]>
granicus.if.org Git - sudo/log
Todd C. Miller [Sun, 29 Apr 2018 19:52:28 +0000 (13:52 -0600)]
sync
Todd C. Miller [Sun, 29 Apr 2018 19:33:29 +0000 (13:33 -0600)]
sync with translationproject.org
Todd C. Miller [Wed, 25 Apr 2018 20:55:55 +0000 (14:55 -0600)]
O_EXEC for fexecve() not O_SEARCH.
Todd C. Miller [Wed, 25 Apr 2018 15:56:22 +0000 (09:56 -0600)]
Document how to suppress the last login message on Solaris.
Todd C. Miller [Tue, 24 Apr 2018 22:40:16 +0000 (16:40 -0600)]
Fix compilation error with older Sun Studio compilers.
Todd C. Miller [Tue, 24 Apr 2018 20:29:58 +0000 (14:29 -0600)]
Update Bug #831 decription.
Todd C. Miller [Tue, 24 Apr 2018 16:45:30 +0000 (10:45 -0600)]
Add Chinese(Taiwan) translation for sudo.
Todd C. Miller [Tue, 24 Apr 2018 13:21:08 +0000 (07:21 -0600)]
Move the check for /dev/fd/N until *after* the digest has been
checked. We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().
Todd C. Miller [Tue, 24 Apr 2018 02:43:04 +0000 (20:43 -0600)]
Rewind the fd after calling sudo_filedigest(). Otherwise, when
running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N. This only appears to affect BSD systems with
fdescfs. Bug #831.
Todd C. Miller [Mon, 23 Apr 2018 20:42:35 +0000 (14:42 -0600)]
In open_cmnd(), return true, not false, if we the /dev/fd/N pathname
is not present. We don't want to fail a match because of this.
Todd C. Miller [Mon, 23 Apr 2018 17:01:49 +0000 (11:01 -0600)]
Bug #831.
Todd C. Miller [Mon, 23 Apr 2018 16:54:51 +0000 (10:54 -0600)]
We can only use fexecve() on a script if /dev/fd/N exists.
Some systems, such as FreeBSD, don't have /dev/fd mounted
by default. Bug #831
Todd C. Miller [Sun, 22 Apr 2018 12:58:53 +0000 (06:58 -0600)]
sync with translationproject.org
Todd C. Miller [Sat, 21 Apr 2018 19:56:36 +0000 (13:56 -0600)]
sync with translationproject.org
Todd C. Miller [Sat, 21 Apr 2018 12:23:02 +0000 (06:23 -0600)]
Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers
and LDIF -> sudoers -> LDIF.
Todd C. Miller [Thu, 19 Apr 2018 15:24:08 +0000 (09:24 -0600)]
Test the -b option when converting from LDIF.
Todd C. Miller [Thu, 19 Apr 2018 15:23:45 +0000 (09:23 -0600)]
Fix the -b option when converting from LDIF.
Todd C. Miller [Thu, 19 Apr 2018 03:14:10 +0000 (21:14 -0600)]
sync with translationproject.org
Todd C. Miller [Wed, 18 Apr 2018 20:25:11 +0000 (14:25 -0600)]
Fix some more typos.
Todd C. Miller [Wed, 18 Apr 2018 20:24:51 +0000 (14:24 -0600)]
mandoc now preserves the copyright notice, no need to do it ourselves
Todd C. Miller [Wed, 18 Apr 2018 20:14:47 +0000 (14:14 -0600)]
Describe the special handling of LOGNAME, USER and USERNAME.
Fix typos reported by aspell.
Todd C. Miller [Wed, 18 Apr 2018 16:09:22 +0000 (10:09 -0600)]
Fix a memory leak on the error path.
Todd C. Miller [Wed, 18 Apr 2018 15:40:48 +0000 (09:40 -0600)]
Document that the editor setting is also used by sudoedit.
Todd C. Miller [Tue, 17 Apr 2018 19:41:44 +0000 (13:41 -0600)]
Plug memory leak when an I/O plugin is specified in sudo.conf
but the I/O plugin is not configured.
Todd C. Miller [Tue, 17 Apr 2018 13:10:43 +0000 (07:10 -0600)]
Monty Python insults from Philip Hudson
Todd C. Miller [Sun, 15 Apr 2018 23:06:26 +0000 (17:06 -0600)]
add examples
Todd C. Miller [Sun, 15 Apr 2018 22:43:06 +0000 (16:43 -0600)]
Update copyright year and regen man pages.
