]> granicus.if.org Git - sudo/log
sudo
8 years agoRefactor freeing of a member_list into free_members().
Todd C. Miller [Tue, 1 Nov 2016 20:15:07 +0000 (14:15 -0600)]
Refactor freeing of a member_list into free_members().

8 years agoadd_defaults() now calls sudoerserror() itself instead of the caller
Todd C. Miller [Tue, 1 Nov 2016 20:13:47 +0000 (14:13 -0600)]
add_defaults() now calls sudoerserror() itself instead of the caller
assuming any error means out of member.

8 years agos/rval/ret/g -- old habits die hard
Todd C. Miller [Tue, 1 Nov 2016 18:34:24 +0000 (12:34 -0600)]
s/rval/ret/g -- old habits die hard

8 years agoRemove inaccurate XXX comment, sudo_file_parse() sends mail on parse error.
Todd C. Miller [Mon, 31 Oct 2016 22:21:50 +0000 (16:21 -0600)]
Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse error.

8 years agoThe fix for Bug #408 broke editing of files in an include dir that
Todd C. Miller [Mon, 31 Oct 2016 21:57:05 +0000 (15:57 -0600)]
The fix for Bug #408 broke editing of files in an include dir that
have a syntax error.  Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.

8 years agoMake a copy of the current sudoers path when assigning errorfile.
Todd C. Miller [Mon, 31 Oct 2016 21:21:18 +0000 (15:21 -0600)]
Make a copy of the current sudoers path when assigning errorfile.
Fixes a potential use after free in visudo when there is an error
in one of the include files.

8 years agosudoers_debug_register() was not setting the active debug instance
Todd C. Miller [Mon, 31 Oct 2016 19:36:35 +0000 (13:36 -0600)]
sudoers_debug_register() was not setting the active debug instance
to sudoers_debug_instance when called from the I/O log plugin.  This
is because it relied on sudo_debug_register to do that but
sudoers_debug_parse_flags() doesn't set debug_files[]
sudoers_debug_instance is already set (we can only init sudoers
debug once).

To work around this, just make sudoers_debug_instance the active
debug instance in sudoers_debug_register() when it is already set.

8 years agoFix pasto when setting I/O plugin debug files
Todd C. Miller [Mon, 31 Oct 2016 19:12:35 +0000 (13:12 -0600)]
Fix pasto when setting I/O plugin debug files

8 years agouse cp instead of *cur when comparing against plugin_path
Todd C. Miller [Mon, 31 Oct 2016 18:54:53 +0000 (12:54 -0600)]
use cp instead of *cur when comparing against plugin_path

8 years agoIn sudo_mkdir_parents() inherit the gid of / instead of using gid
Todd C. Miller [Sun, 30 Oct 2016 15:09:12 +0000 (09:09 -0600)]
In sudo_mkdir_parents() inherit the gid of / instead of using gid
0 for the first component.

8 years agoWe want to inherit the gid from the parent directory when not setting
Todd C. Miller [Sun, 30 Oct 2016 12:36:55 +0000 (06:36 -0600)]
We want to inherit the gid from the parent directory when not setting
permissions on intermerdiate directories.

8 years agoMove io_mkdir_parents() to its own file and use it in ts_mkdirs().
Todd C. Miller [Sat, 29 Oct 2016 18:45:57 +0000 (12:45 -0600)]
Move io_mkdir_parents() to its own file and use it in ts_mkdirs().

8 years agoMake the I/O log file/dir permissions and owner configurable.
Todd C. Miller [Sat, 29 Oct 2016 18:45:55 +0000 (12:45 -0600)]
Make the I/O log file/dir permissions and owner configurable.

8 years agoAdd vsyslog.lo
Todd C. Miller [Sat, 29 Oct 2016 18:22:40 +0000 (12:22 -0600)]
Add vsyslog.lo

8 years agosudo 1.8.19
Todd C. Miller [Sat, 29 Oct 2016 16:23:33 +0000 (10:23 -0600)]
sudo 1.8.19

8 years agoDon't try to syntax check an unrecognized Defaults value in visudo.
Todd C. Miller [Fri, 28 Oct 2016 14:24:51 +0000 (08:24 -0600)]
Don't try to syntax check an unrecognized Defaults value in visudo.

