isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,034 Commits 1 Branch 0 Tags
38a5b0a655a8f35a1963a1f825fe28ee96b9740c
Commit Graph

7034 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
04b290e385 Make sure the mailer exists and is a regular file before trying 
to exec it.
 2013-08-13 14:48:24 -06:00
Todd C. Miller
39d630f2f2 If tty_tickets are enabled but there is no tty, use a ticket file 
based on the parent pid.
 2013-08-13 12:55:17 -06:00
Todd C. Miller
d9fd6281e4 Allow default plugin dir to be configured in sudo.conf. 2013-08-13 12:24:28 -06:00
Todd C. Miller
d10641cdbb UTF8 for Ruusamae, Elan; from Tae Wong 2013-08-13 10:37:52 -06:00
Todd C. Miller
9b2fb418ca Don't allow max_groups to be set to zero, it just complicates things 
needlessly.  Fixes an assertion in visudo when there is a group-based
Defaults entry.
 2013-08-12 09:14:38 -06:00
Todd C. Miller
8b4fbc5cc0 Refactor code to parse list of gids into its own function that is 
shared by the sudo front-end and the sudoers module.
Make uid/gid parse error be fatal, not just a warning.
 2013-08-08 11:40:36 -06:00
Todd C. Miller
6126c08f7d Add function comment block. 2013-08-08 11:38:39 -06:00
Todd C. Miller
141f91e777 Default text domain is now sudo, not sudoers. 2013-08-08 10:37:25 -06:00
Todd C. Miller
5556a0f211 Update dependency for atoid.lo 2013-08-08 08:39:58 -06:00
Todd C. Miller
fe23e7c038 Add endpointer and separator args to atoid() 2013-08-08 06:11:52 -06:00
Todd C. Miller
39cbfcd406 Use private version of atoid() to avoid a dependency on libcommon.a 
(since that already depends on libreplace.a).
 2013-08-07 16:52:50 -06:00
Todd C. Miller
03fc668e5a More UTF8 in names; from Tae Wong 2013-08-07 16:07:14 -06:00
Todd C. Miller
dde7331a0f Use atoid() in more places. 2013-08-07 15:49:03 -06:00
Todd C. Miller
40cb480f07 Move atoid() to common so it can be used in src and compat too. 2013-08-07 15:10:45 -06:00
Todd C. Miller
2c6e68df0e Avoid a crash on Mac OS X 10.8 (at least) when we close libdispatch's 
fds out from under it before executing the command.  Switch to just
setting the close on exec flag instead.
 2013-08-07 15:04:58 -06:00
Todd C. Miller
30adf33eaf Convert to last, first for easier sorting and use UTF8 (including a 
BOM).
 2013-08-07 14:14:05 -06:00
Todd C. Miller
c3fb47a88e Add atoid() function to convert a string to an id_t (uid, gid or 
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
 2013-08-07 13:13:56 -06:00
Todd C. Miller
5dc56ea81d Add atoid() function to convert a string to an id_t (uid, gid or 
pid).  We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
 2013-08-07 11:23:19 -06:00
Todd C. Miller
972ee9a0fb Avoid "perm stack underflow" error when logging the unknown uid error. 2013-08-07 10:13:04 -06:00
Todd C. Miller
23a2bdbcba In rewind_perms() there is nothing to do if perm_stack_depth == 0. 2013-08-07 09:42:14 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
385e20c7bc Newer Xcode places the SDKs under Xcode.app 2013-08-06 10:58:50 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
8c867be419 Do not try to install plugins when shared modules are disabled 
(sudoers already had the check).
 2013-08-01 10:51:46 -06:00
Todd C. Miller
d882303b88 Update dependencies to take into account compat/getopt.h and 
compat/dlfcn.h.
 2013-08-01 10:51:06 -06:00
Todd C. Miller
235d32c994 Update dependencies now that sudo_usage.h is always included from 
the build dir.
