isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,902 Commits 1 Branch 0 Tags
a62cd4b4fe25eda6f99d73d7277a6db90a36337c
Commit Graph

8902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a62cd4b4fe If passwd_tries is less than 1, check_user() will always return 
false (since the user didn't authenticate).  The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user.  If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().

An alternate approach would be for check_user() to return true
in this case but seems more confusing.
 2017-11-14 13:58:35 -07:00
Todd C. Miller
4e8c037f22 Document bash shell alias issue with "sudo -i". 2017-10-22 06:54:41 -06:00
Todd C. Miller
53a8ad7120 Return an error if the sudo front end doesn't set the user name, user ID, 
group ID or host name.  Bug #807
 2017-10-20 07:55:48 -06:00
Todd C. Miller
2c45774a35 Treat an empty hostname as a failure and return NULL. 2017-10-20 07:37:40 -06:00
Todd C. Miller
740c619d33 Add support for #include and #includedir from Natale Vinto. 2017-10-17 14:28:38 -06:00
Todd C. Miller
c017741589 Minor corrections from Tae Wong 2017-10-14 16:24:10 -06:00
Todd C. Miller
cece54ae85 Add a warning that for "sudo -i command" and "sudo -s command" the 
shell is not run in interactive mode which may change its behavior.
 2017-10-12 10:07:46 -06:00
Todd C. Miller
3b88cdfcd8 Fix stair-stepped output when the output of a sudo command is piped 
to another command and use_pty is set.
 2017-09-26 14:21:11 -06:00
Todd C. Miller
1051cf1e6f env_keep and env_check are also taken into account with "sudo -i". 
Bug #806
 2017-09-26 13:08:57 -06:00
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
dcb887807e Add missing translators from recent updates and one name change. 2017-09-14 11:05:41 -06:00
Todd C. Miller
9ab1c9935d sync with translationproject.org 
* * *
sync with translationproject.org
 2017-09-07 15:47:09 -06:00
Todd C. Miller
7e78fbccfd More accurately describe the use_pty option now that its behavior 
has changed with respect to interposition with a pipe.
Also describe some caveats with log_input.
 2017-09-07 14:59:37 -06:00
Todd C. Miller
b4f4bb3345 Document changes in use_pty behavior when no terminal is present. 2017-09-07 14:58:34 -06:00
Todd C. Miller
8949992040 Set ec->cmnd_pid to the correct value when receiving the command's 
process ID from the monitor.
 2017-09-07 13:22:10 -06:00
Todd C. Miller
84af812b8c If /dev/tty is not available and no I/O logging plugins are configured, 
fall back on exec_nopty() even if the policy plugin requested a pty.
We never allocate a pty when sudo is not run from a terminal anyway.
 2017-09-07 11:32:30 -06:00
Todd C. Miller
2c2476f07f Do not set utmp_user if we did not actually allocate a pty. 2017-09-07 11:00:19 -06:00
Todd C. Miller
87eba6c892 sudo 1.8.21p2 2017-09-06 21:02:11 -06:00
Todd C. Miller
d85056d95f sudo_terminated() should not return true when SIGCHLD is pending. 
Bug #801
 2017-09-06 16:08:23 -06:00
Todd C. Miller
4b5aeefebc Set SIGCHLD handler to SIG_DFL before forking the askpass command 
and restore after.  Otherwise, SIGCHLD will end up in the list of
pending signals and sudo_execute() will not execute the command.
 2017-09-06 15:59:37 -06:00
Todd C. Miller
fdff345e0f The read and write sides of signal_pipe[] were swapped, resulting 
in EBADF reading from and writing to the signal pipe on Linux and
probably others.  On systems with bidirectional pipes this was not
an issue.
 2017-09-06 12:29:36 -06:00
Todd C. Miller
8e021c39fa Fix a logic error in 96651906de42 which prevented sudo from using 
the PAM-supplied prompt.  Bug #799
 2017-09-05 09:30:19 -06:00
Todd C. Miller
f5425a80a2 Sudo 1.8.21p1 2017-09-01 14:09:43 -06:00
Todd C. Miller
171512b173 The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf. 2017-09-01 13:59:45 -06:00
Todd C. Miller
06d52c97c2 The fix for matching when no sudoRunAsUser is present in a sudoRole 
was incomplete.  If no -g option was specified on the command line
but sudoRunAsGroup is present in a sudoRole, we need to treat the
group match as failed instead of missing.
