isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,782 Commits 1 Branch 0 Tags
01a4d6ccbf9cc9fc3d65763f37fc8cb8f612f55a
Commit Graph

1491 Commits

Author SHA1 Message Date
Todd C. Miller
01a4d6ccbf Check clock_gettime() return value and warn if it fails. 
Currently, the timestamp will be ignored if clock_gettime() fails.
 2015-02-24 09:53:50 -07:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
e11f32fd42 On AIX use the value of auth_type in /etc/security/login.cfg to 
determine whether to use LAM or PAM unless the user specified the
--with-pam or --with-aixauth configure flags.
 2015-02-23 11:12:43 -07:00
Todd C. Miller
1ca3e1834e Update the regression test that check that all tags are parsed. 2015-02-20 16:02:37 -07:00
Todd C. Miller
bd8eebd6f7 regen 2015-02-20 06:33:37 -07:00
Todd C. Miller
bb5093f40f Sync with translationproject.org 2015-02-20 06:33:02 -07:00
Todd C. Miller
be8dbeb22e Avoid using HOST_NAME_MAX directly and use sysconf(_SC_HOST_NAME_MAX) 
instead.
 2015-02-19 20:28:02 -07:00
Todd C. Miller
9b514ed83c Historically, crypt() returned the empty string on error, which 
ensured that crypt("", "") would return "", which supported matcing
empty encrypted passwords with no additional code.  Some modern
versions of crypt() (such as glibc) return NULL on error so we need
an explicit test to match an empty plaintext password and an empty
encrypted password.
 2015-02-19 14:17:57 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00
Todd C. Miller
8bb5897091 All modern systems should have LINE_MAX. 2015-02-19 09:59:25 -07:00
Todd C. Miller
96eddddc12 Almost no systems actually define OPEN_MAX since it is dynamic on 
modern OSes.  If sysconf(_SC_OPEN_MAX) ever fails, fall back on
_POSIX_OPEN_MAX instead.  We can assume modern systems have sysconf().
Also remove checks for strrchr() and strtoll() for which the HAVE_*
defines are no longer used.
 2015-02-19 09:59:25 -07:00
Todd C. Miller
2e32bb10fe Fix compilation on systems w/o __dso_public 2015-02-09 08:52:19 -07:00
Todd C. Miller
9206ba54c5 Russian translation for sudoers from translationproject.org. 2015-02-07 07:47:39 -07:00
Todd C. Miller
cecdd7e728 Russian translation for sudoers from translationproject.org. 2015-02-06 15:28:04 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
c299cdd665 Remove extraneous casts of node->data (which is void *). 2015-02-05 15:01:25 -07:00
Todd C. Miller
cebd92a88e Fix a potential crash when getpwnam() of the running user fails 
and we don't replace the negative cached entry with a faked up one.
From Stephane Chazelas
 2015-02-05 11:17:26 -07:00
Todd C. Miller
b727d4309c Handle sudo_get_grlist() returning NULL which can happen if 
getgrouplist() fails even after allocating the appropriate amount
of memory.  From Stephane Chazelas
 2015-02-05 11:17:24 -07:00
Todd C. Miller
a3435e7d12 Require POSIX regular expression support for sudoreplay. 2015-02-05 11:16:06 -07:00
Todd C. Miller
1e30824a1a The plugin no longer needs to call initprogname() now that it links 
with the same libsudo_util as sudo.
 2015-02-05 11:08:55 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
dfb369198a Sync with translationproject.org 2015-02-04 06:28:31 -07:00
Todd C. Miller
d1ce08369a Sync with translationproject.org 2015-02-04 06:23:57 -07:00
Todd C. Miller
2033be83c6 Regen with yacc skeleton that the clang analyzer doesn't complain about. 2015-02-03 15:58:09 -07:00
Todd C. Miller
a9bf105eda Use stdint.h to get SIZE_MAX as inttypes.h on some pre-C99 HP-UX 
systems doesn't include stdint.h itself.
 2015-02-03 10:00:30 -07:00
Todd C. Miller
536c83cec3 Solaris uses sysinfo(SI_SRPC_DOMAIN) instead of getdomainname() to 
get the host's NIS domain.
 2015-02-03 07:33:24 -07:00
Todd C. Miller
15717c518e Actually use the check for prior initialization in sudo_getdomainname(). 2015-02-02 15:38:03 -07:00
Todd C. Miller
fde8776d54 regen 2015-02-02 13:53:44 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but 
also match nisNetgroupTriple entries that have no domain.
 2015-01-30 14:45:22 -07:00
Todd C. Miller
97469c243c Avoid setting the tty to non-blocking mode so "sudoreplay | cat" 
(for example) works as expected.  We only read a single byte from
the keyboard and only when interactive anyway so this should be fine.
 2015-01-30 13:07:21 -07:00
Todd C. Miller
00e7dbd645 regen 2015-01-30 12:57:27 -07:00
Todd C. Miller
0ac881ba4b Avoid a cppcheck warning about undefined behavior (using the address 
of a stack buffer - 1) and fix a memory leak of the iov when
doing nl->crnl conversion.
 2015-01-30 10:45:15 -07:00
Todd C. Miller
770e6ca190 Fix handling of partial writes from writev() which can occur with 
large output buffers.
 2015-01-30 09:23:30 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there 
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
 2015-01-29 14:08:30 -07:00
Todd C. Miller
741bb8ec79 Add macros to ease the checking of strlcpy, strlcat and 
sudo_ldap_value_cat return values.
 2015-01-22 11:42:32 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
399d364a90 Remove now-unused VALIDATE_ERROR define. 2015-01-21 10:36:55 -07:00
Todd C. Miller
5415b3d2af should_mail() now returns bool. 2015-01-21 10:33:56 -07:00
Todd C. Miller
cb09010da5 Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. 2014-12-31 15:47:33 -07:00
Todd C. Miller
e0d927a98a sync 2014-11-20 13:34:17 -07:00
Todd C. Miller
c287419788 Require that a digest be specified with a real command, not an alias 
or pseudo-command.  Found via a crash by afl.
 2014-11-19 17:07:24 -07:00
Todd C. Miller
02b3fa2fdd French translation for sudoers from translationproject.org. 2014-11-19 15:20:11 -07:00
Todd C. Miller
bc6269e58b Prevent cppcheck from getting confused by our compat definition of 
the va_copy macro for pre-C99.
 2014-11-15 06:32:39 -07:00
Todd C. Miller
3870fdf622 Fix potential NULL pointer deref found by cppcheck. 2014-11-14 16:31:56 -07:00
Todd C. Miller
0c88ecd3bc Quiet a cppcheck false positive. 2014-11-14 16:31:30 -07:00
Todd C. Miller
b4432df5e2 Sync with translationproject.org 2014-11-10 12:37:58 -07:00
Todd C. Miller
832a4dee6b In set_fqdn() we neeed to set user_runhost/user_srunhost at the 
same time we set user_host/user_shost since that is what
hostlist_matches() uses.  Bug #678
 2014-11-12 20:33:41 -07:00
Todd C. Miller
5c13889f26 Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid, 
sudoers_gid, and sudoers_mode in visudo.
 2014-11-10 20:12:47 -07:00