isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

9409 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ddd663a5f2 Import arc4random() from libressl. This takes an all-in-one approach 
instead of the one-file-per-OS approach that libressl takes.
The fallback code does not have as many OS-specific bits as libressl.
 2018-05-24 21:04:23 -06:00
Todd C. Miller
154a5f59a9 Move digest code into libutil 2018-05-24 21:04:07 -06:00
Todd C. Miller
1cd472c051 Check for invalid bas64 attributes. 2018-05-20 08:09:25 -06:00
Todd C. Miller
a04cb53e37 Fix pointer sign warnings. 2018-05-20 07:42:54 -06:00
Todd C. Miller
5c113e59ec Add missing variable declaration for SELinux and Solaris. 2018-05-20 07:36:46 -06:00
Todd C. Miller
03aa84ed03 Handle empty string and treat it as safe. 2018-05-20 07:36:00 -06:00
Todd C. Miller
1bc8e9abfd Add support for base64-encoding non-safe strings in LDIF output. 2018-05-20 07:01:26 -06:00
Todd C. Miller
574c9fcd7a Add base64_encode() by Jon Mayo. 2018-05-19 19:03:47 -06:00
Todd C. Miller
1ab3606019 Add support for parsing base64-encoded attributes 2018-05-18 10:11:51 -06:00
Todd C. Miller
7d42a609d9 rfc2253 says we need to escape " and leading and trailing space. 2018-05-17 11:16:44 -06:00
Todd C. Miller
dfb66044ed Define ZLIB_CONST so we get the const version of the API. 2018-05-17 09:31:48 -06:00
Todd C. Miller
1494f25ba3 Fix logic inversion when handing the authenticate Defaults option 
for "sudo -l" and "sudo -v" in long list mode.
 2018-05-16 12:14:14 -06:00
Todd C. Miller
c30ad97107 Set handle->pw before sss_to_sudoers() since sss_check_user() 
uses it.  Coverity CID 185651
 2018-05-16 10:48:50 -06:00
Todd C. Miller
8ce49ecb2b Fix memory leak on error, CID 185602 2018-05-16 10:45:00 -06:00
Todd C. Miller
8ad51fe089 Some ldap_get_values_len -> sudo_ldap_get_values_len that were 
missed before.
 2018-05-16 10:37:15 -06:00
Todd C. Miller
b7e6d04907 When building up the cmndspec, add the actual command member last. 
This simplifies the logic regarding the SETENV tag and alsomakes
"out of memory" cleanup simpler.
 2018-05-16 10:27:28 -06:00
Todd C. Miller
2102800824 Fix format string mismatch, sudo_order is unsigned. 2018-05-16 10:15:15 -06:00
Todd C. Miller
b31656b7f1 Add cppcheck annotation to suppress memory leak false positive. 2018-05-16 10:14:39 -06:00
Todd C. Miller
3ca0882d14 Sudo "ALL" implies the SETENV tag. 2018-05-16 10:01:52 -06:00
Todd C. Miller
cf9c0102d4 Only set MODE_PRESERVE_ENV when preserving the entire environment. 
Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
used in conjunction with --preserve-env=VARIABLE.  Bug #835
 2018-05-16 09:10:43 -06:00
Todd C. Miller
f38317269d Add free_userspecs() and free_default() and use them instead of 
looping over the lists and calling free_userspec() and free_default().
 2018-05-15 16:35:07 -06:00
Todd C. Miller
3a4c0e06c1 Depending on the bos level, AIX 6.1 may or may not include 
getline/getdelim and AIX 7.1 may or may not include memset_s.
Since we need to build packages that will work on all AIX 6.1 and
7.1 machines, use our getline() and memset_s emulation.
 2018-05-15 09:53:46 -06:00
Todd C. Miller
93eec5fb9f Do not leak struct sudo_command when the command is ALL. 
Coverity CID 185602.
