isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,879 Commits 1 Branch 0 Tags
171512b173f7eddf1928d49b7238210c7c7c0474
Commit Graph

617 Commits

Author SHA1 Message Date
Todd C. Miller
f847570ba9 Fix copyright year 2016-12-19 12:48:15 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
cb1f044017 Allow stdin and ttyin to be displayed too. The only one that is 
really useful in sudoreplay is stdin when input is from a pipe.
 2016-11-30 13:38:01 -07:00
Todd C. Miller
94b844ebb5 regen 2016-11-21 17:45:46 -07:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
80217f0bbc Remove obsolete solaris issue with snprintf 2016-11-17 08:11:01 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
541ffbeec8 Bump plugin minor version to 10 for sudo_mode, sudo_group and sudo_user. 2016-11-08 20:34:46 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
a9715211a8 Use sudoedit in examples instead of "sudo vi" 2016-11-02 17:07:25 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
6fa59b7416 There are now 14 tag values, not 10. Don't bother mentioning the 
number since it keeps increasing.  Bug #759
 2016-10-19 07:33:07 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
6eb1b8c7ea Norwegian Nynorsk translation of sudo from translationproject.org 2016-09-07 11:07:59 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
dba28a945c Mention that match_group_by_gid has no effect when sudoers is stored 
in LDAP.
 2016-08-31 12:29:54 -06:00
Todd C. Miller
edcb137f60 match_group_by_gid is only available in sudo 1.8.18 and above 2016-08-30 14:37:57 -06:00
Todd C. Miller
7aeb11a920 Mention match_group_by_gid 2016-08-30 14:37:11 -06:00
Todd C. Miller
c57979bfb6 Document match_group_by_gid 2016-08-30 14:35:16 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
d17bc132de Document that fqdn, runas_default and sudoers_locale are parsed early. 2016-08-09 10:26:02 -06:00
Todd C. Miller
ac20b8ddff Regen for 1.8.18 2016-08-09 10:25:50 -06:00
Todd C. Miller
f98b481af2 Point the reader to the sudoers manual for the list of supported 
arguments after the plugin path.
 2016-06-15 10:10:59 -06:00
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
638acc28cf The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. 
Also fix the section for ldap.conf cross-references.
 2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0 Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". 
Add missing word "order" in a sentence describing sudoOrder.
 2016-05-31 13:14:30 -06:00
Todd C. Miller
c6b41b1657 Setting timestamp_timeout less than zero only lasts until the 
next reboot.  Adapted from a RedHat patch.
 2016-05-31 12:57:08 -06:00
Todd C. Miller
63dbb74250 Korean translation for sudo and sudoers from translationproject.org. 2016-05-25 08:41:27 -06:00
Todd C. Miller
ab861b92d2 Document that in 1.8.12 sudo started being able to check the NIS 
domain on Solaris.
 2016-05-23 11:21:34 -06:00
Todd C. Miller
7461dcf9a8 Regen for 1.8.17 2016-05-13 12:02:53 -06:00
Todd C. Miller
d25500afa8 Document that you need to preserve EDITOR and/or VISUAL for env_editor 
to be useful.
 2016-05-13 12:02:23 -06:00
Todd C. Miller
ea44d3757e For "sudoreplay -l", not all predicates may be shortened to a single 
character.  Both 'c' and 't' have more than one possibility.
 2016-05-04 16:44:52 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
7cd6d4ec79 The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). 2016-03-17 10:46:23 -06:00
Todd C. Miller
99978e4a70 Fix documented bug with duplicate role names and turn on perl warnings. 
Based on a diff from Aaron Peschel
 2016-02-22 11:07:33 -07:00
Todd C. Miller
ec37504dfb Document the race with sudoedit_checkdir in 1.8.15. 2016-01-20 11:00:05 -07:00
Todd C. Miller
42671f6b95 Document sudoedit_checkdir 2016-01-20 10:56:47 -07:00
Todd C. Miller
647bfa4a9d Add 1.8.16 changes 2016-01-19 15:21:15 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
7f8a29dfc0 Add "I/O LOG FILES" section to the manual and move many of the 
details from the log_input and log_output descriptions to it.
 2016-01-16 16:47:42 -07:00
Todd C. Miller
ad8c96403d Use "Nm sudoers" when talking about the plugin and "Em sudoers" when 
talking about the sudoers file.
 2016-01-16 16:46:17 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00