isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,685 Commits 1 Branch 0 Tags
e3edd7a09a7b9bb33fceec15ce720f68f57811f0
Commit Graph

3793 Commits

Author SHA1 Message Date
Todd C. Miller
e3edd7a09a Add example for disabling intercept/log_subcmds for certain commands. 2023-10-18 17:35:40 -06:00
Todd C. Miller
385d506d35 tsdump: fix compiler warnings 2023-10-18 10:02:16 -06:00
Todd C. Miller
14d514e5ac Avoid using %zu or %zd with printf() and fprintf(). 
This prevents problems on systems where the system printf(3) is not
C99-compliant.  We use our own snprintf() on such systems so that
is safe.
 2023-10-17 20:14:53 -06:00
Todd C. Miller
58d6554a78 Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid 
problems on systems where the system printf(3) is not C99-compliant.
We use our own snprintf() on such systems.
 2023-10-17 20:09:16 -06:00
Todd C. Miller
cf9fc5317e strlcpy_expand_host, sudo_getdelim, sudo_realpath: add restrict qualifier 2023-10-17 10:47:43 -06:00
Rose
97f8052427 Add restrict to strlcpy and expand_prompt 2023-10-17 10:33:15 -06:00
Rose
b2a44430b5 Redundant cast removal in sudoers_hooks 
def_sudoers_locale is already a char*
 2023-10-15 11:25:28 -06:00
Rose
e095069d2a Prefer fputs over fprintf where possible 
fprintf does extra work and meant for formatting strings.
 2023-10-15 10:28:57 -06:00
Todd C. Miller
2d437c793d Fix spelling: resistent -> resistant 2023-10-12 10:20:34 -06:00
Alexander F. Rødseth
07426f8a1a Add Orbiton ("o") to the list of editors that supports +lineno 2023-10-02 14:44:10 -06:00
Alexander F. Rødseth
356ea96ef7 Sort the list of editors that supports +lineno 2023-10-02 14:44:10 -06:00
Todd C. Miller
9a715b6941 Fix compatibility with older versions of (new) awk. 
Do not rely on awk supporting "-f -" to read the program from stdin.
Avoid using POSIX character classes in regular expressions.
 2023-10-02 10:31:55 -06:00
Todd C. Miller
344e0daecc Use long, not long long, when getting/setting numeric attributes. 
We use int or long, not long long, in the Python plugin.
 2023-09-27 16:35:39 -06:00
Todd C. Miller
1398289fab Add casts when storing values in a struct timespec. 
Fixes -Wconversion warnings on some 32-bit systems where time_t is
still 32-bit.
 2023-09-27 15:11:10 -06:00
Todd C. Miller
9cc57f4936 sudo_file_open: initialize parser before calling open_sudoers(). 
Otherwise, the parser_conf settings in the context passed to
sudo_file_open() will not be honored by open_sudoers().
Affected settings include ignore_perms, sudoers mode, uid and gid.
 2023-09-27 15:16:18 -06:00
Todd C. Miller
837f400ac8 digest_matches: actually use fd2 in place of fd as needed. 2023-09-26 11:51:10 -06:00
Todd C. Miller
ff2d8464cf digest_matches: if fd argument is -1, try to open path before failing 2023-09-26 11:44:37 -06:00
Todd C. Miller
4d4279d0ca Add missing execute bit on some test scripts. 2023-09-26 10:58:36 -06:00
Todd C. Miller
29feb41da2 max_groups in sudoers_plugin_settings is no longer used. 2023-09-25 11:32:15 -06:00
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
1c13b8a628 Add support for "plugin" defaults type. 2023-09-24 16:28:36 -06:00
Todd C. Miller
c1708f0cf1 Support multiple input files. 2023-09-24 16:27:22 -06:00
Todd C. Miller
1c7d757b79 check_user: fix return value for intercept mode 
Also use early return on error to quiet a PVS-Studio warning.
 2023-09-22 10:38:46 -06:00
Todd C. Miller
f2d267bfb4 Only define _PATH_ENVIRONMENT on systems where we use /etc/environment. 2023-09-20 16:49:27 -06:00
Todd C. Miller
d9da92951a Replace '/' with '_' in paths using the user, group or host name. 2023-09-20 09:00:27 -06:00
Todd C. Miller
7363ad7b32 Use the user-ID instead of user-name for the timestamp and lecture file. 
This avoids problems if the user name itself contains a path separator.
