isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,390 Commits 1 Branch 0 Tags
2a609b467cbcfe6e335328052d15baeb22d23bc9
Commit Graph

512 Commits

Author SHA1 Message Date
Todd C. Miller
3332ee9842 Fix -g mode, broken by rev 1.503 which had the side effect of setting 
the runas user to root unilaterally.
 2009-05-10 01:00:23 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
838cb61086 Add support for AIX netsvc.conf (like nsswitch.conf). 2009-03-10 20:44:05 +00:00
Todd C. Miller
a25aee9cb9 Make "sudoedit -h" work as expected 2009-02-25 12:33:11 +00:00
Todd C. Miller
0390504c34 cosmetic changes 2009-02-25 11:05:01 +00:00
Todd C. Miller
710e72ecb3 Fix "sudo -k" with no other args 2009-02-25 01:23:07 +00:00
Todd C. Miller
15975b83ce Allow the -k flag to be specified in conjunction with a command or 
another option that may require authentication.
 2009-02-24 13:04:39 +00:00
Todd C. Miller
f96b0a7432 Implement umask_override 2009-02-21 22:03:47 +00:00
Todd C. Miller
6491696ca6 Make audit_success and audit_failure generic functions in preparation 
for integrating linux audit support.
 2009-02-21 13:37:47 +00:00
Todd C. Miller
f4bc42d637 May need to update the runas user after parsing command-based defaults. 2009-02-20 20:55:32 +00:00
Todd C. Miller
f492e53056 Add bsm audit support from Christian S.J. Peron 2009-02-11 01:18:02 +00:00
Todd C. Miller
77794f27aa Do not try to set the close on exec flag if we didn't actually open sudoers. 2009-01-09 00:13:37 +00:00
Todd C. Miller
68baa6346c fix compilation on non-C99; from Theo 2008-11-18 15:57:09 +00:00
Todd C. Miller
3cc3114d92 Move tty checks into check_user() so we only do them if we actually 
need a password.
 2008-11-11 18:28:08 +00:00
Todd C. Miller
8e480f4ae3 Don't error out if no tty or askpass unless we actually need to authenticate. 2008-11-11 17:34:27 +00:00
Todd C. Miller
43c98580fc s/overriden/overridden/; from Tobias Stoeckmann 2008-11-10 13:07:38 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
535ed3817c Sudo will now refuse to run if no tty is present unless the new 
visiblepw sudoers flag is set.
 2008-11-07 02:06:48 +00:00
Todd C. Miller
3cb9d538f9 use zero_bytes() instead of memset() for consistency 2008-11-02 14:51:16 +00:00
Todd C. Miller
4afceb8e92 Zero out sigaction_t before use in case it has non-standard entries. 2008-11-02 14:45:31 +00:00
Todd C. Miller
8ba6fa2ae3 Defer setting runas defaults until after runaspw/gr is setup. 2008-11-01 13:20:01 +00:00
Todd C. Miller
efb510a9dc Use MAXHOSTNAMELEN+1 when allocating host/domain name since some 
systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.
 2008-10-29 17:26:42 +00:00
Todd C. Miller
9b5e94cef9 When setting the umask, use the union of the user's umask and the 
default value set in sudoers so that we never lower the user's umask
when running a command.
 2008-10-26 21:13:03 +00:00
Todd C. Miller
aa54053ad1 Don't try to read from a zero-length sudoers file. Remove the bogus 
Solaris work-around for EAGAIN.  Since we now use fgetc() it should
not be a problem.
 2008-10-26 20:43:59 +00:00
Todd C. Miller
18e7644032 Don't error out on a zero-length sudoers file. With the advent of 
#include the user could create a situation where sudo is unusable.
 2008-10-24 13:49:10 +00:00
Todd C. Miller
b02daa8272 Add sudoers_locale Defaults option to override the default sudoers 
locale of "C".
 2008-09-14 00:45:24 +00:00
Todd C. Miller
508295b1f6 Set locale to system default except for during sudoers parse. 2008-09-13 18:09:28 +00:00
Todd C. Miller
a5245c2358 Set locale to "C" to avoid interpretation issues with character ranges 
in sudoers.  May want to make the locale a sudoers option in the future.
 2008-08-23 23:09:13 +00:00
Todd C. Miller
e439faeeb4 Flesh out the fake passwd entry used for running commands as a uid not 
listed in the passwd database.  Fixes an issue with some PAM modules.
 2008-07-02 10:27:57 +00:00
Todd C. Miller
0cf7172b1a Error out in -i mode if the user has no shell. This can happen when 
running commands as a uid with no password entry.
 2008-07-01 11:57:55 +00:00
Todd C. Miller
4578548c45 The -i flag should imply env_reset. This got broken in sudo 1.6.9. 2008-06-21 18:59:36 +00:00
Todd C. Miller
5756ddfbeb Change how the mailer is waited for. Instead of having a SIGCHLD 
handler, use the double fork trick to orphan the child that opens
the pipe to sendmail.  Fixes a problem running su on some Linux distros.
 2008-06-21 00:34:47 +00:00
Todd C. Miller
b85a28aba9 Add env_file Defaults option that is similar to /etc/environment on some 
systems.
 2008-05-03 00:53:21 +00:00
Todd C. Miller
cb8bc538d0 fix "sudo -s" broken by mode/flags breakout 2008-04-07 18:39:05 +00:00
Todd C. Miller
938f79172c parse_args() cleanup: 
Sort command line options in the getopt() switch
The -U option requires a parameter
Normalize a few ISSET calls
Split mode into mode and flags and retire the now-obsolete excl variable
 2008-03-18 20:08:46 +00:00
Todd C. Miller
c352187cf8 Add -n (non-interactive) flag. 2008-03-18 20:04:41 +00:00
Todd C. Miller
f2c84d5a6d Move version printing, etc. into a separate function. 2008-03-18 19:59:37 +00:00
Todd C. Miller
4b46531e48 Don't try to cleanup nsswitch if it has not been initialized. 2008-03-18 19:57:40 +00:00
Todd C. Miller
d11cb3d14b Use getopt() to parse the command line. We need to be able to 
intersperse env variables and options yet still honor "--""
which complicates things slightly.
 2008-03-12 23:42:32 +00:00
Todd C. Miller
0c6a760fc2 Error out if both -A and -S are specified 
Error out if -A is specified but no askpass is configured
 2008-03-04 22:20:28 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
211be00ccb Document "sudo -ll" and make "sudo -l -l" be equivalent. 2008-02-17 01:26:23 +00:00
Todd C. Miller
04bb8f00fc Remove dependence on VALIDATE_NOT_OK in logging functions. 
Split log_auth() into log_allowed() and log_denial()
Replace mail_auth() with should_mail() and a call to send_mail()
 2008-02-13 12:28:37 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
72656eaf3b Unlimit nproc on Linux systems where calling the setuid() family 
of syscalls causes the nroc resource limit to be checked.  The
limits will be reset by pam_limits.so when PAM is used.  In the
non-PAM case the nproc limit will remain unlimited but there doesn't
seem to be a way around that other than having sudo parse
/etc/security/limits.conf directly.
 2008-01-27 21:34:41 +00:00
Todd C. Miller
801860b298 Only read /etc/environment on Linux and AIX 2008-01-27 21:31:27 +00:00
Todd C. Miller
7f05a4ff6f Make set_runaspw static void 2008-01-15 14:23:58 +00:00
Todd C. Miller
055bda6261 comment cleanup and update (c) year 2008-01-05 21:27:02 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00