isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,403 Commits 1 Branch 0 Tags
aecef4aa1d91c88fa9e034b05be4cdeed2608773
Commit Graph

412 Commits

Author SHA1 Message Date
Todd C. Miller
088edcb6f5 Add exported libsudo_util functions to util.exp and mark in headers 
using __dso_public.
 2014-06-26 15:51:15 -06:00
Todd C. Miller
7e24b8e651 Add Greek PO file for sudoers from translationproject.org 2014-06-04 11:43:39 -06:00
Todd C. Miller
4eb0122e98 Norwegian Bokmaal translation for sudo from translationproject.com 2014-05-23 13:29:20 -06:00
Todd C. Miller
b0e6977c35 Try to be clearer about which are the input and output files in 
export mode.
 2014-05-13 15:00:43 -06:00
Todd C. Miller
e61af9e6d0 Fix fd leak on Linux when determing boot time. This is usually 
masked by the closefrom() call in sudo.  From Jamie Anderson.
Bug #645
 2014-04-28 08:36:22 -06:00
Todd C. Miller
e8bb08cc46 Use calloc() instead of malloc(n * s) followed by memset(). 
From Jean-Philippe Ouellet.
 2014-04-22 16:06:04 -06:00
Todd C. Miller
7d91691e1f Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when 
changing the user.  This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris.  From Gary Winiger; Bug #642
 2014-04-15 07:16:57 -06:00
Todd C. Miller
60cf68ad16 Fix typos in description of the -x option. Bug #637 2014-03-15 09:15:36 -06:00
Todd C. Miller
ed87af2ae4 Catalan translation for sudo from translationproject.org. 2014-03-06 11:58:08 -07:00
Todd C. Miller
addef62246 Add Ingo Schwarze 2014-02-24 16:39:39 -07:00
Todd C. Miller
6bffa9a4a9 Mention init.d scripts on AIX and HP-UX 
Mention sudoers group mismatch fix
 2014-02-17 10:27:47 -07:00
Todd C. Miller
a61935c2b9 Use .Ar macro instead of "file ..." 
Use ".Cm -" instead of ".Li -" for the default login class.
From Ingo Schwarze.
 2014-02-15 16:12:31 -07:00
Todd C. Miller
f909c0d132 Remove some extraneous markup; from Ingo Schwarze 
* No need to explicitly end a macro with No before |
   because | counts as middle punctuation
   and falls out of the macro, anyway.
 * No need to explicitly re-open in-line macros after |
   because | counts as middle punctuation
   and the macros resume afterwards, anyway.
 * Simplify the mnemonic remarks regarding the option letters,
   no need for manual font and spacing control with No and Ns.
 * Trim Ns No to just Ns, it already implies No.
 2014-02-15 16:04:07 -07:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
a9cfe4fc44 Remove extraneous keeps in SYNOPSIS now that mandoc does implied 
keeps when converting from mdoc to man.
 2014-02-15 15:18:20 -07:00
Todd C. Miller
94d4482238 Properly escape the : in :alpha: 2014-02-15 15:17:37 -07:00
Todd C. Miller
28c49748a9 Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. 
From Jan Stary.
 2014-02-15 10:40:46 -07:00
Todd C. Miller
414edf65e8 Mention that there is now a default LDAP search filter. 2014-02-07 15:03:18 -07:00
Todd C. Miller
a54e52d588 Minor word choice change. 2014-02-07 15:03:00 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00
Todd C. Miller
23c2249531 Update time stamp error messages and regen. 2014-02-01 06:15:14 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
b15b03560a fix typo 2014-01-31 10:12:21 -07:00
Todd C. Miller
51cab56795 Upgrade info for 1.8.10 2014-01-31 10:05:49 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
1a42e5f63d It is now possible to disable network interface probing in sudo.conf 
by changing the value of the probe_interfaces setting.
 2014-01-23 14:52:54 -07:00
Todd C. Miller
5a6db565c1 Update copyright years 2014-01-15 06:19:34 -07:00
Todd C. Miller
78355e618f Add cppcheck target to run cppcheck on all source files. 2014-01-13 09:50:39 -07:00
Todd C. Miller
ed029f9a69 Add "see below" to reference "Secure editing" section in "Preventing 
shell escapes".
 2014-01-02 10:40:03 -07:00
Todd C. Miller
9bbf4c7285 Add initial "Secure editing" section. 2014-01-01 07:07:37 -07:00
Todd C. Miller
76fb023903 Update copyright year. 2014-01-01 07:07:21 -07:00
Todd C. Miller
cd77926e1b Dell acquired Quest 2013-12-30 08:26:58 -07:00
Todd C. Miller
11babdaabc regen 2013-12-28 14:28:52 -07:00
Todd C. Miller
1adeda54ef Add support for preventing fds from getting clobbered by closefrom(). 2013-12-20 11:14:32 -07:00
Todd C. Miller
68f6e23b07 Change visudo -x to take a file name argument, which may be '-' to 
write the exported sudoers file to stdout.
 2013-12-16 14:32:42 -07:00
Todd C. Miller
8e04c592ae add missing comma 2013-12-08 11:20:32 -07:00
Todd C. Miller
47dbe189f9 Make -c option description more accurate. 2013-12-08 11:06:27 -07:00
Todd C. Miller
8bdf3d9a27 When checking whether a user may change the login class, just check 
pw_uid of the runas user, which was passed in to set_loginclass().
 2013-12-07 09:17:54 -07:00
Todd C. Miller
1739350e20 Document that plugins can be compiled statically into the sudo binary. 2013-12-04 16:05:05 -07:00
Todd C. Miller
ede55a2f74 Document sssd debug subsystem. 2013-12-03 14:42:33 -07:00
Todd C. Miller
5b491573e1 Document "event" debug subsystem. 2013-12-03 14:40:58 -07:00
Todd C. Miller
6d8b078e2b Add support to visudo to export sudoers in JSON format. 2013-11-15 15:11:55 -07:00
Todd C. Miller
e31b2ba6a8 Rename configure.in -> configure.ac 2013-11-13 15:00:28 -07:00
Todd C. Miller
89c162ec63 Add missing $(mansrcdir) to visudo.mdoc and visudo.man. 
From Daniel Richard G.
 2013-11-12 08:51:25 -07:00