isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,614 Commits 1 Branch 0 Tags
3bb69ffe816d228dde170b2ef0fecf43f7f4aee5
Commit Graph

108 Commits

Author SHA1 Message Date
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
e6c0ba72f3 s/setenv_ok/setenv_implied/g 2007-11-21 18:50:47 +00:00
Todd C. Miller
fff47a319a hostname_matches() returns TRUE on match in sudo 1.7. 2007-11-21 18:44:48 +00:00
Todd C. Miller
4a39e1bebe use strcmp, not strcasecmp when comparing ALL 2007-11-21 18:26:59 +00:00
Todd C. Miller
6751e9a9cd Make sudo ALL imply setenv. Note that unlike with file-based sudoers 
this does affect all the commands in the sudoRole.
 2007-11-21 16:41:49 +00:00
Todd C. Miller
19ff128f31 back out partial ldaps support mistakenly committed 2007-09-04 22:51:35 +00:00
Todd C. Miller
84a22a2d52 Add support for unix groups and netgroups in sudoRunas 2007-09-04 14:57:14 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
3a96b6de4f Add support for using gss_krb5_ccache_name() instead of setting 
KRB5CCNAME.  Also use sudo_unsetenv() in the non-gss_krb5_ccache_name()
case if there was no KRB5CCNAME in the original environment.
TODO: configure setup for gss_krb5_ccache_name()
 2007-07-16 23:40:54 +00:00
Todd C. Miller
f5ad187edf Add support for sasl_secprops in ldap.conf 2007-07-16 22:44:07 +00:00
Todd C. Miller
328a6b493b The ldap.conf variable is sasl_auth_id not sasl_authid. 2007-07-16 11:27:41 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
8cb8c55f94 Fix use_sasl vs. rootuse_sasl logic. 2007-07-15 16:47:53 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
16166fc5e6 warn -> warning 2007-07-08 18:41:17 +00:00
Todd C. Miller
296680928d Do a sub tree search instead of a base search (one level in the 
tree only) for sudo right objects.  This allows system administrators
to categorize the rights in a tree to make them easier to manage.
 2006-06-15 18:44:42 +00:00
Todd C. Miller
7c588a0143 Convert GET_OPT and GET_OPTI to use just 2 args. 
Add timelimit and bind_timelimit support; adapted from gentoo.
 2005-12-04 17:16:36 +00:00
Todd C. Miller
920c811687 Support comments that start in the middle of a line 2005-11-23 23:57:10 +00:00
Todd C. Miller
4e86b1d74a Remove ncat() in favor of just counting bytes and pre-allocating what is 
needed.
 2005-06-27 00:10:06 +00:00
Todd C. Miller
73730b872b Fix up some comments 
Add missing fclose() for the rootbinddn case
 2005-06-26 23:44:30 +00:00
Todd C. Miller
380d3c8c7b align struct ldap_config 2005-06-26 23:38:44 +00:00
Todd C. Miller
76f3c652d6 use LINE_MAX for max conf file line size 2005-06-26 23:37:54 +00:00
Todd C. Miller
3b30d7514a Support rootbinddn in ldap.conf 2005-06-25 22:03:10 +00:00
Todd C. Miller
9800e99ffc Don't set safe_cmnd for the "sudo ALL" case. 2005-06-23 02:57:18 +00:00
Todd C. Miller
fe4f33ab94 Reorganize LDAP code to better match normal sudoers parsing. Instead 
of storing strings for later printing in -l mode we do another query
since the authenticating user and the user being listed may not be
the same (the new -U flag).  Also add support for "sudo -l command".

There is still a fair bit if duplicated code that can probably
be refactored.
 2005-04-12 01:33:23 +00:00
Todd C. Miller
b8cbf50a38 Replace pass variable with do_netgr for better readability. 2005-04-11 04:37:49 +00:00
Todd C. Miller
3f84e1b18d use DPRINTF macro 2005-04-11 03:49:46 +00:00
Todd C. Miller
f1d67a9b34 estrdup, not strdup 2005-04-11 03:18:38 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
e3c99d9c84 Removed duplicate call to ldap_unbind_s introduced along with sudo_ldap_close. 2005-03-27 02:34:25 +00:00
Todd C. Miller
ddb8c3d7df return(foo) not return foo 
optimize _atobool() slightly
 2005-03-06 03:46:52 +00:00
Todd C. Miller
474768bd5f Use TRUE/FALSE 2005-03-06 03:40:18 +00:00
Todd C. Miller
3154a75b8e Reformat to match the rest of sudo's code. 2005-03-06 03:31:58 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
fc85c6f02d Use supplementary group vector in struct sudo_user. 2004-11-16 23:55:26 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
6c5550d13c Split sudo_ldap_check() into three pieces: sudo_ldap_open(), 
udo_ldap_update_defaults() and sudo_ldap_check().  This allows
us to connecto to LDAP, apply the default options, find the command
in the user's path, and then check whether the user is allowed to
run it.  The important thing here is that the default runas user
may be specified as a default option and that needs to be set
before we search for the command.
 2004-10-26 22:19:58 +00:00
Todd C. Miller
0de1515d06 Add casts to unsigned char for isspace() to quiet a gcc warning. 2004-10-26 22:17:15 +00:00
Todd C. Miller
f7d7a3d5f7 sudo should not send mail if someone who runs 'sudo -l' has no entry. 2004-10-26 22:07:03 +00:00
Todd C. Miller
66992e10ef If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. 
Fixes a compilation problem with Solaris 9's native LDAP.

Set FLAG_MONITOR when needed.
 2004-10-25 17:38:24 +00:00
Aaron Spangler
646d43cf5c config tls_* options 2004-09-02 04:03:25 +00:00
Aaron Spangler
2ceb87bc56 Allow --with-ldap-conf-file option to override LDAP_CONF 2004-08-27 03:44:35 +00:00
Aaron Spangler
b7ea12521a cleanup debug message 2004-08-27 02:08:10 +00:00
Aaron Spangler
02381e4c26 reflect changes to parse.c 2004-08-03 02:34:20 +00:00
Aaron Spangler
921f746138 Better debugging of ALL command 2004-07-08 01:04:50 +00:00