isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
5,413 Commits 1 Branch 0 Tags
05807cf5e1d51a6923532e063eb5ed9b0b3385be
Commit Graph

354 Commits

Author SHA1 Message Date
Todd C. Miller
36d8fbb900 Fix typo 2010-12-27 13:49:06 -05:00
Todd C. Miller
4c1aecd48f Only use mkdtemp() if the path ends in at least 6 Xs since otherwise 
glibc mkdtemp() returns EINVAL.
 2010-12-27 12:32:28 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
524021a377 Add missing sigsetjmp() call in I/O plugin open function. 
Fixes a crash when the I/O plugin calls error(), errorx() or log_error().
 2010-12-27 11:24:47 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
b2a6984606 Make I/O log dir configurable. 2010-12-10 14:14:35 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
70cf50fd20 In sudoedit mode, assume command line arguments are paths and 
pass FNM_PATHNAME to fnmatch().
 2010-11-22 10:27:29 -05:00
Todd C. Miller
5a0f2164ef Avoid conflicts with system definitions in grp.h and pwd.h 2010-11-20 10:33:23 -05:00
Todd C. Miller
51f401fa34 Add prototype for cleanup() 2010-11-19 12:58:03 -05:00
Todd C. Miller
c73306983c Avoid deferencing group_plugin if it is NULL in group_plugin_query(). 
This should not happen.
 2010-11-18 17:09:57 -05:00
Todd C. Miller
4b2fb225c0 group plugin init function return TRUE when successful 2010-11-18 17:06:52 -05:00
Todd C. Miller
ef5f73a49f Enlarge the array of entry wrappers int blocks of 100 entries to 
save on allocation time.  From Andreas Mueller
 2010-11-17 18:56:52 -05:00
Todd C. Miller
f9353d95ca Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() 
that was mistakenly dropped.
 2010-11-17 07:31:07 -05:00
Todd C. Miller
8940f361ea Merge in ordered LDAP entry support from Andreas Mueller 
and add local changes from the 1.7 branch.
 2010-11-14 13:22:38 -05:00
Todd C. Miller
2b0fca31c0 Add timed entry support from Andreas Mueller. 2010-11-12 15:26:35 -05:00
Todd C. Miller
82453cfdec Don't try to unload if group_plugin is NULL. 
Don't call dlclose() if group_handle is NULL
 2010-11-12 13:14:35 -05:00
Todd C. Miller
26d71ded7b It is now plugin_cleanup(), not cleanup() 2010-11-12 13:03:28 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
8597c39194 Use efree() not free() and remove malloc.h include since we never 
directly call malloc() or free().
 2010-11-11 16:10:57 -05:00
Todd C. Miller
47323843a5 Give up on using VPATH to find sources as it is implemented inconsistenly 
in different versions of make.
 2010-11-09 10:27:02 -05:00
Todd C. Miller
39d1167f33 Include config.h before any other includes to make sure we get the 
right value for _FILE_OFFSET_BITS.
 2010-11-09 08:55:55 -05:00
Todd C. Miller
452d8765b2 Zero out group_plugin on unload just to be safe. 2010-11-08 17:48:05 -05:00
Todd C. Miller
da35e5f42f Unload group plugin if its init function fails. 2010-11-08 17:44:32 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
c615ca742a Use INADDR_NONE instead of casting -1 to in_addr_t (which may not exist). 2010-10-12 10:31:21 -04:00
Todd C. Miller
1e01f2b7ac Quiet an HP-UX compiler warning. 2010-10-12 09:23:52 -04:00
Todd C. Miller
86a4a5232f Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to 
include the local or system dlfcn.h
 2010-10-11 17:39:51 -04:00
Todd C. Miller
06b0aa1185 Fix pasto; AF_INET not AF_INET6 2010-10-11 15:43:59 -04:00
Todd C. Miller
6a52054147 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful 
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.
 2010-10-11 09:12:23 -04:00
Todd C. Miller
751f597b2b Make this compile correctly when no dlopen is available. 2010-10-11 09:10:10 -04:00
Todd C. Miller
66ea399856 Having a timestamp file defined is no longer indicative of tty tickets 
being enabled.  Check def_tty_tickets directly.
 2010-10-07 14:12:17 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00
Todd C. Miller
a627c60deb When iterating over returned LDAP entries, keep looking at remaining 
matches even if we have a positive match.  This catches negative
matches that may exist in other entries and more closely match the
sudoers file behavior.
 2010-10-01 12:17:01 -04:00
Todd C. Miller
614e2a642c Preserve ODMDIR environment variable by default on AIX. 2010-09-27 14:08:54 -04:00
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
590eed3bd7 Ignore ECONNREFUSED from audit_log_user_command() which will 
occur if auditd is not running.
 2010-09-21 07:56:16 -04:00
Todd C. Miller
48d7c78330 Cast isblank argument to unsigned char. 2010-09-16 10:39:08 -04:00
Todd C. Miller
b51afe6249 Implement --with-umask-override configure flag. 2010-09-14 17:18:55 -04:00
Todd C. Miller
ed45e68da9 Take MODE_LOGIN_SHELL into account when initially setting reset_home 
instead of special-casing it later.
 2010-09-14 11:44:33 -04:00
Todd C. Miller
53f9cfe062 In login mode, make a copy of the runas user's pw_shell for NewArgv[0] 
because 1) we modify it and 2) it will runas_pw gets freed before exec.
 2010-09-14 11:30:28 -04:00
Todd C. Miller
ce942f18c0 Reset HOME for "sudo -i" even if HOME was listed in env_keep. 2010-09-14 11:28:40 -04:00
Todd C. Miller
77eb8cfe5b Use __sun for consistency with the rest of the sources. 2010-09-13 11:49:10 -04:00
Todd C. Miller
4101f2eef0 Quiet a bogus compiler warning. 2010-09-13 11:37:29 -04:00
Todd C. Miller
933c71e9c3 Don't try to delref a NULL group. 2010-09-13 11:08:04 -04:00
Todd C. Miller
4ce8b35cd3 testsudoers depends on libsudoers.la, not sudoreplay 2010-09-11 09:00:06 -04:00