isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

2385 Commits

Author SHA1 Message Date
Todd C. Miller
1918ec4a55 When reading a single character via a switch() use "default: instead 
of "case 1:" to quiet a coverity warning.
 2017-07-17 14:44:18 -06:00
Todd C. Miller
6509482bfd Initialize ch in getsize_cb() in case we are called with the wrong 
initial state.
 2017-07-17 14:13:08 -06:00
Todd C. Miller
58858513f0 remove unused variable 2017-07-17 14:09:48 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
28fe335017 don't restore the cursor when setting terminal size, we don't want the cursor to move 2017-07-14 14:30:43 -06:00
Todd C. Miller
dbddf1bc36 Read the xterm terminal size using an event so we can easily time 
out if needed.
 2017-07-14 10:10:00 -06:00
Todd C. Miller
9a76678317 Allow sudoreplay to adjust the window size on xterm-like terminals. 2017-07-13 11:20:45 -06:00
Todd C. Miller
f79a236533 Log window size change events in the sudoers I/O plugin. 
Let sudoreplay parse a timing file with window change events
(currently ignored).
 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
022ac87d66 avoid padding in struct cmndspec 2017-06-09 08:58:44 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
b2770313c6 Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler warnings on macOS. 2017-05-23 13:19:50 -06:00
Todd C. Miller
47df575f68 Add some patterns that could result in exponential run time for 
poorly written '*' matching.
 2017-05-18 13:10:52 -06:00
Todd C. Miller
f60030b903 Fix compilation error on macOS 2017-05-15 08:57:45 -06:00
Todd C. Miller
7db97c7835 Avoid a clang analyzer false positive. 2017-05-12 10:02:18 -06:00
Todd C. Miller
a842913aa7 Use debug logging instead of ignore_result() where possible. 2017-05-12 10:02:18 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
b5c88e52b1 Remove use of the non-standard SA_INTERRUPT 2017-05-12 10:02:17 -06:00
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e453c97976 Restore the error message for sudo_ev_add() failure. 2017-05-12 10:02:17 -06:00
Todd C. Miller
246ed8777d Fix "make check" when openssl or gcrypt is used. Bug #787 2017-05-11 05:28:19 -06:00
Todd C. Miller
0244f931dd Only display string version of errno if sudo_ev_add() fails for now 2017-05-10 09:22:07 -06:00
Todd C. Miller
93c029f4f9 sync with translationproject.org 2017-05-07 06:44:33 -06:00
Todd C. Miller
4e67ac56bd In check_input() when switch()ing on the return value of read(), 
use the default label instead of 1 for the success case.  It is
only reading a single byte so the two are equivalent but it reads
better using default.
 2017-05-04 12:25:51 -06:00
Todd C. Miller
1a047b156d Check sudo_ev_add() return value. Coverity CID 168362 2017-05-04 11:10:42 -06:00
Todd C. Miller
1d1ebb6111 Add io_open() wrapper for open(2) that retries with PERM_IOLOG if 
open(2) fails with EACCES.  Use io_open() instead of duplicate
copies of the same fallback code.
 2017-05-04 11:00:22 -06:00
Todd C. Miller
8757691fc7 Don't retry the open() if set_perms() fails. 2017-05-04 10:45:05 -06:00
Todd C. Miller
237eddd95e Fix typo (fd2 vs. fd) caught by coverity, CID 168359. 2017-05-04 10:30:59 -06:00
Todd C. Miller
c379665556 Add tests for parsing tuples and syslog options. 2017-05-03 09:54:30 -06:00
Todd C. Miller
2d8717bdd2 Allow the syslog Defaults option to be used in a "true" boolean 
context and use the compiled in default log facility in this case.
 2017-05-03 09:53:03 -06:00
Todd C. Miller
631d458b6f Allow a tuple to be set to boolean true. Regression introduced by 
refactor of set_default_entry() in sudo 1.8.18.
 2017-05-03 09:28:36 -06:00
Todd C. Miller
9bccceaea1 In "make install", install sample sudoers file as /etc/sudoers.dist 
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).
 2017-04-26 13:52:49 -06:00
Todd C. Miller
f3daaba1c4 In sudo_sss_check_user() it is not possible for handle to be NULL. 2017-04-19 14:30:30 -06:00
Todd C. Miller
583fac17ea Fix a use after free when the fqdn sudoOption is set and no hostname 
value is present in sssd.conf.
 2017-04-19 14:15:18 -06:00
Todd C. Miller
871b912f46 sync with translationproject.org 2017-04-19 09:07:55 -06:00
Todd C. Miller
7c63dbf65e regen 2017-04-13 13:45:00 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
4621e43676 quiet a warning on older zlib 2017-03-22 08:47:10 -06:00
Todd C. Miller
8d1e994d84 cast mode_t to unsigned int when printing with %o 2017-03-22 08:37:12 -06:00
Todd C. Miller
7f1fa00be9 regen 2017-03-21 16:34:17 -06:00
Todd C. Miller
7668b4b42b Set umask temporarily when creating files instead of changing the 
mode after the fact.  This is slightly less error prone.
 2017-03-21 16:21:17 -06:00
Todd C. Miller
2a37590b7d remove now-useless variable 2017-03-21 15:04:47 -06:00