isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
2508da6f68 Better match debugging. 
Sprinkle const in match functions.
 2013-12-05 14:34:56 -07:00
Todd C. Miller
9e964a8c0e sudo_sss_filter_user_netgroup(): fix comment typos, break out of loop 
early if we match ALL or netgroup.
 2013-12-03 15:47:45 -07:00
Todd C. Miller
302d3273a8 When filtering netgroups, use the passwd struct stashed in the handle, 
not user_name since we may be listing another users privileges.
 2013-12-03 15:39:12 -07:00
Todd C. Miller
f477b343fe Avoid passing NULL domainname to sudo_debug_printf(). 2013-12-03 15:15:12 -07:00
Todd C. Miller
878ddb1788 Use atoid() instead of atoi() when parsing uids/gids so we get 
proper range checking.
 2013-12-03 14:33:26 -07:00
Todd C. Miller
f56eca8051 Add user netgroup filtering for SSSD. Previously, rules for a 
netgroup were applied to all even when they did not belong to the
specified netgroup.  RedHat Bugzilla 880150.
 2013-12-03 14:19:37 -07:00
Todd C. Miller
543d3b701e Fix several issues found by the clang static analyzer; Daniel Kopecek 2013-12-03 14:10:11 -07:00
Todd C. Miller
0d81263e26 Instead of setprogname(), add initprogname() which gets the program 
name for getprogname() using /proc or pstat() if possible.
 2013-12-01 19:12:21 -07:00
Todd C. Miller
fdf56ee940 Sync with translationproject.org 2013-11-30 15:19:19 -07:00
Todd C. Miller
188e921560 Add missing newline in help message after export option. 2013-11-28 06:08:08 -07:00
Todd C. Miller
4247c1741b Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it 
in Makefile.in so we can make it last.  Fixes a linking problem on
Ubuntu precise.
 2013-11-26 07:15:55 -07:00
Todd C. Miller
58a0540b96 Regen for sudo 1.8.9b1 2013-11-24 16:37:32 -07:00
Todd C. Miller
12f3bdf60e Add wrapper functions for dlopen() et al so that we can support 
statically compiling in the sudoers plugin but still allow other
plugins to be loaded.  The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary.  This does not prevent other plugins from being
loaded as per sudo.conf.
 2013-11-22 16:35:15 -07:00
Todd C. Miller
0fb17059a6 Handle non-unix groups correctly. Get rid of runasuser and runasgroup 
types and use username and usergroup instead.  The fact that the user
or group is inside a Runas_List doesn't affect its underlying type.
 2013-11-21 09:45:55 -07:00
Todd C. Miller
bf700fdd58 Simplify Defaults list option object. The name and value strings 
are superfluous.
 2013-11-20 14:35:35 -07:00
Todd C. Miller
ba40be9dd2 Define RTLD_GLOBAL for older systems without it. Bug #621 2013-11-20 07:22:10 -07:00
Todd C. Miller
054a94e6c9 Add definition of U_ for --disable-nsl 
Don't define warning_gettext if --disable-nsl
Bug #621; from Daniel Richard G.
 2013-11-19 09:45:13 -07:00
Todd C. Miller
0a7ebf8b23 When merging Defaults entries we need to check the type of the 
next entry and not just assume it is the same as the previous one.
 2013-11-18 16:59:02 -07:00
Todd C. Miller
f16ce9714d runasgroups not runasgroup in the Cmnd_Spec. 2013-11-18 16:28:10 -07:00
Todd C. Miller
a1b1c80b26 Fix some syntax errors and change how lists are handled. 2013-11-18 12:00:44 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
99b7351de0 Fix some #if vs. #ifdef and remove an extraneous semicolon. 
Bug #624; from Daniel Richard G.
 2013-11-17 16:15:36 -07:00
Todd C. Miller
6c71ad5c15 Add debug_return_const_str and debug_return_const_ptr for returning 
a const string or pointer.  Using const for the normal versions
produces warnings with the Tru64 compiler.
 2013-11-17 16:11:39 -07:00
Todd C. Miller
7017c904c1 log_{fatal,warning} now logs to the debug file itself. 
log_{fatal,warning} now calls warningx2() after setting the
locale itself instead of using the wrapper macros.
This removes the only use of warningx(ngettext(...)).
