isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,691 Commits 1 Branch 0 Tags
69c627658f87dad300bd6e5fe3b265dc2bc147cc
Commit Graph

3691 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d427384ae4 Set user_ngroups to 0 if getgroups() returns an error. 2004-11-17 00:00:48 +00:00
Todd C. Miller
f7f282ba13 Add configure check for getgroups() 2004-11-16 23:59:56 +00:00
Todd C. Miller
fc85c6f02d Use supplementary group vector in struct sudo_user. 2004-11-16 23:55:26 +00:00
Todd C. Miller
596d1ef5a4 Only do string comparisons on the group members if there is no 
supplemental group list.
 2004-11-16 23:40:58 +00:00
Todd C. Miller
cfbf7768ff sync 2004-11-16 21:10:22 +00:00
Todd C. Miller
900db20f7a On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so 
chop off any trailing slashes we see and add an explicit one.
 2004-11-16 20:54:37 +00:00
Todd C. Miller
0ed2557959 remove bogus XXX comment 2004-11-16 17:02:58 +00:00
Todd C. Miller
3e97ace970 Get rid of alias_matches and correctly fall through to the non-alias 
cases when there is no alias with the specified name.
 2004-11-16 16:10:09 +00:00
Todd C. Miller
4620e8fa6f Cache non-existent passwd/group entries too. 2004-11-16 15:47:55 +00:00
Todd C. Miller
7679efc432 regen 2004-11-16 15:45:49 +00:00
Todd C. Miller
8680307dbd fix typo 2004-11-16 04:32:29 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
fd46c2c3ef Properly negate the return value of alias_matches() when appropriate. 2004-11-15 19:43:47 +00:00
Todd C. Miller
61ba998eec Make hostname_matches() return TRUE for a match, else FALSE like the 
caller expects.
 2004-11-15 19:38:31 +00:00
Todd C. Miller
cf356ed802 Add missing dependencies on gram.h 2004-11-15 18:24:09 +00:00
Todd C. Miller
814103ee29 Use runas_matches in alias_matches() now that we have it. 2004-11-15 18:06:11 +00:00
Todd C. Miller
74169a83e0 Expand aliases in "sudo -l" mode 2004-11-15 18:00:29 +00:00
Todd C. Miller
d076091ab3 Use ALIAS for the member type when storing an alias instead of 
HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on
the more generic type.  Expand runas_matches instead of calling
user_matches() inside of it since user_matches() looks up USERALIASes,
not RUNASALIASes.
 2004-11-15 17:33:52 +00:00
Todd C. Miller
77cb1b56aa Paranoia; zero out pw_passwd before freeing passwd entry. 2004-11-15 17:05:54 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
244eec5cdb Use userpw_matches() to compare usernames, not strcmp(), since the latter 
checks for "#uid".
 2004-11-15 14:59:03 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid, 
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
 2004-11-15 14:53:05 +00:00
Todd C. Miller
99158cc7ef add cast to uid_t 2004-11-15 14:50:03 +00:00
Todd C. Miller
7ee6d68151 missing free in alias_destroy 2004-11-15 14:49:48 +00:00
Todd C. Miller
ec431b4e3b Can't use rbapply() for rbdestroy since the destructor is passed a 
data pointer, not a node pointer.
 2004-11-15 14:49:17 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that 
set/end the shadow password file too.
 2004-11-15 04:06:16 +00:00
Todd C. Miller
e26e40df8a Store aliases in a red-black tree. 2004-11-15 03:55:22 +00:00
Todd C. Miller
72c6f3ba99 red-black tree implementation 2004-11-15 03:52:54 +00:00
Todd C. Miller
f3839f1bf0 Edit all sudoers file if there were unused or undefined aliases and we 
are in strict mode.
 2004-11-15 03:37:53 +00:00
Todd C. Miller
a768dbc34f Bring back the "secure_path" Defaults option now that Defaults take 
effect before the path is searched.
 2004-11-12 16:19:19 +00:00
Todd C. Miller
541908f1bd A user can always list their own entries, even with -u. 
Better error message when failing to list another user's entries.
 2004-11-11 17:22:30 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
85d1ca15a7 Update env variable info in SECURITY NOTES 2004-11-11 16:30:01 +00:00
Todd C. Miller
74b4e439a6 strip CDPATH too 2004-11-11 16:25:20 +00:00
Todd C. Miller
482526bde1 strip exported bash functions from the environment. 2004-11-11 16:20:59 +00:00
Todd C. Miller
29fc2c9475 Only reset sudo_user.pw based on SUDO_USER environment variables for 
real commands and sudoedit.  This avoids a confusing message when a
user tries "sudo -l" or "sudo -v" and is denied.
 2004-10-27 16:16:23 +00:00
Todd C. Miller
8ac7915572 Extend LIST_APPEND to deal with appending lists too 2004-10-27 16:06:52 +00:00
Todd C. Miller
4549980664 Convert some bitwise AND to ISSET 2004-10-26 22:39:35 +00:00
Todd C. Miller
7062fd28fd toke.c replaces lex.yy.c 2004-10-26 22:29:32 +00:00
Todd C. Miller
b1d7ccde4f sync 2004-10-26 22:29:08 +00:00
Todd C. Miller
f3d8a11601 new parser fixes most of the outstanding bugs 2004-10-26 22:28:11 +00:00
Todd C. Miller
5744a0bfd6 regen 2004-10-26 22:27:06 +00:00
Todd C. Miller
2c1da58a82 Rework for the new parser. 
Now checks for unused aliases in sudoers.
 2004-10-26 22:26:28 +00:00
Todd C. Miller
987d5cf815 Rewrite for the new parser. Now supports a -d flag (dump) and adds a -h 
flag (host).  It now defaults to the local hostname unless otherwise
specified.
 2004-10-26 22:25:34 +00:00
Todd C. Miller
e392b4d11d Add new prototypes. 
Remove NOMATCH/UNSPEC (now in parse.h)
 2004-10-26 22:23:29 +00:00
Todd C. Miller
efbc9997a1 Update for new parse. We now call find_path() *after* we have updated 
the global defaults based on sudoers.  Also adds support for listing
other user's privs if you are root.
 2004-10-26 22:22:46 +00:00
Todd C. Miller
ce4b69f8b0 Working LDAP support; also remove a now-unneeded rewind(). 2004-10-26 22:21:02 +00:00
Todd C. Miller
899e22194e Add NO_STDERR flag. 2004-10-26 22:20:18 +00:00
Todd C. Miller
6c5550d13c Split sudo_ldap_check() into three pieces: sudo_ldap_open(), 
udo_ldap_update_defaults() and sudo_ldap_check().  This allows
us to connecto to LDAP, apply the default options, find the command
in the user's path, and then check whether the user is allowed to
run it.  The important thing here is that the default runas user
may be specified as a default option and that needs to be set
before we search for the command.
 2004-10-26 22:19:58 +00:00
Todd C. Miller
0de1515d06 Add casts to unsigned char for isspace() to quiet a gcc warning. 2004-10-26 22:17:15 +00:00