isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,350 Commits 1 Branch 0 Tags
74c2dc78066c08cd07cb15e66207b57abc74092a
Commit Graph

536 Commits

Author SHA1 Message Date
Todd C. Miller
c783f01ada Update zlib to version 1.2.8 2014-10-24 15:28:03 -06:00
Todd C. Miller
b91a91d289 Move sample.* files to a sudo examples dir 2014-10-24 14:25:12 -06:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
346ff6766e Pass plugin path in the settings array. 2014-10-22 13:13:00 -06:00
Todd C. Miller
8f1fb89d53 The older style bash function exporting is not used by post-shellshock 
versions of bash.
 2014-10-10 14:04:10 -06:00
Todd C. Miller
29be093646 Use correct names when referring to subsections in the sudoers manual. 2014-10-03 10:41:53 -06:00
Todd C. Miller
4913e02b40 SUDO_CONV_DEBUG_MSG is no longer supported. 2014-09-08 16:34:47 -06:00
Todd C. Miller
393e57b82c regen 2014-09-08 16:33:58 -06:00
Todd C. Miller
acdb6d3690 Change behavior when plugin I/O logging function returns 0 or -1. 
For -1 (error) return, we now kill the command and disable
the I/O logging function that returned the error.
For a 0 (reject) return, we no longer display the rejected
output to the user's terminal.  The plugin API revision is now 1.6.
 2014-08-26 12:07:57 -06:00
Todd C. Miller
3e13662f35 regen to fix version. 2014-08-26 12:05:09 -06:00
Todd C. Miller
ffbc003b7c Fix typo, .em should be .Em 2014-08-21 09:23:34 -06:00
Todd C. Miller
2d22d0dca8 Document the interaction between sudoers environment handling and 
the pam_env module.
 2014-08-11 11:23:16 -06:00
Todd C. Miller
779946ea3a Remove noop man.sed files 
Use full path instead of $@.in when calling config.status with --file=-
 2014-08-07 09:55:12 -06:00
Todd C. Miller
df0fd41530 Add explicit support for matching the full environment string 
(name=value).  Bash functions may now be preserved for full matches,
but not for name-only matches.
 2014-08-06 16:45:57 -06:00
Todd C. Miller
5ff2c80250 Document tracing 2014-07-24 14:39:50 -06:00
Todd C. Miller
2b104d6b3c Fix man page post-processing; it was deleting more than intended. 2014-07-17 08:40:26 -06:00
Todd C. Miller
c6879683a0 Remove double $(srcdir) when running sed scripts. 2014-07-16 16:37:16 -06:00
Todd C. Miller
a1da1d1e4c "an EXEC tag" not "a EXEC tag" 2014-07-16 15:44:21 -06:00
Todd C. Miller
0d6e81ee52 Document that I/O logging is not enabled by default. 2014-07-16 15:38:52 -06:00
Todd C. Miller
64005c2e0b Document that exec_background is off by default. 2014-07-16 15:25:41 -06:00
Todd C. Miller
e64f1198b6 An unused alias is not really an error, even in strict mode. 
RedHat bz #604297
 2014-07-12 07:30:18 -06:00
Todd C. Miller
81a989fd19 Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 2014-07-11 11:02:05 -06:00
Todd C. Miller
1996777cd4 regen 2014-07-10 15:31:54 -06:00
Todd C. Miller
c35d7f2b04 Add support for base64 secrets in ldap.conf and ldap.secret. 
Based on an idea from anthony AT rlost DOT com
 2014-07-10 15:31:11 -06:00
Todd C. Miller
088edcb6f5 Add exported libsudo_util functions to util.exp and mark in headers 
using __dso_public.
 2014-06-26 15:51:15 -06:00
Todd C. Miller
7e24b8e651 Add Greek PO file for sudoers from translationproject.org 2014-06-04 11:43:39 -06:00
Todd C. Miller
4eb0122e98 Norwegian Bokmaal translation for sudo from translationproject.com 2014-05-23 13:29:20 -06:00
Todd C. Miller
b0e6977c35 Try to be clearer about which are the input and output files in 
export mode.
 2014-05-13 15:00:43 -06:00
Todd C. Miller
e61af9e6d0 Fix fd leak on Linux when determing boot time. This is usually 
masked by the closefrom() call in sudo.  From Jamie Anderson.
Bug #645
 2014-04-28 08:36:22 -06:00
Todd C. Miller
e8bb08cc46 Use calloc() instead of malloc(n * s) followed by memset(). 
From Jean-Philippe Ouellet.
 2014-04-22 16:06:04 -06:00
Todd C. Miller
7d91691e1f Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when 
changing the user.  This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris.  From Gary Winiger; Bug #642
 2014-04-15 07:16:57 -06:00
Todd C. Miller
60cf68ad16 Fix typos in description of the -x option. Bug #637 2014-03-15 09:15:36 -06:00
Todd C. Miller
ed87af2ae4 Catalan translation for sudo from translationproject.org. 2014-03-06 11:58:08 -07:00
Todd C. Miller
addef62246 Add Ingo Schwarze 2014-02-24 16:39:39 -07:00
Todd C. Miller
6bffa9a4a9 Mention init.d scripts on AIX and HP-UX 
Mention sudoers group mismatch fix
 2014-02-17 10:27:47 -07:00
Todd C. Miller
a61935c2b9 Use .Ar macro instead of "file ..." 
Use ".Cm -" instead of ".Li -" for the default login class.
From Ingo Schwarze.
 2014-02-15 16:12:31 -07:00
Todd C. Miller
f909c0d132 Remove some extraneous markup; from Ingo Schwarze 
* No need to explicitly end a macro with No before |
   because | counts as middle punctuation
   and falls out of the macro, anyway.
 * No need to explicitly re-open in-line macros after |
   because | counts as middle punctuation
   and the macros resume afterwards, anyway.
 * Simplify the mnemonic remarks regarding the option letters,
   no need for manual font and spacing control with No and Ns.
 * Trim Ns No to just Ns, it already implies No.
 2014-02-15 16:04:07 -07:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
a9cfe4fc44 Remove extraneous keeps in SYNOPSIS now that mandoc does implied 
keeps when converting from mdoc to man.
 2014-02-15 15:18:20 -07:00
Todd C. Miller
94d4482238 Properly escape the : in :alpha: 2014-02-15 15:17:37 -07:00
Todd C. Miller
28c49748a9 Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. 
From Jan Stary.
 2014-02-15 10:40:46 -07:00
Todd C. Miller
414edf65e8 Mention that there is now a default LDAP search filter. 2014-02-07 15:03:18 -07:00
Todd C. Miller
a54e52d588 Minor word choice change. 2014-02-07 15:03:00 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00