isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,239 Commits 1 Branch 0 Tags
1cc431c42fbeb6c46e3f3ba7c58c6aa15915c7cc
Commit Graph

4239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
e238133159 use ldap_search_ext_s instead of deprecated ldap_search_s 2008-01-02 16:05:50 +00:00
Todd C. Miller
915fc493cf add sudo_nss.h to HDRS 2008-01-02 15:09:20 +00:00
Todd C. Miller
5173bbb95d Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() 
and ldap_rdn2str().
 2008-01-02 00:04:50 +00:00
Todd C. Miller
8a2db8bd08 Use ldap_get_values_len()/ldap_value_free_len() instead of the 
deprecated ldap_get_values()/ldap_value_free().
 2008-01-01 23:37:51 +00:00
Todd C. Miller
6771b36175 sync 2008-01-01 22:08:53 +00:00
Todd C. Miller
f738ef46fa sync 2008-01-01 22:07:16 +00:00
Todd C. Miller
5a6ad03e59 Remove some already fixed XXXs 2008-01-01 22:06:33 +00:00
Todd C. Miller
aa562c8f69 Same return value as non-existent sudoers if LDAP was unable to connect. 2008-01-01 22:03:54 +00:00
Todd C. Miller
ab14071ec9 mention /etc/environment 2008-01-01 21:52:45 +00:00
Todd C. Miller
685d9d2dab Update to reflect recent developments. 2008-01-01 21:43:26 +00:00
Todd C. Miller
156c949750 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. 2008-01-01 21:42:28 +00:00
Todd C. Miller
a7fb2f3e36 When building up a query don't list groups in the aux group vector 
that are the same as the passwd file group.  On most systems the
first gid in the group vector is the same as the passwd entry gid.
 2008-01-01 21:25:23 +00:00
Todd C. Miller
cd30e84743 Define LDAPNOINIT before calling ldap_init(), etc. to disable user 
ldaprc and system defaults that could affect how LDAP works.
 2008-01-01 19:01:42 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
d2de8d5fed Honor def_ignore_local_sudoers 2008-01-01 18:12:00 +00:00
Todd C. Miller
d6e9445a6a no longer need to check def_ignore_local_sudoers here 2007-12-31 21:44:46 +00:00
Todd C. Miller
4d8f37f4bd Refactor group vector resetting into a function and also call it 
from display_cmnd.
Stop after the first sucessful match in display_cmnd.
Print a newline between each display_privs method.
 2007-12-31 21:36:53 +00:00
Todd C. Miller
36b221af26 fix double free introduced in rev 1.218 2007-12-31 21:23:46 +00:00
Todd C. Miller
b289130680 belt and suspenders; zero out result after freeing it 2007-12-31 21:10:49 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
09439030f6 make it clear that the global options are from LDAP 2007-12-31 19:24:10 +00:00
Todd C. Miller
e6d707b2d3 allocate proper amount of space for error string 2007-12-31 19:13:06 +00:00
Todd C. Miller
de3bb58929 actual sudo nss code 2007-12-31 15:24:57 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
1a69e42d95 include limits.h 2007-12-21 21:20:30 +00:00
Todd C. Miller
12b86ef41b reword LDAP SASL 2007-12-20 15:02:51 +00:00
Todd C. Miller
d7090332e5 sync 2007-12-19 21:40:47 +00:00
Todd C. Miller
e60093477e Add an example sudoRole, clarify netscape vs. openldap a bit more 2007-12-19 21:39:00 +00:00
Todd C. Miller
9dc049ccf4 Be clear on what is OpenLDAP vs. Netscape-derived 2007-12-19 19:42:16 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
f60e1d3cb7 fix compilation on solaris 2007-12-19 19:25:10 +00:00
Todd C. Miller
9ed999b7a5 add missing .h and .c files for missing lib objs 2007-12-19 19:23:07 +00:00
Todd C. Miller
dbe2b9e4f3 fix LDAP_OPT_NETWORK_TIMEOUT setting 2007-12-18 14:54:45 +00:00
Todd C. Miller
3be9fcbedb fix compilation on Solaris 2007-12-18 01:10:10 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
6aa8308750 try to clear up which variables are for OpenLDAP and which are for netscape-derived SDKs 2007-12-17 13:08:29 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
ed88a812ec ld -> ldap_conn 2007-12-17 01:02:44 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
c5b5f0cfd7 Distinguish between LDAP conf settings that are connection-specific 
(which take an ld pointer) and those that are default settings (which do not).
 2007-12-16 19:08:05 +00:00
Todd C. Miller
06e6097a49 Improved warnings on error. 2007-12-14 21:46:31 +00:00
Todd C. Miller
7c1889af15 Make ldap config table driven and set the config *after* we open the 
connection.
 2007-12-14 20:59:17 +00:00
Todd C. Miller
6acbe17288 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define 2007-12-13 21:41:58 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00