isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,616 Commits 1 Branch 0 Tags
c0f149b5331d1f9ed4bedc1b64c6805e47c62715
Commit Graph

534 Commits

Author SHA1 Message Date
Todd C. Miller
3bb69ffe81 Remove CVS $Sudo$ tags. 2010-01-17 19:51:28 -05:00
Todd C. Miller
d20335136b Better split of membership vs. traditional group check in user_in_group(). 
Allow user_ngroups to be < 0 if getgroups() fails.
 2009-12-13 22:24:34 +00:00
Todd C. Miller
b8239bb34c Add support for mbr_check_membership() as present in darwin. 2009-12-12 15:37:52 +00:00
Todd C. Miller
8b48ab71e4 Allow the -u flag to be used in conjunction with the -v flag as per 
older versions of sudo.
 2009-12-09 16:19:30 +00:00
Todd C. Miller
a86896a1c7 Don't exit() from open_sudoers, just return NULL for all errors. 2009-11-22 16:12:38 +00:00
Todd C. Miller
dcf6602daa Use a socketpair to pass signals from parent to child. Child will 
now pass command status change info back via the socketpair.  This
allows the parent to distinguish between signals it has been sent
directly and signals the command has received.  It also means the
parent can once again print the signal notifications to the tty so
all writes to the pty master occur in the parent.  The command is
now always started in background mode with tty signals handled
by the parent.
 2009-11-15 21:42:17 +00:00
Todd C. Miller
7281ad3bc0 if neither stdin nor stdout is a tty, check stderr 2009-10-18 15:38:06 +00:00
Todd C. Miller
7d19478501 First cut at refactoring some of the selinux code so it can be used 
in conjunction with sudo's transcript support.
 2009-09-27 13:03:56 +00:00
Todd C. Miller
8a6dcebd8a Hook up --disable-transcript and --enable-transcript=DIR 2009-09-26 15:34:46 +00:00
Todd C. Miller
927e98e29f Rename script -> transcript 2009-09-06 13:28:36 +00:00
Todd C. Miller
f80fa34e74 Only set the session id if we are running a command or editing a file. 2009-09-03 23:26:05 +00:00
Todd C. Miller
c57b8bb7b3 Move the code to dup2 the script fds to low numbered descriptors into 
script_duplow() and fix the fd sorting.
 2009-09-03 10:36:02 +00:00
Todd C. Miller
ad9ab8dab2 Move script_setup() back to immediately before we drop privs and 
call the new script_nextid() in its place, which will set
sudo_user.sessid for the logging functions.
 2009-09-03 10:21:18 +00:00
Todd C. Miller
6184eb9461 Log the session ID, if there is one. Currently logs ID=XXXXXX, perhaps 
should be SESSIONID or SESSID.
 2009-08-30 15:18:50 +00:00
Todd C. Miller
0ab5c31ee0 Add protos for term_* to sudo.h 2009-08-08 12:56:02 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
334c19a405 Fix a bug introduced with def_closefrom. The value of def_closefrom 
already includes the +1.
 2009-08-05 23:59:21 +00:00
Todd C. Miller
7b7ae44ea3 Update non-Unix group support from Quest, as reworked by me. 2009-05-27 00:49:07 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
f54b69b0cc Replace version.h with PACKAGE_VERSION set via AC_INIT in configure. 2009-05-19 21:24:05 +00:00
Todd C. Miller
d985366233 Initial bits of non-unix group support using Quest Authentication Services 2009-05-17 22:19:38 +00:00
Todd C. Miller
c0ac222c3f Must call audit_success before we change uids. 2009-05-10 11:59:53 +00:00
Todd C. Miller
3332ee9842 Fix -g mode, broken by rev 1.503 which had the side effect of setting 
the runas user to root unilaterally.
 2009-05-10 01:00:23 +00:00
Todd C. Miller
3be603aa47 Implement #includedir directive. Files in an includedir are not edited 
by visudo unless they contain a syntax error.