Todd C. Miller [Sun, 15 Apr 2018 14:21:40 +0000 (08:21 -0600)]
sync with translationproject.org
Todd C. Miller [Sun, 15 Apr 2018 14:14:46 +0000 (08:14 -0600)]
cvtsudoers regress tests
Todd C. Miller [Sun, 15 Apr 2018 14:14:46 +0000 (08:14 -0600)]
Prune alias contents when pruning and expanding aliases.
This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions. A better approach would be to call the correct function
from user_matches() and host_matches().
Todd C. Miller [Sun, 15 Apr 2018 01:54:54 +0000 (19:54 -0600)]
Fix typo
Todd C. Miller [Sat, 14 Apr 2018 12:13:44 +0000 (06:13 -0600)]
Fix cut & pasto that prevented "-d command" from working.
Todd C. Miller [Fri, 13 Apr 2018 16:49:05 +0000 (10:49 -0600)]
Fix a user after free crash as well as a memory leak when filtering
Defaults.
Todd C. Miller [Thu, 12 Apr 2018 12:29:41 +0000 (06:29 -0600)]
Document that a User_Alias or Host_Alias may be used in the match filter.
Todd C. Miller [Thu, 12 Apr 2018 12:25:35 +0000 (06:25 -0600)]
Don't always expand aliases when formatting a host-based Defaults
line. This was missed when expand_aliases support was added.
Todd C. Miller [Thu, 12 Apr 2018 12:21:20 +0000 (06:21 -0600)]
Allow host and user aliases to be specified in match filters.
Todd C. Miller [Thu, 12 Apr 2018 11:13:49 +0000 (05:13 -0600)]
Update copyright year.
Todd C. Miller [Tue, 10 Apr 2018 22:07:42 +0000 (16:07 -0600)]
sync with translationproject.org
Todd C. Miller [Mon, 9 Apr 2018 17:13:33 +0000 (11:13 -0600)]
When the -d option is used, remove aliases used by the non-converted
Defaults settings if the aliases are not also referenced by userspecs.
Todd C. Miller [Thu, 5 Apr 2018 13:00:25 +0000 (07:00 -0600)]
regen
Todd C. Miller [Thu, 5 Apr 2018 12:34:49 +0000 (06:34 -0600)]
update
Todd C. Miller [Thu, 5 Apr 2018 12:34:22 +0000 (06:34 -0600)]
Mention -p and -M options in the description of -m.
Todd C. Miller [Thu, 5 Apr 2018 03:05:59 +0000 (21:05 -0600)]
Check sudoedit temporary directory for writability before using it.
Todd C. Miller [Wed, 4 Apr 2018 17:28:53 +0000 (11:28 -0600)]
Use btime in /proc/stat to determine system start time instead of
/proc/uptime. Fixes the process start time test when run from a
container where /proc/uptime is the uptime of the container but the
process start time is relative to the host system boot time.
Bug #829
Todd C. Miller [Wed, 4 Apr 2018 15:51:05 +0000 (09:51 -0600)]
Add option to prune non-matching entries from cvtsudoers output with -m
option is used.
Todd C. Miller [Mon, 2 Apr 2018 13:41:56 +0000 (07:41 -0600)]
Allow defaults types and suppression list to be specified in
the config file.
Todd C. Miller [Mon, 2 Apr 2018 13:41:09 +0000 (07:41 -0600)]
Refactor common alias code out of cvtsudoers and visudo and into alias.c.
Todd C. Miller [Fri, 30 Mar 2018 00:53:53 +0000 (18:53 -0600)]
Avoid NULL deref in an error path. CID 183467
Todd C. Miller [Fri, 30 Mar 2018 00:53:51 +0000 (18:53 -0600)]
No need to initialize the last pointer passed to strtok_r().
This was originally added to appease newer gcc but no longer
seems to be required. CID 183466, CID 183468, CID 183469
Todd C. Miller [Fri, 30 Mar 2018 00:53:50 +0000 (18:53 -0600)]
Avoid false positive NULL dereference by uses value.u.string
instead of name as the former is guaranteed not to be NULL.
Fixes CID 183465.
