isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

291 Commits

Author SHA1 Message Date
Todd C. Miller
25036d7a75 Pass a single I/O log file name in command_details instead of 
separate dir + file parameters.
 2010-12-30 17:09:01 -05:00
Todd C. Miller
97b7ae8892 If no iolog file is specified by the policy plugin, use io_nextid() 
to determine the next file in the sequence.
 2010-12-29 11:07:45 -05:00
Todd C. Miller
02ed3d5b3e Add support for the iolog_compress variable in command_info. 2010-12-28 12:23:18 -05:00
Todd C. Miller
bff14f60e6 Add sigsetjmp() calls to all plugin entry points just to be safe. 2010-12-28 11:02:12 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
53f9cfe062 In login mode, make a copy of the runas user's pw_shell for NewArgv[0] 
because 1) we modify it and 2) it will runas_pw gets freed before exec.
 2010-09-14 11:30:28 -04:00
Todd C. Miller
e069b74dc8 Convert sudoers plugin to use interface list passed in settings. 2010-09-08 15:07:40 -04:00
Todd C. Miller
1d37ab560a Always fill in NewArgv for audit code. 2010-09-07 17:59:10 -04:00
Todd C. Miller
e7d56e16e2 Do not set both MODE_EDIT and MODE_RUN 2010-09-04 08:41:42 -04:00
Todd C. Miller
256ee25ab5 Move get_auth() into check.c where it is actually used. 2010-08-21 08:48:35 -04:00
Todd C. Miller
129cf8d992 sudoers.h includes sudo_plugin.h for us 2010-08-10 16:36:54 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
cb1848fab1 Retain final passwd/group refs until the policy close() function. 
Note that this doesn't get called in all cases so putting
this in a cleanup function is probably better.
 2010-08-06 13:54:35 -04:00
Todd C. Miller
26526e667f delref sudo_user.pw, runas_pw and runas_gr immediately before we return. 2010-08-06 12:07:03 -04:00
Todd C. Miller
0186018d3d Reference count cached passwd and group structs. The cache holds 
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}.  The final ref on the runas and user passwd
and group structs are persistent for now.
 2010-08-04 09:58:50 -04:00
Todd C. Miller
6d0395ee68 Add support for Ubuntu admin flag file and enable it when building 
Ubuntu packages.
 2010-07-28 16:34:11 -04:00
Todd C. Miller
f7f65cfb95 Check return value of setdefs() but don't stop setting defaults if 
we hit an unknown one.
 2010-07-19 12:53:25 -04:00
Todd C. Miller
482f9cfc83 Handle getcwd() failure. 2010-07-14 14:17:56 -04:00
Todd C. Miller
d9de7b5f8e Add support for a sudo-i pam.d file to be used for "sudo -i". 
Adapted from a RedHat patch.
 2010-07-12 17:57:53 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
189b43fed3 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have 
closed the sudoers sources.  From Quest sudo.
 2010-06-25 10:05:51 -04:00
Todd C. Miller
d1bf11db33 Call set_fqdn() after sudoers has parsed instead of inline as a callback. 2010-06-18 17:47:55 -04:00
Todd C. Miller
d79b0ece15 Do not call set_fqdn() until sudoers parses (where is gets run as a callback). 2010-06-18 17:25:59 -04:00
Todd C. Miller
1fbb1819e7 Use sudo_printf for I/O log version 
Clarify policy plugin version string
 2010-06-10 14:24:06 -04:00
Todd C. Miller
eec336115a Move askpass path specification from sudoers to sudo.conf. 2010-06-09 17:40:44 -04:00
Todd C. Miller
bcaf51ce62 Fix setting selinux type on command line. 2010-06-08 17:10:27 -04:00
Todd C. Miller
afa3589d52 For sudoedit, make a local copy of editor string si become part of 
argv.  If no editor environment variable, split def_editor on ':'
since it may be a colon-delimited path.
 2010-06-04 12:17:19 -04:00
Todd C. Miller
2ee7524101 Add casts to quiet compiler warnings. 2010-06-01 09:54:03 -04:00
Todd C. Miller
2dd29bf64d Break sudoers transcript feature up into log_input and log_output. 2010-05-30 10:31:38 -04:00
Todd C. Miller
b6f02f38c0 Make sudoers_io functions static to iolog.c 2010-05-29 10:43:34 -04:00
Todd C. Miller
e952c8c7ff Eliminate unused variables 2010-05-28 13:21:56 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
34e1a06767 Use sudo_printf to display verbose version information. 2010-05-28 12:01:06 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
27be96c9cd Add open/close session to sudo auth, only used by PAM. 
This allows us to open (and close) the PAM session from sudoers.
 2010-05-26 17:57:47 -04:00
Todd C. Miller
4695dd1b70 Re-enable PATH_MAX check for command 2010-05-26 16:33:35 -04:00
Todd C. Miller
45923111e0 Repair "sudo -l -U username" 2010-05-25 14:21:21 -04:00
Todd C. Miller
937b5f166d Set selinux role and type in command details. 2010-05-25 13:58:16 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
60e0e496ef If running a command or sudoedit in transcript mode, call io_nextid() 
before log_allowed() so the session id is logged.
 2010-05-24 14:30:54 -04:00
Todd C. Miller
529bfcf674 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does 
(it is used when logging).  Note that user_ttypath will still be
NULL if there is no tty.
 2010-05-21 12:19:55 -04:00