isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,239 Commits 1 Branch 0 Tags
1cc431c42fbeb6c46e3f3ba7c58c6aa15915c7cc
Commit Graph

4239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
e0c31eef17 Move license info to pod format 2007-07-22 23:09:38 +00:00
Todd C. Miller
5c6880f1ef Substitute value of path_info into sudoers man page. 2007-07-22 22:43:28 +00:00
Todd C. Miller
cd9aad660d remove features that were back-ported to 1.6.9 2007-07-22 20:40:12 +00:00
Todd C. Miller
5cd49e1e00 Sort SYNOPSIS and sync usage. From Igor Sobrado. 2007-07-22 19:20:42 +00:00
Todd C. Miller
c94a3d6245 Only need sudo_setenv/sudo_unsetenv if we are going to use 
ldap_sasl_interactive_bind_s() but don't have gss_krb5_ccache_name().
 2007-07-22 19:19:39 +00:00
Todd C. Miller
fd711b6297 rebuild without branch info 2007-07-22 12:23:47 +00:00
Todd C. Miller
8aa5ba7498 Add ChangeLog target 2007-07-22 12:23:33 +00:00
Todd C. Miller
42ac4fb2cf Run cleanup code if the user hits ^C at the password prompt. 2007-07-22 12:14:18 +00:00
Todd C. Miller
b166928bac Some versions of pam_lastlog have a bug that will cause a crash if 
PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
string.
 2007-07-22 12:13:07 +00:00
Todd C. Miller
24ada438f2 ChageLog not Changelog 2007-07-20 13:32:38 +00:00
Todd C. Miller
5f07885971 sync 2007-07-20 13:31:24 +00:00
Todd C. Miller
1bbac967ee CHANGE -> Changelog 2007-07-20 13:29:21 +00:00
Todd C. Miller
641f34e302 sync 2007-07-20 00:23:51 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
8f0f4743fd rebuild_env() and insert_env_vars() no longer return environment pointer, 
they set environ directly.

No longer need to pass around an envp pointer since we just operate
on environ now.

Add dosync argument to insert_env() that indicates whether it should
reset environ when realloc()ing env.envp.

Use an initial size of 128 for the environment.
 2007-07-18 16:57:31 +00:00
Todd C. Miller
8fa2eb187e Split sudo_setenv() into an external version and a version only for 
use by rebuild_env().
 2007-07-18 16:41:21 +00:00
Todd C. Miller
3a96b6de4f Add support for using gss_krb5_ccache_name() instead of setting 
KRB5CCNAME.  Also use sudo_unsetenv() in the non-gss_krb5_ccache_name()
case if there was no KRB5CCNAME in the original environment.
TODO: configure setup for gss_krb5_ccache_name()
 2007-07-16 23:40:54 +00:00
Todd C. Miller
320ab55d52 add krb5_ccname 2007-07-16 22:44:42 +00:00
Todd C. Miller
f5ad187edf Add support for sasl_secprops in ldap.conf 2007-07-16 22:44:07 +00:00
Todd C. Miller
436e3b631b Add sudo_unsetenv() and refactor private env syncing code into sync_env(). 2007-07-16 22:39:42 +00:00
Todd C. Miller
328a6b493b The ldap.conf variable is sasl_auth_id not sasl_authid. 2007-07-16 11:27:41 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
d1f6bdbcff Remove format_env() 
Add sudo_setenv() to replace most format_env() + insert_env() combinations.
insert_env() no longer takes a struct environment *
 2007-07-15 19:41:10 +00:00
Todd C. Miller
8cb8c55f94 Fix use_sasl vs. rootuse_sasl logic. 2007-07-15 16:47:53 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
38b2dd0a5f Only enable AIX or BSD auth if no other exclusive auth method has 
been chosen.  Allows people to e.g., use PAM on AIX without adding
--without-aixauth.  A better solution is needed to deal with default
authentication since if a non-exclusive method is chosen we will
still get an error.
 2007-07-14 20:32:11 +00:00
Todd C. Miller
39228bf9e7 Generate HISTORY from history.pod (which is also used for web pages) 2007-07-11 15:23:11 +00:00
Todd C. Miller
c0ffb8ce36 regen 2007-07-09 23:40:49 +00:00
Todd C. Miller
e8dc37d798 Better explanation of environment handling in the sudo man page. 2007-07-09 23:25:41 +00:00
Todd C. Miller
6462c1edd2 Defer setting user-specified env vars until after authentication. 2007-07-09 19:13:38 +00:00
Todd C. Miller
25b624ce5e honor def_default_path for PATH set on the command line 2007-07-09 17:25:45 +00:00
Todd C. Miller
87a95bb3a6 Allow user to set environment variables on the command line as long 
as they are allowed by env_keep and env_check.  Ie: apply the same
restrictions as normal environment variables.
TODO: deal with secure_path
 2007-07-09 17:22:55 +00:00
Todd C. Miller
5919eb1fa6 Call rebuild_env() in call cases. 
Pass original envp to sudo_edit().
Don't allow -E or env var setting in sudoedit mode.
More accurate usage() when called as sudoedit.
 2007-07-08 18:44:28 +00:00
Todd C. Miller
16166fc5e6 warn -> warning 2007-07-08 18:41:17 +00:00
Todd C. Miller
c94ee11b63 add -c option to sudoedit synopsis 2007-07-08 18:11:33 +00:00
Todd C. Miller
b7927b2b34 udpate to reality 2007-07-08 14:27:40 +00:00
Todd C. Miller
888540a7be Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return 
value from {user,host,runas,cmnd}_matches().
Rename *matches variables -> *match.
Purely cosmetic.
 2007-07-08 13:43:07 +00:00
Todd C. Miller
1e9030d951 Move setting of FLAG_NO_CHECK into the if(pwflag) block. 
No change in behavior.
 2007-07-08 13:30:07 +00:00
Todd C. Miller
b70cf25a35 add SETENV tag 2007-07-08 13:17:59 +00:00
Todd C. Miller
a26c783bea Make pwcheck local to the pwflag block. 
Use pwcheck even if user didn't match since Defaults options may still apply.
 2007-07-06 19:51:03 +00:00
Todd C. Miller
6f1a9c0bc9 Do not update timestamp if user not validated by sudoers. 2007-07-06 18:51:43 +00:00
Todd C. Miller
988f44a603 for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT 2007-07-06 14:14:12 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
af53e335a1 don't check timestamp mtime if we are just going to remove it 2007-07-06 13:49:41 +00:00
Todd C. Miller
95df3fa678 Move sudoers defaults parameters into their own section. 2007-07-06 13:33:47 +00:00
Todd C. Miller
45b311cfa8 Reduce a level of indent by a few placed continue statements. 2007-07-06 00:21:16 +00:00
Todd C. Miller
7f0bb4b1a8 Make matching but negated commands/hosts/runas entries override a 
previous match as expected.  Also reduce some levels of indent by
a few placed continue statements.
 2007-07-06 00:20:51 +00:00
Todd C. Miller
bdd5b43f75 Print default runas in "sudo -l" if sudoers don't specify one. 2007-07-05 20:34:00 +00:00
Todd C. Miller
6a8fb71154 Less hacky way of testing whether the domain was set. 2007-07-05 19:46:23 +00:00
Todd C. Miller
c21164d373 Mention pam-devel and openldap-devel for Linux 2007-07-04 19:50:56 +00:00