mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity
11,089 Commits 6 Branches 326 Tags
Commit Graph

2971 Commits

Author SHA1 Message Date
Todd C. Miller
360c264760 Make this test pass with bison's verbose error messages. 2020-08-17 07:41:48 -06:00
Todd C. Miller
c7bc24d40b Recover from a syntax error after the ':' in a privilege spec. 
For compound privilege specs, don't throw away the entire thing if
we have a syntax error, only the part after the error is encountered.
 2020-08-16 15:19:53 -06:00
Todd C. Miller
11803027c6 Add explicit end-of-line matching in the parser for better error messages. 
A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not documented) to have multiple
user specs on a single line.  Now, each must be on its own line.
 2020-08-16 14:59:45 -06:00
Todd C. Miller
d72a48dc78 Add NOMATCH token and use it in the lexer for an unmatched pattern. 
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error.  This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
 2020-08-16 06:42:15 -06:00
Todd C. Miller
de9c77ba7e Enable error recovery for syntax erorrs that don't end with a newline. 
A syntax error on the last line of a sudoers file with no trailing
newline is now recoverable.
 2020-08-15 11:38:56 -06:00
Todd C. Miller
94eb14c214 Add error recovery for unexpected tokens after include/includedir. 2020-08-15 11:29:46 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
fb8ed8ba66 Use angle quotes when including gram.h and def_data.c. 
Otherwise, we can include the wrong file when doing an out-of-source
build when configured using --with-devel.
 2020-08-12 10:28:33 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
8a97150f56 Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' 
This results in better error messages when there is a parse error
 2020-08-10 13:59:31 -06:00
Todd C. Miller
6702f4ac4e Some minor cleanup. 
Use ntuples instead of tuple_last
Strip leading and trailing double quotes using a single gsub()
ntuples will never be zero so don't bother checking
No need to explicitly close files in END
 2020-08-10 13:30:10 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
5f5f28ac7c Require that a @include line end with a newline or EOF. 
We now parse the entire line before reading the include file.  This
is less surprising behavior and results in better error messages.
 2020-08-07 14:22:24 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
7c342e5862 Let the sudoers parser recover after a parse error. 
We currently just discard the line with the error.
 2020-08-07 14:20:21 -06:00
Todd C. Miller
91cc68d7fd Keep track of the position of the current token for error messages. 2020-08-07 14:13:25 -06:00
Todd C. Miller
99f43f8a00 Store the current line in our own buffer for better error messages. 2020-08-06 21:16:35 -06:00
Todd C. Miller
a8bfeba581 regen 2020-08-06 21:16:35 -06:00
Todd C. Miller
2a58b19f96 Add workaround for yyless() not resetting yy_at_bol. 2020-08-05 09:13:09 -06:00
Todd C. Miller
974f833e17 Use "foo in bar" syntax for testing existence of a key. 2020-08-02 06:43:35 -06:00
Todd C. Miller
838255bb80 Replace /*FALLTHROUGH*/ in generated code. 2020-08-02 06:42:57 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
20fd3b6363 Rewrite mkdefaults in awk. 2020-07-30 13:12:29 -06:00
Todd C. Miller
bcf96c153f Updated translations from translationproject.org 2020-07-19 11:32:42 -06:00
Todd C. Miller
ac00a07018 Initialize sudo_conv and sudo_printf in sudoers_audit_open(). 
We will need them if there is an error parsing sudoers and leaving
them unset can result in NULL deref.  Also set the text domain to
"sudoers" like we do for the policy and I/O logging open functions.
Bug #934.
 2020-07-12 10:13:53 -06:00
Todd C. Miller
1e4ce8525a Updated translations from translationproject.org 2020-07-11 09:19:41 -06:00
Todd C. Miller
b9ad3704d7 Export sudoers_audit symbol for compilers without symbol visibility. 2020-07-06 13:28:21 -06:00
Todd C. Miller
e9a39c149a Add some debugging statements around Defaults lookup. 2020-07-06 09:03:15 -06:00
Todd C. Miller
660738139b Replace #includedir with @includedir in default sudoers file. 2020-07-06 08:45:04 -06:00
Todd C. Miller
820d6ae207 regen without `scare quotes' 2020-06-24 05:40:42 -06:00
Todd C. Miller
df49897bd0 Replace or remove use of `scare quotes' 
These don't translate well and look odd in many fonts.
 2020-06-24 05:40:18 -06:00
Todd C. Miller
65edf6344d regen to fix a typo 2020-06-18 15:23:30 -06:00
Todd C. Miller
88393fc96f Updated translations from translationproject.org 2020-06-18 07:13:05 -06:00
Todd C. Miller
f093cb2e52 Replace terms master and blacklist in docs and examples. 2020-06-15 14:38:46 -06:00
Todd C. Miller
7f96e4537c Updated translations from translationproject.org 2020-06-11 15:19:31 -06:00
Todd C. Miller
d003da33dd Romanian translation from translationproject.org. 2020-06-11 15:15:58 -06:00
Todd C. Miller
852d8c7953 Fix a typo in the audit string when "sudo -E" is not allowed. 2020-06-07 08:37:32 -06:00
Todd C. Miller
d4e92164f5 regen for sudo 1.9.1 2020-06-05 10:26:31 -06:00
Todd C. Miller
f047377a07 Add basic support for reject and error audit events to sudoers. 
This is only used when logging events from plugins other than sudoers,
such as an approval plugin.  With this change, if an approval
plugin rejects the command the denial will be logged in the
sudoers log file using the message from the approval plugin.
 2020-06-04 14:41:35 -06:00
Todd C. Miller
15d93a1ca7 Fix Solaris and BSM audit warnings. 
Use BSM audit on Illumos, which lacks Solaris audit.
 2020-06-04 14:41:28 -06:00
Todd C. Miller
a5a7215936 Track whether the session was opened in sudoers. 
In sudoers_policy_close() only warn about being unable to run the
command if we actually opened the session (and thus passed all
approval plugins).
 2020-06-04 13:34:20 -06:00
Todd C. Miller
49e43f580c Avoid passing NULL to printf in match debug code for LDAP/SSSD. 
The file name in struct userspec was not set for the LDAP and SSSD
backends.  There is no actual file in this case so set the name to
LDAP/SSSD.  Also add a guard to make sure we don't try to print
NULL in sudoers_lookup_check() if name is left unset.
 2020-06-04 11:31:12 -06:00
Todd C. Miller
b40551dc32 Add missing const to linux_audit_command()'s argv function argument. 2020-06-03 20:22:25 -06:00
Todd C. Miller
73c1b04306 When converting LDAP to sudoers, ignore entries with no sudoHost attribute. 
Otherwise, sudo_ldap_role_to_priv() will treat a NULL host list as
as the "ALL" wildcard.  This regression was introduced in sudo 1.8.23,
which was the first version to convert LDAP sudoRole objects to
sudoers internal data structures.
Thanks to Andreas Mueller for reporting and debugging this problem.
 2020-06-03 20:12:04 -06:00
Todd C. Miller
b519481912 Defer logging of the successful command until approval plugins have run. 
This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.
 2020-06-02 09:07:46 -06:00
Todd C. Miller
51dc8ad83c Add missing stdlib.h include and fix solaris_audit_failure() error return. 2020-06-01 12:52:00 -06:00