isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,482 Commits 1 Branch 0 Tags
3b112a17c12fde611dcbb38c285ddf0fee53a56c
Commit Graph

5482 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f601085de4 Make "visudo -c -f -" check the standard input. 2010-09-09 17:10:23 -04:00
Todd C. Miller
b91a12988a set_home and always_set_home have an effect if HOME is present in 
the env_keep list.
 2010-09-09 16:22:26 -04:00
Todd C. Miller
1b9ca115b7 Make -H flag work when HOME is listed in env_keep. Also makes 
"set_home" and "always_set_home" override override HOME in env_keep.
 2010-09-09 16:16:39 -04:00
Todd C. Miller
e069b74dc8 Convert sudoers plugin to use interface list passed in settings. 2010-09-08 15:07:40 -04:00
Todd C. Miller
1009d7a3e6 Query local network interfaces in the main sudo driver and pass to 
the plugin as "network_addrs" in the settings list.
 2010-09-08 14:20:11 -04:00
Todd C. Miller
d9a3526320 Solaris BSM audit return EINVAL when auditing is not enabled, whereas 
OpenBSM returns ENOSYS.
 2010-09-08 09:47:00 -04:00
Todd C. Miller
e74b6e6b1e missing.h should come before most local includes 2010-09-07 19:14:22 -04:00
Todd C. Miller
d739608a80 missing.h should come before most local includes 2010-09-07 18:28:55 -04:00
Todd C. Miller
0c38f1460d Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
 2010-09-07 18:28:22 -04:00
Todd C. Miller
1d37ab560a Always fill in NewArgv for audit code. 2010-09-07 17:59:10 -04:00
Todd C. Miller
5403757edf Add missing LOG_INPUT/LOG_OUTPUT support in the lexer. 2010-09-07 17:16:05 -04:00
Todd C. Miller
10c3bb62c4 Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
Also g/c unused compat.h.
 2010-09-07 16:45:19 -04:00
Todd C. Miller
8ec596c7d9 When matching the runas user and runas group (-u and -g command 
line options), keep track of runas group and runas user matches
separately.  Only return a positive match if we have a match for
both runas user and runas group (if specified).
 2010-09-06 07:56:15 -04:00
Todd C. Miller
df8ec6fc25 Add support for multiple URI lines by joining the contents and passing 
the result to ldap_initialize.
 2010-09-04 20:43:51 -04:00
Todd C. Miller
27f6558df9 Do not return -1 on error from the display functions; the caller 
expects a return value >= 0.
 2010-09-04 08:42:08 -04:00
Todd C. Miller
e7d56e16e2 Do not set both MODE_EDIT and MODE_RUN 2010-09-04 08:41:42 -04:00
Todd C. Miller
0d935f8546 Move includes to the top of the file. 2010-09-03 19:28:42 -04:00
Todd C. Miller
c31210d663 Add missing definition of timedir 2010-08-30 09:47:52 -04:00
Todd C. Miller
399381de99 Add #include of sys/types.h for .c files that include missing.h to 
be sure that size_t and ssize_t are defined.
 2010-08-30 09:14:41 -04:00
Todd C. Miller
7213f72054 Install sudoers file from the build dir not hte src dir. 2010-08-30 09:06:25 -04:00
Todd C. Miller
94de54b19d If runas_pw changes, reset the stashed runas aux group vector. 
Otherwise, if runas_default is set in a per-command Defaults statement,
the command runs with root's aux group vector (i.e. the one that
was used when locating the command).
 2010-08-26 11:40:04 -04:00
Todd C. Miller
209a210511 Add target to generate sudoers file 
Remove generated sudoers file as part of distclean
 2010-08-26 11:06:12 -04:00
Todd C. Miller
2cef2bb5b0 When not logging I/O install a handler for SIGCONT and deliver it 
to the command upon resume.  Fixes bugzilla #431
 2010-08-24 08:42:47 -04:00
Todd C. Miller
88f9fea400 g/c unused auth_pw extern definition 2010-08-21 10:02:50 -04:00
Todd C. Miller
256ee25ab5 Move get_auth() into check.c where it is actually used. 2010-08-21 08:48:35 -04:00
Todd C. Miller
a68c31306c Convert a remaining puts() and putchar() to use the output function. 2010-08-20 16:53:21 -04:00
Todd C. Miller
a2694e9e26 Plug memory leak 2010-08-20 14:24:07 -04:00
Todd C. Miller
3d48cae18c Set dupcheck to TRUE when setting new HOME value if !env_reset but 
always_set_home is true.  Prevents a duplicate HOME in the environment
(old value plus the new one) introduced in f421f8827340.
