When adminconfdir is enabled, the destination pathh may be different
from the path we opened. We always store an edited file in the
adminconfdir (if enabled). This makes it possible to use visudo
when /etc/sudoers is located on a read-only file system.
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first
file that exists is used.
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common(). The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()). The list_user
lookup is now performed in sudoers_list().
This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction. Make validated a local variables,
initialized to 0, instead. No change in behavior.
The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(iolog_path). In the future we may wish
to pass in iolog_file and iolog_dir in addition to iolog_path.
Fixes Bug #1046.
Otherwise, visudo will get SIGTTOU if it tries to write to the
terminal after the editor finishes. Also avoid races by setting
the process group ID in both the parent and child, and grant the
controlling terminal in the parent, not the child.
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP. Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3). This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
This change introduced in sudo 1.9.13 is not actually needed. The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw. GitHub issue #248
The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior. GitHub issue #249
Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX+1 that fits in an unsigned int.
This is not an issue in practice since we restrict messages to 2Mib.
Previously there would be one email for the open failure and a
separate one describing the parse error. Now a single email message
contains everything.