Todd C. Miller [Thu, 29 Mar 2018 16:20:26 +0000 (10:20 -0600)]
regen
Todd C. Miller [Thu, 29 Mar 2018 13:13:31 +0000 (07:13 -0600)]
Add a section on convertion from file-based sudoers.
Todd C. Miller [Wed, 28 Mar 2018 23:43:58 +0000 (17:43 -0600)]
Add support for "cvtsudoers -d all"
Todd C. Miller [Wed, 28 Mar 2018 14:33:07 +0000 (08:33 -0600)]
Add -d option to control what type of Defaults entries are converted.
Todd C. Miller [Tue, 27 Mar 2018 22:00:08 +0000 (16:00 -0600)]
In pty_close() we still need to check whether the pty master and
slave fds are open before closing them. When no tty is present but
we are I/O logging pty_close() will be called when there is no
actual pty in use.
Todd C. Miller [Tue, 27 Mar 2018 21:57:02 +0000 (15:57 -0600)]
regen
Todd C. Miller [Mon, 26 Mar 2018 16:36:29 +0000 (10:36 -0600)]
ignore *.ldif2sudo regress output
Todd C. Miller [Mon, 26 Mar 2018 12:28:23 +0000 (06:28 -0600)]
In pty_close() there is no need to remove events associated with
the pty slave as there are none. We also don't need to check for
the pty fds being -1 since they are not closed elsewhere and
pty_close() is only called if pty_setup() succeeds.
Todd C. Miller [Sun, 25 Mar 2018 22:16:48 +0000 (16:16 -0600)]
Move cvtsudoers to section 1.
Todd C. Miller [Sun, 25 Mar 2018 12:03:19 +0000 (06:03 -0600)]
In pty_close() close the slave and remove any events associated
with it. Fixes a potential hang when performing the final flush
on non-BSD systems.
Todd C. Miller [Fri, 23 Mar 2018 15:54:52 +0000 (09:54 -0600)]
Fix typo in strcmp(), we are comparing var not val.
Todd C. Miller [Fri, 23 Mar 2018 12:56:49 +0000 (06:56 -0600)]
sync
Todd C. Miller [Fri, 23 Mar 2018 12:46:38 +0000 (06:46 -0600)]
sync
Todd C. Miller [Thu, 22 Mar 2018 19:30:25 +0000 (13:30 -0600)]
regen
Todd C. Miller [Thu, 22 Mar 2018 19:24:41 +0000 (13:24 -0600)]
Add -M option to cvtsudoers to force the use of the local passwd
and group databases when matching.
Todd C. Miller [Thu, 22 Mar 2018 17:38:39 +0000 (11:38 -0600)]
Add cvtsudoers command line option to suppress certain parts of the
security policy. Can be used to suppress displaying of Defaults
entries, aliases or privileges.
Todd C. Miller [Wed, 21 Mar 2018 21:03:17 +0000 (15:03 -0600)]
Silence a false positive from the clang static analyzer.
Todd C. Miller [Wed, 21 Mar 2018 20:55:17 +0000 (14:55 -0600)]
Silence a false positive from the clang static analyzer.
Todd C. Miller [Wed, 21 Mar 2018 20:43:17 +0000 (14:43 -0600)]
Fix memory leak on error path.
Todd C. Miller [Wed, 21 Mar 2018 19:33:44 +0000 (13:33 -0600)]
regen
Todd C. Miller [Wed, 21 Mar 2018 19:29:47 +0000 (13:29 -0600)]
Move cvtsudoers string functions into cvtsudoers.c
Todd C. Miller [Wed, 21 Mar 2018 19:29:18 +0000 (13:29 -0600)]
regen
Todd C. Miller [Wed, 21 Mar 2018 18:24:11 +0000 (12:24 -0600)]
Initial support filtering by user, group and host in cvtsudoers.
Currently forces alias expansion when a filter is applied and the
entire matching user or host list is printed, even the non-matching
entries. This effectively allows you to grep sudoers by user, group
and host.
Todd C. Miller [Wed, 21 Mar 2018 18:11:19 +0000 (12:11 -0600)]
Add free_default() to free a struct defaults pointer so we have a
single place where we free the defaults. A pointer to the previous
Default's binding may be passed in to avoid freeing an already free
binding.
Todd C. Miller [Wed, 21 Mar 2018 12:52:50 +0000 (06:52 -0600)]
Decrease bullet width to 1n.
