isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,678 Commits 1 Branch 0 Tags
b3fdb26c41e9ca5146414525ac0b8a8c901b5222
Commit Graph

1967 Commits

Author SHA1 Message Date
Todd C. Miller
60ea106cc4 Add missing return when user is not found in sudo_sss_result_get(). 
Previously we fell through to the default case which just logged a
debug message and returned so this just avoids the extra (generic)
debug message.
 2016-01-27 09:20:04 -07:00
Todd C. Miller
a6886d2345 Add check for I/O log file handle being NULL. This could only 
happen if the front-end calls iolog_open with argc == 0 but actually
runs a command.
 2016-01-25 16:18:22 -07:00
Todd C. Miller
c28f59271a Additional debugging for pwutil functions. 2016-01-22 17:04:59 -07:00
Todd C. Miller
578be4f39c Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin. 2016-01-22 11:22:58 -07:00
Todd C. Miller
7ed519125e Set sudoedit_checkdir=false in command_details when it is disabled 
in sudoers.
 2016-01-20 15:51:43 -07:00
Todd C. Miller
f4e5b135bb Update copyright year 2016-01-20 15:40:51 -07:00
Todd C. Miller
5dae4d3f35 regen 2016-01-19 15:23:07 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
9d7bc0311f Use asprintf() to generate the netgroup filter instead of using 
lots of concatenation.
 2016-01-12 14:29:09 -07:00
Todd C. Miller
55fdf66c1d In sudo_netgroup_lookup() only build up the search filter once 
instead of once per netgroup_base.
 2016-01-11 16:35:05 -07:00
Todd C. Miller
7c454656d5 It is safe to pass ldap_msgfree() a NULL pointer. 2016-01-11 16:24:22 -07:00
Todd C. Miller
ae5a2f4072 On overflow, warn before freeing anything. 2016-01-11 16:23:19 -07:00
Todd C. Miller
0f991ff78b Use user_runhost and user_srunhost instead of user_host and user_shost. 
Fixes "sudo -l -h other_host" for LDAP and sssd.
 2016-01-11 15:54:02 -07:00
Todd C. Miller
089b468de7 Silence warning in digest_matches() on systems with no fexecve(2). 2016-01-11 16:55:52 -07:00
Todd C. Miller
9308d05e7e Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:52:52 -07:00
Todd C. Miller
14b454cc0d Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:44:05 -07:00
Todd C. Miller
8ed9f6172a Update description of sudoedit_checkdir. Reported by Sander Bos. 2016-01-11 15:09:08 -07:00
Todd C. Miller
39db87e62b sync with translationproject.org 2016-01-04 10:47:11 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
330a209695 Fix compilation with --disable-shared 2015-12-24 08:26:26 -07:00
Todd C. Miller
ad1068c1ee Actually use the plugin_dir Path setting in sudo.conf. 2015-12-18 14:05:02 -07:00
Todd C. Miller
290dafda3b Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas 2015-12-10 17:14:56 -07:00
Todd C. Miller
d46d0fbc6f When parsing sudoOptions that include an operator (!, +, +=, -=) 
strip out any whitespace on either side of the operator.
 2015-12-09 14:57:33 -07:00
Todd C. Miller
e2add4ae20 Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. 2015-12-08 15:06:00 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
604d350344 Use size_t for length parameters in the fill functions used by the 
lexer.
 2015-11-22 09:22:38 -07:00
Todd C. Miller
90e6bf3180 Use yy_size_t for digest_len since newer flex uses yy_size_t for 
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.
 2015-11-22 09:19:12 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00
Todd C. Miller
9c0354730a When preserving variables from the invoking user's environment, if 
there are duplicates only keep the first instance.
 2015-11-20 09:55:18 -07:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
c6dad0001d Avoid compilation error on Solaris 10 with Stun Studio 12. 
Bug #727
 2015-11-01 15:08:50 -07:00
Todd C. Miller
c752d91a3c sync with translationproject.org 2015-10-31 17:33:51 -06:00
Todd C. Miller
a012fba17e sync with translationproject.org 2015-10-30 10:20:47 -06:00
Todd C. Miller
202dd1ccf5 regen 2015-10-24 06:27:55 -06:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
2afb2f2048 Repair challenge/response prompting for BSD authentication which 
got broken while it was converted to use the conversation function.
 2015-10-06 15:00:47 -06:00
Todd C. Miller
2ecda6d65c Use the auth_getpass (and the plugin conversation fuction) for Tru64 
SIA.  This prevents sudo from sleeping while holding the tty ticket
lock.
 2015-10-06 10:25:53 -06:00
Todd C. Miller
588460405f For env_reset, SHELL should be set based on the target user, not 
the invoking user unless preserved via env_keep.
 2015-10-06 10:25:43 -06:00
Todd C. Miller
e21a5a1cf2 sync with translationproject.org 2015-10-06 09:33:27 -06:00
Todd C. Miller
4c7431ecb4 Add new Slovak and Hungarian translations from translationproject.org 2015-10-05 06:03:42 -06:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
3f883a80a5 rebuild .mo files 2015-09-30 14:04:39 -06:00
Todd C. Miller
f98b2b260b sync with translationproject.org 2015-09-30 14:04:17 -06:00
Todd C. Miller
29a3fcd06c If some, but not all, of the LOGNAME, USER or USERNAME environment 
variables have been preserved from the invoking user's environment,
sudo will now use the preserved value to set the remaining variables
instead of using the runas user.  This ensures that if, for example,
only LOGNAME is present in the env_keep list, that sudo will not
set USER and USERNAME to the runas user.
 2015-09-25 11:15:22 -06:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
118680eabf Cast sizeof(entry) to off_t before making it a negative offset for 
lseek().  Fixes "sudo -k" on Solaris and probably others.
 2015-09-24 10:52:44 -06:00
Todd C. Miller
80673750cf sync with translationproject.org 2015-09-21 15:18:04 -06:00