8 years agoCreate I/O log files with the same gid as the parent directory.
Todd C. Miller [Wed, 26 Oct 2016 20:18:58 +0000 (14:18 -0600)]
Create I/O log files with the same gid as the parent directory.

8 years agoCheck for sudo_ldap_result_last_search() returning NULL. This can't
Todd C. Miller [Wed, 26 Oct 2016 19:49:05 +0000 (13:49 -0600)]
Check for sudo_ldap_result_last_search() returning NULL.  This can't
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.

8 years agoQuiet a PVS-Studio warning about the spin loop when waiting for the
Todd C. Miller [Wed, 26 Oct 2016 19:49:04 +0000 (13:49 -0600)]
Quiet a PVS-Studio warning about the spin loop when waiting for the
parent to assign us the terminal pgrp.

8 years agoFix incorrect strncmp() lengths. The check for USERNAME was only
Todd C. Miller [Wed, 26 Oct 2016 17:25:59 +0000 (11:25 -0600)]
Fix incorrect strncmp() lengths.  The check for USERNAME was only
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.

8 years agoWhen checking for old-style bash functions in the environment, check
Todd C. Miller [Wed, 26 Oct 2016 17:22:30 +0000 (11:22 -0600)]
When checking for old-style bash functions in the environment, check
for values starting with "() " (note the trailing space) rather
than "()".  Bash will only treat the value as a function if the
space after "()" is present.  The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio.  No security impact.

8 years agoAdd some missing casts from uid_t/gid_t to int when printing uid/gid
Todd C. Miller [Wed, 26 Oct 2016 17:08:33 +0000 (11:08 -0600)]
Add some missing casts from uid_t/gid_t to int when printing uid/gid
values.  We print these as signed so a value of -1 (no change) is
obvious.  Quiets PVS-Studio warnings.

8 years agodef_timestamp_timeout is a double so compare against 0.0 not 0 to
Todd C. Miller [Wed, 26 Oct 2016 16:56:32 +0000 (10:56 -0600)]
def_timestamp_timeout is a double so compare against 0.0 not 0 to
avoid making it appear to be an integer type.

8 years agoWhen checking syslog facility or priority, move the string
Todd C. Miller [Wed, 26 Oct 2016 16:46:03 +0000 (10:46 -0600)]
When checking syslog facility or priority, move the string
compare into the body of the loop and return if it matches.
If we finish the loop it means we didn't find a match.
This makes the code a little bit more readable.

8 years agoReplace bare ";" in the body of for() loops with "continue;" for
Todd C. Miller [Wed, 26 Oct 2016 16:42:28 +0000 (10:42 -0600)]
Replace bare ";" in the body of for() loops with "continue;" for
improved readability.

8 years agoUpdate from http://git.savannah.gnu.org/gitweb/?p=config.git
Todd C. Miller [Fri, 21 Oct 2016 16:06:14 +0000 (10:06 -0600)]
Update from http://git.savannah.gnu.org/gitweb/?p=config.git

8 years agoUpdate to libtool 2.4.6
Todd C. Miller [Fri, 21 Oct 2016 16:03:02 +0000 (10:03 -0600)]
Update to libtool 2.4.6

8 years agoUse a static buffer if possible.
Todd C. Miller [Wed, 19 Oct 2016 18:56:34 +0000 (12:56 -0600)]
Use a static buffer if possible.

8 years agoadd vsyslog() for systems without it.
Todd C. Miller [Wed, 19 Oct 2016 17:32:36 +0000 (11:32 -0600)]
add vsyslog() for systems without it.

8 years agoThere are now 14 tag values, not 10. Don't bother mentioning the
Todd C. Miller [Wed, 19 Oct 2016 13:33:07 +0000 (07:33 -0600)]
There are now 14 tag values, not 10.  Don't bother mentioning the
number since it keeps increasing.  Bug #759

8 years agoUse vsyslog() if available.
Todd C. Miller [Tue, 18 Oct 2016 23:00:53 +0000 (17:00 -0600)]
Use vsyslog() if available.

