isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,609 Commits 1 Branch 0 Tags
8fbdbde2f5845b157eb84722d21d5acefbdac2f6
Commit Graph

289 Commits

Author SHA1 Message Date
Todd C. Miller
ab72e242ba refactor group member checking into user_in_group() 2009-12-12 16:12:26 +00:00
Todd C. Miller
b8239bb34c Add support for mbr_check_membership() as present in darwin. 2009-12-12 15:37:52 +00:00
Todd C. Miller
600ce3dfa6 Treat timestamp files from before we booted as old. Idea from and 
Apple patch.
 2009-12-10 16:59:27 +00:00
Todd C. Miller
dcf6602daa Use a socketpair to pass signals from parent to child. Child will 
now pass command status change info back via the socketpair.  This
allows the parent to distinguish between signals it has been sent
directly and signals the command has received.  It also means the
parent can once again print the signal notifications to the tty so
all writes to the pty master occur in the parent.  The command is
now always started in background mode with tty signals handled
by the parent.
 2009-11-15 21:42:17 +00:00
Todd C. Miller
773865eb17 Move two struct forward declarations from sudo.h to missing.h 2009-10-18 17:45:21 +00:00
Todd C. Miller
8cb463adec Move alloc.c protos into alloc.h 2009-10-17 12:17:16 +00:00
Todd C. Miller
8c6960e7a8 Move prototypes for missing libc functions to missing.h 2009-10-17 00:03:00 +00:00
Todd C. Miller
233377a8b7 Add check for strsignal() and a simple implementation if it is not there but sys_siglist is 2009-10-14 20:04:04 +00:00
Todd C. Miller
fe9fc5ad1b Retain NL to NLCR conversion on the real tty and skip it on the pty 
we allocate.  That way, if stdout is not a pty there are no extra carriage
returns.
 2009-09-30 02:12:35 +00:00
Todd C. Miller
7d19478501 First cut at refactoring some of the selinux code so it can be used 
in conjunction with sudo's transcript support.
 2009-09-27 13:03:56 +00:00
Todd C. Miller
3fe7ac2b95 Make get_timestr() take a time_t so we can use it properly in 
sudoreplay.
 2009-09-17 09:55:08 +00:00
Todd C. Miller
28b3a18137 Move get_timestr() into its own source file so sudoreplay can use it. 2009-09-16 11:48:34 +00:00
Todd C. Miller
c57b8bb7b3 Move the code to dup2 the script fds to low numbered descriptors into 
script_duplow() and fix the fd sorting.
 2009-09-03 10:36:02 +00:00
Todd C. Miller
ad9ab8dab2 Move script_setup() back to immediately before we drop privs and 
call the new script_nextid() in its place, which will set
sudo_user.sessid for the logging functions.
 2009-09-03 10:21:18 +00:00
Todd C. Miller
6184eb9461 Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps 
should be SESSIONID or SESSID.
 2009-08-30 15:18:50 +00:00
Todd C. Miller
0ab5c31ee0 Add protos for term_* to sudo.h 2009-08-08 12:56:02 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
755a81e946 Add option for set_perm to not exit on failure and use this in 
the logging routines.
 2009-05-10 11:52:13 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
6fed38f323 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and 
provide our own setenv/unsetenv/putenv that operates on own env pointer.
Make sync_env() inline in setenv/unsetenv/putenv functions.
 2009-03-01 00:58:41 +00:00
Todd C. Miller
b18eede622 Even if neither stdin nor stdout are ttys we may still have /dev/tty 
available to us.
 2008-11-25 17:01:34 +00:00
Todd C. Miller
1954d68116 remove #if 1 2008-08-20 11:41:22 +00:00
Todd C. Miller
e439faeeb4 Flesh out the fake passwd entry used for running commands as a uid not 
listed in the passwd database.  Fixes an issue with some PAM modules.
 2008-07-02 10:27:57 +00:00
Todd C. Miller
b85a28aba9 Add env_file Defaults option that is similar to /etc/environment on some 
systems.
 2008-05-03 00:53:21 +00:00
Todd C. Miller
6ca2fd6b50 Split MODE_* defines into primary and flags. 2008-03-27 23:01:04 +00:00
Todd C. Miller
c352187cf8 Add -n (non-interactive) flag. 2008-03-18 20:04:41 +00:00
Todd C. Miller
59c1ac153c attempt to fix compilation errors on AIX 2008-03-06 18:18:17 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
5d86a9d6fe fix definition of TGP_ASKPASS 2008-03-03 19:30:50 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
3c7b76bb54 Unify the -l output for file and ldap based sudoers and use lbufs for both. 
The ldap output does not currently include options that cannot be represented
as tags.  This will be remedied in a long list output mode to come.
 2008-02-03 15:43:38 +00:00
Todd C. Miller
7f05a4ff6f Make set_runaspw static void 2008-01-15 14:23:58 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
4f5e88532f PAM wants the full tty path so add user_ttypath which holds the 
full path to the tty or is NULL if no tty was present.
 2007-09-13 23:05:34 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
436e3b631b Add sudo_unsetenv() and refactor private env syncing code into sync_env(). 2007-07-16 22:39:42 +00:00