isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

963 Commits

Author SHA1 Message Date
Robert Manner
3f890e4db8 doc/sudo_plugin_python: indent code examples for easier readability 2020-01-02 11:53:08 -05:00
Robert Manner
9871f7e37b doc/sudo.conf: document developer_mode option 2020-01-02 11:53:08 -05:00
Todd C. Miller
a76b7543bf fix typo in previous 2019-12-31 07:48:57 -07:00
Todd C. Miller
a8c39ea81b Changes in sudo 1.8.30 2019-12-31 06:02:19 -07:00
Todd C. Miller
79e52c7764 Substitute @prefix@ in for the example paths. 
We can't use @exampledir@ here since it contains Makefile variables.
 2019-12-23 07:27:54 -07:00
Todd C. Miller
5dcc28180e Add sudo_plugin_python manual page. 
Based on markdown docs from Robert Manner.
 2019-12-21 12:54:55 -07:00
Todd C. Miller
a441580540 Update SUDO_CONV_REPL_MAX in docs. 2019-12-14 12:40:55 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
d0b80b404c Replace timeleft with pending in sudo plugin event API. 2019-12-07 08:42:10 -07:00
Todd C. Miller
d98022177e Document log_server_cabundle, log_server_peer_cert and log_server_peer_key 2019-12-06 13:23:51 -07:00
Todd C. Miller
a1e61f5ac0 Sync init_session() prototype with sudo_plugin.h and fix a typo. 2019-12-05 16:57:12 -07:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00
Todd C. Miller
b31b830518 Document the process of creating self-signed certificates for sudo_logsrvd. 
Based on a document from Laszlo Orban.
 2019-11-19 14:29:40 -07:00
Todd C. Miller
368e12b0f9 If there is no session or terminal group ID, pass the plugin a value of 0. 
This behavior already matches what is documented in the sudo_plugin
manual for "sid" but the "tcpgid" entry needed to be updated.
 2019-11-18 16:25:52 -07:00
Todd C. Miller
f913249dd0 Rename "log_server" in sudoers to "log_servers" to match I/O plugin. 2019-11-18 09:39:03 -07:00
Todd C. Miller
82fea739af Add Laszlo Orban 2019-11-17 06:44:09 -07:00
Todd C. Miller
4bb2b2f605 regen 2019-11-16 19:14:40 -07:00
Todd C. Miller
366a63ce58 Change TLS example file locations to be under /etc/ssl/sudo. 2019-11-16 19:13:53 -07:00
Todd C. Miller
49c09ee2d8 Document sudo_logsrvd TLS configuration. 2019-11-16 13:01:49 -07:00
Todd C. Miller
d8ccf11c58 Document the log_server and log_server_timeout options 2019-11-15 13:41:52 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
da82b16fc4 Add sudo logo designers 2019-11-11 19:57:39 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
e6fe02d646 Reference timestamp_type and timestamp_timeout in sudoers. 
This should help users find details on how time stamp files work.
 2019-11-01 12:42:41 -06:00
Todd C. Miller
955fa11b53 Clear the write bit on the timing file for completed logs. 
This allows us to tell whether or not a log can be restarted.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
1df3230c2a Document the sudo log server protocol 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
8a16e62a88 Import protobuf-c source since to avoid an external dependency. 
The files generated with protoc-c are not standalone.
We need to include protobuf-c.c and protobuf-c.h from the protobuf-c
distribution too.  Building protoc-c requires a relative recent
version of gcc which limits its portability.
 2019-10-24 20:04:30 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
6260bf60b4 sudoedit doesn't create a new PAM session so PAM umask does not apply. 2019-10-18 06:43:33 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
8761217f83 Be more consistent with how we talk about sudoers Defaults settings. 
Use "flag" not "option" when referring to boolean flags.
Use "setting" in place of "Defaults setting" in most places.
Use "the foo option" instead of "sudo's foo option" for command line options.
 2019-10-16 14:29:12 -06:00
Todd C. Miller
984382f8a9 Refer to number of terminal lines, not rows, for consistency. 2019-09-18 20:03:04 -06:00
Todd C. Miller
b2fadf66de sudoedit umask fix 2019-09-14 08:50:12 -06:00
Todd C. Miller
9eeedb470f If the sudoreplay ID option is a fully-qualified path, use it directly. 
Previously, one had to use the -d option to override the I/O log directory.
 2019-08-27 13:40:38 -06:00
Todd C. Miller
eb95a35edc Add conditional for sesh path in sudo.conf manual. 2019-08-27 08:09:28 -06:00
Todd C. Miller
44e990c2ac Mention I/O log signal change in NEWS and UPGRADE files. 2019-08-05 16:45:30 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
6f3d826f8b Update error message when the password cannot be read from the terminal. 2019-07-19 17:46:57 -06:00
Todd C. Miller
15db0c3f82 More verbose error message when a password is required and no terminal 
is present.  Bug #828.
 2019-07-19 11:51:20 -06:00
Todd C. Miller
6e0f7166e3 Document that PAM session modules are now run with the silent flag. 2019-07-19 10:38:53 -06:00
Todd C. Miller
10b5529a0b Clarify that ttyin contains raw terminal input. 2019-07-12 08:24:07 -06:00
Todd C. Miller
03ba6426e7 Expand the description of the I/O log files. 2019-07-11 13:42:12 -06:00
Todd C. Miller
679f13ef53 Remove trailing whitespace. 2019-07-11 13:41:48 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
cd258e1d39 Add conditional for sesh path in sudo.conf manual. 2019-07-03 09:06:45 -06:00