isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,665 Commits 1 Branch 0 Tags
98931e0f8f6503a8dbcefc31fa5f755e84bc37c8
Commit Graph

189 Commits

Author SHA1 Message Date
Todd C. Miller
eebc763bd3 Use strlc{at,py} for paranoia's sake and exit on overflow. In all 
cases the strings were either pre-allocated to the correct size of
length checks were done before the copy but a little paranoia can
go a long way.
 2003-03-13 20:00:45 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
7cc2f3b3e5 Remove Chris Jepeway's email address so people don't bug him ;-) 2002-03-16 00:44:48 +00:00
Todd C. Miller
a82e7a8efe (c) 2002 2002-01-08 15:00:18 +00:00
Todd C. Miller
bd74bbdfb0 kill extra blank line 2002-01-08 14:08:23 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
4572e80469 Fix CIDR -> in_addr_t conversion. 2001-12-13 01:07:25 +00:00
Todd C. Miller
afff0d56b4 Make 'listpw=never' work for users who are not explicitly mentioned in 
sudoers.
 2001-12-12 21:00:56 +00:00
Todd C. Miller
6525e882a4 The listpw and verifypw sudoers options would not take effect because 
the value of the default was checked *before* sudoers was parsed.
Instead of passing in the value of PWCHECK_* to sudoers_lookup(),
pass in the arg for def_ival() so the check can be deferred until
after sudoers is parsed.
 2000-08-12 20:48:29 +00:00
Todd C. Miller
9aeabf1b03 Fully qualified hosts w/ wildcards were not matching the FQHOST token type. 
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
 2000-03-23 04:38:20 +00:00
Todd C. Miller
5ce1fa96f2 Add support for wildcards in the hostname. 2000-03-23 04:09:53 +00:00
Todd C. Miller
db2c555453 kill register 2000-03-22 15:53:09 +00:00
Todd C. Miller
9e0bae9fc6 update copyright year on changed files 2000-01-17 23:46:26 +00:00
Todd C. Miller
f68cc2f628 Add "listpw" and "verifypw" options. 2000-01-17 04:05:18 +00:00
Todd C. Miller
0b59a0974d netgr_matches needs to check shost as well as host since they may be different. 2000-01-11 18:20:41 +00:00
Todd C. Miller
625e3e46d0 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l w/o a passwd 
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
 2000-01-03 04:43:33 +00:00
Todd C. Miller
957fa7941d o Kill HAVE_FNMATCH_H 
o Only define HAVE_FNMATCH if <fnmatch.h> exists.
 1999-12-09 03:54:57 +00:00
Todd C. Miller
b937889e88 Don't ask the user for a password if the user is not allowed to run 
the command and the authenticate flag (in sudoers) is false.
 1999-12-06 00:14:54 +00:00
Todd C. Miller
a067249e1c Move inclusion of emul/fnmatch.h to be after sudo.h for __P 1999-08-28 10:00:22 +00:00
Todd C. Miller
56f3bf61c1 typo in comment 1999-08-27 14:39:24 +00:00
Todd C. Miller
a2b3e36e73 add FLAG_NO_CHECK 1999-08-26 09:06:41 +00:00
Todd C. Miller
8723291d89 CIDR-style netmask support 1999-08-24 16:42:28 +00:00
Todd C. Miller
275c2fc980 Run most of the code as root, not the invoking user. It doesn't really 
gain us anything to run as the user since an attacker can just have
an setuid(0) in their egg.  Running as root solves potential problems
wrt signalling.
 1999-08-20 20:37:16 +00:00
Todd C. Miller
0598093e2c sudoers_lookup() now returns a bitmap instead of an int. This makes it 
possible to express things like "failed to validate because user not listed
for this host".  Some thigns that were previously VALIDATE_FOO are now
FLAG_FOO.  This may change later on.

Reorganized code in log_auth() and sudo.c to deal with above changes.

Safer versions of push/pushcp with in the do { ... } while (0) style

parse.yacc now saves info on the stack to allow parse.c to determine
if a user was listed, but not for the host he/she tried to run on.

