isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,819 Commits 1 Branch 0 Tags
ecdf0c80f36e971f3090c495377b03a11931816c
Commit Graph

12819 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
837da1bef0 Move NewArgv, NewArgc and saved_argv into struct sudoers_context. 2023-08-21 09:22:24 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
1b9fb405a3 free_parse_tree: clear the nss pointer when freeing. 2023-08-18 12:24:00 -06:00
Todd C. Miller
a712af5a26 sudoers_parse_ldif: do not free parse_tree before using 
The user is expected to pass in an initialized and empty parse_tree
so there is no need to free it first.
 2023-08-18 12:22:43 -06:00
Todd C. Miller
902453a829 Update embedded copy of zlib to version 1.3. 2023-08-18 11:26:27 -06:00
Todd C. Miller
cb01b90a5c We still need to clamp ngids if getgrouplist2() returns -1. 
Otherwise, we end up with ngids set to the number of gids the user
belongs to which may be larger than what the front-end specified.
Fixes a regression introduced in the last commit here.
 2023-08-15 08:52:02 -06:00
Todd C. Miller
f17aebe6aa No need to clear errno when using sudo_strtonum(). 2023-08-14 16:29:47 -06:00
Todd C. Miller
20baa39007 Move max_groups out of sudoers_user_context and into pwutil.c. 
It is only used by the local password pwutil implementation.
 2023-08-14 16:29:15 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
2e8648ea0f check_exptilde: don't need runas_ctx here 2023-08-14 12:37:44 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00
Todd C. Miller
392f0d61cb Make path_plugin_dir private to policy.c and add getter. 2023-08-13 17:05:00 -06:00
Todd C. Miller
217b7b46f3 Move list_pw global into struct runas_context. 2023-08-13 09:34:57 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
930ca00252 Pass explicit struct passwd * to create_admin_success_flag(). 2023-08-12 10:39:49 -06:00
Todd C. Miller
30c49288f7 Make sudoers_user_ctx_free() private to sudoers.c 2023-08-12 10:39:48 -06:00
Todd C. Miller
bd8cccb5dd Rename struct sudo_user -> struct sudo_user_context. 
Also rename the sudo_user global to user_ctx.
 2023-08-12 10:39:47 -06:00
Todd C. Miller
d148e7d8f9 fd_matches_tty: only zero out fd_sb if fstat(2) fails. 
We need to preserve the contents of the struct stat if the fd is
some other type so the check for piped output works correctly.
Bug #1057
 2023-08-12 10:39:33 -06:00
Todd C. Miller
6f659e2deb Leave the I/O log callbacks in iolog.c 
Otherwise, check_iolog_plugin will not link.
 2023-08-10 16:20:18 -06:00
Todd C. Miller
603148e7f2 Move sudoers parser callbacks to callbacks.c. 2023-08-10 15:49:30 -06:00
Todd C. Miller
cc15f847ac Bump info_msgs_size to make room for the source. 2023-08-09 16:14:52 -06:00
Todd C. Miller
ee5cab977f Update Xcode version from 13.2.1 to 13.4.1. 2023-08-09 13:54:16 -06:00
Todd C. Miller
811051d32a Use int, not short for events in the event API. 
This fixes some -Wconversion warnings and fixes an inconsistency
between the libsudo_util event API and the plugin event API.  The
actual struct internals still use shorts to avoid changing the ABI.
 2023-08-09 13:22:12 -06:00
Todd C. Miller
0f2e5dae90 Use const pointers where possible in the display code. 2023-08-09 11:19:17 -06:00
Todd C. Miller
6842dd1bfd Document "sudo -ll command" output. 2023-08-09 10:57:16 -06:00
Todd C. Miller
60eef27e6d Add verbose version of "sudo -l command" by using an extra -l. 
The output of "sudo -ll command" consists of the matching sudoers
rule (in long form) with the addition of a "Matched" entry that
shows the fully-qualfied path along with any arguments.
 2023-08-09 10:16:10 -06:00
Todd C. Miller
f6291bf83e Move code to display a cmndspec in long form to display_cmndspec_long(). 2023-08-09 09:58:24 -06:00
Todd C. Miller
5a1a3ff74b sudo -ll: display the sudoers file the rule came from. 2023-08-09 08:50:56 -06:00
Todd C. Miller
e178b85821 Store the source of the matching rule and store in the event log. 
The JSON logs will store the matching rule source.
 2023-08-08 09:57:09 -06:00
Todd C. Miller
0b03511b85 Log source in JSON logs 
This makes it possible to tell which rule resulted in a match.
 2023-08-08 09:56:19 -06:00
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
1e6c5f3e79 Fix checking of SSL_{read,write}_ex() return value. 
These have a boolean-style return value.  However, our emulated
versions can return -1 on error, which we need to preserve for older
versions of SSL_get_error() which expect it.
 2023-08-08 10:18:57 -06:00
Todd C. Miller
5f2a0a70e5 Fix printf format string mismatch now that 'i' is size_t. 2023-08-07 11:31:04 -06:00
Todd C. Miller
77f94f291a sudo_digest_getlen: return size_t, and 0 on error instead of -1 
This is an API change, sudo_digest_getlen_v1 remains for binary
compatibility.
 2023-08-07 08:43:13 -06:00
Todd C. Miller
184e03b4a9 ERR_get_error() returns unsigned long, not int. 2023-08-07 08:05:00 -06:00
Todd C. Miller
861ed2b7d4 We now must pass "err" SSL_get_error(), not "nread". 2023-08-07 07:59:58 -06:00
Todd C. Miller
e5f2354c85 Move compat definition of ASN1_STRING_get0_data to hostcheck.c. 
It is not used anywhere else.
 2023-08-06 14:26:24 -06:00
Todd C. Miller
fc7bfd5046 Move OpenSSL compat defines to sudo_ssl_compat.h 2023-08-05 14:16:39 -06:00
Todd C. Miller
d6d467b92e Add implementation of SSL_read_ex/SSL_write_ex for those without. 2023-08-05 10:38:02 -06:00
Todd C. Miller
e6d14c95b6 Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and SSL_write(). 2023-08-05 10:38:01 -06:00
Todd C. Miller
d404f544fc Don't use sudo when building AIX packages 
PolyPkg uses "sudo installp -l" to list the built package by default
but we may not have sudo privileges on the build host.
 2023-08-01 11:20:54 -06:00
Todd C. Miller
002e22f846 Add --configure-only option to quit after the configure run. 
This will be used to avoid building the entire package when we just
want the 32 or 64 bit sudo_intercept.so and sudo_noexec.so.
 2023-08-01 11:05:59 -06:00
Todd C. Miller
8e22ede2a6 Parse --disable-python in mkpkg and don't override -m32 for Solaris. 
We want to be able to build without python and to specify the memory
model when building 32-bit .so's for Solaris.
 2023-08-01 09:36:39 -06:00