isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,262 Commits 1 Branch 0 Tags
03ad96e44580182effdb9b896938b6871bfbd8f1
Commit Graph

135 Commits

Author SHA1 Message Date
Todd C. Miller
c9d4e1084c Fix logic for verifypw/listpw all in sudoers LDAP and sssd. 2015-03-02 11:37:43 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
7bafa63c15 Don't pollute the namespace with lbuf struct and functions 2014-06-26 15:51:15 -06:00
Todd C. Miller
fdda9b109d Fix sssd compiler warnings and fix the sha2 digest support. 2014-06-26 15:50:26 -06:00
Todd C. Miller
134b2a4228 Rename emalloc2() -> emallocarray() and erealloc3() -> ereallocarray(). 2014-04-22 16:02:28 -06:00
Todd C. Miller
8461dc6e24 Fix compiler warning in debug code. 2014-03-06 15:21:49 -07:00
Todd C. Miller
57113a536f Handle in_res being NULL for sudo_debug_printf() in sudo_sss_filter_result(). 2014-01-08 16:48:27 -07:00
Todd C. Miller
9e964a8c0e sudo_sss_filter_user_netgroup(): fix comment typos, break out of loop 
early if we match ALL or netgroup.
 2013-12-03 15:47:45 -07:00
Todd C. Miller
302d3273a8 When filtering netgroups, use the passwd struct stashed in the handle, 
not user_name since we may be listing another users privileges.
 2013-12-03 15:39:12 -07:00
Todd C. Miller
f477b343fe Avoid passing NULL domainname to sudo_debug_printf(). 2013-12-03 15:15:12 -07:00
Todd C. Miller
f56eca8051 Add user netgroup filtering for SSSD. Previously, rules for a 
netgroup were applied to all even when they did not belong to the
specified netgroup.  RedHat Bugzilla 880150.
 2013-12-03 14:19:37 -07:00
Todd C. Miller
543d3b701e Fix several issues found by the clang static analyzer; Daniel Kopecek 2013-12-03 14:10:11 -07:00
Todd C. Miller
12f3bdf60e Add wrapper functions for dlopen() et al so that we can support 
statically compiling in the sudoers plugin but still allow other
plugins to be loaded.  The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary.  This does not prevent other plugins from being
loaded as per sudo.conf.
 2013-11-22 16:35:15 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
99b7351de0 Fix some #if vs. #ifdef and remove an extraneous semicolon. 
Bug #624; from Daniel Richard G.
 2013-11-17 16:15:36 -07:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
4d6cb6efff Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). 
From Dan Harnett.
 2013-07-09 10:35:26 -06:00
Todd C. Miller
cc3c76b85d Add digest support for sudoers in ldap and sss. 2013-04-16 16:03:37 -04:00
Todd C. Miller
35375a2b7e Initial implementation of checksum support in sudoers. 
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
      checksum support for ldap sudoers
 2013-04-14 07:00:21 -04:00
Todd C. Miller
236f306a2b Start warning with a lower case letter for consistency and to match 
existing translated strings.
 2013-04-11 06:38:12 -04:00
Todd C. Miller
1da8739c38 Use userpw_matches() for username matching so #uid works for 
sudoRunAsUser.
 2013-02-21 07:03:52 -05:00
Todd C. Miller
b929dd3c46 Avoid calling realloc3() with a zero size parameter when all retrieved 
sssd rules fail.  Otherwise we'll get a run-time error due to
malloc(0) checking.
 2013-02-21 07:01:53 -05:00
Todd C. Miller
c80603eace Do not send error mail if a user is not found in SSSD. Local users 
can run sudo too.  From Nikolai Kondrashov
 2013-02-21 06:54:30 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
7b3d268687 Call gettext() on parameters for warning()/warningx() instead of 
having warning() do it for us.
 2012-11-25 09:34:04 -05:00
Todd C. Miller
595d3b2651 Display warning/error messages in the user's locale. 2012-11-08 15:37:44 -05:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00