isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,911 Commits 1 Branch 0 Tags
1f3ea50afd89baf6c6557b42a3971e67bc838f6b
Commit Graph

1090 Commits

Author SHA1 Message Date
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
8c867be419 Do not try to install plugins when shared modules are disabled 
(sudoers already had the check).
 2013-08-01 10:51:46 -06:00
Todd C. Miller
d882303b88 Update dependencies to take into account compat/getopt.h and 
compat/dlfcn.h.
 2013-08-01 10:51:06 -06:00
Todd C. Miller
62da46a9cb Add some warnings and debugging to sasl ccname handling. 2013-07-31 15:20:14 -06:00
Todd C. Miller
c0c782ae14 Fix write loop invariant in sudo_krb5_copy_cc_file() 2013-07-31 15:03:46 -06:00
Todd C. Miller
09e752274e Strip off leading FILE: or WRFILE: prefix before trying to copy 
the user's credential cache.
 2013-07-30 15:37:04 -06:00
Todd C. Miller
b1c8f0575b Now that the ldap code runs with the real and effective uid set to 
0, it is not possible for the gssapi libs to find the user's krb5
credential cache file.  To work around this, we make a temporary
copy of the user's credential cache specified by KRB5CCNAME (opened
with the user's effective uid) and point gssapi to it.  To set the
credential cache file name, we dynamically look up gss_krb5_ccache_name()
and use it if available, otherwise fall back to setting KRB5CCNAME.
 2013-07-28 17:06:43 -06:00
Todd C. Miller
39575aecf2 Long option support for visudo and sudoreplay. 2013-07-19 09:42:25 -06:00
Todd C. Miller
e53e80187d Sync with translationproject.org 2013-07-16 07:32:57 -06:00
Todd C. Miller
6dff70db03 Go back to ignoring the return value of pam_setcred() since with 
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another.  If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2013-07-11 17:50:03 -04:00
Todd C. Miller
4d6cb6efff Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). 
From Dan Harnett.
 2013-07-09 10:35:26 -06:00
Todd C. Miller
ab61c02546 Replace sequence number-based cycle detection in visudo with a 
"used" flag in struct alias.  The caller is required to call
alias_put() when it is done with the alias.  Inspired by a patch
from Daniel Kopecek.
 2013-05-22 11:32:08 -04:00
Todd C. Miller
8a57f129ac Eliminate a few relocations related to sudoers_io. 2013-05-20 11:06:13 -04:00
Todd C. Miller
32a29d596d Sync with translationproject.org 2013-05-20 10:20:04 -04:00
Todd C. Miller
1e5e5fb440 No longer store the ctime of a devpts tty. The handling of ctime 
on devpts in Linux has been changed to conform to POSIX.  As a
result we can no longer assume that the ctime will stay unchanged
throughout the life of the session.  We store the session ID in the
time stamp file so there is a much smaller chance of the time stamp
file being reused by a new login.  While here, store the uid/gid
in the timestamp file too for good measure.
 2013-05-03 16:14:12 -04:00
Todd C. Miller
f6e8fb8b1c Quiet a few -Wunused-result compiler warnings. 2013-05-01 11:02:09 -04:00
Todd C. Miller
a971ac4233 Sync with translationproject.org 2013-04-29 14:04:51 -04:00
Todd C. Miller
8aaea60a79 regen 2013-04-29 14:02:23 -04:00
Todd C. Miller
368a6558ca Change some error/errorx -> fatal/fatalx in comments and xgettext 
flags.
 2013-04-26 16:06:05 -04:00
Todd C. Miller
e17e4c951a Updated translations from translationproject.org including new 
Turkish translation.
 2013-04-26 09:16:22 -04:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
a40de4135e Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use 
SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
debug file with the ldap subsystem.
The sudoers_debug setting in ldap.conf is still honored for now but
will be removed in a future release.