 2018-05-14 13:47:00 -06:00
Todd C. Miller
808ec34ab4 Sudo 1.8.24 2018-05-14 13:04:14 -06:00
Todd C. Miller
9f36ae62f0 Improve comments about why we need to do a user check and how it 
related to netgroups.
 2018-05-14 10:43:51 -06:00
Todd C. Miller
d052f8a68b Add checks for ldap/sss functions failing due to memory allocation 
errors.
 2018-05-14 09:05:05 -06:00
Todd C. Miller
904f37e03f Let the main sudoers lookup code check the host name. We still 
check the user name so it is possible to use a single userspec
but this may change in the future.
 2018-05-14 09:05:04 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
cc3428398a Parse "ALL" as a command correctly. 2018-05-14 08:35:48 -06:00
Todd C. Miller
4a3aa5f6e6 Add debug warning if lseek() fails (should not be possible). 2018-05-11 07:51:43 -06:00
Todd C. Miller
7b1e78d6df Fix swapped args of lseek() when rewinding. This didn't cause a 
problem because the value of SEEK_SET is 0.
 2018-05-11 07:45:22 -06:00
Todd C. Miller
6e290763ca Fix a format-truncation warning in newer gcc by avoiding using %0x 
and %0X in the test.  We are formatting a single byte so just do
it one nybble at a time.
 2018-05-10 21:17:03 -06:00
Todd C. Miller
3359d7290f Regen with autoconf git commit e17a30e987d7ee695fb4294a82d987ec3dc9b974 
AC_HEADER_MAJOR: port to glibc 2.25
 2018-05-10 20:44:09 -06:00
Todd C. Miller
7a940ce30b No need to explicitly free role on EOF, it will be freed after the 
loop is done.
 2018-05-03 11:06:02 -06:00
Todd C. Miller
29d188f4b4 Garbage collect the command argv, envp and info vectors since they are 
not available at policy close time.
 2018-05-03 10:52:17 -06:00
Todd C. Miller
b0c13e995c Plug memory leaks on parse error or when an LDIF entry doesn't match 
the dn filter.
 2018-05-03 10:51:11 -06:00
Todd C. Miller
620070f493 Rename variables now that the string list functions are not ldap-specific. 2018-05-03 10:49:54 -06:00
Todd C. Miller
1a087cebab Fix typo 2018-04-30 09:56:40 -06:00
Todd C. Miller
82dfbf458d fix version 2018-04-29 13:58:49 -06:00
Todd C. Miller
929396fbce sync 2018-04-29 13:52:28 -06:00
Todd C. Miller
23b2879e08 sync with translationproject.org 2018-04-29 13:33:29 -06:00
Todd C. Miller
a18e811485 O_EXEC for fexecve() not O_SEARCH. 2018-04-25 14:55:55 -06:00
Todd C. Miller
95fb4458d5 Document how to suppress the last login message on Solaris. 2018-04-25 09:56:22 -06:00
Todd C. Miller
f53e5e2bdf Fix compilation error with older Sun Studio compilers. 2018-04-24 16:40:16 -06:00
Todd C. Miller
55869277bd Update Bug #831 decription. 2018-04-24 14:29:58 -06:00
Todd C. Miller
f23d73dfe1 Add Chinese(Taiwan) translation for sudo. 2018-04-24 10:45:30 -06:00
Todd C. Miller
cfdae3a4fd Move the check for /dev/fd/N until *after* the digest has been 
checked.  We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().
 2018-04-24 07:21:08 -06:00
Todd C. Miller
64c78a61cb Rewind the fd after calling sudo_filedigest(). Otherwise, when 
running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N.  This only appears to affect BSD systems with
fdescfs.  Bug #831.
 2018-04-23 20:43:04 -06:00
Todd C. Miller
6e22da3412 In open_cmnd(), return true, not false, if we the /dev/fd/N pathname 
is not present.  We don't want to fail a match because of this.
 2018-04-23 14:42:35 -06:00