isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,148 Commits 1 Branch 0 Tags
aa849ed945cd46b1ba937b68ff918acd1c066f33
Commit Graph

7148 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
aa849ed945 Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX 
lacks /proc/self and it has F_CLOSEM.
 2013-12-17 07:38:20 -07:00
Todd C. Miller
65012dd661 Use a switch to map digest type to name instead of an array of 
strings.
 2013-12-16 17:00:17 -07:00
Todd C. Miller
1c3f2ac1e7 Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. 2013-12-16 16:24:02 -07:00
Todd C. Miller
8c184dcec3 Remove _MAX and _MIN compat; we rely on missing.h for that. 
We already require the compiler handle long long so there's
no need to use HAVE_LONG_LONG_INT everywhere.
 2013-12-16 14:53:27 -07:00
Todd C. Miller
f689a86354 Remove _MAX and _MIN defines that any system from the last 20 years 
should have.  Add ULLONG_MAX in case it is missing.
 2013-12-16 14:52:31 -07:00
Todd C. Miller
68f6e23b07 Change visudo -x to take a file name argument, which may be '-' to 
write the exported sudoers file to stdout.
 2013-12-16 14:32:42 -07:00
Todd C. Miller
b2c456341a Move symbol extern defs into sudoers.h 2013-12-16 14:18:42 -07:00
Todd C. Miller
624f4fdb13 Add missing sudo_util.h 2013-12-16 14:14:36 -07:00
Todd C. Miller
cf47b156fc Warn if the time stamp in the I/O log file does not fit in time_t. 
Warn if the info line is not well-formed instead of silently ignoring
it.
 2013-12-14 08:30:37 -07:00
Todd C. Miller
62b559db15 Rename libcommon libsudo_util 2013-12-13 07:46:05 -07:00
Todd C. Miller
3e2d818ed9 Move prototypes for functions provided by libcommon that don't have 
their own header files into sudo_util.h.
 2013-12-12 18:29:07 -07:00
Todd C. Miller
ef2cff1d33 Now that we have proper number parsing functions we should store 
T_UINT defaults values as unsigned int, not int.
 2013-12-11 14:43:04 -07:00
Todd C. Miller
3e4f5c5848 Don't use int where we really mean enum def_tuple. When this code 
was written it was assumed that we may have multiple tuple types.
However, that hasn't happened and probably never will.
 2013-12-11 14:31:50 -07:00
Todd C. Miller
03b013ab26 Regen after string parsing changes. 2013-12-11 13:55:12 -07:00
Todd C. Miller
cbf41b8b96 The OpenBSD strtonum() uses very short error strings that can't 
be translated usefully.  Convert them to longer strings on error.
Also use the longer strings for atomode() and atoid().
 2013-12-11 13:43:10 -07:00
Todd C. Miller
d83bfb9fe6 Add atomode() function for parsing a file mode. 2013-12-10 16:56:54 -07:00
Todd C. Miller
8f9ce7249a Use strtonum() instead of atoi(), strtol() or strtoul() where possible. 2013-12-10 16:23:21 -07:00
Todd C. Miller
f83eac40eb Add strtonum.c to compat for simpler number parsing. 2013-12-10 14:38:52 -07:00
Todd C. Miller
7dabe334b3 Fix a warning on Solaris, we need to use debug_return_const_ptr. 2013-12-09 14:06:46 -07:00
Todd C. Miller
b7c647a4fe check_symbols needs to link with SUDO_LIBS in order to get -lpthread 
on HP-UX for libldap (which uses threads).  It would be better to
have a separate variable for the pthread library but this is no
worse than it used to be.
 2013-12-09 14:00:55 -07:00
Todd C. Miller
8e04c592ae add missing comma 2013-12-08 11:20:32 -07:00
Todd C. Miller
47dbe189f9 Make -c option description more accurate. 2013-12-08 11:06:27 -07:00
Todd C. Miller
8bdf3d9a27 When checking whether a user may change the login class, just check 
pw_uid of the runas user, which was passed in to set_loginclass().
