-28 05:46:54 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Todd C. Miller
34972e834f Mark up some remaining TODOs 2020-02-27 14:11:54 -07:00
Todd C. Miller
9c90f592c2 Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag. 2020-02-27 14:11:16 -07:00
Todd C. Miller
de9a143a3e Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__ 2020-02-27 14:10:53 -07:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Robert Manner
9cc46f115d plugins/python/regress: update tests for show_version changes 
- plugin->show_version is not marked NULL any more.
- if verbose, it also displays which python class was loaded from which file
 2020-02-26 13:15:52 -07:00
Robert Manner
f387cdf53f plugins/python: make show_version display the plugin in verbose mode 
Before it only displayed the plugin version, now it also displays
which python plugin is loaded to be more useful.
 2020-02-26 13:15:52 -07:00
Robert Manner
38fc37b214 plugins/python/approval: fix show_version crash when it is not implemented 
For approval plugins show_version is not optional.
 2020-02-26 13:15:52 -07:00
Robert Manner
e588879cf5 doc/sudo_plugin_python: add approval plugin to supported plugins 2020-02-26 13:15:52 -07:00
Todd C. Miller
f6a264e719 Avoid calling sudoers_policy_exec_setup() on error. 
We only want to pass the execution environment back for commands
that are accepted or rejected.
Also avoid potentially freeing the wrong pointer when garbage
collection is enabled.
 2020-02-24 19:59:44 -07:00
Todd C. Miller
f40b4c2887 Open event log at config time instead of open/close for each entry. 
If logging via syslog, do the openlog() at config time instead.
We still lock the log file prior to writing to it but unlock
immediately after.
 2020-02-22 16:13:56 -07:00
Todd C. Miller
7e5641bc76 Fix unlocking of an entire file with lockf(). 
Since lockf() uses the files's current offset, we need to seek to
the start of the file to unlock the entire file.
 2020-02-22 16:09:59 -07:00
Todd C. Miller
1b930b585d Add sudo_json_free_v1 to symbol exports file too. 2020-02-20 12:21:09 -07:00
Todd C. Miller
4b4db9694a Regenerate dependencies to match the recent JSON changes. 2020-02-20 11:35:28 -07:00
Todd C. Miller
4d1454ebab Add missing check for calloc(3) failure. 2020-02-20 11:31:27 -07:00
Robert Manner
95dce8cbe6 doc/sudo_plugin_python: document approval plugin and PluginReject 2020-02-19 11:51:18 -07:00
Robert Manner
06b1f58e9f plugins/python/sudo_python_module.c: remove unused declaration 
We do not use structsequence any more.
 2020-02-19 11:48:16 -07:00
Robert Manner
3be61db35c plugins/python: restore the original python inittab after interpreter deinit 2020-02-19 11:48:16 -07:00
Robert Manner
27de7dd24d plugins/python: only deinit interpreters when sudo unlinks the plugin 
This only happens when sudo unloads the last python plugin.
The reason doing so is because there are some python modules which
does not support importing them again after destroying the interpreter
which has imported them previously.

Another solution would be to just leak the interpreters (let the kernel
free up), but then there might be some python resources like open files
would not get cleaned up correctly if the plugin is badly written.

Tests are meant to test the scenario sudo does, so I have modified them
to generally do not unlink but only a few times (~per plugin type) so it
does not use 48 interpreters (one gets started on every plugin->open) and
it is visible at least which type of plugin fails deinit if there is an
error.
 2020-02-19 11:48:16 -07:00
Robert Manner
8a9218d161 plugins/python/debug: adapt debug refcount solution of sudoers plugin 2020-02-19 11:48:16 -07:00
Todd C. Miller
a0c2de4cef Re-register listeners on SIGHUP. 
Previously, a config reload would refresh the listener address list
but the changes had no effect on the actual addresses being listened on.
 2020-02-18 13:13:03 -07:00
Todd C. Miller
adb3bdf6dd Fix compilation error when not built with OpenSSL support. 
Adds a missing #ifdef HAVE_OPENSSL and reorders code to avoid the
need for a static init_tls_server_context() prototype.
 2020-02-18 10:35:30 -07:00
Todd C. Miller
982c003b8d Add support for JSON structured logging using syslog. 
Note that depending on the system, the default syslog buffer
may not be large enough to store all the logging data.
 2020-02-17 16:25:18 -07:00
Todd C. Miller
5781a6a4cf Add support for JSON logging in sudo_logsrvd. 2020-02-17 16:10:56 -07:00
Todd C. Miller
8ef5b734c4 Rework the JSON API to write to a memory buffer, not a stdio stream. 2020-02-17 16:10:55 -07:00
Todd C. Miller
25542216fe Fix support for reloading the config in sudo_logsrvd. 
We need to re-initialize the TLS server context.
Also fix a memory leak of the TLS parameters on reload.
 2020-02-17 15:01:38 -07:00
Todd C. Miller
2e836cc571 The environment in the accept message is runenv not submitenv. 
The I/O logging plugin is passed the environment the command will
run with, not the user's original environment.
 2020-02-16 16:37:14 -07:00
Todd C. Miller
92e42ff548 Add compatibility define for fseeko(3). 
This is better than cluttering up the code with #ifdefs for obsolete
systems.
 2020-02-15 10:22:15 -07:00
Todd C. Miller
e7bd19bd1e Add test for #include directive without a trailing newline. 2020-02-14 14:13:55 -07:00
Todd C. Miller
d2314acae8 Don't require a newline at the end of include or includedir directives. 2020-02-14 14:06:45 -07:00
Robert Manner
8395a20a20 plugins/python/regress/testhelpers.c: replace fromisoformat 
fromisoformat is only supported from python >=3.7
 2020-02-14 09:25:37 -07:00