Commit Graph

1474 Commits

Author SHA1 Message Date
Todd C. Miller
cebd92a88e Fix a potential crash when getpwnam() of the running user fails
and we don't replace the negative cached entry with a faked up one.
From Stephane Chazelas
2015-02-05 11:17:26 -07:00
Todd C. Miller
b727d4309c Handle sudo_get_grlist() returning NULL which can happen if
getgrouplist() fails even after allocating the appropriate amount
of memory.  From Stephane Chazelas
2015-02-05 11:17:24 -07:00
Todd C. Miller
a3435e7d12 Require POSIX regular expression support for sudoreplay. 2015-02-05 11:16:06 -07:00
Todd C. Miller
1e30824a1a The plugin no longer needs to call initprogname() now that it links
with the same libsudo_util as sudo.
2015-02-05 11:08:55 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an
authentication failure.
2015-02-02 15:01:06 -07:00
Todd C. Miller
dfb369198a Sync with translationproject.org 2015-02-04 06:28:31 -07:00
Todd C. Miller
d1ce08369a Sync with translationproject.org 2015-02-04 06:23:57 -07:00
Todd C. Miller
2033be83c6 Regen with yacc skeleton that the clang analyzer doesn't complain about. 2015-02-03 15:58:09 -07:00
Todd C. Miller
a9bf105eda Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX
systems doesn't include stdint.h itself.
2015-02-03 10:00:30 -07:00
Todd C. Miller
536c83cec3 Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to
get the host's NIS domain.
2015-02-03 07:33:24 -07:00
Todd C. Miller
15717c518e Actually use the check for prior initialization in sudo_getdomainname(). 2015-02-02 15:38:03 -07:00
Todd C. Miller
fde8776d54 regen 2015-02-02 13:53:44 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance,
now renamed "active".
2015-02-01 08:24:49 -07:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but
also match nisNetgroupTriple entries that have no domain.
2015-01-30 14:45:22 -07:00
Todd C. Miller
97469c243c Avoid setting the tty to non-blocking mode so "sudoreplay | cat"
(for example) works as expected.  We only read a single byte from
the keyboard and only when interactive anyway so this should be fine.
2015-01-30 13:07:21 -07:00
Todd C. Miller
00e7dbd645 regen 2015-01-30 12:57:27 -07:00
Todd C. Miller
0ac881ba4b Avoid a cppcheck warning about undefined behavior (using the address
of a stack buffer - 1) and fix a memory leak of the iov when
doing nl->crnl conversion.
2015-01-30 10:45:15 -07:00
Todd C. Miller
770e6ca190 Fix handling of partial writes from writev() which can occur with
large output buffers.
2015-01-30 09:23:30 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
2015-01-29 14:08:30 -07:00
Todd C. Miller
741bb8ec79 Add macros to ease the checking of strlcpy, strlcat and
sudo_ldap_value_cat return values.
2015-01-22 11:42:32 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
2015-01-21 11:03:48 -07:00
Todd C. Miller
399d364a90 Remove now-unused VALIDATE_ERROR define. 2015-01-21 10:36:55 -07:00
Todd C. Miller
5415b3d2af should_mail() now returns bool. 2015-01-21 10:33:56 -07:00
Todd C. Miller
cb09010da5 Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. 2014-12-31 15:47:33 -07:00
Todd C. Miller
e0d927a98a sync 2014-11-20 13:34:17 -07:00
Todd C. Miller
c287419788 Require that a digest be specified with a real command, not an alias
or pseudo-command.  Found via a crash by afl.
2014-11-19 17:07:24 -07:00
Todd C. Miller
02b3fa2fdd French translation for sudoers from translationproject.org. 2014-11-19 15:20:11 -07:00
Todd C. Miller
bc6269e58b Prevent cppcheck from getting confused by our compat definition of
the va_copy macro for pre-C99.
2014-11-15 06:32:39 -07:00
Todd C. Miller
3870fdf622 Fix potential NULL pointer deref found by cppcheck. 2014-11-14 16:31:56 -07:00
Todd C. Miller
0c88ecd3bc Quiet a cppcheck false positive. 2014-11-14 16:31:30 -07:00
Todd C. Miller
b4432df5e2 Sync with translationproject.org 2014-11-10 12:37:58 -07:00
Todd C. Miller
832a4dee6b In set_fqdn() we neeed to set user_runhost/user_srunhost at the
same time we set user_host/user_shost since that is what
hostlist_matches() uses.  Bug #678
2014-11-12 20:33:41 -07:00
Todd C. Miller
5c13889f26 Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid,
sudoers_gid, and sudoers_mode in visudo.
2014-11-10 20:12:47 -07:00
Todd C. Miller
9d4589abd0 Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode
symbols from toke.l instead of the upper case defines.
2014-11-10 15:23:51 -07:00
Todd C. Miller
04d803c79c Use SSP_LDFLAGS when creating shared objects. 2014-11-10 14:58:46 -07:00
Todd C. Miller
9d6e1a57d5 Add sudoers_debug_deregister() and use it instead of calling
sudo_debug_deregister() directly.
2014-10-27 16:06:20 -06:00
Todd C. Miller
0982f7838b Use AC_PROG_AWK 2014-10-27 14:54:13 -06:00
Todd C. Miller
6b1b734ffa Add a flag argument to sudo_conf_read() so we can decide which
bits get parsed.  This lets us parse Debug statements first and
init the debug subsystem early.
2014-10-26 08:33:08 -06:00
Todd C. Miller
34d9cfe1cf Initialize the debug subsystem in sudoers early. Currently this
means iterating over the settings list twice.
2014-10-24 12:50:12 -06:00
Todd C. Miller
4bf641df69 In the plugin registers with the debug framework at open time, the
sudo front-end will now set the default debug instance appropriately
before calling into the plugin.  This means the plugin no longer needs
to do the sudo_debug_set_default_instance() dance.
2014-10-24 11:17:48 -06:00
Todd C. Miller
6c6f502835 Older shells don't support unset. 2014-10-23 16:23:37 -06:00
Todd C. Miller
17a2a27e46 Use generic bitmap macros instead of select-style fd_set. 2014-10-23 14:37:27 -06:00
Todd C. Miller
935e48c6e4 Don't call into the debug subsystem after we've deregistered the
plugin's instance.
2014-10-23 13:42:50 -06:00
Todd C. Miller
3860552713 Fix typo in unset. 2014-10-23 09:50:29 -06:00
Todd C. Miller
fe9e035ccf Set debug instance for standalone programs. 2014-10-23 09:40:36 -06:00
Todd C. Miller
1ca52382a4 Fix compilation issues, fallout from the debug changes. 2014-10-23 09:26:13 -06:00
Todd C. Miller
6d2be1fd62 regen 2014-10-23 07:57:37 -06:00
Todd C. Miller
5270ebf1f2 When registering with the debug subsystem, the caller now passes
in an arrary of ints that gets filled in with the subsytem IDs to
be used in debug_decl.
2014-10-23 06:36:50 -06:00
Todd C. Miller
8db5f29398 sudoers_debug_instance is now included in libparsesudoers so we don't
need to declare it here.
2014-10-23 06:19:30 -06:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names
and defines.
2014-10-22 13:30:52 -06:00