isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,614 Commits 1 Branch 0 Tags
3bb69ffe816d228dde170b2ef0fecf43f7f4aee5
Commit Graph

75 Commits

Author SHA1 Message Date
Todd C. Miller
3bb69ffe81 Remove CVS $Sudo$ tags. 2010-01-17 19:51:28 -05:00
Todd C. Miller
180785567c Add compress_transcript option. 2009-12-14 01:49:50 +00:00
Todd C. Miller
186d836ebc Add support for floating point timeout values (e.g. 2.5 minutes). 2009-12-08 21:49:53 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
f201db90f3 Move update_defaults into defaults.c and call it properly from 
visudo and testsudoers.
 2008-11-02 19:06:37 +00:00
Todd C. Miller
3cb9d538f9 use zero_bytes() instead of memset() for consistency 2008-11-02 14:51:16 +00:00
Todd C. Miller
b02daa8272 Add sudoers_locale Defaults option to override the default sudoers 
locale of "C".
 2008-09-14 00:45:24 +00:00
Todd C. Miller
2314fd903b store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable 2008-03-05 21:18:06 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
a0f80d6581 rename lh_ -> tq_ 2007-09-11 19:42:48 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
d1dbe2ecee Change list head macros to take a pointer, not a struct. 2007-08-31 01:12:50 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
2805405217 Reset the environment by default. 2005-02-08 03:51:27 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
051a2110a4 Add closefrom sudoers option to start closing at a point other than 3. 
Add closefrom_override sudoers option and -C sudo flag to allow the
user to specify a different closefrom starting point.
 2004-12-16 18:33:49 +00:00
Todd C. Miller
57ab7279b1 Allow tuples that can be used as booleans to be used as boolean TRUE. 
In this case the 2nd possible value of the tuple is used for TRUE.
 2004-11-26 19:21:08 +00:00
Todd C. Miller
f2bdbda17f Zero out sd_un for each entry in sudo_defs_table in init_defaults. 2004-11-21 19:09:47 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
a768dbc34f Bring back the "secure_path" Defaults option now that Defaults take 
effect before the path is searched.
 2004-11-12 16:19:19 +00:00
Todd C. Miller
50e00d2b07 Don't warn about line numbers now that we operate on a set of data 
structures (or LDAP) and not a file.
 2004-10-26 22:16:08 +00:00
Todd C. Miller
362d6f4eb6 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:10 +00:00
Todd C. Miller
5b217d36a3 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
262bb5e870 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:54 +00:00
Todd C. Miller
fb65156a72 Add callback support 2004-01-16 23:03:02 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
626e2cd209 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. 
The default value of noexec_file is set to this.
 2004-01-05 03:58:39 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
34479303ad add DARPA credit on affected files 2003-04-16 00:42:09 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
8dc87eeb22 o Roll our own loop instead of using strpbrk() for better grokability 
o When adding to a list we must malloc() and use memcpy(), not strdup()
  since we must only copy len bytes from str.
 2001-12-30 18:40:09 +00:00
Todd C. Miller
46dd419cd9 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:47 +00:00
Todd C. Miller
2e677e1023 Remove "secure_path" Defaults option since it cannot work with the 
existing parser.
 2001-12-14 06:40:03 +00:00
Todd C. Miller
be8422eedf _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on 
systems that define  in paths.h
 2001-12-14 06:17:35 +00:00
Todd C. Miller
2f818e2c32 o Add a new LIST type and functions to manipulate it. 
o This is for use with environment handling variables.
 o Call new init_envtables() routine inside init_defaults() to
   initialize the environment lists.
 2001-12-11 23:00:34 +00:00
Todd C. Miller
3550d52a90 Add new T_UINT type that most things use instead of T_INT 
If timestamp_timeout is < 0 then treat the ticket as never expiring
(to be expired manually by the user).
 2001-11-02 20:56:20 +00:00
Todd C. Miller
a64a6abd33 Fix negation of paths in a boolean context. Problem found by apt@UH.EDU 2001-03-02 14:09:55 +00:00
Todd C. Miller
422021aebd coerce difference of pointers to int when used in a string length printf 
format; deraadt@openbsd.org
 2001-02-04 16:16:20 +00:00
Todd C. Miller
d956d77528 Move defaults info into its own files from which we generate 
.h and .c files.  This makes adding or rearranging variables
much simpler.
 2000-12-31 01:38:37 +00:00
Todd C. Miller
998631b73a New Defaults options: 
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
 o env_reset - reset the environment to a sane default
 o env_keep - preserve environment variables that would otherwise be cleared

No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
 2000-12-30 03:29:47 +00:00
Todd C. Miller
7ea65e54bd Move set_perms() to its own file and use POSIX saved uid or setreuid() 
if available.

Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
 2000-11-03 05:37:44 +00:00
Todd C. Miller
04777172c0 Allow user to specify umask of 0777 (same as !umask) 2000-10-12 05:30:30 +00:00