isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,012 Commits 1 Branch 0 Tags
cede7dd92dec7e0290ded3ae3e0d66b97f33265c
Commit Graph

11012 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
024f4475b7 regen 2021-06-15 14:25:26 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
d311c7b2ee If logsrvd_config not set fall back to using stderr for warnings. 
Also fix fuzz_logsrvd_conf link error.
 2021-06-13 18:42:09 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
df1895f66f Sudo 1.9.7p1 2021-06-11 12:50:23 -06:00
Todd C. Miller
8f7cae69cc Check arrays that are passed in for NULL before using them. 2021-06-09 16:07:49 -06:00
Todd C. Miller
f7f1617826 Disable nss_search()-based group lookups on HP-UX for now. 
There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to debug.  Since HP-UX doesn't ship the
appropriate headers it is likely that there is a mismatch between
include/compat/nss_dbdefs.h and what HP actually uses.
 2021-06-09 10:43:04 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
3104d8ba0b Make sure we don't read or write past the end of the group buffer. 
We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->maxgids if we ran out of room.
 2021-06-07 13:08:10 -06:00
Todd C. Miller
4b73c98c06 Add some debugging to sudo_getgrouplist2(). 2021-06-04 11:28:48 -06:00
Radovan Sroka
f44adcdf3c Fixed bad condition for sesh args 
In selinux_edit_copy_tfiles() when there is only one file and the open()
fails then number of arguments is lower than expected.
Sudo should return error with or without "Defaults !sudoedit_checkdir" set.

This was found with regression testing of CVE-2021-23240.

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2021-06-02 11:38:26 -06:00
Todd C. Miller
97f6fc259c Fix some debug_decl typos and remove an unneeded cast. 2021-06-02 07:22:11 -06:00
Todd C. Miller
82f5592d67 T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2. 2021-06-02 07:21:40 -06:00
Todd C. Miller
b1d4a02eab sudo_stat_plugin(): set errno but do not warn if plugin path too long. 
The caller will display the warning (using errno) so there is no
need to do it twice.
 2021-05-28 14:15:46 -06:00
Todd C. Miller
5087f68853 sudoreplay does not parse sudoers to find the value of iolog_dir. 
The default value for the I/O log directory is set at build time.
 2021-05-26 08:10:22 -06:00
Todd C. Miller
cc647c32e1 Fix group list ref leak in sudoers_policy_store_result() on error path. 2021-05-26 07:31:19 -06:00
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
0645a2ade6 Use /usr/bin/cc on FreeBSD and macOS. 2021-05-12 15:19:43 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
d9b8311122 Fix compiler warning on FreeBSD. 2021-05-12 07:53:19 -06:00
Todd C. Miller
96fb72e7cb Explicitly include netinet/in.h for struct sockaddr_in and sockaddr+_in6. 
Fixes a compilation problem on FreeBSD.
 2021-05-12 07:27:09 -06:00
Todd C. Miller
ec0dcab3ce Updated translations from translationproject.org 2021-05-10 13:52:55 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
0f5c8fe121 Remove line causing store_suspend_local() to return false on success. 
This is something that should have been removed as part of the local
I/O logging refactor.
 2021-05-10 13:44:31 -06:00
Todd C. Miller
3147bbeb24 Don't set the command status in the closure when the command is suspended. 
This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument.
 2021-05-10 13:42:06 -06:00
Todd C. Miller
6cdf49d33d Quiet -Wshadow warnings from gcc. 2021-05-07 15:10:51 -06:00
Todd C. Miller
7033f1c1d8 The -g option may also be used with any group the target user belongs to. 
The description in the Runas_Spec section incorrectly stated that
the -g option could not be used if no runas group was set.  Bug #975.
 2021-05-07 13:42:40 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
bfc17bc666 Updated translations from translationproject.org 2021-05-06 21:14:35 -06:00
Todd C. Miller
3018c1cd2d Build python plugin for RHEL 6 as well. 2021-05-06 18:59:51 -06:00
Todd C. Miller
9b33594a43 Remove shell-style quotes in configure warning/error/notice messages. 
Square bracket quotes are used, no need for shell-style double quotes.
 2021-05-06 14:41:35 -06:00
Todd C. Miller
96436787a1 Summarize configure settings after all tests have run. 
This makes it a lot easier to see what features have been enabled.
 2021-05-06 13:14:58 -06:00
Todd C. Miller
d71731e50d Remove --with-efence option, there are better options available. 2021-05-04 19:03:55 -06:00
Todd C. Miller
f2081f902b Move misplaced changes into the 1.9.7 section where they belong. 2021-05-04 14:23:39 -06:00
Todd C. Miller
468e9c7f48 Awful hack to pass on macOS where group_source=dynamic by default. 2021-05-04 13:58:29 -06:00
Todd C. Miller
0e9a5e4f90 Updated translations from translationproject.org 2021-05-04 12:26:07 -06:00
Todd C. Miller
e6f1adcb2c Document late stage 1.9.7 changes. 2021-05-04 12:25:38 -06:00
Todd C. Miller
9d734d57e7 sudo_sendlog: rename -m (max-time) to -s (stop-after). 2021-05-04 12:14:02 -06:00
Todd C. Miller
caf096e1a1 Update closure->elapsed_time in journal_seek(). 
Otherwise the commit point messages won't be accurate when restarting.
 2021-05-04 10:45:12 -06:00
Todd C. Miller
7376fa632f Add "-m elapsed" option to specify the max elapsed time of records to send. 
Useful for testing the ability of the server to handle restarted log
transfers.
 2021-05-04 08:22:34 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
c3534712de Fix I/O log restart of locally-store logs. 
This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.
 2021-05-03 16:54:25 -06:00
Todd C. Miller
b5542f8b26 Fix detection of the volatile flag when other flags are present. 
Otherwise flags fields like "volatile,ignore-other" will be ignored
by the Debian and BSD back ends.
 2021-05-03 13:51:21 -06:00