]> granicus.if.org Git - sudo/log
sudo
6 years agoAvoid some PVS-Studio false positives.
Todd C. Miller [Fri, 19 Oct 2018 19:35:20 +0000 (13:35 -0600)]
Avoid some PVS-Studio false positives.

6 years agoRemove some calls to sudo_fatalx(); just propagate the error return.
Todd C. Miller [Fri, 19 Oct 2018 19:35:05 +0000 (13:35 -0600)]
Remove some calls to sudo_fatalx(); just propagate the error return.

6 years agoNo need to check if fd_dst is -1 in sudoedit mode.
Todd C. Miller [Fri, 19 Oct 2018 19:33:37 +0000 (13:33 -0600)]
No need to check if fd_dst is -1 in sudoedit mode.
Failure to open the destination sudoedit file is fatal so there's
no need to check that fd_dst != -1 later on.  Found by PVS-Studio.

6 years agoIn timestamp_open() no need to free cookie on error, it is NULL.
Todd C. Miller [Fri, 19 Oct 2018 19:32:24 +0000 (13:32 -0600)]
In timestamp_open() no need to free cookie on error, it is NULL.
Found by PVS-Studio.

6 years agoFix a memory leak on malloc() error in sudo_ldap_role_to_priv().
Todd C. Miller [Thu, 18 Oct 2018 21:38:54 +0000 (15:38 -0600)]
Fix a memory leak on malloc() error in sudo_ldap_role_to_priv().
Coverity CID 188804

6 years agoMove the allocation of role to be immediately before in_role is set.
Todd C. Miller [Thu, 18 Oct 2018 20:43:08 +0000 (14:43 -0600)]
Move the allocation of role to be immediately before in_role is set.
This makes it clear that when in_role == true, role is non-NULL.
Also remove two dead stores.

6 years agoFix trimming of non-escaped trailing space in ldif_parse_attribute().
Todd C. Miller [Thu, 18 Oct 2018 20:29:33 +0000 (14:29 -0600)]
Fix trimming of non-escaped trailing space in ldif_parse_attribute().
Found by PVS-Studio.

6 years agoSimplify the logic surrounding sudoers_args in command_args_match().
Todd C. Miller [Thu, 18 Oct 2018 20:24:55 +0000 (14:24 -0600)]
Simplify the logic surrounding sudoers_args in command_args_match().
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.

6 years agoIf sudo_ldap_get_values_len() fails goto cleanup instead of oom.
Todd C. Miller [Thu, 18 Oct 2018 20:19:09 +0000 (14:19 -0600)]
If sudo_ldap_get_values_len() fails goto cleanup instead of oom.
This is not strictly necessary as there's not anything to cleanup
in this case but it is more consistent with the code that follows.

6 years agoFix handling of timeout values in sudoers.
Todd C. Miller [Thu, 18 Oct 2018 14:08:44 +0000 (08:08 -0600)]
Fix handling of timeout values in sudoers.
When passing the timeout back to the front end, ignore the
user-specified timeout if it is not set (initialized to 0).
Otherwise, sudo would choose a zero user-specified timeout over
the sudoers-specified timeout (non-zero).

6 years agoFix cut & pastos in cvtsudoers_make_gritem()
Todd C. Miller [Wed, 17 Oct 2018 15:54:53 +0000 (09:54 -0600)]
Fix cut & pastos in cvtsudoers_make_gritem()

6 years agoFix expected test output now that command_timeout is parsed correctly
Todd C. Miller [Wed, 17 Oct 2018 12:57:06 +0000 (06:57 -0600)]
Fix expected test output now that command_timeout is parsed correctly
in LDIF.

6 years agotv_nsec can never be negative after timespecsub.
Todd C. Miller [Wed, 17 Oct 2018 12:21:48 +0000 (06:21 -0600)]
tv_nsec can never be negative after timespecsub.
Found by PVS Studio

6 years agoAvoid potentially undefined behavior.
Todd C. Miller [Tue, 16 Oct 2018 18:50:43 +0000 (12:50 -0600)]
Avoid potentially undefined behavior.
Found by PVS Studio.