 2017-09-01 11:36:15 -06:00
Todd C. Miller
507ab6fdcd Sprinkle a few more debugging printfs. 2017-09-01 09:22:31 -06:00
Todd C. Miller
e100259619 Fix replaying sessions that contain input logs. When the inter-record 
timeout expires we need to read the next record if there is nothing
to output.
 2017-09-01 09:00:17 -06:00
Todd C. Miller
447c2c7e8c regen 2017-09-01 06:01:08 -06:00
Todd C. Miller
7652dad0d6 Fix typo (Auguest vs. August). From David Pocock. 2017-09-01 06:00:48 -06:00
Todd C. Miller
d5c41ae373 Go back to returning true from display_privs() on non-error. This 
results in "sudo -U otheruser -l" exiting with a status of 0 even
when otheruser is not allowed to run commands.  This is appropriate
since the "sudo -l" command was successful.  This does not change
the exit value when otheruser runs "sudo -l" themselves, the exit
status will be 1 since that user is not allowed to run commands.
Requested by Radovan Sroka.
 2017-08-31 11:29:19 -06:00
Todd C. Miller
5cdee2c2c0 Fix the pass2 ldap query string when no search filter is defined. 
Due to the addition of "(sudoUser=*)" to the query we always need
the AND operator, even if no search filter is present.
 2017-08-31 11:05:48 -06:00
Todd C. Miller
c3d098254d Don't forward SIGINFO to the child when it is send by the kernel 
(not another user process).  This is consistent with the handling
of other keyboard-generated signals such as SIGINT, SIGQUIT and
SIGTSTP.  Bug #796
 2017-08-29 08:58:14 -06:00
Todd C. Miller
0d31a1c302 Fix path to LICENSE and NEWS files that get used in the installer. 
Previously, the installed versions were used instead of the ones
in the destdir.
 2017-08-23 11:54:13 -06:00
Todd C. Miller
0d243a882e sync with translationproject.org 2017-08-20 19:07:07 -06:00
Todd C. Miller
b7b00c26db sync with translationproject.org 2017-08-18 10:00:27 -06:00
Todd C. Miller
b45d73acb4 sync with translationproject.org 2017-08-12 15:29:35 -06:00
Todd C. Miller
159f89f0de Preserving environment variables on the command line was bug #279 2017-08-11 09:50:07 -06:00
Todd C. Miller
a01bbfacf4 Add Friulian translation for sudo from Fabio Tomat via translationproject.org 2017-08-10 10:14:57 -06:00
Todd C. Miller
6696653e4f sync with translationproject.org 2017-08-08 06:50:24 -06:00
Todd C. Miller
54860cf7f5 In the Runas example that uses "boulder" make it clear that "boulder" 
is a host name.
 2017-08-04 14:55:03 -06:00
Todd C. Miller
deaeffe73a regen 2017-08-03 10:06:16 -06:00
Todd C. Miller
c18dde2350 Allow the user to specify a list of environment variables to preserve. 
This adds an option paramter to the --preserve-env option, a
comma-separated list of variable names.
 2017-08-03 07:32:24 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
c3b3e501b9 regen 2017-08-01 15:45:20 -06:00
Todd C. Miller
48459292ff Don't send email about an unresolvable host name if fqdn is 
enabled and the user specified the run host via the -h flag.
 2017-08-01 13:45:32 -06:00
Todd C. Miller
5ab1d724a9 fix playback of stdout/stderr without embedded carriage returns 2017-07-31 10:44:39 -06:00
Todd C. Miller
98369bf985 Avoid unused variable warning when sasl is not used. 2017-07-28 14:05:54 -06:00
Todd C. Miller
beece91719 Add support for --enable-sasl and --disable-sasl to make it possible 
to enable/disable support for LDAP with SASL authentication.  Sudo
compiles in support for SASL authentiation by default if the
ldap_sasl_interactive_bind_s() function is detected.
Bug #788
 2017-07-28 13:52:55 -06:00
Todd C. Miller
ad81862b07 List the correct pattern ("*=()*") in the env_delete description. 
Use pseudo-tty instead of pseudo terminal for consistency.
 2017-07-28 09:50:12 -06:00
Todd C. Miller
5a6b8a78f1 Include pathnames.h for /dev/fd on FreeBSD and Mac OS X. 2017-07-27 20:51:21 -06:00