isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

146 Commits

Author SHA1 Message Date
Todd C. Miller
c86561e502 Remove the old Kerberos IV support 2011-11-13 09:12:43 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
1e93d1fbb6 Make sudo_auth_{init,cleanup} return TRUE on success and check for 
sudo_auth_init() return value in check_user().
 2011-09-27 15:41:22 -04:00
Todd C. Miller
4540a7525e Do not return without restoring permissions. 2011-09-27 15:22:08 -04:00
Todd C. Miller
bceb5df158 Modify the authentication API such that the init and cleanup functions 
are always called, regardless of whether or not we are going to
verify a password.  This is needed for proper PAM session support.
 2011-09-27 13:18:46 -04:00
Todd C. Miller
c5f8dc95c6 Fix a PAM_USER mismatch in session open/close. We update PAM_USER 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
 2011-09-27 11:13:44 -04:00
Todd C. Miller
7f4a0d095e Fix loop that calls authenticate(). 
If there was an error message from authenticate(), display it.
 2011-08-12 11:02:53 -04:00
Todd C. Miller
42a3966a88 Minor warning/error cleanup 2011-05-18 13:44:36 -04:00
Todd C. Miller
fce0b906eb cannot -> "unable to" in warning/error messages 2011-05-18 12:41:06 -04:00
Todd C. Miller
d006b00a4f Fix gettext marker. 2011-05-16 16:44:11 -04:00
Todd C. Miller
15bc74bd67 Include libint.h where needed. 2011-05-16 16:37:11 -04:00
Todd C. Miller
b643b190a7 Prepare sudoers module messages for translation. 2011-05-16 16:32:05 -04:00
Todd C. Miller
7708d5ce84 For AIX, keep calling authenticate() until reenter reaches 0. 2011-05-16 12:17:49 -04:00
Todd C. Miller
96b7c1f0f4 Add initial scaffolding to support localization via gettext() 2011-05-04 15:26:31 -04:00
Todd C. Miller
435d8413b5 Fix SIA support; we no longer have access to the real argc and argv 
so allocate space for a fake one and use the argv passed to the
plugin with "sudo" for argv[0].
 2011-04-26 09:51:34 -04:00
Todd C. Miller
233d90f2c3 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also 
has this.  Adapted from a patch from Diego Elio Petteno
 2011-04-06 10:08:57 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
6a52054147 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful 
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.
 2010-10-11 09:12:23 -04:00
Todd C. Miller
10c3bb62c4 Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
Also g/c unused compat.h.
 2010-09-07 16:45:19 -04:00
Todd C. Miller
6ce5c4cd97 If the user hits ^C while a password is being read, error out before 
reading any further passwords in the pam conversation function.
Otherwise, if multiple PAM auth methods are required, the user will
have to hit ^C for each one.
 2010-08-14 10:18:49 -04:00
Todd C. Miller
d2cc4740c1 For non-standalone auth methods, stop reading the password if the 
user enters ^C at the prompt.
 2010-08-06 17:16:57 -04:00
Todd C. Miller
96cb890d53 No need to look up shadow password unless we are doing password-style 
authentication.  This moves the shadow password lookup to the auth
functions that need it.
 2010-08-06 13:55:33 -04:00
Todd C. Miller
efbc7f1d57 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. 
On Linux it causes a DNS lookup via libaudit.
 2010-07-13 08:56:31 -04:00
Todd C. Miller
d9de7b5f8e Add support for a sudo-i pam.d file to be used for "sudo -i". 
Adapted from a RedHat patch.
 2010-07-12 17:57:53 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
8e26312539 Convert to ANSI C function declarations 2010-06-14 12:30:21 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
e146aaaa29 Fix visiblepw sudoers option; the plugin API portion still needs documenting 2010-06-10 15:02:32 -04:00
Todd C. Miller
a4a6620b24 Add SUDO_CONV_PROMPT_MASK define which corresponds to the "pwfeedback" 
sudoers option.  Do not disable echo if TGP_ECHO is set.
 2010-06-09 10:31:05 -04:00
Todd C. Miller
426435c12c If pam_open_session() fails, pass its status to pam_end. 2010-06-08 16:54:04 -04:00
Todd C. Miller
41436a7869 Fix OpenPAM detection for newer versions. 2010-06-02 10:33:02 -04:00
Todd C. Miller
34e1a06767 Use sudo_printf to display verbose version information. 2010-05-28 12:01:06 -04:00
Todd C. Miller
b2ed46652b Clean up the sudoers auth API a bit and update the docs. 2010-05-27 14:53:11 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
27be96c9cd Add open/close session to sudo auth, only used by PAM. 
This allows us to open (and close) the PAM session from sudoers.
 2010-05-26 17:57:47 -04:00
Todd C. Miller
d2b8bad2a5 Fix compilation for non PAM/BSD auth/AIX auth 2010-05-19 11:40:46 -04:00
Todd C. Miller
f42cf76d8a Re-enable bsm audit. Currently auditing is done within the sudoers 
plugin itself.  If possible, this should really be done in the main
driver but we don't presently have the needed data to do that.  This
will be re-evaluated when Linux audit support is added.
 2010-04-30 12:01:15 -04:00
Todd C. Miller
1bb9f62143 Convert perm setting to push/pop model; still needs some work 
Use the stashed runas groups instead of using getgrouplist()
Reset perms to the initial value on error
 2010-04-20 17:00:31 -04:00
Todd C. Miller
b4f4afdf69 Pass in output function to lbuf_init() instead of writing to stdout. 
A side effect is that the usage info can now go to stderr as it should.
 2010-03-18 06:42:17 -04:00
Todd C. Miller
d5ae4c7d87 Kill __P in sudoers 2010-03-17 19:56:27 -04:00
Todd C. Miller
88a0244dde Add missing newline after pass password warning 2010-03-15 18:13:06 -04:00
Todd C. Miller
748ce55381 Rename sudo_conv to conversation to avoid a namespace conflict. 2010-03-14 20:47:56 -04:00
Todd C. Miller
9b0205846b Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00
Todd C. Miller
e90fa482f9 Rework source layout in preparation for modular sudo. 2010-02-20 09:14:01 -05:00