mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 13:28:10 +00:00
Code Issues Releases Wiki Activity
13,161 Commits 6 Branches 326 Tags
Commit Graph

13161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a1bb5e5c1c Sudo 1.9.15p3 
--HG--
branch : 1.9
SUDO_1_9_15p3 v1.9.15p3 		2023-12-13 12:15:12 -07:00
Todd C. Miller
de242c5738 Pass back Solaris privs as "runas_privs" and "runas_limitprivs". 
The "runas_" prefix got inadvertantly removed in the big sudoers_context
refactor.
 2023-12-11 13:31:56 -07:00
Todd C. Miller
f149dd2c8c Pass back Solaris privs as "runas_privs" and "runas_limitprivs". 
The "runas_" prefix got inadvertantly removed in the big sudoers_context
refactor.

--HG--
branch : 1.9
 2023-12-11 13:31:56 -07:00
Todd C. Miller
1e03cbd0b4 sudo_term_is_raw: only try to lock the fd if it is a tty 
This moves sudo_isatty() to libsudo_util so sudo_term_is_raw() can
use it.  Fixes GitHub issue #335
 2023-12-09 12:54:56 -07:00
Todd C. Miller
2fc78071c8 sudo_term_is_raw: only try to lock the fd if it is a tty 
This moves sudo_isatty() to libsudo_util so sudo_term_is_raw() can
use it.  Fixes GitHub issue #335

--HG--
branch : 1.9
 2023-12-09 12:54:56 -07:00
Todd C. Miller
d17e28ad61 setup_terminal: fix an editing error introduced in 1.9.15. 2023-12-07 07:27:06 -07:00
Todd C. Miller
6ef5310e0b setup_terminal: fix an editing error introduced in 1.9.15. 
--HG--
branch : 1.9
 2023-12-07 07:27:06 -07:00
Todd C. Miller
0c2de39da3 command_matches_regex: retry with canonicalized path if possible 
If ctx->user.cmnd doesn't match, use ctx->user.cmnd_dir (if present)
to construct a canonicalized path and match on that.
 2023-12-06 10:27:57 -07:00
Todd C. Miller
44f0908e73 command_matches_fnmatch: retry with canonicalized path if possible 
If ctx->user.cmnd doesn't match, use ctx->user.cmnd_dir (if present)
to construct a canonicalized path and match on that.
 2023-12-04 18:35:08 -07:00
Todd C. Miller
24f443981f If sysconf(_SC_HOST_NAME_MAX) returns 0, just use 255. 
This should not actually be possible.
 2023-12-04 09:24:30 -07:00
Todd C. Miller
b16d194bbd Fall back to "localhost" if gethostname() fails. 
GitHub issue #332

--HG--
branch : 1.9
 2023-12-04 09:21:56 -07:00
Todd C. Miller
8faf432499 Fall back to "localhost" if gethostname() fails. 
GitHub issue #332
 2023-12-04 09:21:56 -07:00
Todd C. Miller
3cbcb308cb command_matches_glob: fix comparison of canonicalized parent directories 
Bug #1062