 2009-04-18 23:25:08 +00:00
Todd C. Miller
838cb61086 Add support for AIX netsvc.conf (like nsswitch.conf). 2009-03-10 20:44:05 +00:00
Todd C. Miller
a25aee9cb9 Make "sudoedit -h" work as expected 2009-02-25 12:33:11 +00:00
Todd C. Miller
0390504c34 cosmetic changes 2009-02-25 11:05:01 +00:00
Todd C. Miller
710e72ecb3 Fix "sudo -k" with no other args 2009-02-25 01:23:07 +00:00
Todd C. Miller
15975b83ce Allow the -k flag to be specified in conjunction with a command or 
another option that may require authentication.
 2009-02-24 13:04:39 +00:00
Todd C. Miller
f96b0a7432 Implement umask_override 2009-02-21 22:03:47 +00:00
Todd C. Miller
6491696ca6 Make audit_success and audit_failure generic functions in preparation 
for integrating linux audit support.
 2009-02-21 13:37:47 +00:00
Todd C. Miller
f4bc42d637 May need to update the runas user after parsing command-based defaults. 2009-02-20 20:55:32 +00:00
Todd C. Miller
f492e53056 Add bsm audit support from Christian S.J. Peron 2009-02-11 01:18:02 +00:00
Todd C. Miller
77794f27aa Do not try to set the close on exec flag if we didn't actually open sudoers. 2009-01-09 00:13:37 +00:00
Todd C. Miller
68baa6346c fix compilation on non-C99; from Theo 2008-11-18 15:57:09 +00:00
Todd C. Miller
3cc3114d92 Move tty checks into check_user() so we only do them if we actually 
need a password.
 2008-11-11 18:28:08 +00:00
Todd C. Miller
8e480f4ae3 Don't error out if no tty or askpass unless we actually need to authenticate. 2008-11-11 17:34:27 +00:00
Todd C. Miller
43c98580fc s/overriden/overridden/; from Tobias Stoeckmann 2008-11-10 13:07:38 +00:00
Todd C. Miller
840acbd3ac Update copyright years. 2008-11-09 14:13:13 +00:00
Todd C. Miller
535ed3817c Sudo will now refuse to run if no tty is present unless the new 
visiblepw sudoers flag is set.
 2008-11-07 02:06:48 +00:00
Todd C. Miller
3cb9d538f9 use zero_bytes() instead of memset() for consistency 2008-11-02 14:51:16 +00:00
Todd C. Miller
4afceb8e92 Zero out sigaction_t before use in case it has non-standard entries. 2008-11-02 14:45:31 +00:00
Todd C. Miller
8ba6fa2ae3 Defer setting runas defaults until after runaspw/gr is setup. 2008-11-01 13:20:01 +00:00
Todd C. Miller
efb510a9dc Use MAXHOSTNAMELEN+1 when allocating host/domain name since some 
systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.
 2008-10-29 17:26:42 +00:00
Todd C. Miller
9b5e94cef9 When setting the umask, use the union of the user's umask and the 
default value set in sudoers so that we never lower the user's umask
when running a command.
 2008-10-26 21:13:03 +00:00
Todd C. Miller
aa54053ad1 Don't try to read from a zero-length sudoers file. Remove the bogus 
Solaris work-around for EAGAIN.  Since we now use fgetc() it should
not be a problem.
 2008-10-26 20:43:59 +00:00
Todd C. Miller
18e7644032 Don't error out on a zero-length sudoers file. With the advent of 
#include the user could create a situation where sudo is unusable.
 2008-10-24 13:49:10 +00:00
Todd C. Miller
b02daa8272 Add sudoers_locale Defaults option to override the default sudoers 
locale of "C".
 2008-09-14 00:45:24 +00:00
Todd C. Miller
508295b1f6 Set locale to system default except for during sudoers parse. 2008-09-13 18:09:28 +00:00
Todd C. Miller
a5245c2358 Set locale to "C" to avoid interpretation issues with character ranges 
in sudoers.  May want to make the locale a sudoers option in the future.
 2008-08-23 23:09:13 +00:00