isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,408 Commits 1 Branch 0 Tags
cfa4879dbd6528e2a1c40517d59ec6a48e4afa16
Commit Graph

9408 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
c88b859853 typo 2018-10-29 09:23:25 -06:00
Todd C. Miller
9c2f4b8f19 regen 2018-10-29 08:32:36 -06:00
Todd C. Miller
9378808b3a More updates for 1.8.26 2018-10-29 06:19:59 -06:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
fb015fac1b Document that the target user's groups may be specified via the -g option. 2018-10-27 12:52:17 -06:00
Todd C. Miller
03c56db408 Include getpwent() version of sudo_getgrouplist2_v1() from getgrouplist.c 2018-10-27 12:10:43 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
ffe2041a02 Skip sudo_getgrouplist2() check on systems with getgrouplist_2(). 
sudo_getgrouplist2() is just a wrapper on such systems and this
avoids a test failure on macOS where a user is automatically a
member of certain groups.
 2018-10-26 11:11:58 -06:00
Todd C. Miller
e22410ba64 Add missing exported symbol sudo_term_eof 2018-10-26 10:45:12 -06:00
Todd C. Miller
0597969301 Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT 
Fixes problems building on older LDAP sdks.
 2018-10-26 10:34:16 -06:00
Todd C. Miller
5eb0fbd076 add getgrouplist_test.c 2018-10-26 10:26:27 -06:00
Todd C. Miller
a3cb22b467 Check the user's primary gid from the passwd file too. 2018-10-26 10:24:38 -06:00
Todd C. Miller
06035f193e ignore prologue 2018-10-26 10:10:52 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
404524c4ef Add regress test for sudo_getgrouplist2(). 
This test assumes all the groups in root's group list can
be resolved by group ID.
 2018-10-26 06:52:46 -06:00
Todd C. Miller
50b581ec3d More changes in 1.8.26 2018-10-25 09:04:52 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
78d35de935 Remove an errant grset++ in the AIX version of sudo_getgrouplist2(). 
Bug #857
 2018-10-25 07:17:31 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
56cff772eb Asturian translation for sudo from translationproject.org 2018-10-22 06:21:59 -06:00
Todd C. Miller
3710d5ba07 Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present 
on macOS.
 2018-10-21 15:24:33 -06:00
Todd C. Miller
4c82e18ac1 Add --enable-pvs-studio configure option to create PVS-Studio.cfg. 2018-10-21 08:46:09 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
45652e6d71 Simplify range checks. 
No need to check for ERANGE in the cases where we also check
that the value is <= INT_MAX.  Found by PVS-Studio.
 2018-10-20 08:47:12 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
e9dec0f8d2 Remove some calls to sudo_fatalx(); just propagate the error return. 2018-10-19 13:35:05 -06:00
Todd C. Miller
6a85992b34 No need to check if fd_dst is -1 in sudoedit mode. 
Failure to open the destination sudoedit file is fatal so there's
no need to check that fd_dst != -1 later on.  Found by PVS-Studio.
 2018-10-19 13:33:37 -06:00
Todd C. Miller
6786d53d45 In timestamp_open() no need to free cookie on error, it is NULL. 
Found by PVS-Studio.
 2018-10-19 13:32:24 -06:00
Todd C. Miller
deccfe68f1 Fix a memory leak on malloc() error in sudo_ldap_role_to_priv(). 
Coverity CID 188804
 2018-10-18 15:38:54 -06:00
Todd C. Miller
84ef500061 Move the allocation of role to be immediately before in_role is set. 
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.
 2018-10-18 14:43:08 -06:00
Todd C. Miller
2ff8f8601b Fix trimming of non-escaped trailing space in ldif_parse_attribute(). 
Found by PVS-Studio.
 2018-10-18 14:29:33 -06:00
Todd C. Miller
c2d93b8c97 Simplify the logic surrounding sudoers_args in command_args_match(). 
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.
 2018-10-18 14:24:55 -06:00
Todd C. Miller
54784a234c If sudo_ldap_get_values_len() fails goto cleanup instead of oom. 
This is not strictly necessary as there's not anything to cleanup
in this case but it is more consistent with the code that follows.
 2018-10-18 14:19:09 -06:00
Todd C. Miller
63afa569f7 Fix handling of timeout values in sudoers. 
When passing the timeout back to the front end, ignore the
user-specified timeout if it is not set (initialized to 0).
Otherwise, sudo would choose a zero user-specified timeout over
the sudoers-specified timeout (non-zero).
 2018-10-18 08:08:44 -06:00
Todd C. Miller
675fc34c3d Fix cut & pastos in cvtsudoers_make_gritem() 2018-10-17 09:54:53 -06:00
Todd C. Miller
60f0d65e22 Fix expected test output now that command_timeout is parsed correctly 
in LDIF.
 2018-10-17 06:57:06 -06:00
Todd C. Miller
939585e906 tv_nsec can never be negative after timespecsub. 
Found by PVS Studio
 2018-10-17 06:21:48 -06:00
Todd C. Miller
25a58ba1ca Avoid potentially undefined behavior. 
Found by PVS Studio.
 2018-10-16 12:50:43 -06:00
Todd C. Miller
e1a402f1d6 sudo_ldap_parse_option() never returns '=' as the operator. 
When parsing command_timeout, role, type, privs and limitprivs,
check that val is non-NULL instead.  Found by PVS Studio.
 2018-10-16 12:49:34 -06:00
Todd C. Miller
a9fd783f20 Fix up #line entries that reference lex.sudoers.c. 2018-10-16 10:31:43 -06:00
Todd C. Miller
387672583e Fix workaround for broken sudo 1.8.7 timing files. 2018-10-13 08:08:16 -06:00
Todd C. Miller
fa7e6f3f04 Fix memory leak when reusing the runas list. We need to free the 
member list itself as well as its contents.
 2018-10-13 07:31:34 -06:00
Todd C. Miller
75d9c6f165 Some DIAGNOSTICS updates: 
Update error message for when the user's uid does not exist in passwd.
Remove "This error indicates" and some other cosmetic cleanups.
 2018-10-13 06:21:52 -06:00
Todd C. Miller
fbf396e336 If the user's passwd entry cannot be resolved via the uid, use the 
same error message as visudo.
 2018-10-13 06:19:03 -06:00
Todd C. Miller
ae7198a247 Add a DIAGNOSTICS section with an explanation of the more non-trivial 
error messages.
 2018-10-12 09:40:37 -06:00
Todd C. Miller
b89cf34b53 Replace sudo_fatal(NULL) with an "unable to allocate memory" message 
that includes the function name.
 2018-10-12 08:39:12 -06:00