 2013-12-07 09:17:54 -07:00
Todd C. Miller
acdff2d998 Use atoid() when parsing user/group IDs and print them as unsigned int. 2013-12-06 14:10:03 -07:00
Todd C. Miller
e964aa4d8c Correctly parse 64-bit times in I/O log files. 2013-12-05 16:19:50 -07:00
Todd C. Miller
e1ac1a2ff3 Use atoid() not atoi() when parsing uids/gids. 2013-12-05 15:51:56 -07:00
Todd C. Miller
2508da6f68 Better match debugging. 
Sprinkle const in match functions.
 2013-12-05 14:34:56 -07:00
Todd C. Miller
1739350e20 Document that plugins can be compiled statically into the sudo binary. 2013-12-04 16:05:05 -07:00
Todd C. Miller
9e964a8c0e sudo_sss_filter_user_netgroup(): fix comment typos, break out of loop 
early if we match ALL or netgroup.
 2013-12-03 15:47:45 -07:00
Todd C. Miller
302d3273a8 When filtering netgroups, use the passwd struct stashed in the handle, 
not user_name since we may be listing another users privileges.
 2013-12-03 15:39:12 -07:00
Todd C. Miller
af72b1ad50 RHEL 6 and above builds sudo with SSSD support 2013-12-03 15:18:42 -07:00
Todd C. Miller
f477b343fe Avoid passing NULL domainname to sudo_debug_printf(). 2013-12-03 15:15:12 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
5b491573e1 Document "event" debug subsystem. 2013-12-03 14:40:58 -07:00
Todd C. Miller
878ddb1788 Use atoid() instead of atoi() when parsing uids/gids so we get 
proper range checking.
 2013-12-03 14:33:26 -07:00
Todd C. Miller
f56eca8051 Add user netgroup filtering for SSSD. Previously, rules for a 
netgroup were applied to all even when they did not belong to the
specified netgroup.  RedHat Bugzilla 880150.
 2013-12-03 14:19:37 -07:00
Todd C. Miller
543d3b701e Fix several issues found by the clang static analyzer; Daniel Kopecek 2013-12-03 14:10:11 -07:00
Todd C. Miller
dc69e5af57 Mention how to dump sudoers info from LDAP. 2013-12-02 16:00:15 -07:00
Todd C. Miller
b082a614f5 On Solaris, disabling the proc_exec privilege appears to interfere 
with DAC file permissions.  Adding DAC override permissions to the
inheritable set works around this for commands run as root without
giving extra permissions to other users.  Bug #626
 2013-12-02 11:14:25 -07:00
Todd C. Miller
0d81263e26 Instead of setprogname(), add initprogname() which gets the program 
name for getprogname() using /proc or pstat() if possible.
 2013-12-01 19:12:21 -07:00
Todd C. Miller
902215a8c0 Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears 
to return this in certain situations but it appears to be harmless
at least insofar as retrieving the tty goes.
 2013-11-30 18:43:57 -07:00
Todd C. Miller
fdf56ee940 Sync with translationproject.org 2013-11-30 15:19:19 -07:00
Todd C. Miller
188e921560 Add missing newline in help message after export option. 2013-11-28 06:08:08 -07:00
Todd C. Miller
4247c1741b Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it 
in Makefile.in so we can make it last.  Fixes a linking problem on
Ubuntu precise.
 2013-11-26 07:15:55 -07:00
Todd C. Miller
94ad47ff98 Do not rely on NULL being defined for getaddrinfo() test. 
Fixes the check on HP-UX 11.23.
 2013-11-25 09:54:04 -07:00
Todd C. Miller
58a0540b96 Regen for sudo 1.8.9b1 2013-11-24 16:37:32 -07:00
Todd C. Miller
853384124d Sync with translationproject.org 2013-11-24 16:31:40 -07:00
Todd C. Miller
12f3bdf60e Add wrapper functions for dlopen() et al so that we can support 
statically compiling in the sudoers plugin but still allow other
plugins to be loaded.  The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary.  This does not prevent other plugins from being
loaded as per sudo.conf.
 2013-11-22 16:35:15 -07:00
Todd C. Miller
0fb17059a6 Handle non-unix groups correctly. Get rid of runasuser and runasgroup 
types and use username and usergroup instead.  The fact that the user
or group is inside a Runas_List doesn't affect its underlying type.
 2013-11-21 09:45:55 -07:00
Todd C. Miller
bf700fdd58 Simplify Defaults list option object. The name and value strings 
are superfluous.
 2013-11-20 14:35:35 -07:00