isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,462 Commits 1 Branch 0 Tags
927e98e29f00c70a9ababfd6b8ffa4b57e67c4f8
Commit Graph

131 Commits

Author SHA1 Message Date
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
755a81e946 Add option for set_perm to not exit on failure and use this in 
the logging routines.
 2009-05-10 11:52:13 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
1939859a2e malloc debugging 2008-11-19 17:01:20 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
f201db90f3 Move update_defaults into defaults.c and call it properly from 
visudo and testsudoers.
 2008-11-02 19:06:37 +00:00
Todd C. Miller
8ba6fa2ae3 Defer setting runas defaults until after runaspw/gr is setup. 2008-11-01 13:20:01 +00:00
Todd C. Miller
efb510a9dc Use MAXHOSTNAMELEN+1 when allocating host/domain name since some 
systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.
 2008-10-29 17:26:42 +00:00
Todd C. Miller
e439faeeb4 Flesh out the fake passwd entry used for running commands as a uid not 
listed in the passwd database.  Fixes an issue with some PAM modules.
 2008-07-02 10:27:57 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
18d42bf8b4 sync user_args size calculation with sudo.c 
Add -g group option, renaming old -g to -G
Add set_runasgr() and set_runaspw() and use them
 2008-01-15 14:40:48 +00:00
Todd C. Miller
6c1ef6839c g/c set_runaspw stub 2008-01-15 14:17:31 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
a0f80d6581 rename lh_ -> tq_ 2007-09-11 19:42:48 +00:00
Todd C. Miller
21f0ea4d68 Each entry in a cmndlist now has an associated runaslist 
so no need to keep track of the most recent non-NULL one.
 2007-09-05 18:45:26 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
10e5d4e708 Use LH_FOREACH_REV when checking permission and short-circuit on 
the first non-UNSPEC hit we get for the command.  This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
 2007-08-31 01:21:26 +00:00
Todd C. Miller
d1dbe2ecee Change list head macros to take a pointer, not a struct. 2007-08-31 01:12:50 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
45b311cfa8 Reduce a level of indent by a few placed continue statements. 2007-07-06 00:21:16 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
7ca844890d Use function pointers to only call private passwd/group routines when 
using a nonstandard passwd/group file.
 2005-01-09 23:58:21 +00:00
Todd C. Miller
5e475c85b3 Add support for custom passwd/group files. 2005-01-05 19:50:49 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
a58012cfff Only check group vector in usergr_matches() if we are matching the 
invoking or list user.  Always check the group members, even if
there was a group vector.
 2005-01-01 17:41:21 +00:00
Todd C. Miller
94f606fbf6 Deal with user_stat being NULL as it is for visudo and testsudoers. 2004-11-24 21:44:54 +00:00
Todd C. Miller
9c526bdc30 Correctly handle multiple privileges per userspec and runas inheritence. 2004-11-23 23:18:15 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
e26e40df8a Store aliases in a red-black tree. 2004-11-15 03:55:22 +00:00
Todd C. Miller
987d5cf815 Rewrite for the new parser. Now supports a -d flag (dump) and adds a -h 
flag (host).  It now defaults to the local hostname unless otherwise
specified.
 2004-10-26 22:25:34 +00:00
Todd C. Miller
d9e4426cb1 Kill set_perms() stub--it is no longer needed. 2004-10-21 16:31:19 +00:00
Todd C. Miller
cbcb60b184 Add keepopen arg to open_sudoers that open_sudoers can use to 
indicate to the caller that the fd should not be closed when it
is done with it.  To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
 2004-09-29 18:36:33 +00:00
Todd C. Miller
01212e4ebb init_parser now takes a path 2004-09-28 18:31:38 +00:00
Todd C. Miller
ec0ef3fcf7 Add open_sudoers() stubs. 2004-09-27 16:02:10 +00:00
Todd C. Miller
1a46dd74f6 Don't pass user_cmnd and user_args to command_matches(), just use 
the globals there.  Since we keep state with statics anyway it is
misleading to pretend that passing in different cmnd and cmnd_args
will work.
 2004-08-02 18:44:58 +00:00
Todd C. Miller
c01dbab988 update (c) year 2004-06-07 00:02:56 +00:00
Todd C. Miller
713e419fe9 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:11 +00:00
Todd C. Miller
6190f376c1 If the user specified a uid with the -u flag and the uid exists in 
the passwd file, set runas_user to the name, not the uid.

When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
 2004-03-24 23:06:34 +00:00
Todd C. Miller
5befe6ddfe More to a less restrictive, ISC-style license. 2004-02-13 21:36:44 +00:00
Todd C. Miller
327729a7e6 Add stub set_runaspw() function 2004-01-16 23:09:34 +00:00
Todd C. Miller
4e74e8c530 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00