isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,685 Commits 1 Branch 0 Tags
f1d0c99e03cb49b41d91dc92833ac2bc97639bf0
Commit Graph

2486 Commits

Author SHA1 Message Date
Todd C. Miller
655fdde22b We haven't needed -I$(top_srcdir) for a long time. 2019-11-02 12:00:04 -06:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
5a1e5e9fae regen 2019-10-24 20:04:33 -06:00
Todd C. Miller
ee91b7360b Simplify expand_iolog_path() 2019-10-24 20:04:33 -06:00
Todd C. Miller
13e3eaad5f Simplify iolog_set_user and iolog_set_group 2019-10-24 20:04:33 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
aaf5d0dc6e Read logsrvd.conf in two steps: first read, then apply if OK. 
This fixes a problem where when logsrvd.conf was reloaded while
running (due to SIGHUP) and there was an error we could end up with
a partial config.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
7ba7c5835e Enable sudo_logsrvd.conf settings. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e0c9a9dfa3 Move mkdir_parents to libsudo_util. 2019-10-24 20:04:31 -06:00
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
0375eaca58 regen 2019-10-21 19:55:08 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
f57e2d04a3 Older FreeBSD needs sys/param.h included before sys/user.h. 
From Darren Tucker
 2019-10-20 19:18:27 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
cf2f37136f No need to check existing sudoers file when installing to DESTDIR 
This check can cause problems on systems where /etc/sudoers.d is not readable.
 2019-10-16 12:17:06 -06:00
Todd C. Miller
d494b81556 The fix for bug #869 broke "sudo -v" when verifypw=all (the default) 2019-10-15 07:23:51 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
9d5867eaed Use errno in warning when sudo_make_*_item() fails. 
Previously we always said "out of memory" if not ENOENT.
 2019-10-14 10:09:28 -06:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
8e58e6715a More case-insensitive compare for LDAP attributes and string lists. 
Only the ALL keyword should be compared case-sensitive.
 2019-09-05 08:09:53 -06:00
Todd C. Miller
208a52c613 regen 2019-10-10 10:12:08 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
45a79cf86f regen 2019-09-27 15:38:52 -06:00
Todd C. Miller
679cd38238 Plug memory leak on malloc failure. 2019-08-30 10:38:07 -06:00
Todd C. Miller
dd37f08366 Plug memory leak on malloc failure. 2019-08-30 10:20:54 -06:00
Todd C. Miller
5138ed9bec Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. 
It also uses strerror(errno) for PAM_SYSTEM_ERR.
 2019-08-29 17:30:13 -06:00
Todd C. Miller
60862b4d07 If pam_start() fails, display the PAM error using pam_strerror(). 
It is legal to pass pam_strerror() a NULL handle.
 2019-08-29 08:31:21 -06:00
Todd C. Miller
9eeedb470f If the sudoreplay ID option is a fully-qualified path, use it directly. 
Previously, one had to use the -d option to override the I/O log directory.
 2019-08-27 13:40:38 -06:00
Todd C. Miller
91d508d408 regen 2019-08-27 09:07:06 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication. 
This prevents the password and PAM prompts from being redirected.
Bug #895
 2019-08-26 19:30:11 -06:00
Todd C. Miller
2087f6354c Use fputs(), not printf() for plain strings. 2019-08-20 12:43:40 -06:00
Todd C. Miller
a7cd4f0d48 Add user ID to the search filter when matching sudoUser. 
We already support group IDs but the user ID was missing.
From sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7.
 2019-08-20 10:33:51 -06:00
Todd C. Miller
37670a008b Fix parsing of double-quoted Defaults bindings that start with % or +. 
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
 2019-08-20 10:25:38 -06:00
Todd C. Miller
e99082e05b Fix special handling of ipa_hostname that was lost in sudo 1.8.24. 
We now include the long and short hostname in sudo parser container.
 2019-08-15 14:20:12 -06:00
Todd C. Miller
b4bef30d31 Remove unused include file. 2019-08-14 15:09:39 -06:00
Todd C. Miller
7a7f02a7ec Asturian translation for sudoers from translationproject.org. 2019-08-05 16:38:41 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
aa200cda6a Replace non-essential strncpy() calls. 2019-07-30 11:37:26 -06:00
Todd C. Miller
7117948421 Updated translations from translationproject.org 2019-07-23 08:16:22 -06:00
Todd C. Miller
5e424640b9 Use strftime(3) instead of formatting struct tm by hand. 
Fixes a warning on newer versions of gcc.
 2019-07-19 20:14:44 -06:00