isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,034 Commits 1 Branch 0 Tags
38a5b0a655a8f35a1963a1f825fe28ee96b9740c
Commit Graph

1158 Commits

Author SHA1 Message Date
Todd C. Miller
38a5b0a655 Should not attempt start_tls on an ldaps connection. 2013-10-24 07:16:57 -06:00
Todd C. Miller
548efb83da Fix sign compare warning. 2013-10-23 16:18:28 -06:00
Todd C. Miller
0817429583 More sign compare fixes. On Solaris id_t is signed so use uid_t 
in the set_perms.c ID macro instead.
 2013-10-23 15:19:41 -06:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
994879c044 Ignore SIGPIPE when connecting to the LDAP server so we can get a 
proper error message with the IBM LDAP libs.  Also return LDAP_SUCCESS
instead of 0 from most sudo_ldap_* functions that return an int.
 2013-10-23 11:15:24 -06:00
Todd C. Miller
340fc0a583 Quiet compiler warnings. 2013-10-23 09:43:36 -06:00
Todd C. Miller
29361ec003 sudo_ldap_parse_uri() should join multiple URIs in the string list 
together but it was clearing the host entry each time through the
loop.  Fixes a bug with multiple URI entries in ldap.conf where
only the last one was being honored.
 2013-10-22 16:52:23 -06:00
Todd C. Miller
e8ce021e7d Quiet some llvm check false positives. The common idiom of using 
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in
a TAILQ confuses llvm.  Use TAILQ_FOREACH_SAFE instead (which is
probably faster anyway).
 2013-10-22 14:58:00 -06:00
Todd C. Miller
65c6f34aa4 If pam_open_session() fails don't call pam_getenvlist() with a NULL 
pam handle.
 2013-10-22 14:47:51 -06:00
Todd C. Miller
798e82bd61 Fix newly introduced use after frees found by llvm checker. 2013-10-22 10:43:15 -06:00
Todd C. Miller
b38d253e98 Add "headless" tail queues and use them in place of the semi-circular 
lists in sudoers.  Once the headless tail queue is built up it is
converted to a normal TAILQ.  This removes the last consumer of
list.c and list.h so those can now be removed.
 2013-10-22 09:08:38 -06:00
Todd C. Miller
f85106ea67 Use SLIST and STAILQ macros instead of doing headless singly linked 
lists manually.  As a bonus we now use a tail queue for ldap.c and
sudoreplay.c.
 2013-10-22 09:08:09 -06:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
fe0e953e9b Fix AND operator broken by changes to fix OR. 2013-10-21 16:00:29 -06:00
Todd C. Miller
2c8d5add86 Fix OR operator. 2013-10-19 16:59:08 -06:00
Todd C. Miller
79acd5db49 Simple event subsystem that uses poll() or select(). Basically a 
simplied subset of libevent2.  Currently only fd events are supported
(since that's all we need).  The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
 2013-10-12 05:53:43 -06:00
Todd C. Miller
020fb00948 When checking for unused Runas_Aliases, count those used as part 
of a Runas Group too.  Fixes a false positive warning.
 2013-10-04 16:22:25 -06:00
Todd C. Miller
fc332461ed Rebuild message catalog files. 2013-09-29 15:04:11 -06:00
Todd C. Miller
4b10880f82 Sync with translationproject.org 2013-09-18 11:49:24 -06:00
Todd C. Miller
9a657e884d Change "next" back to 2. In the context of "next Friday" we really 
do want the friday of the upcoming (not current) week.  Unfortunately,
this means that things like "next week" and "next year" will match
one more than we really want.  Fixing this will require some fairly
major changes to the grammar.
 2013-09-18 11:48:26 -06:00
Todd C. Miller
5d56fd5f83 Remove extraneous $$CWD; from Bdale Garbee 2013-09-11 11:15:47 -06:00
Todd C. Miller
e59d5624d9 Make "this" and "next" qualifiers work a bit better. There is still 
room for improvement as "this week" will use the current time instead
of the beginning of the week.  That's a separate issue though.
