This adds audit plugin support to the sudoers module, currently
only used for accept events. As a result, the sudoers file is now
initially parsed as an audit plugin.
In the past we've relied on the various .c files to include the
system headers that define types that the sudo_*.h headers require.
This is fragile and can cause issues when includes get re-ordered.
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command. Debian bug #669687
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning. If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly. In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf. If using the default umask from
sudoers, allow PAM or login.conf to override it. Bug #900
we are listing in short mode (in which case we convert them to tags
if possible). Fixes a problem where sudoOptions were not being
applied to the command.
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions. This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
the user's password has been verified. The approval function is
run even if no password is required. This is currently only used
for PAM (use pam_acct_mgmt) and BSD auth (auth_approval).
resolve group IDs -> names when needed. If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
caches as needed on demand. Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
for a password, take all sudoers sources into account. In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.
plugin. Almost identical to what sudo.c uses. Currenly only the
environment strings are collected at exit time which is enough to
quiet address sanitizer's leak detector.
