isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,932 Commits 1 Branch 0 Tags
19ff128f314a8b5aa6e47e3cde06a9754e40ed4f
Commit Graph

115 Commits

Author SHA1 Message Date
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
10e5d4e708 Use LH_FOREACH_REV when checking permission and short-circuit on 
the first non-UNSPEC hit we get for the command.  This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
 2007-08-31 01:21:26 +00:00
Todd C. Miller
d1dbe2ecee Change list head macros to take a pointer, not a struct. 2007-08-31 01:12:50 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
45b311cfa8 Reduce a level of indent by a few placed continue statements. 2007-07-06 00:21:16 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
7ca844890d Use function pointers to only call private passwd/group routines when 
using a nonstandard passwd/group file.
 2005-01-09 23:58:21 +00:00
Todd C. Miller
5e475c85b3 Add support for custom passwd/group files. 2005-01-05 19:50:49 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
a58012cfff Only check group vector in usergr_matches() if we are matching the 
invoking or list user.  Always check the group members, even if
there was a group vector.
 2005-01-01 17:41:21 +00:00
Todd C. Miller
94f606fbf6 Deal with user_stat being NULL as it is for visudo and testsudoers. 2004-11-24 21:44:54 +00:00
Todd C. Miller
9c526bdc30 Correctly handle multiple privileges per userspec and runas inheritence. 2004-11-23 23:18:15 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
e26e40df8a Store aliases in a red-black tree. 2004-11-15 03:55:22 +00:00
Todd C. Miller
987d5cf815 Rewrite for the new parser. Now supports a -d flag (dump) and adds a -h 
flag (host).  It now defaults to the local hostname unless otherwise
specified.
 2004-10-26 22:25:34 +00:00
Todd C. Miller
d9e4426cb1 Kill set_perms() stub--it is no longer needed. 2004-10-21 16:31:19 +00:00
Todd C. Miller
cbcb60b184 Add keepopen arg to open_sudoers that open_sudoers can use to 
indicate to the caller that the fd should not be closed when it
is done with it.  To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
 2004-09-29 18:36:33 +00:00
Todd C. Miller
01212e4ebb init_parser now takes a path 2004-09-28 18:31:38 +00:00
Todd C. Miller
ec0ef3fcf7 Add open_sudoers() stubs. 2004-09-27 16:02:10 +00:00
Todd C. Miller
1a46dd74f6 Don't pass user_cmnd and user_args to command_matches(), just use 
the globals there.  Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.
 2004-08-02 18:44:58 +00:00
Todd C. Miller
c01dbab988 update (c) year 2004-06-07 00:02:56 +00:00
Todd C. Miller
713e419fe9 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:11 +00:00
Todd C. Miller
6190f376c1 If the user specified a uid with the -u flag and the uid exists in 
the passwd file, set runas_user to the name, not the uid.

When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
 2004-03-24 23:06:34 +00:00
Todd C. Miller
5befe6ddfe More to a less restrictive, ISC-style license. 2004-02-13 21:36:44 +00:00
Todd C. Miller
327729a7e6 Add stub set_runaspw() function 2004-01-16 23:09:34 +00:00
Todd C. Miller
4e74e8c530 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
632dbebef0 fix strlcpy() rval check (innocuous) 2003-04-01 15:02:49 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
eebc763bd3 Use strlc{at,py} for paranoia's sake and exit on overflow. In all 
cases the strings were either pre-allocated to the correct size of
length checks were done before the copy but a little paranoia can
go a long way.
 2003-03-13 20:00:45 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
7cc2f3b3e5 Remove Chris Jepeway's email address so people don't bug him ;-) 2002-03-16 00:44:48 +00:00
Todd C. Miller
b083b9f925 Fix CIDR handling here too. 2001-12-15 02:27:17 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
7b93f51d5e Add dummy version of init_envtables() 2001-12-11 22:55:23 +00:00
Todd C. Miller
998631b73a New Defaults options: 
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
 o env_reset - reset the environment to a sane default
 o env_keep - preserve environment variables that would otherwise be cleared

No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
 2000-12-30 03:29:47 +00:00
Todd C. Miller
ffca544b6c Fully qualified hosts w/ wildcards were not matching the FQHOST token type. 
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
 2000-03-23 04:38:22 +00:00
Todd C. Miller
5ce1fa96f2 Add support for wildcards in the hostname. 2000-03-23 04:09:53 +00:00
Todd C. Miller
db2c555453 kill register 2000-03-22 15:53:09 +00:00
Todd C. Miller
9e0bae9fc6 update copyright year on changed files 2000-01-17 23:46:26 +00:00
Todd C. Miller
0b59a0974d netgr_matches needs to check shost as well as host since they may be different. 2000-01-11 18:20:41 +00:00
Todd C. Miller
957fa7941d o Kill HAVE_FNMATCH_H 
o Only define HAVE_FNMATCH if <fnmatch.h> exists.
 1999-12-09 03:54:57 +00:00