isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,458 Commits 1 Branch 0 Tags
add7f327eaae3e6d27464a1a99c862b1a55dae9a
Commit Graph

383 Commits

Author SHA1 Message Date
Todd C. Miller
e7a4529cf8 Fix "sudo -g" support in the sudoers module. 2011-01-11 10:42:01 -05:00
Todd C. Miller
2d74e9567f If the user is running sudo as himself but as a different group we 
need to prompt for a password.
 2011-01-11 10:35:20 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
823e812723 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility 
with OpenLDAP ldap.conf files.
 2011-01-10 09:27:58 -05:00
Todd C. Miller
8a043ca562 If user has no supplementary groups, fall back on checking the group 
file expliticly.
 2011-01-10 09:23:54 -05:00
Todd C. Miller
e63849afb0 constify 2011-01-08 19:54:30 -05:00
Todd C. Miller
4cc6322b48 Move fill macro to toke.h 2011-01-08 19:34:31 -05:00
Todd C. Miller
400b6ffe20 Split tokenizer utility functions out into toke_util.c 2011-01-08 15:42:39 -05:00
Todd C. Miller
866ffd0bdb ANSIfy 2011-01-08 15:15:30 -05:00
Todd C. Miller
e8cc22c0c8 Add visudo tests to check target 2011-01-07 15:10:28 -05:00
Todd C. Miller
460f760ca2 Add regress test for command tags using visudo -c 2011-01-07 14:01:57 -05:00
Todd C. Miller
b679e03195 Add support for regress tests using testsudoers 2011-01-07 13:19:32 -05:00
Todd C. Miller
217d296111 Need to set user_name explicitly due to internal changes made when 
converting sudoers to a plugin.
 2011-01-07 11:56:15 -05:00
Todd C. Miller
1defd7b456 Add regression tests for iolog_path() 2011-01-06 11:05:28 -05:00
Todd C. Miller
f8de3f6327 Add support for "make Makefile" to regenerate Makefile from Makefile.in 2011-01-06 10:44:28 -05:00
Todd C. Miller
d2596e3f7b Quiest a bogus compiler warning. 2011-01-06 10:23:20 -05:00
Todd C. Miller
f09bbcb6bb Protect call to setlocale() with HAVE_SETLOCALE 2011-01-05 16:27:44 -05:00
Todd C. Miller
b92b745eaf Fix NULL dereference with "sudo -g group" when the sudoers rule has 
no runas user or group listed.  Fixes RedHat bug Bug 667103.
 2011-01-04 12:44:39 -05:00
Todd C. Miller
b76c798856 Reset slashp if we allocate a new buffer for strftime() 2010-12-31 10:55:49 -05:00
Todd C. Miller
1bb3518b33 Add extra out parameter to expand_iolog_path() to allow the caller 
to split the path into dir and file components if needed.
 2010-12-31 09:55:40 -05:00
Todd C. Miller
755e3ef0ab mkdir_iopath() returns size_t now that it uses strlcpy() and not snprintf() 2010-12-30 18:08:09 -05:00
Todd C. Miller
7f580397e2 Trim leading slashes from iolog_file and trailing slashes from iolog_dir 2010-12-30 18:05:53 -05:00
Todd C. Miller
25036d7a75 Pass a single I/O log file name in command_details instead of 
separate dir + file parameters.
 2010-12-30 17:09:01 -05:00
Todd C. Miller
2fb085dfac change an error() to errorx() 2010-12-30 17:02:43 -05:00
Todd C. Miller
83de9e28f1 Add missing cwd line to I/O log info file that got dropped when 
iolog_deserialize_info() was added
 2010-12-30 17:01:41 -05:00
Todd C. Miller
fec059a890 Avoid relying on globals filled in by the sudoers policy module for 
the sudoers I/O log module.  The I/O log open function now pulls the
bits it needs out of user_info and command_info.
 2010-12-29 17:32:04 -05:00
Todd C. Miller
97b7ae8892 If no iolog file is specified by the policy plugin, use io_nextid() 
to determine the next file in the sequence.
 2010-12-29 11:07:45 -05:00
Todd C. Miller
02ed3d5b3e Add support for the iolog_compress variable in command_info. 2010-12-28 12:23:18 -05:00
Todd C. Miller
bff14f60e6 Add sigsetjmp() calls to all plugin entry points just to be safe. 2010-12-28 11:02:12 -05:00
Todd C. Miller
36d8fbb900 Fix typo 2010-12-27 13:49:06 -05:00
Todd C. Miller
4c1aecd48f Only use mkdtemp() if the path ends in at least 6 Xs since otherwise 
glibc mkdtemp() returns EINVAL.
 2010-12-27 12:32:28 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
524021a377 Add missing sigsetjmp() call in I/O plugin open function. 
Fixes a crash when the I/O plugin calls error(), errorx() or log_error().
 2010-12-27 11:24:47 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
b2a6984606 Make I/O log dir configurable. 2010-12-10 14:14:35 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
70cf50fd20 In sudoedit mode, assume command line arguments are paths and 
pass FNM_PATHNAME to fnmatch().
 2010-11-22 10:27:29 -05:00
Todd C. Miller
5a0f2164ef Avoid conflicts with system definitions in grp.h and pwd.h 2010-11-20 10:33:23 -05:00
Todd C. Miller
51f401fa34 Add prototype for cleanup() 2010-11-19 12:58:03 -05:00
Todd C. Miller
c73306983c Avoid deferencing group_plugin if it is NULL in group_plugin_query(). 
This should not happen.
 2010-11-18 17:09:57 -05:00
Todd C. Miller
4b2fb225c0 group plugin init function return TRUE when successful 2010-11-18 17:06:52 -05:00
Todd C. Miller
ef5f73a49f Enlarge the array of entry wrappers int blocks of 100 entries to 
save on allocation time.  From Andreas Mueller
 2010-11-17 18:56:52 -05:00
Todd C. Miller
f9353d95ca Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() 
that was mistakenly dropped.
 2010-11-17 07:31:07 -05:00
Todd C. Miller
8940f361ea Merge in ordered LDAP entry support from Andreas Mueller 
and add local changes from the 1.7 branch.
 2010-11-14 13:22:38 -05:00
Todd C. Miller
2b0fca31c0 Add timed entry support from Andreas Mueller. 2010-11-12 15:26:35 -05:00
Todd C. Miller
82453cfdec Don't try to unload if group_plugin is NULL. 
Don't call dlclose() if group_handle is NULL
 2010-11-12 13:14:35 -05:00