8 years agoAdd syslog_maxlen to control the max size of syslog messages.
Todd C. Miller [Tue, 18 Oct 2016 21:51:47 +0000 (15:51 -0600)]
Add syslog_maxlen to control the max size of syslog messages.

8 years agoDon't generate SIGTOU when restoring the terminal modes. It doen't
Todd C. Miller [Mon, 17 Oct 2016 15:02:34 +0000 (09:02 -0600)]
Don't generate SIGTOU when restoring the terminal modes.  It doen't
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.

8 years agoThe flush parameter of sudo_term_restore() is bool, not int.
Todd C. Miller [Mon, 17 Oct 2016 14:57:17 +0000 (08:57 -0600)]
The flush parameter of sudo_term_restore() is bool, not int.

8 years agoAdd wordexp() to the list of functions wrapped by sudo_noexec.so.
Todd C. Miller [Fri, 14 Oct 2016 16:33:55 +0000 (10:33 -0600)]
Add wordexp() to the list of functions wrapped by sudo_noexec.so.

8 years agoNeed RTLD_NEXT for wordexp() on dlopen() systems. It is missing on AIX 5.1 at least.
Todd C. Miller [Mon, 10 Oct 2016 14:38:50 +0000 (08:38 -0600)]
Need RTLD_NEXT for wordexp() on dlopen() systems.  It is missing on AIX 5.1 at least.

8 years agoadd missing guard around wordexp()
Todd C. Miller [Mon, 10 Oct 2016 14:33:57 +0000 (08:33 -0600)]
add missing guard around wordexp()

8 years agoexpand on 1.8.18p1 changes
Todd C. Miller [Mon, 10 Oct 2016 14:24:47 +0000 (08:24 -0600)]
expand on 1.8.18p1 changes

8 years agosudo 1.8.18p1
Todd C. Miller [Mon, 10 Oct 2016 01:58:54 +0000 (19:58 -0600)]
sudo 1.8.18p1

8 years agoFix configure check for seccomp filter on Linux
Todd C. Miller [Sun, 9 Oct 2016 17:24:29 +0000 (11:24 -0600)]
Fix configure check for seccomp filter on Linux

8 years agoUse a seccomp filter on Linux to disable execve(2) and execveat(2).
Todd C. Miller [Sun, 9 Oct 2016 01:09:17 +0000 (19:09 -0600)]
Use a seccomp filter on Linux to disable execve(2) and execveat(2).
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.

8 years agoregen
Todd C. Miller [Sun, 9 Oct 2016 01:02:15 +0000 (19:02 -0600)]
regen

8 years agoregen
Todd C. Miller [Sat, 8 Oct 2016 16:36:02 +0000 (10:36 -0600)]
regen

8 years agoWrap wordexp(3) in sudo_noexec.
Todd C. Miller [Thu, 6 Oct 2016 02:21:18 +0000 (20:21 -0600)]
Wrap wordexp(3) in sudo_noexec.

8 years agoClean .json files created by "make check"
Todd C. Miller [Mon, 26 Sep 2016 19:38:51 +0000 (13:38 -0600)]
Clean .json files created by "make check"

8 years agorecompile .po files
Todd C. Miller [Mon, 19 Sep 2016 22:40:26 +0000 (16:40 -0600)]
recompile .po files

8 years agoFix matching when no sudoRunAsUser is present in a sudoRole.
Todd C. Miller [Mon, 19 Sep 2016 12:19:49 +0000 (06:19 -0600)]
Fix matching when no sudoRunAsUser is present in a sudoRole.
If only a sudoRunAsGroup is present, match on the invoking user
if the -g option was specified and the group matched.
If no sudoRunAsGroup is present and the -g option was specified,
allow it if it matches the passwd gid of the runas user.
This matches the behavior of the sudoers backend.

