isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,892 Commits 1 Branch 0 Tags
b743b77a0d1a8742b43bf72f74ea8fd00d1752be
Commit Graph

618 Commits

Author SHA1 Message Date
Todd C. Miller
b743b77a0d Better warning message on setuid() failure for the setreuid() 
version of set_perms().
 2011-10-04 11:13:28 -04:00
Todd C. Miller
45ad681cd6 Delref auth_pw at the end of check_user() instead of getting a ref 
twice.
 2011-09-27 16:21:21 -04:00
Todd C. Miller
1e93d1fbb6 Make sudo_auth_{init,cleanup} return TRUE on success and check for 
sudo_auth_init() return value in check_user().
 2011-09-27 15:41:22 -04:00
Todd C. Miller
4540a7525e Do not return without restoring permissions. 2011-09-27 15:22:08 -04:00
Todd C. Miller
de684e5d2c regen pot files 2011-09-27 14:07:18 -04:00
Todd C. Miller
bceb5df158 Modify the authentication API such that the init and cleanup functions 
are always called, regardless of whether or not we are going to
verify a password.  This is needed for proper PAM session support.
 2011-09-27 13:18:46 -04:00
Todd C. Miller
c21595044d Add missing dependency for getspwuid.lo and regen other depends. 2011-09-27 13:15:48 -04:00
Todd C. Miller
c5f8dc95c6 Fix a PAM_USER mismatch in session open/close. We update PAM_USER 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
 2011-09-27 11:13:44 -04:00
Todd C. Miller
05bfd66693 If the invoking user cannot be resolved by uid fake the struct 
passwd and store it in the cache so we can delref it on exit.
 2011-09-25 06:35:40 -04:00
Todd C. Miller
842526d71f Don't error out if the group plugin cannot be loaded, just warn. 2011-09-24 10:24:40 -04:00
Todd C. Miller
0775147894 Quiet a false positive found by several static analysis tools. 
These tools don't know that log_error() does not return (it longjmps
to error_jmp which returns to the sudo front-end).
 2011-09-23 19:37:21 -04:00
Todd C. Miller
6028afae83 Add Italian translation for sudo from translationproject.org 
Regen .mo files
 2011-09-22 14:56:43 -04:00
Todd C. Miller
de33689ae6 Make "verbose" static; fixes a namespace clash with pam_ssh_agent_auth 
(and it doesn't need to be extern these days).
 2011-09-21 10:15:13 -04:00
Todd C. Miller
32c1ae8f7e Update po files from translationproject.org 2011-09-20 14:57:43 -04:00
Todd C. Miller
3bcc9048c3 Add support for DEREF in ldap.conf. 2011-09-16 16:50:04 -04:00
Todd C. Miller
fd2d709bd2 Fix a crash in make_grlist_item() on 64-bit machines with strict 
alignment.
 2011-09-16 09:05:37 -04:00
Todd C. Miller
cab1968da2 Remove list_options() function that is no longer used now that "sudo 
-L" is gone.
 2011-09-16 09:05:17 -04:00
Todd C. Miller
dacb1e47f3 Honor NOPASSWD tag for denied commands too. 2011-09-09 09:57:39 -04:00
Todd C. Miller
f730cb7873 Assume all modern systems support fstat(2). 2011-08-31 11:19:10 -04:00
Todd C. Miller
47af0fc2b8 Add configure test for missing errno declaration and only 
declare it ourselves if it is missing.
 2011-08-30 10:05:30 -04:00
Todd C. Miller
55896f636e Include errno.h before sudo.h to avoid conflicting with the system 
definition of errno.
 2011-08-30 09:46:12 -04:00
Todd C. Miller
0cd4648093 Only print individual check status when there is a failure. 2011-08-29 14:53:47 -04:00
Todd C. Miller
f478f84066 Add calls to setprogname() for test programs. 2011-08-29 14:51:12 -04:00
Todd C. Miller
7945166bb5 Actually run check_addr in the check target 2011-08-29 14:48:09 -04:00
Todd C. Miller
1a259de176 Split out address matching into its own file and add regression 
tests for it.
 2011-08-29 14:10:18 -04:00
Todd C. Miller
a47f005437 When matching an address with a netmask in sudoers, AND the mask 
and addr before checking against the local addresses.
