isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,830 Commits 1 Branch 0 Tags
main
Commit Graph

281 Commits

Author SHA1 Message Date
Todd C. Miller
21d8f01fac return foo not return(foo) 2011-02-07 06:47:29 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
be034d5e7e In sudo_ldap_lookup(), always do the initial sudoers check as the 
invoking user.  If we are listing another user's privs we will
do a separate lookup using list_pw later.
 2011-01-21 08:10:26 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
215500bb55 Stash pointer to user group vector in LDAP handle and only reuse 
the query if it has not changed.  We always allocate a new buffer
when we reset the group vector so a simple pointer check is sufficient.
 2011-01-20 16:16:08 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
823e812723 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility 
with OpenLDAP ldap.conf files.
 2011-01-10 09:27:58 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
ef5f73a49f Enlarge the array of entry wrappers int blocks of 100 entries to 
save on allocation time.  From Andreas Mueller
 2010-11-17 18:56:52 -05:00
Todd C. Miller
f9353d95ca Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() 
that was mistakenly dropped.
 2010-11-17 07:31:07 -05:00
Todd C. Miller
8940f361ea Merge in ordered LDAP entry support from Andreas Mueller 
and add local changes from the 1.7 branch.
 2010-11-14 13:22:38 -05:00
Todd C. Miller
2b0fca31c0 Add timed entry support from Andreas Mueller. 2010-11-12 15:26:35 -05:00
Todd C. Miller
8597c39194 Use efree() not free() and remove malloc.h include since we never 
directly call malloc() or free().
 2010-11-11 16:10:57 -05:00
Todd C. Miller
a627c60deb When iterating over returned LDAP entries, keep looking at remaining 
matches even if we have a positive match.  This catches negative
matches that may exist in other entries and more closely match the
sudoers file behavior.
 2010-10-01 12:17:01 -04:00
Todd C. Miller
df8ec6fc25 Add support for multiple URI lines by joining the contents and passing 
the result to ldap_initialize.
 2010-09-04 20:43:51 -04:00
Todd C. Miller
27f6558df9 Do not return -1 on error from the display functions; the caller 
expects a return value >= 0.
 2010-09-04 08:42:08 -04:00
Todd C. Miller
0186018d3d Reference count cached passwd and group structs. The cache holds 
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}.  The final ref on the runas and user passwd
and group structs are persistent for now.
 2010-08-04 09:58:50 -04:00
Todd C. Miller
432d27573d TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses TLS_CACERT, 
not TLS_CACERTFILE in its ldap.conf.  Other LDAP client code, such as
nss_ldap, uses TLS_CACERTFILE.  Also document why you should avoid
disabling TLS_CHECKPEER is possible.
 2010-07-08 09:02:03 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
d92c82ea3f Add support for multiple sudoers_base entries in ldap.conf. 
From Joachim Henke
 2010-06-15 10:33:30 -04:00
Todd C. Miller
3430618c78 Make all functions in ldap.c static 2010-06-14 10:37:42 -04:00
Todd C. Miller
c6371aa481 Silence some compiler warnings 2010-06-10 12:27:18 -04:00
Todd C. Miller
40e591c309 Extend atobool() so we can use it in the LDAP code. 2010-06-03 08:50:02 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
dc72c27b1b Use print_error() when displaying ldap config info in debugging mode. 2010-05-03 18:02:19 -04:00
Todd C. Miller
05ae3ea6cb Convert to ANSI C function declarations 2010-04-22 18:09:53 -04:00
Todd C. Miller
5fb6784ab1 display_bound_defaults() stub should return 0, not 1 since it is a count, 
not a boolean.
 2010-03-19 08:17:09 -04:00
Todd C. Miller
38937dca5e Use embedded newlines in lbuf instead of multiple calls to lbuf_print. 2010-03-19 07:04:34 -04:00
Todd C. Miller
9b0205846b Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00
Todd C. Miller
e90fa482f9 Rework source layout in preparation for modular sudo. 2010-02-20 09:14:01 -05:00