mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00
Code Issues Releases Wiki Activity
11,022 Commits 6 Branches 326 Tags
788708c9ff925a79ffdd56612f86d3dfc36d7232
Commit Graph

11022 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Radovan Sroka
c2a63690c8 Removed depricated security_context_t 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 2021-04-06 06:06:46 -06:00
Todd C. Miller
28d65159ed Document SUCCESS=return support in sudoers nsswitch.conf entries. 
Based on a patch from Dennis Filder.  Bug #971.
 2021-04-05 20:13:50 -06:00
Todd C. Miller
8fa897d3ae Move log_server_accept() out from under the #ifdef SUDOERS_LOG_CLIENT 
Fixes a link error when sudo is configured with --disable-log-client.
 2021-04-01 15:10:32 -06:00
Todd C. Miller
5a79841208 Return NULL if init_tls_client_context() fails. 
Otherwise, we will call SSL_new with a freed SSL context.
Bug #970
 2021-03-31 07:57:09 -06:00
Todd C. Miller
4f9d2374c8 Do not include parent directories in rpm and deb files. 
Fixes a directory conflict with the AIX sudo rpm package.
Other deb/rpm packages were not affected because parent dirs are
omitted for a prefix of /usr.
 2021-03-30 12:49:20 -06:00
Todd C. Miller
a40e4b3867 Use separate getopt config for sudoedit. 
Avoids a problem where the user gets an exclusive usage error message
when using a sudo-specific option.
GitHub issue #95
 2021-03-30 16:07:28 -06:00
Todd C. Miller
a4c710ccfd Add -h and -V to sudoedit usage and customize help output for sudoedit. 
Also add missing -B option to usage strings.
 2021-03-30 15:53:38 -06:00
Todd C. Miller
b9a0c72fd1 Don't report a usage error for "sudo -V". 
GitHub issue #95
 2021-03-30 15:17:31 -06:00
Todd C. Miller
ce1f0da845 SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. 
On OpenServer, SIOCGIFNUM is the number of network interfaces,
not the number of ifreq structs.
 2021-03-29 09:59:09 -06:00
Todd C. Miller
b269da75b8 Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. 
We need to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF
only returns IPv6 addresses.
 2021-03-27 13:55:07 -06:00
Todd C. Miller
00cdc83cb6 Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN def. 2021-03-24 20:36:49 -06:00
Todd C. Miller
0e49dd2381 No longer need ifr_tmp variable, just reuse ifr. 
Now that we store the string version of the address before fetching
the netmask we can just re-use ifr.  This simplifies things and is
safer since if there is space for the address there must also be
space for the mask.
 2021-03-24 14:18:40 -06:00
Todd C. Miller
423e231229 SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. 
Gleaned from sendmail.
 2021-03-24 08:57:43 -06:00
Todd C. Miller
45ca46d735 Use SIOCGSIZIFCONF or SIOCGIFNUM where available. 
Still falls back to a loop if not but now maxes out at 2048
interfaces instead of potentially looping forever.
 2021-03-24 08:57:40 -06:00
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
9d6a37a49b Use SIOCGLIFCONF to get interface list where supported (Solaris). 
HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also add IPv6 support using SIOCGIFCONF (probably AIX only) and make
sure ifr_tmpbuf[] is properly aligned.
 2021-03-22 19:51:40 -06:00
Todd C. Miller
06df3a1b47 Add simple regress check to display the network interfaces found. 2021-03-22 12:26:36 -06:00
Todd C. Miller
009069115c Suggest clang 11 or higher, some fuzzers may hang when used with clang 10. 2021-03-19 08:04:39 -06:00
Todd C. Miller
977f238d35 Add dictionary file for fuzz_logsrvd_conf. 2021-03-18 19:46:08 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
5498c6a938 We can now rely on LLVMFuzzerTestOneInput to flush stdout. 2021-03-18 13:40:26 -06:00
Todd C. Miller
bac0579134 Fix fuzz_sudoers output comparison when fuzzing is enabled. 
libFuzzer outputs additional info to stderr that our stub doesn't.
 2021-03-18 13:20:45 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
f57ab1a638 fix typo 2021-03-13 08:44:46 -07:00
Todd C. Miller
bc32789af2 Bug #968 2021-03-10 19:20:24 -07:00
Todd C. Miller
843c4b632c Updated translations from translationproject.org 2021-03-10 13:13:53 -07:00
Todd C. Miller
d7d80e703f Use HAVE_STDINT_H instead of trying to guess based on __STDC_VERSION__. 
Fixes compilation with pre-C99 headers when the compiler supports C99.
 2021-03-10 12:27:14 -07:00
Todd C. Miller
d9d450292d Remove compatibility defines for POSIX sys/stat.h macros. 
Modern systems have them and we no longer support pre-POSIX systems.
This fixes potential redefinition of the macros if sys/stat.h is
included after sudo_compat.h.  Bug #968.
 2021-03-10 12:26:11 -07:00
Todd C. Miller
3f11e8d9a6 Quiet a few Solaris Studio compiler warnings. 2021-03-10 08:57:28 -07:00
Todd C. Miller
b8e588565b Add -Wno-unknown-pragmas along with -Wall. 
We don't want warnings about unknown pragmas in system headers.
 2021-03-10 07:47:23 -07:00
Todd C. Miller
42fbc185ab Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead. 2021-03-10 07:29:52 -07:00
Todd C. Miller
0e2ba920ee Compare OS name against freebsd* and netbsd* not freebsd and netbsd. 
Fixes an issue on NetBSD where host_os starts with netbsdelf.
 2021-03-08 14:05:39 -07:00
Todd C. Miller
07af7caf73 Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD 2021-03-08 12:55:15 -07:00
Todd C. Miller
0cf7c3a951 Set locale for all "make check" targets. 2021-03-08 12:51:48 -07:00
Todd C. Miller
7bce330ffa AIX 6.1 may have a broken fmemopen(). 
We only use it for the fuzzers so ignore it for AIX < 7.1.
 2021-03-07 07:51:59 -07:00
Todd C. Miller
2b564cd7b2 Only put specific directories in the ROOT section of the AIX package. 
Previously, /usr and /opt were placed in USR and everything else
went in ROOT.  Now, only /dev, /etc, /sbin and /var go in ROOT.
 2021-03-06 16:23:24 -07:00
Todd C. Miller
ce497bf30b Updated translations from translationproject.org 2021-03-06 16:10:59 -07:00
Todd C. Miller
1c6080f135 Remove unused tls parameter, we now use a per-address tls flag. 2021-03-05 14:48:08 -07:00
Todd C. Miller
2759920b86 Document double escaping of backslashes. Bug #961. 2021-03-03 15:49:18 -07:00
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
08b0b626f1 Fix a potential use-after-free in conversation function. 
The prompt passed in to sudo_pam_verify() will be freed later by
check_user_interactive() so we need to reset the stashed value.
From Pavel Heimlich.  Bug #967.
 2021-03-03 08:19:44 -07:00
Todd C. Miller
f0761a9810 No need to update cp after storing gr->gr_name, it is not used, 
Coverity CID 219314
 2021-03-03 07:13:25 -07:00
Todd C. Miller
a31bbbfbb6 Mention GitHub issue #56. 2021-03-02 19:39:47 -07:00
Todd C. Miller
4285153275 regen 2021-03-02 19:30:02 -07:00