isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,210 Commits 1 Branch 0 Tags
f047377a078ba6496afb37cd05ef0ce258d3fbab
Commit Graph

34 Commits

Author SHA1 Message Date
Todd C. Miller
f047377a07 Add basic support for reject and error audit events to sudoers. 
This is only used when logging events from plugins other than sudoers,
such as an approval plugin.  With this change, if an approval
plugin rejects the command the denial will be logged in the
sudoers log file using the message from the approval plugin.
 2020-06-04 14:41:35 -06:00
Todd C. Miller
b519481912 Defer logging of the successful command until approval plugins have run. 
This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.
 2020-06-02 09:07:46 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
45e589d443 Pass back a failure or error string to the front end. 
The audit_failure() function now stores the failure string.
This will allow an audit plugin to log the reason if the user's
request is a rejected.
 2020-01-30 13:25:36 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
47835ff289 Rename missing.h -> sudo_compat.h 2014-07-22 14:25:16 -06:00
Todd C. Miller
127ba1354b Rename gettext.h -> sudo_gettext.h 2014-07-21 14:49:43 -06:00
Todd C. Miller
18dbc52e4b Add Solaris audit support; from Gary Winiger at Oracle. 2014-06-27 16:01:40 -06:00
Todd C. Miller
337a712745 Pass argc to audit functions too. Will be needed for Solaris audit 
support.
 2014-05-13 09:41:53 -06:00
Todd C. Miller
983ab1d163 Avoid unused variable warning if auditing is not supported. 2014-05-02 05:25:57 -06:00
Todd C. Miller
d3b4326713 Handle the (currently impossible) case where both BSM and Linux 
auditing are supported.  Pacifies cppcheck.
 2014-04-24 11:17:05 -06:00
Todd C. Miller
2220f55aef Propagate errors in audit code to caller instead of using fatal(). 
If we fail to audit an otherwise successful command, return an error
from the policy.  For Linux audit, sudo may be compiled with audit
support but auditing may not be setup, so we don't consider that
an error.
 2014-03-26 13:00:56 -06:00
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
1b39c3758d Need to include gettext.h for BSM audit. 2013-08-15 13:36:25 -06:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
f454a852cb audit_failure() now calls gettext itself using the sudoers locale. 2012-11-08 15:37:43 -05:00
Todd C. Miller
5d052aeb60 Do not inform the user that the command was not permitted by the 
policy if they do not successfully authenticate.  This is a regression
introduced in sudo 1.8.6.
 2012-11-06 11:19:51 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
35d26ae34f Don't try to audit failure if the runas user does not exist. We don't 
have the user's command at this point so there is nothing to audit.
Add a NULL check in audit_success() and audit_failure() just to be
on the safe side.
 2011-07-27 12:11:33 -04:00
Todd C. Miller
10c3bb62c4 Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
Also g/c unused compat.h.
 2010-09-07 16:45:19 -04:00
Todd C. Miller
f454727bb8 Merge compat.h and missing.h into missing.h 2010-08-16 14:05:44 -04:00
Todd C. Miller
2cd108304d Add Linux audit support. 2010-06-16 11:17:02 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
5475020561 Move audit sources into the sudoers plugin dir; the driver does not use them. 2010-04-30 15:38:33 -04:00