isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,070 Commits 1 Branch 0 Tags
824021b51b6400762492c9e21086e4f76a27e53a
Commit Graph

43 Commits

Author SHA1 Message Date
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
cd669526e5 Fix "mandoc -Tlint" warnings. 
Sync AUTHORS section in man pages.
Regenerate all man pages.
 2015-03-22 13:09:26 -06:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but 
also match nisNetgroupTriple entries that have no domain.
 2015-01-30 14:45:22 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there 
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
 2015-01-29 14:08:30 -07:00
Todd C. Miller
4ae3ab43c0 Sort ldap.conf options. 2015-01-27 09:29:02 -07:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
552dbe5253 Mention sssd support in the sudoers.ldap manual and cross-reference 
sssd-sudo(5).
 2014-11-17 15:26:12 -07:00
Todd C. Miller
c35d7f2b04 Add support for base64 secrets in ldap.conf and ldap.secret. 
Based on an idea from anthony AT rlost DOT com
 2014-07-10 15:31:11 -06:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
a54e52d588 Minor word choice change. 2014-02-07 15:03:00 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
55ea043a9b Document comment character in ldap.conf 
Clarify what is and is not supported in TLS_KEYPW
Mention that gsk8capicmd can be used to create a stash file
 2013-08-30 14:27:26 -06:00
Todd C. Miller
dbdd328f44 Fix typo in tls_key example for Tivoli 2013-08-19 13:19:35 -06:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
67dad9a83c sudoers_debug is now deprecated in favor of the sudo debugging 
framework.
 2013-04-25 10:22:11 -04:00
Todd C. Miller
ed6d6963de Document digest support. 2013-04-17 15:42:28 -04:00
Todd C. Miller
74881843e1 Mention line continuation 2013-02-07 14:08:54 -05:00
Todd C. Miller
f6e61640d2 Fix some typos. 2013-02-05 16:09:26 -05:00
Todd C. Miller
3c34c0a4b8 Document non-Unix group support in LDAP sudoers. 2012-09-15 14:00:30 -04:00
Todd C. Miller
2d3a0d14d3 Make the capitalization consistent for .Ss and .Sx 2012-08-21 15:11:43 -04:00
Todd C. Miller
37cfbc8eaa Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" 2012-08-01 10:54:09 -04:00
Todd C. Miller
d29991f41b Regen .man.in files with my private mandoc. 2012-07-25 10:34:20 -04:00
Todd C. Miller
a06f7540f7 Regen .man.in files with hacked mandoc to avoid issues with historic 
nroff.
 2012-07-20 14:28:41 -04:00
Todd C. Miller
90f2cfa589 Build .man.in and .cat files from .mdoc.in files. 
Add new --with-man and --with-mdoc configure options.
 2012-07-19 13:41:14 -04:00
Todd C. Miller
c5b374fac6 More minor costmetic fixes. 2012-07-18 09:16:09 -04:00
Todd C. Miller
2e36b1ef2b Regen for sudo 1.8.6 2012-06-29 16:11:27 -04:00
Todd C. Miller
b61c0ab473 regen 2012-03-14 14:20:16 -04:00
Todd C. Miller
74c4252c1b 1.8.0rc1 2011-02-21 13:36:24 -05:00
Todd C. Miller
6983d782c1 regen 2011-02-16 12:22:38 -05:00
Todd C. Miller
7f277d1558 Bump version to 1.8.0b4 2011-02-03 14:26:58 -05:00
Todd C. Miller
6fd9d853a8 Be clear about what versions of sudo support new LDAP attributes. 
Fix up some formatting of attribute names.  Minor other tweaks.
 2011-02-01 14:31:04 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
a628fee981 regen 2011-01-10 09:28:53 -05:00
Todd C. Miller
e3cd512bfa regen 2010-12-27 14:45:13 -05:00
Todd C. Miller
901ca2a12c regen 2010-11-19 16:57:21 -05:00
Todd C. Miller
8528827500 Bump version to 1.8.0b2 2010-11-08 11:27:20 -05:00
Todd C. Miller
432d27573d TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses TLS_CACERT, 
not TLS_CACERTFILE in its ldap.conf.  Other LDAP client code, such as
nss_ldap, uses TLS_CACERTFILE.  Also document why you should avoid
disabling TLS_CHECKPEER is possible.
 2010-07-08 09:02:03 -04:00
Todd C. Miller
d92c82ea3f Add support for multiple sudoers_base entries in ldap.conf. 
From Joachim Henke
 2010-06-15 10:33:30 -04:00
Todd C. Miller
ec77318e32 Leave rules to build .man.in and .cat files uncommented but only make 
them part of the "all" rule in devel mode.
Generate .cat files directly from .man.in instead of .man using default
values in configure.in
 2010-06-11 18:34:24 -04:00
Todd C. Miller
807d1313a5 Use numeric registers to handle conditionals instead of trying 
to do it all with text processing.
 2010-05-25 16:13:04 -04:00
Todd C. Miller
e90fa482f9 Rework source layout in preparation for modular sudo. 2010-02-20 09:14:01 -05:00