isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,637 Commits 1 Branch 0 Tags
e76d2e82016b27bfa5b537bcd3ba32ac96e15744
Commit Graph

2472 Commits

Author SHA1 Message Date
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
0375eaca58 regen 2019-10-21 19:55:08 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
f57e2d04a3 Older FreeBSD needs sys/param.h included before sys/user.h. 
From Darren Tucker
 2019-10-20 19:18:27 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
cf2f37136f No need to check existing sudoers file when installing to DESTDIR 
This check can cause problems on systems where /etc/sudoers.d is not readable.
 2019-10-16 12:17:06 -06:00
Todd C. Miller
d494b81556 The fix for bug #869 broke "sudo -v" when verifypw=all (the default) 2019-10-15 07:23:51 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
9d5867eaed Use errno in warning when sudo_make_*_item() fails. 
Previously we always said "out of memory" if not ENOENT.
 2019-10-14 10:09:28 -06:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
8e58e6715a More case-insensitive compare for LDAP attributes and string lists. 
Only the ALL keyword should be compared case-sensitive.
 2019-09-05 08:09:53 -06:00
Todd C. Miller
208a52c613 regen 2019-10-10 10:12:08 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
45a79cf86f regen 2019-09-27 15:38:52 -06:00
Todd C. Miller
679cd38238 Plug memory leak on malloc failure. 2019-08-30 10:38:07 -06:00
Todd C. Miller
dd37f08366 Plug memory leak on malloc failure. 2019-08-30 10:20:54 -06:00
Todd C. Miller
5138ed9bec Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. 
It also uses strerror(errno) for PAM_SYSTEM_ERR.
 2019-08-29 17:30:13 -06:00
Todd C. Miller
60862b4d07 If pam_start() fails, display the PAM error using pam_strerror(). 
It is legal to pass pam_strerror() a NULL handle.
 2019-08-29 08:31:21 -06:00
Todd C. Miller
9eeedb470f If the sudoreplay ID option is a fully-qualified path, use it directly. 
Previously, one had to use the -d option to override the I/O log directory.
 2019-08-27 13:40:38 -06:00
Todd C. Miller
91d508d408 regen 2019-08-27 09:07:06 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication. 
This prevents the password and PAM prompts from being redirected.
Bug #895
 2019-08-26 19:30:11 -06:00
Todd C. Miller
2087f6354c Use fputs(), not printf() for plain strings. 2019-08-20 12:43:40 -06:00
Todd C. Miller
a7cd4f0d48 Add user ID to the search filter when matching sudoUser. 
We already support group IDs but the user ID was missing.
From sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7.
 2019-08-20 10:33:51 -06:00
Todd C. Miller
37670a008b Fix parsing of double-quoted Defaults bindings that start with % or +. 
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
 2019-08-20 10:25:38 -06:00
Todd C. Miller
e99082e05b Fix special handling of ipa_hostname that was lost in sudo 1.8.24. 
We now include the long and short hostname in sudo parser container.
 2019-08-15 14:20:12 -06:00
Todd C. Miller
b4bef30d31 Remove unused include file. 2019-08-14 15:09:39 -06:00
Todd C. Miller
7a7f02a7ec Asturian translation for sudoers from translationproject.org. 2019-08-05 16:38:41 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
aa200cda6a Replace non-essential strncpy() calls. 2019-07-30 11:37:26 -06:00
Todd C. Miller
7117948421 Updated translations from translationproject.org 2019-07-23 08:16:22 -06:00
Todd C. Miller
5e424640b9 Use strftime(3) instead of formatting struct tm by hand. 
Fixes a warning on newer versions of gcc.
 2019-07-19 20:14:44 -06:00
Todd C. Miller
a7137a5225 If the command in sudoers does not exist on the file system, match by name. 
We still want to match the command even if it doesn't exist so that the
NOPASSWD flag on sudoers entries with non-existant paths works as expected.
Bug #888.
 2019-07-19 13:51:23 -06:00
Todd C. Miller
3c825e298d regen 2019-07-19 10:42:50 -06:00
Todd C. Miller
c49760e55d Simpler change to retry sudo_secure_file() as root as needed. 2019-07-14 19:37:33 -06:00
Todd C. Miller
cecf69ff3c If we are unable to stat() sudoers as non-root, try again as root. 
By default, sudo relies soley on group permissions to read sudoers
to make it possible to store sudoers on NFS.  However, if /etc/sudoers
is not accessible to non-root uids for some reason, sudo will fail.
Bug #880.
 2019-07-14 18:51:50 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
29223d7f64 In tty_present(), check for /dev/tty if sudo was unable to get the tty name. 
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from the kernel (missing /proc?) that is OK.
 2019-06-19 20:32:22 -06:00
Todd C. Miller
12c29e91bd Use the runhost for "User foo is not allowed to run sudo on bar." 
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host specified via -h.
 2019-05-29 15:26:57 -06:00
Todd C. Miller
dae484213e Allow the user to change their password if expired on AIX. 
Bug #883
 2019-05-27 06:35:48 -06:00
Todd C. Miller
07ed5b86f2 When using AIX auth, don't display the AIX password incorrect message. 
Avoids a "3004-300 You entered an invalid login name or password"
message in addition to sudo's own "Sorry, try again" message.
 2019-05-26 16:29:08 -06:00
Todd C. Miller
e28ba02c78 Fix a typo. 2019-05-22 08:58:51 -06:00
Todd C. Miller
30a5ee9c5d Remove second catopen() which is never called. 2019-05-06 10:04:07 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00