6 years agosudo_ldap_parse_option() never returns '=' as the operator.
Todd C. Miller [Tue, 16 Oct 2018 18:49:34 +0000 (12:49 -0600)]
sudo_ldap_parse_option() never returns '=' as the operator.
When parsing command_timeout, role, type, privs and limitprivs,
check that val is non-NULL instead.  Found by PVS Studio.

6 years agoFix up #line entries that reference lex.sudoers.c.
Todd C. Miller [Tue, 16 Oct 2018 16:31:43 +0000 (10:31 -0600)]
Fix up #line entries that reference lex.sudoers.c.

6 years agoFix workaround for broken sudo 1.8.7 timing files.
Todd C. Miller [Sat, 13 Oct 2018 14:08:16 +0000 (08:08 -0600)]
Fix workaround for broken sudo 1.8.7 timing files.

6 years agoFix memory leak when reusing the runas list. We need to free the
Todd C. Miller [Sat, 13 Oct 2018 13:31:34 +0000 (07:31 -0600)]
Fix memory leak when reusing the runas list.  We need to free the
member list itself as well as its contents.

6 years agoSome DIAGNOSTICS updates:
Todd C. Miller [Sat, 13 Oct 2018 12:21:52 +0000 (06:21 -0600)]
Some DIAGNOSTICS updates:
Update error message for when the user's uid does not exist in passwd.
Remove "This error indicates" and some other cosmetic cleanups.

6 years agoIf the user's passwd entry cannot be resolved via the uid, use the
Todd C. Miller [Sat, 13 Oct 2018 12:19:03 +0000 (06:19 -0600)]
If the user's passwd entry cannot be resolved via the uid, use the
same error message as visudo.

6 years agoAdd a DIAGNOSTICS section with an explanation of the more non-trivial
Todd C. Miller [Fri, 12 Oct 2018 15:40:37 +0000 (09:40 -0600)]
Add a DIAGNOSTICS section with an explanation of the more non-trivial
error messages.

6 years agoReplace sudo_fatal(NULL) with an "unable to allocate memory" message
Todd C. Miller [Fri, 12 Oct 2018 14:39:12 +0000 (08:39 -0600)]
Replace sudo_fatal(NULL) with an "unable to allocate memory" message
that includes the function name.

6 years agoMake EOF handling while reading the password prompt more like getpass(3).
Todd C. Miller [Tue, 9 Oct 2018 20:20:13 +0000 (14:20 -0600)]
Make EOF handling while reading the password prompt more like getpass(3).
We now return the password as long as at least one character has
been read.  Previously, EOF at the password prompt was treated as
if nothing was entered.

6 years agoregen
Todd C. Miller [Tue, 9 Oct 2018 20:13:28 +0000 (14:13 -0600)]
regen

6 years agoPrint a warning for password read issues.
Todd C. Miller [Tue, 9 Oct 2018 19:25:52 +0000 (13:25 -0600)]
Print a warning for password read issues.
Issues include: timeout at the password prompt, read error while
reading the password, and EOF reading the password.

6 years agoHandle EOF on password input when pwfedback is enabled.
Todd C. Miller [Mon, 8 Oct 2018 12:47:53 +0000 (06:47 -0600)]
Handle EOF on password input when pwfedback is enabled.

6 years agoFix remaining instances of "e.g." without a trailing ','.
Todd C. Miller [Sun, 7 Oct 2018 13:35:36 +0000 (07:35 -0600)]
Fix remaining instances of "e.g." without a trailing ','.

6 years agoUse mdoc macros for BSD systems.
Todd C. Miller [Sun, 7 Oct 2018 13:34:22 +0000 (07:34 -0600)]
Use mdoc macros for BSD systems.
All manuals now pass "make lint"

6 years agoUse -Wstyle with -Tlint since sudo is not part of the base system.
Todd C. Miller [Sun, 7 Oct 2018 13:26:28 +0000 (07:26 -0600)]
Use -Wstyle with -Tlint since sudo is not part of the base system.
This avoids "referenced manual not found" and "operating system
explicitly specified" warnings.

6 years agoDocument log_suspend() and fix the description of the change_winsize() return value.
Todd C. Miller [Sun, 7 Oct 2018 13:18:29 +0000 (07:18 -0600)]
Document log_suspend() and fix the description of the change_winsize() return value.