 2013-08-01 10:50:05 -06:00
Todd C. Miller
62da46a9cb Add some warnings and debugging to sasl ccname handling. 2013-07-31 15:20:14 -06:00
Todd C. Miller
c0c782ae14 Fix write loop invariant in sudo_krb5_copy_cc_file() 2013-07-31 15:03:46 -06:00
Todd C. Miller
09e752274e Strip off leading FILE: or WRFILE: prefix before trying to copy 
the user's credential cache.
 2013-07-30 15:37:04 -06:00
Todd C. Miller
3582ad3409 Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, 
just save RLIMIT_NPROC in exec_setup() before the final setuid()
and restore it immediately after.  We don't need to modify RLIMIT_NPROC
for simple euid changes, just for changing the real (and saved)
uids before we exec.  This also means we no longer need to worry
about _SC_CHILD_MAX returning -1.  Bug #565
 2013-07-29 15:34:49 -06:00
Todd C. Miller
b1c8f0575b Now that the ldap code runs with the real and effective uid set to 
0, it is not possible for the gssapi libs to find the user's krb5
credential cache file.  To work around this, we make a temporary
copy of the user's credential cache specified by KRB5CCNAME (opened
with the user's effective uid) and point gssapi to it.  To set the
credential cache file name, we dynamically look up gss_krb5_ccache_name()
and use it if available, otherwise fall back to setting KRB5CCNAME.
 2013-07-28 17:06:43 -06:00
Todd C. Miller
39575aecf2 Long option support for visudo and sudoreplay. 2013-07-19 09:42:25 -06:00
Todd C. Miller
6e56e6d8c8 Add support for long options and fix inclusion of sudo_usage.h with 
modern gcc broken in 8597:1fcb7ba13018.
 2013-07-18 16:51:56 -06:00
Todd C. Miller
fbfd0ad630 Add rule to rebuild sudo_usage.h when the .in file changes. 2013-07-18 14:29:30 -06:00
Todd C. Miller
deb3844959 Add make rules for building getopt_long.c 2013-07-18 10:07:41 -06:00
Todd C. Miller
db05b9ae0d Make "-h hostname" work. Optional args in GNU getopt() only work 
when there is no space between the option flag and the argument.
 2013-07-18 10:02:43 -06:00
Todd C. Miller
9309c9eab7 Use getopt_long() so we can make the -h flag take an optional argument. 
Includes a version for those without it.
 2013-07-17 17:00:55 -06:00
Todd C. Miller
29908cb6df Document that the -h option can be used specify a host name for future 
plugins.
 2013-07-16 16:31:59 -06:00
Todd C. Miller
c2860cce57 Overload -h option to specify an optional hostname for remote access. 
This is future-proofing; no policy plugins currently support this.
 2013-07-16 16:31:05 -06:00
Todd C. Miller
1e4497331c Bump version to 1.8.8 2013-07-16 16:29:42 -06:00
Todd C. Miller
1d20a0ab63 Document the remote_host setting (-h host) 2013-07-16 16:21:14 -06:00
Todd C. Miller
ba615bd58f fix "the the" 2013-07-16 16:18:14 -06:00
Todd C. Miller
b4e1f7c446 Do not error out if arg to -U option cannot be resolved, that is for 
the plugin to decide.
There is no need for runas_user and runas_group to be global, make
them local to parse_args() instead.
 2013-07-16 14:04:23 -06:00
Todd C. Miller
e53e80187d Sync with translationproject.org 2013-07-16 07:32:57 -06:00
Todd C. Miller
adce34358c Remove old bits about sudo setuid problems that should have been 
cleaned up in changeset 7917:fa4894896d8a.  Also update the mode
of sudo to 04755 to match current packaging.
 2013-07-11 17:57:40 -04:00
Todd C. Miller
6dff70db03 Go back to ignoring the return value of pam_setcred() since with 
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another.  If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2013-07-11 17:50:03 -04:00
Todd C. Miller
f32a1c7edc Remove unused variable. 2013-07-11 17:47:39 -04:00
Todd C. Miller
a72d04c393 Fix typo 2013-07-11 16:31:36 -04:00
Todd C. Miller
4d6cb6efff Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). 
From Dan Harnett.
 2013-07-09 10:35:26 -06:00