isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

77 Commits

Author SHA1 Message Date
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
250209d7a8 When running a command as the invoking user we cannot use the gid 
list from the front-end since it may not correspond to the user's
aux group vector as defined by the group database.
 2017-11-28 09:48:43 -07:00
Todd C. Miller
a842913aa7 Use debug logging instead of ignore_result() where possible. 2017-05-12 10:02:18 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
63adb21cea Add some missing casts from uid_t/gid_t to int when printing uid/gid 
values.  We print these as signed so a value of -1 (no change) is
obvious.  Quiets PVS-Studio warnings.
 2016-10-26 11:08:33 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
b727d4309c Handle sudo_get_grlist() returning NULL which can happen if 
getgrouplist() fails even after allocating the appropriate amount
of memory.  From Stephane Chazelas
 2015-02-05 11:17:24 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
a78da37487 Make set_perms() and restore_perms() return an error instead of 
calling exit() on failure.
 2014-04-10 16:11:47 -06:00
Todd C. Miller
b1cdb3708c Remove a few more unnecessary uses of fatal(). 2014-04-07 19:52:28 -06:00
Todd C. Miller
a5aeaf20da Fix some sign comparision warnings. 2014-03-25 16:16:11 -06:00
Todd C. Miller
d75e5f6fef Fix typo in setreuid() PERM_ROOT error message. 2014-02-27 16:40:28 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
0817429583 More sign compare fixes. On Solaris id_t is signed so use uid_t 
in the set_perms.c ID macro instead.
 2013-10-23 15:19:41 -06:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
23a2bdbcba In rewind_perms() there is nothing to do if perm_stack_depth == 0. 2013-08-07 09:42:14 -06:00
Todd C. Miller
f6e8fb8b1c Quiet a few -Wunused-result compiler warnings. 2013-05-01 11:02:09 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
d658d12195 Let warning() call gettext() for us. 2012-11-25 09:34:20 -05:00
Todd C. Miller
cab6b976dc For PERM_ROOT set egid to 0 so log files are not created with 
the gid of the user.
 2012-11-12 15:20:10 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
0d82c4c7ee If sudoers_mode is group-readable but the actual sudoers file is 
not, open the file as uid 0, not uid 1.  This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
 2012-05-21 13:59:02 -04:00
Todd C. Miller
53357633f1 Fix restoration of AIX permissions. 2012-04-09 15:39:01 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
c85afe4b9c Remove unused label 2012-03-16 20:13:43 -04:00
Todd C. Miller
2ff9d0318c Remove bogus optimization that could lead to a double free of the 
group list.
 2012-03-16 12:00:32 -04:00
Todd C. Miller
1e8f5d4aa4 Use normal error path if unable to set sudoers gid. 2012-03-10 16:38:14 -05:00
Todd C. Miller
7971a5e499 Make this work again on systems w/o seteuid(). 2012-03-10 15:29:46 -05:00
Todd C. Miller
9c2dd5eec6 Fix compilation if no seteuid/setreuid/setresuid available. 2012-03-09 17:28:59 -05:00
Todd C. Miller
b49bb17c3e Better error messages, and added debugging throughout. 
Fixed seteuid() version of set_perms()/restore_perms().
Fixed logic bug in AIX version of restore_perms().
Added checks to avoid changing uid/gid when we don't have to.
Never set gid/uid state to -1, use the old value instead.
 2012-03-09 17:07:41 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
e066ff5caf More complete fix for LDR_PRELOAD on AIX. The addition of 
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD.  Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
 2012-02-06 15:46:17 -05:00
Todd C. Miller
656807823d For PERM_ROOT when using setreuid(), only set the euid to 0 prior 
to the call to setuid(0) if the current euid is non-zero.  This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
 2012-02-06 13:29:19 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
b743b77a0d Better warning message on setuid() failure for the setreuid() 
version of set_perms().
 2011-10-04 11:13:28 -04:00
Todd C. Miller
d81c14005f Silence compiler warnings on Solaris with gcc 3.4.3 2011-08-23 16:42:18 -04:00
Todd C. Miller
4f9a93f658 Fix some potential problems found by the clang static analyzer, 
none serious.
 2011-07-28 10:59:37 -04:00
Todd C. Miller
1f9fb7609f Fix two PERM_INITIAL cases that were still using user_gids. 2011-07-22 15:13:35 -04:00