file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK. Note that visudo will still
set the mode to the value specified at configure time.
the groups list. This matches BSD convention where the effective
gid is the first entry in the group list. This is required on newer
FreeBSD where the effective gid is not tracked separately and thus
setgroups() changes the egid if this convention is not followed.
Fixes bug #532
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
using BSD authentication. That user may have a different login class
than what we will use to run the command. When setting the login
class for the command, use the target user's struct passwd, not
the invoking user's. Fixes bug 526
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too. This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
sync. This is needed to make per-entry runas_default settings work
with LDAP-based sudoers. Instead of declaring it a callback in
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is
a bit naughty, but avoids requiring stub functions in visudo and
the tests.
before calling the plugin. Otherwise, spaces in the command args
are not treated properly. The sudoers plugin will unescape non-spaces
to make matching easier.
have the user's command at this point so there is nothing to audit.
Add a NULL check in audit_success() and audit_failure() just to be
on the safe side.
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups. For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups. We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
it is specified so use --login instead. This causes an error with
bash 1.x (which uses -login instead) but this version is hopefully
less used than 2.x.
result of getgroups()) to names and store both the group names and
ids in the sudo_user struct. When matching groups in the sudoers
file, match based on the names in the groups list first and
only do a gid-based match when we absolutely have to. By matching
on the group name (as it is listed in sudoers) instead of id
(which we would have to resolve) we save a lot of group lookups
for sudoers files with a lot of groups in them.
in [c7097ea22111]. The default return value is now TRUE and a bad:
label is used when permission is denied. Also fixed missing permissions
restoration on certain errors. On error()/errorx(), the password and
group files are now closed before returning.
