isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,667 Commits 1 Branch 0 Tags
b6d0a28efb4afbb5b15a9c6fb125430fb4173860
Commit Graph

67 Commits

Author SHA1 Message Date
Todd C. Miller
b6d0a28efb Load plugins after parsing arguments and potentially printing the 
version.  That way, an error loading or initializing a plugin doesn't
break "sudo -h" or "sudo -V".
 2011-04-06 17:51:36 -04:00
Todd C. Miller
e07ca146d1 Print sudo version early, in case policy plugin init fails. 2011-03-25 09:58:08 -04:00
Todd C. Miller
3506f01077 Add support for controlling whether utmp is updated and which user is 
listed in the entry.
 2011-03-15 15:53:49 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
7debf44742 Move noexec path into sudo.conf now that sudo itself handles noexec. 
Currently can be configured in sudoers too but is now undocumented
and will be removed in a future release.
 2011-03-10 16:12:33 -05:00
Todd C. Miller
a092d2fdcf Move noexec handling to sudo front-end where it is documented as being. 2011-03-10 15:11:49 -05:00
Todd C. Miller
c7a7d31905 Add support for disabling exec via solaris privileges. 
Includes preparation for moving noexec support out of sudoers
and into front end as documented.
 2011-03-10 14:24:10 -05:00
Todd C. Miller
fc38481663 Perform command escaping for "sudo -s" and "sudo -i" after validating 
sudoers so the sudoers entries don't need to have all the backslashes.
 2011-01-25 09:53:57 -05:00
Todd C. Miller
5966b67dda Don't need iolog variables in struct command_details, they are for 
the I/O log plugins to handle.
 2010-12-28 10:50:45 -05:00
Todd C. Miller
c1a22ff152 Add remaining plugin convenience functions 2010-12-20 16:26:30 -05:00
Todd C. Miller
9948dae706 Change I/O log API to pass in command info to the I/O log open function. 
Add iolog_file and iolog_dir parameters to command info.
This allows the policy plugin to specify the I/O log pathname.
Add convenience functions for calling plugin functions that
handle ABI backwards compatibility.
 2010-12-20 16:20:11 -05:00
Todd C. Miller
4527bdd9b4 Use %u to print uid/gid, not %lu and adjust casts to match. 2010-11-30 15:21:36 -05:00
Todd C. Miller
d0d0e1b9f5 exec_setup() does not need to setuid(0), the Ubuntu issue was in 
the sudoers module.
 2010-11-23 07:35:27 -05:00
Todd C. Miller
d39747e6a5 In exec_setup() call setuid(0) to make certain the subsequent 
uid and gid changes will succeed.  Fixes a problem on Ubuntu.
 2010-11-23 07:26:21 -05:00
Todd C. Miller
01dcbfce70 Only chdir to cwd if it is different from the current cwd or there 
is a new root (chroot).
 2010-11-08 16:40:11 -05:00
Todd C. Miller
93d2420de9 Fix complilation on systems with set_auth_parameters() 
Sprinkle volatile to quiet warnings from gcc 2.8.0
 2010-10-12 10:47:16 -04:00
Todd C. Miller
6b4fe798d5 Move set_project() from sudoers module into sudo proper. 2010-10-01 13:52:42 -04:00
Todd C. Miller
ece29bdea1 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK. 2010-09-14 09:25:52 -04:00
Todd C. Miller
01c7840dc5 Reset signal mask at sudo startup time; we need to be able to rely on 
normal signal delivery to control the child process.
 2010-09-14 09:23:19 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
006427345c Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() 
did not do it for us.  Fixes a bash script problem on SuSE with RLIMIT_NPROC
set to RLIM_INFINITY.
 2010-07-16 14:05:03 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
4fb8a83e6f Fix -A flag when askpass is specified in sudo.conf or if sudo doesn't need 
to read a password.
 2010-06-15 15:11:10 -04:00
Todd C. Miller
f64bb67c6c Clean up some XXXs 2010-06-15 15:01:11 -04:00
Todd C. Miller
c2f8d24f20 Check for dup2() failure. 2010-06-15 09:02:23 -04:00
Todd C. Miller
a28a4764e6 Print configure args with verbose version information. 2010-06-11 10:53:44 -04:00
Todd C. Miller
879d01796c Print sudo version as well. 2010-06-10 14:25:25 -04:00
Todd C. Miller
34613c8465 Use a flag bit in struct command_details for selinux instead of a separate 
field.
 2010-06-09 16:25:44 -04:00
Todd C. Miller
4c1ef12648 Implement background mode. If I/O logging we use pipes instead of a pty. 2010-06-09 16:19:45 -04:00
Todd C. Miller
edd34a2d7e Add selinux_enabled flag into struct command_details and 
set it in command_info_to_details().
Return an error from selinux_setup() instead of exiting.
Call selinux_setup() from exec_setup().
 2010-06-08 17:59:18 -04:00
Todd C. Miller
2b8fc46e2c Fix symbol name conflict with sudo_printf. 2010-06-02 11:10:04 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
9773ba3f79 Rename script_execve to sudo_execve and rename script_foo in exec.c 2010-05-27 16:46:31 -04:00
Todd C. Miller
f8f82ffa8e Rename script_setup() to pty_setup() and call from script_execve() 
directly.
 2010-05-27 16:29:48 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
20c125297f Avoid possible malloc(0) if plugin returns an empty groups list. 2010-05-20 17:10:16 -04:00
Todd C. Miller
9360e67a3d Add debugging info when calling plugin close function 2010-05-20 17:01:53 -04:00
Todd C. Miller
55ef027d88 Add argc and argv to I/O logger open function. 2010-05-17 10:38:56 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
3ac9aee52e If plugin sets "sudoedit=true" in the command info, enable 
sudoedit mode even if not invoked as sudoedit.  This allows
a plugin to enable sudoedit when the user runs an editor.
 2010-05-16 19:27:04 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
f19be6da31 Handle plugin's open function returning -2 (usage error). 2010-04-13 09:36:43 -04:00
Todd C. Miller
0494774f30 Call the I/O log open function before the I/O version function. 2010-04-11 17:13:11 -04:00
Todd C. Miller
44341c9c15 Main sudo should not block signals; the plugin should do this in 
check_policy.
 2010-04-01 06:35:19 -04:00
Todd C. Miller
e17f1e5cbd Delay calling the I/O plugin open function until the policy plugin 
returns success.
 2010-03-28 08:41:06 -04:00
Todd C. Miller
43ea59f64f Fix iteration over runas_groups list. 2010-03-22 18:08:17 -04:00