mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity
9,108 Commits 6 Branches 326 Tags
22c9ed8e77f382c2b2bcaf697e70f0d2e47b26cc
Commit Graph

9108 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
1f24108969 Use "struct defaults *d" instead of "struct defaults *def" throughout 
for consistency and to avoid confusino with "struct def_values *def".
Use "str" not "var" for the string argument to convert and store in
sd_un for the store_* functions.
 2016-11-06 18:55:18 -07:00
Todd C. Miller
4ca0838ba9 In display_bound_defaults() rename dtype arg -> deftype. 2016-11-06 18:41:31 -07:00
Todd C. Miller
f3c7e0f83b Update error output to match quoting changes. 2016-11-03 11:16:09 -06:00
Todd C. Miller
4f532dcc50 Avoid passing in a struct sudo_defs_types pointer to the store 
functions.  Pass in a pointer to the union to fill instead.
 2016-11-03 11:02:48 -06:00
Todd C. Miller
3c28810feb no longer need struct defaults forward referebce 2016-11-03 10:15:18 -06:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
75e29f163e Add file:linenumber prefix to all Defaults warnings so we can see 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
 2016-11-02 17:07:32 -06:00
Todd C. Miller
a9715211a8 Use sudoedit in examples instead of "sudo vi" 2016-11-02 17:07:25 -06:00
Todd C. Miller
f6ce83ea76 Only treat an unknown Defaults entry as a parse error in visudo, 
not in sudo itself.
 2016-11-01 15:08:11 -06:00
Todd C. Miller
8a48085184 Instead of checking Defaults values after the fact, check them at 
sudoers parse time.  This makes it possible to display the file and
line number with the problem and for visudo to go right to the
error.
 2016-11-01 14:22:32 -06:00
Todd C. Miller
0aa216ed55 Refactor freeing of a member_list into free_members(). 2016-11-01 14:15:07 -06:00
Todd C. Miller
9de491dc27 add_defaults() now calls sudoerserror() itself instead of the caller 
assuming any error means out of member.
 2016-11-01 14:13:47 -06:00
Todd C. Miller
484b5718d8 s/rval/ret/g -- old habits die hard 2016-11-01 12:34:24 -06:00
Todd C. Miller
2dbe50d1e1 Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error. 2016-10-31 16:21:50 -06:00
Todd C. Miller
b5f444111e The fix for Bug #408 broke editing of files in an include dir that 
have a syntax error.  Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.
 2016-10-31 15:57:05 -06:00
Todd C. Miller
5a8b60e4b4 Make a copy of the current sudoers path when assigning errorfile. 
Fixes a potential use after free in visudo when there is an error
in one of the include files.
 2016-10-31 15:21:18 -06:00
Todd C. Miller
a3a545e416 sudoers_debug_register() was not setting the active debug instance 
to sudoers_debug_instance when called from the I/O log plugin.  This
is because it relied on sudo_debug_register to do that but
sudoers_debug_parse_flags() doesn't set debug_files[]
sudoers_debug_instance is already set (we can only init sudoers
debug once).

To work around this, just make sudoers_debug_instance the active
debug instance in sudoers_debug_register() when it is already set.
 2016-10-31 13:36:35 -06:00
Todd C. Miller
e8af335eb8 Fix pasto when setting I/O plugin debug files 2016-10-31 13:12:35 -06:00
Todd C. Miller
1fdcce7faf use cp instead of *cur when comparing against plugin_path 2016-10-31 12:54:53 -06:00
Todd C. Miller
9f903d3bdd In sudo_mkdir_parents() inherit the gid of / instead of using gid 
0 for the first component.
 2016-10-30 09:09:12 -06:00
Todd C. Miller
cf707cf5f0 We want to inherit the gid from the parent directory when not setting 
permissions on intermerdiate directories.
 2016-10-30 06:36:55 -06:00
Todd C. Miller
bf62530acf Move io_mkdir_parents() to its own file and use it in ts_mkdirs(). 2016-10-29 12:45:57 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
b058ac5299 Add vsyslog.lo 2016-10-29 12:22:40 -06:00
Todd C. Miller
43bf2fdb90 sudo 1.8.19 2016-10-29 10:23:33 -06:00
Todd C. Miller
3423d0af7c Don't try to syntax check an unrecognized Defaults value in visudo. 2016-10-28 08:24:51 -06:00
Todd C. Miller
7122a733ac Create I/O log files with the same gid as the parent directory. 2016-10-26 14:18:58 -06:00
Todd C. Miller
a401107564 Check for sudo_ldap_result_last_search() returning NULL. This can't 
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.
 2016-10-26 13:49:05 -06:00
Todd C. Miller
5a7936209e Quiet a PVS-Studio warning about the spin loop when waiting for the 
parent to assign us the terminal pgrp.
 2016-10-26 13:49:04 -06:00
Todd C. Miller
dbd5252798 Fix incorrect strncmp() lengths. The check for USERNAME was only 
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.
 2016-10-26 11:25:59 -06:00
Todd C. Miller
4c8988d483 When checking for old-style bash functions in the environment, check 
for values starting with "() " (note the trailing space) rather
than "()".  Bash will only treat the value as a function if the
space after "()" is present.  The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio.  No security impact.
 2016-10-26 11:22:30 -06:00
Todd C. Miller
63adb21cea Add some missing casts from uid_t/gid_t to int when printing uid/gid 
values.  We print these as signed so a value of -1 (no change) is
obvious.  Quiets PVS-Studio warnings.
 2016-10-26 11:08:33 -06:00
Todd C. Miller
cf5a12c09a def_timestamp_timeout is a double so compare against 0.0 not 0 to 
avoid making it appear to be an integer type.
 2016-10-26 10:56:32 -06:00
Todd C. Miller
e3825cbedd When checking syslog facility or priority, move the string 
compare into the body of the loop and return if it matches.
If we finish the loop it means we didn't find a match.
This makes the code a little bit more readable.
 2016-10-26 10:46:03 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
f9d6777755 Update from http://git.savannah.gnu.org/gitweb/?p=config.git 2016-10-21 10:06:14 -06:00
Todd C. Miller
17d8734581 Update to libtool 2.4.6 2016-10-21 10:03:02 -06:00
Todd C. Miller
d078450fb5 Use a static buffer if possible. 2016-10-19 12:56:34 -06:00
Todd C. Miller
19c96da44d add vsyslog() for systems without it. 2016-10-19 11:32:36 -06:00
Todd C. Miller
6fa59b7416 There are now 14 tag values, not 10. Don't bother mentioning the 
number since it keeps increasing.  Bug #759
 2016-10-19 07:33:07 -06:00
Todd C. Miller
c18ff022e0 Use vsyslog() if available. 2016-10-18 17:00:53 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
f632e0a63d Don't generate SIGTOU when restoring the terminal modes. It doen't 
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
 2016-10-17 09:02:34 -06:00
Todd C. Miller
9b886f6b2c The flush parameter of sudo_term_restore() is bool, not int. 2016-10-17 08:57:17 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
ddbbcb9441 Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on AIX 5.1 at least. 2016-10-10 08:38:50 -06:00
Todd C. Miller
9dbd45ff66 add missing guard around wordexp() 2016-10-10 08:33:57 -06:00
Todd C. Miller
bea34c9e6d expand on 1.8.18p1 changes 2016-10-10 08:24:47 -06:00