isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,688 Commits 1 Branch 0 Tags
6dba84dca9e53ea5fc12c59faab6bdf3bbab8f51
Commit Graph

584 Commits

Author SHA1 Message Date
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
31540e6228 Bump version to 1.11 for timeout entry in settings[] 2017-02-16 10:28:08 -07:00
Todd C. Miller
b030c96a86 regen 2017-02-16 10:13:48 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
8e3613340c update zlib to version 1.2.11 2017-01-25 15:11:32 -07:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
34ba901baa Fix documentation bug, the contents of env_file have never been 
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
 2017-01-17 10:10:47 -07:00
Todd C. Miller
57933a8ff3 Safer example for rule that can change non-root passwords. GNU 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
 2017-01-17 08:55:40 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
87d02bfe2d Dell spun off Quest so simplify the history by just talking 
about Quest and not Dell.
 2016-12-20 06:35:49 -07:00
Todd C. Miller
f847570ba9 Fix copyright year 2016-12-19 12:48:15 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
cb1f044017 Allow stdin and ttyin to be displayed too. The only one that is 
really useful in sudoreplay is stdin when input is from a pipe.
 2016-11-30 13:38:01 -07:00
Todd C. Miller
94b844ebb5 regen 2016-11-21 17:45:46 -07:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
80217f0bbc Remove obsolete solaris issue with snprintf 2016-11-17 08:11:01 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
541ffbeec8 Bump plugin minor version to 10 for sudo_mode, sudo_group and sudo_user. 2016-11-08 20:34:46 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
a9715211a8 Use sudoedit in examples instead of "sudo vi" 2016-11-02 17:07:25 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
6fa59b7416 There are now 14 tag values, not 10. Don't bother mentioning the 
number since it keeps increasing.  Bug #759
 2016-10-19 07:33:07 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
6eb1b8c7ea Norwegian Nynorsk translation of sudo from translationproject.org 2016-09-07 11:07:59 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
dba28a945c Mention that match_group_by_gid has no effect when sudoers is stored 
in LDAP.
 2016-08-31 12:29:54 -06:00
Todd C. Miller
edcb137f60 match_group_by_gid is only available in sudo 1.8.18 and above 2016-08-30 14:37:57 -06:00
Todd C. Miller
7aeb11a920 Mention match_group_by_gid 2016-08-30 14:37:11 -06:00
Todd C. Miller
c57979bfb6 Document match_group_by_gid 2016-08-30 14:35:16 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
d17bc132de Document that fqdn, runas_default and sudoers_locale are parsed early. 2016-08-09 10:26:02 -06:00
Todd C. Miller
ac20b8ddff Regen for 1.8.18 2016-08-09 10:25:50 -06:00
Todd C. Miller
f98b481af2 Point the reader to the sudoers manual for the list of supported 
arguments after the plugin path.
 2016-06-15 10:10:59 -06:00
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
638acc28cf The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. 
Also fix the section for ldap.conf cross-references.
 2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0 Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". 
Add missing word "order" in a sentence describing sudoOrder.
 2016-05-31 13:14:30 -06:00