isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,452 Commits 1 Branch 0 Tags
6184eb9461fbd4b2b78ca2df1dae7bedd9feb8dd
Commit Graph

38 Commits

Author SHA1 Message Date
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
f96b0a7432 Implement umask_override 2009-02-21 22:03:47 +00:00
Todd C. Miller
dd56fbadb4 Rename pwstars to pwfeedback 2009-02-15 20:53:49 +00:00
Todd C. Miller
108d53548b Rename simple_glob -> fast_glob 2009-02-10 19:04:02 +00:00
Todd C. Miller
7207b4cd60 Add simple_glob option to use fnmatch() instead of glob(). This is 
useful when you need to specify patterns that reference network file
systems.
 2009-02-10 13:09:14 +00:00
Todd C. Miller
38c225af03 Add pwstars sudoers option that causes sudo to print a star every 
time the user presses a key.
 2009-02-08 00:50:48 +00:00
Todd C. Miller
535ed3817c Sudo will now refuse to run if no tty is present unless the new 
visiblepw sudoers flag is set.
 2008-11-07 02:06:48 +00:00
Todd C. Miller
b02daa8272 Add sudoers_locale Defaults option to override the default sudoers 
locale of "C".
 2008-09-14 00:45:24 +00:00
Todd C. Miller
b85a28aba9 Add env_file Defaults option that is similar to /etc/environment on some 
systems.
 2008-05-03 00:53:21 +00:00
Todd C. Miller
0f9e7f96f4 Add mailfrom Defaults option that sets the value of the From: 
field in the warning/error mail.  If unset the login name of
the invoking user is used.
 2008-03-05 21:52:19 +00:00
Todd C. Miller
cbf038c61c make askpass boolean-capable 2008-03-03 18:54:34 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
5b248a0765 add missing printf format to SELinux role and type strings 2008-03-02 13:38:46 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
74c5dc4fad Add passprompt_override flag to sudoers that will cause the prompt 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
 2007-12-02 17:13:48 +00:00
Todd C. Miller
209e35027f Reorder things such that the definition of env_reset come right 
before the env variable lists.
 2007-09-15 20:07:50 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
840d51a160 s/-O/-C/ 2005-01-18 00:41:31 +00:00
Todd C. Miller
051a2110a4 Add closefrom sudoers option to start closing at a point other than 3. 
Add closefrom_override sudoers option and -C sudo flag to allow the
user to specify a different closefrom starting point.
 2004-12-16 18:33:49 +00:00
Todd C. Miller
f5c359ee06 verifypw when used in a boolean TRUE context should be "all", not "any". 2004-11-28 21:05:38 +00:00
Todd C. Miller
a768dbc34f Bring back the "secure_path" Defaults option now that Defaults take 
effect before the path is searched.
 2004-11-12 16:19:19 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
ef874440a5 Add trace option 2004-09-24 17:11:14 +00:00
Aaron Spangler
240f4e0317 Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Todd C. Miller
04b8f60cad Update the noexec variable descriptions 2004-01-22 21:06:58 +00:00
Todd C. Miller
487cd96e08 Add a callback field and use it for runas_default 2004-01-16 23:02:18 +00:00
Todd C. Miller
0f6749fa25 Move the environment defaults to the end and shorten a few of the descriptions. 2004-01-05 21:10:19 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
b289f73870 Add a new option, lecture_file, that can be used to point to a custom 
sudo lecture.
 2004-01-05 01:12:22 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
15965c2ce7 Add timestampowner, "Owner of the authentication timestamp dir" 2002-05-03 22:47:29 +00:00
Todd C. Miller
761b119e2e Add new sudoers option "preserve_groups". Previously sudo would not 
call initgroups() if the target user was root.  Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set.  Idea from TJ Saunders.
 2001-12-15 00:24:27 +00:00
Todd C. Miller
2e677e1023 Remove "secure_path" Defaults option since it cannot work with the 
existing parser.
 2001-12-14 06:40:03 +00:00
Todd C. Miller
93971de654 Convert environment options to use the new LIST type and add a new one, 
env_check that only deletes if the sanity check fails.
 2001-12-11 22:57:44 +00:00
Todd C. Miller
de9d655ea6 Add mail_badpass option 
Also modify mail_always behavior to also send mail when the password is wrong
 2001-11-12 18:13:03 +00:00
Todd C. Miller
d50e2bb387 regenerated from def_data.in 2001-11-02 20:57:02 +00:00
Todd C. Miller
d956d77528 Move defaults info into its own files from which we generate 
.h and .c files.  This makes adding or rearranging variables
much simpler.
 2000-12-31 01:38:37 +00:00