mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity
12,309 Commits 6 Branches 326 Tags
Commit Graph

274 Commits

Author SHA1 Message Date
Todd C. Miller
24d812d037 Pass command_info[] to audit plugin on I/O log plugin reject or error. 
The audit plugin should cope with a NULL command_info but there's no
reason not to pass the info when we have it.
 2020-11-17 13:15:15 -07:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
8bb5aedacf Replace master/slave in code with leader/follower. 2020-06-15 16:21:32 -06:00
Todd C. Miller
a380709215 If event loop fails due to ENXIO, remove /dev/tty events and recover. 
This fixes an issue on Solaris 11.4 (and probably others) with "sudo
reboot" when I/O logging is enabled.  Previously, sudo would kill
the command if it was still running after the event loop terminated,
leaving the system in a half-dead state.
 2020-06-02 08:59:38 -06:00
Todd C. Miller
592eb7ab49 Don't try to suspend sudo if the user's tty has gone away. 
Fixes a problem on Solaris 11.4 (and possibly others) where sudo
continually tries to put itself in the background after the user's
terminal has been revoked.
 2020-06-01 14:19:50 -06:00
Todd C. Miller
de31e6d53b Back out WIP code that was mistakenly committed. 2020-06-01 14:04:15 -06:00
Todd C. Miller
ad70fb4f1e On Solaris 11.4 the openpty(3) prototype lives in termios.h. 2020-06-01 12:59:29 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
3221c8b4d8 Don't kill the command just because the loop exited unexpectedly. 
We currently have no good way to distinguish between an error
executing the command and an error while the command is running.

In the future, we should have additional status codes so we
can tell what type of condition caused the loop to exit.

For now, only kill the command if cstat is left uninitialized.
 2020-03-31 08:49:30 -06:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
64d08d8bf2 Update copyright year 2019-01-03 11:09:00 -07:00
Todd C. Miller
b2f7983c84 Fix setting of utmp entry when running command in a pty. 
Regression introduced in sudo 1.8.22.
 2019-01-02 07:39:33 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
b89cf34b53 Replace sudo_fatal(NULL) with an "unable to allocate memory" message 
that includes the function name.
 2018-10-12 08:39:12 -06:00
Todd C. Miller
cf07dc0757 Add a suspend event type to the I/O log to log suspend/resume of 
the command so we can skip that delay during replay.
 2018-10-05 14:16:08 -06:00
Todd C. Miller
e2570307e6 Initialize the pty rows/cols based on the values we stored in user_details. 
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
 2018-10-05 14:04:29 -06:00
Todd C. Miller
59e5e379be Move the loop to free the monitor_messages list into free_exec_closure_pty() 2018-08-23 11:10:57 -06:00
Todd C. Miller
5cca421867 Close the pty slave in the parent so that when the command and 
monitor exit, the pty gets recycled without our having to close
it directly.
 2018-08-20 10:04:15 -06:00
Todd C. Miller
6953e7fc79 Move updating of the window size to the monitor process. 
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.
 2018-08-20 10:04:14 -06:00
Todd C. Miller
dc1e0e7168 Work around a bug on AIX where closing the pty slave causes the 
main sudo process to lose its controlling tty (which was *not* the
pty slave).
 2018-07-23 11:37:26 -06:00
Todd C. Miller
a42cf67acb In pty_close() we still need to check whether the pty master and 
slave fds are open before closing them.  When no tty is present but
we are I/O logging pty_close() will be called when there is no
actual pty in use.
 2018-03-27 16:00:08 -06:00
Todd C. Miller
2336496347 In pty_close() there is no need to remove events associated with 
the pty slave as there are none.  We also don't need to check for
the pty fds being -1 since they are not closed elsewhere and
pty_close() is only called if pty_setup() succeeds.
 2018-03-26 06:28:23 -06:00
Todd C. Miller
4df454310d In pty_close() close the slave and remove any events associated 
with it.  Fixes a potential hang when performing the final flush
on non-BSD systems.
 2018-03-25 06:03:19 -06:00
Todd C. Miller
d5d170252a In pty_cleanup() we need to call sudo_term_restore() even if no I/O 
plugins are present as long as /dev/tty exists.  Fixes the use_pty
case with no I/O plugins.
 2018-02-19 11:00:12 -07:00
Todd C. Miller
42fe0409f6 Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. 
Similar the dispatch function in libevent.
 2018-02-19 11:00:10 -07:00
Todd C. Miller
cd0b700543 No need for a loop around the recv() now that we don't have to worry 
about EINTR.  CID 180697
 2017-12-12 21:44:23 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
a2eff11509 Track window size changes that happen while sudo is suspended 2017-12-02 21:30:11 -07:00
Todd C. Miller
116c5d7eff Move call to sudo_ev_loopcontinue() into schedule_signal() itself. 
We always want to prioritize signal forwarding.
 2017-11-30 10:02:15 -07:00
Todd C. Miller
b9adb3dd51 Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying 
to handle EINTR.  We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
 2017-11-30 09:53:21 -07:00
Todd C. Miller
54acf4f991 Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the tty. 
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run.  Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
5ccc7ab879 We don't need to be the foreground process to be able to write to 
the terminal in most cases.  If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end.  This currently mishandles terminals with
the TOSTOP local flag set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
3b88cdfcd8 Fix stair-stepped output when the output of a sudo command is piped 
to another command and use_pty is set.
 2017-09-26 14:21:11 -06:00
Todd C. Miller
8949992040 Set ec->cmnd_pid to the correct value when receiving the command's 
process ID from the monitor.
 2017-09-07 13:22:10 -06:00
Todd C. Miller
84af812b8c If /dev/tty is not available and no I/O logging plugins are configured, 
fall back on exec_nopty() even if the policy plugin requested a pty.
We never allocate a pty when sudo is not run from a terminal anyway.
 2017-09-07 11:32:30 -06:00
Todd C. Miller
2c2476f07f Do not set utmp_user if we did not actually allocate a pty. 2017-09-07 11:00:19 -06:00
Todd C. Miller
0849e2cac4 No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() 
will delete the event from its base before freeing it.
 2017-07-27 14:12:57 -06:00
Todd C. Miller
1cfaf6c344 Terminate the command if an I/O log function returns 0 or -1. This 
was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the
removal of the ignore_iolog_errors variable.
 2017-07-27 14:10:44 -06:00
Todd C. Miller
7f8765d327 If we free the default base in sudo_ev_base_free(), reset the default 
base to NULL.
 2017-07-14 10:09:58 -06:00