isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,694 Commits 1 Branch 0 Tags
24a087709abb8375b79b17d45b6a4cbdb72bbeec
Commit Graph

497 Commits

Author SHA1 Message Date
Todd C. Miller
24a087709a Only check gid of sudoers file if it is group-readable. 2011-05-16 12:19:07 -04:00
Todd C. Miller
7708d5ce84 For AIX, keep calling authenticate() until reenter reaches 0. 2011-05-16 12:17:49 -04:00
Todd C. Miller
96b7c1f0f4 Add initial scaffolding to support localization via gettext() 2011-05-04 15:26:31 -04:00
Todd C. Miller
4dd3440cb6 Split ALL, ROLE and TYPE into their own actions. Since you can 
only have #ifdefs inside of braces, ROLE and TYPE use a naughty
goto in the non-SELinux case.  This is safe because the actions are
in one big switch() statement.
 2011-04-29 16:05:50 -04:00
Todd C. Miller
189817a313 Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. 2011-04-29 11:22:49 -04:00
Todd C. Miller
435d8413b5 Fix SIA support; we no longer have access to the real argc and argv 
so allocate space for a fake one and use the argv passed to the
plugin with "sudo" for argv[0].
 2011-04-26 09:51:34 -04:00
Todd C. Miller
7c35601cf3 Be explicit when setting euid to 0 before call to setreuid(0, 0) 2011-04-23 06:13:48 -04:00
Todd C. Miller
b08ad6083b Work around weird AIX saved uid semantics on setuid() and setreuid(). 
On AIX, setuid() will only set the saved uid if the euid is already 0.
 2011-04-15 12:30:08 -04:00
Todd C. Miller
c6ad6d29e5 Treat a missing includedir like an empty one and do not return an error. 2011-04-14 14:27:11 -04:00
Todd C. Miller
b00cf92eff Remove extraneous parens in LDAP filter when sudoers_search_filter 
is enabled that causes a search error.  From Matthew Thomas.
 2011-04-12 11:48:04 -04:00
Todd C. Miller
2af2174092 Correct sizeof() to fix test failure. 2011-04-11 11:41:38 -04:00
Todd C. Miller
365bd63e6c "install" target should depend on "install-dirs". 
Fixes "make -j" problem and closes bz #487.  From Chris Coleman.
 2011-04-11 08:27:59 -04:00
Todd C. Miller
233d90f2c3 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also 
has this.  Adapted from a patch from Diego Elio Petteno
 2011-04-06 10:08:57 -04:00
Todd C. Miller
f6ffc8adf3 Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ 
directly.
 2011-04-06 10:06:51 -04:00
Todd C. Miller
89cd8c2ff1 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that 
now include LDFLAGS in the sudoers Makefile.in.
Add missing settng of @LDFLAGS@ in plugin Makefile.in files.
 2011-04-06 07:01:17 -04:00
Todd C. Miller
f1078bd28e Keep track of sudoers grammar version and report it in the -V output. 2011-04-05 11:47:31 -04:00
Todd C. Miller
b9d15e8256 Add multiple inclusion guard 2011-04-05 11:42:53 -04:00
Todd C. Miller
021e2a94b9 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as LDFLAGS. 
Remove old -static hack for HP-UX < 9.
Add LTLDFLAGS and set it to -Wc,-static-libgcc if not using GNU ld so we
    don't have a dependency on the shared libgcc in sudoers.so.
 2011-04-05 09:42:59 -04:00
Todd C. Miller
3ffb649863 In dump-only mode, use "root" as the default username instead of 
"nobody" as the latter may not be available on all systems.
 2011-04-01 13:54:30 -04:00
Todd C. Miller
129ccecd3d Remove NewArgv/NewArgc, they are no longer needed. 2011-03-31 14:06:11 -04:00
Todd C. Miller
987e1dbe62 Fix setting of user_args 2011-03-31 13:57:05 -04:00
Todd C. Miller
c82e29f274 Add '!' token to lex tracing 2011-03-31 13:42:05 -04:00
Todd C. Miller
0e2d58863a Use group bin in test, not wheel as most systems have the bin group 
but the same is no longer true of wheel.