8 years agorunas_pw can no longer be NULL
Todd C. Miller [Mon, 19 Sep 2016 12:08:00 +0000 (06:08 -0600)]
runas_pw can no longer be NULL

8 years agoRunAsGroup without RunAsUser issues
Todd C. Miller [Thu, 15 Sep 2016 21:24:00 +0000 (15:24 -0600)]
RunAsGroup without RunAsUser issues

8 years agouser_matched and group_matched must be type int, not bool
Todd C. Miller [Thu, 15 Sep 2016 21:22:06 +0000 (15:22 -0600)]
user_matched and group_matched must be type int, not bool

8 years agoUse RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding
Todd C. Miller [Thu, 15 Sep 2016 19:47:38 +0000 (13:47 -0600)]
Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding
whether to check runas user/group instead of checking runas_pw or
runas_gr.

8 years agoWhen matching against runas_default use userpw_matches() instead
Todd C. Miller [Thu, 15 Sep 2016 19:36:43 +0000 (13:36 -0600)]
When matching against runas_default use userpw_matches() instead
of just strcasecmp().

8 years agoSet RUNAS_USER_SPECIFIED when -u is specified and/or RUNAS_GROUP_SPECIFIED
Todd C. Miller [Thu, 15 Sep 2016 19:16:38 +0000 (13:16 -0600)]
Set RUNAS_USER_SPECIFIED when -u is specified and/or RUNAS_GROUP_SPECIFIED
when -g is specified.

8 years agoFix printing of the default runas user when a RunAsGroup is specified
Todd C. Miller [Thu, 15 Sep 2016 17:29:27 +0000 (11:29 -0600)]
Fix printing of the default runas user when a RunAsGroup is specified
but no RunAsUser is present.

8 years agoOnly match against runas_default if both sudoRunAsUser and
Todd C. Miller [Thu, 15 Sep 2016 16:46:57 +0000 (10:46 -0600)]
Only match against runas_default if both sudoRunAsUser and
sudoRunAsGroup are missing.

8 years agorunas_pw can no longer be NULL here
Todd C. Miller [Thu, 15 Sep 2016 15:40:41 +0000 (09:40 -0600)]
runas_pw can no longer be NULL here

8 years agoUpdate check for whether or not the runas user was set in the ldap
Todd C. Miller [Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)]
Update check for whether or not the runas user was set in the ldap
and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.

8 years agoDocument that negated sudoHosts are only supported by 1.8.18 and higher.
Todd C. Miller [Thu, 15 Sep 2016 14:36:08 +0000 (08:36 -0600)]
Document that negated sudoHosts are only supported by 1.8.18 and higher.

8 years agoDisable Address Sanitizer leak detection for tests which generate
Todd C. Miller [Thu, 15 Sep 2016 14:33:01 +0000 (08:33 -0600)]
Disable Address Sanitizer leak detection for tests which generate
parse errors.  The parser leaks a bit on error.

8 years agoFix underflow in get_ipa_hostname() when trimming trailing
Todd C. Miller [Thu, 15 Sep 2016 11:54:53 +0000 (05:54 -0600)]
Fix underflow in get_ipa_hostname() when trimming trailing
whitespace.

8 years agoDocument negated sudoHost entries.
Todd C. Miller [Wed, 14 Sep 2016 16:33:38 +0000 (10:33 -0600)]
Document negated sudoHost entries.

8 years agoSupport negated sudoHost entries.
Todd C. Miller [Wed, 14 Sep 2016 16:33:27 +0000 (10:33 -0600)]
Support negated sudoHost entries.

8 years agoDocument negated sudoHost entries.
Todd C. Miller [Wed, 14 Sep 2016 16:29:18 +0000 (10:29 -0600)]
Document negated sudoHost entries.

8 years agoSupport negated sudoHost entries.
Todd C. Miller [Wed, 14 Sep 2016 16:22:52 +0000 (10:22 -0600)]
Support negated sudoHost entries.

8 years agoDon't check the username when matching a host netgroup unless
Todd C. Miller [Tue, 13 Sep 2016 15:12:42 +0000 (09:12 -0600)]
Don't check the username when matching a host netgroup unless
def_netgroup_tuple is enabled.

