isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,943 Commits 1 Branch 0 Tags
ac61b5655d5b0437e3dec29c823ab4591db204e3
Commit Graph

137 Commits

Author SHA1 Message Date
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
901b2666fc Add ldif support to testsudoers 2018-08-27 05:21:04 -06:00
Todd C. Miller
b2e3adccf3 Make alias_apply() take 3 arguments, the first being a pointer to the 
struct sudoers_parse_tree.
 2018-08-24 09:52:53 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
24f8e62e75 Update copyright date, remove unneeded include and add a few comments. 2018-03-06 15:59:31 -07:00
Todd C. Miller
e6c0d80fa8 Use fmtsudoers functions in testsudoers. 2018-03-06 15:09:21 -07:00
Todd C. Miller
3e7db48284 Don't print an empty user list as ALL. 2018-03-06 14:38:17 -07:00
Todd C. Miller
5e9e641b3d Check the return value of sudoers_debug_register(). 
Coverity CID 182574
 2018-01-29 14:02:21 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
79ca752802 Go back to parsing Defaults entries in update_defaults instead of 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
 2016-11-09 16:00:12 -07:00
Todd C. Miller
f6ce83ea76 Only treat an unknown Defaults entry as a parse error in visudo, 
not in sudo itself.
 2016-11-01 15:08:11 -06:00
Todd C. Miller
a750bebf10 Set RUNAS_USER_SPECIFIED when -u is specified and/or RUNAS_GROUP_SPECIFIED 
when -g is specified.
 2016-09-15 13:16:38 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
256ca993b9 Update defaults in visudo after sudoers has been edited so we pick 
up locale changes.  The init_defaults() function will now re-init
the sudoers locale.
 2016-07-22 10:41:56 -06:00
Todd C. Miller
65579b69eb Set sudoers locale before calling sudoersparse(). We don't need 
to restore the user's locale since warnings are displayed in the
user's locale anyway.
 2016-07-20 19:58:42 -06:00
Todd C. Miller
b5c2ca2fe5 Move sudoers locale callback function to locale.c and user it in 
visudo and testsudoers.
 2016-07-20 14:16:00 -06:00
Todd C. Miller
9b42640ef5 Change defaults callbacks to take a union sudo_defs_val * instead 
of a char *.
 2016-07-18 12:11:25 -06:00
Todd C. Miller
05db5aa3b8 Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the 
caches as needed on demand.  Also remove calls to sudo_freepwcache()
and sudo_freegrcache() that are immediately followed by execve(),
they are not needed.
 2016-05-11 09:40:31 -06:00
Todd C. Miller
23d288563e Eliminate use of setpwent()/endpwent() and setgrent()/endgrent(). 
Sudo never iterates over the passwd or group file.
Rename sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and
use sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
 2016-05-11 07:06:45 -06:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
445e6f2e9a Check sudo_conf_read() return value and exit on fatal error (a 
warning was already printed by sudo_conf_read()).
 2015-07-07 13:17:50 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
07f9814450 Remove remaining SUDO_MAIN remnants. 2015-06-17 10:20:14 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
2bf454b74d Use non-exiting allocators in the redblack tree and fix the fallout. 
Also switch to non-exiting allocators in affected code blocks.
 2015-05-27 09:51:54 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
cbcaaa299a No need to cast malloc() return value. 2015-05-14 10:47:09 -06:00
Todd C. Miller
e98778b2a2 When creating a passwd struct from a uid that is not in the passwd 
database, set pw_gid to the user's gid instead of whatever the user
specified via the -g flag (or 0 if no -g).
 2015-04-16 13:19:04 -06:00
Todd C. Miller
233783511d Define YYDEBUG to 0 if not already defined so we can protect use 
of sudoersdebug with "#if YYDEBUG" like the generated parser does.
From David Michael.
 2015-02-27 07:10:20 -07:00
Todd C. Miller
be8dbeb22e Avoid using HOST_NAME_MAX directly and use sysconf(_SC_HOST_NAME_MAX) 
instead.
 2015-02-19 20:28:02 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00