6 years agoFix problems found by igor. Bug #854
Todd C. Miller [Sat, 6 Oct 2018 12:00:56 +0000 (06:00 -0600)]
Fix problems found by igor.  Bug #854

6 years agoSort DOCS and DEVDOCS and remove extra sudoers entry (it was listed twice).
Todd C. Miller [Sat, 6 Oct 2018 11:55:41 +0000 (05:55 -0600)]
Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed twice).

6 years agoAdd igor target to run igor(1) on the manuals.
Todd C. Miller [Sat, 6 Oct 2018 11:39:20 +0000 (05:39 -0600)]
Add igor target to run igor(1) on the manuals.

6 years agoAdd new -S option to sleep while the command was suspended.
Todd C. Miller [Fri, 5 Oct 2018 20:48:35 +0000 (14:48 -0600)]
Add new -S option to sleep while the command was suspended.
The default behavior is now to not consider the time the command
was suspended as part of the normal inter-event delay.

6 years agoAdd a suspend event type to the I/O log to log suspend/resume of
Todd C. Miller [Fri, 5 Oct 2018 20:16:08 +0000 (14:16 -0600)]
Add a suspend event type to the I/O log to log suspend/resume of
the command so we can skip that delay during replay.

6 years agoInitialize the pty rows/cols based on the values we stored in user_details.
Todd C. Miller [Fri, 5 Oct 2018 20:04:29 +0000 (14:04 -0600)]
Initialize the pty rows/cols based on the values we stored in user_details.
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.

6 years agoAdd support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
Todd C. Miller [Thu, 27 Sep 2018 15:58:10 +0000 (09:58 -0600)]
Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf.

6 years agoMove definition of TIME_T_MAX to sudo_util.h
Todd C. Miller [Mon, 24 Sep 2018 20:21:58 +0000 (14:21 -0600)]
Move definition of TIME_T_MAX to sudo_util.h

6 years agoChanges in 1.8.26 (so far).
Todd C. Miller [Mon, 24 Sep 2018 12:09:07 +0000 (06:09 -0600)]
Changes in 1.8.26 (so far).

6 years agoTreat LOGIN, LOGNAME and USER specially. If one is preserved
Todd C. Miller [Mon, 24 Sep 2018 11:30:28 +0000 (05:30 -0600)]
Treat LOGIN, LOGNAME and USER specially.  If one is preserved
or deleted we want to preserve or delete all of them.

6 years agoRemove special handling of the USERNAME environment variable. It
Todd C. Miller [Mon, 24 Sep 2018 11:30:03 +0000 (05:30 -0600)]
Remove special handling of the USERNAME environment variable.  It
used to be set on old versions of Fedora but that hasn't been the
case for some time.  It's worth noting that ssh doesn't set USERNAME
either.

6 years agosudo 1.8.26
Todd C. Miller [Mon, 24 Sep 2018 11:29:21 +0000 (05:29 -0600)]
sudo 1.8.26

6 years agoRemove unused system_maxgroups argument from fill_group_list().
Todd C. Miller [Sat, 22 Sep 2018 18:56:11 +0000 (12:56 -0600)]
Remove unused system_maxgroups argument from fill_group_list().

6 years agoPass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room
Todd C. Miller [Sat, 22 Sep 2018 18:55:44 +0000 (12:55 -0600)]
Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room
for the primary gid.

6 years agoIn print_member_json_int() eliminate the need_newline variable
Todd C. Miller [Thu, 20 Sep 2018 21:15:14 +0000 (15:15 -0600)]
In print_member_json_int() eliminate the need_newline variable
and just move the non-alias expansion printing bits into the
else clause, including the newline and comma printing.

6 years agoAdd regress test for bug #853
Todd C. Miller [Thu, 20 Sep 2018 21:10:15 +0000 (15:10 -0600)]
Add regress test for bug #853

6 years agoWhen expanding an alias in print_member_json_int() avoid printing
Todd C. Miller [Thu, 20 Sep 2018 20:56:25 +0000 (14:56 -0600)]
When expanding an alias in print_member_json_int() avoid printing
an extra comma at the end of the entry.  Bug #853.

