isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,570 Commits 1 Branch 0 Tags
90995c0acf95e33381cd91fea5d2bac46f60d22c
Commit Graph

8570 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
17d8734581 Update to libtool 2.4.6 2016-10-21 10:03:02 -06:00
Todd C. Miller
d078450fb5 Use a static buffer if possible. 2016-10-19 12:56:34 -06:00
Todd C. Miller
19c96da44d add vsyslog() for systems without it. 2016-10-19 11:32:36 -06:00
Todd C. Miller
6fa59b7416 There are now 14 tag values, not 10. Don't bother mentioning the 
number since it keeps increasing.  Bug #759
 2016-10-19 07:33:07 -06:00
Todd C. Miller
c18ff022e0 Use vsyslog() if available. 2016-10-18 17:00:53 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
f632e0a63d Don't generate SIGTOU when restoring the terminal modes. It doen't 
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
 2016-10-17 09:02:34 -06:00
Todd C. Miller
9b886f6b2c The flush parameter of sudo_term_restore() is bool, not int. 2016-10-17 08:57:17 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
ddbbcb9441 Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on AIX 5.1 at least. 2016-10-10 08:38:50 -06:00
Todd C. Miller
9dbd45ff66 add missing guard around wordexp() 2016-10-10 08:33:57 -06:00
Todd C. Miller
bea34c9e6d expand on 1.8.18p1 changes 2016-10-10 08:24:47 -06:00
Todd C. Miller
45b396598b sudo 1.8.18p1 2016-10-09 19:58:54 -06:00
Todd C. Miller
8e49ce07f6 Fix configure check for seccomp filter on Linux 2016-10-09 11:24:29 -06:00
Todd C. Miller
237e2f964d Use a seccomp filter on Linux to disable execve(2) and execveat(2). 
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
 2016-10-08 19:09:17 -06:00
Todd C. Miller
d24b9246a9 regen 2016-10-08 19:02:15 -06:00
Todd C. Miller
b5f1d4e254 regen 2016-10-08 10:36:02 -06:00
Todd C. Miller
d0ccd947d0 Wrap wordexp(3) in sudo_noexec. 2016-10-05 20:21:18 -06:00
Todd C. Miller
96580de20c Clean .json files created by "make check" 2016-09-26 13:38:51 -06:00
Todd C. Miller
90e4538c00 recompile .po files 2016-09-19 16:40:26 -06:00
Todd C. Miller
0a68d6799e Fix matching when no sudoRunAsUser is present in a sudoRole. 
If only a sudoRunAsGroup is present, match on the invoking user
if the -g option was specified and the group matched.
If no sudoRunAsGroup is present and the -g option was specified,
allow it if it matches the passwd gid of the runas user.
This matches the behavior of the sudoers backend.
 2016-09-19 06:19:49 -06:00
Todd C. Miller
1bccd14180 runas_pw can no longer be NULL 2016-09-19 06:08:00 -06:00
Todd C. Miller
25f90b4811 RunAsGroup without RunAsUser issues 2016-09-15 15:24:00 -06:00
Todd C. Miller
9a55c0c25d user_matched and group_matched must be type int, not bool 2016-09-15 15:22:06 -06:00
Todd C. Miller
b165a5ff71 Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding 
whether to check runas user/group instead of checking runas_pw or
runas_gr.
 2016-09-15 13:47:38 -06:00
Todd C. Miller
0ff95dfaaa When matching against runas_default use userpw_matches() instead 
of just strcasecmp().
 2016-09-15 13:36:43 -06:00
Todd C. Miller
a750bebf10 Set RUNAS_USER_SPECIFIED when -u is specified and/or RUNAS_GROUP_SPECIFIED 
when -g is specified.
 2016-09-15 13:16:38 -06:00
Todd C. Miller
d64153967e Fix printing of the default runas user when a RunAsGroup is specified 
but no RunAsUser is present.
 2016-09-15 11:29:27 -06:00
Todd C. Miller
fb32867e4c Only match against runas_default if both sudoRunAsUser and 
sudoRunAsGroup are missing.
 2016-09-15 10:46:57 -06:00
Todd C. Miller
d2af18c1fa runas_pw can no longer be NULL here 2016-09-15 09:40:41 -06:00
Todd C. Miller
ef82f792a1 Update check for whether or not the runas user was set in the ldap 
and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.
 2016-09-15 09:37:53 -06:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
50d0191de3 Disable Address Sanitizer leak detection for tests which generate 
parse errors.  The parser leaks a bit on error.
 2016-09-15 08:33:01 -06:00
Todd C. Miller
37099a6e7d Fix underflow in get_ipa_hostname() when trimming trailing 
whitespace.
 2016-09-15 05:54:53 -06:00
Todd C. Miller
394485f279 Document negated sudoHost entries. 2016-09-14 10:33:38 -06:00
Todd C. Miller
ff753d1e16 Support negated sudoHost entries. 2016-09-14 10:33:27 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
f51fbfa40d Support negated sudoHost entries. 2016-09-14 10:22:52 -06:00
Todd C. Miller
ca2a1f3109 Don't check the username when matching a host netgroup unless 
def_netgroup_tuple is enabled.
 2016-09-13 09:12:42 -06:00
Todd C. Miller
c73dec723c Move valid domain name check into a new valid_domain() function. 
Fix memory leak if getdomainname(2) fails and avoid using heap
garbage for the domain name matching in this case.
 2016-09-13 09:06:25 -06:00
Todd C. Miller
7687dd6527 sync with translationproject.org 2016-09-12 14:59:22 -06:00
Todd C. Miller
533c9ce108 Add back line mistakenly removed in 0cf2a9351740 2016-09-11 14:37:42 -06:00
Todd C. Miller
86ce2f89fd sync with translationproject.org 2016-09-11 07:50:12 -06:00
Todd C. Miller
f7bd14f706 Bug #757 2016-09-09 16:29:37 -06:00
Todd C. Miller
ead485b96b Fix typo that broke short host name matching when the fqdn 
flag is enabled.  Bug #757
 2016-09-09 16:26:22 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
33fb814e85 sync with translationproject.org 2016-09-07 11:08:12 -06:00
Todd C. Miller
6eb1b8c7ea Norwegian Nynorsk translation of sudo from translationproject.org 2016-09-07 11:07:59 -06:00
Todd C. Miller
fc7e2a98fd Fix for Bug #756 2016-09-07 11:02:25 -06:00
Todd C. Miller
b80309e6d8 In sudoers_main() avoid setting rval prematurely. Prevents a crash 
when auditing fails after successfully authenticating.  Bug #756
 2016-09-05 19:44:46 -06:00