isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,796 Commits 1 Branch 0 Tags
c91b6777d3d8fbfa65d016857fa36ecabff848f6
Commit Graph

53 Commits

Author SHA1 Message Date
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
638acc28cf The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. 
Also fix the section for ldap.conf cross-references.
 2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0 Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". 
Add missing word "order" in a sentence describing sudoOrder.
 2016-05-31 13:14:30 -06:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
cd669526e5 Fix "mandoc -Tlint" warnings. 
Sync AUTHORS section in man pages.
Regenerate all man pages.
 2015-03-22 13:09:26 -06:00
Todd C. Miller
7ec9cfb493 When querying LDAP netgroups, use the NIS domain if it is sent but 
also match nisNetgroupTriple entries that have no domain.
 2015-01-30 14:45:22 -07:00
Todd C. Miller
4dd2a3c6b8 Add support for querying netgroups directly via LDAP since there 
is no other way to look up all the netgroups for a user (unlike
regular groups).  This introduces netgroup_base and netgroup_search_filter
options to ldap.conf.  Based on a diff from Steven Soulen.
 2015-01-29 14:08:30 -07:00
Todd C. Miller
4ae3ab43c0 Sort ldap.conf options. 2015-01-27 09:29:02 -07:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
552dbe5253 Mention sssd support in the sudoers.ldap manual and cross-reference 
sssd-sudo(5).
 2014-11-17 15:26:12 -07:00
Todd C. Miller
c35d7f2b04 Add support for base64 secrets in ldap.conf and ldap.secret. 
Based on an idea from anthony AT rlost DOT com
 2014-07-10 15:31:11 -06:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
a54e52d588 Minor word choice change. 2014-02-07 15:03:00 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
55ea043a9b Document comment character in ldap.conf 
Clarify what is and is not supported in TLS_KEYPW
Mention that gsk8capicmd can be used to create a stash file
 2013-08-30 14:27:26 -06:00
Todd C. Miller
dbdd328f44 Fix typo in tls_key example for Tivoli 2013-08-19 13:19:35 -06:00
Todd C. Miller
fa6c857112 Allow ldap_conf and ldap_secret to be specified as plugin arguments 
in sudo.conf
 2013-04-25 14:49:02 -04:00
Todd C. Miller
67dad9a83c sudoers_debug is now deprecated in favor of the sudo debugging 
framework.
 2013-04-25 10:22:11 -04:00
Todd C. Miller
ed6d6963de Document digest support. 2013-04-17 15:42:28 -04:00
Todd C. Miller
74881843e1 Mention line continuation 2013-02-07 14:08:54 -05:00
Todd C. Miller
f6e61640d2 Fix some typos. 2013-02-05 16:09:26 -05:00
Todd C. Miller
3c34c0a4b8 Document non-Unix group support in LDAP sudoers. 2012-09-15 14:00:30 -04:00
Todd C. Miller
2d3a0d14d3 Make the capitalization consistent for .Ss and .Sx 2012-08-21 15:11:43 -04:00
Todd C. Miller
37cfbc8eaa Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" 2012-08-01 10:54:09 -04:00
Todd C. Miller
d29991f41b Regen .man.in files with my private mandoc. 2012-07-25 10:34:20 -04:00
Todd C. Miller
a06f7540f7 Regen .man.in files with hacked mandoc to avoid issues with historic 
nroff.
 2012-07-20 14:28:41 -04:00
Todd C. Miller
90f2cfa589 Build .man.in and .cat files from .mdoc.in files. 
Add new --with-man and --with-mdoc configure options.
 2012-07-19 13:41:14 -04:00
Todd C. Miller
c5b374fac6 More minor costmetic fixes. 2012-07-18 09:16:09 -04:00
Todd C. Miller
2e36b1ef2b Regen for sudo 1.8.6 2012-06-29 16:11:27 -04:00
Todd C. Miller
b61c0ab473 regen 2012-03-14 14:20:16 -04:00
Todd C. Miller
74c4252c1b 1.8.0rc1 2011-02-21 13:36:24 -05:00
Todd C. Miller
6983d782c1 regen 2011-02-16 12:22:38 -05:00
Todd C. Miller
7f277d1558 Bump version to 1.8.0b4 2011-02-03 14:26:58 -05:00
Todd C. Miller
6fd9d853a8 Be clear about what versions of sudo support new LDAP attributes. 
Fix up some formatting of attribute names.  Minor other tweaks.
 2011-02-01 14:31:04 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
a628fee981 regen 2011-01-10 09:28:53 -05:00
Todd C. Miller
e3cd512bfa regen 2010-12-27 14:45:13 -05:00
Todd C. Miller
901ca2a12c regen 2010-11-19 16:57:21 -05:00
Todd C. Miller
8528827500 Bump version to 1.8.0b2 2010-11-08 11:27:20 -05:00
Todd C. Miller
432d27573d TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses TLS_CACERT, 
not TLS_CACERTFILE in its ldap.conf.  Other LDAP client code, such as
nss_ldap, uses TLS_CACERTFILE.  Also document why you should avoid
disabling TLS_CHECKPEER is possible.
 2010-07-08 09:02:03 -04:00
Todd C. Miller
d92c82ea3f Add support for multiple sudoers_base entries in ldap.conf. 
From Joachim Henke
 2010-06-15 10:33:30 -04:00