isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

1767 Commits

Author SHA1 Message Date
Todd C. Miller
57553fffdd Rename VALIDATE_OK -> VALIDATE_SUCCESS 
Rename VALIDATE_NOT_OK -> VALIDATE_FAILURE
 2015-01-21 11:03:48 -07:00
Todd C. Miller
399d364a90 Remove now-unused VALIDATE_ERROR define. 2015-01-21 10:36:55 -07:00
Todd C. Miller
5415b3d2af should_mail() now returns bool. 2015-01-21 10:33:56 -07:00
Todd C. Miller
cb09010da5 Use standard CIDR -> netmask conversion and disallow 0-bit CIDRs. 2014-12-31 15:47:33 -07:00
Todd C. Miller
e0d927a98a sync 2014-11-20 13:34:17 -07:00
Todd C. Miller
c287419788 Require that a digest be specified with a real command, not an alias 
or pseudo-command.  Found via a crash by afl.
 2014-11-19 17:07:24 -07:00
Todd C. Miller
02b3fa2fdd French translation for sudoers from translationproject.org. 2014-11-19 15:20:11 -07:00
Todd C. Miller
bc6269e58b Prevent cppcheck from getting confused by our compat definition of 
the va_copy macro for pre-C99.
 2014-11-15 06:32:39 -07:00
Todd C. Miller
3870fdf622 Fix potential NULL pointer deref found by cppcheck. 2014-11-14 16:31:56 -07:00
Todd C. Miller
0c88ecd3bc Quiet a cppcheck false positive. 2014-11-14 16:31:30 -07:00
Todd C. Miller
b4432df5e2 Sync with translationproject.org 2014-11-10 12:37:58 -07:00
Todd C. Miller
832a4dee6b In set_fqdn() we neeed to set user_runhost/user_srunhost at the 
same time we set user_host/user_shost since that is what
hostlist_matches() uses.  Bug #678
 2014-11-12 20:33:41 -07:00
Todd C. Miller
5c13889f26 Use sudoers.so args from sudo.conf to set sudoers_file, sudoers_uid, 
sudoers_gid, and sudoers_mode in visudo.
 2014-11-10 20:12:47 -07:00
Todd C. Miller
9d4589abd0 Use sudoers_file, sudoers_uid, sudoers_gid, and sudoers_mode 
symbols from toke.l instead of the upper case defines.
 2014-11-10 15:23:51 -07:00
Todd C. Miller
04d803c79c Use SSP_LDFLAGS when creating shared objects. 2014-11-10 14:58:46 -07:00
Todd C. Miller
9d6e1a57d5 Add sudoers_debug_deregister() and use it instead of calling 
sudo_debug_deregister() directly.
 2014-10-27 16:06:20 -06:00
Todd C. Miller
0982f7838b Use AC_PROG_AWK 2014-10-27 14:54:13 -06:00
Todd C. Miller
6b1b734ffa Add a flag argument to sudo_conf_read() so we can decide which 
bits get parsed.  This lets us parse Debug statements first and
init the debug subsystem early.
 2014-10-26 08:33:08 -06:00
Todd C. Miller
34d9cfe1cf Initialize the debug subsystem in sudoers early. Currently this 
means iterating over the settings list twice.
 2014-10-24 12:50:12 -06:00
Todd C. Miller
4bf641df69 In the plugin registers with the debug framework at open time, the 
sudo front-end will now set the default debug instance appropriately
before calling into the plugin.  This means the plugin no longer needs
to do the sudo_debug_set_default_instance() dance.
 2014-10-24 11:17:48 -06:00
Todd C. Miller
6c6f502835 Older shells don't support unset. 2014-10-23 16:23:37 -06:00
Todd C. Miller
17a2a27e46 Use generic bitmap macros instead of select-style fd_set. 2014-10-23 14:37:27 -06:00
Todd C. Miller
935e48c6e4 Don't call into the debug subsystem after we've deregistered the 
plugin's instance.
