isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,826 Commits 1 Branch 0 Tags
1f30bd42488516f4431cb7c8bd6ebfa0928369cc
Commit Graph

3826 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
8f0f4743fd rebuild_env() and insert_env_vars() no longer return environment pointer, 
they set environ directly.

No longer need to pass around an envp pointer since we just operate
on environ now.

Add dosync argument to insert_env() that indicates whether it should
reset environ when realloc()ing env.envp.

Use an initial size of 128 for the environment.
 2007-07-18 16:57:31 +00:00
Todd C. Miller
8fa2eb187e Split sudo_setenv() into an external version and a version only for 
use by rebuild_env().
 2007-07-18 16:41:21 +00:00
Todd C. Miller
3a96b6de4f Add support for using gss_krb5_ccache_name() instead of setting 
KRB5CCNAME.  Also use sudo_unsetenv() in the non-gss_krb5_ccache_name()
case if there was no KRB5CCNAME in the original environment.
TODO: configure setup for gss_krb5_ccache_name()
 2007-07-16 23:40:54 +00:00
Todd C. Miller
320ab55d52 add krb5_ccname 2007-07-16 22:44:42 +00:00
Todd C. Miller
f5ad187edf Add support for sasl_secprops in ldap.conf 2007-07-16 22:44:07 +00:00
Todd C. Miller
436e3b631b Add sudo_unsetenv() and refactor private env syncing code into sync_env(). 2007-07-16 22:39:42 +00:00
Todd C. Miller
328a6b493b The ldap.conf variable is sasl_auth_id not sasl_authid. 2007-07-16 11:27:41 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
d1f6bdbcff Remove format_env() 
Add sudo_setenv() to replace most format_env() + insert_env() combinations.
insert_env() no longer takes a struct environment *
 2007-07-15 19:41:10 +00:00
Todd C. Miller
8cb8c55f94 Fix use_sasl vs. rootuse_sasl logic. 2007-07-15 16:47:53 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
38b2dd0a5f Only enable AIX or BSD auth if no other exclusive auth method has 
been chosen.  Allows people to e.g., use PAM on AIX without adding
--without-aixauth.  A better solution is needed to deal with default
authentication since if a non-exclusive method is chosen we will
still get an error.
 2007-07-14 20:32:11 +00:00
Todd C. Miller
39228bf9e7 Generate HISTORY from history.pod (which is also used for web pages) 2007-07-11 15:23:11 +00:00
Todd C. Miller
c0ffb8ce36 regen 2007-07-09 23:40:49 +00:00
Todd C. Miller
e8dc37d798 Better explanation of environment handling in the sudo man page. 2007-07-09 23:25:41 +00:00
Todd C. Miller
6462c1edd2 Defer setting user-specified env vars until after authentication. 2007-07-09 19:13:38 +00:00
Todd C. Miller
25b624ce5e honor def_default_path for PATH set on the command line 2007-07-09 17:25:45 +00:00
Todd C. Miller
87a95bb3a6 Allow user to set environment variables on the command line as long 
as they are allowed by env_keep and env_check.  Ie: apply the same
restrictions as normal environment variables.
TODO: deal with secure_path
 2007-07-09 17:22:55 +00:00
Todd C. Miller
5919eb1fa6 Call rebuild_env() in call cases. 
Pass original envp to sudo_edit().
Don't allow -E or env var setting in sudoedit mode.
More accurate usage() when called as sudoedit.
 2007-07-08 18:44:28 +00:00
Todd C. Miller
16166fc5e6 warn -> warning 2007-07-08 18:41:17 +00:00
Todd C. Miller
c94ee11b63 add -c option to sudoedit synopsis 2007-07-08 18:11:33 +00:00
Todd C. Miller
b7927b2b34 udpate to reality 2007-07-08 14:27:40 +00:00
Todd C. Miller
888540a7be Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return 
value from {user,host,runas,cmnd}_matches().
Rename *matches variables -> *match.
Purely cosmetic.
 2007-07-08 13:43:07 +00:00
Todd C. Miller
1e9030d951 Move setting of FLAG_NO_CHECK into the if(pwflag) block. 
No change in behavior.
 2007-07-08 13:30:07 +00:00
Todd C. Miller
b70cf25a35 add SETENV tag 2007-07-08 13:17:59 +00:00
Todd C. Miller
a26c783bea Make pwcheck local to the pwflag block. 
Use pwcheck even if user didn't match since Defaults options may still apply.
 2007-07-06 19:51:03 +00:00
Todd C. Miller
6f1a9c0bc9 Do not update timestamp if user not validated by sudoers. 2007-07-06 18:51:43 +00:00
Todd C. Miller
988f44a603 for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT 2007-07-06 14:14:12 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
af53e335a1 don't check timestamp mtime if we are just going to remove it 2007-07-06 13:49:41 +00:00
Todd C. Miller
95df3fa678 Move sudoers defaults parameters into their own section. 2007-07-06 13:33:47 +00:00
Todd C. Miller
45b311cfa8 Reduce a level of indent by a few placed continue statements. 2007-07-06 00:21:16 +00:00
Todd C. Miller
7f0bb4b1a8 Make matching but negated commands/hosts/runas entries override a 
previous match as expected.  Also reduce some levels of indent by
a few placed continue statements.
 2007-07-06 00:20:51 +00:00
Todd C. Miller
bdd5b43f75 Print default runas in "sudo -l" if sudoers don't specify one. 2007-07-05 20:34:00 +00:00
Todd C. Miller
6a8fb71154 Less hacky way of testing whether the domain was set. 2007-07-05 19:46:23 +00:00
Todd C. Miller
c21164d373 Mention pam-devel and openldap-devel for Linux 2007-07-04 19:50:56 +00:00
Todd C. Miller
e5bb0bb970 or vs. are 2007-07-03 23:38:15 +00:00
Todd C. Miller
3d321157a3 fix typo in Solaris project support 2007-07-01 20:55:14 +00:00
Todd C. Miller
3c6c4677b2 update 2007-07-01 13:40:15 +00:00
Todd C. Miller
49b66be51e Make -- on the command line match the manual page. 
The implied shell case has been simplified as a result.
 2007-07-01 13:07:06 +00:00
Todd C. Miller
ad86ccfb19 add simplistic support for sudoRunas; note that if a sudoers entry contains multiple Runas users, all will apply to the sudoRole 2007-06-28 14:44:05 +00:00
Todd C. Miller
888a6d2e49 honor SETENV and NOSETENV tags 2007-06-28 14:42:43 +00:00
Todd C. Miller
9f49d28eaf Redo setting of user_args. We now build up a private copy of argv 
first and then replace the NULs with spaces.
 2007-06-24 13:25:01 +00:00
Todd C. Miller
a83e28b250 getcwd() returns NULL on failure, not 0 on success 2007-06-24 13:19:29 +00:00
Todd C. Miller
2d76de6cdc allow chunksiz to reach 1 before erroring out 2007-06-24 11:39:16 +00:00
Todd C. Miller
b3b905ba5e regen 2007-06-24 00:00:41 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
459c4bcd3a replace Aaron's email address with the sudo-workers list 2007-06-23 23:57:29 +00:00
Todd C. Miller
0d4fe735aa regen 2007-06-23 23:55:55 +00:00