8 years agoMove valid domain name check into a new valid_domain() function.
Todd C. Miller [Tue, 13 Sep 2016 15:06:25 +0000 (09:06 -0600)]
Move valid domain name check into a new valid_domain() function.
Fix memory leak if getdomainname(2) fails and avoid using heap
garbage for the domain name matching in this case.

8 years agosync with translationproject.org
Todd C. Miller [Mon, 12 Sep 2016 20:59:22 +0000 (14:59 -0600)]
sync with translationproject.org

8 years agoAdd back line mistakenly removed in 0cf2a9351740
Todd C. Miller [Sun, 11 Sep 2016 20:37:42 +0000 (14:37 -0600)]
Add back line mistakenly removed in 0cf2a9351740

8 years agosync with translationproject.org
Todd C. Miller [Sun, 11 Sep 2016 13:50:12 +0000 (07:50 -0600)]
sync with translationproject.org

8 years agoBug #757
Todd C. Miller [Fri, 9 Sep 2016 22:29:37 +0000 (16:29 -0600)]
Bug #757

8 years agoFix typo that broke short host name matching when the fqdn
Todd C. Miller [Fri, 9 Sep 2016 22:26:22 +0000 (16:26 -0600)]
Fix typo that broke short host name matching when the fqdn
flag is enabled.  Bug #757

8 years agoBe consistent with the naming of the variable used to store the
Todd C. Miller [Thu, 8 Sep 2016 22:38:08 +0000 (16:38 -0600)]
Be consistent with the naming of the variable used to store the
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.

8 years agosync with translationproject.org
Todd C. Miller [Wed, 7 Sep 2016 17:08:12 +0000 (11:08 -0600)]
sync with translationproject.org

8 years agoNorwegian Nynorsk translation of sudo from translationproject.org
Todd C. Miller [Wed, 7 Sep 2016 17:07:59 +0000 (11:07 -0600)]
Norwegian Nynorsk translation of sudo from translationproject.org

8 years agoFix for Bug #756
Todd C. Miller [Wed, 7 Sep 2016 17:02:25 +0000 (11:02 -0600)]
Fix for Bug #756

8 years agoIn sudoers_main() avoid setting rval prematurely. Prevents a crash
Todd C. Miller [Tue, 6 Sep 2016 01:44:46 +0000 (19:44 -0600)]
In sudoers_main() avoid setting rval prematurely.  Prevents a crash
when auditing fails after successfully authenticating.  Bug #756

8 years agoApply match_group_by_gid early.
Todd C. Miller [Mon, 5 Sep 2016 12:21:23 +0000 (06:21 -0600)]
Apply match_group_by_gid early.

8 years agoupdate
Todd C. Miller [Fri, 2 Sep 2016 16:30:35 +0000 (10:30 -0600)]
update

8 years agoDon't disable large file support for Linux, just SVR4-style /proc.
Todd C. Miller [Fri, 2 Sep 2016 14:05:07 +0000 (08:05 -0600)]
Don't disable large file support for Linux, just SVR4-style /proc.
Otherwise, stat(2) may fail on Linux when running a 32-bit sudo
on a 64-bit machine.  Bug #755

8 years agoMake sudo_parseln() flags hex to make it more obvious that they are
Todd C. Miller [Thu, 1 Sep 2016 20:36:24 +0000 (14:36 -0600)]
Make sudo_parseln() flags hex to make it more obvious that they are
bit flags.

8 years agoDon't try to support line continuation in /etc/environment.
Todd C. Miller [Thu, 1 Sep 2016 20:35:40 +0000 (14:35 -0600)]
Don't try to support line continuation in /etc/environment.

8 years agoNo line continuation support in ldap.conf.
Todd C. Miller [Thu, 1 Sep 2016 18:45:42 +0000 (12:45 -0600)]
No line continuation support in ldap.conf.

8 years agoAdd flag to sudo_parseln() to disable line continuation support.
Todd C. Miller [Thu, 1 Sep 2016 16:50:39 +0000 (10:50 -0600)]
Add flag to sudo_parseln() to disable line continuation support.

