isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

93 Commits

Author SHA1 Message Date
Todd C. Miller
ddc1d36a0b RHEL (and perhaps other Linux distros) use the string "(none)" 
instead of an empty string when there is no actual NIS-style domain
name.  Bug #596
 2013-03-27 03:41:00 -04:00
Todd C. Miller
64e558bcfb Fix return values when NAME_MATCH is defined. 2013-03-27 03:39:18 -04:00
Todd C. Miller
e051df6577 Mac OS X has netgroup functions in netdb.h. 2013-03-06 17:05:23 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
3c9da162e4 Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN (sys/param.h 
or netdb.h).
 2012-12-04 10:18:41 -05:00
Todd C. Miller
6a25affb47 Add rudimentary support for name-based matching as a compile-time 
option.  This unsafe when used in conjunction with the '!' operator.
 2012-09-24 10:09:41 -04:00
Todd C. Miller
57699c5531 If a command matches using an empty Runas_List (i.e. Runas_List is 
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default.  This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
 2012-08-02 14:37:32 -04:00
Todd C. Miller
e2d210a340 Add support for parsing an empty Runas_List, which only allows the 
command to be run as the invoking user.  This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
 2012-08-02 14:02:54 -04:00
Todd C. Miller
649edc3192 Export group cache from sudoers.so for system_group.so to use. 2012-06-13 16:21:45 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
0771c981de Update copyright year. 2012-01-06 14:23:55 -05:00
Todd C. Miller
c4ba511613 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a 
bug where a pattern like "/usr/*" include /usr/bin/ in the results,
which would be incorrectly be interpreted as if the sudoers file
had specified a directory.  From Vitezslav Cizek.
 2012-01-05 15:54:00 -05:00
Todd C. Miller
21a2f95821 Use stdbool.h instead of rolling our own TRUE/FALSE macros. 2011-12-02 11:27:33 -05:00
Todd C. Miller
09beba8259 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and 
<def_data.h> and not "def_data.h" when generating the parser in a
build dir.
 2011-11-12 12:18:44 -05:00
Todd C. Miller
0bf68d2103 #include "gram.h" not <gram.h> and "def_data.h" and not <def_data.h>. 2011-11-08 14:09:48 -05:00
Todd C. Miller
6973ed5eb4 When matching a RunasAlias for a runas group, pass the alias in as 
the group_list, not the user_list.  From Daniel Kopecek.
 2011-10-25 10:34:31 -04:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
1a259de176 Split out address matching into its own file and add regression 
tests for it.
 2011-08-29 14:10:18 -04:00
Todd C. Miller
a47f005437 When matching an address with a netmask in sudoers, AND the mask 
and addr before checking against the local addresses.
 2011-08-27 12:09:30 -04:00
Todd C. Miller
526a61004d Fix netmask matching. 2011-08-26 16:01:39 -04:00
Todd C. Miller
d9e807b269 If the user specifies a runas group via sudo's -g option that matches 
the runas user's group in the passwd database and that group is not
denied in the Runas_Spec, allow it.  Thus, if user root's gid in
/etc/passwd is 0, then "sudo -u root -g root id" is allow even if
no groups are present in the Runas_Spec.
 2011-05-23 14:00:54 -04:00
Todd C. Miller
092b4b4d02 Be careful not to deref user_stat if it is NULL. This cannot currently 
happen in sudo but might in other programs using the parser.
 2011-03-16 15:59:44 -04:00
Todd C. Miller
21d8f01fac return foo not return(foo) 2011-02-07 06:47:29 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
b92b745eaf Fix NULL dereference with "sudo -g group" when the sudoers rule has 
no runas user or group listed.  Fixes RedHat bug Bug 667103.
 2011-01-04 12:44:39 -05:00
Todd C. Miller
70cf50fd20 In sudoedit mode, assume command line arguments are paths and 
pass FNM_PATHNAME to fnmatch().
 2010-11-22 10:27:29 -05:00
Todd C. Miller
e069b74dc8 Convert sudoers plugin to use interface list passed in settings. 2010-09-08 15:07:40 -04:00
Todd C. Miller
10c3bb62c4 Make local includes consistent; use double quotes for local includes 
except for generated ones where we use angle brackets.
Also g/c unused compat.h.
 2010-09-07 16:45:19 -04:00
Todd C. Miller
8ec596c7d9 When matching the runas user and runas group (-u and -g command 
line options), keep track of runas group and runas user matches
separately.  Only return a positive match if we have a match for
both runas user and runas group (if specified).
 2010-09-06 07:56:15 -04:00
Todd C. Miller
0186018d3d Reference count cached passwd and group structs. The cache holds 
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}.  The final ref on the runas and user passwd
and group structs are persistent for now.
 2010-08-04 09:58:50 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
fe49f161a8 Move union sudo_in_addr_un into interfaces.h 2010-06-14 14:52:53 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
b09a643ff0 Quiet a compiler warning. 2010-06-14 11:18:50 -04:00
Todd C. Miller
d346e50903 Use angle brackets when including headers that can only be found when 
an -I flag is specified.  The files in the compat dir could get away
with double quotes here but I've converted all the source files
to use angle brackets for consistency.
 2010-04-30 15:13:47 -04:00
Todd C. Miller
05ae3ea6cb Convert to ANSI C function declarations 2010-04-22 18:09:53 -04:00
Todd C. Miller
8df6ba9fee Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch. 2010-03-22 10:19:07 -04:00
Todd C. Miller
d5ae4c7d87 Kill __P in sudoers 2010-03-17 19:56:27 -04:00
Todd C. Miller
9b0205846b Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00
Todd C. Miller
d6187f5ad3 Replace emul/include.h with compat/include.h to match new source 
tree layout.
 2010-02-20 09:22:30 -05:00
Todd C. Miller
e90fa482f9 Rework source layout in preparation for modular sudo. 2010-02-20 09:14:01 -05:00