isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,488 Commits 1 Branch 0 Tags
af2ac7ccc66451bffb458f82f3110c59faba80df
Commit Graph

402 Commits

Author SHA1 Message Date
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
524021a377 Add missing sigsetjmp() call in I/O plugin open function. 
Fixes a crash when the I/O plugin calls error(), errorx() or log_error().
 2010-12-27 11:24:47 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
b2a6984606 Make I/O log dir configurable. 2010-12-10 14:14:35 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
70cf50fd20 In sudoedit mode, assume command line arguments are paths and 
pass FNM_PATHNAME to fnmatch().
 2010-11-22 10:27:29 -05:00
Todd C. Miller
5a0f2164ef Avoid conflicts with system definitions in grp.h and pwd.h 2010-11-20 10:33:23 -05:00
Todd C. Miller
51f401fa34 Add prototype for cleanup() 2010-11-19 12:58:03 -05:00
Todd C. Miller
c73306983c Avoid deferencing group_plugin if it is NULL in group_plugin_query(). 
This should not happen.
 2010-11-18 17:09:57 -05:00
Todd C. Miller
4b2fb225c0 group plugin init function return TRUE when successful 2010-11-18 17:06:52 -05:00
Todd C. Miller
ef5f73a49f Enlarge the array of entry wrappers int blocks of 100 entries to 
save on allocation time.  From Andreas Mueller
 2010-11-17 18:56:52 -05:00
Todd C. Miller
f9353d95ca Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() 
that was mistakenly dropped.
 2010-11-17 07:31:07 -05:00
Todd C. Miller
8940f361ea Merge in ordered LDAP entry support from Andreas Mueller 
and add local changes from the 1.7 branch.
 2010-11-14 13:22:38 -05:00
Todd C. Miller
2b0fca31c0 Add timed entry support from Andreas Mueller. 2010-11-12 15:26:35 -05:00
Todd C. Miller
82453cfdec Don't try to unload if group_plugin is NULL. 
Don't call dlclose() if group_handle is NULL
 2010-11-12 13:14:35 -05:00
Todd C. Miller
26d71ded7b It is now plugin_cleanup(), not cleanup() 2010-11-12 13:03:28 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
8597c39194 Use efree() not free() and remove malloc.h include since we never 
directly call malloc() or free().
 2010-11-11 16:10:57 -05:00
Todd C. Miller
47323843a5 Give up on using VPATH to find sources as it is implemented inconsistenly 
in different versions of make.
 2010-11-09 10:27:02 -05:00
Todd C. Miller
39d1167f33 Include config.h before any other includes to make sure we get the 
right value for _FILE_OFFSET_BITS.
 2010-11-09 08:55:55 -05:00
Todd C. Miller
452d8765b2 Zero out group_plugin on unload just to be safe. 2010-11-08 17:48:05 -05:00
Todd C. Miller
da35e5f42f Unload group plugin if its init function fails. 2010-11-08 17:44:32 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
c615ca742a Use INADDR_NONE instead of casting -1 to in_addr_t (which may not exist). 2010-10-12 10:31:21 -04:00
Todd C. Miller
1e01f2b7ac Quiet an HP-UX compiler warning. 2010-10-12 09:23:52 -04:00
Todd C. Miller
86a4a5232f Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to 
include the local or system dlfcn.h
 2010-10-11 17:39:51 -04:00
Todd C. Miller
06b0aa1185 Fix pasto; AF_INET not AF_INET6 2010-10-11 15:43:59 -04:00
Todd C. Miller
6a52054147 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful 
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.
 2010-10-11 09:12:23 -04:00
Todd C. Miller
751f597b2b Make this compile correctly when no dlopen is available. 2010-10-11 09:10:10 -04:00
Todd C. Miller
66ea399856 Having a timestamp file defined is no longer indicative of tty tickets 
being enabled.  Check def_tty_tickets directly.
 2010-10-07 14:12:17 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00
Todd C. Miller
a627c60deb When iterating over returned LDAP entries, keep looking at remaining 
matches even if we have a positive match.  This catches negative
matches that may exist in other entries and more closely match the
sudoers file behavior.
 2010-10-01 12:17:01 -04:00
Todd C. Miller
614e2a642c Preserve ODMDIR environment variable by default on AIX. 2010-09-27 14:08:54 -04:00
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
590eed3bd7 Ignore ECONNREFUSED from audit_log_user_command() which will 
occur if auditd is not running.
 2010-09-21 07:56:16 -04:00
Todd C. Miller
48d7c78330 Cast isblank argument to unsigned char. 2010-09-16 10:39:08 -04:00
Todd C. Miller
b51afe6249 Implement --with-umask-override configure flag. 2010-09-14 17:18:55 -04:00
Todd C. Miller
ed45e68da9 Take MODE_LOGIN_SHELL into account when initially setting reset_home 
instead of special-casing it later.
 2010-09-14 11:44:33 -04:00
Todd C. Miller
53f9cfe062 In login mode, make a copy of the runas user's pw_shell for NewArgv[0] 
because 1) we modify it and 2) it will runas_pw gets freed before exec.
 2010-09-14 11:30:28 -04:00
Todd C. Miller
ce942f18c0 Reset HOME for "sudo -i" even if HOME was listed in env_keep. 2010-09-14 11:28:40 -04:00
Todd C. Miller
77eb8cfe5b Use __sun for consistency with the rest of the sources. 2010-09-13 11:49:10 -04:00
Todd C. Miller
4101f2eef0 Quiet a bogus compiler warning. 2010-09-13 11:37:29 -04:00
Todd C. Miller
933c71e9c3 Don't try to delref a NULL group. 2010-09-13 11:08:04 -04:00
Todd C. Miller
4ce8b35cd3 testsudoers depends on libsudoers.la, not sudoreplay 2010-09-11 09:00:06 -04:00
Todd C. Miller
f601085de4 Make "visudo -c -f -" check the standard input. 2010-09-09 17:10:23 -04:00
Todd C. Miller
1b9ca115b7 Make -H flag work when HOME is listed in env_keep. Also makes 
"set_home" and "always_set_home" override override HOME in env_keep.
 2010-09-09 16:16:39 -04:00