6 years agoAdd Kan Sasaki
Todd C. Miller [Wed, 12 Sep 2018 15:07:07 +0000 (09:07 -0600)]
Add Kan Sasaki

6 years agosudo 1.8.25p1
Todd C. Miller [Wed, 12 Sep 2018 15:03:28 +0000 (09:03 -0600)]
sudo 1.8.25p1

6 years agoFix a crash in the event system's poll() backend introduced with
Todd C. Miller [Wed, 12 Sep 2018 13:02:13 +0000 (07:02 -0600)]
Fix a crash in the event system's poll() backend introduced with
support for nanosecond timers.  Only affects systems without ppoll().
Bug #851

6 years agoregen
Todd C. Miller [Sun, 2 Sep 2018 12:29:32 +0000 (06:29 -0600)]
regen

6 years agoAllow for some clock drift due to ntpd, etc.
Todd C. Miller [Fri, 31 Aug 2018 15:22:59 +0000 (09:22 -0600)]
Allow for some clock drift due to ntpd, etc.

6 years agoIf sudo_lock_file() fails for a reason other than the file already
Todd C. Miller [Fri, 31 Aug 2018 14:08:45 +0000 (08:08 -0600)]
If sudo_lock_file() fails for a reason other than the file already
being locked, give the user a chance to edit anyway.

6 years agoQuick sort is not a stable sort; use distinct sudoOrder values so
Todd C. Miller [Thu, 30 Aug 2018 20:43:24 +0000 (14:43 -0600)]
Quick sort is not a stable sort; use distinct sudoOrder values so
the output is predictable.

6 years agoFix warnings on OpenIndiana (Illumos)
Todd C. Miller [Thu, 30 Aug 2018 20:06:18 +0000 (14:06 -0600)]
Fix warnings on OpenIndiana (Illumos)

6 years agoCorrect ldap_to_sudoers() return value.
Todd C. Miller [Thu, 30 Aug 2018 19:47:02 +0000 (13:47 -0600)]
Correct ldap_to_sudoers() return value.

6 years agoBug #849
Todd C. Miller [Thu, 30 Aug 2018 15:22:16 +0000 (09:22 -0600)]
Bug #849

6 years agoThe sssd backend used to take the first match, assuming that entries
Todd C. Miller [Thu, 30 Aug 2018 14:36:09 +0000 (08:36 -0600)]
The sssd backend used to take the first match, assuming that entries
were sorted in descending order by sudoOrder.  That allowed it to
avoid iterating over the entire list of rules.  Now that we convert
to a sudoers parse tree, we need to convert rules in ascending
order, not descending.  The simplest way to accomplish this is to
simply iterate over the rules from last to first, reversing the
sort order.  Bug #849

6 years agoAdd some more ldif -> sudoers tests to verify sudoOrder.
Todd C. Miller [Thu, 30 Aug 2018 13:49:59 +0000 (07:49 -0600)]
Add some more ldif -> sudoers tests to verify sudoOrder.

6 years agoFor conversion to a sudoers parse tree, ldap_entry_compare() now
Todd C. Miller [Thu, 30 Aug 2018 13:48:16 +0000 (07:48 -0600)]
For conversion to a sudoers parse tree, ldap_entry_compare() now
needs to sort in ascending order, not descending.  Bug #849

6 years agoNo need to set input_file for stdin in parse_ldif(); noted by clang analyzer.
Todd C. Miller [Wed, 29 Aug 2018 16:57:37 +0000 (10:57 -0600)]
No need to set input_file for stdin in parse_ldif(); noted by clang analyzer.

6 years agoUse TIME_T_MAX when parsing the I/O log file timestamp and disallow
Todd C. Miller [Wed, 29 Aug 2018 16:54:32 +0000 (10:54 -0600)]
Use TIME_T_MAX when parsing the I/O log file timestamp and disallow
negative times.

6 years agoWhen parsing an I/O log timing line, store the result in a timespec,
Todd C. Miller [Wed, 29 Aug 2018 15:57:12 +0000 (09:57 -0600)]
When parsing an I/O log timing line, store the result in a timespec,
not a double.  The speed factor (for scaling the delay) in sudoreplay
is still a double but we only need to adjust the delay if the factor
is something other than 1.0.

