isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,784 Commits 1 Branch 0 Tags
d65bcf2ab35c068df6330a64ee13da35b8834aac
Commit Graph

3375 Commits

Author SHA1 Message Date
Todd C. Miller
d65bcf2ab3 Avoid a Coverity false positive. 2022-08-18 10:27:01 -06:00
Todd C. Miller
81a3339df9 Remove cast from time_t to int to avoid a Coverity false positive. 
The cast should not be required.
 2022-08-18 10:21:14 -06:00
Todd C. Miller
158facf6d5 Use multilib rules to look for a 64-bit group plugin on failure. 
If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file using system-dependent multilib rules.
If we don't support multilib on the platform, check for a version
of the file that ends in "64" before the .so suffix.
 2022-08-11 19:34:50 -06:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Todd C. Miller
184f0a2493 Merge pull request #165 from bdrung/xdg-current-desktop 
Add XDG_CURRENT_DESKTOP to initial_keepenv_table
 2022-08-02 15:45:08 -06:00
Todd C. Miller
9c61d7e6e9 Bump the sudo plugin minor version. 
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
 2022-08-02 14:28:29 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Carlo Teubner
2b5dcf255d visudo.c: add nvim (Neovim) to lineno_editor list 
Neovim supports it: https://neovim.io/doc/user/starting.html#-+
 2022-07-31 17:20:50 +01:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Todd C. Miller
620a563b54 Only set MODE_POLICY_INTERCEPTED if we are running a command. 
Fixes an error with "sudo -l" when intercept is enabled globally.
 2022-07-29 15:17:45 -06:00
Benjamin Drung
225feb386e Add XDG_CURRENT_DESKTOP to initial_keepenv_table 
Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme.

Since `DISPLAY` and `XAUTHORITY` are already in the default table of
variables to preserve in the environment, just add `XDG_CURRENT_DESKTOP`
to it.

Bug: https://launchpad.net/bugs/1958055
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
 2022-07-29 11:35:47 +02:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
e7b7fbaf6e Increase the realloc increment from 128 to 1024. 
The contents of the env_add array should not include the leading
"env=" prefix.
 2022-07-09 09:02:25 -06:00
Todd C. Miller
224d78993a sudo_putenv_nodebug: require that the environment string include a '=' 2022-07-09 09:00:48 -06:00
Todd C. Miller
fba81260ad If update_defaults() fails, treat it as a parse error. 2022-07-08 14:01:15 -06:00
Todd C. Miller
3dc8497b48 Add additional PVS-studio suppression comments for generated code. 2022-07-08 10:53:00 -06:00
Todd C. Miller
a7f9c8162e Fix compilation error when SUDOERS_NAME_MATCH is defined. 2022-07-07 20:28:49 -06:00
Todd C. Miller
5a59ce159e Fix a NOPASSWD issue with a non-existent command when fdexec=always 
In command_matches_all(), if the command is fully-qualified and
open_cmnd() return false, only treat it as an error if we are able
to stat(2) the command.  For "sudo ALL" a non-existent command is
not an error.
 2022-07-07 20:11:44 -06:00
Todd C. Miller
41e7532c90 Quote ^foo$ on command line to protect it from the shell. 2022-07-07 10:13:22 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a311180bbc sudoers/cvtsudoers: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:31:50 +08:00
Todd C. Miller
985a2261bc sudoers_main: defer setting return value until the end when running a command 
Otherwise, we could return success when there was an error from a
system call or memory allocation failure.
 2022-06-30 13:35:04 -06:00
Todd C. Miller
885abf48d7 Save the initial command run via sudo and use it when logging exit status. 
Otherwise, if we are in intercept mode or logging sub-commands the
exit status will be logged with the wrong command.
 2022-06-30 11:10:43 -06:00
Todd C. Miller
5f534979ef Regenerate dependencies 2022-06-29 10:18:56 -06:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
38278640ca Update group_plugin_load() stub to match its prototype. 2022-06-28 16:42:25 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
49c27f5278 log_exit_status: make local variables match struct evlog members. 2022-06-14 13:10:13 -06:00
Todd C. Miller
1c00c7c238 Fix pasto in comment after HAVE_PRIV_SET #endif 2022-06-10 09:42:22 -06:00
Todd C. Miller
6525436db7 Change black list -> blocklist 
This was missed in the previous conversion.
 2022-06-09 14:49:49 -06:00
Todd C. Miller
d04810c4f2 Save a pointer to the event_alloc parameter in the plugin open function. 
That way we don't need to pass event_alloc around to the log client
functions.
 2022-06-09 13:05:21 -06:00
Stefan Linke
a074d058ef Fix typo in sudoers comment 
Fix a typo in the sudoers comment about `maxseq` param.

Introduced by 906eb19ece in 1.9.11.
 2022-06-07 13:03:03 +02:00
Todd C. Miller
24522fb4e4 Updated translations from translationproject.org 2022-06-04 11:44:13 -06:00
Todd C. Miller
258b504be8 Rebuild Croatian message catalog. 2022-06-04 10:25:30 -06:00
Todd C. Miller
aee276ea63 Quiet two clang analyzer false positives. 2022-06-03 11:05:34 -06:00
Todd C. Miller
bec9603f3a Use abs_top_builddir instead of pwd/$(top_builddir). 2022-06-02 10:23:04 -06:00
Todd C. Miller
89b80ea690 Fix bug in last commit, need to reinitialize role to NULL. 2022-06-01 14:49:31 -06:00
Todd C. Miller
eb0135a93a Simplify the check for when we can reuse the previous user and host specs. 
This makes the code easier to read and quiets a cppcheck false positive.
 2022-06-01 14:30:47 -06:00
Todd C. Miller
3074f64bd1 Updated translations from translationproject.org 2022-06-01 09:25:06 -06:00
Todd C. Miller
c20c3b5631 Only display "unable to connect to log server" warning once. 
Previously, in intercept mode, if the log server is unreachable the
message would be printed for each sub-command.
 2022-05-31 20:03:17 -06:00
Todd C. Miller
dc8311dae9 Fix potential signed integer overflow on 32-bit CPUs. 
Converting fractional minutes to nanoseconds could overflow a 32-bit
integer, use long long instead.
 2022-05-27 15:47:32 -06:00
Todd C. Miller
93916fde4f Fix path to example sudoers file, it is now in the build dir. 2022-05-27 15:33:58 -06:00
Todd C. Miller
b497d74544 init_options: initialize apparmor_profile to NULL 2022-05-27 13:57:22 -06:00
Todd C. Miller
346e63cd7c Update .pot files for 1.9.11 2022-05-26 09:41:54 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00