isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,542 Commits 1 Branch 0 Tags
2cc8ac30a182e91fea1dbb59b348595185e19f11
Commit Graph

69 Commits

Author SHA1 Message Date
Todd C. Miller
014edc20a3 Avoid mixing declarations and code for non-C99 compilers. 2014-07-28 15:21:44 -06:00
Todd C. Miller
d058611bd6 Fix compilation on systems w/o netgroups. 2014-07-28 06:22:52 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
a8fa112a53 atobool -> sudo_strtobool 
atoid-> sudo_strtoid
atomode -> sudo_strtomode
 2014-06-27 14:53:54 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
088edcb6f5 Add exported libsudo_util functions to util.exp and mark in headers 
using __dso_public.
 2014-06-26 15:51:15 -06:00
Todd C. Miller
218aa1e598 Move the sha2 code into libreplace and add configure checks for 
SHA224Update in libc and libmd.  Solaris uses "void *" where we use
"unsigned char *" so we need a check for that too.  Solaris sha2.h
defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens.
Adapted from changes from Vladimir Marek in bug #641.
 2014-04-09 16:31:13 -06:00
Todd C. Miller
27aff732f1 Fix matching of uids and gids broken in sudo 1.8.9. 2014-04-09 10:22:09 -06:00
Todd C. Miller
9ff3b1b570 Make hexchar() return -1 on invalid input instead of calling fatalx(). 
Callers used to check that the string was hex before calling hexchar().
Now callers must check for a -1 return value instead.
 2014-03-26 13:50:51 -06:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
2508da6f68 Better match debugging. 
Sprinkle const in match functions.
 2013-12-05 14:34:56 -07:00
Todd C. Miller
878ddb1788 Use atoid() instead of atoi() when parsing uids/gids so we get 
proper range checking.
 2013-12-03 14:33:26 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
b38d253e98 Add "headless" tail queues and use them in place of the semi-circular 
lists in sudoers.  Once the headless tail queue is built up it is
converted to a normal TAILQ.  This removes the last consumer of
list.c and list.h so those can now be removed.
 2013-10-22 09:08:38 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
ab61c02546 Replace sequence number-based cycle detection in visudo with a 
"used" flag in struct alias.  The caller is required to call
alias_put() when it is done with the alias.  Inspired by a patch
from Daniel Kopecek.
 2013-05-22 11:32:08 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
40772f5aa7 Fix pasto in debug_decl 2013-04-18 15:05:23 -04:00
Todd C. Miller
9c1ee1fe73 Move base64_decode into its own source file. 2013-04-17 09:32:27 -04:00
Todd C. Miller
26a256260d Include stdint.h or inttypes.h before sha2.h 2013-04-16 12:16:41 -04:00
Todd C. Miller
e715841fc2 Sanity check digest in parser so visudo can catch errors. 
Add base64 support
 2013-04-15 15:12:00 -04:00
Todd C. Miller
35375a2b7e Initial implementation of checksum support in sudoers. 
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
      checksum support for ldap sudoers
 2013-04-14 07:00:21 -04:00
Todd C. Miller
cd980f0b4f Fix compilation when getdomainame() is not present. 2013-04-01 16:35:35 -04:00
Todd C. Miller
e23ebd53c3 Instead of checking the domain name explicitly for "(none)", just 
check for illegal characters.
 2013-04-01 13:56:42 -04:00
Todd C. Miller
7796d6456d Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h 
when it is set.
 2013-03-29 14:03:00 -04:00
Todd C. Miller
ddc1d36a0b RHEL (and perhaps other Linux distros) use the string "(none)" 
instead of an empty string when there is no actual NIS-style domain
name.  Bug #596
 2013-03-27 03:41:00 -04:00
Todd C. Miller
64e558bcfb Fix return values when NAME_MATCH is defined. 2013-03-27 03:39:18 -04:00
Todd C. Miller
e051df6577 Mac OS X has netgroup functions in netdb.h. 2013-03-06 17:05:23 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
3c9da162e4 Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN (sys/param.h 
or netdb.h).
 2012-12-04 10:18:41 -05:00
Todd C. Miller
6a25affb47 Add rudimentary support for name-based matching as a compile-time 
option.  This unsafe when used in conjunction with the '!' operator.
 2012-09-24 10:09:41 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
0771c981de Update copyright year. 2012-01-06 14:23:55 -05:00
Todd C. Miller
c4ba511613 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a 
bug where a pattern like "/usr/*" include /usr/bin/ in the results,
which would be incorrectly be interpreted as if the sudoers file
had specified a directory.  From Vitezslav Cizek.
 2012-01-05 15:54:00 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
09beba8259 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and 
<def_data.h> and not "def_data.h" when generating the parser in a
build dir.
 2011-11-12 12:18:44 -05:00
Todd C. Miller
0bf68d2103 #include "gram.h" not <gram.h> and "def_data.h" and not <def_data.h>. 2011-11-08 14:09:48 -05:00
Todd C. Miller
6973ed5eb4 When matching a RunasAlias for a runas group, pass the alias in as 
the group_list, not the user_list.  From Daniel Kopecek.
 2011-10-25 10:34:31 -04:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
1a259de176 Split out address matching into its own file and add regression 
tests for it.
 2011-08-29 14:10:18 -04:00
Todd C. Miller
a47f005437 When matching an address with a netmask in sudoers, AND the mask 
and addr before checking against the local addresses.
 2011-08-27 12:09:30 -04:00
Todd C. Miller
526a61004d Fix netmask matching. 2011-08-26 16:01:39 -04:00
Todd C. Miller
d9e807b269 If the user specifies a runas group via sudo's -g option that matches 
the runas user's group in the passwd database and that group is not
denied in the Runas_Spec, allow it.  Thus, if user root's gid in
/etc/passwd is 0, then "sudo -u root -g root id" is allow even if
no groups are present in the Runas_Spec.
 2011-05-23 14:00:54 -04:00
Todd C. Miller
092b4b4d02 Be careful not to deref user_stat if it is NULL. This cannot currently 
happen in sudo but might in other programs using the parser.
 2011-03-16 15:59:44 -04:00
Todd C. Miller
21d8f01fac return foo not return(foo) 2011-02-07 06:47:29 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00