6 years agoFix memory leak in test.
Todd C. Miller [Wed, 29 Aug 2018 13:38:27 +0000 (07:38 -0600)]
Fix memory leak in test.

6 years agoregen
Todd C. Miller [Wed, 29 Aug 2018 12:39:41 +0000 (06:39 -0600)]
regen

6 years agoUpdate conversion of DID_* to KEPT_* to match the new values of
Todd C. Miller [Wed, 29 Aug 2018 02:25:06 +0000 (20:25 -0600)]
Update conversion of DID_* to KEPT_* to match the new values of
DID_* and KEPT_*.

6 years agoSet the LOGIN environment variable on AIX like we do LOGNAME.
Todd C. Miller [Wed, 29 Aug 2018 00:32:39 +0000 (18:32 -0600)]
Set the LOGIN environment variable on AIX like we do LOGNAME.

6 years agoAdd a test for the 4-argument au_close() function found in Solaris
Todd C. Miller [Mon, 27 Aug 2018 19:50:23 +0000 (13:50 -0600)]
Add a test for the 4-argument au_close() function found in Solaris
11 instead of assuming it is present if __sun is defined.  Fixes a
compilation error on OpenIndiana and older Solaris versions.

6 years agoAdd Miguel Sanders and Scott Cheloha
Todd C. Miller [Mon, 27 Aug 2018 17:09:50 +0000 (11:09 -0600)]
Add Miguel Sanders and Scott Cheloha

6 years agotestsudoers changes
Todd C. Miller [Mon, 27 Aug 2018 15:25:40 +0000 (09:25 -0600)]
testsudoers changes

6 years agoAdd ldif support to testsudoers
Todd C. Miller [Mon, 27 Aug 2018 11:21:04 +0000 (05:21 -0600)]
Add ldif support to testsudoers

6 years agoMove ldif -> sudoers conversion code into parse_ldif.c
Todd C. Miller [Mon, 27 Aug 2018 02:02:49 +0000 (20:02 -0600)]
Move ldif -> sudoers conversion code into parse_ldif.c

6 years agoMove string list functions to their own file.
Todd C. Miller [Mon, 27 Aug 2018 01:48:14 +0000 (19:48 -0600)]
Move string list functions to their own file.

6 years agosync
Todd C. Miller [Mon, 27 Aug 2018 01:31:20 +0000 (19:31 -0600)]
sync

6 years agoBackward ABI compatibility for even functions that use a timeval.
Todd C. Miller [Sun, 26 Aug 2018 03:02:07 +0000 (21:02 -0600)]
Backward ABI compatibility for even functions that use a timeval.

6 years agoUse a monotonic timer for the event subsystem.
Todd C. Miller [Sun, 26 Aug 2018 03:02:06 +0000 (21:02 -0600)]
Use a monotonic timer for the event subsystem.

6 years agoUse struct timespec, not struct timeval in the event subsystem.
Todd C. Miller [Sun, 26 Aug 2018 03:02:05 +0000 (21:02 -0600)]
Use struct timespec, not struct timeval in the event subsystem.
Use ppoll() or pselect() if avaialble which use timespec.

6 years agosync
Todd C. Miller [Fri, 24 Aug 2018 17:34:31 +0000 (11:34 -0600)]
sync

6 years agoEliminate most use of parsed_sudoers in cvtsudoers
Todd C. Miller [Fri, 24 Aug 2018 16:27:00 +0000 (10:27 -0600)]
Eliminate most use of parsed_sudoers in cvtsudoers

6 years agoMake alias_apply() take 3 arguments, the first being a pointer to the
Todd C. Miller [Fri, 24 Aug 2018 15:52:53 +0000 (09:52 -0600)]
Make alias_apply() take 3 arguments, the first being a pointer to the
struct sudoers_parse_tree.

6 years agoHandle systems where root's gid is not 0.
Todd C. Miller [Thu, 23 Aug 2018 22:21:28 +0000 (16:21 -0600)]
Handle systems where root's gid is not 0.

6 years agoAdd missing files from last commit.
Todd C. Miller [Thu, 23 Aug 2018 21:50:17 +0000 (15:50 -0600)]
Add missing files from last commit.

