isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,234 Commits 1 Branch 0 Tags
aa54053ad1d58fbd877d075879f9660c7732cef0
Commit Graph

489 Commits

Author SHA1 Message Date
Todd C. Miller
aa54053ad1 Don't try to read from a zero-length sudoers file. Remove the bogus 
Solaris work-around for EAGAIN.  Since we now use fgetc() it should
not be a problem.
 2008-10-26 20:43:59 +00:00
Todd C. Miller
18e7644032 Don't error out on a zero-length sudoers file. With the advent of 
#include the user could create a situation where sudo is unusable.
 2008-10-24 13:49:10 +00:00
Todd C. Miller
b02daa8272 Add sudoers_locale Defaults option to override the default sudoers 
locale of "C".
 2008-09-14 00:45:24 +00:00
Todd C. Miller
508295b1f6 Set locale to system default except for during sudoers parse. 2008-09-13 18:09:28 +00:00
Todd C. Miller
a5245c2358 Set locale to "C" to avoid interpretation issues with character ranges 
in sudoers.  May want to make the locale a sudoers option in the future.
 2008-08-23 23:09:13 +00:00
Todd C. Miller
e439faeeb4 Flesh out the fake passwd entry used for running commands as a uid not 
listed in the passwd database.  Fixes an issue with some PAM modules.
 2008-07-02 10:27:57 +00:00
Todd C. Miller
0cf7172b1a Error out in -i mode if the user has no shell. This can happen when 
running commands as a uid with no password entry.
 2008-07-01 11:57:55 +00:00
Todd C. Miller
4578548c45 The -i flag should imply env_reset. This got broken in sudo 1.6.9. 2008-06-21 18:59:36 +00:00
Todd C. Miller
5756ddfbeb Change how the mailer is waited for. Instead of having a SIGCHLD 
handler, use the double fork trick to orphan the child that opens
the pipe to sendmail.  Fixes a problem running su on some Linux distros.
 2008-06-21 00:34:47 +00:00
Todd C. Miller
b85a28aba9 Add env_file Defaults option that is similar to /etc/environment on some 
systems.
 2008-05-03 00:53:21 +00:00
Todd C. Miller
cb8bc538d0 fix "sudo -s" broken by mode/flags breakout 2008-04-07 18:39:05 +00:00
Todd C. Miller
938f79172c parse_args() cleanup: 
Sort command line options in the getopt() switch
The -U option requires a parameter
Normalize a few ISSET calls
Split mode into mode and flags and retire the now-obsolete excl variable
 2008-03-18 20:08:46 +00:00
Todd C. Miller
c352187cf8 Add -n (non-interactive) flag. 2008-03-18 20:04:41 +00:00
Todd C. Miller
f2c84d5a6d Move version printing, etc. into a separate function. 2008-03-18 19:59:37 +00:00
Todd C. Miller
4b46531e48 Don't try to cleanup nsswitch if it has not been initialized. 2008-03-18 19:57:40 +00:00
Todd C. Miller
d11cb3d14b Use getopt() to parse the command line. We need to be able to 
intersperse env variables and options yet still honor "--""
which complicates things slightly.
 2008-03-12 23:42:32 +00:00
Todd C. Miller
0c6a760fc2 Error out if both -A and -S are specified 
Error out if -A is specified but no askpass is configured
 2008-03-04 22:20:28 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
211be00ccb Document "sudo -ll" and make "sudo -l -l" be equivalent. 2008-02-17 01:26:23 +00:00
Todd C. Miller
04bb8f00fc Remove dependence on VALIDATE_NOT_OK in logging functions. 
Split log_auth() into log_allowed() and log_denial()
Replace mail_auth() with should_mail() and a call to send_mail()
 2008-02-13 12:28:37 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
72656eaf3b Unlimit nproc on Linux systems where calling the setuid() family 
of syscalls causes the nroc resource limit to be checked.  The
limits will be reset by pam_limits.so when PAM is used.  In the
non-PAM case the nproc limit will remain unlimited but there doesn't
seem to be a way around that other than having sudo parse
/etc/security/limits.conf directly.
 2008-01-27 21:34:41 +00:00
Todd C. Miller
801860b298 Only read /etc/environment on Linux and AIX 2008-01-27 21:31:27 +00:00
Todd C. Miller
7f05a4ff6f Make set_runaspw static void 2008-01-15 14:23:58 +00:00
Todd C. Miller
055bda6261 comment cleanup and update (c) year 2008-01-05 21:27:02 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
5a6ad03e59 Remove some already fixed XXXs 2008-01-01 22:06:33 +00:00
Todd C. Miller
156c949750 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. 2008-01-01 21:42:28 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
ed88a812ec ld -> ldap_conn 2007-12-17 01:02:44 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
3592cc0b18 The -i and -s flags can now take an optional command. 2007-12-03 16:36:49 +00:00
Todd C. Miller
74c5dc4fad Add passprompt_override flag to sudoers that will cause the prompt 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
 2007-12-02 17:13:48 +00:00
Todd C. Miller
4efd981d68 Move setting of login class until after sudoers has been parsed. 
Set NewArgv[0] for -i after runas_pw has been set.
 2007-12-02 00:51:32 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
4f5e88532f PAM wants the full tty path so add user_ttypath which holds the 
full path to the tty or is NULL if no tty was present.
 2007-09-13 23:05:34 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
fa6536920b Be consistent when using single quotes and backticks. 2007-08-20 14:46:40 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings 
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
 2007-08-19 20:48:09 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00