isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,495 Commits 1 Branch 0 Tags
0ff95dfaaa4e1626a837e066e21ce865e9b8b98c
Commit Graph

8495 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
0ff95dfaaa When matching against runas_default use userpw_matches() instead 
of just strcasecmp().
 2016-09-15 13:36:43 -06:00
Todd C. Miller
a750bebf10 Set RUNAS_USER_SPECIFIED when -u is specified and/or RUNAS_GROUP_SPECIFIED 
when -g is specified.
 2016-09-15 13:16:38 -06:00
Todd C. Miller
d64153967e Fix printing of the default runas user when a RunAsGroup is specified 
but no RunAsUser is present.
 2016-09-15 11:29:27 -06:00
Todd C. Miller
fb32867e4c Only match against runas_default if both sudoRunAsUser and 
sudoRunAsGroup are missing.
 2016-09-15 10:46:57 -06:00
Todd C. Miller
d2af18c1fa runas_pw can no longer be NULL here 2016-09-15 09:40:41 -06:00
Todd C. Miller
ef82f792a1 Update check for whether or not the runas user was set in the ldap 
and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.
 2016-09-15 09:37:53 -06:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
50d0191de3 Disable Address Sanitizer leak detection for tests which generate 
parse errors.  The parser leaks a bit on error.
 2016-09-15 08:33:01 -06:00
Todd C. Miller
37099a6e7d Fix underflow in get_ipa_hostname() when trimming trailing 
whitespace.
 2016-09-15 05:54:53 -06:00
Todd C. Miller
394485f279 Document negated sudoHost entries. 2016-09-14 10:33:38 -06:00
Todd C. Miller
ff753d1e16 Support negated sudoHost entries. 2016-09-14 10:33:27 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
f51fbfa40d Support negated sudoHost entries. 2016-09-14 10:22:52 -06:00
Todd C. Miller
ca2a1f3109 Don't check the username when matching a host netgroup unless 
def_netgroup_tuple is enabled.
 2016-09-13 09:12:42 -06:00
Todd C. Miller
c73dec723c Move valid domain name check into a new valid_domain() function. 
Fix memory leak if getdomainname(2) fails and avoid using heap
garbage for the domain name matching in this case.
 2016-09-13 09:06:25 -06:00
Todd C. Miller
7687dd6527 sync with translationproject.org 2016-09-12 14:59:22 -06:00
Todd C. Miller
533c9ce108 Add back line mistakenly removed in 0cf2a9351740 2016-09-11 14:37:42 -06:00
Todd C. Miller
86ce2f89fd sync with translationproject.org 2016-09-11 07:50:12 -06:00
Todd C. Miller
f7bd14f706 Bug #757 2016-09-09 16:29:37 -06:00
Todd C. Miller
ead485b96b Fix typo that broke short host name matching when the fqdn 
flag is enabled.  Bug #757
 2016-09-09 16:26:22 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
33fb814e85 sync with translationproject.org 2016-09-07 11:08:12 -06:00
Todd C. Miller
6eb1b8c7ea Norwegian Nynorsk translation of sudo from translationproject.org 2016-09-07 11:07:59 -06:00
Todd C. Miller
fc7e2a98fd Fix for Bug #756 2016-09-07 11:02:25 -06:00
Todd C. Miller
b80309e6d8 In sudoers_main() avoid setting rval prematurely. Prevents a crash 
when auditing fails after successfully authenticating.  Bug #756
 2016-09-05 19:44:46 -06:00
Todd C. Miller
43084d8f91 Apply match_group_by_gid early. 2016-09-05 06:21:23 -06:00
Todd C. Miller
0181bf2c23 update 2016-09-02 10:30:35 -06:00
Todd C. Miller
40d0ecc7d6 Don't disable large file support for Linux, just SVR4-style /proc. 
Otherwise, stat(2) may fail on Linux when running a 32-bit sudo
on a 64-bit machine.  Bug #755
 2016-09-02 08:05:07 -06:00
Todd C. Miller
5b86d2d298 Make sudo_parseln() flags hex to make it more obvious that they are 
bit flags.
 2016-09-01 14:36:24 -06:00
Todd C. Miller
881814c9f9 Don't try to support line continuation in /etc/environment. 2016-09-01 14:35:40 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
2a4ba64c84 Add flag to sudo_parseln() to disable line continuation support. 2016-09-01 10:50:39 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00
Todd C. Miller
04340eea60 If get_process_ttyname() fails for errno != ENOENT, just warn 
instead of making it a fatal error.  Bug #755
 2016-09-01 08:23:19 -06:00
Todd C. Miller
c9572db75a use strict 2016-08-31 14:33:24 -06:00
Todd C. Miller
7a54b49fc4 Define def_foo in terms of the I_FOO index instead of a bare number. 2016-08-31 14:27:40 -06:00
Todd C. Miller
8ee6f0d1de sync with translationproject.org 2016-08-31 12:31:27 -06:00
Todd C. Miller
dba28a945c Mention that match_group_by_gid has no effect when sudoers is stored 
in LDAP.
 2016-08-31 12:29:54 -06:00
Todd C. Miller
e147ba1fec Use W_EXITCODE to construct the wait status if sudo could not execute 
the command.  Fixes the sudo exit value for exec(3) failure.
 2016-08-31 08:39:26 -06:00
Todd C. Miller
a9570e64ff fix brace style 2016-08-31 08:34:07 -06:00
Todd C. Miller
b610137efa regen 2016-08-31 05:50:18 -06:00
Todd C. Miller
ef4e808103 It is possible for get_user_info() to fail for reasons other than 
ENOMEM so print the warning message there rather than in main().
 2016-08-31 05:47:36 -06:00
Todd C. Miller
edcb137f60 match_group_by_gid is only available in sudo 1.8.18 and above 2016-08-30 14:37:57 -06:00
Todd C. Miller
7aeb11a920 Mention match_group_by_gid 2016-08-30 14:37:11 -06:00
Todd C. Miller
c57979bfb6 Document match_group_by_gid 2016-08-30 14:35:16 -06:00
Todd C. Miller
9cfd556853 Add match_group_by_gid Defaults option to allow sites with slow 
group lookups and a small number of groups in sudoers to match
groups by group ID instead of by group name.
 2016-08-30 13:42:42 -06:00
Todd C. Miller
12ab1383a4 Mention "sudo -l command" bug fix. 2016-08-29 10:42:17 -06:00
Todd C. Miller
5b51b7f11a Fix "sudo -l command" in the LDAP and SSS backends when the command 
is not allowed.
 2016-08-29 10:04:24 -06:00
Todd C. Miller
7918f7e7eb Use sudo_strsplit() instead of doing the equivalent manually. 2016-08-26 11:07:19 -06:00