isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

2385 Commits

Author SHA1 Message Date
Todd C. Miller
de2f455d3e Support start time on macOS and 4.4BSD 2017-12-17 07:40:21 -07:00
Todd C. Miller
428a487e0b Include sys/types.h for mode_t used in sudoers.h. 2017-12-16 20:55:01 -07:00
Todd C. Miller
b78296197d Fix compilation error on FreeBSD 2017-12-16 20:46:58 -07:00
Todd C. Miller
79caf1e68d Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL 
Add debugging for the successful case
For Linux, don't NUL out *ep before parsing with strtoull().
* * *
Add missing debug info for the System V /proc version.
 2017-12-16 14:50:14 -07:00
Todd C. Miller
1709dc7f77 In the timestamp record, include the start time of the terminal 
session leader for tty-based timestamps or the start time of the
parent process for ppid-based timestamps.  Idea from Duncan Overbruck.
 2017-12-16 05:53:05 -07:00
Todd C. Miller
5cec5734cc If the lock record doesn't match the expected record size we need 
to seek to the end of the record as we otherwise may have gone too
far (or not far enough).  Fixes interop problems when the time stamp
record changes size.
 2017-12-15 21:08:38 -07:00
Todd C. Miller
6ca8447e00 An empty RunAsUser means run as the invoking user, similar to how 
the sudoers files works.
 2017-12-12 14:20:56 -07:00
Todd C. Miller
1350a30737 Add authfail_message sudoers option to allow the user to override 
the default message of %d incorrect password attempt(s).
 2017-12-11 12:43:58 -07:00
Todd C. Miller
5106bfc139 Allow the plugin to determine whether or not an empty timeout is 
allowed.  For sudoers, an error will be returned for an empty timeout.
 2017-12-11 09:20:41 -07:00
Todd C. Miller
b5463c2809 Return an error for an empty timeout string. Just use strtol() for 
syntax checking instead of scanning with strspn().
 2017-12-11 09:19:42 -07:00
Todd C. Miller
00a00ebd1d Better input validation of settings passed by the sudo front-end. 
Instead of ignoring an empty setting, throw an error.
 2017-12-10 07:45:49 -07:00
Todd C. Miller
b16912da1d Don't include syslog.h from logging.h, just include it in the two 
.c files it is actually needed.
 2017-12-08 15:00:41 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
01587b1b14 Add missing carriage return before prompt when replay is done. 2017-12-02 21:32:24 -07:00
Todd C. Miller
988328393a regen 2017-12-01 15:43:04 -07:00
Todd C. Miller
93828eca65 Avoid a double free when ipa_hostname is set in sssd.conf and it 
is an unqualified host name.  From Daniel Kopecek.

