isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,827 Commits 1 Branch 0 Tags
01ae3d477105f1696dbb99bbe8814707d621ad20
Commit Graph

578 Commits

Author SHA1 Message Date
Todd C. Miller
01ae3d4771 Go back to using a callback for runas_default to keep runas_pw in 
sync.  This is needed to make per-entry runas_default settings work
with LDAP-based sudoers.  Instead of declaring it a callback in
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is
a bit naughty, but avoids requiring stub functions in visudo and
the tests.
 2011-08-09 14:54:42 -04:00
Todd C. Miller
eb09c303a1 Add new Russian sudo translation from translationproject.org 
and rebuild the other translation files.
 2011-07-30 09:35:56 -04:00
Todd C. Miller
4f726ddcd5 Update Finish and Polish translations from translationproject.org 2011-07-29 16:40:29 -04:00
Todd C. Miller
8255ed69b9 Go back to escaping the command args for "sudo -i" and "sudo -s" 
before calling the plugin.  Otherwise, spaces in the command args
are not treated properly.  The sudoers plugin will unescape non-spaces
to make matching easier.
 2011-07-29 10:10:40 -04:00
Todd C. Miller
4f9a93f658 Fix some potential problems found by the clang static analyzer, 
none serious.
 2011-07-28 10:59:37 -04:00
Todd C. Miller
6365c779c0 Updated Ukranian and Chinese (simplified) po files from 
translationproject.org
 2011-07-28 09:08:50 -04:00
Todd C. Miller
bd6ce7ee3a Updated Polish translation from translationproject.org 2011-07-27 14:47:31 -04:00
Todd C. Miller
3606fc4419 Rebuild pot files 2011-07-27 14:23:45 -04:00
Todd C. Miller
35d26ae34f Don't try to audit failure if the runas user does not exist. We don't 
have the user's command at this point so there is nothing to audit.
Add a NULL check in audit_success() and audit_failure() just to be
on the safe side.
 2011-07-27 12:11:33 -04:00
Todd C. Miller
80138c88ba Remove fallback to per-group lookup when matching groups in sudoers. 
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups.  For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
 2011-07-25 09:17:18 -04:00
Todd C. Miller
1f9fb7609f Fix two PERM_INITIAL cases that were still using user_gids. 2011-07-22 15:13:35 -04:00
Todd C. Miller
3dde167cf6 user_group is no longer used, remove it 2011-07-22 09:29:49 -04:00
Todd C. Miller
0b91073953 Add Polish translation from translationproject.org 2011-07-20 16:55:57 -04:00
Todd C. Miller
022591f4bf Add a wrapper for setgroups() that trims off extra groups and retries 
if setgroups() fails.  Also add some missing addrefs for PERM_USER
and PERM_FULL_USER.
 2011-07-20 16:54:12 -04:00
Todd C. Miller
b124635b04 Instead of keeping separate groups and gids arrays, create struct 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
 2011-07-20 11:58:45 -04:00
Todd C. Miller
6d8788a6cd Do not shadow global sudo_mode with a local variable in set_cmnd() 2011-07-18 16:23:38 -04:00
Todd C. Miller
54bf162e60 bash 2.x doesd not support the -l flag and exits with an error if 
it is specified so use --login instead.  This causes an error with
bash 1.x (which uses -login instead) but this version is hopefully
less used than 2.x.
 2011-07-17 10:37:15 -04:00
Todd C. Miller
37873051a8 Make error strings translatable. 2011-07-13 16:50:25 -04:00
Todd C. Miller
d7c0798865 Add missing logwrap.c 2011-07-11 15:57:13 -04:00
Todd C. Miller
f90731596a Split out log file word wrap code into its own file and add unit 
tests.  Fixes an off-by one in the word wrap when the log line
length matches loglinelen.
 2011-07-11 15:22:25 -04:00
Todd C. Miller
56321ec778 Resolve the list of gids passed in from the sudo frontend (the 
result of getgroups()) to names and store both the group names and
ids in the sudo_user struct.  When matching groups in the sudoers
file, match based on the names in the groups list first and
only do a gid-based match when we absolutely have to.  By matching
on the group name (as it is listed in sudoers) instead of id
(which we would have to resolve) we save a lot of group lookups
for sudoers files with a lot of groups in them.
 2011-07-01 14:13:47 -04:00
Todd C. Miller
20972da410 Workaround for "sudo -i command" and newer versions of bash which 
don't go into login mode when -c is specified unless -l is too.