Todd C. Miller [Sat, 17 Mar 2018 13:49:08 +0000 (07:49 -0600)]
Add aix_setauthdb() before the initial getpwuid() call.
Todd C. Miller [Sun, 11 Mar 2018 03:16:20 +0000 (20:16 -0700)]
fix compilation on Solaris
Todd C. Miller [Thu, 8 Mar 2018 14:53:29 +0000 (07:53 -0700)]
Make "sudoreplay -m 0" skip the pauses entirely.
Todd C. Miller [Thu, 8 Mar 2018 13:22:21 +0000 (06:22 -0700)]
Document that a negative value for -m will elmininate the pauses.
Todd C. Miller [Tue, 6 Mar 2018 22:59:31 +0000 (15:59 -0700)]
Update copyright date, remove unneeded include and add a few comments.
Todd C. Miller [Tue, 6 Mar 2018 22:09:21 +0000 (15:09 -0700)]
Use fmtsudoers functions in testsudoers.
Todd C. Miller [Tue, 6 Mar 2018 21:39:11 +0000 (14:39 -0700)]
Add test for empty runas user list.
Todd C. Miller [Tue, 6 Mar 2018 21:38:17 +0000 (14:38 -0700)]
Don't print an empty user list as ALL.
Todd C. Miller [Tue, 6 Mar 2018 20:42:56 +0000 (13:42 -0700)]
In sudoers_format_userspecs make the separator optional and silence
a printf format warning.
Todd C. Miller [Tue, 6 Mar 2018 19:05:07 +0000 (12:05 -0700)]
Use correct defines when checking for sysctl kinfo_proc support.
Todd C. Miller [Tue, 6 Mar 2018 19:00:37 +0000 (12:00 -0700)]
Fix crash when converting sudoers entry with a runas list that is
present but empty.
Todd C. Miller [Tue, 6 Mar 2018 00:35:02 +0000 (17:35 -0700)]
Less confusing sysctl checks for kinfo_proc.
Todd C. Miller [Mon, 5 Mar 2018 17:42:02 +0000 (10:42 -0700)]
Add case_insensitive_group and case_insensitive_user sudoers options,
which are enabled by default.
Todd C. Miller [Sun, 4 Mar 2018 18:59:45 +0000 (11:59 -0700)]
Kill dead store found by clang-analyzer.
Todd C. Miller [Fri, 2 Mar 2018 18:30:19 +0000 (11:30 -0700)]
Add tests for round-tripping sudoers -> ldif -> sudoers
Todd C. Miller [Sun, 4 Mar 2018 14:03:43 +0000 (07:03 -0700)]
Initial support for adding comments that will be emitted when
sudoers is formatted. Currently adds a comment for the source
sudoRole when converting from ldif -> sudoers.
Todd C. Miller [Sun, 4 Mar 2018 14:03:41 +0000 (07:03 -0700)]
Special case comment lines in lbufs.
Todd C. Miller [Sat, 3 Mar 2018 14:42:10 +0000 (07:42 -0700)]
When formatting as sudoers, flush the lbuf after each userspec.
Todd C. Miller [Sun, 4 Mar 2018 14:03:38 +0000 (07:03 -0700)]
Handle escaped commas when skipping over the cn.
Todd C. Miller [Fri, 2 Mar 2018 18:27:01 +0000 (11:27 -0700)]
Add missing sudoOrder support to parse_ldif().
Todd C. Miller [Fri, 2 Mar 2018 18:12:14 +0000 (11:12 -0700)]
Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and
expand support for NOMAIL tags.
Todd C. Miller [Fri, 2 Mar 2018 17:59:19 +0000 (10:59 -0700)]
Don't emit an empty sudoRole for global defaults if there are none.
Todd C. Miller [Fri, 2 Mar 2018 17:58:50 +0000 (10:58 -0700)]
Avoid changing the order of non-negated hosts and commands.
We still put negated hosts/commands at the end of the list.
Todd C. Miller [Fri, 2 Mar 2018 17:44:33 +0000 (10:44 -0700)]
Handle parsing boolean options that have no explicit value.
Todd C. Miller [Fri, 2 Mar 2018 16:27:27 +0000 (09:27 -0700)]
Refactor the code that actually converts the role to sudoers format
into role_to_sudoers() now that it is more involved than just calling
sudo_ldap_role_to_priv().