 2011-03-31 12:54:17 -04:00
Todd C. Miller
ca32055fd8 Avoid using pre or post increment in a parameter to a ctype(3) 
function as it might be a macro that causes the increment to happen
more than once.
 2011-03-31 12:48:01 -04:00
Todd C. Miller
44c763c728 If there is an existing sudoers file, only install if it passes a 
syntax check.
 2011-03-29 15:20:32 -04:00
Todd C. Miller
8b9d773bae Add runasgroup support to testsudoers 2011-03-29 14:40:07 -04:00
Todd C. Miller
5e067b2734 For "make check", keep going even if a test fails. 2011-03-29 14:39:02 -04:00
Todd C. Miller
b87465b56f More useful exit codes: 
* 0 - parsed OK and command matched.
 * 1 - parse error
 * 2 - command not matched
 * 3 - command denied
 2011-03-29 13:09:58 -04:00
Todd C. Miller
b0be8d20ce Add support to user_in_group() for treating group names that begin with 
a '#' as gids.
 2011-03-29 11:29:43 -04:00
Todd C. Miller
041b1a896a Add back missing #include of config.h 2011-03-28 14:50:55 -04:00
Todd C. Miller
353f31751d Avoid a NULL deref on unrecognized escapes. 
Collapse %% -> % like strftime() does.
 2011-03-28 12:54:41 -04:00
Todd C. Miller
b485739edd Add test for a newline in the middle of a string when no line continuation 
character is used.
 2011-03-27 17:22:02 -04:00
Todd C. Miller
e3ff59e506 Use bitwise AND instead of modulus to check for length being odd. 
A newline in the middle of a string is an error unless a line
continuation character is used.
 2011-03-27 17:12:45 -04:00
Todd C. Miller
45b82039be Move lexer globals initialization into init_lexer. 2011-03-27 09:45:42 -04:00
Todd C. Miller
aed50b4d7b Fix a potential crash when a non-regular file is present in an 
includedir.  Fixes bz #452
 2011-03-27 09:27:43 -04:00
Todd C. Miller
ba50e99cbd Don't need all sudoers.h here. 2011-03-25 10:22:19 -04:00
Todd C. Miller
e9f89d7964 Update to match change in input. 2011-03-24 11:15:11 -04:00
Todd C. Miller
31c164dae1 Make an empty group or netgroup a syntax error. 2011-03-24 11:00:30 -04:00
Todd C. Miller
c5cc89da15 An empty group or netgroup should be a syntax error. 2011-03-24 11:00:05 -04:00
Todd C. Miller
5438a0be6a Check that uids work in per-user and per-runas Defaults 
Check that uids and gids work in a Command_Spec
 2011-03-24 10:40:03 -04:00
Todd C. Miller
bc333ae448 Test empty string in User_Alias and Command_Spec 2011-03-24 10:39:25 -04:00
Todd C. Miller
784d0dda37 Allow a group ID in the User_Spec. 2011-03-24 10:37:34 -04:00
Todd C. Miller
fe1bc681ba Return an error for the empty string when a word is expected. 
Allow an ID for per-user or per-runas Defaults.
 2011-03-23 18:51:57 -04:00
Todd C. Miller
cf8caed3bb Fix printing "User_Alias FOO = ALL" 2011-03-23 16:00:30 -04:00
Todd C. Miller
06bf685b33 Restore ability to define TRACELEXER and have trace output go to stderr. 2011-03-21 17:57:38 -04:00
Todd C. Miller
a2297743aa Restore old behavior of setting sawspace = TRUE for command line 
args when a line continuation character is hit to avoid causing
problems for existing sudoers files.
 2011-03-21 17:46:50 -04:00
Todd C. Miller
0a4c000854 Add test for line continuation and aliases 2011-03-21 15:21:51 -04:00
Todd C. Miller
2f6c096fb5 Make test output line up nicely for parse vs. toke 2011-03-21 15:09:47 -04:00
Todd C. Miller
830fce0f19 Move parser tests to sudoers directory and test the tokenizer output too. 2011-03-21 15:08:49 -04:00
Todd C. Miller
c7dd8399eb If we match a rule anchored to the beginning of a line after parsing 
a line continuation character, return an ERROR token.  It would be
nicer to use REJECT instead but that substantially slows down the
lexer.
 2011-03-21 12:48:33 -04:00