Todd C. Miller
821e8a07da
Silence a false positive from the clang static analyzer.
2018-03-21 14:55:17 -06:00
Todd C. Miller
ff79de8592
Initial support filtering by user, group and host in cvtsudoers.
...
Currently forces alias expansion when a filter is applied and the
entire matching user or host list is printed, even the non-matching
entries. This effectively allows you to grep sudoers by user, group
and host.
2018-03-21 12:24:11 -06:00
Todd C. Miller
bc5e2d06a7
Add free_default() to free a struct defaults pointer so we have a
...
single place where we free the defaults. A pointer to the previous
Default's binding may be passed in to avoid freeing an already free
binding.
2018-03-21 12:11:19 -06:00
Todd C. Miller
910f288948
fix compilation on Solaris
2018-03-10 20:16:20 -07:00
Todd C. Miller
bb31544fcc
In sudoers_format_userspecs make the separator optional and silence
...
a printf format warning.
2018-03-06 13:42:56 -07:00
Todd C. Miller
5c36f9dec3
Initial support for adding comments that will be emitted when
...
sudoers is formatted. Currently adds a comment for the source
sudoRole when converting from ldif -> sudoers.
2018-03-04 07:03:43 -07:00
Todd C. Miller
670d8e6d77
Special case comment lines in lbufs.
2018-03-04 07:03:41 -07:00
Todd C. Miller
c9b70940cf
When formatting as sudoers, flush the lbuf after each userspec.
2018-03-03 07:42:10 -07:00
Todd C. Miller
64e99328e3
Move sudoers formatting code into fmtsudoers.
2018-02-09 18:22:04 -07:00
Todd C. Miller
2522229e86
Rename sudo_file_append_default() -> sudo_lbuf_append_default() and
...
use it for ldap and sssd too.
2018-02-09 18:22:02 -07:00
Todd C. Miller
3226f7e28b
Move common bits of ldap to sudoers conversion into ldap_common.c
...
and use it in sssd.c.
2018-02-09 18:21:40 -07:00
Todd C. Miller
4e2402a8e4
Convert ldap results into a sudoers userspec so we can use the "sudo
...
-l" output functions in parse.c.
2018-02-09 18:21:01 -07:00
Todd C. Miller
5cca4b6906
Refactor member freeing code into free_member().
...
Refactor userspec freeing code into free_userspec().
2018-02-05 13:33:29 -07:00
Todd C. Miller
3354cbd021
Add sudoers output format to cvtsudoers. In the future this may
...
be used with filters to emit a partial sudoers file instead of a
full one.
2018-02-02 14:29:19 -07:00
Todd C. Miller
f4ce2b25fc
Move SUDOERS_QUOTED define to parse.h
2018-02-02 06:28:04 -07:00
Todd C. Miller
48fba3c2cc
update my email to Todd.Miller@sudo.ws
2017-12-03 17:53:40 -07:00
Todd C. Miller
022ac87d66
avoid padding in struct cmndspec
2017-06-09 08:58:44 -06:00
Todd C. Miller
b5e7b7bd2c
Move the file digest code out of match.c and into filedigest.c.
...
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
2017-02-20 16:44:12 -07:00
Todd C. Miller
e5dee1557e
Add NOTBEFORE and NOTAFTER command options similar to what is
...
already available in LDAP.
2017-02-18 15:35:48 -07:00
Todd C. Miller
24cdbb8de1
Split out tags again so they must precede the command and not allow
...
them to be mixed in with options.
2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b
Add support for command timeouts in sudoers. After the timeout,
...
the command will be terminated.
2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264
Merge command tags, SELinux type/role and Solaris privs settings
...
into "command options". This relaxes the order of things so tags
and other options can be interspersed.
2017-02-14 15:56:34 -07:00
Todd C. Miller
09438e5b42
Include parse.h in timestr.c which is where function prototype lives.
2017-02-13 13:44:11 -07:00
Todd C. Miller
7524c231cc
Store the file/lineno for alias and userspec entries so we can
...
provide that info if there is an error.
2016-11-12 19:22:32 -07:00
Todd C. Miller
79ca752802
Go back to parsing Defaults entries in update_defaults instead of
...
as sudoers is read. Otherwise, we cannot properly support early
defaults like sudoers_locale.
2016-11-09 16:00:12 -07:00
Todd C. Miller
df8404dbd4
Instead of parsing sudoers Defaults twice, parse once while reading
...
sudoers and then just set the parsed value in update_defaults().
