present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default. This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.
This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password. Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed". Fixes bug #563
or hidden, if available. If not available, use an ELF version
script if it is supported. If all else fails, fall back to using
libtool's -export-symbols.
not, open the file as uid 0, not uid 1. This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time. We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
hooks for getenv, putenv, setenv and unsetenv. This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
Bump the minor number accordingly and update the documentation. A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK. Note that visudo will still
set the mode to the value specified at configure time.
the groups list. This matches BSD convention where the effective
gid is the first entry in the group list. This is required on newer
FreeBSD where the effective gid is not tracked separately and thus
setgroups() changes the egid if this convention is not followed.
Fixes bug #532
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
using BSD authentication. That user may have a different login class
than what we will use to run the command. When setting the login
class for the command, use the target user's struct passwd, not
the invoking user's. Fixes bug 526
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too. This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