8 years agoA comment character ('#') is only special at the beginning of the
Todd C. Miller [Thu, 1 Sep 2016 15:28:40 +0000 (09:28 -0600)]
A comment character ('#') is only special at the beginning of the
line.

8 years agoAdd a flags option to sudo_parseln() and a flag to only mach comments
Todd C. Miller [Thu, 1 Sep 2016 15:19:20 +0000 (09:19 -0600)]
Add a flags option to sudo_parseln() and a flag to only mach comments
at the beginning of the line.  Use the flag when parsing ldap.conf.

8 years agoIf get_process_ttyname() fails for errno != ENOENT, just warn
Todd C. Miller [Thu, 1 Sep 2016 14:23:19 +0000 (08:23 -0600)]
If get_process_ttyname() fails for errno != ENOENT, just warn
instead of making it a fatal error.  Bug #755

8 years agouse strict
Todd C. Miller [Wed, 31 Aug 2016 20:33:24 +0000 (14:33 -0600)]
use strict

8 years agoDefine def_foo in terms of the I_FOO index instead of a bare number.
Todd C. Miller [Wed, 31 Aug 2016 20:27:40 +0000 (14:27 -0600)]
Define def_foo in terms of the I_FOO index instead of a bare number.

8 years agosync with translationproject.org
Todd C. Miller [Wed, 31 Aug 2016 18:31:27 +0000 (12:31 -0600)]
sync with translationproject.org

8 years agoMention that match_group_by_gid has no effect when sudoers is stored
Todd C. Miller [Wed, 31 Aug 2016 18:29:54 +0000 (12:29 -0600)]
Mention that match_group_by_gid has no effect when sudoers is stored
in LDAP.

8 years agoUse W_EXITCODE to construct the wait status if sudo could not execute
Todd C. Miller [Wed, 31 Aug 2016 14:39:26 +0000 (08:39 -0600)]
Use W_EXITCODE to construct the wait status if sudo could not execute
the command.  Fixes the sudo exit value for exec(3) failure.

8 years agofix brace style
Todd C. Miller [Wed, 31 Aug 2016 14:34:07 +0000 (08:34 -0600)]
fix brace style

8 years agoregen
Todd C. Miller [Wed, 31 Aug 2016 11:50:18 +0000 (05:50 -0600)]
regen

8 years agoIt is possible for get_user_info() to fail for reasons other than
Todd C. Miller [Wed, 31 Aug 2016 11:47:36 +0000 (05:47 -0600)]
It is possible for get_user_info() to fail for reasons other than
ENOMEM so print the warning message there rather than in main().

8 years agomatch_group_by_gid is only available in sudo 1.8.18 and above
Todd C. Miller [Tue, 30 Aug 2016 20:37:57 +0000 (14:37 -0600)]
match_group_by_gid is only available in sudo 1.8.18 and above

8 years agoMention match_group_by_gid
Todd C. Miller [Tue, 30 Aug 2016 20:37:11 +0000 (14:37 -0600)]
Mention match_group_by_gid

8 years agoDocument match_group_by_gid
Todd C. Miller [Tue, 30 Aug 2016 20:35:16 +0000 (14:35 -0600)]
Document match_group_by_gid

8 years agoAdd match_group_by_gid Defaults option to allow sites with slow
Todd C. Miller [Tue, 30 Aug 2016 19:42:42 +0000 (13:42 -0600)]
Add match_group_by_gid Defaults option to allow sites with slow
group lookups and a small number of groups in sudoers to match
groups by group ID instead of by group name.

8 years agoMention "sudo -l command" bug fix.
Todd C. Miller [Mon, 29 Aug 2016 16:42:17 +0000 (10:42 -0600)]
Mention "sudo -l command" bug fix.

8 years agoFix "sudo -l command" in the LDAP and SSS backends when the command
Todd C. Miller [Mon, 29 Aug 2016 16:04:24 +0000 (10:04 -0600)]
Fix "sudo -l command" in the LDAP and SSS backends when the command
is not allowed.