isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,579 Commits 1 Branch 0 Tags
c7157ce0b13b032e73e4ea70e95f45bba4afd813
Commit Graph

479 Commits

Author SHA1 Message Date
Todd C. Miller
f538ed4e35 Add dlopen() emulation for systems without it. 
For HP-UX 10, emulate using shl_load().
For others, link sudoers plugin statically and use a lookup
table to emulate dlsym().
 2010-09-26 17:41:35 -04:00
Todd C. Miller
53f9cfe062 In login mode, make a copy of the runas user's pw_shell for NewArgv[0] 
because 1) we modify it and 2) it will runas_pw gets freed before exec.
 2010-09-14 11:30:28 -04:00
Todd C. Miller
e069b74dc8 Convert sudoers plugin to use interface list passed in settings. 2010-09-08 15:07:40 -04:00
Todd C. Miller
1d37ab560a Always fill in NewArgv for audit code. 2010-09-07 17:59:10 -04:00
Todd C. Miller
e7d56e16e2 Do not set both MODE_EDIT and MODE_RUN 2010-09-04 08:41:42 -04:00
Todd C. Miller
256ee25ab5 Move get_auth() into check.c where it is actually used. 2010-08-21 08:48:35 -04:00
Todd C. Miller
129cf8d992 sudoers.h includes sudo_plugin.h for us 2010-08-10 16:36:54 -04:00
Todd C. Miller
8dd8aa000e Remove some obsolete configure tests, ancient Unix systems are no 
longer supported.
 2010-08-10 13:44:05 -04:00
Todd C. Miller
cb1848fab1 Retain final passwd/group refs until the policy close() function. 
Note that this doesn't get called in all cases so putting
this in a cleanup function is probably better.
 2010-08-06 13:54:35 -04:00
Todd C. Miller
26526e667f delref sudo_user.pw, runas_pw and runas_gr immediately before we return. 2010-08-06 12:07:03 -04:00
Todd C. Miller
0186018d3d Reference count cached passwd and group structs. The cache holds 
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}.  The final ref on the runas and user passwd
and group structs are persistent for now.
 2010-08-04 09:58:50 -04:00
Todd C. Miller
6d0395ee68 Add support for Ubuntu admin flag file and enable it when building 
Ubuntu packages.
 2010-07-28 16:34:11 -04:00
Todd C. Miller
f7f65cfb95 Check return value of setdefs() but don't stop setting defaults if 
we hit an unknown one.
 2010-07-19 12:53:25 -04:00
Todd C. Miller
482f9cfc83 Handle getcwd() failure. 2010-07-14 14:17:56 -04:00
Todd C. Miller
d9de7b5f8e Add support for a sudo-i pam.d file to be used for "sudo -i". 
Adapted from a RedHat patch.
 2010-07-12 17:57:53 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
189b43fed3 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have 
closed the sudoers sources.  From Quest sudo.
 2010-06-25 10:05:51 -04:00
Todd C. Miller
d1bf11db33 Call set_fqdn() after sudoers has parsed instead of inline as a callback. 2010-06-18 17:47:55 -04:00
Todd C. Miller
d79b0ece15 Do not call set_fqdn() until sudoers parses (where is gets run as a callback). 2010-06-18 17:25:59 -04:00
Todd C. Miller
1fbb1819e7 Use sudo_printf for I/O log version 
Clarify policy plugin version string
 2010-06-10 14:24:06 -04:00
Todd C. Miller
eec336115a Move askpass path specification from sudoers to sudo.conf. 2010-06-09 17:40:44 -04:00
Todd C. Miller
bcaf51ce62 Fix setting selinux type on command line. 2010-06-08 17:10:27 -04:00
Todd C. Miller
afa3589d52 For sudoedit, make a local copy of editor string si become part of 
argv.  If no editor environment variable, split def_editor on ':'
since it may be a colon-delimited path.
 2010-06-04 12:17:19 -04:00
Todd C. Miller
2ee7524101 Add casts to quiet compiler warnings. 2010-06-01 09:54:03 -04:00
Todd C. Miller
2dd29bf64d Break sudoers transcript feature up into log_input and log_output. 2010-05-30 10:31:38 -04:00
Todd C. Miller
b6f02f38c0 Make sudoers_io functions static to iolog.c 2010-05-29 10:43:34 -04:00
Todd C. Miller
e952c8c7ff Eliminate unused variables 2010-05-28 13:21:56 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
34e1a06767 Use sudo_printf to display verbose version information. 2010-05-28 12:01:06 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
27be96c9cd Add open/close session to sudo auth, only used by PAM. 
This allows us to open (and close) the PAM session from sudoers.
 2010-05-26 17:57:47 -04:00
Todd C. Miller
4695dd1b70 Re-enable PATH_MAX check for command 2010-05-26 16:33:35 -04:00
Todd C. Miller
45923111e0 Repair "sudo -l -U username" 2010-05-25 14:21:21 -04:00
Todd C. Miller
937b5f166d Set selinux role and type in command details. 2010-05-25 13:58:16 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
60e0e496ef If running a command or sudoedit in transcript mode, call io_nextid() 
before log_allowed() so the session id is logged.
 2010-05-24 14:30:54 -04:00
Todd C. Miller
529bfcf674 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does 
(it is used when logging).  Note that user_ttypath will still be
NULL if there is no tty.
 2010-05-21 12:19:55 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
d5bfd148d6 Make find_path() a little more generic by not checking def_foo 
variables inside it.  Instead, pass in ignore_dot as a function
argument.
 2010-05-13 10:27:03 -04:00
Todd C. Miller
1487026b03 Call env_init() before we open the sudoers sources as those may 
call our setenv() replacement.
 2010-05-12 08:32:12 -04:00
Todd C. Miller
782f494003 Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. 
NOTE: stdin logging does not currently work and is disabled for now.
 2010-05-05 07:29:28 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
f42cf76d8a Re-enable bsm audit. Currently auditing is done within the sudoers 
plugin itself.  If possible, this should really be done in the main
driver but we don't presently have the needed data to do that.  This
will be re-evaluated when Linux audit support is added.
 2010-04-30 12:01:15 -04:00
Todd C. Miller
b0b6b4cf54 Add back calls to log_denial() if sudoers does not allow the command. 2010-04-26 22:10:34 -04:00
Todd C. Miller
e1a9e5aec0 Pass in correct pwflag for list and validate. 2010-04-26 21:53:59 -04:00
Todd C. Miller
1abb3b7f57 Only set sudo_user.env_vars if the env_add list is empty. 2010-04-26 21:28:58 -04:00
Todd C. Miller
90f8bf3482 Set sudo_user.env_vars so that environment variables specified on 
the command line get logged correctly.
 2010-04-26 20:41:28 -04:00