isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,239 Commits 1 Branch 0 Tags
1cc431c42fbeb6c46e3f3ba7c58c6aa15915c7cc
Commit Graph

4239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c880b55b8c comment out XXXs for now 2008-03-05 14:38:08 +00:00
Todd C. Miller
9c1b476df1 mention askpass 2008-03-05 14:36:27 +00:00
Todd C. Miller
0c6a760fc2 Error out if both -A and -S are specified 
Error out if -A is specified but no askpass is configured
 2008-03-04 22:20:28 +00:00
Todd C. Miller
64d226e1d7 we are not going to ship a sudo-specific askpass 2008-03-04 22:16:49 +00:00
Todd C. Miller
5d86a9d6fe fix definition of TGP_ASKPASS 2008-03-03 19:30:50 +00:00
Todd C. Miller
cbf038c61c make askpass boolean-capable 2008-03-03 18:54:34 +00:00
Todd C. Miller
9a6917851c document --with-askpass 2008-03-03 18:53:45 +00:00
Todd C. Miller
c0773d037a regen 2008-03-03 00:27:07 +00:00
Todd C. Miller
143691e6d7 document -A and askpass 2008-03-02 22:31:08 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
5b248a0765 add missing printf format to SELinux role and type strings 2008-03-02 13:38:46 +00:00
Todd C. Miller
f20935284b Disable use of gss_krb5_ccache_name() by default and add 
--enable-gss-krb5-ccache-name configure option to enable it.  It
seems that gss_krb5_ccache_name() doesn't work properly with some
combinations of Heimdal and OpenLDAP.
 2008-02-27 14:26:28 +00:00
Todd C. Miller
9c3a47892b Ignore setexeccon() failing in permissive mode. Also add a 
call to setkeycreatecon() (though this is probably insufficient).
From Dan Walsh.
 2008-02-22 20:33:00 +00:00
Todd C. Miller
48eee67e55 Only set std_prompt for the PAM_PROMPT_* cases. The conversation function 
may be called for non-password reading purposes so we must be careful
not to use def_prompt in cases where it may not be set.
 2008-02-22 20:19:34 +00:00
Todd C. Miller
1a347284ea Don't free the new tty context, we need to keep it around when we restore the tty context after the command completes 2008-02-20 17:00:40 +00:00
Todd C. Miller
361280501f s/newrole/sudo/ 2008-02-19 21:04:20 +00:00
Todd C. Miller
c2378eb4d1 Only put login_cap(3) in SEE ALSO section if we have login.conf support 2008-02-19 18:21:41 +00:00
Todd C. Miller
795a303ea1 regen 2008-02-18 16:05:20 +00:00
Todd C. Miller
b072179192 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
2b4e67ff8e Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
ef16f80a32 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
a228c72091 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
cf6bca4b07 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
7a1e2dfb59 Remove the =cut on the first line (above the copyright notice) to quiet 
pod2man.  Also remove the hackery in the FILES section and just deal
with the fact that there will a newline between each pathname.
 2008-02-18 15:42:43 +00:00
Todd C. Miller
07daaa3903 run sudo.man.pl when generating sudo.man.in 2008-02-17 13:19:49 +00:00
Todd C. Miller
279ee07ee0 comment out SELinux manual bits unless --with-selinux was specified 2008-02-17 13:11:38 +00:00
Todd C. Miller
229b231461 document role and type defaults for SELinux 2008-02-17 13:04:45 +00:00
Todd C. Miller
211be00ccb Document "sudo -ll" and make "sudo -l -l" be equivalent. 2008-02-17 01:26:23 +00:00
Todd C. Miller
506285209d Treat k*bsd*-gnu like Linux, not BSD. 
Fixes compilation problems on Debian GNU/kFreeBSD.
 2008-02-15 20:23:54 +00:00
Todd C. Miller
dd2c345be9 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of verify_krb_v5_tgt() 2008-02-13 22:17:14 +00:00
Todd C. Miller
04bb8f00fc Remove dependence on VALIDATE_NOT_OK in logging functions. 
Split log_auth() into log_allowed() and log_denial()
Replace mail_auth() with should_mail() and a call to send_mail()
 2008-02-13 12:28:37 +00:00
Todd C. Miller
4f5d9371a3 Add debugging so we can tell if the krb5 ccache is accessible 2008-02-10 23:06:19 +00:00
Todd C. Miller
ebae55854a mention --with-selinux 2008-02-10 22:34:40 +00:00
Todd C. Miller
9635907f29 regen 2008-02-09 14:48:21 +00:00
Todd C. Miller
cc47d67b4f add Sudo tag 2008-02-09 14:43:32 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
c7a2ef7a1e Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
3c7b76bb54 Unify the -l output for file and ldap based sudoers and use lbufs for both. 
The ldap output does not currently include options that cannot be represented
as tags.  This will be remedied in a long list output mode to come.
 2008-02-03 15:43:38 +00:00
Todd C. Miller
8e33f63484 Use a specific error message for errno == EAGAIN when setuid() et al fails. 
On Linux systems setuid() will fail with errno set to EAGAIN if changing
to the new uid would result in a resource limit violation.
 2008-01-27 21:37:54 +00:00
Todd C. Miller
72656eaf3b Unlimit nproc on Linux systems where calling the setuid() family 
of syscalls causes the nroc resource limit to be checked.  The
limits will be reset by pam_limits.so when PAM is used.  In the
non-PAM case the nproc limit will remain unlimited but there doesn't
seem to be a way around that other than having sudo parse
/etc/security/limits.conf directly.
 2008-01-27 21:34:41 +00:00
Todd C. Miller
801860b298 Only read /etc/environment on Linux and AIX 2008-01-27 21:31:27 +00:00
Todd C. Miller
f0dc1caa45 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent 
ldap.conf and ldap.secret paths from going into config.h.
Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
since in some versions of bash they will end up literally in the resulting
define.
 2008-01-23 11:33:27 +00:00
Todd C. Miller
cc346a5ecf mention --with-nsswitch=no 2008-01-21 18:22:51 +00:00
Todd C. Miller
48df9c481b ldap_ssl.h depends on ldap.h being included first 2008-01-21 16:43:10 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
870334373d sync 2008-01-21 15:04:40 +00:00
Todd C. Miller
40fb31c0a5 sync 2008-01-21 15:02:46 +00:00
Todd C. Miller
bc5772f798 regen 2008-01-21 15:01:37 +00:00