isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,041 Commits 1 Branch 0 Tags
9ab8efa8f42d9c51e6795affd412a88cd1373d00
Commit Graph

850 Commits

Author SHA1 Message Date
Todd C. Miller
6c1b155fed Add copyright for the Python bindings. 2020-03-11 15:43:48 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Robert Manner
c039a99c10 plugins/python/sudo_module: add sudo.LogHandler 
so python log system can be used with sudo logsystem.
Loggers use it by default (the handler is set on the root logger).
If that is not the intent, it can be overridden explicitly.
 2020-02-28 05:46:54 -07:00
Robert Manner
34b4bb72d6 plugins/python: autodetect ClassName field 
If "ClassName" is not specified, load the one and only sudo.Plugin from
the module (if so), otherwise display which plugins are available from
which the system admin can choose.
 2020-02-28 05:46:54 -07:00
Robert Manner
5c96b4407d plugins/python/plugin_common: add a default search path for python plugins 
If the ModulePath is relative, assume it is under
"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in a
"python" subdirectory.
 2020-02-28 05:46:54 -07:00
Robert Manner
e588879cf5 doc/sudo_plugin_python: add approval plugin to supported plugins 2020-02-26 13:15:52 -07:00
Robert Manner
95dce8cbe6 doc/sudo_plugin_python: document approval plugin and PluginReject 2020-02-19 11:51:18 -07:00
Todd C. Miller
982c003b8d Add support for JSON structured logging using syslog. 
Note that depending on the system, the default syslog buffer
may not be large enough to store all the logging data.
 2020-02-17 16:25:18 -07:00
Todd C. Miller
5781a6a4cf Add support for JSON logging in sudo_logsrvd. 2020-02-17 16:10:56 -07:00
Todd C. Miller
009788afae Clarify that approval close happens after auditing. 
Also fix a few typos.
 2020-02-10 15:43:25 -07:00
Todd C. Miller
01a53f2865 Add open and close functions to the approval plugin API. 
We need a close function to be able to to free memory allocated for
errstr.  Unlike the other plugins, the close function is called
immediately after the plugin's check or show_version function.
The plugin does not remain open until the command completes.
 2020-02-10 15:29:48 -07:00
Robert Manner
ecdaaffd57 doc/sudo_plugin_python: document python audit plugin support 2020-02-10 05:24:16 -07:00
Robert Manner
bd465b3087 doc/sudo_plugin_python: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
8f79d5c1c7 doc/sudo_plugin_python: update python manual for constant -> enum changes 2020-02-10 05:24:16 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
cec6b1708a Regenerate .man.in files from .mdoc.in 2020-02-02 16:13:05 -07:00
Todd C. Miller
b35cc96f0e Update documentation for setbase when the given base is NULL. 2020-02-02 16:12:39 -07:00
Todd C. Miller
790f8bb629 Document audit plugin in the sudo_plugin manual. 2020-01-30 20:57:40 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Robert Manner
9294108cd6 doc/sudo_plugin_python: update doc about the multiple I/O plugin loading 2020-01-23 12:46:14 -07:00
Todd C. Miller
f4716a75e4 Document new tls_verify setting. 2020-01-23 11:42:08 -07:00
Todd C. Miller
07a2965bab Document TCP keepalive options in the manual pages. 2020-01-22 11:07:01 -07:00
Todd C. Miller
b8e1422e84 Add proper diacritical to Róbert's name. 2020-01-22 10:48:31 -07:00
Todd C. Miller
5913c63642 Add abs_top_srcdir and abs_top_builddir and use them. 
Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir.  We can use these instead of calling pwd.
 2020-01-20 06:37:42 -07:00
Todd C. Miller
0ab02b8a16 Fix mdoc lint warnings by removing .Pp before and after .Ss. 2020-01-17 09:47:52 -07:00
Todd C. Miller
c9f26ebbb4 Remove whitespace at the end of the line in example sudo.conf 2020-01-17 09:47:52 -07:00
Todd C. Miller
e7480c3410 Add newline before list of artwork authors. 2020-01-10 10:42:39 -07:00
Todd C. Miller
bf68dce053 Update copyright year. 2020-01-10 10:26:12 -07:00
Todd C. Miller
b141213a10 Add Robert Manner 2020-01-07 09:46:07 -07:00
Todd C. Miller
b527ac3fb5 Update sample sudo.conf with all supported settings. 
The deprecated "max_groups" setting is not documented.
 2020-01-02 14:07:30 -07:00
Todd C. Miller
8aa815643f Remove POD-style C<> markup (typewriter font) from sudo.conf 2020-01-02 13:12:27 -07:00
Robert Manner
3f890e4db8 doc/sudo_plugin_python: indent code examples for easier readability 2020-01-02 11:53:08 -05:00
Robert Manner
9871f7e37b doc/sudo.conf: document developer_mode option 2020-01-02 11:53:08 -05:00
Todd C. Miller
a76b7543bf fix typo in previous 2019-12-31 07:48:57 -07:00
Todd C. Miller
a8c39ea81b Changes in sudo 1.8.30 2019-12-31 06:02:19 -07:00
Todd C. Miller
79e52c7764 Substitute @prefix@ in for the example paths. 
We can't use @exampledir@ here since it contains Makefile variables.
 2019-12-23 07:27:54 -07:00
Todd C. Miller
5dcc28180e Add sudo_plugin_python manual page. 
Based on markdown docs from Robert Manner.
 2019-12-21 12:54:55 -07:00
Todd C. Miller
a441580540 Update SUDO_CONV_REPL_MAX in docs. 2019-12-14 12:40:55 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
d0b80b404c Replace timeleft with pending in sudo plugin event API. 2019-12-07 08:42:10 -07:00
Todd C. Miller
d98022177e Document log_server_cabundle, log_server_peer_cert and log_server_peer_key 2019-12-06 13:23:51 -07:00
Todd C. Miller
a1e61f5ac0 Sync init_session() prototype with sudo_plugin.h and fix a typo. 2019-12-05 16:57:12 -07:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00