isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,474 Commits 1 Branch 0 Tags
ae2f7638f554ce4d5eb8586289f5497cb2cd3020
Commit Graph

393 Commits

Author SHA1 Message Date
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
3316ac8ebc Do not reject sudoers file just because it is root-writable. 2011-01-24 14:25:51 -05:00
Todd C. Miller
fbbd0603da For "sudo -U user -l" if user is not authorized on the host, say so. 2011-01-21 10:10:26 -05:00
Todd C. Miller
be034d5e7e In sudo_ldap_lookup(), always do the initial sudoers check as the 
invoking user.  If we are listing another user's privs we will
do a separate lookup using list_pw later.
 2011-01-21 08:10:26 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
96767abfe4 When listing, use separate lbufs for the defaults and the privileges and 
only print something if the number of privileges is non-zero.  Fixes
extraneous Defaults output for "sudo -U unauthorized_user -l".
 2011-01-20 16:19:42 -05:00
Todd C. Miller
215500bb55 Stash pointer to user group vector in LDAP handle and only reuse 
the query if it has not changed.  We always allocate a new buffer
when we reset the group vector so a simple pointer check is sufficient.
 2011-01-20 16:16:08 -05:00
Todd C. Miller
165dcfa37f Check initgroups() return value. 2011-01-20 16:15:34 -05:00
Todd C. Miller
7cbd1ff728 Add tests for the fill functions in toke_util.c 2011-01-20 10:09:19 -05:00
Todd C. Miller
79dff677d4 fix copyright year 2011-01-19 17:38:38 -05:00
Todd C. Miller
e7a4529cf8 Fix "sudo -g" support in the sudoers module. 2011-01-11 10:42:01 -05:00
Todd C. Miller
2d74e9567f If the user is running sudo as himself but as a different group we 
need to prompt for a password.
 2011-01-11 10:35:20 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
823e812723 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility 
with OpenLDAP ldap.conf files.
 2011-01-10 09:27:58 -05:00
Todd C. Miller
8a043ca562 If user has no supplementary groups, fall back on checking the group 
file expliticly.
 2011-01-10 09:23:54 -05:00
Todd C. Miller
e63849afb0 constify 2011-01-08 19:54:30 -05:00
Todd C. Miller
4cc6322b48 Move fill macro to toke.h 2011-01-08 19:34:31 -05:00
Todd C. Miller
400b6ffe20 Split tokenizer utility functions out into toke_util.c 2011-01-08 15:42:39 -05:00
Todd C. Miller
866ffd0bdb ANSIfy 2011-01-08 15:15:30 -05:00
Todd C. Miller
e8cc22c0c8 Add visudo tests to check target 2011-01-07 15:10:28 -05:00
Todd C. Miller
460f760ca2 Add regress test for command tags using visudo -c 2011-01-07 14:01:57 -05:00
Todd C. Miller
b679e03195 Add support for regress tests using testsudoers 2011-01-07 13:19:32 -05:00
Todd C. Miller
217d296111 Need to set user_name explicitly due to internal changes made when 
converting sudoers to a plugin.
 2011-01-07 11:56:15 -05:00
Todd C. Miller
1defd7b456 Add regression tests for iolog_path() 2011-01-06 11:05:28 -05:00
Todd C. Miller
f8de3f6327 Add support for "make Makefile" to regenerate Makefile from Makefile.in 2011-01-06 10:44:28 -05:00
Todd C. Miller
d2596e3f7b Quiest a bogus compiler warning. 2011-01-06 10:23:20 -05:00
Todd C. Miller
f09bbcb6bb Protect call to setlocale() with HAVE_SETLOCALE 2011-01-05 16:27:44 -05:00
Todd C. Miller
b92b745eaf Fix NULL dereference with "sudo -g group" when the sudoers rule has 
no runas user or group listed.  Fixes RedHat bug Bug 667103.
 2011-01-04 12:44:39 -05:00
Todd C. Miller
b76c798856 Reset slashp if we allocate a new buffer for strftime() 2010-12-31 10:55:49 -05:00
Todd C. Miller
1bb3518b33 Add extra out parameter to expand_iolog_path() to allow the caller 
to split the path into dir and file components if needed.
 2010-12-31 09:55:40 -05:00
Todd C. Miller
755e3ef0ab mkdir_iopath() returns size_t now that it uses strlcpy() and not snprintf() 2010-12-30 18:08:09 -05:00
Todd C. Miller
7f580397e2 Trim leading slashes from iolog_file and trailing slashes from iolog_dir 2010-12-30 18:05:53 -05:00
Todd C. Miller
25036d7a75 Pass a single I/O log file name in command_details instead of 
separate dir + file parameters.
 2010-12-30 17:09:01 -05:00
Todd C. Miller
2fb085dfac change an error() to errorx() 2010-12-30 17:02:43 -05:00
Todd C. Miller
83de9e28f1 Add missing cwd line to I/O log info file that got dropped when 
iolog_deserialize_info() was added
 2010-12-30 17:01:41 -05:00
Todd C. Miller
fec059a890 Avoid relying on globals filled in by the sudoers policy module for 
the sudoers I/O log module.  The I/O log open function now pulls the
bits it needs out of user_info and command_info.
 2010-12-29 17:32:04 -05:00
Todd C. Miller
97b7ae8892 If no iolog file is specified by the policy plugin, use io_nextid() 
to determine the next file in the sequence.
 2010-12-29 11:07:45 -05:00
Todd C. Miller
02ed3d5b3e Add support for the iolog_compress variable in command_info. 2010-12-28 12:23:18 -05:00
Todd C. Miller
bff14f60e6 Add sigsetjmp() calls to all plugin entry points just to be safe. 2010-12-28 11:02:12 -05:00
Todd C. Miller
36d8fbb900 Fix typo 2010-12-27 13:49:06 -05:00
Todd C. Miller
4c1aecd48f Only use mkdtemp() if the path ends in at least 6 Xs since otherwise 
glibc mkdtemp() returns EINVAL.
 2010-12-27 12:32:28 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
524021a377 Add missing sigsetjmp() call in I/O plugin open function. 
Fixes a crash when the I/O plugin calls error(), errorx() or log_error().
 2010-12-27 11:24:47 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
b2a6984606 Make I/O log dir configurable. 2010-12-10 14:14:35 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00