isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,269 Commits 1 Branch 0 Tags
12a1b672c00d8e0af1bb6b14dba6e51e4db2c0aa
Commit Graph

1272 Commits

Author SHA1 Message Date
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
d748ebe48b Add some initprogname() calls to the test programs. 2014-02-08 06:24:01 -07:00
Todd C. Miller
8b94d558df regen 2014-02-07 15:15:09 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7a1cd11c0d Update copyright year. 2014-02-06 16:00:56 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
b299763e34 Don't warn about an insecure lecture dir twice. 
Display warnings in the user's locale.
 2014-02-06 15:46:27 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
efd31a31ec Add back boottime.lo 2014-02-03 08:08:54 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
a9a7768d56 regen 2014-02-02 05:23:54 -07:00
Todd C. Miller
32b897ac67 Restore warning when sudoers is unable to update the time stamp file. 2014-02-01 06:11:29 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
fb29e91ef0 Fix use of timestampowner in the new time stamp world order. Parent 
directories for timestampdir and lecture_dir are now created with
the execute bit set so that we can traverse them as non-root.
 2014-02-01 05:47:16 -07:00
Todd C. Miller
a2dc10ece7 Regen Makefiles. 2014-01-31 15:46:25 -07:00
Todd C. Miller
d0f343ba2e Move ctim_get and mtim_get to sudo_util.h 2014-01-31 15:43:34 -07:00
Todd C. Miller
32b4713d6d sprinkle some debug printfs and add function header comments 2014-01-31 15:28:41 -07:00
Todd C. Miller
d7257a63e7 Properly handle the case where /var/run/sudo/ts doesn't exist. 2014-01-31 15:02:31 -07:00
Todd C. Miller
596fc68aca Warn on ftruncate failure(). 2014-01-30 16:24:48 -07:00
Todd C. Miller
63e7aa9942 Fix checking of lecture status. 2014-01-30 16:15:03 -07:00
Todd C. Miller
b813c4de48 Use sudo_timeval macros and remove compat macros from missing.h 2014-01-30 15:51:59 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
aaecd326e4 Use inet_aton() instead of inet_addr() as it allows us to distinguish 
between the address (or mask 255.255.255.255) and an error.  In the
future we may consider switching to inet_pton() for IPv4 too.
 2014-01-26 13:23:09 -07:00
Todd C. Miller
f6542e90f0 Fix typo in the AIX case. 2014-01-24 09:43:10 -07:00
Todd C. Miller
7e88cc27bf Size pointer for sudo_parseln() should be size_t not ssize_t. 
This was already correct for the nsswitch.conf case.
 2014-01-24 09:39:11 -07:00
Todd C. Miller
4c9650f78f If inet_addr() returns INADDR_NONE, return false instead of iterating 
through the interfaces looking for a match that will never happen.
 2014-01-22 20:48:49 -07:00
Todd C. Miller
ae6fb933f0 Do not assume localtime(), gmtime() and ctime() always return non-NULL. 2014-01-21 16:32:00 -07:00
Todd C. Miller
5a6db565c1 Update copyright years 2014-01-15 06:19:34 -07:00
Todd C. Miller
5f88e95bc9 Eliminate dead store found by clang checker. 2014-01-15 06:13:23 -07:00
Todd C. Miller
bec5786e5e Remove dead store; found by cppcheck 2014-01-13 09:52:41 -07:00
Todd C. Miller
aa93ef78a7 Quiet a few innocuous cppcheck warnings. 2014-01-08 17:01:03 -07:00
Todd C. Miller
57113a536f Handle in_res being NULL for sudo_debug_printf() in sudo_sss_filter_result(). 2014-01-08 16:48:27 -07:00
Todd C. Miller
12fc51060e When writing length to timing file, use %u not %d as it is unsigned. 2014-01-08 16:45:06 -07:00
Todd C. Miller
4b5ad37b47 Close export_fp in the error path too, but do not close stdout. 2014-01-08 16:29:18 -07:00
Todd C. Miller
7ace435d44 Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. 2014-01-08 16:23:06 -07:00
Todd C. Miller
cadba501e4 Make this compile again 2014-01-13 09:52:41 -07:00
Todd C. Miller
b75bb6991f Do not leak old istack if realloc fails; found by cppcheck. 
Also modify yyless() to avoid a harmless cppcheck warning every
time it is used.
 2014-01-13 09:52:41 -07:00
Todd C. Miller
78355e618f Add cppcheck target to run cppcheck on all source files. 2014-01-13 09:50:39 -07:00
Todd C. Miller
27598bc0ab Update copyright year. 2014-01-07 10:43:31 -07:00
Todd C. Miller
f57beb1afa Go back to making the bit fields in struct cmndtag explicitly signed. 
This fixes a problem on gcc 4.8 (at least) which appears to be
treating the value as unsigned by default.
 2014-01-07 10:35:56 -07:00
Todd C. Miller
0e1d726aac Handle a sequence file with no trailing newline. 2014-01-04 12:42:34 -07:00
Todd C. Miller
391bc02e25 Truncate io log and timing files on open when recycling them. 
Only an issue when the sequence number wraps around.
 2014-01-03 18:28:07 -07:00
Todd C. Miller
6fe419423a Repair reading of the iolog sequence number that got broken when 
adding stricter strtoul() checks.
 2014-01-03 18:11:27 -07:00
Todd C. Miller
929d8a38ea sync with translationproject.org 2013-12-31 16:23:44 -07:00
Todd C. Miller
1943396d75 Make user_cwd and user_tty dynamically allocated even for the 
"unknown" case.
 2013-12-31 15:58:52 -07:00
Todd C. Miller
42dbe7f4bd sync with translationproject.org 2013-12-29 09:12:23 -07:00
Todd C. Miller
72cd57dea3 sync with translationproject.org 2013-12-28 18:40:15 -07:00
Todd C. Miller
a6e1766dd6 Fix typo; we want setlocale(LC_ALL, "") since we are setting the 
locale for the first time.
 2013-12-28 07:59:45 -07:00
Todd C. Miller
91db1efe91 Use sudoers_initlocale() in main() startup, not sudoers_setlocal() 
as the latter assumes we are already in the user's locale which may
not be the case.  For sudoreplay, we can just use setlocale()
directly as there is no sudoers locale.
 2013-12-27 06:50:06 -07:00