isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,160 Commits 1 Branch 0 Tags
c352187cf8c61c79b51c55f4b0c63c77a787ed56
Commit Graph

4160 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
0b11b7e717 timelimit and bind_timelimit 2008-01-06 17:32:59 +00:00
Todd C. Miller
a9615943f6 sync 2008-01-06 13:54:03 +00:00
Todd C. Miller
00030b9ad2 Move ldap.secret reading into a separate function. 2008-01-06 12:56:46 +00:00
Todd C. Miller
43f7408607 user_runas -> runas_pw 2008-01-06 00:09:18 +00:00
Todd C. Miller
9909106656 sync 2008-01-05 23:59:50 +00:00
Todd C. Miller
0fc0e3c86d Add and document the %p escape in the password prompt. 
Based on a patch from Patrick Schoenfeld.
 2008-01-05 23:59:28 +00:00
Todd C. Miller
9998419d7a Check strlcpy() return values. 2008-01-05 23:25:58 +00:00
Todd C. Miller
4bb2167453 refactor ldap binding code into sudo_ldap_bind_s() 2008-01-05 23:12:19 +00:00
Todd C. Miller
77d841e0e6 Make it clear that host and uri can take multiple parameters. 
URI is now supported for more than just openldap
nsswitch.conf does't accept "compat"
 2008-01-05 21:35:25 +00:00
Todd C. Miller
055bda6261 comment cleanup and update (c) year 2008-01-05 21:27:02 +00:00
Todd C. Miller
fb01648878 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c. 
This should make it possible to build an LDAP-only sudo binary.
 2008-01-05 21:25:28 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
56d193b29b Free up parser data structures in sudo_file_close(). 2008-01-05 18:26:42 +00:00
Todd C. Miller
53aec6601e Free up parser data structures in sudo_file_close(). 2008-01-05 13:13:06 +00:00
Todd C. Miller
e4370acaa4 Parse uri ourself if no ldap_initialize() is present 
Use ldap_create() instead of deprecated ldap_init()
Use ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
 2008-01-05 12:59:05 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s() 
Remove -DLDAP_DEPRECATED from CFLAGS
 2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn 
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
 2008-01-03 21:11:33 +00:00
Todd C. Miller
179ec68f86 include unistd.h 2008-01-03 21:02:51 +00:00
Todd C. Miller
27efa3d257 fix typo in mtim_getnsec 2008-01-03 16:05:04 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
e238133159 use ldap_search_ext_s instead of deprecated ldap_search_s 2008-01-02 16:05:50 +00:00
Todd C. Miller
915fc493cf add sudo_nss.h to HDRS 2008-01-02 15:09:20 +00:00
Todd C. Miller
5173bbb95d Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() 
and ldap_rdn2str().
 2008-01-02 00:04:50 +00:00
Todd C. Miller
8a2db8bd08 Use ldap_get_values_len()/ldap_value_free_len() instead of the 
deprecated ldap_get_values()/ldap_value_free().
 2008-01-01 23:37:51 +00:00
Todd C. Miller
6771b36175 sync 2008-01-01 22:08:53 +00:00
Todd C. Miller
f738ef46fa sync 2008-01-01 22:07:16 +00:00
Todd C. Miller
5a6ad03e59 Remove some already fixed XXXs 2008-01-01 22:06:33 +00:00
Todd C. Miller
aa562c8f69 Same return value as non-existent sudoers if LDAP was unable to connect. 2008-01-01 22:03:54 +00:00
Todd C. Miller
ab14071ec9 mention /etc/environment 2008-01-01 21:52:45 +00:00
Todd C. Miller
685d9d2dab Update to reflect recent developments. 2008-01-01 21:43:26 +00:00
Todd C. Miller
156c949750 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. 2008-01-01 21:42:28 +00:00
Todd C. Miller
a7fb2f3e36 When building up a query don't list groups in the aux group vector 
that are the same as the passwd file group.  On most systems the
first gid in the group vector is the same as the passwd entry gid.
 2008-01-01 21:25:23 +00:00
Todd C. Miller
cd30e84743 Define LDAPNOINIT before calling ldap_init(), etc. to disable user 
ldaprc and system defaults that could affect how LDAP works.
 2008-01-01 19:01:42 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
d2de8d5fed Honor def_ignore_local_sudoers 2008-01-01 18:12:00 +00:00
Todd C. Miller
d6e9445a6a no longer need to check def_ignore_local_sudoers here 2007-12-31 21:44:46 +00:00
Todd C. Miller
4d8f37f4bd Refactor group vector resetting into a function and also call it 
from display_cmnd.
Stop after the first sucessful match in display_cmnd.
Print a newline between each display_privs method.
 2007-12-31 21:36:53 +00:00
Todd C. Miller
36b221af26 fix double free introduced in rev 1.218 2007-12-31 21:23:46 +00:00
Todd C. Miller
b289130680 belt and suspenders; zero out result after freeing it 2007-12-31 21:10:49 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
09439030f6 make it clear that the global options are from LDAP 2007-12-31 19:24:10 +00:00
Todd C. Miller
e6d707b2d3 allocate proper amount of space for error string 2007-12-31 19:13:06 +00:00
Todd C. Miller
de3bb58929 actual sudo nss code 2007-12-31 15:24:57 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00