isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,555 Commits 1 Branch 0 Tags
caefd1abdc9227f6865f34f93bd05fef76f01ebf
Commit Graph

423 Commits

Author SHA1 Message Date
Todd C. Miller
9c9c0223e6 Avoid pulling in headers we don't need on Linux 
For getutx?id(), call setutx?ent() first and always call endutx?ent().
 2011-03-08 15:34:34 -05:00
Todd C. Miller
d6252de205 Fix return value of "sudo -l command" when command is not allowed, broken 
in [c7097ea22111].  The default return value is now TRUE and a bad:
label is used when permission is denied.  Also fixed missing permissions
restoration on certain errors.  On error()/errorx(), the password and
group files are now closed before returning.
 2011-03-08 09:38:21 -05:00
Todd C. Miller
47968912a2 Fix passing of login class back to sudo front end. 2011-03-07 16:55:08 -05:00
Todd C. Miller
e65bc35c6d Fix exit value for validate and list mode. 2011-03-06 15:52:40 -05:00
Todd C. Miller
a0ba308694 Fix non-interactive mode with sudoers plugin. 2011-03-06 15:38:02 -05:00
Todd C. Miller
85e8e584ae Add support for replaying sessions when iolog_file is set to something 
other than %{seq}.
 2011-03-04 20:10:44 -05:00
Todd C. Miller
f5e356ed40 If we are killed by a signal, display the name of the signal that got us. 2011-03-04 16:12:40 -05:00
Todd C. Miller
95512ae05e No longer need sudo_getepw() stubs. 2011-03-04 08:08:22 -05:00
Todd C. Miller
8ee8a0d87a Fix exit value of "sudo -l command" in sudoers module. 2011-03-03 09:38:15 -05:00
Todd C. Miller
4688f1ce60 fix test description 2011-02-23 15:39:24 -05:00
Todd C. Miller
a64bd36b33 convert test2 to use testsudoers 2011-02-23 15:26:13 -05:00
Todd C. Miller
3c0672e2e3 Allow sudoers file name, mode, uid and gid to be specified in the 
settings list.  The sudo front end does not currently set these
but may in the future.
 2011-02-23 13:38:52 -05:00
Todd C. Miller
59515a4a6d add help text to sudo, visudo and sudoreplay for the -h option 2011-02-21 11:33:36 -05:00
Todd C. Miller
435e44808d add localstatedir; closes bug 471 2011-02-19 08:29:21 -05:00
Todd C. Miller
39d9feb438 The howmany macro lives in sys/sysmacros.h on SVR5 systems 
Closes Bug 470
 2011-02-19 08:23:46 -05:00
Todd C. Miller
c3d795ff95 Avoid printing empty "Runas and Command-specific defaults for user" 
line.
 2011-02-14 11:29:20 -05:00
Todd C. Miller
289afc301e Remove unneeded variable. 2011-02-11 09:47:23 -05:00
Todd C. Miller
63449de859 Include utmp.h / utmpx.h before missing.h as apparently including it 
afterwards causes a compilation problem on GNU Hurd.
 2011-02-09 15:09:57 -05:00
Todd C. Miller
4294650039 #include "foo.h", not <foo.h> for local includes. 2011-02-07 10:51:43 -05:00
Todd C. Miller
21d8f01fac return foo not return(foo) 2011-02-07 06:47:29 -05:00
Todd C. Miller
310867e4ed Add test for quoted group that contains escaped double quotes 2011-02-03 13:07:01 -05:00
Todd C. Miller
af2ac7ccc6 Use a char array to map a number to a base36 digit. 2011-02-01 14:54:08 -05:00
Todd C. Miller
342e351d58 match quoted strings the same way whether in a Defaults line or as 
a user/group/netgroup name.  Fixes escaped double quotes in quoted
user/group/netgroup names.
