isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,820 Commits 1 Branch 0 Tags
9c1ee1fe73cee895ba53849206b36752a29a23b5
Commit Graph

1048 Commits

Author SHA1 Message Date
Todd C. Miller
9c1ee1fe73 Move base64_decode into its own source file. 2013-04-17 09:32:27 -04:00
Todd C. Miller
d32cb3d659 Only check year against 2038 if time_t is 32-bit. 2013-04-17 09:31:26 -04:00
Todd C. Miller
cc3c76b85d Add digest support for sudoers in ldap and sss. 2013-04-16 16:03:37 -04:00
Todd C. Miller
26a256260d Include stdint.h or inttypes.h before sha2.h 2013-04-16 12:16:41 -04:00
Todd C. Miller
6c737f043f Zero out struct iolog_details early to avoid a potential (though 
unlikely) dereference of stack garbage if we hit a fatal error
before iolog_deserialize_info() is called.
 2013-04-16 11:06:55 -04:00
Todd C. Miller
b0df32a771 Bump SUDOERS_GRAMMAR_VERSION for new digest support. 2013-04-15 15:14:07 -04:00
Todd C. Miller
e715841fc2 Sanity check digest in parser so visudo can catch errors. 
Add base64 support
 2013-04-15 15:12:00 -04:00
Todd C. Miller
89759fa36c For big endian architectures just use memcpy() instead of BE macros 
in a loop.
 2013-04-15 11:05:52 -04:00
Todd C. Miller
35375a2b7e Initial implementation of checksum support in sudoers. 
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
      checksum support for ldap sudoers
 2013-04-14 07:00:21 -04:00
Todd C. Miller
1aa4903520 SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public 
domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
respectively.
 2013-04-13 07:05:06 -04:00
Todd C. Miller
bce9a96a6d Add missing "not" in error message when mixing standalone and 
non-standalone authentication methods.
 2013-04-11 15:55:32 -04:00
Todd C. Miller
6f718ee3cd Check for crypt() returning NULL. Traditionally, crypt() never returned 
NULL but newer versions of eglibc have a crypt() that does.  Bug #598
 2013-04-11 13:10:40 -04:00
Todd C. Miller
e9726e5974 Better PAM error messages 2013-04-11 09:09:53 -04:00
Todd C. Miller
c00cc3bfe3 Better error messages 2013-04-11 09:03:37 -04:00
Todd C. Miller
8d2c791806 Use same error message for getauid() failure. 2013-04-11 08:54:39 -04:00
Todd C. Miller
236f306a2b Start warning with a lower case letter for consistency and to match 
existing translated strings.
 2013-04-11 06:38:12 -04:00
Todd C. Miller
c3b9c94e87 Sync with translationproject.org 2013-04-09 14:39:44 -04:00
Todd C. Miller
5555b86d7e Log timestampfile to debug file. 2013-04-09 14:17:59 -04:00
Todd C. Miller
9914cd8a76 Don't add the "Password: " string we look up in the PAM text domain 
to the sudoers.pot file.
 2013-04-09 09:40:36 -04:00
Todd C. Miller
e2ed8cc9f1 Synce with regcomp() error message change. 2013-04-08 15:41:55 -04:00
Todd C. Miller
b6d644b300 Be consistent with error message when regcomp() fails. 2013-04-08 15:41:09 -04:00
Todd C. Miller
e17267b5e1 Use group -1 instead of 1 as the invalid group since the running 
user might have group 1 as their default group.
 2013-04-05 08:17:19 -04:00
Todd C. Miller
f1aed773ec PWD may be a shell builtin, use CWD instead. 2013-04-05 08:05:35 -04:00
Todd C. Miller
faf150c4d0 Split up check_user(). 2013-04-04 10:04:22 -04:00
Todd C. Miller
382640839e regen 2013-04-02 10:40:16 -04:00
Todd C. Miller
46db7a20e4 Pass in expected gid to testsudoers in addition to the uid that 
matches the test sudoers files.
 2013-04-02 09:25:51 -04:00
Todd C. Miller
cd980f0b4f Fix compilation when getdomainame() is not present. 2013-04-01 16:35:35 -04:00
Todd C. Miller
073989aa68 Neded sys/time.h for struct timeval in struct sudo_tty_info. 2013-04-01 14:48:00 -04:00
Todd C. Miller
e7e739f659 regen depends 2013-04-01 14:10:42 -04:00
Todd C. Miller
e23ebd53c3 Instead of checking the domain name explicitly for "(none)", just 
check for illegal characters.
 2013-04-01 13:56:42 -04:00
Todd C. Miller
328994740e Only warn once when we are unable to open the sudoers file. 2013-04-01 11:23:29 -04:00
Todd C. Miller
41ab8da22c Fall back to opening /dev/tty to determine whether there is a tty 
if the system doesn't have kernel support for determing the tty.
 2013-04-01 10:40:17 -04:00
Todd C. Miller
d30008d580 Don't include gram.h in gram.y, its contents are already included. 
Move sudoerserror to the end of gram.y so COMMENT is declared
when we need to use it.
 2013-03-31 09:58:37 -04:00
Todd C. Miller
7796d6456d Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h 
when it is set.
 2013-03-29 14:03:00 -04:00
Todd C. Miller
a17d171155 We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but 
just leave it as-is.
 2013-03-29 10:54:46 -04:00
Todd C. Miller
a2ce6fd296 Add missing semicolon in rule. 2013-03-28 20:53:55 -04:00
Todd C. Miller
37b4b5d15e Now that we can determine the terminal even when file descriptors 
are redirected we can check user_ttypath rather than opening
/dev/tty when enforcing requiretty.
 2013-03-28 15:46:52 -04:00
Todd C. Miller
38dac1e0a4 Stash umask in struct sudo_user so we don't need to look it up later. 2013-03-28 15:40:32 -04:00
Todd C. Miller
5bac16f5cc Minor cosmetic change 2013-03-28 14:25:24 -04:00
Todd C. Miller
d482b00ec1 No longer need to declare interfaces 2013-03-28 14:25:09 -04:00
Todd C. Miller
b7e3516833 Fix compilation in SUDOERS_NO_SEQ case 2013-03-28 14:23:31 -04:00
Todd C. Miller
155669cfe4 No longer need to define sudo_printf 2013-03-28 13:40:20 -04:00
Todd C. Miller
4d3fc204f7 Pass auth_pw to the timestamp functions. 2013-03-28 13:22:09 -04:00
Todd C. Miller
2541257696 Fix SUDOERS_NO_SEQ 2013-03-28 13:21:43 -04:00
Todd C. Miller
7eb2394b40 Don't need all of sudoers.h in here 2013-03-28 11:19:18 -04:00
Todd C. Miller
213f7ff113 Don't need to include sudoers_version.h here. 2013-03-28 10:49:18 -04:00
Todd C. Miller
ec19ea97f2 DEFAULT_LECTURE is no longer used. 2013-03-27 15:01:26 -04:00
Todd C. Miller
13dbba174e Move sudo_conv into policy.c 2013-03-27 13:42:40 -04:00
Todd C. Miller
c66cf7c87e cosmetic fixes 2013-03-27 11:29:58 -04:00
Todd C. Miller
ddc1d36a0b RHEL (and perhaps other Linux distros) use the string "(none)" 
instead of an empty string when there is no actual NIS-style domain
name.  Bug #596
 2013-03-27 03:41:00 -04:00