summaryrefslogtreecommitdiff
path: root/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Work around a macOS a kernel bug where tcsetpgrp() does not restart.HEADmasterTodd C. Miller2023-05-111-0/+7
| | | | I reported this bug to Apple over 12 years ago.
* run_command: run editor in foreground if visudo is the foreground processTodd C. Miller2023-05-111-61/+83
| | | | | | | | | | The command is now always run in its own process group. If visudo is run in the foreground, the command is run in the foreground too. Otherwise, run the command in the background. There is a race between the tcsetpgrp() call in the parent and the execve() in the child. If we lose the race and the command needs the controlling terminal, it will be stopped with SIGTTOU or SIGTTIN, which the waitpid() loop will handle.
* Accept carriage return for EOL in addition to newline.Todd C. Miller2023-05-111-3/+3
| | | | | | | | | Since visudo doesn't alter the terminal settings it is possible for the terminal to have the ONLCR bit set in the output control flags. In that case, we will get a CR, not a NL when the user presses enter/return. One way this can happen is if visudo is run in the background from a shell that supports line editing and the editor restores the (cbreak-style) terminal mode when it finishes.
* check_fill: sudoers_strict() is now a function, not a global variableTodd C. Miller2023-05-091-1/+7
|
* Move parser prototypes / externs from sudoers.h to parse.h or toke.h.Todd C. Miller2023-05-093-24/+22
|
* parse.h is already included by sudoers.h.Todd C. Miller2023-05-092-2/+0
|
* Rename parser_conf -> sudoers_conf in all but the parser itself.Todd C. Miller2023-05-093-26/+26
|
* Move sudoers search path to struct sudoers_parser_config.Todd C. Miller2023-05-0810-46/+42
| | | | | | That way we can avoid passing it to init_parser() directly. We still need sudoers_search_path to be shared between the lexer and the parser.
* Add struct sudoers_parser_config and pass it to init_parser().Todd C. Miller2023-05-0815-477/+604
| | | | | This struct contains parser configuration such as the sudoers file uid/gid/mode and parse flags such as verbose, strict and recovery.
* push_include_int: Avoid passing close(2) a negative value on error.Todd C. Miller2023-05-082-2/+4
| | | | Coverity CID 314108
* Eliminate dead store. Coverity CID 315032.Todd C. Miller2023-05-081-1/+0
|
* Rename force_umask to override_umask and make it private to sudoers.c.Todd C. Miller2023-05-043-5/+11
| | | | Add getter for policy.c.
* Make timestamp_uid and timestamp_gid private to timestamp.c.Todd C. Miller2023-05-046-14/+44
| | | | Add getter (for set_perms.c) and setter (for sudoers.c).
* Make login_style private to bsdauth.cTodd C. Miller2023-05-045-26/+41
| | | | Add a setter for policy.c to handle auth_type from the front-end.
* Prefer size_t over int, as casting can take extra instructionsRose2023-05-031-2/+2
|
* Rename init_parser_ext() to init_parser() and remove old wrapper.Todd C. Miller2023-05-027-24/+11
| | | | | There was only one consumer of the init_parser() wrapper now that reset_parser() has been introduced.
* Add reset_parser() and use in place of init_parser(NULL).Todd C. Miller2023-05-025-6/+19
|
* Make path_ldap_conf and path_ldap_secret private to policy.c.Todd C. Miller2023-05-024-9/+23
| | | | Add getters for both so the ldap code can access them.
* Make sudoers_file private to policy.c and visudo.c.Todd C. Miller2023-05-026-114/+120
| | | | | | We just need a way for the policy (and visudo) to override the default sudoers path. This adds a getter to be used in file.c when sudoers is first opened.
* Support adminconfdir for relative include paths in sudoers.Todd C. Miller2023-05-029-239/+424
|
* Track the destination sudoers path for each parsed file.Todd C. Miller2023-05-021-54/+74
| | | | | | | When adminconfdir is enabled, the destination pathh may be different from the path we opened. We always store an edited file in the adminconfdir (if enabled). This makes it possible to use visudo when /etc/sudoers is located on a read-only file system.
* Add adminconfdir and --enable-adminconf to set it.Todd C. Miller2023-05-027-6/+13
| | | | | | Configuration paths in sudo are now a colon-separated list of files with the adminconfdir instance first (if enabled), followed by a sysconfdir instance.
* Substitute for _PATH_SUDO* variables in pathnames.h.Todd C. Miller2023-02-081-1/+1
| | | | Previously these were hard-coded with Makefile overrides.
* Support sudoers_file being a colon-separated path of files.Todd C. Miller2023-05-0210-55/+131
| | | | The first file found is used.
* Convert config file paths to colon-separated path list.Todd C. Miller2023-05-023-72/+102
| | | | | | This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file that exists is used.