6 years agoAdd regress test for I/O log plugin endpoints
Todd C. Miller [Thu, 23 Aug 2018 21:35:02 +0000 (15:35 -0600)]
Add regress test for I/O log plugin endpoints

6 years agoWe cannot reuse last_time for the I/O log info file now that it is
Todd C. Miller [Thu, 23 Aug 2018 19:50:00 +0000 (13:50 -0600)]
We cannot reuse last_time for the I/O log info file now that it is
a monotonic timer.  Just call time(3) in write_info_log() directly.

6 years agoMove the loop to free the monitor_messages list into free_exec_closure_pty()
Todd C. Miller [Thu, 23 Aug 2018 17:10:57 +0000 (11:10 -0600)]
Move the loop to free the monitor_messages list into free_exec_closure_pty()

6 years agoregen
Todd C. Miller [Thu, 23 Aug 2018 14:09:42 +0000 (08:09 -0600)]
regen

6 years agoFix typo in last commit.
Todd C. Miller [Thu, 23 Aug 2018 01:15:26 +0000 (19:15 -0600)]
Fix typo in last commit.

6 years agoDo not assume all Linux has linux/random.h.
Todd C. Miller [Wed, 22 Aug 2018 21:12:11 +0000 (15:12 -0600)]
Do not assume all Linux has linux/random.h.
Add missing sys/syscall.h include

6 years agoCast uid/gid to unsigned int before printing.
Todd C. Miller [Wed, 22 Aug 2018 18:58:24 +0000 (12:58 -0600)]
Cast uid/gid to unsigned int before printing.

6 years agoOnly include stdarg.h if we need it.
Todd C. Miller [Wed, 22 Aug 2018 18:36:28 +0000 (12:36 -0600)]
Only include stdarg.h if we need it.

6 years agoInclude stddef.h for offsetof() definition.
Todd C. Miller [Wed, 22 Aug 2018 16:27:33 +0000 (10:27 -0600)]
Include stddef.h for offsetof() definition.

6 years agofix compiler warnings on Solaris 11
Todd C. Miller [Wed, 22 Aug 2018 16:40:11 +0000 (10:40 -0600)]
fix compiler warnings on Solaris 11

6 years agoFix setting of errno when gotdata() fails.
Todd C. Miller [Wed, 22 Aug 2018 16:36:00 +0000 (10:36 -0600)]
Fix setting of errno when gotdata() fails.

6 years agoBugs 846 and 847
Todd C. Miller [Wed, 22 Aug 2018 14:23:29 +0000 (08:23 -0600)]
Bugs 846 and 847

6 years agoWe still need to include string.h for AIX (and possibly others)
Todd C. Miller [Wed, 22 Aug 2018 14:22:56 +0000 (08:22 -0600)]
We still need to include string.h for AIX (and possibly others)
when we are not using the system memset_r() function and rsize_t
is defined by the system headers.

6 years agoAdd --enable-package-build to give configure a hint that we are
Todd C. Miller [Wed, 22 Aug 2018 14:09:46 +0000 (08:09 -0600)]
Add --enable-package-build to give configure a hint that we are
building a package.  This can be used to avoid relying on libc
functions that may not be present in all libc versions for a
particular system.  For instance, AIX 7.1 may or may not have
memset_s() and getline() present.

6 years agoAIX defines rsize_t in string.h, not stddef.h for use by the
Todd C. Miller [Wed, 22 Aug 2018 13:43:13 +0000 (07:43 -0600)]
AIX defines rsize_t in string.h, not stddef.h for use by the
memset_s() prototype.  We use our own memset_s() on AIX since it
is not available on all BOS levels which makes package building
problematic.

6 years agoFix printing of T_TIMESPEC values.
Todd C. Miller [Tue, 21 Aug 2018 23:35:44 +0000 (17:35 -0600)]
Fix printing of T_TIMESPEC values.

6 years agoRemove unused struct script_buf
Todd C. Miller [Tue, 21 Aug 2018 16:30:42 +0000 (10:30 -0600)]
Remove unused struct script_buf

6 years agoDocument when the I/O log timing file entry bug was introduced.
Todd C. Miller [Mon, 20 Aug 2018 18:49:24 +0000 (12:49 -0600)]
Document when the I/O log timing file entry bug was introduced.