isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,309 Commits 1 Branch 0 Tags
e64a089aea42710098666e55427fce9c97a1c94d
Commit Graph

38 Commits

Author SHA1 Message Date
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings. 
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
 2021-11-20 08:01:37 -07:00
Todd C. Miller
55171df5e5 Check strftime(3) return value in all cases. 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
 2021-09-17 14:01:28 -06:00
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
786e5865cb Add "intercept" Defaults setting to allow interception of sub-commands. 
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell.  Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
10b09e4d89 Fix -Wshadow warnings caused by json enum member. 2020-11-01 15:01:16 -07:00
Todd C. Miller
9ff960457a Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. 2020-09-01 06:26:05 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8ef5b734c4 Rework the JSON API to write to a memory buffer, not a stdio stream. 2020-02-17 16:10:55 -07:00
Todd C. Miller
c92f39ed3d Use json functions from libsudo_util in cvtsudoers. 2020-02-08 09:11:02 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
72ce2c807b In print_member_json_int() eliminate the need_newline variable 
and just move the non-alias expansion printing bits into the
else clause, including the newline and comma printing.
 2018-09-20 15:15:14 -06:00
Todd C. Miller
8aad365082 When expanding an alias in print_member_json_int() avoid printing 
an extra comma at the end of the entry.  Bug #853.
 2018-09-20 14:56:25 -06:00
Todd C. Miller
5d1dddc467 Eliminate most use of parsed_sudoers in cvtsudoers 2018-08-24 10:27:00 -06:00
Todd C. Miller
b2e3adccf3 Make alias_apply() take 3 arguments, the first being a pointer to the 
struct sudoers_parse_tree.
 2018-08-24 09:52:53 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
f53e5e2bdf Fix compilation error with older Sun Studio compilers. 2018-04-24 16:40:16 -06:00
Todd C. Miller
6f66216441 Avoid false positive NULL dereference by uses value.u.string 
instead of name as the former is guaranteed not to be NULL.
Fixes CID 183465.
 2018-03-29 18:53:50 -06:00
Todd C. Miller
8a237eb07d Add cvtsudoers command line option to suppress certain parts of the 
security policy.  Can be used to suppress displaying of Defaults
entries, aliases or privileges.
 2018-03-22 11:38:39 -06:00
Todd C. Miller
bdbd102c9c Fix crash when converting sudoers entry with a runas list that is 
present but empty.
 2018-03-06 12:00:37 -07:00
Todd C. Miller
5999cfb906 Add support for setting default options in a config file. In 
addition to expand_aliases, input_format and output_format, both
the initial sudoOrder and the increment when updating sudoOrder for
subsequent sudoRole objects can be specified.  Command line options
have also been added for the start order and increment.
 2018-02-24 09:23:14 -07:00
Todd C. Miller
ceea24b965 Initial support for parsing sudoers LDIF files in cvtsudoers. 
This makes it possible to convert from LDAP sudoers to a traditional
sudoers file.  Semantic differences between file sudoers and LDAP
sudoers mean that LDIF -> sudoers is not completely equivalent.
 2018-02-22 09:53:12 -07:00
Todd C. Miller
c13557b6cb Fix gcc false positive for uninitialized variable 2018-02-21 21:02:36 -07:00
Todd C. Miller
4f9296928c Add option to cvtsudoers to expand aliases in the output. 2018-02-19 15:32:56 -07:00
Todd C. Miller
3f204c5eb8 Fix conversion of "ALL" in the JSON output format, which was being 
printed as an alias.
 2018-02-19 13:39:11 -07:00
Todd C. Miller
7dd620981b Add notbefore and notafter support to the backends. 2018-01-28 07:09:22 -07:00
Todd C. Miller
cc31b3fd40 Parse sudoers in the front end, not the back end. 2018-01-26 17:29:56 -07:00
Todd C. Miller
02d917e602 Rename export_sudoers() to convert_sudoers_json() and move the 
check for the same input and output file to the front-end.
 2018-01-26 12:28:49 -07:00
Todd C. Miller
80cb1b5da9 Move sudoers JSON conversion to cvtsudoers which will eventually 
output to other formats too.
 2018-01-26 11:20:37 -07:00