isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,678 Commits 1 Branch 0 Tags
b3fdb26c41e9ca5146414525ac0b8a8c901b5222
Commit Graph

1967 Commits

Author SHA1 Message Date
Todd C. Miller
f09bbcb6bb Protect call to setlocale() with HAVE_SETLOCALE 2011-01-05 16:27:44 -05:00
Todd C. Miller
b92b745eaf Fix NULL dereference with "sudo -g group" when the sudoers rule has 
no runas user or group listed.  Fixes RedHat bug Bug 667103.
 2011-01-04 12:44:39 -05:00
Todd C. Miller
b76c798856 Reset slashp if we allocate a new buffer for strftime() 2010-12-31 10:55:49 -05:00
Todd C. Miller
1bb3518b33 Add extra out parameter to expand_iolog_path() to allow the caller 
to split the path into dir and file components if needed.
 2010-12-31 09:55:40 -05:00
Todd C. Miller
755e3ef0ab mkdir_iopath() returns size_t now that it uses strlcpy() and not snprintf() 2010-12-30 18:08:09 -05:00
Todd C. Miller
7f580397e2 Trim leading slashes from iolog_file and trailing slashes from iolog_dir 2010-12-30 18:05:53 -05:00
Todd C. Miller
25036d7a75 Pass a single I/O log file name in command_details instead of 
separate dir + file parameters.
 2010-12-30 17:09:01 -05:00
Todd C. Miller
2fb085dfac change an error() to errorx() 2010-12-30 17:02:43 -05:00
Todd C. Miller
83de9e28f1 Add missing cwd line to I/O log info file that got dropped when 
iolog_deserialize_info() was added
 2010-12-30 17:01:41 -05:00
Todd C. Miller
fec059a890 Avoid relying on globals filled in by the sudoers policy module for 
the sudoers I/O log module.  The I/O log open function now pulls the
bits it needs out of user_info and command_info.
 2010-12-29 17:32:04 -05:00
Todd C. Miller
97b7ae8892 If no iolog file is specified by the policy plugin, use io_nextid() 
to determine the next file in the sequence.
 2010-12-29 11:07:45 -05:00
Todd C. Miller
02ed3d5b3e Add support for the iolog_compress variable in command_info. 2010-12-28 12:23:18 -05:00
Todd C. Miller
bff14f60e6 Add sigsetjmp() calls to all plugin entry points just to be safe. 2010-12-28 11:02:12 -05:00
Todd C. Miller
36d8fbb900 Fix typo 2010-12-27 13:49:06 -05:00
Todd C. Miller
4c1aecd48f Only use mkdtemp() if the path ends in at least 6 Xs since otherwise 
glibc mkdtemp() returns EINVAL.
 2010-12-27 12:32:28 -05:00
Todd C. Miller
fba58fa3f7 Allow sudoers to specify the iolog file in addition to the iolog dir. 
Add escape sequence support to iolog file and dir: sequence number,
    user, group, runas_user, runas_group, hostname and command in
    addition to any escape sequence recognized by strftime(3).
 2010-12-27 12:18:32 -05:00
Todd C. Miller
524021a377 Add missing sigsetjmp() call in I/O plugin open function. 
Fixes a crash when the I/O plugin calls error(), errorx() or log_error().
 2010-12-27 11:24:47 -05:00
Todd C. Miller
5d59c10b95 Give the policy module fine-grained control over what the I/O plugin 
logs.
 2010-12-21 17:43:18 -05:00
Todd C. Miller
93e9635842 Pick last match in LDAP sudoers too 2010-12-20 16:37:44 -05:00
Todd C. Miller
a10f216797 Adapt plugins to version I/O logging ABI 1.1 2010-12-20 16:28:20 -05:00
Todd C. Miller
b2a6984606 Make I/O log dir configurable. 2010-12-10 14:14:35 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
7e59d4c5c8 Make sure we don't dereference a NULL handle. 2010-11-30 11:59:28 -05:00
Todd C. Miller
8f4b215216 create_admin_success_flag() should use restore_perms() rather than 
set_perms() to restore the uid.