 2011-06-26 18:02:09 -04:00
Todd C. Miller
9ba98ef7b5 Rewrite logfile word wrapping code to be more straight-forward 
and actually wrap at the correct place.
 2011-06-23 14:17:38 -04:00
Todd C. Miller
39be82e32f Set use_pty=true in command details when use_pty is set in sudoers. 
From Ludwig Nussel
 2011-06-22 10:06:35 -04:00
Todd C. Miller
2bd874febc Sync Chinese (simplified) PO files from translationproject.org 2011-06-20 08:30:10 -04:00
Todd C. Miller
26ec20f8b1 Add Danish translation from translationproject.org and add missing 
Basque mo files.
 2011-06-18 13:21:48 -04:00
Todd C. Miller
7a06f32cbb Preserve SHELL variable for "sudo -s". Otherwise we can end up 
with a situation where the SHELL variable and the actual shell being
run do not match.
 2011-06-13 07:20:28 -04:00
Todd C. Miller
2c4a5e905c Do not declare yyparse() static as the actual function generated 
by yacc is extern.
 2011-06-07 11:45:06 -04:00
Todd C. Miller
e95c7130d7 Add Basque translation and sync Finish and Ukranian translations. 2011-06-06 13:38:54 -04:00
Todd C. Miller
4f22a39803 Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes 
problems with pam modules not having access to symbols provided by
libpam on some platforms.  Affects FreeBSD and SLES 10 at least.
 2011-06-06 10:53:58 -04:00
Todd C. Miller
750c0d2ebe Regenerate .pot files for 1.8.2rc2 2011-06-04 18:27:59 -04:00
Todd C. Miller
e66169b3ed Move nls targets to the top level Makefile so the paths in 
the pot file are saner
 2011-06-04 18:27:13 -04:00
Todd C. Miller
5fdfefb9dc Update MANIFEST with .po and .mo files 
Rebuild sudoers fi and uk .mo files
 2011-06-04 10:11:10 -04:00
Todd C. Miller
707bad44d4 Add Finish translation from translationproject.org 2011-06-04 09:58:44 -04:00
Todd C. Miller
7199afec89 Clean up regress files 
Generate proper dependencies for regress objs in compat
 2011-05-31 09:58:41 -04:00
Todd C. Miller
43fef79b05 Add missing dependency for check_fill.o. 2011-05-31 09:43:37 -04:00
Todd C. Miller
d5e1cbbfaa Include gettext.h 2011-05-28 15:32:11 -04:00
Todd C. Miller
ab3b3eb83b Quiet gcc warnings. 2011-05-28 15:27:14 -04:00
Todd C. Miller
8513c48185 Add missing space between command name and the first command line argument. 2011-05-27 14:07:23 -04:00
Todd C. Miller
3e2f4037cc Quiet a compiler warning on some platforms. 2011-05-27 13:50:37 -04:00
Todd C. Miller
9b7cd235e7 README file that directs people to translationproject.org 2011-05-27 13:15:27 -04:00
Todd C. Miller
6fccd6bfda Sync translations with TP 2011-05-27 12:53:05 -04:00
Todd C. Miller
4ab4114c48 install nls files from install target 2011-05-27 10:24:55 -04:00
Todd C. Miller
38db44b80c Include .mo files in sudo binary packags. 2011-05-27 10:17:34 -04:00
Todd C. Miller
47adbf8d33 Add simplified chinese translation 2011-05-27 07:54:52 -04:00
Todd C. Miller
c202c4e6d8 Add ukranian translation 2011-05-26 15:23:55 -04:00
Todd C. Miller
67e8e56534 Set def_preserve_groups before searching for the command when the -P 
flag is specified.
 2011-05-26 12:52:59 -04:00
Todd C. Miller
f7cb73abdb Add dependency for siglist.lo in compat. This is a generated file so 
"make depend" needs to depend on it.
 2011-05-26 12:12:43 -04:00
Todd C. Miller
6c13614a51 Place compiled mo files in the src dir, not the build dir. 
When installing compiled mo files, display a status message.
 2011-05-26 11:12:54 -04:00
Todd C. Miller
086cbfe376 Tivoli Directory Server requires that seconds be present in a 
timestamp, even though RFC 4517 states that they are optional.
 2011-05-25 15:04:34 -04:00