--HG--
branch : 1.9
 2023-12-04 09:08:52 -07:00
Todd C. Miller
8dd2967766 command_matches_glob: fix comparison of canonicalized parent directories 
Bug #1062
 2023-12-04 09:08:52 -07:00
Todd C. Miller
9c3eb2feca Add missing print_member_list_csv() return value check. 2023-12-01 15:14:59 -07:00
Todd C. Miller
79ed29c4a3 Check sudoers_debug_register() return value. 2023-12-01 15:00:08 -07:00
Todd C. Miller
c3ac12297a Regenerate with the autoconf 2.72d snapshot. 2023-11-30 16:24:05 -07:00
Todd C. Miller
77700a4b7a Add cmddenial_message to def_data.in 2023-11-28 15:19:24 -07:00
THE-Spellchecker
5eba4b48cf Typographical and Grammatical fixes 2023-11-28 15:00:04 -07:00
Todd C. Miller
b4ae559c81 Reword the description of cmddenial_message. 2023-11-28 14:49:13 -07:00
Todd C. Miller
6b6e0aed0a Regenerate from sudoreplay.mdoc.in 2023-11-28 14:48:51 -07:00
Guillaume Destuynder
a4cbfecdae Add support for a custom message when the command execution is denied. 2023-11-28 14:19:26 -07:00
Todd C. Miller
55db829087 No need to include sys/param.h here. 2023-11-26 09:28:40 -07:00
Todd C. Miller
522f1b634f tsdump: quiet compiler warnings on some platforms. 
Quiet a -Wshadow warning from gcc.
Cast major() and minor() to unsigned int when printing.
 2023-11-26 09:27:46 -07:00
Todd C. Miller
288593875d tsdump: display both the terminal path and device number. 
If no terminal device can be found, print "major, minor" device
numbers instead.
 2023-11-26 09:07:25 -07:00
Todd C. Miller
7d7dfbfd44 Sync time stamp defines with sudoers timestamp.h 
The types and flags are now explicitly unsigned.
 2023-11-26 08:59:05 -07:00
Todd C. Miller
0c958e1852 Mention the tsdump utility 2023-11-26 08:55:41 -07:00
Todd C. Miller
66c9a636d1 Build tsdump by default so it does not suffer bit rot. 2023-11-26 08:45:43 -07:00
Todd C. Miller
67ed8fbe58 Add sudo_debug_exit_dev_t stub for fuzzing. 2023-11-26 08:30:41 -07:00
Todd C. Miller
be911b77dd Avoid using the u_int type, which is not portable. 2023-11-26 08:24:26 -07:00
Todd C. Miller
5ff6f49653 tsdump: update to use a uid-based path by default 
This matches the changes in sudo 1.9.15 to the sudoers policy module.
 2023-11-26 08:21:05 -07:00
Todd C. Miller
ce74f50b44 Update for plugin version 1.22. 2023-11-25 18:51:28 -07:00
Todd C. Miller
61dbfe0924 Document ttydev and bump plugin version to 1.22 2023-11-25 18:38:36 -07:00
Todd C. Miller
a85494b5c4 Add ttydev to sudoers_user_context and use for timestamp file. 
GitHub issue #329
 2023-11-25 16:26:45 -07:00
Todd C. Miller
3dfbf9316c Pass tty device number from front-end to policy module. 
GitHub issue #329
 2023-11-25 16:26:44 -07:00
Todd C. Miller
b9275b7eab Rename submit_time -> event_time in struct eventlog. 2023-11-23 09:08:04 -05:00
Todd C. Miller
0e53d5fddf We can use evlog.submit_time in the call to eventlog_alert(). 
This is set to the current wallclock time by sudoers_to_eventlog().
 2023-11-23 09:08:04 -05:00
Todd C. Miller
39ea3176c1 Replace submit_time in struct sudoers_context with start_time. 
We need to track the (monotonic) command start time to be able to
generate an accurate run time.  Instead of setting submit time when
the policy initializes (and using that time for logging purposes),
set evlog->submit_time to the current wallclock time when we need
to perform logging.  This is more consistent with how sudo logging
was performed in the past.  Fixes GitHub issues #327.
 2023-11-23 09:08:04 -05:00
Todd C. Miller
432b085558 log_server_open: always pass in awake time, not wallclock time. 
The timespec passed to log_server_open() should be from
sudo_gettime_awake() since it is used to build the command run time.
 2023-11-23 09:08:04 -05:00
Todd C. Miller
6965e1b0aa log_server_alert: use fmt_alert_message not fmt_reject_message 
Only affects intercepted commands.
 2023-11-23 09:08:04 -05:00
Todd C. Miller
13dec64f3d log_server_alert: struct timespec argument was not actually used 
The struct timespec argument is used to initialize the command
start time, which is not used for an alert message.
 2023-11-23 09:08:04 -05:00
Todd C. Miller
47a43c5404 cvtsudoers_csv.c: remove most sudo_fatal() calls. 
Errors are now propagated up the call stack.
 2023-11-11 10:22:14 -07:00
Todd C. Miller
dd5f7a4505 No need for sudo_fatalx() here, just pass back an error. 2023-11-11 08:31:23 -07:00
Todd C. Miller
2c06aa321b cvtsudoers_ldif: display warning on write error 2023-11-11 08:19:19 -07:00
Todd C. Miller
7e4632691b cvtsudoers_merge.c: remove sudo_fatal() calls. 
Errors are now propagated up the call stack.
 2023-11-11 08:15:06 -07:00
Todd C. Miller
8cfd4467f4 Make new_member() return NULL on failure and adjust callers. 2023-11-10 16:53:57 -07:00
Todd C. Miller
564d8ac01d Pass return values back instead of using sudo_fatal(). 2023-11-10 14:05:35 -07:00
Todd C. Miller
d28884b1c7 Add printf_attribute_ldif() to printf-format an LDIF attribute. 
This replaces multiple sequences of asprintf() and print_attribute_ldif().
 2023-11-10 13:34:13 -07:00
Todd C. Miller
12e55dcd78 cvtsudoers_json.c: check sudo_json_* return values. 
Previously, we set memfatal to true in sudo_json_init() instead.
This also gets rid of a number of sudo_fatalx() calls.
 2023-11-09 17:12:56 -07:00
Todd C. Miller
1a68935ae3 add_timestamp: check sudo_json_* return values. 2023-11-09 17:12:55 -07:00