 2013-11-16 09:21:43 -07:00
Todd C. Miller
6d8b078e2b Add support to visudo to export sudoers in JSON format. 2013-11-15 15:11:55 -07:00
Todd C. Miller
bba91c008b Remove unused digest field from struct cmndspec, the digest really 
lives in struct sudo_command.
 2013-11-13 16:17:16 -07:00
Todd C. Miller
69f7ed79c2 Add regress test for bug #623 2013-11-12 09:50:36 -07:00
Todd C. Miller
a3aa40b0fe Cope with a comment on the last line of the file with no newline. 
Bug #623
 2013-11-12 09:36:39 -07:00
Todd C. Miller
702ec173de Move va_copy compat macro to missing.h 2013-11-11 14:35:10 -07:00
Todd C. Miller
87e1ae76af Uniquify header dependencies so we don't end up with duplicates 
when a header file includes other headers.  The header dependencies
are sorted so the generated order is stable.
 2013-11-11 13:53:06 -07:00
Todd C. Miller
906eba927e Fix pasto 2013-11-11 12:47:29 -07:00
Todd C. Miller
e8dac0e4ab regen 2013-11-04 10:30:12 -07:00
Todd C. Miller
8e503a229f Fix warnings from -Wold-style-definition 2013-11-04 06:26:37 -07:00
Todd C. Miller
1202e54cd9 Fix sign comparison warning. 2013-10-30 14:27:50 -06:00
Todd C. Miller
9f761dc44c Fix potential NULL dereference in non-interactive mode. 2013-10-30 10:21:02 -06:00
Todd C. Miller
abe0314e01 SIGKILL is not catchable 2013-10-29 14:20:43 -06:00
Todd C. Miller
449c4a290a Add sudo_ev_get_timeleft() to get the amount of time left before 
an event times out and use it in sudoreplay.
 2013-10-29 08:16:42 -06:00
Todd C. Miller
f4cd08ef63 If the user presses <return> or <enter> in sudoreplay, skip to the 
next event.  Useful for skipping past long pauses in the data.
 2013-10-28 17:01:23 -06:00
Todd C. Miller
b8f5d3edf7 Move session replay into its own function. 2013-10-28 14:44:50 -06:00
Todd C. Miller
8861e01d16 Add support for libevent-style timed events. Adding a timed event 
is currently O(n).  The only consumer of timed events is sudoreplay
which only used a singled one so O(n) == O(1) for now.  This also
allows us to remove the nanosleep compat function as we now use a
timeout event instead.
 2013-10-28 10:00:09 -06:00
Todd C. Miller
e2bfbe6039 If user specified start_tls and ldaps, display a warning and ignore 
start_tls.  There's no reason to make this a fatal error.
 2013-10-24 15:40:02 -06:00
Todd C. Miller
38a5b0a655 Should not attempt start_tls on an ldaps connection. 2013-10-24 07:16:57 -06:00
Todd C. Miller
548efb83da Fix sign compare warning. 2013-10-23 16:18:28 -06:00
Todd C. Miller
0817429583 More sign compare fixes. On Solaris id_t is signed so use uid_t 
in the set_perms.c ID macro instead.
 2013-10-23 15:19:41 -06:00
Todd C. Miller
07a804caf3 Quiet sign comparision warnings. 2013-10-23 15:03:31 -06:00
Todd C. Miller
994879c044 Ignore SIGPIPE when connecting to the LDAP server so we can get a 
proper error message with the IBM LDAP libs.  Also return LDAP_SUCCESS
instead of 0 from most sudo_ldap_* functions that return an int.
 2013-10-23 11:15:24 -06:00
Todd C. Miller
340fc0a583 Quiet compiler warnings. 2013-10-23 09:43:36 -06:00
Todd C. Miller
29361ec003 sudo_ldap_parse_uri() should join multiple URIs in the string list 
together but it was clearing the host entry each time through the
loop.  Fixes a bug with multiple URI entries in ldap.conf where
only the last one was being honored.
 2013-10-22 16:52:23 -06:00
Todd C. Miller
e8ce021e7d Quiet some llvm check false positives. The common idiom of using 
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in
a TAILQ confuses llvm.  Use TAILQ_FOREACH_SAFE instead (which is
probably faster anyway).
 2013-10-22 14:58:00 -06:00
Todd C. Miller
65c6f34aa4 If pam_open_session() fails don't call pam_getenvlist() with a NULL 
pam handle.
 2013-10-22 14:47:51 -06:00