isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,095 Commits 1 Branch 0 Tags
8dccf8fcc47d4ae93c49b969bc8ec5b29623a19c
Commit Graph

131 Commits

Author SHA1 Message Date
Todd C. Miller
5bc294b715 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
4dc5700a6d Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 22:25:10 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
94567681a7 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
cc5cc07652 use strlcpy, not strncpy 2003-03-15 01:11:26 +00:00
Todd C. Miller
a01f25b5f1 Don't assume libc can realloc() a NULL string. 
If malloc/realloc fails, make sure we just return; yyerror() is not terminal.
 2003-03-13 20:27:09 +00:00
Todd C. Miller
9ae8aadee5 simplify fill_args a little and use strlcpy for paranoia 2003-03-13 20:17:14 +00:00
Todd C. Miller
a8153f4d5d Add support for Defaults>RunasUser 2003-01-17 23:09:45 +00:00
Todd C. Miller
8b3c38d20c Better fix for sudoers files w/o a newline before EOF. It looks 
like the issue is that yyrestart() does not reset the start condition
to INITIAL which is an issue since we parse sudoers multiple times.
 2003-01-07 00:02:33 +00:00
Todd C. Miller
cce84a1811 Work around what appears to be a flex bug when dealing with files 
that lack a final newline before EOF.  This adds a rule to match
EOF in the non-initial states which resets the state to INITIAL and
throws an error.
 2003-01-06 23:47:04 +00:00
Todd C. Miller
7cc2f3b3e5 Remove Chris Jepeway's email address so people don't bug him ;-) 2002-03-16 00:44:48 +00:00
Todd C. Miller
08b394dc39 Quoted commas were not being treated correctly in command line arguments. 2002-01-15 18:16:31 +00:00
Todd C. Miller
5d5c6783d9 Allow '@', '(', ')', ':' in arguments to a defaults variable 
w/o requiring that they be quoted.
 2001-12-30 22:12:06 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
3f97a5e44f '\\' is a perfectly legal character to have in a command line argument. 2001-12-13 02:24:40 +00:00
Todd C. Miller
4447e04fa7 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec to #[0-9-]+. 2001-12-12 19:56:53 +00:00
Todd C. Miller
cf2db3682b o Use exclusive start conditions to remove some ambiguity in the 
lexer.  Also reorder some things for clarity.
 o Add support for "+=" and "-=" list operators.
 o Use the new DEFVAR token to denote a Defaults variable name.
 2001-12-11 23:05:44 +00:00
Todd C. Miller
d64ad77515 Allow special characters (including '#') to be embedded in pathnames 
if quoted by a '\\'.  The quoted chars will be dealt with by fnmatch().
Unfortunately, 'sudo -l' still prints the '\\'.
 2000-08-31 17:08:35 +00:00
Todd C. Miller
9aeabf1b03 Fully qualified hosts w/ wildcards were not matching the FQHOST token type. 
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
 2000-03-23 04:38:20 +00:00
Todd C. Miller
2eb9882339 o Whenever we get a bare newline we change to the INITIAL state. 
o Enter GOTRUNAS when we see Runas_Alias

This allows #uid to work in a RunasAlias.
 1999-12-06 00:05:53 +00:00
Todd C. Miller
818bbacb5d Don't need YY_FLUSH_BUFFER after all 
Move yyrestart() into visudo.c since it might not get called in yywrap
    if we get a parse error (and we only reread the file on error anyway).
 1999-11-09 20:06:53 +00:00
Todd C. Miller
95eb54d99c Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that 
might still exist.
Call yyrestart() instead of using the deprecated YY_NEW_FILE macro.
 1999-11-09 19:32:41 +00:00
Todd C. Miller
f03cac3b87 flex doesn't need %N table size declarations 1999-11-09 17:13:46 +00:00
Todd C. Miller
315335247e last {WORD} rule should only apply in the INITIAL state 1999-10-10 19:01:30 +00:00
Todd C. Miller
f963da3164 o Add support for escaped characters in the WORD macro 
o Modify fill() to squash escape chars
 1999-10-10 18:38:40 +00:00
Todd C. Miller
13bf42675d Add support for "Defaults" line in sudoers to make configuration variables 
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line.  There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.

