isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,583 Commits 1 Branch 0 Tags
652d0de98a12dd24e736385e08b0de3d76cc0616
Commit Graph

931 Commits

Author SHA1 Message Date
Todd C. Miller
4134b24ec2 Avoid nested strtok() calls. 2012-10-24 14:24:36 -04:00
Todd C. Miller
2b23d2b12c Move expand_prompt() into its own source file for easier unit testing. 2012-10-23 14:27:52 -04:00
Todd C. Miller
0a7af23038 Make check.c independent of the underlying timestamp implementation. 2012-10-23 14:16:57 -04:00
Todd C. Miller
fb037caffc Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. 2012-10-23 11:57:07 -04:00
Todd C. Miller
a3a1574cdf Explicitly mark main() as public in executables to avoid an HP-UX 
ld warning.
 2012-10-02 15:08:02 -04:00
Todd C. Miller
0fa33ccf0f Split off timestamp functions into their own source file. 2012-09-27 10:21:13 -04:00
Todd C. Miller
6a25affb47 Add rudimentary support for name-based matching as a compile-time 
option.  This unsafe when used in conjunction with the '!' operator.
 2012-09-24 10:09:41 -04:00
Todd C. Miller
883e0ec3cc Split out implementation-specific back end code out of pwutil.c 
into pwutil_impl.c.  This will allow the main pwutil code to be
used for lookup methods other than getpw* and getgr*.
 2012-09-21 16:25:01 -04:00
Todd C. Miller
7f36643a66 Rename yyerror() to sudoerserror() to match yacc prefix changes. 
Not really needed due to the #defines that yacc makes but it is
less confusing this way as the lexer calls sudoerserror().
 2012-09-17 17:03:17 -04:00
Todd C. Miller
1d90c0ad71 No need to translate "unable to allocate memory" when we can just 
use the system translation via strerror().
 2012-09-17 16:59:26 -04:00
Todd C. Miller
f808fead0a Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. 
Not all file systems support d_type.  Bug #572
 2012-09-17 13:20:30 -04:00
Todd C. Miller
37d70a999c Avoid calling fclose(NULL) in the error path when we cannot open an 
I/O log file.
 2012-09-17 10:53:46 -04:00
Todd C. Miller
faf112c53b Replace the guts of sudo_setenv_nodebug() with our old setenv.c 
which supports non-standard BSD and glibc semantics.
sudo_setenv() now simply calls sudo_setenv2().
 2012-09-16 15:18:58 -04:00
Todd C. Miller
bdf93e8d3e Enable non-Unix group support for LDAP sudoers. We now check for 
non-Unix groups and netgroups with the same query in the second
pass.  Bug #571
 2012-09-15 13:41:24 -04:00
Todd C. Miller
5276ab3a5f Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. 2012-09-14 16:19:25 -04:00
Todd C. Miller
40d0492a42 Avoid setting LOGNAME, USER and USERNAME variables twice when 
set_logname is enabled.
 2012-09-11 10:24:20 -04:00
Todd C. Miller
6beab19148 Fix duplicate detection in sudo_putenv(), do not prune out the 
variable we just set when overwriting an existing instance.
Fixes bug #570
 2012-09-11 10:22:37 -04:00
Todd C. Miller
d2a46c0f81 Add some debuggging 2012-09-11 10:21:32 -04:00
Todd C. Miller
3af7a0daf5 Disable word wrap in list mode when stdout is a pipe to make "sudo 
-l | grep ..." more useful.  Adapted from a diff by Daniel Kopecek.
 2012-09-04 10:44:34 -04:00
Todd C. Miller
d787df3c1d Add support for [SUCCESS=return] in nsswitch.conf; from Daniel Kopecek 2012-09-04 09:22:10 -04:00
Todd C. Miller
a71e685aa9 regen .po files 2012-09-01 17:10:36 -04:00
Todd C. Miller
8de12a2bcf Add Vietnamese sudoers translation from translationproject.org 2012-09-01 17:00:49 -04:00
Todd C. Miller
4380a60a97 Add Vietnamese sudoers translation from translationproject.org 2012-09-01 13:10:04 -04:00
Todd C. Miller
ac4b21b3e2 Remove generated file and change path for temporary include file. 2012-08-23 14:57:57 -04:00
Todd C. Miller
6d08c4b406 When running regress tests, list pass/fail rate for each dir 
(testsudoers and visudo) instead of the total.  Also prevent the
result files from clobbering each other by keeping them in the
relevant directories.
