isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,678 Commits 1 Branch 0 Tags
b3fdb26c41e9ca5146414525ac0b8a8c901b5222
Commit Graph

83 Commits

Author SHA1 Message Date
Todd C. Miller
9b027676c0 Use the value of ipa_hostname from /etc/sssd/sssd.conf if present 
instead of the system hostname.
 2016-06-04 19:52:10 -06:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
8f75f65bba Only redefine _PATH_BSHELL on AIX if we included paths.h. 2014-09-20 10:16:46 -06:00
Todd C. Miller
7ab40be5c0 On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh 
(which is usually ksh).  This makes sudo's behavior when executing
a shell without the #! magic number match execvp() on AIX.
 2014-09-20 09:21:51 -06:00
Todd C. Miller
d4d724b886 Whitespace changes. 2014-09-20 09:09:01 -06:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00
Todd C. Miller
5e6bc4017b Add check for _PATH_UTMP 2011-03-15 11:56:49 -04:00
Todd C. Miller
258a26d391 Add missing include of maillock.h for Solaris 2010-07-22 18:44:48 -04:00
Todd C. Miller
69ecb34581 If env_reset is enabled, set the MAIL environment variable based 
on the target user unless MAIL is explicitly preserved in sudoers.
 2010-07-19 12:50:59 -04:00
Todd C. Miller
5b9e39ac87 Use _PATH_STDPATH instead of _PATH_DEFPATH 2010-07-12 18:07:52 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
2dd29bf64d Break sudoers transcript feature up into log_input and log_output. 2010-05-30 10:31:38 -04:00
Todd C. Miller
b6a4cf7233 Modular sudo front-end which loads policy and I/O plugins that do 
most the actual work.  Currently relies on dynamic loading using
dlopen().  See doc/plugin.pod for the plugin API.
 2010-02-20 09:41:49 -05:00
Todd C. Miller
3bb69ffe81 Remove CVS $Sudo$ tags. 2010-01-17 19:51:28 -05:00
Todd C. Miller
0e823cdad2 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT 
Add --enable-transcript=DIR option to specify the directory
 2009-09-25 20:39:09 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
838cb61086 Add support for AIX netsvc.conf (like nsswitch.conf). 2009-03-10 20:44:05 +00:00
Todd C. Miller
43c98580fc s/overriden/overridden/; from Tobias Stoeckmann 2008-11-10 13:07:38 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
e0ac56ae6f add _PATH_LDAP_SECRET 2005-06-26 22:36:51 +00:00
Todd C. Miller
74c19b024a Add _PATH_DEVNULL for those without it. 2004-12-16 18:25:54 +00:00
Todd C. Miller
b99ad3ee2b Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have multiple 
sudoers files.
 2004-09-28 18:29:05 +00:00
Todd C. Miller
5431e1451c _PATH_DEV_SYSTRACE 2004-09-24 00:15:13 +00:00
Aaron Spangler
2ceb87bc56 Allow --with-ldap-conf-file option to override LDAP_CONF 2004-08-27 03:44:35 +00:00
Todd C. Miller
4467a95f43 No longer use /tmp/.odus as a possible timestamp dir unless specifically 
configured to do so.  Instead, if no /var/run exists, use /var/adm/sudo
or /usr/adm/sudo.
 2004-05-17 20:28:54 +00:00
Todd C. Miller
3a2282c927 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
cc7cfa707e Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP 2004-01-21 21:58:24 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
626e2cd209 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. 
The default value of noexec_file is set to this.
 2004-01-05 03:58:39 +00:00
Todd C. Miller
58596112cc add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
47dff37185 o Update copyright year 2001-12-14 19:54:56 +00:00
Todd C. Miller
2cbd965d63 o Remove assumption that PATH and TERM are not listed in env_keep 
o If no PATH is in the environment use a default value
o If TERM is not set in the non-reset case also give it a default
  value.
 2001-12-14 06:24:26 +00:00
Todd C. Miller
be8422eedf _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on 
systems that define  in paths.h
 2001-12-14 06:17:35 +00:00
Todd C. Miller
145992dce2 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file 
o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
 1999-08-06 09:37:03 +00:00
Todd C. Miller
0d732401f4 add 4th term to license similar to term 5 in the apache license 1999-07-31 16:19:50 +00:00
Todd C. Miller
be40509eb7 BSD-style copyright 1999-07-22 12:52:06 +00:00
Todd C. Miller
e6deacb6c4 Crank version to 1.6 and combine copyright statements 1999-04-05 20:57:25 +00:00
Todd C. Miller
79c46d1c81 ++version 1999-03-29 04:05:15 +00:00
Todd C. Miller
52916f16ac add explicate copyright 1999-02-03 04:32:19 +00:00
Todd C. Miller
826fe213f2 add sudo tags 1999-01-17 23:16:20 +00:00
Todd C. Miller
d3aaf52283 crank version and regen files 1999-01-17 22:40:55 +00:00
Todd C. Miller
699272e312 convert to pathnames.h.in 1998-09-20 23:10:04 +00:00