isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,452 Commits 1 Branch 0 Tags
6184eb9461fbd4b2b78ca2df1dae7bedd9feb8dd
Commit Graph

275 Commits

Author SHA1 Message Date
Todd C. Miller
6184eb9461 Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps 
should be SESSIONID or SESSID.
 2009-08-30 15:18:50 +00:00
Todd C. Miller
0ab5c31ee0 Add protos for term_* to sudo.h 2009-08-08 12:56:02 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
755a81e946 Add option for set_perm to not exit on failure and use this in 
the logging routines.
 2009-05-10 11:52:13 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
6fed38f323 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and 
provide our own setenv/unsetenv/putenv that operates on own env pointer.
Make sync_env() inline in setenv/unsetenv/putenv functions.
 2009-03-01 00:58:41 +00:00
Todd C. Miller
b18eede622 Even if neither stdin nor stdout are ttys we may still have /dev/tty 
available to us.
 2008-11-25 17:01:34 +00:00
Todd C. Miller
1954d68116 remove #if 1 2008-08-20 11:41:22 +00:00
Todd C. Miller
e439faeeb4 Flesh out the fake passwd entry used for running commands as a uid not 
listed in the passwd database.  Fixes an issue with some PAM modules.
 2008-07-02 10:27:57 +00:00
Todd C. Miller
b85a28aba9 Add env_file Defaults option that is similar to /etc/environment on some 
systems.
 2008-05-03 00:53:21 +00:00
Todd C. Miller
6ca2fd6b50 Split MODE_* defines into primary and flags. 2008-03-27 23:01:04 +00:00
Todd C. Miller
c352187cf8 Add -n (non-interactive) flag. 2008-03-18 20:04:41 +00:00
Todd C. Miller
59c1ac153c attempt to fix compilation errors on AIX 2008-03-06 18:18:17 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
5d86a9d6fe fix definition of TGP_ASKPASS 2008-03-03 19:30:50 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
3c7b76bb54 Unify the -l output for file and ldap based sudoers and use lbufs for both. 
The ldap output does not currently include options that cannot be represented
as tags.  This will be remedied in a long list output mode to come.
 2008-02-03 15:43:38 +00:00
Todd C. Miller
7f05a4ff6f Make set_runaspw static void 2008-01-15 14:23:58 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
4f5e88532f PAM wants the full tty path so add user_ttypath which holds the 
full path to the tty or is NULL if no tty was present.
 2007-09-13 23:05:34 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
436e3b631b Add sudo_unsetenv() and refactor private env syncing code into sync_env(). 2007-07-16 22:39:42 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
d1f6bdbcff Remove format_env() 
Add sudo_setenv() to replace most format_env() + insert_env() combinations.
insert_env() no longer takes a struct environment *
 2007-07-15 19:41:10 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
49cb30aa5b Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. 
Include memrchr() for systems without it.
 2007-06-14 16:06:25 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
f261a99f22 In -l mode, only check local sudoers file if def_ignore_sudoers is not set 
and call LDAP versions from display_privs() and display_cmnd() instead
of directly from main().  Because of this we need to defer closing
the ldap connection until after -l processing has ocurred and we
must pass in the ldap pointer to display_privs() and display_cmnd().
 2005-04-12 01:37:08 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
b3b65fb7fc Add __printflike and use it with gcc to warn about printf-like format mismatches 2005-02-11 23:06:35 +00:00
Todd C. Miller
54db5e40b1 Undo last commit and add sudo_setspent and sudo_endspent instead. 2005-01-05 19:42:06 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
d72a4e9c24 Add strub struct definitions for passwd, timeval and timespec 2004-11-25 17:20:57 +00:00