 2012-08-23 14:47:58 -04:00
Todd C. Miller
e498bab4c1 Don't print an error message in yyerror() if open_sudoers() fails, 
we've already printed an error message.  Also restore the check
for sudoers_warnings in yyerror().
 2012-08-23 14:02:02 -04:00
Todd C. Miller
0c8c3c0cd8 Avoid printing the >>> parse error <<< message for testsudoers 
when the -t flag is specified.
 2012-08-23 11:28:44 -04:00
Todd C. Miller
793426106e Fix NULL deref when an entry has no Runas_Entry 2012-08-22 15:50:58 -04:00
Todd C. Miller
81d42ae4e6 sync with translationproject.org 2012-08-22 12:56:28 -04:00
Todd C. Miller
778895adfd Correct the check_user() comment header. 2012-08-22 12:52:07 -04:00
Todd C. Miller
60ba369791 Change a log_fatal() into log_error() when no auth methods are 
configured.  The caller already checks the return value.
 2012-08-22 12:51:46 -04:00
Todd C. Miller
2b5d43b8aa Add missing debug_return 2012-08-22 10:20:27 -04:00
Todd C. Miller
57f1c7fe05 Sync with translationproject.org and add Italian sudoers translation. 2012-08-17 09:56:44 -04:00
Todd C. Miller
6260a75891 Use AI_FQDN instead of AI_CANONNAME if available since "canonical" 
is not always the same as "fully qualified".
 2012-08-15 09:52:26 -04:00
Todd C. Miller
7aeadbd5b3 Add new check_defaults() function to check (but not update) the 
Defaults entries.  Visudo can now use this instead of update_defaults
to check all the defaults regardless instead of just the global
Defaults entries.
 2012-08-14 10:45:55 -04:00
Todd C. Miller
66ad86594e regen 2012-08-10 13:18:19 -04:00
Todd C. Miller
ef33ee45d9 Sync with translationproject.org and add new Slovenian translation. 2012-08-10 13:07:53 -04:00
Todd C. Miller
241b2395cf Reduce the number of "internal error, foo overflow" messages that 
need to be translated.
 2012-08-10 12:18:38 -04:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00
Todd C. Miller
3ba8da4ab6 Cast 2nd argument of lseek() to off_t if it is a constant for systems 
with 64-bit off_t but without a proper lseek() prototype.
 2012-08-07 14:42:08 -04:00
Todd C. Miller
7d255e42cb Fix some warnings from clang checker-267 2012-08-07 11:01:28 -04:00
Todd C. Miller
487c8abb08 Fix memory leak found by clang checker-267 2012-08-07 10:27:55 -04:00
Todd C. Miller
355d40aa86 The second argument to init_parser() is now bool. 2012-08-02 15:40:11 -04:00
Todd C. Miller
80597710c1 Fix printing of parse error message to stderr. 2012-08-02 15:37:48 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00
Todd C. Miller
b1d1d89899 Fix compilation on Solaris 2012-08-01 14:57:14 -04:00
Todd C. Miller
f205243bd7 Active Directory apparently requires that tenths of a second be 
present in a date so append .0 to the "now" value in the time filter.
Also remove space for the global AND from TIMEFILTER_LENGTH since
it was not being used consistently.  Buffers of TIMEFILTER_LENGTH
now need to account for the terminating NUL byte.
 2012-07-30 11:09:11 -04:00
Todd C. Miller
a9623c29c2 Fix SELinux build 2012-07-30 11:01:32 -04:00
Todd C. Miller
383e0c860b Fix printing of the permission denied message to standard error 
when a user is not allowed to run a command.  This got broken by
the recent logging changes.
 2012-07-27 16:22:09 -04:00