2016-11-06 18:59:49 -07:00
Todd C. Miller
f6ce83ea76
Only treat an unknown Defaults entry as a parse error in visudo,
...
not in sudo itself.
2016-11-01 15:08:11 -06:00
Todd C. Miller
0aa216ed55
Refactor freeing of a member_list into free_members().
2016-11-01 14:15:07 -06:00
Todd C. Miller
b165a5ff71
Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding
...
whether to check runas user/group instead of checking runas_pw or
runas_gr.
2016-09-15 13:47:38 -06:00
Todd C. Miller
ef82f792a1
Update check for whether or not the runas user was set in the ldap
...
and sssd backends to match the sudoers file backend. Introduces
the runas_user_set() macro to improve readability. Previously,
runas_pw was set late, now it is set before checking sudoers.
2016-09-15 09:37:53 -06:00
Todd C. Miller
8b4de84049
Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The
...
only place where the pointers could be NULL is in visudo_json.c but
we already check for "next" being NULL there. Quiets a cppcheck
warning.
2016-05-10 06:32:55 -06:00
Todd C. Miller
5a77989a33
Add support for matching the entire netgroup tuple (user, host, domain).
2016-01-12 14:59:44 -07:00
Todd C. Miller
3354d27a17
Do not follow symbolic links in sudoedit by default. This behavior
...
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
2015-08-06 13:20:01 -06:00
Todd C. Miller
2bf454b74d
Use non-exiting allocators in the redblack tree and fix the fallout.
...
Also switch to non-exiting allocators in affected code blocks.
2015-05-27 09:51:54 -06:00
Todd C. Miller
46770c9588
The error string returned by alias_add should be const.
2015-05-27 09:48:34 -06:00
Todd C. Miller
05a01d4c5d
Avoid using a leading underbar in defines as they are reserved in
...
ISO C.
2015-05-21 11:13:20 -06:00
Todd C. Miller
45548cf049
Add support for MAIL and NOMAIL command tags to toggle mail sending
...
behavior on a per-command (or Cmnd_Alias) basis.
2015-02-19 10:02:20 -07:00
Todd C. Miller
7ec9cfb493
When querying LDAP netgroups, use the NIS domain if it is sent but
...
also match nisNetgroupTriple entries that have no domain.
2015-01-30 14:45:22 -07:00
Todd C. Miller
27598bc0ab
Update copyright year.
2014-01-07 10:43:31 -07:00
Todd C. Miller
f57beb1afa
Go back to making the bit fields in struct cmndtag explicitly signed.
...
This fixes a problem on gcc 4.8 (at least) which appears to be
treating the value as unsigned by default.
2014-01-07 10:35:56 -07:00
Todd C. Miller
eb44a5ba5c
No need to use __signed.
2013-12-17 16:08:18 -07:00
Todd C. Miller
2508da6f68
Better match debugging.
...
Sprinkle const in match functions.
2013-12-05 14:34:56 -07:00
Todd C. Miller
bba91c008b
Remove unused digest field from struct cmndspec, the digest really
...
lives in struct sudo_command.
2013-11-13 16:17:16 -07:00
Todd C. Miller
07a804caf3
Quiet sign comparision warnings.
2013-10-23 15:03:31 -06:00
Todd C. Miller
b38d253e98
Add "headless" tail queues and use them in place of the semi-circular
...
lists in sudoers. Once the headless tail queue is built up it is
converted to a normal TAILQ. This removes the last consumer of
list.c and list.h so those can now be removed.
2013-10-22 09:08:38 -06:00
Todd C. Miller
923edabe6c
Convert sudo to use BSD TAILQ macros instead of home ground tail
...
queue functions. This includes a private queue.h header derived
from FreeBSD. It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
2013-10-22 09:00:37 -06:00
Todd C. Miller
ab61c02546
Replace sequence number-based cycle detection in visudo with a
...
"used" flag in struct alias. The caller is required to call
alias_put() when it is done with the alias. Inspired by a patch
from Daniel Kopecek.
2013-05-22 11:32:08 -04:00
Todd C. Miller
d6282d154a
Update copyright years.
2013-04-24 09:35:02 -04:00
Todd C. Miller
9c1ee1fe73
Move base64_decode into its own source file.
2013-04-17 09:32:27 -04:00
Todd C. Miller
cc3c76b85d
Add digest support for sudoers in ldap and sss.
2013-04-16 16:03:37 -04:00