Also move the "unable to allocate memory" warning into get_ipa_hostname()
itself to make it easier to see where the allocation failed in the
debug log.
 2017-11-28 11:28:44 -07:00
Todd C. Miller
250209d7a8 When running a command as the invoking user we cannot use the gid 
list from the front-end since it may not correspond to the user's
aux group vector as defined by the group database.
 2017-11-28 09:48:43 -07:00
Todd C. Miller
dd47a0a416 Add missing initprogname() calls. 2017-11-28 09:06:44 -07:00
Todd C. Miller
ca2e1a455a Plug some memory leaks on error, some found by the clang static analyzer. 2017-11-16 09:43:24 -07:00
Todd C. Miller
bcc0eeb575 Avoid calling cmnd_matches() in list/verify mode if we already have 
a match.
 2017-11-15 15:09:25 -07:00
Todd C. Miller
88faa58735 In list (-l) or verify (-v) mode, if we have a match but authentication 
is required, clear FLAG_NOPASSWD so that when listpw/verifypw is
set to "all" and there are multiple sudoers sources a password will
be required unless none of the entries in all sources require
authentication.  From Radovan Sroka of RedHat
 2017-11-15 15:06:45 -07:00
Todd C. Miller
2cbdc26540 When checking the results for "sudo -l" and "sudo -v", keep checking 
even after we get a match since the value of doauth may depend on
evaluating all the results.  From Radovan Sroka of RedHat.
 2017-11-15 12:27:39 -07:00
Todd C. Miller
a62cd4b4fe If passwd_tries is less than 1, check_user() will always return 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
 2017-11-14 13:58:35 -07:00
Todd C. Miller
53a8ad7120 Return an error if the sudo front end doesn't set the user name, user ID, 
group ID or host name.  Bug #807
 2017-10-20 07:55:48 -06:00
Todd C. Miller
740c619d33 Add support for #include and #includedir from Natale Vinto. 2017-10-17 14:28:38 -06:00
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
9ab1c9935d sync with translationproject.org 
* * *
sync with translationproject.org
 2017-09-07 15:47:09 -06:00
Todd C. Miller
8e021c39fa Fix a logic error in 96651906de42 which prevented sudo from using 
the PAM-supplied prompt.  Bug #799
 2017-09-05 09:30:19 -06:00
Todd C. Miller
06d52c97c2 The fix for matching when no sudoRunAsUser is present in a sudoRole 
was incomplete.  If no -g option was specified on the command line
but sudoRunAsGroup is present in a sudoRole, we need to treat the
group match as failed instead of missing.
 2017-09-01 11:36:15 -06:00
Todd C. Miller
507ab6fdcd Sprinkle a few more debugging printfs. 2017-09-01 09:22:31 -06:00
Todd C. Miller
e100259619 Fix replaying sessions that contain input logs. When the inter-record 
timeout expires we need to read the next record if there is nothing
to output.
 2017-09-01 09:00:17 -06:00
Todd C. Miller
d5c41ae373 Go back to returning true from display_privs() on non-error. This 
results in "sudo -U otheruser -l" exiting with a status of 0 even
when otheruser is not allowed to run commands.  This is appropriate
since the "sudo -l" command was successful.  This does not change
the exit value when otheruser runs "sudo -l" themselves, the exit
status will be 1 since that user is not allowed to run commands.
Requested by Radovan Sroka.
 2017-08-31 11:29:19 -06:00
Todd C. Miller
5cdee2c2c0 Fix the pass2 ldap query string when no search filter is defined. 
Due to the addition of "(sudoUser=*)" to the query we always need
the AND operator, even if no search filter is present.
 2017-08-31 11:05:48 -06:00
Todd C. Miller
0d243a882e sync with translationproject.org 2017-08-20 19:07:07 -06:00
Todd C. Miller
b45d73acb4 sync with translationproject.org 2017-08-12 15:29:35 -06:00
Todd C. Miller
6696653e4f sync with translationproject.org 2017-08-08 06:50:24 -06:00
Todd C. Miller
deaeffe73a regen 2017-08-03 10:06:16 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
c3b3e501b9 regen 2017-08-01 15:45:20 -06:00
Todd C. Miller
48459292ff Don't send email about an unresolvable host name if fqdn is 
enabled and the user specified the run host via the -h flag.
 2017-08-01 13:45:32 -06:00
Todd C. Miller
5ab1d724a9 fix playback of stdout/stderr without embedded carriage returns 2017-07-31 10:44:39 -06:00
Todd C. Miller
98369bf985 Avoid unused variable warning when sasl is not used. 2017-07-28 14:05:54 -06:00
Todd C. Miller
4b51622914 Quiet a coverity false positive. 2017-07-27 11:36:10 -06:00
Todd C. Miller
2d30c42a03 Change to a single event loop in sudoreplay and use signal events. 2017-07-27 09:45:35 -06:00
Todd C. Miller
879ba68879 Don't set passprompt_override when SUDO_PROMPT is present. 
This effectively reverts ed77d255f383.

We treat the SUDO_PROMPT environment variable similar to passprompt
in sudoers: it will only override a PAM prompt if the PAM prompt
is either "Password:" or "username's Password:".
 2017-07-21 09:07:00 -06:00
Todd C. Miller
d129f306ea Add syslog_pid sudoers option to log sudo's process ID when logging 
via syslog.  This is disabled by default to match historic behavior.
 2017-07-20 16:33:12 -06:00
Todd C. Miller
43cbcbc24d When deciding which prompt to use (PAM's or sudo's) treat the PAM 
prompt "username's Password:" as equivalent to "Password:".
Some PAM modules (on AIX at least) use this prompt.
 2017-07-20 16:06:47 -06:00
Todd C. Miller
5923a28113 Add missing argument to a few of the defaults strings in the 
"sudo -V" output.
 2017-07-20 13:58:54 -06:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00