Commit Graph

387 Commits

Author SHA1 Message Date
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
2004-11-15 15:53:53 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid,
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
2004-11-15 14:53:05 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that
set/end the shadow password file too.
2004-11-15 04:06:16 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l".
Only root or users with sudo "ALL" may list other user's entries.
2004-11-11 17:12:20 +00:00
Todd C. Miller
29fc2c9475 Only reset sudo_user.pw based on SUDO_USER environment variables for
real commands and sudoedit.  This avoids a confusing message when a
user tries "sudo -l" or "sudo -v" and is denied.
2004-10-27 16:16:23 +00:00
Todd C. Miller
efbc9997a1 Update for new parse. We now call find_path() *after* we have updated
the global defaults based on sudoers.  Also adds support for listing
other user's privs if you are root.
2004-10-26 22:22:46 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more
a obvious name to non-hackers.
2004-10-04 16:07:19 +00:00
Todd C. Miller
8a33025986 Use __attribute__((__noreturn__)) 2004-09-30 17:55:21 +00:00
Todd C. Miller
cbcb60b184 Add keepopen arg to open_sudoers that open_sudoers can use to
indicate to the caller that the fd should not be closed when it
is done with it.  To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
2004-09-29 18:36:33 +00:00
Todd C. Miller
e9b23cdee1 Add errorfile global that contains the name of the file that caused the
error.
2004-09-29 18:33:06 +00:00
Todd C. Miller
4b75a03343 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
we start at the right file position when reading include files.
2004-09-28 17:52:59 +00:00
Todd C. Miller
7cf26298a2 Rename check_sudoers() open_sudoers() and make it return a FILE * 2004-09-27 16:01:54 +00:00
Todd C. Miller
d4e3f175c8 g/c sudo_pwdup proto 2004-09-25 17:15:06 +00:00
Todd C. Miller
aa8d212e3c Call systrace_attach() if FLAG_TRACE is set. 2004-09-24 17:17:29 +00:00
Todd C. Miller
0c2be08089 Don't close sudoers_fp, keep it open and set close on exec flag instead. 2004-09-24 17:13:24 +00:00
Todd C. Miller
f30ab72c44 Add cmnd_base to struct sudo_user and set it in init_vars().
Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
2004-08-24 18:01:14 +00:00
Todd C. Miller
3c6bb6c79c Consistency. Use same error for bad -u #uid when targetpw is set
as we do when a bad -u username is specified.
2004-08-06 23:42:52 +00:00
Todd C. Miller
252093fa60 Error out when targetpw is enabled and sudo is run with -u #uid but
#uid does not exist in the passwd database.  We can't do target
authentication when the target is not in passwd!
2004-08-06 23:24:41 +00:00
Todd C. Miller
20815542a9 typo in comment 2004-06-10 16:32:59 +00:00
Todd C. Miller
713e419fe9 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:11 +00:00
Todd C. Miller
3e1e279d21 Error out if argc < 1. 2004-06-03 20:21:07 +00:00
Todd C. Miller
d33ad95208 Use PATH_MAX, not MAXPATHLEN since the former is standardized. 2004-06-01 01:22:27 +00:00
Todd C. Miller
e6f074282f filesystem -> file system 2004-05-17 22:21:15 +00:00
Todd C. Miller
a6849607c9 Preliminary changes to support nsr-tandem-nsk. Based on patches from
Tom Bates.
2004-05-17 20:08:46 +00:00
Todd C. Miller
6190f376c1 If the user specified a uid with the -u flag and the uid exists in
the passwd file, set runas_user to the name, not the uid.

When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
2004-03-24 23:06:34 +00:00
Todd C. Miller
21e3ca9cf8 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Aaron Spangler
b0226e939b Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
7a07ad8641 Don't look at prev_user until after we've parsed sudoers and done the
password check.  That way, if sudo/sudoedit is run from a root process
that was invoked by sudo, we check sudoers for root, not the previous
user.  This makes sudoedit much more useful and means that for the
sudo case, we get correct logging on who actually ran the command.
2004-01-29 21:15:27 +00:00
Todd C. Miller
5ccddf8176 Fix suspending the editor in -e mode. Because we do a fork() first
we need to be notified when the child has been stopped and then send
that same signal to ourself so the shell can do its job control thing.
2004-01-22 02:57:01 +00:00
Todd C. Miller
d1798a06b4 Allow non-exclusive flags when invoked as sudoedit.
Pretty print the long usage() line to not wrap (assumes 80 char display)
2004-01-21 23:55:39 +00:00
Todd C. Miller
2be964efea If sudo is invoked as "sudoedit" the -e flag is implied and no other
flags are permitted.
2004-01-21 23:01:35 +00:00
Todd C. Miller
4dc5700a6d Add a new flag, -e, that makes it possible to give users the ability
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
2004-01-21 22:25:10 +00:00
Todd C. Miller
8ab5b8c596 If real uid == 0 and the SUDO_USER environment variables is set,
use that to determine the invoking user's true identity.  That way
the proper info gets logged by someone who has done "sudo su" but
still uses sudo to as root.  We can't do this for non-root users
since that would open up a security hole, though perhaps it would
be acceptable to use getlogin(2) on OSes where this a system call
(and doesn't just look in the utmp file).
2004-01-21 22:06:02 +00:00
Todd C. Miller
063c2812e2 Back out portions of the -i commit that set NewArgv[0] in set_runaspw.
It is far to late to set NewArgv[0] there and will have no effect
anyway as cmnd and safe_cmnd have already been set.
2004-01-20 19:22:46 +00:00
Todd C. Miller
3001e7f296 In -i mode always set new environment based on the runas user's passwd entry. 2004-01-19 01:17:00 +00:00
Todd C. Miller
1ca6264df1 o Add -i that acts similar to "su -", based on patches from David J. MacKenzie
o Sort the flags in the usage message
2004-01-18 22:55:32 +00:00
Todd C. Miller
c823817275 Change euid to runas user before calling find_path(). Unfortunately,
though runas_user can be modified in sudoers we haven't parsed sudoers yet.
2004-01-17 21:34:05 +00:00
Todd C. Miller
03f5f4087c Fix a bug when set_runaspw() is used as a callback. We don't want to
reset the contents of runas_pw if the user specified a user via the -u flag.

Avoid unnecessary passwd lookups in set_authpw().  In most cases we already
have the info in runas_pw.
2004-01-17 18:49:59 +00:00
Todd C. Miller
febc09e147 Add set_runaspw() function to fill in runas_pw. This will be used
as a callback to update runas_pw when the runas user changes.
2004-01-16 23:09:20 +00:00
Todd C. Miller
ecfc813757 PERM_RUNAS -> PERM_FULL_RUNAS 2004-01-16 23:07:03 +00:00
Todd C. Miller
d55c3f63c7 Use closefrom() instead of doing the equivalent inline. 2004-01-12 19:03:54 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve()
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
2004-01-05 02:48:09 +00:00
Todd C. Miller
caf389c2fa Rename EXEC macro -> EXECV 2004-01-05 01:39:57 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
2003-12-30 22:31:30 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
2003-12-30 22:20:21 +00:00
Todd C. Miller
7f773be1fe If we are in -k/-K mode, just spew to stderr. It is not unusual for
users to place "sudo -k" in a .logout file which can cause sudo to
be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
Previously, this would result in useless mail and logging.
2003-12-23 02:18:13 +00:00