isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,350 Commits 1 Branch 0 Tags
74c2dc78066c08cd07cb15e66207b57abc74092a
Commit Graph

536 Commits

Author SHA1 Message Date
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
51cab56795 Upgrade info for 1.8.10 2014-01-31 10:05:49 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
1a42e5f63d It is now possible to disable network interface probing in sudo.conf 
by changing the value of the probe_interfaces setting.
 2014-01-23 14:52:54 -07:00
Todd C. Miller
5a6db565c1 Update copyright years 2014-01-15 06:19:34 -07:00
Todd C. Miller
78355e618f Add cppcheck target to run cppcheck on all source files. 2014-01-13 09:50:39 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
76fb023903 Update copyright year. 2014-01-01 07:07:21 -07:00
Todd C. Miller
cd77926e1b Dell acquired Quest 2013-12-30 08:26:58 -07:00
Todd C. Miller
11babdaabc regen 2013-12-28 14:28:52 -07:00
Todd C. Miller
1adeda54ef Add support for preventing fds from getting clobbered by closefrom(). 2013-12-20 11:14:32 -07:00
Todd C. Miller
68f6e23b07 Change visudo -x to take a file name argument, which may be '-' to 
write the exported sudoers file to stdout.
 2013-12-16 14:32:42 -07:00
Todd C. Miller
8e04c592ae add missing comma 2013-12-08 11:20:32 -07:00
Todd C. Miller
47dbe189f9 Make -c option description more accurate. 2013-12-08 11:06:27 -07:00
Todd C. Miller
8bdf3d9a27 When checking whether a user may change the login class, just check 
pw_uid of the runas user, which was passed in to set_loginclass().
 2013-12-07 09:17:54 -07:00
Todd C. Miller
1739350e20 Document that plugins can be compiled statically into the sudo binary. 2013-12-04 16:05:05 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
5b491573e1 Document "event" debug subsystem. 2013-12-03 14:40:58 -07:00
Todd C. Miller
6d8b078e2b Add support to visudo to export sudoers in JSON format. 2013-11-15 15:11:55 -07:00
Todd C. Miller
e31b2ba6a8 Rename configure.in -> configure.ac 2013-11-13 15:00:28 -07:00
Todd C. Miller
89c162ec63 Add missing $(mansrcdir) to visudo.mdoc and visudo.man. 
From Daniel Richard G.
 2013-11-12 08:51:25 -07:00
Todd C. Miller
88a57822ea Add getaddrinfo.lo to LTLIBOBJS for systems that need it. 
From Daniel Richard G.
 2013-11-11 12:53:44 -07:00
Todd C. Miller
a69ed4a2d5 Fix typo. 2013-11-07 14:46:28 -07:00
Todd C. Miller
7af8c3484a Add Stephen Gelman 2013-10-30 15:27:30 -06:00
Todd C. Miller
f4cd08ef63 If the user presses <return> or <enter> in sudoreplay, skip to the 
next event.  Useful for skipping past long pauses in the data.
 2013-10-28 17:01:23 -06:00
Todd C. Miller
8dfe0b6053 Eliminate warning about circular dependency from GNU make. 2013-10-23 16:05:57 -06:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
aff3320f3f Czech translation for sudo from translationproject.org. 2013-09-29 14:45:28 -06:00
Todd C. Miller
d197e42d4b Mention that relative times don't always do what you might expect. 2013-09-18 11:48:07 -06:00
Todd C. Miller
e6833bed7a Add diacritical for Zdenek Behan. 2013-09-17 11:57:01 -06:00
Todd C. Miller
92a3e13e6c Try to improve the PAGERS noexec example a bit. 2013-08-31 06:11:25 -06:00
Todd C. Miller
55ea043a9b Document comment character in ldap.conf 
Clarify what is and is not supported in TLS_KEYPW
Mention that gsk8capicmd can be used to create a stash file
 2013-08-30 14:27:26 -06:00
Todd C. Miller
dbdd328f44 Fix typo in tls_key example for Tivoli 2013-08-19 13:19:35 -06:00
Todd C. Miller
1624e8987a French translation for sudo from translationproject.org. 2013-08-18 14:25:04 -06:00
Todd C. Miller
87ec2dd6e1 Describe how remote command execution can be implemented. 2013-08-16 09:31:46 -06:00
Todd C. Miller
f76bd772ed Bump version. 2013-08-16 09:30:50 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
8b1d645534 Simplify usage messages a bit and make --help output more closely 
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
 2013-08-14 10:30:51 -06:00
Todd C. Miller
d9fd6281e4 Allow default plugin dir to be configured in sudo.conf. 2013-08-13 12:24:28 -06:00
Todd C. Miller
d10641cdbb UTF8 for Ruusamae, Elan; from Tae Wong 2013-08-13 10:37:52 -06:00
Todd C. Miller
9b2fb418ca Don't allow max_groups to be set to zero, it just complicates things 
needlessly.  Fixes an assertion in visudo when there is a group-based
Defaults entry.
 2013-08-12 09:14:38 -06:00
Todd C. Miller
03fc668e5a More UTF8 in names; from Tae Wong 2013-08-07 16:07:14 -06:00
Todd C. Miller
30adf33eaf Convert to last, first for easier sorting and use UTF8 (including a 
BOM).
 2013-08-07 14:14:05 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
39575aecf2 Long option support for visudo and sudoreplay. 2013-07-19 09:42:25 -06:00