 2011-01-31 15:13:51 -05:00
Todd C. Miller
4ce8e4b3f3 'make check' depends on visudo and testsudoers 2011-01-31 14:38:59 -05:00
Todd C. Miller
68e4921791 Add sudoOrder attribute to each entry 
Parse LOG_{INPUT,OUTPUT} tags
 2011-01-31 09:47:32 -05:00
Todd C. Miller
ed8e30cf6e Add --disable-env-reset configure option. 2011-01-28 16:52:25 -05:00
Todd C. Miller
807a9ca94b Do logging and email sending in the locale specified by the 
"sudoers_locale" setting ("C" by default).  Email send by sudo
includes MIME headers when the sudoers locale is not "C".
 2011-01-28 16:11:47 -05:00
Todd C. Miller
39b9b97dbc Fix indentation 2011-01-27 10:03:59 -05:00
Todd C. Miller
51515c6c01 Prepend "list " to the command logged when "sudo -l command" is 
used to make it clear that the command was listed, not run.
 2011-01-24 15:39:09 -05:00
Todd C. Miller
1f5c1dda14 cosmetic change 2011-01-24 15:35:44 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
3316ac8ebc Do not reject sudoers file just because it is root-writable. 2011-01-24 14:25:51 -05:00
Todd C. Miller
fbbd0603da For "sudo -U user -l" if user is not authorized on the host, say so. 2011-01-21 10:10:26 -05:00
Todd C. Miller
be034d5e7e In sudo_ldap_lookup(), always do the initial sudoers check as the 
invoking user.  If we are listing another user's privs we will
do a separate lookup using list_pw later.
 2011-01-21 08:10:26 -05:00
Todd C. Miller
f7f8b6867e Update copyright year to 2011 2011-01-20 16:46:56 -05:00
Todd C. Miller
96767abfe4 When listing, use separate lbufs for the defaults and the privileges and 
only print something if the number of privileges is non-zero.  Fixes
extraneous Defaults output for "sudo -U unauthorized_user -l".
 2011-01-20 16:19:42 -05:00
Todd C. Miller
215500bb55 Stash pointer to user group vector in LDAP handle and only reuse 
the query if it has not changed.  We always allocate a new buffer
when we reset the group vector so a simple pointer check is sufficient.
 2011-01-20 16:16:08 -05:00
Todd C. Miller
165dcfa37f Check initgroups() return value. 2011-01-20 16:15:34 -05:00
Todd C. Miller
7cbd1ff728 Add tests for the fill functions in toke_util.c 2011-01-20 10:09:19 -05:00
Todd C. Miller
79dff677d4 fix copyright year 2011-01-19 17:38:38 -05:00
Todd C. Miller
e7a4529cf8 Fix "sudo -g" support in the sudoers module. 2011-01-11 10:42:01 -05:00
Todd C. Miller
2d74e9567f If the user is running sudo as himself but as a different group we 
need to prompt for a password.
 2011-01-11 10:35:20 -05:00
Todd C. Miller
49409b7c5d Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP 
LDAP_OPT_TIMEOUT.  There is no corresponding option for mozilla-derived
LDAP SDKs but we can pass the timeout parameter to ldap_search_ext_s()
or ldap_search_st() when possible.
 2011-01-10 10:33:22 -05:00
Todd C. Miller
823e812723 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility 
with OpenLDAP ldap.conf files.
 2011-01-10 09:27:58 -05:00
Todd C. Miller
8a043ca562 If user has no supplementary groups, fall back on checking the group 
file expliticly.
 2011-01-10 09:23:54 -05:00
Todd C. Miller
e63849afb0 constify 2011-01-08 19:54:30 -05:00
Todd C. Miller
4cc6322b48 Move fill macro to toke.h 2011-01-08 19:34:31 -05:00
Todd C. Miller
400b6ffe20 Split tokenizer utility functions out into toke_util.c 2011-01-08 15:42:39 -05:00
Todd C. Miller
866ffd0bdb ANSIfy 2011-01-08 15:15:30 -05:00
Todd C. Miller
e8cc22c0c8 Add visudo tests to check target 2011-01-07 15:10:28 -05:00