isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,465 Commits 1 Branch 0 Tags
cf2bfbcd3fdee92a2df53ec0ed85877b35aceaf7
Commit Graph

2407 Commits

Author SHA1 Message Date
Todd C. Miller
cf2bfbcd3f Split out digest matching into its own file. 2019-02-17 08:21:13 -07:00
Todd C. Miller
a04409747c Split out digest matching into its own file. 2019-02-17 06:47:37 -07:00
Todd C. Miller
1e6e048180 Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. 
Fixes a namespace collision on Solaris when bison is used.
 2019-02-12 12:02:02 -07:00
Todd C. Miller
bc25915050 Add stub definition of digest_matches() for SUDOERS_NAME_MATCH 2019-02-06 13:12:33 -07:00
Todd C. Miller
694999487b No longer need to include sudo_lbuf.h 2019-02-06 10:25:52 -07:00
Todd C. Miller
6dceca47cc Use SET macro instead of bitwise OR. 2019-02-05 16:47:08 -07:00
Todd C. Miller
c92f80b79e In sudo_make_grlist_item() the calculation of total did not include 
space for pointers to the group names.
 2019-02-05 16:46:30 -07:00
Todd C. Miller
4f74fe3a8e Use correct debug_decl() names. 2019-02-05 14:29:39 -07:00
Todd C. Miller
928faf27f2 Add fallback values for sudoers uid, gid and mode if not set in Makefile. 2019-02-05 10:02:17 -07:00
Todd C. Miller
ecc9c366e4 Fix listpw=never and verifypw=never. Bug #869 2019-01-22 06:41:16 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
e2675d8f1e Use PAM_SILENT to prevent pam_lastlog from printing last login 
information on RedHat except when explicitly running a shell.
Adapted from a patch from Nir Soffer.  Bug #867
 2019-01-07 09:50:40 -07:00
Todd C. Miller
32dc90c28e regen 2019-01-03 13:26:57 -07:00
Todd C. Miller
efe35e5b1e Use debug_return_int not debug_return_bool in resolve_host 2018-12-24 20:31:26 -07:00
Todd C. Miller
dc9338ffe7 Allow the sudoers file to be specified without the -f option. 
Bug #864
 2018-12-24 08:26:18 -07:00
Todd C. Miller
3d84150736 Updated translations from translationproject.org 2018-12-12 10:47:01 -07:00
Todd C. Miller
72050203bc Add -n and -R options to help; reported by Radovan Sroka 2018-12-11 09:17:15 -07:00
Todd C. Miller
142b370c1f The -c option was missing from the help info; from Radovan Sroka 2018-12-11 09:05:04 -07:00
Todd C. Miller
5242773489 In sudo_pam_approval(), for the exempt case, only overwrite pam 
status when the passwd is expired or needs to be updated.
 2018-12-08 08:10:04 -07:00
Todd C. Miller
4125808a85 The fix for bug #843 was incomplete and caused pam_end() to be called early. 
sudo_pam_approval() must not set the global pam status to an error
value if it returns AUTH_SUCCESS.  Otherwise, sudo_pam_cleanup()
will call pam_end() before sudo_pam_begin_session().  This resulted
in a NULL PAM handle being used in sudo_pam_begin_session().
 2018-12-07 09:51:34 -07:00
Todd C. Miller
733669ec38 Updated translations from translationproject.org 2018-11-07 11:21:05 -07:00
Todd C. Miller
cad10fbd2e Portuguese translation for sudo and sudoers from translationproject.org. 2018-11-07 11:20:27 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
9c2f4b8f19 regen 2018-10-29 08:32:36 -06:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
03c56db408 Include getpwent() version of sudo_getgrouplist2_v1() from getgrouplist.c 2018-10-27 12:10:43 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
0597969301 Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT 
Fixes problems building on older LDAP sdks.
 2018-10-26 10:34:16 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
45652e6d71 Simplify range checks. 
No need to check for ERANGE in the cases where we also check
that the value is <= INT_MAX.  Found by PVS-Studio.
 2018-10-20 08:47:12 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
6786d53d45 In timestamp_open() no need to free cookie on error, it is NULL. 
Found by PVS-Studio.
 2018-10-19 13:32:24 -06:00
Todd C. Miller
deccfe68f1 Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). 
Coverity CID 188804
 2018-10-18 15:38:54 -06:00
Todd C. Miller
84ef500061 Move the allocation of role to be immediately before in_role is set. 
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.
 2018-10-18 14:43:08 -06:00
Todd C. Miller
2ff8f8601b Fix trimming of non-escaped trailing space in ldif_parse_attribute(). 
Found by PVS-Studio.
 2018-10-18 14:29:33 -06:00
Todd C. Miller
c2d93b8c97 Simplify the logic surrounding sudoers_args in command_args_match(). 
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.
 2018-10-18 14:24:55 -06:00
Todd C. Miller
54784a234c If sudo_ldap_get_values_len() fails goto cleanup instead of oom. 
This is not strictly necessary as there's not anything to cleanup
in this case but it is more consistent with the code that follows.
 2018-10-18 14:19:09 -06:00
Todd C. Miller
63afa569f7 Fix handling of timeout values in sudoers. 
When passing the timeout back to the front end, ignore the
user-specified timeout if it is not set (initialized to 0).
Otherwise, sudo would choose a zero user-specified timeout over
the sudoers-specified timeout (non-zero).
 2018-10-18 08:08:44 -06:00
Todd C. Miller
675fc34c3d Fix cut & pastos in cvtsudoers_make_gritem() 2018-10-17 09:54:53 -06:00
Todd C. Miller
60f0d65e22 Fix expected test output now that command_timeout is parsed correctly 
in LDIF.
 2018-10-17 06:57:06 -06:00
Todd C. Miller
25a58ba1ca Avoid potentially undefined behavior. 
Found by PVS Studio.
 2018-10-16 12:50:43 -06:00
Todd C. Miller
e1a402f1d6 sudo_ldap_parse_option() never returns '=' as the operator. 
When parsing command_timeout, role, type, privs and limitprivs,
check that val is non-NULL instead.  Found by PVS Studio.
 2018-10-16 12:49:34 -06:00
Todd C. Miller
a9fd783f20 Fix up #line entries that reference lex.sudoers.c. 2018-10-16 10:31:43 -06:00