 2013-09-09 16:41:27 -06:00
Todd C. Miller
bd52869056 Be specific that we are talking about the Unix epoch; bug #615 2013-09-03 14:50:28 -06:00
Todd C. Miller
6b0a909d9a Do not use "setup" as a verb; bug #614 2013-09-03 14:47:34 -06:00
Todd C. Miller
6b57ef4f6d Fix logic goof when checking open() status. 2013-09-03 11:24:31 -06:00
Todd C. Miller
13fd13e17c Sync with translationproject.org 2013-09-03 09:40:53 -06:00
Todd C. Miller
b2d0bdee20 Work around a bug in sudo 1.8.7 timing files where the indexes are 
off by two.
 2013-09-03 09:39:35 -06:00
Todd C. Miller
422115d728 Repair writing of the I/O log file indices broken in sudo 1.8.7. 2013-09-03 09:22:44 -06:00
Todd C. Miller
de566ac2ce Fix setting of quiet flag when -q / --quiet is specified. 
Do not print "sudoers: parsed OK" in quiet mode.
 2013-08-26 14:40:25 -06:00
Todd C. Miller
316fe36126 Updated translations from translationproject.org 2013-08-26 07:04:49 -06:00
Todd C. Miller
3389108f10 Don't allow root to change its SELinux role without a password. 
Bug #611
 2013-08-26 07:04:19 -06:00
Todd C. Miller
6d1ee8cf23 Updated translations from translationproject.org 2013-08-21 10:10:48 -06:00
Todd C. Miller
925984d888 Fix error display from ldap_ssl_client_init(). There are two error 
codes.  The return value can be decoded via ldap_err2string() but the
ssl reason code cannot (you have to look it up in a table online).
 2013-08-17 07:08:20 -04:00
Todd C. Miller
e507c05bbf Fix typo in comment. 2013-08-19 09:19:52 -06:00
Todd C. Miller
e54f11ae47 Fix comment. 2013-08-19 09:19:24 -06:00
Todd C. Miller
bd589f2342 Quiet some gcc -Wformat=2 false positives 2013-08-19 06:39:33 -06:00
Todd C. Miller
ebbdee421a Remove now-obsolete arg to env_merge() 2013-08-18 14:33:35 -06:00
Todd C. Miller
ffef732acb Updated translations from translationproject.org 2013-08-18 14:25:23 -06:00
Todd C. Miller
0f091f478b Add __printflike to audit_failure. 2013-08-18 14:21:29 -06:00
Todd C. Miller
7a76844d98 When merging the PAM environment, allow environment variables set 
in PAM to override ones set by sudo as long as they do not match
the env_keep or env_check lists.
 2013-08-17 06:34:09 -06:00
Todd C. Miller
f72f47aa1d Call pam_getenvlist() after we've opened the session to get the 
session-specific environment variables.
 2013-08-17 06:22:46 -06:00
Todd C. Miller
082c73338a regen 2013-08-16 10:18:34 -06:00
Todd C. Miller
acac6ae2a8 Use lower case for the long option arguments to match the manual. 
This is inconsistent with GNU but it is better to match the sudo
documentation.
 2013-08-16 10:17:47 -06:00
Todd C. Miller
b8d539984f Use strtol() instead of atoi() and perform error checking 
of parameters passed from the sudo front-end.
 2013-08-15 16:20:15 -06:00
Todd C. Miller
91ec1c476c It is not possible for auth to be NULL here. 2013-08-15 15:22:50 -06:00
Todd C. Miller
ea65c82b66 Initialize user_runhost and user_srunhost to user_host and user_shost 
in visudo and testsudoers.
 2013-08-15 14:26:51 -06:00
Todd C. Miller
99352d6738 Rename error.h -> fatal.h now that there is no error() function. 2013-08-15 14:24:29 -06:00
Todd C. Miller
1b39c3758d Need to include gettext.h for BSM audit. 2013-08-15 13:36:25 -06:00
Todd C. Miller
85fc5792d4 Change some fatalx(NULL) that should be fatal(NULL). 2013-08-15 13:06:49 -06:00
Todd C. Miller
2f251caf47 Fix compilation on Solaris 11. 2013-08-15 10:39:40 -06:00