isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
7d994b5032 Remove remaining calls to fatalx(); just pass the error to the caller. 2014-03-31 15:43:52 -06:00
Todd C. Miller
2d1484fe84 Make a password/group cache collision a warning rather than fatal. 
This should not be possible in practice and we can safely return
the new (potentially duplicate) item as it will be freed by the
caller.  Make sudo_set_grlist() return an error on failure instead
of calling fatalx().
 2014-03-26 16:44:29 -06:00
Todd C. Miller
db54815996 Use log_warning() instead of log_fatal() if the ticket or lecture 
path is too long and just return an error.  This can only happen
from a misconfiguration so just ignoring the ticket/lecture file
is safe.
 2014-03-26 14:22:46 -06:00
Todd C. Miller
639ac92e6d In find_path(), return NOT_FOUND_ERROR instead of calling fatal() 
if the path is too long.  Remove an extraneous check against PATH_MAX
in set_cmnd() since find_path() already contains such a check.
 2014-03-26 14:15:15 -06:00
Todd C. Miller
4848b5691d Remove unused MODE_LISTDEFS define and correct a comment. 2014-03-26 14:03:04 -06:00
Todd C. Miller
9ff3b1b570 Make hexchar() return -1 on invalid input instead of calling fatalx(). 
Callers used to check that the string was hex before calling hexchar().
Now callers must check for a -1 return value instead.
 2014-03-26 13:50:51 -06:00
Todd C. Miller
2220f55aef Propagate errors in audit code to caller instead of using fatal(). 
If we fail to audit an otherwise successful command, return an error
from the policy.  For Linux audit, sudo may be compiled with audit
support but auditing may not be setup, so we don't consider that
an error.
 2014-03-26 13:00:56 -06:00
Todd C. Miller
7d7f9cb55a Remove unused variable on Linux. 2014-03-26 11:10:20 -06:00
Todd C. Miller
2dfc10830c Fix warning on systems where mode_t is not unsigned int (Solaris). 2014-03-26 11:09:57 -06:00
Todd C. Miller
1017ad4e2c Audit path too long errror. Add comments about non-audit events 
and placeholders for future audit hooks.
 2014-03-25 16:46:00 -06:00
Todd C. Miller
4e3e5077e1 Remove unused FLAG_USER auth flag. We have no auth methods that 
require that authentication be run as the invoking user.
 2014-02-27 15:51:40 -07:00
Todd C. Miller
a5aeaf20da Fix some sign comparision warnings. 2014-03-25 16:16:11 -06:00
Todd C. Miller
3cdb944de4 Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw 
or targetpw is set.  Bug #639
 2014-03-19 16:55:37 -06:00
Todd C. Miller
4d712aa903 Don't write an empty timestamp record when timestamp_timeout is 
zero.  If we find an empty record in the timestamp file, overwrite
it with a good one, truncating the file as needed.
 2014-03-17 07:14:55 -06:00
Todd C. Miller
403a48da40 Fix typo/thinko that prevented "Defaults !tty_tickets" from working. 2014-03-13 13:38:42 -06:00
Todd C. Miller
35c41deb41 Fix "sudo -l command" output when the matching command is negated. 
Bug #636
 2014-03-13 08:21:04 -06:00
Todd C. Miller
5c6d2ad689 CWD no longer used. 2014-03-11 09:00:48 -06:00
Todd C. Miller
ee135ea261 Fix diff of toke and err output files in "make check" 2014-03-11 08:52:52 -06:00
Todd C. Miller
8461dc6e24 Fix compiler warning in debug code. 2014-03-06 15:21:49 -07:00
Todd C. Miller
0030bfe7d5 Fix handling of '!' operator when converting sudoers. We now add 
a "negated" boolean flag to objects that have the '!' operator.
 2014-03-04 16:18:35 -07:00
Todd C. Miller
c934882c3e Czech translation for sudoers from translationproject.org 2014-03-01 07:53:17 -07:00
Todd C. Miller
d75e5f6fef Fix typo in setreuid() PERM_ROOT error message. 2014-02-27 16:40:28 -07:00
Todd C. Miller
f2f96d849b Fix conversion of timestamp_timeout from double to struct timeval. 
Also quiet a printf format warning on 32-bit systems.
 2014-02-26 10:29:52 -07:00
Todd C. Miller
b41f5c2d3b Serbian translation for sudoers from translationproject.org. 2014-02-25 17:14:51 -07:00
Todd C. Miller
58341a8bfc When exporting sudoers in JSON format, use the same type of Options 
object for both Defaults and Cmnd_Specs.
 2014-02-24 09:31:14 -07:00
Todd C. Miller
0cdf4407df sync with translationproject.org 2014-02-17 10:31:40 -07:00
Todd C. Miller
c6e310b948 We also need to open the sudoers file as root if there is a GID 
mismatch.
 2014-02-17 10:20:14 -07:00
Todd C. Miller
0a6ec9615b Fix indentation of Defaults entries. The initial indent should be 
outside the loop iterating over the entries.
 2014-02-12 15:00:04 -07:00
Todd C. Miller
198e73b5c8 sync with translationproject.org 2014-02-11 09:55:33 -07:00
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
d748ebe48b Add some initprogname() calls to the test programs. 2014-02-08 06:24:01 -07:00
Todd C. Miller
8b94d558df regen 2014-02-07 15:15:09 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7a1cd11c0d Update copyright year. 2014-02-06 16:00:56 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
b299763e34 Don't warn about an insecure lecture dir twice. 
Display warnings in the user's locale.
 2014-02-06 15:46:27 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
efd31a31ec Add back boottime.lo 2014-02-03 08:08:54 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
a9a7768d56 regen 2014-02-02 05:23:54 -07:00
Todd C. Miller
32b897ac67 Restore warning when sudoers is unable to update the time stamp file. 2014-02-01 06:11:29 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
fb29e91ef0 Fix use of timestampowner in the new time stamp world order. Parent 
directories for timestampdir and lecture_dir are now created with
the execute bit set so that we can traverse them as non-root.
 2014-02-01 05:47:16 -07:00
Todd C. Miller
a2dc10ece7 Regen Makefiles. 2014-01-31 15:46:25 -07:00
Todd C. Miller
32b4713d6d sprinkle some debug printfs and add function header comments 2014-01-31 15:28:41 -07:00
Todd C. Miller
d7257a63e7 Properly handle the case where /var/run/sudo/ts doesn't exist. 2014-01-31 15:02:31 -07:00
Todd C. Miller
596fc68aca Warn on ftruncate failure(). 2014-01-30 16:24:48 -07:00
Todd C. Miller
63e7aa9942 Fix checking of lecture status. 2014-01-30 16:15:03 -07:00
Todd C. Miller
b813c4de48 Use sudo_timeval macros and remove compat macros from missing.h 2014-01-30 15:51:59 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00