isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

109 Commits

Author SHA1 Message Date
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
2848dddd87 Rename print_usage() to display_usage() 2023-07-04 19:48:41 -06:00
Todd C. Miller
fd061e4d69 Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. 2023-07-04 16:24:48 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
bbbaea5b2f Rename init_parser_ext() to init_parser() and remove old wrapper. 
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
 2023-05-02 13:29:49 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
1f19a6b72b Pass around const struct sudoers_parse_tree pointers where possible. 2023-03-17 13:31:36 -06:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
25c709c4d8 Suppress PVS Studio watning about reassigning a variable the same value. 
Working around the warning would result in more fragile code.
 2022-12-11 13:46:06 -07:00
Todd C. Miller
e707ffe58b Place C23 attributes before keywords in function declarations. 
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
 2022-12-01 12:54:53 -07:00
Todd C. Miller
d2a13a8154 Fix typos found by codespell 2.2.1. 2022-09-28 16:39:19 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a311180bbc sudoers/cvtsudoers: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:31:50 +08:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
d7ddff2a31 Add a hook for sudoers parse errors (including defaults and aliases). 
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
 2022-03-10 13:30:56 -07:00
Todd C. Miller
7d3f9293c6 Preserve the column and error message when there is a syntax error. 
This information is now included in the error mail sent to root.
 2022-03-06 18:54:30 -07:00
Todd C. Miller
991ef32508 Add group_file, match_local, and passwd_file to cvtsudoers.conf. 
Previously, these were only settable via command line options.
 2021-12-16 15:42:06 -07:00
Todd C. Miller
003f9550f1 cvtsudoers: add -l option to log merge actions 
The "-l logfile" option can be used to store a log of what
actions cvtsudoers took when merging multiple files.
For example, which aliases were renamed, which entries were overriden
or removed as duplicated.
 2021-11-24 06:52:51 -07:00
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings. 
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
 2021-11-20 08:01:37 -07:00
Todd C. Miller
aed51033e1 cvtsudoers: use init_parse_tree() to initialize a parse tree. 
Also free the parse tree before exit.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
ab9e44a6ca cvtsudoers: merge aliases when multiple sudoers files are specified 
Duplicate aliases are remove.  If there are conflicting alias names,
the conflicts are renamed by appending a numerical suffix.
For example, if there are two SERVERS Host_Aliases, the second one
will be renamed to SERVERS_1.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
33fbf59467 Add support for specifying the hostname as a prefix to the sudoers file. 
If present, the host name is copied into the struct sudoers_parse_tree.
 2021-11-16 19:00:56 -07:00
Todd C. Miller
4cb34a2015 cvtsudoers: parse multiple sudoers files and store them in a tail queue 
In the future the parsed files will be merged before they are output.
 2021-11-11 16:04:45 -07:00
Todd C. Miller
b1309f76db Add sudoers_parse_tree_list, a tail queue of struct sudoers_parse_tree. 
This will be used to store multiple parse trees and merge them
into a single sudoers_parse_tree.
 2021-11-11 15:40:51 -07:00
Todd C. Miller
430048d167 cvtsudoers: initial support for CSV output 
For CSV output we double quotes strings that contain commas.  For
each literal double quote character present inside the string, two
double quotes are output.
 2021-10-10 14:24:31 -06:00
Todd C. Miller
1d203c8344 Fix typo in last commit, use boolean AND not bitwise. 2021-09-24 10:57:12 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option. 
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
 2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers. 
These are based on the code in testsudoers.
 2021-09-23 19:18:25 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
aaa2e8ddec Don't close fp in sudoers_parse_ldif() 
The caller should be the one to handle this.
 2021-02-02 15:06:38 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
3e0dcae6c9 Use canonical pattern when freeing a tail queue. 
Avoids some coverity false positives when using TAILQ_FOREACH_SAFE
to free the tail queue.
 2020-01-05 07:48:46 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00