 2010-08-18 15:26:26 -04:00
Todd C. Miller
598341d366 Substitute sysconfdir in the installed sudoers file to get the 
correct path for sudoers.d.
 2010-08-18 08:09:10 -04:00
Todd C. Miller
9706b4c508 Fix typo that prevented compilation on Irix; Friedrich Haubensak 2010-08-17 09:51:12 -04:00
Todd C. Miller
f454727bb8 Merge compat.h and missing.h into missing.h 2010-08-16 14:05:44 -04:00
Todd C. Miller
6ce5c4cd97 If the user hits ^C while a password is being read, error out before 
reading any further passwords in the pam conversation function.
Otherwise, if multiple PAM auth methods are required, the user will
have to hit ^C for each one.
 2010-08-14 10:18:49 -04:00
Todd C. Miller
151a2cab56 Update comment 2010-08-12 11:55:56 -04:00
Todd C. Miller
4feaf3c264 Document sudo_conv_t function and sudo_printf_t return values. 2010-08-12 10:29:43 -04:00
Todd C. Miller
10637f6e04 Make _sudo_printf return the number of characters printed on success 
like printf(3).
 2010-08-12 10:27:56 -04:00
Todd C. Miller
129cf8d992 sudoers.h includes sudo_plugin.h for us 2010-08-10 16:36:54 -04:00
Todd C. Miller
6bcd9efc0c Use gettimeofday() directly instead of via the gettime() wrapper. 2010-08-10 13:50:40 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
29efdc50ab Set pp_kit_version and strip off patch level 2010-08-07 14:29:09 -04:00
Todd C. Miller
ee2bdd2488 Better handling of versions with a patchlevel. For rpm and deb, use 
the patchlevel+1 as the release.  For AIX, use the patchlevel as the
4th version number.  For the rest, just leave the patchlevel in the
version string.
 2010-08-07 11:08:32 -04:00
Todd C. Miller
d2cc4740c1 For non-standalone auth methods, stop reading the password if the 
user enters ^C at the prompt.
 2010-08-06 17:16:57 -04:00
Todd C. Miller
96cb890d53 No need to look up shadow password unless we are doing password-style 
authentication.  This moves the shadow password lookup to the auth
functions that need it.
 2010-08-06 13:55:33 -04:00
Todd C. Miller
cb1848fab1 Retain final passwd/group refs until the policy close() function. 
Note that this doesn't get called in all cases so putting
this in a cleanup function is probably better.
 2010-08-06 13:54:35 -04:00
Todd C. Miller
9f27401359 Fix mismerge 2010-08-06 13:53:17 -04:00
Todd C. Miller
640f79e13a When removing/resetting the timestamp file ignore the tty ticket contents. 2010-08-06 12:07:21 -04:00
Todd C. Miller
26526e667f delref sudo_user.pw, runas_pw and runas_gr immediately before we return. 2010-08-06 12:07:03 -04:00
Todd C. Miller
0186018d3d Reference count cached passwd and group structs. The cache holds 
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}.  The final ref on the runas and user passwd
and group structs are persistent for now.
 2010-08-04 09:58:50 -04:00
Todd C. Miller
7b011cf152 fix typo 2010-08-04 08:42:05 -04:00
Todd C. Miller
ec57221017 Do not produce a warning for "sudo -k" if the ticket file does not 
exist.
 2010-08-03 15:16:57 -04:00
Todd C. Miller
65eec19bdc Instead of caching struct passwd and struct group in the red-black 
tree, store a struct cache_item which includes both the key and
datum.  This allows us to user the actual name that was looked up
as the key instead of the contents of struct passwd or struct group.
This matters because the name in the database may not match what
we looked up, due either to case folding or truncation (historically
at 8 characters).  Also mark the disabled calls to sudo_freepwcache()
and sudo_freegrcache() as broken since we use cached data for things
like set_perms() and the logging functions.  Fixing this would
require making a copy of the structs for user and runas or adding
a reference count (better).
 2010-08-03 15:15:45 -04:00