isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,911 Commits 1 Branch 0 Tags
1f3ea50afd89baf6c6557b42a3971e67bc838f6b
Commit Graph

209 Commits

Author SHA1 Message Date
Todd C. Miller
1fbb1819e7 Use sudo_printf for I/O log version 
Clarify policy plugin version string
 2010-06-10 14:24:06 -04:00
Todd C. Miller
eec336115a Move askpass path specification from sudoers to sudo.conf. 2010-06-09 17:40:44 -04:00
Todd C. Miller
bcaf51ce62 Fix setting selinux type on command line. 2010-06-08 17:10:27 -04:00
Todd C. Miller
afa3589d52 For sudoedit, make a local copy of editor string si become part of 
argv.  If no editor environment variable, split def_editor on ':'
since it may be a colon-delimited path.
 2010-06-04 12:17:19 -04:00
Todd C. Miller
2ee7524101 Add casts to quiet compiler warnings. 2010-06-01 09:54:03 -04:00
Todd C. Miller
2dd29bf64d Break sudoers transcript feature up into log_input and log_output. 2010-05-30 10:31:38 -04:00
Todd C. Miller
b6f02f38c0 Make sudoers_io functions static to iolog.c 2010-05-29 10:43:34 -04:00
Todd C. Miller
e952c8c7ff Eliminate unused variables 2010-05-28 13:21:56 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
34e1a06767 Use sudo_printf to display verbose version information. 2010-05-28 12:01:06 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
27be96c9cd Add open/close session to sudo auth, only used by PAM. 
This allows us to open (and close) the PAM session from sudoers.
 2010-05-26 17:57:47 -04:00
Todd C. Miller
4695dd1b70 Re-enable PATH_MAX check for command 2010-05-26 16:33:35 -04:00
Todd C. Miller
45923111e0 Repair "sudo -l -U username" 2010-05-25 14:21:21 -04:00
Todd C. Miller
937b5f166d Set selinux role and type in command details. 2010-05-25 13:58:16 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
60e0e496ef If running a command or sudoedit in transcript mode, call io_nextid() 
before log_allowed() so the session id is logged.
 2010-05-24 14:30:54 -04:00
Todd C. Miller
529bfcf674 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does 
(it is used when logging).  Note that user_ttypath will still be
NULL if there is no tty.
 2010-05-21 12:19:55 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
d5bfd148d6 Make find_path() a little more generic by not checking def_foo 
variables inside it.  Instead, pass in ignore_dot as a function
argument.
 2010-05-13 10:27:03 -04:00
Todd C. Miller
1487026b03 Call env_init() before we open the sudoers sources as those may 
call our setenv() replacement.
 2010-05-12 08:32:12 -04:00
Todd C. Miller
782f494003 Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. 
NOTE: stdin logging does not currently work and is disabled for now.
 2010-05-05 07:29:28 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
f42cf76d8a Re-enable bsm audit. Currently auditing is done within the sudoers 
plugin itself.  If possible, this should really be done in the main
driver but we don't presently have the needed data to do that.  This
will be re-evaluated when Linux audit support is added.
 2010-04-30 12:01:15 -04:00
Todd C. Miller
b0b6b4cf54 Add back calls to log_denial() if sudoers does not allow the command. 2010-04-26 22:10:34 -04:00
Todd C. Miller
e1a9e5aec0 Pass in correct pwflag for list and validate. 2010-04-26 21:53:59 -04:00
Todd C. Miller
1abb3b7f57 Only set sudo_user.env_vars if the env_add list is empty. 2010-04-26 21:28:58 -04:00
Todd C. Miller
90f8bf3482 Set sudo_user.env_vars so that environment variables specified on 
the command line get logged correctly.
 2010-04-26 20:41:28 -04:00
Todd C. Miller
b041c91caf Re-enable environment files and setting environment variables on the 
command line.
 2010-04-26 17:14:11 -04:00
Todd C. Miller
05ae3ea6cb Convert to ANSI C function declarations 2010-04-22 18:09:53 -04:00
Todd C. Miller
1bb9f62143 Convert perm setting to push/pop model; still needs some work 
Use the stashed runas groups instead of using getgrouplist()
Reset perms to the initial value on error
 2010-04-20 17:00:31 -04:00
Todd C. Miller
0df204052f Remove remaining references to the environ pointer. 2010-04-17 13:26:03 -04:00
Todd C. Miller
9f0b8f7aae Fix typo 2010-04-15 06:29:31 -04:00
Todd C. Miller
6aecf3fb15 Main sudo no longer print "unable to execute" on exec failure so do it here. 2010-04-14 05:51:11 -04:00
Todd C. Miller
f321a85815 Don't override rval with results of check_user() unless it failed. 2010-04-13 05:53:03 -04:00
Todd C. Miller
744eae82e7 Primitive set/restore permissions. Will be replaced by a push/pop 
model.
 2010-04-10 10:34:37 -04:00
Todd C. Miller
3242c1091d Free str after using it in the version method. Use sudo_conv, not 
io_conv since we don't have the IO conversation function pointer
in the I/O version method anymore now that io_open is delayed.
 2010-04-04 08:40:23 -04:00
Todd C. Miller
44341c9c15 Main sudo should not block signals; the plugin should do this in 
check_policy.
 2010-04-01 06:35:19 -04:00
Todd C. Miller
05e8023e78 Add back io logging (transcript) support. Currently, the open function 
runs too early and it is not possible to use the io module independently
of the policy module.
 2010-03-27 20:19:40 -04:00
Todd C. Miller
eae881b5aa Fix off by one error when allocating user_groups. 2010-03-23 05:21:38 -04:00
Todd C. Miller
e12858ee90 Fix typo in preserve groups case 2010-03-22 19:39:02 -04:00
Todd C. Miller
fc63d106f8 In command_info it is "runas_groups" not "groups". 2010-03-22 19:27:02 -04:00
Todd C. Miller
a72669d8a6 Set preserve_groups or groups list in command_info 2010-03-22 08:28:11 -04:00
Todd C. Miller
0ea44bcba1 Check preserve_groups and ignore_ticket args with atobool instead 
of assuming they are true if present.
 2010-03-22 08:09:50 -04:00
Todd C. Miller
6b180d24da Fix the -s and -i flags and add support for the "implied_shell" 
option.  If the user does not specify a command, sudo will now pass
in the path to the user's shell and set impied_shell=true.  The
plugin can them either check the command normally or return -2 to
cause sudo to print a usage message and exit.
 2010-03-21 08:54:06 -04:00
Todd C. Miller
eec5235d19 Rewrite compat/getprogname.c and add setprogname(). 
The progname is now passed to the plugin via the settings array.
 2010-03-19 07:52:31 -04:00
Todd C. Miller
b4f4afdf69 Pass in output function to lbuf_init() instead of writing to stdout. 
A side effect is that the usage info can now go to stderr as it should.
 2010-03-18 06:42:17 -04:00
Todd C. Miller
038ec569de Use number of tty columns that is passed in user_info instead of 
getting it directly in the lbuf code.
 2010-03-17 21:25:32 -04:00