isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

911 Commits

Author SHA1 Message Date
Todd C. Miller
42df431ce2 Make the default certificate and key paths match the example file. 2020-05-04 11:33:04 -06:00
Todd C. Miller
79b064139f Document the TLS and test options. 2020-04-23 14:26:16 -06:00
Todd C. Miller
c161f68b43 Document TLS settings in ServerHello 2020-04-20 11:12:03 -06:00
Todd C. Miller
66c8f69f8d Make it clear in the sudoers grammar that sudoedit needs file args. 
Debian bug #571621
 2020-04-03 10:17:19 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND. 
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
 2020-04-02 13:01:58 -06:00
Todd C. Miller
835984adc2 Document when cwd_optional was added. 2020-04-01 08:40:51 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
9dea4bb244 The policy close function is responsible for closing the PAM session. 2020-03-31 17:23:37 -06:00
Todd C. Miller
d4b2db9078 Add license info for a few other files. 
These are all ISC licensed but it is still best to have them
all listed in one place.
 2020-03-29 06:54:59 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
056173e572 Parse I/O JSON info file in JSON if present. 
The JSON version includes more information than the original "log"
file in the I/O log dir.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
6c1b155fed Add copyright for the Python bindings. 2020-03-11 15:43:48 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Robert Manner
e588879cf5 doc/sudo_plugin_python: add approval plugin to supported plugins 2020-02-26 13:15:52 -07:00
Robert Manner
95dce8cbe6 doc/sudo_plugin_python: document approval plugin and PluginReject 2020-02-19 11:51:18 -07:00
Todd C. Miller
982c003b8d Add support for JSON structured logging using syslog. 
Note that depending on the system, the default syslog buffer
may not be large enough to store all the logging data.
 2020-02-17 16:25:18 -07:00
Todd C. Miller
5781a6a4cf Add support for JSON logging in sudo_logsrvd. 2020-02-17 16:10:56 -07:00
Todd C. Miller
009788afae Clarify that approval close happens after auditing. 
Also fix a few typos.
 2020-02-10 15:43:25 -07:00
Todd C. Miller
01a53f2865 Add open and close functions to the approval plugin API. 
We need a close function to be able to to free memory allocated for
errstr.  Unlike the other plugins, the close function is called
immediately after the plugin's check or show_version function.
The plugin does not remain open until the command completes.
 2020-02-10 15:29:48 -07:00
Robert Manner
ecdaaffd57 doc/sudo_plugin_python: document python audit plugin support 2020-02-10 05:24:16 -07:00
Robert Manner
bd465b3087 doc/sudo_plugin_python: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
8f79d5c1c7 doc/sudo_plugin_python: update python manual for constant -> enum changes 2020-02-10 05:24:16 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
cec6b1708a Regenerate .man.in files from .mdoc.in 2020-02-02 16:13:05 -07:00
Todd C. Miller
b35cc96f0e Update documentation for setbase when the given base is NULL. 2020-02-02 16:12:39 -07:00
Todd C. Miller
790f8bb629 Document audit plugin in the sudo_plugin manual. 2020-01-30 20:57:40 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Robert Manner
9294108cd6 doc/sudo_plugin_python: update doc about the multiple I/O plugin loading 2020-01-23 12:46:14 -07:00
Todd C. Miller
f4716a75e4 Document new tls_verify setting. 2020-01-23 11:42:08 -07:00
Todd C. Miller
07a2965bab Document TCP keepalive options in the manual pages. 2020-01-22 11:07:01 -07:00
Todd C. Miller
b8e1422e84 Add proper diacritical to Róbert's name. 2020-01-22 10:48:31 -07:00
Todd C. Miller
5913c63642 Add abs_top_srcdir and abs_top_builddir and use them. 
Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir.  We can use these instead of calling pwd.
 2020-01-20 06:37:42 -07:00
Todd C. Miller
0ab02b8a16 Fix mdoc lint warnings by removing .Pp before and after .Ss. 2020-01-17 09:47:52 -07:00
Todd C. Miller
c9f26ebbb4 Remove whitespace at the end of the line in example sudo.conf 2020-01-17 09:47:52 -07:00
Todd C. Miller
e7480c3410 Add newline before list of artwork authors. 2020-01-10 10:42:39 -07:00
Todd C. Miller
bf68dce053 Update copyright year. 2020-01-10 10:26:12 -07:00
Todd C. Miller
b141213a10 Add Robert Manner 2020-01-07 09:46:07 -07:00
Todd C. Miller
b527ac3fb5 Update sample sudo.conf with all supported settings. 
The deprecated "max_groups" setting is not documented.
 2020-01-02 14:07:30 -07:00
Todd C. Miller
8aa815643f Remove POD-style C<> markup (typewriter font) from sudo.conf 2020-01-02 13:12:27 -07:00
Robert Manner
3f890e4db8 doc/sudo_plugin_python: indent code examples for easier readability 2020-01-02 11:53:08 -05:00
Robert Manner
9871f7e37b doc/sudo.conf: document developer_mode option 2020-01-02 11:53:08 -05:00