 2010-11-23 07:34:22 -05:00
Todd C. Miller
70cf50fd20 In sudoedit mode, assume command line arguments are paths and 
pass FNM_PATHNAME to fnmatch().
 2010-11-22 10:27:29 -05:00
Todd C. Miller
5a0f2164ef Avoid conflicts with system definitions in grp.h and pwd.h 2010-11-20 10:33:23 -05:00
Todd C. Miller
51f401fa34 Add prototype for cleanup() 2010-11-19 12:58:03 -05:00
Todd C. Miller
c73306983c Avoid deferencing group_plugin if it is NULL in group_plugin_query(). 
This should not happen.
 2010-11-18 17:09:57 -05:00
Todd C. Miller
4b2fb225c0 group plugin init function return TRUE when successful 2010-11-18 17:06:52 -05:00
Todd C. Miller
ef5f73a49f Enlarge the array of entry wrappers int blocks of 100 entries to 
save on allocation time.  From Andreas Mueller
 2010-11-17 18:56:52 -05:00
Todd C. Miller
f9353d95ca Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2() 
that was mistakenly dropped.
 2010-11-17 07:31:07 -05:00
Todd C. Miller
8940f361ea Merge in ordered LDAP entry support from Andreas Mueller 
and add local changes from the 1.7 branch.
 2010-11-14 13:22:38 -05:00
Todd C. Miller
2b0fca31c0 Add timed entry support from Andreas Mueller. 2010-11-12 15:26:35 -05:00
Todd C. Miller
82453cfdec Don't try to unload if group_plugin is NULL. 
Don't call dlclose() if group_handle is NULL
 2010-11-12 13:14:35 -05:00
Todd C. Miller
26d71ded7b It is now plugin_cleanup(), not cleanup() 2010-11-12 13:03:28 -05:00
Todd C. Miller
5536ea49f6 Call plugin_cleanup(), not cleanup() 2010-11-12 13:02:15 -05:00
Todd C. Miller
8597c39194 Use efree() not free() and remove malloc.h include since we never 
directly call malloc() or free().
 2010-11-11 16:10:57 -05:00
Todd C. Miller
47323843a5 Give up on using VPATH to find sources as it is implemented inconsistenly 
in different versions of make.
 2010-11-09 10:27:02 -05:00
Todd C. Miller
39d1167f33 Include config.h before any other includes to make sure we get the 
right value for _FILE_OFFSET_BITS.
 2010-11-09 08:55:55 -05:00
Todd C. Miller
452d8765b2 Zero out group_plugin on unload just to be safe. 2010-11-08 17:48:05 -05:00
Todd C. Miller
da35e5f42f Unload group plugin if its init function fails. 2010-11-08 17:44:32 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
c615ca742a Use INADDR_NONE instead of casting -1 to in_addr_t (which may not exist). 2010-10-12 10:31:21 -04:00
Todd C. Miller
1e01f2b7ac Quiet an HP-UX compiler warning. 2010-10-12 09:23:52 -04:00
Todd C. Miller
86a4a5232f Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to 
include the local or system dlfcn.h
 2010-10-11 17:39:51 -04:00
Todd C. Miller
06b0aa1185 Fix pasto; AF_INET not AF_INET6 2010-10-11 15:43:59 -04:00
Todd C. Miller
6a52054147 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful 
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.
 2010-10-11 09:12:23 -04:00
Todd C. Miller
751f597b2b Make this compile correctly when no dlopen is available. 2010-10-11 09:10:10 -04:00
Todd C. Miller
66ea399856 Having a timestamp file defined is no longer indicative of tty tickets 
being enabled.  Check def_tty_tickets directly.
 2010-10-07 14:12:17 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00