 2023-09-11 10:27:35 -06:00
Todd C. Miller
94b80e3ad4 Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED. 2023-09-19 15:16:30 -06:00
Todd C. Miller
d53bbb54b2 Add macros to determine the length of an integer type in string form. 
Adapted from answer #6 in:
https://stackoverflow.com/questions/10536207/ansi-c-maximum-number-of-characters-printing-a-decimal-int
 2023-09-19 15:15:02 -06:00
Todd C. Miller
221a10340c visudo: use verbose and strict in parser_conf 
Where the sudoers_context is available we can use the values
of verbose and strict instead of passing around quiet and
strict flags.
 2023-09-18 13:47:25 -06:00
Todd C. Miller
6e75f2311d Add resolve_cmnd(), a wrapper around find_path(). 
This is a convenience function that sets PERM_RUNAS and calls
find_path().  If the command is not found it will retry with PERM_USER
instead.
 2023-09-18 12:42:51 -06:00
Todd C. Miller
8fcb21b5cd Promote strict field in sudoers_parser_config from bool to int. 
This will be used by visudo to indicate when "visudo -s" is run.
 2023-09-18 12:42:51 -06:00
Todd C. Miller
e28dc0f275 Add parser_warnx() and parser_vwarnx() that displays file:line:col 
Used by defaults.c and check_aliases.c.
 2023-09-18 12:42:51 -06:00
Todd C. Miller
3a77314373 Add a separate file for visudo callbacks. 2023-09-18 12:42:51 -06:00
Todd C. Miller
c277e55f42 Rename callbacks.c -> sudoers_cb.c. 2023-09-18 12:42:51 -06:00
Todd C. Miller
a127ddf6db Undefine AUTH_{SUCCESS,FAILURE,ERROR} before defining them. 
Quiets a warning on AIX where usersec.h defines AUTH_SUCCESS and
AUTH_FAILURE.  We avoided this problem in the past because the old
values for AUTH_SUCCESS and AUTH_FAILURE match what AIX defines.
 2023-09-15 10:53:28 -06:00
Todd C. Miller
51d6b0f425 Promote verbose flag to int for display_privs and display_cmnd. 
A negative verbosity will prevent non-error output from being
displayed.
 2023-09-15 10:01:35 -06:00
Todd C. Miller
a9ee97580a No need to include cvtsudoers.h here. 2023-09-13 19:44:02 -06:00
Todd C. Miller
0011333f8e Remove pivot_get_root() and pivot_get_cwd(). 
They are unnecessary since struct sudoers_pivot is not opaque.
The implementation details are private to match_command.c.
 2023-09-13 16:46:23 -06:00
Todd C. Miller
2aae36f345 Quiet some -Wconversion warnings in the tests. 2023-09-13 15:15:54 -06:00
Todd C. Miller
b8f2680cf0 Make flag in union sudo_defs_val bool to match how it is used. 
Adjust find_path()'s ignore_dot function argument to match.
 2023-09-13 14:59:29 -06:00
Todd C. Miller
a9801cc99d Parse euid and egid from sudo front-end. 
These are needed by bsm_audit.c.
 2023-09-13 12:43:39 -06:00
Todd C. Miller
38ddbb14f1 Parse pid and ppid from sudo front-end. 
We can now use the stored ppid in ts_init_key().
 2023-09-13 12:29:40 -06:00
Todd C. Miller
34990c0e08 Use struct sudoers_pivot instead of defining sudoers_pivot_t. 
We want to pass around a pointer, not the struct itself.
 2023-09-13 08:36:07 -06:00
Todd C. Miller
15b3d786d7 Don't expose the implementation of the pivot_root state. 2023-09-11 16:21:11 -06:00
Todd C. Miller
0b52ffd1a2 Don't expose the implementation of the pivot_root state. 2023-09-11 16:15:41 -06:00
Todd C. Miller
c0553cd383 tsgetusershell.c: don't rely on GNU sed extensions. 2023-09-10 17:59:18 -06:00
Todd C. Miller
0a85869286 testsudoers: add -S option to specify /etc/shells path. 2023-09-10 16:44:24 -06:00
Todd C. Miller
034b2f3bdd Add testsudoers_setshellfile() and use it in testsudoers. 2023-09-10 16:38:53 -06:00
Todd C. Miller
62b92c7fb8 regen 2023-09-10 16:37:26 -06:00
Todd C. Miller
c54bdd799b Return AUTH_* flags from check_user() instead of 1/0/-1. 2023-09-09 14:59:46 -06:00