isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,390 Commits 1 Branch 0 Tags
30f7ecca10c0f36cea91c58f30d4db2f22a754d9
Commit Graph

8390 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
30f7ecca10 In cb_sudoers_locale() actually set the locale in addition to storing 
its name.  Otherwise, it won't take effect until sudoers lookup time.
 2016-07-20 13:36:45 -06:00
Todd C. Miller
684161618d Fix regression that would cause early defaults entries to be 
set multiple times.
 2016-07-20 13:35:04 -06:00
Todd C. Miller
1349bb760b sudo 1.8.18 2016-07-20 09:51:11 -06:00
Todd C. Miller
6daf3c5ce1 Only set early defaults once, regardless of how many times the 
variable is set in sudoers.  This avoids running an early callback
more than once.  For example, we don't want to call cb_fqdn() if
sudo is compiled with FQDN set but sudoers has "Defaults !fqdn".
 2016-07-19 14:58:06 -06:00
Todd C. Miller
5e9173df7a Make strings const in functions that set defaults as they are 
not modified.
 2016-07-19 14:55:27 -06:00
Todd C. Miller
08e369572e In cb_fqdn() just return if the fqdn flag is set to false. 2016-07-19 14:52:33 -06:00
Todd C. Miller
7218dbe542 Implement callbacks for defaults flags (T_FLAG). 2016-07-18 12:37:45 -06:00
Todd C. Miller
d92a396da5 add debug_decl for cb_runas_default and cb_sudoers_locale 2016-07-18 12:20:46 -06:00
Todd C. Miller
36b18c6e64 Convert fqdn to a callback and add it to the list of early defaults. 2016-07-18 12:19:07 -06:00
Todd C. Miller
9b42640ef5 Change defaults callbacks to take a union sudo_defs_val * instead 
of a char *.
 2016-07-18 12:11:25 -06:00
Todd C. Miller
6ddc95a47c When updating defaults, process certain values fist since they can 
influence how other defaults are parsed.  Currently, runas_default
and sudoers_locale are processed early.
 2016-07-18 11:37:32 -06:00
Todd C. Miller
eae8bc9d56 Fix typo introduced in last commit to fix fill_args() overflow check. 2016-07-16 20:59:59 -06:00
Todd C. Miller
73b0ac4bc1 Fix underflow checl in fill_args(). 2016-07-16 20:54:07 -06:00
Todd C. Miller
88ba54f478 Make sure we account for the trailing NUL when computing arg_size 
in fill_args().  Bug #752
 2016-07-16 20:12:17 -06:00
Todd C. Miller
0f816c4401 Make arg_size and arg_len unsigned since we do bitwise operations 
on them.
 2016-07-16 16:22:40 -06:00
Todd C. Miller
6f5b8cf757 Only remove backup files as part of "make uninstall" when INSTALL_BACKUP 
is set.
 2016-07-08 12:56:47 -06:00
Todd C. Miller
144e3bb53f Only keep backups of installed files on HP-UX where you cannot 
unlink a shared library that is in use.
 2016-07-08 12:37:41 -06:00
Todd C. Miller
19c80f8aee Ignore a missing or insecure #includedir, it is not a fatal error. 2016-07-03 06:19:43 -06:00
Todd C. Miller
026b403f27 Make sure we always call sudoerserror() on error in read_dir_files(), 
otherwise sudo will not treat it as a fatal error.
 2016-07-03 06:16:19 -06:00
Todd C. Miller
7bfe2e7969 Set the sudoers locale before opening the sudoers file. 
Previously the sudoers locale was used when evaluating sudoers
but not during the inital parse.  Bug #748
 2016-06-30 12:40:19 -06:00
Todd C. Miller
5a176e8509 Add debugging 2016-06-30 12:38:30 -06:00
Todd C. Miller
c56d52ea62 Don't link test programs with the sudoers-specific locale code 
if we don't need to.
