isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,160 Commits 1 Branch 0 Tags
c352187cf8c61c79b51c55f4b0c63c77a787ed56
Commit Graph

4160 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
1a69e42d95 include limits.h 2007-12-21 21:20:30 +00:00
Todd C. Miller
12b86ef41b reword LDAP SASL 2007-12-20 15:02:51 +00:00
Todd C. Miller
d7090332e5 sync 2007-12-19 21:40:47 +00:00
Todd C. Miller
e60093477e Add an example sudoRole, clarify netscape vs. openldap a bit more 2007-12-19 21:39:00 +00:00
Todd C. Miller
9dc049ccf4 Be clear on what is OpenLDAP vs. Netscape-derived 2007-12-19 19:42:16 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
f60e1d3cb7 fix compilation on solaris 2007-12-19 19:25:10 +00:00
Todd C. Miller
9ed999b7a5 add missing .h and .c files for missing lib objs 2007-12-19 19:23:07 +00:00
Todd C. Miller
dbe2b9e4f3 fix LDAP_OPT_NETWORK_TIMEOUT setting 2007-12-18 14:54:45 +00:00
Todd C. Miller
3be9fcbedb fix compilation on Solaris 2007-12-18 01:10:10 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
6aa8308750 try to clear up which variables are for OpenLDAP and which are for netscape-derived SDKs 2007-12-17 13:08:29 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
ed88a812ec ld -> ldap_conn 2007-12-17 01:02:44 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
c5b5f0cfd7 Distinguish between LDAP conf settings that are connection-specific 
(which take an ld pointer) and those that are default settings (which do not).
 2007-12-16 19:08:05 +00:00
Todd C. Miller
06e6097a49 Improved warnings on error. 2007-12-14 21:46:31 +00:00
Todd C. Miller
7c1889af15 Make ldap config table driven and set the config *after* we open the 
connection.
 2007-12-14 20:59:17 +00:00
Todd C. Miller
6acbe17288 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define 2007-12-13 21:41:58 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00
Todd C. Miller
5ae3bb2dd3 minor update 2007-12-10 22:12:34 +00:00
Todd C. Miller
51d8416545 regen 2007-12-10 15:56:23 +00:00
Todd C. Miller
3e7a467e81 sync 2007-12-08 00:17:21 +00:00
Todd C. Miller
ae98617dfe add -g support for LDAP 2007-12-08 00:09:28 +00:00
Todd C. Miller
3592cc0b18 The -i and -s flags can now take an optional command. 2007-12-03 16:36:49 +00:00
Todd C. Miller
74c5dc4fad Add passprompt_override flag to sudoers that will cause the prompt 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
 2007-12-02 17:13:48 +00:00
Todd C. Miller
4efd981d68 Move setting of login class until after sudoers has been parsed. 
Set NewArgv[0] for -i after runas_pw has been set.
 2007-12-02 00:51:32 +00:00
Todd C. Miller
c148eb52d6 Move the dgettext check. 2007-12-02 00:34:54 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
a85dd4b861 Fix typos; Martynas Venckus 2007-11-27 17:13:03 +00:00
Todd C. Miller
9c5696978c Don't assume runas_pw is set; it may not be in the -g case. 2007-11-26 00:26:42 +00:00
Todd C. Miller
a766300007 Set aux group vector for PERM_RUNAS and restore group vector for 
PERM_ROOT if we previously changed it.  Stash the runas group vector
so we don't have to call initgroups more than once. Also add no-op
check to check_perms.
 2007-11-25 13:07:21 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
bfd781ff65 fix setting of mandir 2007-11-21 20:02:39 +00:00
Todd C. Miller
c9f393e4de document that ALL implies SETENV 2007-11-21 19:26:06 +00:00
Todd C. Miller
e6c0ba72f3 s/setenv_ok/setenv_implied/g 2007-11-21 18:50:47 +00:00
Todd C. Miller
fff47a319a hostname_matches() returns TRUE on match in sudo 1.7. 2007-11-21 18:44:48 +00:00
Todd C. Miller
4a39e1bebe use strcmp, not strcasecmp when comparing ALL 2007-11-21 18:26:59 +00:00
Todd C. Miller
6751e9a9cd Make sudo ALL imply setenv. Note that unlike with file-based sudoers 
this does affect all the commands in the sudoRole.
 2007-11-21 16:41:49 +00:00
Todd C. Miller
52b2861bb9 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag, it 
is not passed on to other commands in the list.
 2007-11-21 16:05:31 +00:00
Todd C. Miller
87dc0bb2ea Add missing sudo_setpwent() and sudo_setgrent() calls. Also 
use sudo_getpwuid() instead of getpwuid().
 2007-11-21 16:02:30 +00:00
Todd C. Miller
8b1ada4a8f Expand on the dangers of not using visudo to edit sudoers. 2007-11-15 16:16:46 +00:00
Todd C. Miller
7cd59baada Don't quote *?[]! on output since the lexer does not strip off the 
backslash when reading those in.
 2007-11-08 12:24:41 +00:00
Todd C. Miller
5c61e13db4 expand "u_foo" types to "unsigned foo" to avoid compatibility issues. 2007-11-07 18:16:31 +00:00
Todd C. Miller
8ff6b6ccaa Refactor log line generation in to new_logline(). 2007-11-04 13:33:18 +00:00
Todd C. Miller
c22d295979 fix typo 2007-10-25 13:23:39 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
c50e7d4c06 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. 2007-10-21 13:29:18 +00:00