isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,437 Commits 1 Branch 0 Tags
834e817fa48e5761f6ebc14b50c44b9af8faf39d
Commit Graph

243 Commits

Author SHA1 Message Date
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
2a609b467c In -l mode, if the user is only allowed to run as a group, display 
the user's name, not root's before the allowed group.
 2009-05-10 11:33:45 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
0656629980 Rename find_alias -> alias_find for consistency. 2009-03-28 13:07:17 +00:00
Todd C. Miller
a93344d2b6 Use tq_foreach_fwd when checking pseudo-commands to make it clear that 
we are not short-circuiting on last match.  When pwcheck is 'all',
initialize nopass to TRUE and override it with the first non-TRUE entry.
 2008-12-09 13:49:55 +00:00
Todd C. Miller
96f1ea4701 Do not short circuit pseudo commands when we get a match since, depending 
on the settings, we may need to examine all commands for tags.
 2008-12-08 15:02:07 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
54a07b5e8b Fix "sudo -v" when NOPASSWD is set. 2008-11-07 22:42:11 +00:00
Todd C. Miller
f201db90f3 Move update_defaults into defaults.c and call it properly from 
visudo and testsudoers.
 2008-11-02 19:06:37 +00:00
Todd C. Miller
4afceb8e92 Zero out sigaction_t before use in case it has non-standard entries. 2008-11-02 14:45:31 +00:00
Todd C. Miller
8ba6fa2ae3 Defer setting runas defaults until after runaspw/gr is setup. 2008-11-01 13:20:01 +00:00
Todd C. Miller
ab32ede12a In update_defaults() check the return value of user*_matches against 
ALLOW so we don't inadvertantly match on UNSPEC.
 2008-10-25 13:22:41 +00:00
Todd C. Miller
f0db3ecfbe remove an XXX that was fixed 2008-05-08 21:54:09 +00:00
Todd C. Miller
88b9327229 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. 
This fixes a problem where the tag value printed was influenced
by defaults set in the first pass through the parser.
 2008-05-08 16:49:12 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
3c7b76bb54 Unify the -l output for file and ldap based sudoers and use lbufs for both. 
The ldap output does not currently include options that cannot be represented
as tags.  This will be remedied in a long list output mode to come.
 2008-02-03 15:43:38 +00:00
Todd C. Miller
fb01648878 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. 
This should make it possible to build an LDAP-only sudo binary.
 2008-01-05 21:25:28 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
53aec6601e Free up parser data structures in sudo_file_close(). 2008-01-05 13:13:06 +00:00
Todd C. Miller
d2de8d5fed Honor def_ignore_local_sudoers 2008-01-01 18:12:00 +00:00
Todd C. Miller
4d8f37f4bd Refactor group vector resetting into a function and also call it 
from display_cmnd.
Stop after the first sucessful match in display_cmnd.
Print a newline between each display_privs method.
 2007-12-31 21:36:53 +00:00
Todd C. Miller
36b221af26 fix double free introduced in rev 1.218 2007-12-31 21:23:46 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
52b2861bb9 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, it 
is not passed on to other commands in the list.
 2007-11-21 16:05:31 +00:00
Todd C. Miller
7cd59baada Don't quote *?[]! on output since the lexer does not strip off the 
backslash when reading those in.
 2007-11-08 12:24:41 +00:00
Todd C. Miller
76e5eb434b Add a sequence number in the aliases for loop detection. If we find 
an alias with the seqno already set to the current (global) value we
know we've visited it before so ignore it.
 2007-09-15 11:24:54 +00:00
Todd C. Miller
a0f80d6581 rename lh_ -> tq_ 2007-09-11 19:42:48 +00:00
Todd C. Miller
21f0ea4d68 Each entry in a cmndlist now has an associated runaslist 
so no need to keep track of the most recent non-NULL one.
 2007-09-05 18:45:26 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
10e5d4e708 Use LH_FOREACH_REV when checking permission and short-circuit on 
the first non-UNSPEC hit we get for the command.  This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
 2007-08-31 01:21:26 +00:00
Todd C. Miller
d1dbe2ecee Change list head macros to take a pointer, not a struct. 2007-08-31 01:12:50 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
a05abf5c88 Fix pasto, append "!" not negated (which is an int) for sudo -l output. 2007-08-30 17:12:00 +00:00
Todd C. Miller
340831499a Use lbuf_append_quoted() for sudo -l output to quote characters that 
would require quoting in sudoers.
 2007-08-22 22:32:00 +00:00
Todd C. Miller
c6cf39cdfd If a Defaults value contains a blank, double-quote the string. 2007-08-20 23:24:31 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings 
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
 2007-08-19 20:48:09 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
994036cf0d Fix some spacing in "sudo -l" and add a comment about some bogosity 
in the line wrapping.
 2007-08-15 17:49:52 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
c939690786 Deal with OSes where sizeof(gid_t) < sizeof(int). 2007-08-14 19:27:27 +00:00
Todd C. Miller
888540a7be Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return 
value from {user,host,runas,cmnd}_matches().
Rename *matches variables -> *match.
Purely cosmetic.
 2007-07-08 13:43:07 +00:00
Todd C. Miller
1e9030d951 Move setting of FLAG_NO_CHECK into the if(pwflag) block. 
No change in behavior.
 2007-07-08 13:30:07 +00:00