isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,577 Commits 1 Branch 0 Tags
c20f64d2f191dd98e8fe10db1651c130e6d47108
Commit Graph

405 Commits

Author SHA1 Message Date
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
840d51a160 s/-O/-C/ 2005-01-18 00:41:31 +00:00
Todd C. Miller
dfccf19338 g/c pwcache_init/pwcache_destroy 2005-01-05 19:43:36 +00:00
Todd C. Miller
a5d9296d25 Adapt to pwutil.c 2005-01-05 01:10:16 +00:00
Todd C. Miller
bb76440b4f sort usage 2004-12-16 19:20:25 +00:00
Todd C. Miller
051a2110a4 Add closefrom sudoers option to start closing at a point other than 3. 
Add closefrom_override sudoers option and -C sudo flag to allow the
user to specify a different closefrom starting point.
 2004-12-16 18:33:49 +00:00
Todd C. Miller
f93cd1e97a Fix last commit. 2004-12-10 02:07:27 +00:00
Todd C. Miller
07d74adfba Make sure stdin, stdout and stderr are open and dup them to /dev/null 
if not.
 2004-12-10 00:26:22 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
7d488657f0 Use TIME_WITH_SYS_TIME 2004-12-03 18:52:28 +00:00
Todd C. Miller
68e54d2c8b Call initgroups() in -U mode so group matches work normally. 2004-11-29 17:52:02 +00:00
Todd C. Miller
5f06b19a6e Add -U option to use in conjunction with -l instead of -u. 
Add support for "sudo -l command" to test a specific command.
 2004-11-24 21:31:51 +00:00
Todd C. Miller
f75a034f06 Set safe_cmnd after sudoers_lookup() if it has not been set. 
Previously it was set by sudo "ALL" in the parser but at that point
the fully-qualified pathname has not yet been found.
 2004-11-24 21:28:55 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
d427384ae4 Set user_ngroups to 0 if getgroups() returns an error. 2004-11-17 00:00:48 +00:00
Todd C. Miller
f7f282ba13 Add configure check for getgroups() 2004-11-16 23:59:56 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid, 
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
 2004-11-15 14:53:05 +00:00
Todd C. Miller
0b34123a8b Create and use private versions of setpwent() and endpwent() that 
set/end the shadow password file too.
 2004-11-15 04:06:16 +00:00
Todd C. Miller
a239e60a6a The syntax to list another user's entries is now "-u otheruser -l". 
Only root or users with sudo "ALL" may list other user's entries.
 2004-11-11 17:12:20 +00:00
Todd C. Miller
29fc2c9475 Only reset sudo_user.pw based on SUDO_USER environment variables for 
real commands and sudoedit.  This avoids a confusing message when a
user tries "sudo -l" or "sudo -v" and is denied.
 2004-10-27 16:16:23 +00:00
Todd C. Miller
efbc9997a1 Update for new parse. We now call find_path() *after* we have updated 
the global defaults based on sudoers.  Also adds support for listing
other user's privs if you are root.
 2004-10-26 22:22:46 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
8a33025986 Use __attribute__((__noreturn__)) 2004-09-30 17:55:21 +00:00
Todd C. Miller
cbcb60b184 Add keepopen arg to open_sudoers that open_sudoers can use to 
indicate to the caller that the fd should not be closed when it
is done with it.  To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
 2004-09-29 18:36:33 +00:00
Todd C. Miller
e9b23cdee1 Add errorfile global that contains the name of the file that caused the 
error.
 2004-09-29 18:33:06 +00:00
Todd C. Miller
4b75a03343 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so 
we start at the right file position when reading include files.
 2004-09-28 17:52:59 +00:00
Todd C. Miller
7cf26298a2 Rename check_sudoers() open_sudoers() and make it return a FILE * 2004-09-27 16:01:54 +00:00
Todd C. Miller
d4e3f175c8 g/c sudo_pwdup proto 2004-09-25 17:15:06 +00:00
Todd C. Miller
aa8d212e3c Call systrace_attach() if FLAG_TRACE is set. 2004-09-24 17:17:29 +00:00
Todd C. Miller
0c2be08089 Don't close sudoers_fp, keep it open and set close on exec flag instead. 2004-09-24 17:13:24 +00:00
Todd C. Miller
f30ab72c44 Add cmnd_base to struct sudo_user and set it in init_vars(). 
Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
 2004-08-24 18:01:14 +00:00
Todd C. Miller
3c6bb6c79c Consistency. Use same error for bad -u #uid when targetpw is set 
as we do when a bad -u username is specified.
 2004-08-06 23:42:52 +00:00
Todd C. Miller
252093fa60 Error out when targetpw is enabled and sudo is run with -u #uid but 
#uid does not exist in the passwd database.  We can't do target
authentication when the target is not in passwd!
 2004-08-06 23:24:41 +00:00
Todd C. Miller
20815542a9 typo in comment 2004-06-10 16:32:59 +00:00
Todd C. Miller
713e419fe9 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:11 +00:00
Todd C. Miller
3e1e279d21 Error out if argc < 1. 2004-06-03 20:21:07 +00:00
Todd C. Miller
d33ad95208 Use PATH_MAX, not MAXPATHLEN since the former is standardized. 2004-06-01 01:22:27 +00:00
Todd C. Miller
e6f074282f filesystem -> file system 2004-05-17 22:21:15 +00:00
Todd C. Miller
a6849607c9 Preliminary changes to support nsr-tandem-nsk. Based on patches from 
Tom Bates.
 2004-05-17 20:08:46 +00:00
Todd C. Miller
6190f376c1 If the user specified a uid with the -u flag and the uid exists in 
the passwd file, set runas_user to the name, not the uid.

When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
 2004-03-24 23:06:34 +00:00
Todd C. Miller
21e3ca9cf8 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Aaron Spangler
b0226e939b Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
7a07ad8641 Don't look at prev_user until after we've parsed sudoers and done the 
password check.  That way, if sudo/sudoedit is run from a root process
that was invoked by sudo, we check sudoers for root, not the previous
user.  This makes sudoedit much more useful and means that for the
sudo case, we get correct logging on who actually ran the command.
 2004-01-29 21:15:27 +00:00
Todd C. Miller
5ccddf8176 Fix suspending the editor in -e mode. Because we do a fork() first 
we need to be notified when the child has been stopped and then send
that same signal to ourself so the shell can do its job control thing.
 2004-01-22 02:57:01 +00:00