Added --with-mail-if-no-host option
 1999-08-19 16:30:09 +00:00
Todd C. Miller
145992dce2 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file 
o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
 1999-08-06 09:37:03 +00:00
Todd C. Miller
6b3909c780 rename validate() to the more descriptive sudoers_lookup() 1999-08-01 15:42:12 +00:00
Todd C. Miller
0d732401f4 add 4th term to license similar to term 5 in the apache license 1999-07-31 16:19:50 +00:00
Todd C. Miller
c7fd99aa54 BSD-style copyright. Move parser-specific defines and structs into parse.h + other cosmetic changes 1999-07-22 12:51:18 +00:00
Todd C. Miller
26be17a3d6 Add contribution info in the main comment 1999-07-12 10:25:14 +00:00
Todd C. Miller
80287c981c Move interface-related defines to interfaces.h so we don't have to include 
<netinet/in.h> everywhere.
 1999-05-17 01:36:30 +00:00
Todd C. Miller
16fdb0a5c5 fix comment 1999-04-10 17:03:32 +00:00
Todd C. Miller
06e586ee7b Function names should be flush with the start of the line so they can be found trivially in an editor and with grep 1999-04-10 04:49:03 +00:00
Todd C. Miller
eecc5ce1c9 free(3) is already void, no need to cast it 1999-04-10 04:40:57 +00:00
Todd C. Miller
59b0cff8cf Stash the "safe" path (ie: the one listed in sudoers) to the command instead 
of stashing the struct stat.  Should be safer.
 1999-04-10 04:10:01 +00:00
Todd C. Miller
499e869237 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a command 
but the NOPASSWD flag was set.
Make runasspec, runaslist, runasuser, and nopasswd typeless in parse.yacc
Add support for '!' in the runas list
Fix double printing of '%' and '+' for groups and netgroups respectively
Add *_matched macros (no need for local stack variable).  Should only be
used directly after a pop (since top must be >= 2).
 1999-04-06 05:00:29 +00:00
Todd C. Miller
e6deacb6c4 Crank version to 1.6 and combine copyright statements 1999-04-05 20:57:25 +00:00
Todd C. Miller
49c5a12d8c Fix another parser bug. For a sudoers entry like this: 
millert	ALL=/bin/ls,(daemon) !/bin/ls
sudo would not allow millert to run ls as root.
 1999-03-30 17:17:54 +00:00
Todd C. Miller
79c46d1c81 ++version 1999-03-29 04:05:15 +00:00
Todd C. Miller
382ef75493 Use emalloc/erealloc/estrdup 1999-03-29 02:59:34 +00:00
Todd C. Miller
52916f16ac add explicate copyright 1999-02-03 04:32:19 +00:00
Todd C. Miller
826fe213f2 add sudo tags 1999-01-17 23:16:20 +00:00
Todd C. Miller
d3aaf52283 crank version and regen files 1999-01-17 22:40:55 +00:00
Todd C. Miller
62dba8f4d1 more -Wall 1998-11-18 04:16:13 +00:00
Todd C. Miller
c253188f55 -Wall 1998-11-18 03:51:10 +00:00
Todd C. Miller
4f461199af kill perror("malloc") since we already have a good error messages 
pw_ent -> pw for brevity
when checking if %group matches, look up user in password file so
that %groups works in a RunAs spec.
 1998-11-04 01:39:40 +00:00
Todd C. Miller
5bfb481ca7 no more options.h 1998-10-15 05:41:26 +00:00
Todd C. Miller
581cfa1406 FAST_MATCH is no longer an optino 1998-10-15 03:57:14 +00:00
Todd C. Miller
0ef9f25d7e updated version 1998-09-17 16:27:15 +00:00
Todd C. Miller
a1c5148c34 use NAMLEN() macro 1998-09-07 02:41:33 +00:00
Todd C. Miller
12477fd6e6 updated version 1998-04-06 03:35:50 +00:00