isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,609 Commits 1 Branch 0 Tags
8fbdbde2f5845b157eb84722d21d5acefbdac2f6
Commit Graph

289 Commits

Author SHA1 Message Date
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
d1f6bdbcff Remove format_env() 
Add sudo_setenv() to replace most format_env() + insert_env() combinations.
insert_env() no longer takes a struct environment *
 2007-07-15 19:41:10 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
49cb30aa5b Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. 
Include memrchr() for systems without it.
 2007-06-14 16:06:25 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
f261a99f22 In -l mode, only check local sudoers file if def_ignore_sudoers is not set 
and call LDAP versions from display_privs() and display_cmnd() instead
of directly from main().  Because of this we need to defer closing
the ldap connection until after -l processing has ocurred and we
must pass in the ldap pointer to display_privs() and display_cmnd().
 2005-04-12 01:37:08 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
b3b65fb7fc Add __printflike and use it with gcc to warn about printf-like format mismatches 2005-02-11 23:06:35 +00:00
Todd C. Miller
54db5e40b1 Undo last commit and add sudo_setspent and sudo_endspent instead. 2005-01-05 19:42:06 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
d72a4e9c24 Add strub struct definitions for passwd, timeval and timespec 2004-11-25 17:20:57 +00:00
Todd C. Miller
5f06b19a6e Add -U option to use in conjunction with -l instead of -u. 
Add support for "sudo -l command" to test a specific command.
 2004-11-24 21:31:51 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that 
set/end the shadow password file too.
 2004-11-15 04:06:16 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
e392b4d11d Add new prototypes. 
Remove NOMATCH/UNSPEC (now in parse.h)
 2004-10-26 22:23:29 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
cbcb60b184 Add keepopen arg to open_sudoers that open_sudoers can use to 
indicate to the caller that the fd should not be closed when it
is done with it.  To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
 2004-09-29 18:36:33 +00:00
Todd C. Miller
7cf26298a2 Rename check_sudoers() open_sudoers() and make it return a FILE * 2004-09-27 16:01:54 +00:00
Todd C. Miller
aa8d212e3c Call systrace_attach() if FLAG_TRACE is set. 2004-09-24 17:17:29 +00:00
Todd C. Miller
e3391d597b Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE 2004-09-24 17:15:51 +00:00
Todd C. Miller
0f056c0d5f Use timespec throughout. 2004-09-08 15:48:23 +00:00
Todd C. Miller
7f772c822f Add an extra param to touch() for nsec 2004-09-07 19:55:37 +00:00
Todd C. Miller
1c20ff1a6d Use utimes() and futimes() instead of utime() in touch(), emulating as needed. 
Not all systems are able to support setting the times of an fd so touch()
takes both an fd and a file name as arguments.
 2004-09-07 17:14:52 +00:00
Todd C. Miller
f30ab72c44 Add cmnd_base to struct sudo_user and set it in init_vars(). 
Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
 2004-08-24 18:01:14 +00:00
Todd C. Miller
a99f53e2fa Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use 
these in parse.yacc.  Also in parse.yacc initialize the *_matches
vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE.
 2004-06-05 17:42:04 +00:00
Todd C. Miller
03d1a9ed49 Add prototype for sudo_ldap_list_matches 2004-06-01 20:56:03 +00:00
Todd C. Miller
d33ad95208 Use PATH_MAX, not MAXPATHLEN since the former is standardized. 2004-06-01 01:22:27 +00:00
Todd C. Miller
21e3ca9cf8 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Aaron Spangler
b0226e939b Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Todd C. Miller
d80d2e29ad Only do "extern int errno" if errno is not a macro. 2004-02-08 20:53:55 +00:00
Todd C. Miller
c7d74402f3 Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 23:00:43 +00:00
Todd C. Miller
1ca6264df1 o Add -i that acts similar to "su -", based on patches from David J. MacKenzie 
o Sort the flags in the usage message
 2004-01-18 22:55:32 +00:00
Todd C. Miller
18027fa589 Update sudo_getepw() proto and add one for set_runaspw() 2004-01-16 23:12:03 +00:00
Todd C. Miller
ceb3653d71 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just 
changes the euid.
 2004-01-16 23:05:47 +00:00
Todd C. Miller
d55c3f63c7 Use closefrom() instead of doing the equivalent inline. 2004-01-12 19:03:54 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
b2550741c1 Add a zero_bytes() function to do the equivalent of bzero in such a 
way that will heopfully not be optimized away by sneaky compilers.
 2003-12-31 22:46:08 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
f13528b0b1 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
a54c8e66fa Add strlc{at,py} protos 2003-03-13 17:54:04 +00:00