Add a "-L" flag to list the name of options with their descriptions.  This
may only be temporary.

Move some prototypes to parse.h

Be much less restrictive on what is allowed for a username.
 1999-09-08 08:06:28 +00:00
Todd C. Miller
3a8c0ca966 include strings.h everywhere we include string.h 1999-08-28 09:24:15 +00:00
Todd C. Miller
86c1328f6c fix definition of OCTECT 1999-08-28 08:22:27 +00:00
Todd C. Miller
ca1b945b36 make an OCTET really be limited to 0-255 1999-08-26 09:05:57 +00:00
Todd C. Miller
8723291d89 CIDR-style netmask support 1999-08-24 16:42:28 +00:00
Todd C. Miller
3a8b0be635 o --with-otp deprecated, use --without-passwd instead 
o real dependencies in the Makefile
o --with-devel option to enable yacc, lex, and -Wall
o style -- "foo -> bar" becomes "foo->bar"
o ALL goes back to being a token, not a string but don't leak memory
o rename hsotspec -> host in parse.yacc
 1999-08-14 15:34:55 +00:00
Todd C. Miller
f14dd25b01 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a 
username can contain just about anything so be very permissive.
Also drop the unused \. punctuation.
 1999-08-12 14:29:12 +00:00
Todd C. Miller
d1a6fa810e o Remove some unnecessary backslashes 
o collapse multiple !'s by using !+ and checking if yyleng is even or odd.
  this allows us to simplify ! handling in parse.yacc
 1999-08-04 07:54:34 +00:00
Todd C. Miller
0d732401f4 add 4th term to license similar to term 5 in the apache license 1999-07-31 16:19:50 +00:00
Todd C. Miller
c7fd99aa54 BSD-style copyright. Move parser-specific defines and structs into parse.h + other cosmetic changes 1999-07-22 12:51:18 +00:00
Todd C. Miller
26be17a3d6 Add contribution info in the main comment 1999-07-12 10:25:14 +00:00
Todd C. Miller
80287c981c Move interface-related defines to interfaces.h so we don't have to include 
<netinet/in.h> everywhere.
 1999-05-17 01:36:30 +00:00
Todd C. Miller
06e586ee7b Function names should be flush with the start of the line so they can be found trivially in an editor and with grep 1999-04-10 04:49:03 +00:00
Todd C. Miller
eecc5ce1c9 free(3) is already void, no need to cast it 1999-04-10 04:40:57 +00:00
Todd C. Miller
e6deacb6c4 Crank version to 1.6 and combine copyright statements 1999-04-05 20:57:25 +00:00
Todd C. Miller
4f6f75ae35 Make runas and NOPASSWD tags persistent across entris in a command list. 
Add a PASSWD tag to reverse NOPASSWD.  When you override a runas or *PASSWD
tag the value given becomes the new default for the rest of the command list.
 1999-04-05 20:28:16 +00:00
Todd C. Miller
79c46d1c81 ++version 1999-03-29 04:05:15 +00:00
Todd C. Miller
382ef75493 Use emalloc/erealloc/estrdup 1999-03-29 02:59:34 +00:00
Todd C. Miller
736359ccea Fix a bug wrt quoting characters in command args. Stop processing an arg when you hit a backslash so the quoted-character detection can catch it. 1999-03-07 23:34:31 +00:00
Todd C. Miller
52916f16ac add explicate copyright 1999-02-03 04:32:19 +00:00
Todd C. Miller
826fe213f2 add sudo tags 1999-01-17 23:16:20 +00:00
Todd C. Miller
d3aaf52283 crank version and regen files 1999-01-17 22:40:55 +00:00
Todd C. Miller
62dba8f4d1 more -Wall 1998-11-18 04:16:13 +00:00