isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
798e82bd61 Fix newly introduced use after frees found by llvm checker. 2013-10-22 10:43:15 -06:00
Todd C. Miller
b38d253e98 Add "headless" tail queues and use them in place of the semi-circular 
lists in sudoers.  Once the headless tail queue is built up it is
converted to a normal TAILQ.  This removes the last consumer of
list.c and list.h so those can now be removed.
 2013-10-22 09:08:38 -06:00
Todd C. Miller
f85106ea67 Use SLIST and STAILQ macros instead of doing headless singly linked 
lists manually.  As a bonus we now use a tail queue for ldap.c and
sudoreplay.c.
 2013-10-22 09:08:09 -06:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
fe0e953e9b Fix AND operator broken by changes to fix OR. 2013-10-21 16:00:29 -06:00
Todd C. Miller
2c8d5add86 Fix OR operator. 2013-10-19 16:59:08 -06:00
Todd C. Miller
79acd5db49 Simple event subsystem that uses poll() or select(). Basically a 
simplied subset of libevent2.  Currently only fd events are supported
(since that's all we need).  The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
 2013-10-12 05:53:43 -06:00
Todd C. Miller
020fb00948 When checking for unused Runas_Aliases, count those used as part 
of a Runas Group too.  Fixes a false positive warning.
 2013-10-04 16:22:25 -06:00
Todd C. Miller
fc332461ed Rebuild message catalog files. 2013-09-29 15:04:11 -06:00
Todd C. Miller
4b10880f82 Sync with translationproject.org 2013-09-18 11:49:24 -06:00
Todd C. Miller
9a657e884d Change "next" back to 2. In the context of "next Friday" we really 
do want the friday of the upcoming (not current) week.  Unfortunately,
this means that things like "next week" and "next year" will match
one more than we really want.  Fixing this will require some fairly
major changes to the grammar.
 2013-09-18 11:48:26 -06:00
Todd C. Miller
5d56fd5f83 Remove extraneous $$CWD; from Bdale Garbee 2013-09-11 11:15:47 -06:00
Todd C. Miller
e59d5624d9 Make "this" and "next" qualifiers work a bit better. There is still 
room for improvement as "this week" will use the current time instead
of the beginning of the week.  That's a separate issue though.
 2013-09-09 16:41:27 -06:00
Todd C. Miller
bd52869056 Be specific that we are talking about the Unix epoch; bug #615 2013-09-03 14:50:28 -06:00
Todd C. Miller
6b0a909d9a Do not use "setup" as a verb; bug #614 2013-09-03 14:47:34 -06:00
Todd C. Miller
6b57ef4f6d Fix logic goof when checking open() status. 2013-09-03 11:24:31 -06:00
Todd C. Miller
13fd13e17c Sync with translationproject.org 2013-09-03 09:40:53 -06:00
Todd C. Miller
b2d0bdee20 Work around a bug in sudo 1.8.7 timing files where the indexes are 
off by two.
 2013-09-03 09:39:35 -06:00
Todd C. Miller
422115d728 Repair writing of the I/O log file indices broken in sudo 1.8.7. 2013-09-03 09:22:44 -06:00
Todd C. Miller
de566ac2ce Fix setting of quiet flag when -q / --quiet is specified. 
Do not print "sudoers: parsed OK" in quiet mode.
 2013-08-26 14:40:25 -06:00
Todd C. Miller
316fe36126 Updated translations from translationproject.org 2013-08-26 07:04:49 -06:00
Todd C. Miller
3389108f10 Don't allow root to change its SELinux role without a password. 
Bug #611
 2013-08-26 07:04:19 -06:00
Todd C. Miller
6d1ee8cf23 Updated translations from translationproject.org 2013-08-21 10:10:48 -06:00
Todd C. Miller
925984d888 Fix error display from ldap_ssl_client_init(). There are two error 
codes.  The return value can be decoded via ldap_err2string() but the
ssl reason code cannot (you have to look it up in a table online).
