isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,806 Commits 1 Branch 0 Tags
b124635b04b83432b0b3d17f58f6993121026d5d
Commit Graph

121 Commits

Author SHA1 Message Date
Todd C. Miller
b124635b04 Instead of keeping separate groups and gids arrays, create struct 
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups.  We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
 2011-07-20 11:58:45 -04:00
Todd C. Miller
6d8788a6cd Do not shadow global sudo_mode with a local variable in set_cmnd() 2011-07-18 16:23:38 -04:00
Todd C. Miller
54bf162e60 bash 2.x doesd not support the -l flag and exits with an error if 
it is specified so use --login instead.  This causes an error with
bash 1.x (which uses -login instead) but this version is hopefully
less used than 2.x.
 2011-07-17 10:37:15 -04:00
Todd C. Miller
56321ec778 Resolve the list of gids passed in from the sudo frontend (the 
result of getgroups()) to names and store both the group names and
ids in the sudo_user struct.  When matching groups in the sudoers
file, match based on the names in the groups list first and
only do a gid-based match when we absolutely have to.  By matching
on the group name (as it is listed in sudoers) instead of id
(which we would have to resolve) we save a lot of group lookups
for sudoers files with a lot of groups in them.
 2011-07-01 14:13:47 -04:00
Todd C. Miller
20972da410 Workaround for "sudo -i command" and newer versions of bash which 
don't go into login mode when -c is specified unless -l is too.
 2011-06-26 18:02:09 -04:00
Todd C. Miller
39be82e32f Set use_pty=true in command details when use_pty is set in sudoers. 
From Ludwig Nussel
 2011-06-22 10:06:35 -04:00
Todd C. Miller
67e8e56534 Set def_preserve_groups before searching for the command when the -P 
flag is specified.
 2011-05-26 12:52:59 -04:00
Todd C. Miller
bf7e7b5752 Add gettext.h convenience header. This is similar to but distinct from 
the one included with the gettext package.
 2011-05-20 11:48:17 -04:00
Todd C. Miller
42a3966a88 Minor warning/error cleanup 2011-05-18 13:44:36 -04:00
Todd C. Miller
6f8cd91928 can't -> "unable to" in warning/error messages 2011-05-18 12:36:26 -04:00
Todd C. Miller
c3a259f5ee Add calls to bindtextdomain() and textdomain() 
Currently there are two domains, one for the sudo front-end and
one for the sudoers plugin and its associated utilities.
 2011-05-17 16:38:40 -04:00
Todd C. Miller
b643b190a7 Prepare sudoers module messages for translation. 2011-05-16 16:32:05 -04:00
Todd C. Miller
24a087709a Only check gid of sudoers file if it is group-readable. 2011-05-16 12:19:07 -04:00
Todd C. Miller
f1078bd28e Keep track of sudoers grammar version and report it in the -V output. 2011-04-05 11:47:31 -04:00
Todd C. Miller
33516ed826 user_shell -> run_shell to avoid confusion with the user's SHELL variable. 2011-03-18 10:23:35 -04:00
Todd C. Miller
3506f01077 Add support for controlling whether utmp is updated and which user is 
listed in the entry.
 2011-03-15 15:53:49 -04:00
Todd C. Miller
cde2cb00f0 Add "user_shell" boolean as a way to indicate to the plugin that 
the -s flag was given.
 2011-03-11 15:02:13 -05:00
Todd C. Miller
383aef00b1 Log the TSID even if it is not a simple session ID. 2011-03-11 12:11:05 -05:00
Todd C. Miller
a092d2fdcf Move noexec handling to sudo front-end where it is documented as being. 2011-03-10 15:11:49 -05:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
d6252de205 Fix return value of "sudo -l command" when command is not allowed, broken 
in [c7097ea22111].  The default return value is now TRUE and a bad:
label is used when permission is denied.  Also fixed missing permissions
restoration on certain errors.  On error()/errorx(), the password and
group files are now closed before returning.
 2011-03-08 09:38:21 -05:00
Todd C. Miller
47968912a2 Fix passing of login class back to sudo front end. 2011-03-07 16:55:08 -05:00
Todd C. Miller
e65bc35c6d Fix exit value for validate and list mode. 2011-03-06 15:52:40 -05:00
Todd C. Miller
a0ba308694 Fix non-interactive mode with sudoers plugin. 2011-03-06 15:38:02 -05:00
Todd C. Miller
3c0672e2e3 Allow sudoers file name, mode, uid and gid to be specified in the 
settings list.  The sudo front end does not currently set these
but may in the future.
 2011-02-23 13:38:52 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
3316ac8ebc Do not reject sudoers file just because it is root-writable. 2011-01-24 14:25:51 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
e7a4529cf8 Fix "sudo -g" support in the sudoers module. 2011-01-11 10:42:01 -05:00
Todd C. Miller
1bb3518b33 Add extra out parameter to expand_iolog_path() to allow the caller 
to split the path into dir and file components if needed.
 2010-12-31 09:55:40 -05:00
Todd C. Miller
25036d7a75 Pass a single I/O log file name in command_details instead of 
separate dir + file parameters.
 2010-12-30 17:09:01 -05:00
Todd C. Miller
97b7ae8892 If no iolog file is specified by the policy plugin, use io_nextid() 
to determine the next file in the sequence.
 2010-12-29 11:07:45 -05:00
Todd C. Miller
02ed3d5b3e Add support for the iolog_compress variable in command_info. 2010-12-28 12:23:18 -05:00
Todd C. Miller
bff14f60e6 Add sigsetjmp() calls to all plugin entry points just to be safe. 2010-12-28 11:02:12 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
53f9cfe062 In login mode, make a copy of the runas user's pw_shell for NewArgv[0] 
because 1) we modify it and 2) it will runas_pw gets freed before exec.
 2010-09-14 11:30:28 -04:00
Todd C. Miller
e069b74dc8 Convert sudoers plugin to use interface list passed in settings. 2010-09-08 15:07:40 -04:00
Todd C. Miller
1d37ab560a Always fill in NewArgv for audit code. 2010-09-07 17:59:10 -04:00
Todd C. Miller
e7d56e16e2 Do not set both MODE_EDIT and MODE_RUN 2010-09-04 08:41:42 -04:00
Todd C. Miller
256ee25ab5 Move get_auth() into check.c where it is actually used. 2010-08-21 08:48:35 -04:00
Todd C. Miller
129cf8d992 sudoers.h includes sudo_plugin.h for us 2010-08-10 16:36:54 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00