isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,507 Commits 1 Branch 0 Tags
2c2daa8ecacaeba91b2a89f1a4f6d8b1e55bacb6
Commit Graph

172 Commits

Author SHA1 Message Date
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
74169a83e0 Expand aliases in "sudo -l" mode 2004-11-15 18:00:29 +00:00
Todd C. Miller
541908f1bd A user can always list their own entries, even with -u. 
Better error message when failing to list another user's entries.
 2004-11-11 17:22:30 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
5becc03851 Rewritten parser that converts sudoers into a set of data structures. 
This eliminates ordering issues and makes it possible to apply
sudoers Defaults entries before searching for the command.
 2004-10-26 22:10:55 +00:00
Todd C. Miller
1b06f3e81d Use glob(3) instead of fnmatch(3) for matching pathnames and stat each 
result that matches the basename of the user's command.  This makes
"cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah.
Fixes bug #143.
 2004-10-07 18:52:51 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
db2a97fd0a More scaffolding for dealing with multiple sudoers files: 
o init_parser() now takes a path used to populate the sudoers global
 o the sudoers global is used to print the correct file in yyerror()
 o when switching to a new sudoers file, perserve old file name and line number
 2004-09-28 18:31:24 +00:00
Todd C. Miller
4b75a03343 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so 
we start at the right file position when reading include files.
 2004-09-28 17:52:59 +00:00
Todd C. Miller
e3391d597b Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE 2004-09-24 17:15:51 +00:00
Todd C. Miller
0c2be08089 Don't close sudoers_fp, keep it open and set close on exec flag instead. 2004-09-24 17:13:24 +00:00
Todd C. Miller
f30ab72c44 Add cmnd_base to struct sudo_user and set it in init_vars(). 
Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
 2004-08-24 18:01:14 +00:00
Todd C. Miller
1a46dd74f6 Don't pass user_cmnd and user_args to command_matches(), just use 
the globals there.  Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.
 2004-08-02 18:44:58 +00:00
Todd C. Miller
98fb553875 Fix a bug introduced in rev. 1.149. When checking for pseudo-commands 
check for a '/' anywhere in cmnd, not just the first character.
 2004-08-02 18:40:39 +00:00
Todd C. Miller
8ce996770c Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless 
PERM_SUDOERS.  Restore to PERM_ROOT upon exit of the parse.
 2004-07-23 20:43:09 +00:00
Todd C. Miller
a6fe34784a When matching for "sudoedit" in sudoers check both the command the user 
typed *and* the command that is listed in the sudoers entry.
 2004-07-08 00:15:37 +00:00
Todd C. Miller
713e419fe9 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:11 +00:00
Todd C. Miller
b954f0bc94 When checking for a command in the directory, only copy the base dir once. 2004-06-01 16:51:06 +00:00
Todd C. Miller
d33ad95208 Use PATH_MAX, not MAXPATHLEN since the former is standardized. 2004-06-01 01:22:27 +00:00
Todd C. Miller
5150db1db3 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was 
explicitly denied and the command matched.  This fixes a long-standing
bug and makes:
    foo machine = (ALL) /usr/bin/blah
    foo machine = (!bar) /usr/bin/blah

equivalent to:
    foo machine = (ALL, !bar) /usr/bin/blah
 2004-05-27 19:55:06 +00:00
Todd C. Miller
6190f376c1 If the user specified a uid with the -u flag and the uid exists in 
the passwd file, set runas_user to the name, not the uid.

When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
 2004-03-24 23:06:34 +00:00
Todd C. Miller
3a2282c927 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
4dc5700a6d Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 22:25:10 +00:00
Todd C. Miller
69d47fe756 If we can't stat the command as root, try as the runas user instead. 2004-01-16 23:10:13 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
40b63be2fc Don't assume that getgrnam() calls don't modify contents of 
struct passwd returned by getpwnam().  On FreeBSD w/ NIS this
can happen.  Based on a patch from Kirk Webb.
 2003-05-22 01:53:01 +00:00
Todd C. Miller
a76a79f6d7 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
eebc763bd3 Use strlc{at,py} for paranoia's sake and exit on overflow. In all 
cases the strings were either pre-allocated to the correct size of
length checks were done before the copy but a little paranoia can
go a long way.
 2003-03-13 20:00:45 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
7cc2f3b3e5 Remove Chris Jepeway's email address so people don't bug him ;-) 2002-03-16 00:44:48 +00:00
Todd C. Miller
a82e7a8efe (c) 2002 2002-01-08 15:00:18 +00:00
Todd C. Miller
bd74bbdfb0 kill extra blank line 2002-01-08 14:08:23 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
4572e80469 Fix CIDR -> in_addr_t conversion. 2001-12-13 01:07:25 +00:00
Todd C. Miller
afff0d56b4 Make 'listpw=never' work for users who are not explicitly mentioned in 
sudoers.
 2001-12-12 21:00:56 +00:00
Todd C. Miller
6525e882a4 The listpw and verifypw sudoers options would not take effect because 
the value of the default was checked *before* sudoers was parsed.
Instead of passing in the value of PWCHECK_* to sudoers_lookup(),
pass in the arg for def_ival() so the check can be deferred until
after sudoers is parsed.
 2000-08-12 20:48:29 +00:00
Todd C. Miller
9aeabf1b03 Fully qualified hosts w/ wildcards were not matching the FQHOST token type. 
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
 2000-03-23 04:38:20 +00:00
Todd C. Miller
5ce1fa96f2 Add support for wildcards in the hostname. 2000-03-23 04:09:53 +00:00
Todd C. Miller
db2c555453 kill register 2000-03-22 15:53:09 +00:00
Todd C. Miller
9e0bae9fc6 update copyright year on changed files 2000-01-17 23:46:26 +00:00
Todd C. Miller
f68cc2f628 Add "listpw" and "verifypw" options. 2000-01-17 04:05:18 +00:00
Todd C. Miller
0b59a0974d netgr_matches needs to check shost as well as host since they may be different. 2000-01-11 18:20:41 +00:00
Todd C. Miller
625e3e46d0 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd 
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
 2000-01-03 04:43:33 +00:00
Todd C. Miller
957fa7941d o Kill HAVE_FNMATCH_H 
o Only define HAVE_FNMATCH if <fnmatch.h> exists.
 1999-12-09 03:54:57 +00:00