 2011-08-27 12:09:30 -04:00
Todd C. Miller
526a61004d Fix netmask matching. 2011-08-26 16:01:39 -04:00
Todd C. Miller
e3cda80202 Don't assume all editors support the +linenumber command line argument, 
use a whitelist of known good editors.
 2011-08-26 14:03:49 -04:00
Todd C. Miller
d81c14005f Silence compiler warnings on Solaris with gcc 3.4.3 2011-08-23 16:42:18 -04:00
Todd C. Miller
8fb53f5e4b Add new Esperanto translation from translationproject.org 2011-08-22 08:26:50 -04:00
Todd C. Miller
5a13dd2b76 Quiet an innocuous valgrind warning. 2011-08-19 09:32:25 -04:00
Todd C. Miller
bfc84b01f3 Fix expansion of strftime() escapes in log_dir and add a regress test 
that exhibited the problem.
 2011-08-18 13:41:40 -04:00
Todd C. Miller
367b659006 Fix "make check" return value. 2011-08-18 12:09:34 -04:00
Todd C. Miller
a6224a7342 Regen pot files 2011-08-17 11:40:14 -04:00
Todd C. Miller
d56a17165a Also check sudoers gid if sudoers is group writable. 2011-08-13 18:34:37 -04:00
Todd C. Miller
7f4a0d095e Fix loop that calls authenticate(). 
If there was an error message from authenticate(), display it.
 2011-08-12 11:02:53 -04:00
Todd C. Miller
179b34d9eb Rename libsudoers convenience library to libparsesudoers to avoid 
libtool confusion.
 2011-08-11 13:14:44 -04:00
Todd C. Miller
1adef5ec36 Add Danish sudoers translation from translationproject.org 2011-08-10 09:50:52 -04:00
Todd C. Miller
6099e1bc42 Add dedicated callback function for runas_default sudoers setting 
that only sets runas_pw if no runas user or group was specified by
the user.
 2011-08-10 09:02:37 -04:00
Todd C. Miller
aaaa5d05d9 Update Finish, Polish, Russian and Ukrainian translations from 
translationproject.org.
 2011-08-09 14:57:57 -04:00
Todd C. Miller
01ae3d4771 Go back to using a callback for runas_default to keep runas_pw in 
sync.  This is needed to make per-entry runas_default settings work
with LDAP-based sudoers.  Instead of declaring it a callback in
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is
a bit naughty, but avoids requiring stub functions in visudo and
the tests.
 2011-08-09 14:54:42 -04:00
Todd C. Miller
eb09c303a1 Add new Russian sudo translation from translationproject.org 
and rebuild the other translation files.
 2011-07-30 09:35:56 -04:00
Todd C. Miller
4f726ddcd5 Update Finish and Polish translations from translationproject.org 2011-07-29 16:40:29 -04:00
Todd C. Miller
8255ed69b9 Go back to escaping the command args for "sudo -i" and "sudo -s" 
before calling the plugin.  Otherwise, spaces in the command args
are not treated properly.  The sudoers plugin will unescape non-spaces
to make matching easier.
 2011-07-29 10:10:40 -04:00
Todd C. Miller
4f9a93f658 Fix some potential problems found by the clang static analyzer, 
none serious.
 2011-07-28 10:59:37 -04:00
Todd C. Miller
6365c779c0 Updated Ukranian and Chinese (simplified) po files from 
translationproject.org
 2011-07-28 09:08:50 -04:00
Todd C. Miller
bd6ce7ee3a Updated Polish translation from translationproject.org 2011-07-27 14:47:31 -04:00
Todd C. Miller
3606fc4419 Rebuild pot files 2011-07-27 14:23:45 -04:00
Todd C. Miller
35d26ae34f Don't try to audit failure if the runas user does not exist. We don't 
have the user's command at this point so there is nothing to audit.
Add a NULL check in audit_success() and audit_failure() just to be
on the safe side.
 2011-07-27 12:11:33 -04:00
Todd C. Miller
80138c88ba Remove fallback to per-group lookup when matching groups in sudoers. 
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups.  For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
 2011-07-25 09:17:18 -04:00