 2013-04-25 10:12:42 -04:00
Todd C. Miller
8248fb3299 Add support for converting sudoers files with SHA-2 command digests. 2013-04-24 16:02:20 -04:00
Todd C. Miller
e05d2732aa Add copyright notice to scripts 2013-04-24 15:47:39 -04:00
Todd C. Miller
5a7e54d375 Add regress for SHA-2 digests. 2013-04-24 15:38:03 -04:00
Todd C. Miller
50bdd5f131 Clear up an llvm checker warning which appears to be a false positive 
and fix an old XXX while I'm at it.
 2013-04-24 11:55:21 -04:00
Todd C. Miller
8ca50e13b7 No need to translate this error message. 2013-04-24 11:11:21 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
7b4f990d1d Systrace support was removed long ago. 2013-04-24 09:17:11 -04:00
Todd C. Miller
2923a6652b Remove some files that were mistakenly added. 2013-04-23 16:37:52 -04:00
Todd C. Miller
95b50f84af Use time(&now) instead of now = time(NULL) when storing the current 
time in a time_t (better compiler error checking).
Better parsing and printing of 64-bit time_t on 32-bit platforms.
 2013-04-23 13:15:22 -04:00
Todd C. Miller
5337da144b Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an 
error if the entry already exists in the cache.
 2013-04-19 14:48:23 -04:00
Todd C. Miller
d913fe69c2 Change "foo: failed" to just "foo" since we print the string form 
of errno.  Gets rids of some useless translations.
 2013-04-19 09:55:48 -04:00
Todd C. Miller
40772f5aa7 Fix pasto in debug_decl 2013-04-18 15:05:23 -04:00
Todd C. Miller
71f9fe33dc regen 2013-04-18 14:14:28 -04:00
Todd C. Miller
1162b55040 Rename log_error() -> log_warning() for consistency with warning()/fatal() 2013-04-18 14:14:03 -04:00
Todd C. Miller
2c3a4e0354 The NO_EXIT flag was removed a while ago. 2013-04-18 14:13:05 -04:00
Todd C. Miller
39acd2fcba Rename error/errorx -> fatal/fatalx and remove the exit value as 
it was always 1.
 2013-04-18 14:07:59 -04:00
Todd C. Miller
fbcff81cdc Print test failures to stdout like the final count so the outputis 
not displayed out of order.
 2013-04-18 10:44:06 -04:00
Todd C. Miller
904428dd54 Sync with translationproject.org 2013-04-18 09:41:11 -04:00
Todd C. Miller
e8cd84c35a regen 2013-04-17 15:55:17 -04:00
Todd C. Miller
e91e30b4b2 Simple bas64 decode unit test. 2013-04-17 12:54:33 -04:00
Todd C. Miller
9c1ee1fe73 Move base64_decode into its own source file. 2013-04-17 09:32:27 -04:00
Todd C. Miller
d32cb3d659 Only check year against 2038 if time_t is 32-bit. 2013-04-17 09:31:26 -04:00
Todd C. Miller
cc3c76b85d Add digest support for sudoers in ldap and sss. 2013-04-16 16:03:37 -04:00
Todd C. Miller
26a256260d Include stdint.h or inttypes.h before sha2.h 2013-04-16 12:16:41 -04:00
Todd C. Miller
6c737f043f Zero out struct iolog_details early to avoid a potential (though 
unlikely) dereference of stack garbage if we hit a fatal error
before iolog_deserialize_info() is called.
 2013-04-16 11:06:55 -04:00
Todd C. Miller
b0df32a771 Bump SUDOERS_GRAMMAR_VERSION for new digest support. 2013-04-15 15:14:07 -04:00
Todd C. Miller
e715841fc2 Sanity check digest in parser so visudo can catch errors. 
Add base64 support
 2013-04-15 15:12:00 -04:00
Todd C. Miller
89759fa36c For big endian architectures just use memcpy() instead of BE macros 
in a loop.
 2013-04-15 11:05:52 -04:00