 2013-08-17 07:08:20 -04:00
Todd C. Miller
e507c05bbf Fix typo in comment. 2013-08-19 09:19:52 -06:00
Todd C. Miller
e54f11ae47 Fix comment. 2013-08-19 09:19:24 -06:00
Todd C. Miller
bd589f2342 Quiet some gcc -Wformat=2 false positives 2013-08-19 06:39:33 -06:00
Todd C. Miller
ebbdee421a Remove now-obsolete arg to env_merge() 2013-08-18 14:33:35 -06:00
Todd C. Miller
ffef732acb Updated translations from translationproject.org 2013-08-18 14:25:23 -06:00
Todd C. Miller
0f091f478b Add __printflike to audit_failure. 2013-08-18 14:21:29 -06:00
Todd C. Miller
7a76844d98 When merging the PAM environment, allow environment variables set 
in PAM to override ones set by sudo as long as they do not match
the env_keep or env_check lists.
 2013-08-17 06:34:09 -06:00
Todd C. Miller
f72f47aa1d Call pam_getenvlist() after we've opened the session to get the 
session-specific environment variables.
 2013-08-17 06:22:46 -06:00
Todd C. Miller
082c73338a regen 2013-08-16 10:18:34 -06:00
Todd C. Miller
acac6ae2a8 Use lower case for the long option arguments to match the manual. 
This is inconsistent with GNU but it is better to match the sudo
documentation.
 2013-08-16 10:17:47 -06:00
Todd C. Miller
b8d539984f Use strtol() instead of atoi() and perform error checking 
of parameters passed from the sudo front-end.
 2013-08-15 16:20:15 -06:00
Todd C. Miller
91ec1c476c It is not possible for auth to be NULL here. 2013-08-15 15:22:50 -06:00
Todd C. Miller
ea65c82b66 Initialize user_runhost and user_srunhost to user_host and user_shost 
in visudo and testsudoers.
 2013-08-15 14:26:51 -06:00
Todd C. Miller
99352d6738 Rename error.h -> fatal.h now that there is no error() function. 2013-08-15 14:24:29 -06:00
Todd C. Miller
1b39c3758d Need to include gettext.h for BSM audit. 2013-08-15 13:36:25 -06:00
Todd C. Miller
85fc5792d4 Change some fatalx(NULL) that should be fatal(NULL). 2013-08-15 13:06:49 -06:00
Todd C. Miller
2f251caf47 Fix compilation on Solaris 11. 2013-08-15 10:39:40 -06:00
Todd C. Miller
251c79a77b Add missing missing.h 2013-08-15 10:08:27 -06:00
Todd C. Miller
c376c71618 Move the -C (user_closefrom) check until after set_cmnd() so that 
closefrom_override can be used in a command-specific Defaults line.
Fixes bug #610 from Mengtao Sun.
 2013-08-15 09:56:17 -06:00
Todd C. Miller
d0e3867587 Add limited support for "sudo -l -h other_host". Since group lookups 
are done on the local host, rules that use group membership may be
incorrect if the group database is not synchronized between hosts.
 2013-08-14 13:49:14 -06:00
Todd C. Miller
8b1d645534 Simplify usage messages a bit and make --help output more closely 
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
 2013-08-14 10:30:51 -06:00
Todd C. Miller
91e66c481f Fix setting of mailer argv[0] to basename of mailerpath. 
No need to strdup() mailerpath as it is not modified.
 2013-08-13 14:53:55 -06:00
Todd C. Miller
04b290e385 Make sure the mailer exists and is a regular file before trying 
to exec it.
 2013-08-13 14:48:24 -06:00
Todd C. Miller
39d630f2f2 If tty_tickets are enabled but there is no tty, use a ticket file 
based on the parent pid.
 2013-08-13 12:55:17 -06:00
Todd C. Miller
9b2fb418ca Don't allow max_groups to be set to zero, it just complicates things 
needlessly.  Fixes an assertion in visudo when there is a group-based
Defaults entry.
 2013-08-12 09:14:38 -06:00
Todd C. Miller
8b4fbc5cc0 Refactor code to parse list of gids into its own function that is 
shared by the sudo front-end and the sudoers module.
Make uid/gid parse error be fatal, not just a warning.
 2013-08-08 11:40:36 -06:00