isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,544 Commits 1 Branch 0 Tags
babf9292df849e2f57bee9eadad04f8b9d66183f
Commit Graph

527 Commits

Author SHA1 Message Date
Todd C. Miller
60b7ac61bf Add Solaris 10 "project" support. From Michael Brantley. 2007-06-19 22:24:51 +00:00
Todd C. Miller
4dcaba90a0 Don't force sudo into the C locale. 2007-06-18 12:57:21 +00:00
Todd C. Miller
7fb914ea0a cleanenv() is no more. 2007-06-11 22:27:43 +00:00
Todd C. Miller
3f2b6b1460 -i is also one of the mutually exclusive options to list it in the 
warning message.  Noted by Chris Pepper.
 2007-04-16 16:13:33 +00:00
Todd C. Miller
c28a289f11 Print sudoers path in -V mode for root. 2006-07-17 12:25:07 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
c7140895af Make a copy of the shell field in the passwd struct for NewArgv to avoid 
a use after free situation after sudo_endpwent() is called.
 2005-11-18 01:38:32 +00:00
Todd C. Miller
b2a32d13c0 Move sudo_end{gr,pw}ent() until just before the exec since they 
free up our cached copy of the passwd structs, including sudo_user
and sudo_runas.  Fixes a use-after-free bug.
 2005-11-11 22:23:08 +00:00
Todd C. Miller
69c627658f Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. 2005-11-11 22:17:59 +00:00
Todd C. Miller
c7ea24f2cc Add explicit cast from mode_t -> u_int in printf to silence warnings on Solaris 2005-04-24 23:24:58 +00:00
Todd C. Miller
f261a99f22 In -l mode, only check local sudoers file if def_ignore_sudoers is not set 
and call LDAP versions from display_privs() and display_cmnd() instead
of directly from main().  Because of this we need to defer closing
the ldap connection until after -l processing has ocurred and we
must pass in the ldap pointer to display_privs() and display_cmnd().
 2005-04-12 01:37:08 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
9efe91fa1e Move initgroups() for -U option into display_privs() so group matching 
in sudoers works correctly.
 2005-03-29 03:33:05 +00:00
Todd C. Miller
6bee8e3770 Just clean the environment once. This assumes that any further 
setenv/putenv will be able to handle the fact that we replaced environ
with our own malloc'd copy but all the implementations I've checked do.
 2005-02-20 16:48:05 +00:00
Todd C. Miller
87a8b5b48b In -i mode, base the value of insert_env()'s dupcheck flag on DID_FOO flags. 
Move checks for $HOME resetting into rebuild_env()
 2005-02-16 04:16:22 +00:00
Todd C. Miller
74894ebf62 Move setting of user_path, user_shell, user_prompt and prev_user 
into init_vars() since user_shell at least is needed there.
 2005-02-13 05:33:59 +00:00
Todd C. Miller
b7068a4138 Fix some printf format mismatches on error. 2005-02-12 23:48:46 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
ab2e7bc267 Instead of zeroing out the environment, just prune out entries 
based on the env_delete and env_check lists.  Base building up
the new environment on the current environment and the variables
we removed initially.
 2005-02-10 04:00:04 +00:00
Todd C. Miller
0b315c10d0 Set locale to "C" if locales are supported, just to be safe. 2005-02-10 03:24:00 +00:00
Todd C. Miller
d27f06b5f1 Alloc an extra slot in NewArgv. Removes the need to malloc an new 
vector if execve() fails.
 2005-02-08 03:50:42 +00:00
Todd C. Miller
9a890467a7 Use execve(2) and wrap the command in sh if we get ENOEXEC. 2005-02-07 04:16:28 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
840d51a160 s/-O/-C/ 2005-01-18 00:41:31 +00:00
Todd C. Miller
dfccf19338 g/c pwcache_init/pwcache_destroy 2005-01-05 19:43:36 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
bb76440b4f sort usage 2004-12-16 19:20:25 +00:00
Todd C. Miller
051a2110a4 Add closefrom sudoers option to start closing at a point other than 3. 
Add closefrom_override sudoers option and -C sudo flag to allow the
user to specify a different closefrom starting point.
 2004-12-16 18:33:49 +00:00
Todd C. Miller
f93cd1e97a Fix last commit. 2004-12-10 02:07:27 +00:00
Todd C. Miller
07d74adfba Make sure stdin, stdout and stderr are open and dup them to /dev/null 
if not.
 2004-12-10 00:26:22 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
7d488657f0 Use TIME_WITH_SYS_TIME 2004-12-03 18:52:28 +00:00
Todd C. Miller
68e54d2c8b Call initgroups() in -U mode so group matches work normally. 2004-11-29 17:52:02 +00:00
Todd C. Miller
5f06b19a6e Add -U option to use in conjunction with -l instead of -u. 
Add support for "sudo -l command" to test a specific command.
 2004-11-24 21:31:51 +00:00
Todd C. Miller
f75a034f06 Set safe_cmnd after sudoers_lookup() if it has not been set. 
Previously it was set by sudo "ALL" in the parser but at that point
the fully-qualified pathname has not yet been found.
 2004-11-24 21:28:55 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
d427384ae4 Set user_ngroups to 0 if getgroups() returns an error. 2004-11-17 00:00:48 +00:00
Todd C. Miller
f7f282ba13 Add configure check for getgroups() 2004-11-16 23:59:56 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid, 
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
 2004-11-15 14:53:05 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that 
set/end the shadow password file too.
 2004-11-15 04:06:16 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
29fc2c9475 Only reset sudo_user.pw based on SUDO_USER environment variables for 
real commands and sudoedit.  This avoids a confusing message when a
user tries "sudo -l" or "sudo -v" and is denied.
 2004-10-27 16:16:23 +00:00
Todd C. Miller
efbc9997a1 Update for new parse. We now call find_path() *after* we have updated 
the global defaults based on sudoers.  Also adds support for listing
other user's privs if you are root.
 2004-10-26 22:22:46 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
8a33025986 Use __attribute__((__noreturn__)) 2004-09-30 17:55:21 +00:00