isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,403 Commits 1 Branch 0 Tags
5ce1fa96f22dbafbf0e0d56babef57cd62ea67d2
Commit Graph

129 Commits

Author SHA1 Message Date
Todd C. Miller
5ce1fa96f2 Add support for wildcards in the hostname. 2000-03-23 04:09:53 +00:00
Todd C. Miller
db2c555453 kill register 2000-03-22 15:53:09 +00:00
Todd C. Miller
9e0bae9fc6 update copyright year on changed files 2000-01-17 23:46:26 +00:00
Todd C. Miller
f68cc2f628 Add "listpw" and "verifypw" options. 2000-01-17 04:05:18 +00:00
Todd C. Miller
0b59a0974d netgr_matches needs to check shost as well as host since they may be different. 2000-01-11 18:20:41 +00:00
Todd C. Miller
625e3e46d0 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd 
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
 2000-01-03 04:43:33 +00:00
Todd C. Miller
957fa7941d o Kill HAVE_FNMATCH_H 
o Only define HAVE_FNMATCH if <fnmatch.h> exists.
 1999-12-09 03:54:57 +00:00
Todd C. Miller
b937889e88 Don't ask the user for a password if the user is not allowed to run 
the command and the authenticate flag (in sudoers) is false.
 1999-12-06 00:14:54 +00:00
Todd C. Miller
a067249e1c Move inclusion of emul/fnmatch.h to be after sudo.h for __P 1999-08-28 10:00:22 +00:00
Todd C. Miller
56f3bf61c1 typo in comment 1999-08-27 14:39:24 +00:00
Todd C. Miller
a2b3e36e73 add FLAG_NO_CHECK 1999-08-26 09:06:41 +00:00
Todd C. Miller
8723291d89 CIDR-style netmask support 1999-08-24 16:42:28 +00:00
Todd C. Miller
275c2fc980 Run most of the code as root, not the invoking user. It doesn't really 
gain us anything to run as the user since an attacker can just have
an setuid(0) in their egg.  Running as root solves potential problems
wrt signalling.
 1999-08-20 20:37:16 +00:00
Todd C. Miller
0598093e2c sudoers_lookup() now returns a bitmap instead of an int. This makes it 
possible to express things like "failed to validate because user not listed
for this host".  Some thigns that were previously VALIDATE_FOO are now
FLAG_FOO.  This may change later on.

Reorganized code in log_auth() and sudo.c to deal with above changes.

Safer versions of push/pushcp with in the do { ... } while (0) style

parse.yacc now saves info on the stack to allow parse.c to determine
if a user was listed, but not for the host he/she tried to run on.

Added --with-mail-if-no-host option
 1999-08-19 16:30:09 +00:00
Todd C. Miller
145992dce2 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file 
o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
 1999-08-06 09:37:03 +00:00
Todd C. Miller
6b3909c780 rename validate() to the more descriptive sudoers_lookup() 1999-08-01 15:42:12 +00:00
Todd C. Miller
0d732401f4 add 4th term to license similar to term 5 in the apache license 1999-07-31 16:19:50 +00:00
Todd C. Miller
c7fd99aa54 BSD-style copyright. Move parser-specific defines and structs into parse.h + other cosmetic changes 1999-07-22 12:51:18 +00:00
Todd C. Miller
26be17a3d6 Add contribution info in the main comment 1999-07-12 10:25:14 +00:00
Todd C. Miller
80287c981c Move interface-related defines to interfaces.h so we don't have to include 
<netinet/in.h> everywhere.
 1999-05-17 01:36:30 +00:00
Todd C. Miller
16fdb0a5c5 fix comment 1999-04-10 17:03:32 +00:00
Todd C. Miller
06e586ee7b Function names should be flush with the start of the line so they can be found trivially in an editor and with grep 1999-04-10 04:49:03 +00:00
Todd C. Miller
eecc5ce1c9 free(3) is already void, no need to cast it 1999-04-10 04:40:57 +00:00
Todd C. Miller
59b0cff8cf Stash the "safe" path (ie: the one listed in sudoers) to the command instead 
of stashing the struct stat.  Should be safer.
 1999-04-10 04:10:01 +00:00
Todd C. Miller
499e869237 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a command 
but the NOPASSWD flag was set.
Make runasspec, runaslist, runasuser, and nopasswd typeless in parse.yacc
Add support for '!' in the runas list
Fix double printing of '%' and '+' for groups and netgroups respectively
Add *_matched macros (no need for local stack variable).  Should only be
used directly after a pop (since top must be >= 2).
 1999-04-06 05:00:29 +00:00
Todd C. Miller
e6deacb6c4 Crank version to 1.6 and combine copyright statements 1999-04-05 20:57:25 +00:00
Todd C. Miller
49c5a12d8c Fix another parser bug. For a sudoers entry like this: 
millert	ALL=/bin/ls,(daemon) !/bin/ls
sudo would not allow millert to run ls as root.
 1999-03-30 17:17:54 +00:00
Todd C. Miller
79c46d1c81 ++version 1999-03-29 04:05:15 +00:00
Todd C. Miller
382ef75493 Use emalloc/erealloc/estrdup 1999-03-29 02:59:34 +00:00
Todd C. Miller
52916f16ac add explicate copyright 1999-02-03 04:32:19 +00:00
Todd C. Miller
826fe213f2 add sudo tags 1999-01-17 23:16:20 +00:00
Todd C. Miller
d3aaf52283 crank version and regen files 1999-01-17 22:40:55 +00:00
Todd C. Miller
62dba8f4d1 more -Wall 1998-11-18 04:16:13 +00:00
Todd C. Miller
c253188f55 -Wall 1998-11-18 03:51:10 +00:00
Todd C. Miller
4f461199af kill perror("malloc") since we already have a good error messages 
pw_ent -> pw for brevity
when checking if %group matches, look up user in password file so
that %groups works in a RunAs spec.
 1998-11-04 01:39:40 +00:00
Todd C. Miller
5bfb481ca7 no more options.h 1998-10-15 05:41:26 +00:00
Todd C. Miller
581cfa1406 FAST_MATCH is no longer an optino 1998-10-15 03:57:14 +00:00
Todd C. Miller
0ef9f25d7e updated version 1998-09-17 16:27:15 +00:00
Todd C. Miller
a1c5148c34 use NAMLEN() macro 1998-09-07 02:41:33 +00:00
Todd C. Miller
12477fd6e6 updated version 1998-04-06 03:35:50 +00:00
Todd C. Miller
c27d678ff7 MAX* + 1 -> MAX* 1998-04-06 03:15:39 +00:00
Todd C. Miller
e37e1e56b6 updated version 1998-03-31 05:05:49 +00:00
Todd C. Miller
c866646cdf updated version 1998-02-18 21:39:31 +00:00
Todd C. Miller
2fc787d5f6 updated version 1998-02-17 02:43:17 +00:00
Todd C. Miller
bc7803cd08 updated version 1998-02-06 20:49:24 +00:00
Todd C. Miller
3e52d3a117 set sudoers_fp to nil after closing 1998-01-30 19:59:03 +00:00
Todd C. Miller
0c362fb216 updated version 1998-01-21 06:33:06 +00:00
Todd C. Miller
bb6a33e080 updated version 1998-01-21 05:50:58 +00:00
Todd C. Miller
cae4b9d3e3 sudoers file open is now done only in check_sudoers() so 
we just do a rewind() instead of an open.  May help people on
solaris who were getting EAGAIN.
 1998-01-21 05:02:59 +00:00
Todd C. Miller
6523933184 typo 1998-01-13 15:32:41 +00:00