 2014-10-23 13:42:50 -06:00
Todd C. Miller
3860552713 Fix typo in unset. 2014-10-23 09:50:29 -06:00
Todd C. Miller
fe9e035ccf Set debug instance for standalone programs. 2014-10-23 09:40:36 -06:00
Todd C. Miller
1ca52382a4 Fix compilation issues, fallout from the debug changes. 2014-10-23 09:26:13 -06:00
Todd C. Miller
6d2be1fd62 regen 2014-10-23 07:57:37 -06:00
Todd C. Miller
5270ebf1f2 When registering with the debug subsystem, the caller now passes 
in an arrary of ints that gets filled in with the subsytem IDs to
be used in debug_decl.
 2014-10-23 06:36:50 -06:00
Todd C. Miller
8db5f29398 sudoers_debug_instance is now included in libparsesudoers so we don't 
need to declare it here.
 2014-10-23 06:19:30 -06:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
f71d4abd7b Remove an unneeded NULL check to quiet a cppcheck warning. 2014-10-22 10:41:23 -06:00
Todd C. Miller
15f5af06d7 Set locale to C for visudo and testsudoers regression tests. 
Bug #672
 2014-10-14 08:54:23 -06:00
Todd C. Miller
38c7d7abc4 Fix logic bug. We only want to return -1 from linux_audit_open() 
when audit_open() fails and errno is not one of EINVAL, EPROTONOSUPPORT,
or EAFNOSUPPORT.  For those errno values, we return AUDIT_NOT_CONFIGURED
which is not a fatal error.  Bug #671
 2014-10-13 08:33:25 -06:00
Todd C. Miller
7a901d4c07 Apple uses a different variant of the BASH_FUNC prefix for bash 
functions.
 2014-10-10 13:55:36 -06:00
Todd C. Miller
1890f0fcd6 Fix debugging printout output for env_should_keep() 2014-10-07 10:11:08 -06:00
Todd C. Miller
79f4471e41 Move sudo_printf to policy.c to match sudo_conv. 2014-10-06 10:13:42 -06:00
Todd C. Miller
bd99dcc028 Add sudo_warn_set_conversation() to specify a conversation function 
to use for warn/fatal.  If no conversation function is specified,
the standard error will be used.  We now only need sudo_printf()
for things that use the parser.
 2014-10-05 16:41:52 -06:00
Todd C. Miller
0b0481fa36 Instead of building libutil statically for --disable-shared-libutil, 
just treat it as a convenience library.  Do the same with sudoers
for --enable-static-sudoers.  Fixes link errors on Solaris among
others when --disable-shared-libutil is used.
 2014-10-01 14:32:30 -06:00
Todd C. Miller
05d3a4c5e5 Remove LT_LDMAP and LT_LDOPT and just use LT_LDEXPORTS for the 
compiler-specific option to restrict symbol exporting.
 2014-10-01 13:24:57 -06:00
Todd C. Miller
c823eb3ef9 Add BASH_FUNC_* to environment blacklist for newer-style bash functions. 2014-09-27 19:52:45 -06:00
Todd C. Miller
496c2e287b Add a space after "Password:" in default password prompt so it is 
easier to read when pwfeedback is enabled.
 2014-09-27 10:24:19 -06:00
Todd C. Miller
b7444e0f83 Simplify how we count the password tries 2014-09-27 10:17:21 -06:00
Todd C. Miller
355834c76a Block SIGINT and SIGQUIT while verifying passwords so that 
authentication modules that use sleep() are not interrupted.
If the user interrupted authentication, exit the loop.
 2014-09-27 10:16:31 -06:00
Todd C. Miller
d28c525ede If all authentication methods fail init/setup, fail with an error. 2014-09-26 20:55:19 -06:00
Todd C. Miller
4105734743 Move pass_warn() so that it is defined before it is called(). 2014-09-26 20:39:40 -06:00
Todd C. Miller
ae137ba557 Sync with translationproject.org 2014-09-17 10:12:12 -06:00
Todd C. Miller
09a876ceda Make sure we can't insert an nss entry in the list that has already 
been used before.
 2014-09-16 14:15:30 -06:00
Todd C. Miller
e7de8f66ff Use correct gettext macro with sudo_warnx() 2014-09-16 14:01:02 -06:00