 2016-06-30 12:12:18 -06:00
Todd C. Miller
cbd2cf290b sudoreplay does not need to link with the sudoers-specific locale code. 2016-06-30 11:27:22 -06:00
Todd C. Miller
81e33e1f56 new_digest was prototyped as static but not explicitly declared 
static.
 2016-06-27 06:00:11 -06:00
Todd C. Miller
9cc354aae3 Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if 
_XOPEN_SOURCE_EXTENDED is defined.  Only define _XOPEN_SOURCE_EXTENDED
if we can still compile net/if.h.
 2016-06-27 05:55:31 -06:00
Todd C. Miller
9c7680e016 Some versions of HP-UX make will ignore suffix rules if they are 
empty.
 2016-06-27 05:48:19 -06:00
Todd C. Miller
66ab525f1e Don't skip debug printfs in handle_sigchld() just because execve() 
returned an error.
 2016-06-23 11:27:59 -06:00
Todd C. Miller
f683cbd582 Add definition of nitems for those without it and use it throughout. 2016-06-23 10:58:07 -06:00
Todd C. Miller
ff2cd3cf27 Update copyright year. 2016-06-22 18:19:27 -06:00
Todd C. Miller
c4118f66f4 Sudo 1.8.17p1 2016-06-22 10:26:08 -06:00
Todd C. Miller
ed9b457eb2 Set user groups in exec_setup() if they were not already set by 
policy_init_session().  Bug #749
 2016-06-22 10:21:29 -06:00
Todd C. Miller
f98b481af2 Point the reader to the sudoers manual for the list of supported 
arguments after the plugin path.
 2016-06-15 10:10:59 -06:00
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
72f18cff9a Fold lines at 80 characters for the clean: target 2016-06-13 15:12:44 -06:00
Todd C. Miller
5348d32ab6 Remove mksiglist, siglist.c, mksigname, signame.c as part of "distclean" 2016-06-13 13:45:17 -06:00
Todd C. Miller
ea23932af0 sync with translationproject.org 2016-06-12 18:57:09 -06:00
Todd C. Miller
d9e14bc659 LDAP sudoers doesn't support negated users, groups or netgroups. 2016-06-12 09:36:19 -06:00
Todd C. Miller
63a2428892 Bug #746 2016-06-09 12:25:36 -06:00
Todd C. Miller
e2de0027dc When matching paths with glob(3), check returned matches against 
user_cmnd first if it is fully-qualified.  This avoids a lot of
needless stat(2) calls and avoids a mismatch between safe_cmnd and
argv[0] if there are multiple matches with the same inode/dev due
to links.  Bug #746.
 2016-06-09 11:41:09 -06:00
Todd C. Miller
74c2dc7806 Add execve failure in pty bug fix. 2016-06-09 11:00:02 -06:00
Todd C. Miller
ce28b15eca sync with translationproject.org 2016-06-09 10:51:40 -06:00
Todd C. Miller
8a86233c16 In handle_sigchld() fix the return value when we've already received 
an exec error.  We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
 2016-06-09 10:50:58 -06:00
Todd C. Miller
1ec4d9918d Move sudo_debug_execve() call into sudo_execve(). 2016-06-09 10:48:59 -06:00
Todd C. Miller
12ab5b8108 sync with translationproject.org 2016-06-09 07:12:38 -06:00
Todd C. Miller
bd8e3b5fb9 update for 1.8.17 final 2016-06-07 13:45:37 -06:00
Todd C. Miller
1052a7205f Fix setting of hard stack limit when stack_hard is not specified 
in /etc/security/limits.  When 64-bit resource limits are supported
we can use the default value of 8388608 512-byte blocks directly.
We should only resort to using RLIM_SAVED_MAX for 32-bit resource
limits.
 2016-06-07 13:06:27 -06:00
Todd C. Miller
734b43c6b0 regen 2016-06-06 10:07:58 -06:00
Todd C. Miller
3169259821 Ignore empty ipa_hostname 2016-06-05 14:42:54 -06:00
Todd C. Miller
c6a21bd53d Better martching of ipa_hostname in sssd.conf 2016-06-05 05:40:32 -06:00