isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,440 Commits 1 Branch 0 Tags
1e43242b33829419d23136d92f99296b37a57d0c
Commit Graph

6440 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ca0d9c4be9 Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. 2012-03-13 17:38:03 -04:00
Todd C. Miller
7e11069932 Use sudo_hook_fn_t in struct sudo_hook. 2012-03-13 17:32:50 -04:00
Todd C. Miller
779b6c8e0d If cross compiling, --host must include the OS in the tuple. 
E.g. --host powerpc-unknown-linux
 2012-03-13 11:01:23 -04:00
Todd C. Miller
d539c606e0 Fix bogus int -> bool conversion; tags can have a value of -1. 2012-03-12 19:34:19 -04:00
Todd C. Miller
19fc56462d Add env_should_keep() and env_should_delete() wrapper functions to 
simplify things a bit and hide the fact that matches_env_check()
is not bool.
 2012-03-12 16:45:22 -04:00
Todd C. Miller
fa99904b20 Fix application of debian-specific sudoers mods when building packages 
as non-root.
 2012-03-12 15:04:03 -04:00
Todd C. Miller
749784ea5b matches_env_check() returns int, not boolean 2012-03-12 13:53:54 -04:00
Todd C. Miller
dc727ff6d4 Fix compilation when seteuid() is not available. 2012-03-12 13:52:51 -04:00
Todd C. Miller
4bd136e11a Simply move the free of ki_proc outside the realloc() loop. 2012-03-12 11:37:33 -04:00
Todd C. Miller
1ca5009563 Bring back the erealloc() for the ENOMEM loop and just zero the 
pointer after we free it.
 2012-03-12 10:49:26 -04:00
Todd C. Miller
9052833f76 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik 2012-03-12 08:54:40 -04:00
Todd C. Miller
1e8f5d4aa4 Use normal error path if unable to set sudoers gid. 2012-03-10 16:38:14 -05:00
Todd C. Miller
7971a5e499 Make this work again on systems w/o seteuid(). 2012-03-10 15:29:46 -05:00
Todd C. Miller
9c2dd5eec6 Fix compilation if no seteuid/setreuid/setresuid available. 2012-03-09 17:28:59 -05:00
Todd C. Miller
b49bb17c3e Better error messages, and added debugging throughout. 
Fixed seteuid() version of set_perms()/restore_perms().
Fixed logic bug in AIX version of restore_perms().
Added checks to avoid changing uid/gid when we don't have to.
Never set gid/uid state to -1, use the old value instead.
 2012-03-09 17:07:41 -05:00
Todd C. Miller
f745a041e2 Fix format string warning on Solaris with gcc 3.4.3. 2012-03-09 12:45:24 -05:00
Todd C. Miller
4d1752d4d1 Always declare environ now that we swap it around unilaterally. 2012-03-09 12:42:30 -05:00
Todd C. Miller
b455bccc5e Honor LDFLAGS when linking sesh; from Vita Cizek 2012-03-09 10:07:00 -05:00
Todd C. Miller
f5f3d4cf3f Include alloc.h for estrdup() prototype; from Vita Cizek 2012-03-09 10:06:27 -05:00
Todd C. Miller
08c6c776c9 Don't read /etc/environment on Linux when using PAM, PAM should set 
the environment variables as needed via pam_env.
 2012-03-08 14:51:03 -05:00
Todd C. Miller
d4259ef2ca Fix editor goof. 2012-03-08 13:19:39 -05:00
Todd C. Miller
20a7633a3f Disable environment hooks after we get user_env back to make sure 
a plugin can't to modify user_env after we "own" it.  This is kind
of a hack but we don't want the init_session plugin function to
modify user_env.
 2012-03-08 11:30:21 -05:00
Todd C. Miller
9b58120c36 Add support for deregistering hooks. If an I/O log plugin fails 
to initialize, deregister its hooks (if any).
 2012-03-08 11:29:32 -05:00
Todd C. Miller
d4a3a5d8b9 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we 
hook setenv.
 2012-03-07 16:38:57 -05:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
1504256134 Add Vietnamese sudo translation from translationproject.org 2012-03-05 09:42:52 -05:00
Todd C. Miller
bfb6f79105 List sudo_noexec.so not noexec.so in the sample sudo.conf 2012-03-02 11:15:40 -05:00
Todd C. Miller
a16dee915b Add support for plugin args at the end of a Plugin line in sudo.conf. 
Bump the minor number accordingly and update the documentation.  A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
 2012-03-02 11:04:09 -05:00
Todd C. Miller
c623857fc9 update depends 2012-03-01 13:19:30 -05:00
Todd C. Miller
c7635121d8 secure_path.c is in common, not compat 2012-03-01 13:05:43 -05:00
Todd C. Miller
06e390a566 Add check for variadic macro support in cpp. 2012-03-01 13:05:03 -05:00
Todd C. Miller
8d05f0d1b0 Add type param to sudo_secure_path() and add sudo_secure_file() 
and sudo_secure_dir() wrappers which get by #includedir in sudoers.
 2012-02-29 15:50:48 -05:00
Todd C. Miller
35280a8437 Check the owner and mode in -c (check) mode unless the -f option 
is specified.  Previously, the owner and mode were checked on the
main sudoers file when the -s (strict) option was given, but this
was not documented.
 2012-02-28 14:16:39 -05:00
Todd C. Miller
966fa83a9a Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions 
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 2012-02-28 10:33:16 -05:00
Todd C. Miller
5fe6e4993d Add Eric Lakin for patch in bug #538 2012-02-27 16:39:27 -05:00
Todd C. Miller
6a37b4bf73 Fix typo in safe_close() made while converting to debug framework 
that prevented it from actually closing anything.
 2012-02-27 14:46:11 -05:00
Todd C. Miller
cc97c2e75c Add some more debugging. 2012-02-27 14:42:22 -05:00
Todd C. Miller
28db1fbbed We need sysconfdir in compat/Makfile to get the proper sudo.conf 
path.  Add standard prefix and foodir expansion in all Makefiles
to avoid this problem in the future.
 2012-02-27 13:28:15 -05:00
Todd C. Miller
5c970b2179 New Lithuanian sudoers translation from translationproject.org 2012-02-25 13:42:26 -05:00
Todd C. Miller
5802083375 Update from translationproject.org 2012-02-25 13:40:32 -05:00
Todd C. Miller
4f9da8fdaa When adding gids to the LDAP filter, only add the primary gid once. 
This is consistent with the space computation/allocation.
From Eric Lakin
 2012-02-24 15:17:48 -05:00
Todd C. Miller
5a941fb41c Add entry for AIX enhanced RBAC config. 2012-02-24 14:32:57 -05:00
Todd C. Miller
640c229b57 Target Mac OS X 10.5 when building packages. 2012-02-24 13:40:39 -05:00
Todd C. Miller
415454ff59 Relax the user/group/mode checks on sudoers files. As long as the 
file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK.  Note that visudo will still
set the mode to the value specified at configure time.
 2012-02-22 13:04:03 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
6fb0090db9 Fix the description of noexec. 2012-02-21 05:15:48 -05:00
Todd C. Miller
f6fdc909b4 The "op" parameter to set_default() must be int, not bool since it is 
set to '+' or '-' for list add and subtract.
 2012-02-21 05:13:13 -05:00
Todd C. Miller
0370e129ff Make sure sudoers is writable before calling ed script. 2012-02-21 04:54:08 -05:00
Todd C. Miller
f38afb532d Update contributors. Now includes translators and authors of compat 
code.
 2012-02-17 11:30:42 -05:00