isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,590 Commits 1 Branch 0 Tags
a61c1806a61812e0894c4ca2d511e43e840d6e36
Commit Graph

209 Commits

Author SHA1 Message Date
Todd C. Miller
3fe7ac2b95 Make get_timestr() take a time_t so we can use it properly in 
sudoreplay.
 2009-09-17 09:55:08 +00:00
Todd C. Miller
28b3a18137 Move get_timestr() into its own source file so sudoreplay can use it. 2009-09-16 11:48:34 +00:00
Todd C. Miller
0040571c97 ID= -> TSID= for transcript ID 2009-09-07 14:18:06 +00:00
Todd C. Miller
6184eb9461 Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps 
should be SESSIONID or SESSID.
 2009-08-30 15:18:50 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
755a81e946 Add option for set_perm to not exit on failure and use this in 
the logging routines.
 2009-05-10 11:52:13 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
4afceb8e92 Zero out sigaction_t before use in case it has non-standard entries. 2008-11-02 14:45:31 +00:00
Todd C. Miller
ca6eddf0df Replace the double fork with a fork + daemonize. 2008-06-22 20:19:42 +00:00
Todd C. Miller
5756ddfbeb Change how the mailer is waited for. Instead of having a SIGCHLD 
handler, use the double fork trick to orphan the child that opens
the pipe to sendmail.  Fixes a problem running su on some Linux distros.
 2008-06-21 00:34:47 +00:00
Todd C. Miller
552eca0d0f Ignore SIGPIPE instead of blocking it when piping to the mailer. If we 
only block the signal it may be delivered later when we unblock.
Also, there is no need to block SIGCHLD since we no longer do the
double fork.  The normal SIGCHLD handler is sufficient.
 2008-06-11 01:13:39 +00:00
Todd C. Miller
b7b807e107 Block SIGPIPE in send_mail() so sudo is not killed by a problem 
executing the mailer.
 2008-03-17 15:09:38 +00:00
Todd C. Miller
0f9e7f96f4 Add mailfrom Defaults option that sets the value of the From: 
field in the warning/error mail.  If unset the login name of
the invoking user is used.
 2008-03-05 21:52:19 +00:00
Todd C. Miller
04bb8f00fc Remove dependence on VALIDATE_NOT_OK in logging functions. 
Split log_auth() into log_allowed() and log_denial()
Replace mail_auth() with should_mail() and a call to send_mail()
 2008-02-13 12:28:37 +00:00
Todd C. Miller
e6d707b2d3 allocate proper amount of space for error string 2007-12-31 19:13:06 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
a766300007 Set aux group vector for PERM_RUNAS and restore group vector for 
PERM_ROOT if we previously changed it.  Stash the runas group vector
so we don't have to call initgroups more than once. Also add no-op
check to check_perms.
 2007-11-25 13:07:21 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
8ff6b6ccaa Refactor log line generation in to new_logline(). 2007-11-04 13:33:18 +00:00
Todd C. Miller
bcdddfc054 remove an ANSI-ism that crept in 2007-08-08 20:07:33 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
c225668972 Treat USERNAME environemnt variable like LOGNAME/USER 2007-06-18 21:23:48 +00:00
Todd C. Miller
49cb30aa5b Redo the long syslog line splitting based on a patch from Eygene Ryabinkin. 
Include memrchr() for systems without it.
 2007-06-14 16:06:25 +00:00
Todd C. Miller
832f4c3768 Restore signal mask before calling reapchild(). Fixes a possible race 
condition that could prevent sudo from properly waiting for the child.
 2007-02-06 18:23:45 +00:00
Todd C. Miller
9d6695ed43 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834. 2006-12-11 18:21:29 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
e7dcda7920 Make varargs usage consistent with the rest of the code. 2005-03-11 01:57:44 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
dfccf19338 g/c pwcache_init/pwcache_destroy 2005-01-05 19:43:36 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
051a2110a4 Add closefrom sudoers option to start closing at a point other than 3. 
Add closefrom_override sudoers option and -C sudo flag to allow the
user to specify a different closefrom starting point.
 2004-12-16 18:33:49 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that 
set/end the shadow password file too.
 2004-11-15 04:06:16 +00:00
Todd C. Miller
541908f1bd A user can always list their own entries, even with -u. 
Better error message when failing to list another user's entries.
 2004-11-11 17:22:30 +00:00
Todd C. Miller
4549980664 Convert some bitwise AND to ISSET 2004-10-26 22:39:35 +00:00
Todd C. Miller
899e22194e Add NO_STDERR flag. 2004-10-26 22:20:18 +00:00
Todd C. Miller
b0a49825eb Preliminary changes to support nsr-tandem-nsk. Based on patches from 
Tom Bates.
 2004-05-17 20:08:46 +00:00
Todd C. Miller
3a2282c927 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
e987e1152b Don't truncate usernames to 8 characters in the log message. 2004-01-05 01:16:24 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
27ad285a03 Also exit waitpid() loop when pid == 0. Fixes a problem where the sudo 
process would spin eating up CPU until sendmail finished when it has
to send mail.
 2003-06-09 20:07:56 +00:00
Todd C. Miller
a76a79f6d7 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00