* getaddrinfo stub: set sin_portTodd C. Miller2023-04-261-1/+2
|
* Avoid NULL deref in stub getaddrinfo() when nodename is NULL.Todd C. Miller2023-04-261-5/+23
| | | | | Also add support for parsing servname. We only need to support a subset of getaddrinfo() functionality in the fuzzer.
* Add an fd argument to sudo_get_ttysize() instead of always using stderr.Todd C. Miller2023-04-161-1/+1
| | | | | For sudoreplay we open /dev/tty, so use that instead of stderr when determining the terminal size.
* Enable the use_pty option by default for sudo 1.9.14.Todd C. Miller2023-04-061-0/+1
| | | | GitHub issue #258
* Split up the monolithic sudoers_policy_main() function.Todd C. Miller2023-04-053-135/+247
| | | | | | | | | | This splits the code to find the command, perform a sudoers lookup, ask for a password as needed, and perform post-lokup checks out into sudoers_check_common(). The old sudoers_policy_main() has been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()), sudoers_validate_user() (called by sudoers_policy_validate()) and sudoers_list() (called by sudoers_policy_list()). The list_user lookup is now performed in sudoers_list().
* Move the root_sudo check until after we apply per-command Defaults.Todd C. Miller2023-04-051-8/+8
| | | | | It is possible, though unlikely, for "root_sudo" to be used in a per-command Defaults statement.
* sudoers_policy_main: restore locale if sudoers_lookup() fails.Todd C. Miller2023-04-011-4/+2
| | | | | Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers locale would still be in effect instead of the original locale.
* sudoers_lookup_pseudo: remove validated function argumentTodd C. Miller2023-04-011-5/+3
| | | | | | This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared at the top of the fuction. Make validated a local variables, initialized to 0, instead. No change in behavior.
* The I/O log file name is not just the basename of the full iolog_path.Todd C. Miller2023-03-312-2/+0
| | | | | | | The audit plugin already has the correct value for iolog_file, don't overwrite it with basename(iolog_path). In the future we may wish to pass in iolog_file and iolog_dir in addition to iolog_path. Fixes Bug #1046.
* Warn with "unknown user" not "unknown uid" if user cannot be resolved.Todd C. Miller2023-03-291-3/+2
| | | | | Prior to sudo 1.8 this was after a getpwuid() but now we use getpwnam().
* Set timestamp_uid and timestamp_gid via a callback.Todd C. Miller2023-03-291-29/+38
| | | | | This also makes it possible to include the location of the line in the sudoers file in the warning message (and mail).
* Quiet compiler warnings on systems where pid_t is not an int.Todd C. Miller2023-03-221-4/+4
| | | | Historically, pid_t was a long on some 32-bit systems like Solaris.
* Silence "used uninitialized" false positives with older gcc versions.Todd C. Miller2023-03-221-2/+2
|
* visudo: restore controlling terminal after running the editor.Todd C. Miller2023-03-211-20/+85
| | | | | | | Otherwise, visudo will get SIGTTOU if it tries to write to the terminal after the editor finishes. Also avoid races by setting the process group ID in both the parent and child, and grant the controlling terminal in the parent, not the child.
* Warn about ignored files in sudoers.d in visudo.Todd C. Miller2023-03-206-39/+66
|
* Replace sudoers_warnings with sudoers_verbose.Todd C. Miller2023-03-2011-28/+41
| | | | This is now an int, with values > 1 reserved for visudo.
* Split push_include() into push_include() and push_includedir().Todd C. Miller2023-03-205-9/+34
| | | | This moves the "isdir" function argument to the internal version.
* Pass around const struct sudo_nss pointers where possible.Todd C. Miller2023-03-178-25/+25
|
* Pass around const struct sudoers_parse_tree pointers where possible.Todd C. Miller2023-03-1712-94/+104
|
* Move non-config-related macros to from sudo_ldap_conf.h to sudo_ldap.h.Todd C. Miller2023-03-172-45/+45
|
* sudo_ldap_netgroup_match_str: "-" in a netgroup can never match.Todd C. Miller2023-03-151-1/+1
| | | | | We already check for a NULL value above so "str == NULL" is always false. Found by PVS-Studio.
* Declare domain even if the system lacks innetgr().Todd C. Miller2023-03-131-2/+0
| | | | Fixes a build error on musl-based systems like Alpine.
* Remove unused sudoers_gc_init() function.Todd C. Miller2023-03-111-10/+0
|
* sudoers_cleanup: free cached environment before running g/c.Todd C. Miller2023-03-102-4/+3
| | | | Avoids a double free in fuzz_policy.
* sudoers_cleanup: run the garbage collector at the endTodd C. Miller2023-03-102-1/+4
|
View Lorry Controller Status