isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,947 Commits 1 Branch 0 Tags
a0f80d6581297534359a32fba5c1b941a9d30a54
Commit Graph

210 Commits

Author SHA1 Message Date
Todd C. Miller
a0f80d6581 rename lh_ -> tq_ 2007-09-11 19:42:48 +00:00
Todd C. Miller
21f0ea4d68 Each entry in a cmndlist now has an associated runaslist 
so no need to keep track of the most recent non-NULL one.
 2007-09-05 18:45:26 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
10e5d4e708 Use LH_FOREACH_REV when checking permission and short-circuit on 
the first non-UNSPEC hit we get for the command.  This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
 2007-08-31 01:21:26 +00:00
Todd C. Miller
d1dbe2ecee Change list head macros to take a pointer, not a struct. 2007-08-31 01:12:50 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
a05abf5c88 Fix pasto, append "!" not negated (which is an int) for sudo -l output. 2007-08-30 17:12:00 +00:00
Todd C. Miller
340831499a Use lbuf_append_quoted() for sudo -l output to quote characters that 
would require quoting in sudoers.
 2007-08-22 22:32:00 +00:00
Todd C. Miller
c6cf39cdfd If a Defaults value contains a blank, double-quote the string. 2007-08-20 23:24:31 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings 
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
 2007-08-19 20:48:09 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
994036cf0d Fix some spacing in "sudo -l" and add a comment about some bogosity 
in the line wrapping.
 2007-08-15 17:49:52 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
c939690786 Deal with OSes where sizeof(gid_t) < sizeof(int). 2007-08-14 19:27:27 +00:00
Todd C. Miller
888540a7be Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return 
value from {user,host,runas,cmnd}_matches().
Rename *matches variables -> *match.
Purely cosmetic.
 2007-07-08 13:43:07 +00:00
Todd C. Miller
1e9030d951 Move setting of FLAG_NO_CHECK into the if(pwflag) block. 
No change in behavior.
 2007-07-08 13:30:07 +00:00
Todd C. Miller
a26c783bea Make pwcheck local to the pwflag block. 
Use pwcheck even if user didn't match since Defaults options may still apply.
 2007-07-06 19:51:03 +00:00
Todd C. Miller
7f0bb4b1a8 Make matching but negated commands/hosts/runas entries override a 
previous match as expected.  Also reduce some levels of indent by
a few placed continue statements.
 2007-07-06 00:20:51 +00:00
Todd C. Miller
bdd5b43f75 Print default runas in "sudo -l" if sudoers don't specify one. 2007-07-05 20:34:00 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
98931e0f8f don't call sudo_ldap_display_cmnd if ldap not setup 2005-06-23 03:19:00 +00:00
Todd C. Miller
7ce5994d6c include grp.h to silence a warning on Solaris 2005-04-24 23:22:19 +00:00
Todd C. Miller
f1a0953085 Fix printing of += and -= defaults. 2005-04-23 19:10:16 +00:00
Todd C. Miller
f261a99f22 In -l mode, only check local sudoers file if def_ignore_sudoers is not set 
and call LDAP versions from display_privs() and display_cmnd() instead
of directly from main().  Because of this we need to defer closing
the ldap connection until after -l processing has ocurred and we
must pass in the ldap pointer to display_privs() and display_cmnd().
 2005-04-12 01:37:08 +00:00
Todd C. Miller
d0df82a93a Add macro to test if the tag changed to improve readability. 2005-04-10 21:44:27 +00:00
Todd C. Miller
ce7708e09a Avoid printing defaults header if there are no defaults to print... 2005-04-10 21:40:41 +00:00
Todd C. Miller
9efe91fa1e Move initgroups() for -U option into display_privs() so group matching 
in sudoers works correctly.
 2005-03-29 03:33:05 +00:00
Todd C. Miller
61413ca509 Add missing space in Defaults printing 2005-03-27 01:01:02 +00:00
Todd C. Miller
f35ff3e327 make this build in K&R land 2005-03-10 14:51:48 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
ed4df3a948 Print Defaults info in "sudo -l" output and wrap lines based on the 
terminal width.
 2005-01-02 00:31:08 +00:00
Todd C. Miller
5f06b19a6e Add -U option to use in conjunction with -l instead of -u. 
Add support for "sudo -l command" to test a specific command.
 2004-11-24 21:31:51 +00:00
Todd C. Miller
9c526bdc30 Correctly handle multiple privileges per userspec and runas inheritence. 2004-11-23 23:18:15 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c3cff1704 Check def_authenticate, def_noexec and def_monitor when setting return flags. 
XXX May be better to just set the defaults directly and get rid of those flags.
 2004-11-19 19:46:55 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
74169a83e0 Expand aliases in "sudo -l" mode 2004-11-15 18:00:29 +00:00
Todd C. Miller
541908f1bd A user can always list their own entries, even with -u. 
Better error message when failing to list another user's entries.
 2004-11-11 17:22:30 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
5becc03851 Rewritten parser that converts sudoers into a set of data structures. 
This eliminates ordering issues and makes it possible to apply
sudoers Defaults entries before searching for the command.
 2004-10-26 22:10:55 +00:00
Todd C. Miller
1b06f3e81d Use glob(3) instead of fnmatch(3) for matching pathnames and stat each 
result that matches the basename of the user's command.  This makes
"cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah.
Fixes bug #143.
 2004-10-07 18:52:51 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
db2a97fd0a More scaffolding for dealing with multiple sudoers files: 
o init_parser() now takes a path used to populate the sudoers global
 o the sudoers global is used to print the correct file in yyerror()
 o when switching to a new sudoers file, perserve old file name and line number
 2004-09-28 18:31:24 +00:00
Todd C. Miller
4b75a03343 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so 
we start at the right file position when reading include files.
 2004-09-28 17:52:59 +00:00
Todd C. Miller
e3391d597b Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE 2004-09-24 17:15:51 +00:00
Todd C. Miller
0c2be08089 Don't close sudoers_fp, keep it open and set close on exec flag instead. 2004-09-24 17:13:24 +00:00
Todd C. Miller
f30ab72c44 Add cmnd_base to struct sudo_user and set it in init_vars(). 
Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
 2004-08-24 18:01:14 +00:00