isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,329 Commits 1 Branch 0 Tags
c5513388e0a1d7d2c44c12912d9d3485fc87cd36
Commit Graph

41 Commits

Author SHA1 Message Date
Todd C. Miller
108d53548b Rename simple_glob -> fast_glob 2009-02-10 19:04:02 +00:00
Todd C. Miller
cfb9ec7baf g/c unused var 2009-02-10 14:39:15 +00:00
Todd C. Miller
7207b4cd60 Add simple_glob option to use fnmatch() instead of glob(). This is 
useful when you need to specify patterns that reference network file
systems.
 2009-02-10 13:09:14 +00:00
Todd C. Miller
1cc431c42f quiet gcc 2008-11-02 14:35:37 +00:00
Todd C. Miller
4c7a96ba14 Short circuit glob() checks if basename(pattern) != basename(command). 
Refactor code that checks for a command in a directory and use it in the
glob case if the resolved pattern ends in a '/'.
 2008-11-02 14:28:03 +00:00
Todd C. Miller
efb510a9dc Use MAXHOSTNAMELEN+1 when allocating host/domain name since some 
systems do not include space for the NUL in the size.  Also manually
NUL-terminate buffer from gethostname() since POSIX is wishy-washy on this.
 2008-10-29 17:26:42 +00:00
Todd C. Miller
65bce65551 Redo change in 1.34 to use pointer arithmetic. 2008-09-12 13:34:27 +00:00
Todd C. Miller
d0a44e437c Fix a dereference (read) of a freed pointer. Reported by Patrick Williams. 2008-09-11 11:06:37 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6 
since some systems define AF_INET6 but do not include IPv6 support.
 2007-10-24 16:41:19 +00:00
Todd C. Miller
76e5eb434b Add a sequence number in the aliases for loop detection. If we find 
an alias with the seqno already set to the current (global) value we
know we've visited it before so ignore it.
 2007-09-15 11:24:54 +00:00
Todd C. Miller
a0f80d6581 rename lh_ -> tq_ 2007-09-11 19:42:48 +00:00
Todd C. Miller
21f0ea4d68 Each entry in a cmndlist now has an associated runaslist 
so no need to keep track of the most recent non-NULL one.
 2007-09-05 18:45:26 +00:00
Todd C. Miller
d72778832c Move list manipulation macros to list.h and create C versions of 
the more complex ones in list.c.  The names have been down-cased
so they appear more like normal functions.
 2007-08-31 23:13:26 +00:00
Todd C. Miller
10e5d4e708 Use LH_FOREACH_REV when checking permission and short-circuit on 
the first non-UNSPEC hit we get for the command.  This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
 2007-08-31 01:21:26 +00:00
Todd C. Miller
1d69c0d63f Replace has_meta() with a macro that calls strpbrk(). 2007-08-30 20:15:48 +00:00
Todd C. Miller
8cdea0b941 Use a list head struct when storing the semi-circular lists and 
convert to tail queues in the process.  This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.

Add macros for manipulating lists.  Some of these should become functions.

When freeing up a list, just pop off the last item in the queue instead
of going from head to tail.  This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.

Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
 2007-08-30 17:26:35 +00:00
Todd C. Miller
3fd33970c1 Fix thinko introduced when merging IPV6 support. 2007-08-25 02:36:09 +00:00
Todd C. Miller
d65602ca6f Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki 2007-08-13 16:29:25 +00:00
Todd C. Miller
4fea71625b Fix off by one in group matching. 2007-08-02 02:08:39 +00:00
Todd C. Miller
6a8fb71154 Less hacky way of testing whether the domain was set. 2007-07-05 19:46:23 +00:00
Todd C. Miller
ae2f7c77ee deal with NULL gr_mem 2007-06-21 17:04:26 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
a58012cfff Only check group vector in usergr_matches() if we are matching the 
invoking or list user.  Always check the group members, even if
there was a group vector.
 2005-01-01 17:41:21 +00:00
Todd C. Miller
94f606fbf6 Deal with user_stat being NULL as it is for visudo and testsudoers. 2004-11-24 21:44:54 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
596d1ef5a4 Only do string comparisons on the group members if there is no 
supplemental group list.
 2004-11-16 23:40:58 +00:00
Todd C. Miller
0ed2557959 remove bogus XXX comment 2004-11-16 17:02:58 +00:00
Todd C. Miller
3e97ace970 Get rid of alias_matches and correctly fall through to the non-alias 
cases when there is no alias with the specified name.
 2004-11-16 16:10:09 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
fd46c2c3ef Properly negate the return value of alias_matches() when appropriate. 2004-11-15 19:43:47 +00:00
Todd C. Miller
61ba998eec Make hostname_matches() return TRUE for a match, else FALSE like the 
caller expects.
 2004-11-15 19:38:31 +00:00
Todd C. Miller
814103ee29 Use runas_matches in alias_matches() now that we have it. 2004-11-15 18:06:11 +00:00
Todd C. Miller
d076091ab3 Use ALIAS for the member type when storing an alias instead of 
HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on
the more generic type.  Expand runas_matches instead of calling
user_matches() inside of it since user_matches() looks up USERALIASes,
not RUNASALIASes.
 2004-11-15 17:33:52 +00:00
Todd C. Miller
244eec5cdb Use userpw_matches() to compare usernames, not strcmp(), since the latter 
checks for "#uid".
 2004-11-15 14:59:03 +00:00
Todd C. Miller
99158cc7ef add cast to uid_t 2004-11-15 14:50:03 +00:00
Todd C. Miller
e26e40df8a Store aliases in a red-black tree. 2004-11-15 03:55:22 +00:00
Todd C. Miller
56e8b2fcf8 foo_matches() routines now live in match.c 
Added user_matches(), runas_matches(), host_matches(), cmnd_matches()
and alias_matches() that operate on the parsed sudoers file.
 2004-10-26 22:14:01 +00:00