isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
8,846 Commits 1 Branch 0 Tags
d76d5eaebc38ed227b8ec0d964d6b5db32a68f80
Commit Graph

2041 Commits

Author SHA1 Message Date
Todd C. Miller
879ba68879 Don't set passprompt_override when SUDO_PROMPT is present. 
This effectively reverts ed77d255f383.

We treat the SUDO_PROMPT environment variable similar to passprompt
in sudoers: it will only override a PAM prompt if the PAM prompt
is either "Password:" or "username's Password:".
 2017-07-21 09:07:00 -06:00
Todd C. Miller
d129f306ea Add syslog_pid sudoers option to log sudo's process ID when logging 
via syslog.  This is disabled by default to match historic behavior.
 2017-07-20 16:33:12 -06:00
Todd C. Miller
43cbcbc24d When deciding which prompt to use (PAM's or sudo's) treat the PAM 
prompt "username's Password:" as equivalent to "Password:".
Some PAM modules (on AIX at least) use this prompt.
 2017-07-20 16:06:47 -06:00
Todd C. Miller
5923a28113 Add missing argument to a few of the defaults strings in the 
"sudo -V" output.
 2017-07-20 13:58:54 -06:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00
Todd C. Miller
1918ec4a55 When reading a single character via a switch() use "default: instead 
of "case 1:" to quiet a coverity warning.
 2017-07-17 14:44:18 -06:00
Todd C. Miller
6509482bfd Initialize ch in getsize_cb() in case we are called with the wrong 
initial state.
 2017-07-17 14:13:08 -06:00
Todd C. Miller
58858513f0 remove unused variable 2017-07-17 14:09:48 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
28fe335017 don't restore the cursor when setting terminal size, we don't want the cursor to move 2017-07-14 14:30:43 -06:00
Todd C. Miller
dbddf1bc36 Read the xterm terminal size using an event so we can easily time 
out if needed.
 2017-07-14 10:10:00 -06:00
Todd C. Miller
9a76678317 Allow sudoreplay to adjust the window size on xterm-like terminals. 2017-07-13 11:20:45 -06:00
Todd C. Miller
f79a236533 Log window size change events in the sudoers I/O plugin. 
Let sudoreplay parse a timing file with window change events
(currently ignored).
 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
022ac87d66 avoid padding in struct cmndspec 2017-06-09 08:58:44 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
b2770313c6 Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler warnings on macOS. 2017-05-23 13:19:50 -06:00
Todd C. Miller
47df575f68 Add some patterns that could result in exponential run time for 
poorly written '*' matching.
 2017-05-18 13:10:52 -06:00
Todd C. Miller
f60030b903 Fix compilation error on macOS 2017-05-15 08:57:45 -06:00
Todd C. Miller
7db97c7835 Avoid a clang analyzer false positive. 2017-05-12 10:02:18 -06:00
Todd C. Miller
a842913aa7 Use debug logging instead of ignore_result() where possible. 2017-05-12 10:02:18 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
b5c88e52b1 Remove use of the non-standard SA_INTERRUPT 2017-05-12 10:02:17 -06:00
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e453c97976 Restore the error message for sudo_ev_add() failure. 2017-05-12 10:02:17 -06:00
Todd C. Miller
246ed8777d Fix "make check" when openssl or gcrypt is used. Bug #787 2017-05-11 05:28:19 -06:00
Todd C. Miller
0244f931dd Only display string version of errno if sudo_ev_add() fails for now 2017-05-10 09:22:07 -06:00
Todd C. Miller
93c029f4f9 sync with translationproject.org 2017-05-07 06:44:33 -06:00
Todd C. Miller
4e67ac56bd In check_input() when switch()ing on the return value of read(), 
use the default label instead of 1 for the success case.  It is
only reading a single byte so the two are equivalent but it reads
better using default.
 2017-05-04 12:25:51 -06:00
Todd C. Miller
1a047b156d Check sudo_ev_add() return value. Coverity CID 168362 2017-05-04 11:10:42 -06:00
Todd C. Miller
1d1ebb6111 Add io_open() wrapper for open(2) that retries with PERM_IOLOG if 
open(2) fails with EACCES.  Use io_open() instead of duplicate
copies of the same fallback code.
 2017-05-04 11:00:22 -06:00
Todd C. Miller
8757691fc7 Don't retry the open() if set_perms() fails. 2017-05-04 10:45:05 -06:00
Todd C. Miller
237eddd95e Fix typo (fd2 vs. fd) caught by coverity, CID 168359. 2017-05-04 10:30:59 -06:00
Todd C. Miller
c379665556 Add tests for parsing tuples and syslog options. 2017-05-03 09:54:30 -06:00
Todd C. Miller
2d8717bdd2 Allow the syslog Defaults option to be used in a "true" boolean 
context and use the compiled in default log facility in this case.
 2017-05-03 09:53:03 -06:00
Todd C. Miller
631d458b6f Allow a tuple to be set to boolean true. Regression introduced by 
refactor of set_default_entry() in sudo 1.8.18.
 2017-05-03 09:28:36 -06:00
Todd C. Miller
9bccceaea1 In "make install", install sample sudoers file as /etc/sudoers.dist 
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).
 2017-04-26 13:52:49 -06:00
Todd C. Miller
f3daaba1c4 In sudo_sss_check_user() it is not possible for handle to be NULL. 2017-04-19 14:30:30 -06:00
Todd C. Miller
583fac17ea Fix a use after free when the fqdn sudoOption is set and no hostname 
value is present in sssd.conf.
 2017-04-19 14:15:18 -06:00
Todd C. Miller
871b912f46 sync with translationproject.org 2017-04-19 09:07:55 -06:00
Todd C. Miller
7c63dbf65e regen 2017-04-13 13:45:00 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00