isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,039 Commits 1 Branch 0 Tags
d5d170252a1065a6b10c3e8d0a7df1aee13a33df
Commit Graph

9039 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
6ca8447e00 An empty RunAsUser means run as the invoking user, similar to how 
the sudoers files works.
 2017-12-12 14:20:56 -07:00
Todd C. Miller
f869086eff regen 2017-12-12 14:19:13 -07:00
Todd C. Miller
1350a30737 Add authfail_message sudoers option to allow the user to override 
the default message of %d incorrect password attempt(s).
 2017-12-11 12:43:58 -07:00
Todd C. Miller
5106bfc139 Allow the plugin to determine whether or not an empty timeout is 
allowed.  For sudoers, an error will be returned for an empty timeout.
 2017-12-11 09:20:41 -07:00
Todd C. Miller
b5463c2809 Return an error for an empty timeout string. Just use strtol() for 
syntax checking instead of scanning with strspn().
 2017-12-11 09:19:42 -07:00
Todd C. Miller
bbc43b5e30 Change some _() into U_() since they are used for warn/fatal. 
We always want to issue warnings in the user's locale.
 2017-12-11 08:07:01 -07:00
Todd C. Miller
b68554b7cf update my email address 2017-12-11 06:02:52 -07:00
Todd C. Miller
3d13fe4fae Don't print mercurial branch info for merges. 2017-12-10 19:45:52 -07:00
Todd C. Miller
a388ddbcf5 Use log size instead of using a separator between the log entry and 
the file names.
 2017-12-10 13:39:41 -07:00
Todd C. Miller
d322caf7ac Print usage and return an error when an empty argument is given for 
all command line arguments other than -p and -E.  Bug #817
 2017-12-10 07:53:09 -07:00
Todd C. Miller
00a00ebd1d Better input validation of settings passed by the sudo front-end. 
Instead of ignoring an empty setting, throw an error.
 2017-12-10 07:45:49 -07:00
Todd C. Miller
63209fe8f7 Treat a blank line in a commit message as a line break. There 
doesn't appear to be a way to make perl's format use a blank field
but at least the line break happens now.
 2017-12-10 05:56:22 -07:00
Todd C. Miller
5f5a60f822 Add script to generate ChangeLog from git log output. 2017-12-09 20:40:28 -07:00
Todd C. Miller
b16912da1d Don't include syslog.h from logging.h, just include it in the two 
.c files it is actually needed.
 2017-12-08 15:00:41 -07:00
Todd C. Miller
e78283af99 Document that in check mode, visudo does not check the owner/mode 
on files specified with the -f flag.
 2017-12-06 10:17:33 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
01587b1b14 Add missing carriage return before prompt when replay is done. 2017-12-02 21:32:24 -07:00
Todd C. Miller
a2eff11509 Track window size changes that happen while sudo is suspended 2017-12-02 21:30:11 -07:00
Todd C. Miller
988328393a regen 2017-12-01 15:43:04 -07:00
Todd C. Miller
276d83cc98 regen for sudo 1.8.22 2017-12-01 14:37:16 -07:00
Todd C. Miller
e8532bdcee Sudo 1.8.22 2017-12-01 14:35:34 -07:00
Todd C. Miller
c2eee7904d Background processes started by the command will no longer receive 
SIGHUP.
 2017-12-01 13:53:09 -07:00
Todd C. Miller
b561d0d7dd When the command completes, make the monitor the foreground process 
group before informing the main sudo process of the command's exit
status.  This will prevent processes started by the command (which
runs in a different process group) from receiving SIGHUP since the
kernel sends SIGHUP to the foreground process group associated with
the terminal session.  The monitor has a SIGHUP handler installed
so the signal is effectively ignored.
 2017-12-01 13:43:06 -07:00
Todd C. Miller
4168668f53 Add debug printfs around group list retrieval. 2017-12-01 12:58:37 -07:00
Todd C. Miller
116c5d7eff Move call to sudo_ev_loopcontinue() into schedule_signal() itself. 
We always want to prioritize signal forwarding.
