isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,499 Commits 1 Branch 0 Tags
e28ba02c78f658da8be4903aaacc87ca4eacb10f
Commit Graph

2426 Commits

Author SHA1 Message Date
Todd C. Miller
e28ba02c78 Fix a typo. 2019-05-22 08:58:51 -06:00
Todd C. Miller
30a5ee9c5d Remove second catopen() which is never called. 2019-05-06 10:04:07 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
96ac6adae5 Filter out last login messages on HP-UX unless running a shell. 
HP-UX in trusted mode will display last login messages as part of
the PAM account management module by libpam_comsec.  There is no
way to suppress these messages from the PAM configuration in trusted
mode so we need to filter them in the conversation function.  In
regular mode, similar (but different) messages may be produced by
libpam_hpsec.
 2019-04-28 07:26:45 -06:00
Todd C. Miller
aa0146d68d Keep debug fds open in send_mail() to aid in debugging. 
Adds closefrom_nodebug() which acts like closefrom(3) but doesn't
close debug fds for use by send_mail().
Also moves the code to exec the mailer to its own function.
 2019-04-20 17:28:45 -06:00
Todd C. Miller
9048ee6c48 Set def_mailerflags even if sendmail was not found at configure time. 
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
 2019-04-19 10:14:10 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
f0910c01da Restrict the PAM_TTY kludge to Solaris and Linux-PAM. 
Setting PAM_TTY to the empty string causes problems with some modules
on HP-UX so restrict it to systems where it is fixes known issues.
 2019-04-08 08:50:03 -06:00
Todd C. Miller
194968eaf0 Plug a memory leak on user/group lookup failure found by ASAN. 2019-03-14 11:31:05 -06:00
Todd C. Miller
e31ac5a998 Fix test failure when run by a user other than the file owner. 2019-03-08 09:07:20 -07:00
Todd C. Miller
28b0bff4f3 Updated translations from translationproject.org 2019-03-08 08:36:01 -07:00
Todd C. Miller
0c31cf15fe Test cvtsudoers stdout and stderr separately. 
Fixes a test failure on systems with musl libc.  Bug #873
 2019-03-08 06:58:30 -07:00
Todd C. Miller
0766e0c647 Better comment about EOVERFLOW and pstat_getproc(). 
Also remove some useless casts.
 2019-03-06 20:15:11 -07:00
Todd C. Miller
ea3ede690f Ignore carriage return before a linefeed. 
This allows sudo to parse files with DOS-style line endings.
 2019-03-03 14:41:59 -07:00
Todd C. Miller
e1205f08d6 Add simple API for to allow reading environment data from different sources. 
Currently, this is used to read a file like /etc/environment.
 2019-02-20 17:05:02 -07:00
Todd C. Miller
f3344b5881 Fix pasto; the unrestricted env file was read when we want the restricted one. 2019-02-19 11:03:02 -07:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
36d4373403 Split command match code out into match_command.c. 
Also remove unused SUDOERS_NAME_MATCH code.
 2019-02-18 11:35:52 -07:00
Todd C. Miller
cf2bfbcd3f Split out digest matching into its own file. 2019-02-17 08:21:13 -07:00
Todd C. Miller
a04409747c Split out digest matching into its own file. 2019-02-17 06:47:37 -07:00
Todd C. Miller
1e6e048180 Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. 
Fixes a namespace collision on Solaris when bison is used.
 2019-02-12 12:02:02 -07:00
Todd C. Miller
bc25915050 Add stub definition of digest_matches() for SUDOERS_NAME_MATCH 2019-02-06 13:12:33 -07:00
Todd C. Miller
694999487b No longer need to include sudo_lbuf.h 2019-02-06 10:25:52 -07:00
Todd C. Miller
6dceca47cc Use SET macro instead of bitwise OR. 2019-02-05 16:47:08 -07:00
Todd C. Miller
c92f80b79e In sudo_make_grlist_item() the calculation of total did not include 
space for pointers to the group names.
 2019-02-05 16:46:30 -07:00
Todd C. Miller
4f74fe3a8e Use correct debug_decl() names. 2019-02-05 14:29:39 -07:00
Todd C. Miller
928faf27f2 Add fallback values for sudoers uid, gid and mode if not set in Makefile. 2019-02-05 10:02:17 -07:00
Todd C. Miller
ecc9c366e4 Fix listpw=never and verifypw=never. Bug #869 2019-01-22 06:41:16 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
e2675d8f1e Use PAM_SILENT to prevent pam_lastlog from printing last login 
information on RedHat except when explicitly running a shell.
Adapted from a patch from Nir Soffer.  Bug #867
 2019-01-07 09:50:40 -07:00
Todd C. Miller
32dc90c28e regen 2019-01-03 13:26:57 -07:00
Todd C. Miller
efe35e5b1e Use debug_return_int not debug_return_bool in resolve_host 2018-12-24 20:31:26 -07:00
Todd C. Miller
dc9338ffe7 Allow the sudoers file to be specified without the -f option. 
Bug #864
 2018-12-24 08:26:18 -07:00
Todd C. Miller
3d84150736 Updated translations from translationproject.org 2018-12-12 10:47:01 -07:00
Todd C. Miller
72050203bc Add -n and -R options to help; reported by Radovan Sroka 2018-12-11 09:17:15 -07:00
Todd C. Miller
142b370c1f The -c option was missing from the help info; from Radovan Sroka 2018-12-11 09:05:04 -07:00
Todd C. Miller
5242773489 In sudo_pam_approval(), for the exempt case, only overwrite pam 
status when the passwd is expired or needs to be updated.
 2018-12-08 08:10:04 -07:00
Todd C. Miller
4125808a85 The fix for bug #843 was incomplete and caused pam_end() to be called early. 
sudo_pam_approval() must not set the global pam status to an error
value if it returns AUTH_SUCCESS.  Otherwise, sudo_pam_cleanup()
will call pam_end() before sudo_pam_begin_session().  This resulted
in a NULL PAM handle being used in sudo_pam_begin_session().
 2018-12-07 09:51:34 -07:00
Todd C. Miller
733669ec38 Updated translations from translationproject.org 2018-11-07 11:21:05 -07:00
Todd C. Miller
cad10fbd2e Portuguese translation for sudo and sudoers from translationproject.org. 2018-11-07 11:20:27 -07:00
Todd C. Miller
cdd5bb32eb Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn 
and gai_log_warning that use gai_strerror() instead of strerror().
 2018-11-05 09:08:05 -07:00
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
9c2f4b8f19 regen 2018-10-29 08:32:36 -06:00
Todd C. Miller
1fe582a0e3 Add support for negated sudoRunAsUser and sudoRunAsGroup entries. 2018-10-28 15:46:27 -06:00
Todd C. Miller
03c56db408 Include getpwent() version of sudo_getgrouplist2_v1() from getgrouplist.c 2018-10-27 12:10:43 -06:00
Todd C. Miller
0398996b39 Use a testsudoers group file with known contents instead of the system one. 2018-10-27 10:57:37 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
0597969301 Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT 
Fixes problems building on older LDAP sdks.
 2018-10-26 10:34:16 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00