 2017-11-30 10:02:15 -07:00
Todd C. Miller
b9adb3dd51 Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying 
to handle EINTR.  We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
 2017-11-30 09:53:21 -07:00
Todd C. Miller
9298a2a42e Better describe things when a command is run in a pty. 2017-11-21 16:59:54 -07:00
Todd C. Miller
486ced7c11 Sprinkle some extra debugging printfs 2017-11-29 13:13:33 -07:00
Todd C. Miller
54acf4f991 Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the tty. 
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run.  Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
5ccc7ab879 We don't need to be the foreground process to be able to write to 
the terminal in most cases.  If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end.  This currently mishandles terminals with
the TOSTOP local flag set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
93828eca65 Avoid a double free when ipa_hostname is set in sssd.conf and it 
is an unqualified host name.  From Daniel Kopecek.

Also move the "unable to allocate memory" warning into get_ipa_hostname()
itself to make it easier to see where the allocation failed in the
debug log.
 2017-11-28 11:28:44 -07:00
Todd C. Miller
250209d7a8 When running a command as the invoking user we cannot use the gid 
list from the front-end since it may not correspond to the user's
aux group vector as defined by the group database.
 2017-11-28 09:48:43 -07:00
Todd C. Miller
dd47a0a416 Add missing initprogname() calls. 2017-11-28 09:06:44 -07:00
Todd C. Miller
ca2e1a455a Plug some memory leaks on error, some found by the clang static analyzer. 2017-11-16 09:43:24 -07:00
Todd C. Miller
bcc0eeb575 Avoid calling cmnd_matches() in list/verify mode if we already have 
a match.
 2017-11-15 15:09:25 -07:00
Todd C. Miller
88faa58735 In list (-l) or verify (-v) mode, if we have a match but authentication 
is required, clear FLAG_NOPASSWD so that when listpw/verifypw is
set to "all" and there are multiple sudoers sources a password will
be required unless none of the entries in all sources require
authentication.  From Radovan Sroka of RedHat
 2017-11-15 15:06:45 -07:00
Todd C. Miller
2cbdc26540 When checking the results for "sudo -l" and "sudo -v", keep checking 
even after we get a match since the value of doauth may depend on
evaluating all the results.  From Radovan Sroka of RedHat.
 2017-11-15 12:27:39 -07:00
Todd C. Miller
a62cd4b4fe If passwd_tries is less than 1, check_user() will always return 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
 2017-11-14 13:58:35 -07:00
Todd C. Miller
4e8c037f22 Document bash shell alias issue with "sudo -i". 2017-10-22 06:54:41 -06:00
Todd C. Miller
53a8ad7120 Return an error if the sudo front end doesn't set the user name, user ID, 
group ID or host name.  Bug #807
 2017-10-20 07:55:48 -06:00
Todd C. Miller
2c45774a35 Treat an empty hostname as a failure and return NULL. 2017-10-20 07:37:40 -06:00
Todd C. Miller
740c619d33 Add support for #include and #includedir from Natale Vinto. 2017-10-17 14:28:38 -06:00
Todd C. Miller
c017741589 Minor corrections from Tae Wong 2017-10-14 16:24:10 -06:00
Todd C. Miller
cece54ae85 Add a warning that for "sudo -i command" and "sudo -s command" the 
shell is not run in interactive mode which may change its behavior.
 2017-10-12 10:07:46 -06:00
Todd C. Miller
3b88cdfcd8 Fix stair-stepped output when the output of a sudo command is piped 
to another command and use_pty is set.
 2017-09-26 14:21:11 -06:00
Todd C. Miller
1051cf1e6f env_keep and env_check are also taken into account with "sudo -i". 
Bug #806
 2017-09-26 13:08:57 -06:00
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
dcb887807e Add missing translators from recent updates and one name change. 2017-09-14 11:05:41 -06:00
Todd C. Miller
9ab1c9935d sync with translationproject.org 
* * *
sync with translationproject.org
 2017-09-07 15:47:09 -06:00
Todd C. Miller
7e78fbccfd More accurately describe the use_pty option now that its behavior 
has changed with respect to interposition with a pipe.
Also describe some caveats with log_input.
 2017-09-07 14:59:37 -06:00