isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,104 Commits 1 Branch 0 Tags
cc97c2e75ccbbd00719a1ce993a731d7f79dd25f
Commit Graph

718 Commits

Author SHA1 Message Date
Todd C. Miller
5c970b2179 New Lithuanian sudoers translation from translationproject.org 2012-02-25 13:42:26 -05:00
Todd C. Miller
5802083375 Update from translationproject.org 2012-02-25 13:40:32 -05:00
Todd C. Miller
4f9da8fdaa When adding gids to the LDAP filter, only add the primary gid once. 
This is consistent with the space computation/allocation.
From Eric Lakin
 2012-02-24 15:17:48 -05:00
Todd C. Miller
415454ff59 Relax the user/group/mode checks on sudoers files. As long as the 
file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK.  Note that visudo will still
set the mode to the value specified at configure time.
 2012-02-22 13:04:03 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
6fb0090db9 Fix the description of noexec. 2012-02-21 05:15:48 -05:00
Todd C. Miller
f6fdc909b4 The "op" parameter to set_default() must be int, not bool since it is 
set to '+' or '-' for list add and subtract.
 2012-02-21 05:13:13 -05:00
Todd C. Miller
d439d8b489 Sync with translationproject.org 2012-02-10 14:30:01 -05:00
Todd C. Miller
dfbd6e429b Got back to using "install-sh -M" for files installed as non-readable 
by owner.  This fixes "make install" as non-root for package building.
 2012-02-10 11:31:54 -05:00
Todd C. Miller
5c941edc97 Sync with translationproject.org 2012-02-09 11:17:35 -05:00
Todd C. Miller
cb66fc6f10 Use -m not -M for install-sh for everything except setuid. 
Install locale .mo files mode 0444, not 0644.
If timedir parent doesn't exist, use default dir mode, not 0700.
 2012-02-09 11:11:58 -05:00
Todd C. Miller
e066ff5caf More complete fix for LDR_PRELOAD on AIX. The addition of 
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD.  Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
 2012-02-06 15:46:17 -05:00
Todd C. Miller
8dd16b63d2 regen 2012-02-06 13:40:24 -05:00
Todd C. Miller
656807823d For PERM_ROOT when using setreuid(), only set the euid to 0 prior 
to the call to setuid(0) if the current euid is non-zero.  This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
 2012-02-06 13:29:19 -05:00
Todd C. Miller
3da971ba33 Better debug subsystem usage 2012-02-02 11:28:33 -05:00
Todd C. Miller
491b4495f5 Fix the sudoers permission check when the expected sudoers mode is 
owner-writable.
 2012-01-31 16:24:57 -05:00
Todd C. Miller
f3f986c75d regen 2012-01-29 14:48:20 -05:00
Todd C. Miller
a5dfea7cd4 For "sudo -g" prepend the specified group ID to the beginning of 
the groups list.  This matches BSD convention where the effective
gid is the first entry in the group list.  This is required on newer
FreeBSD where the effective gid is not tracked separately and thus
setgroups() changes the egid if this convention is not followed.
Fixes bug #532
 2012-01-19 11:03:22 -05:00
Todd C. Miller
0df60d8ec0 Update po files from translationproject.org 2012-01-14 07:19:43 -05:00
Todd C. Miller
ee0fb36d8b regen dependencies 2012-01-13 06:02:17 -05:00
Todd C. Miller
315b998a6d For "visudo -c" also list include files that were checked when 
everything is OK.
 2012-01-11 16:25:39 -05:00
Todd C. Miller
8fd2b8b934 Update Esperanto, Finnish, Polish and Ukrainian translations from 
translationproject.org.
 2012-01-11 07:09:25 -05:00
Todd C. Miller
c30872260f Include locale.h 2012-01-09 15:34:05 -05:00
Todd C. Miller
d5571aa1e0 Need to include gettext.h and sudo_debug.h; from John Hein 2012-01-09 12:36:43 -05:00
Todd C. Miller
373043b4db Initialize the debug framework from the I/O plugin too. 2012-01-09 11:00:59 -05:00
Todd C. Miller
5dd3f0ec56 Enable debugging via sudo.conf. 2012-01-08 12:11:14 -05:00
Todd C. Miller
efbf020d42 Use SUDO_DEBUG_ALIAS for alias checking functions. 2012-01-07 12:24:43 -05:00
Todd C. Miller
0771c981de Update copyright year. 2012-01-06 14:23:55 -05:00
Todd C. Miller
6021ad08cc regen pot files 2012-01-06 13:49:16 -05:00
Todd C. Miller
ae43a19ad6 Enable debugging via sudo.conf. 2012-01-06 13:13:04 -05:00
Todd C. Miller
38526ca149 Enable debugging via sudo.conf. 2012-01-06 10:58:13 -05:00
Todd C. Miller
baa9273dd5 Allow "visudo -c" to work when we only have read-only access to the 
sudoers include files.
 2012-01-06 10:54:30 -05:00
Todd C. Miller
c4ba511613 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a 
bug where a pattern like "/usr/*" include /usr/bin/ in the results,
which would be incorrectly be interpreted as if the sudoers file
had specified a directory.  From Vitezslav Cizek.
 2012-01-05 15:54:00 -05:00
Todd C. Miller
241b1db873 Add --enable-kerb5-instance configure option to allow people using 
Kerberos V authentication to use a custom instance.  Adapted from
a diff by Michael E Burr.
 2012-01-05 15:39:05 -05:00
Todd C. Miller
47bcaf57bc parse_error is now bool, not int 2012-01-04 15:45:27 -05:00
Todd C. Miller
0f5eaa17fd Print a more sensible error if yyparse() returns non-zero but 
yyerror() was not called.
 2012-01-04 15:45:03 -05:00
Todd C. Miller
a1815e17ca Replace y.tab.c with the correct filename in #line directives. 2012-01-04 15:35:49 -05:00
Todd C. Miller
fb3c9f2ca5 Remove support for noexec_file in sudoers and the plugin API 2011-12-20 08:40:55 -05:00
Todd C. Miller
4aa0ccb22b Don't dump interfaces if there are none. 2011-12-20 08:39:01 -05:00
Todd C. Miller
91839036db Add missing %s printf escape to the group_plugin, iolog_dir and 
iolog_file descriptions.
 2011-12-20 08:38:47 -05:00
Todd C. Miller
1f97735fbb Fix typo in visiblepw description; from Joel Pickett 2011-12-18 14:20:56 -05:00
Todd C. Miller
a24d86b32c When running a login shell with a login_class specified, use 
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
 2011-12-08 17:17:25 -05:00
Todd C. Miller
27616d1f3e If srcdir is "." just use the basename of the yacc/lex file when 
generating the C version.  This matches the generated files currently
in the repo.
 2011-12-08 13:41:35 -05:00
Todd C. Miller
31c08fca3e Clean up the DEVEL noise 2011-12-08 12:53:10 -05:00
Todd C. Miller
666d8d6359 Escape values in the search expression as per RFC 4515. 2011-12-07 15:12:22 -05:00
Todd C. Miller
1cec1f4777 No need for install target to depend explicitly on install-dirs, 
the install-foo targets all depend on it.
 2011-12-07 14:33:25 -05:00
Todd C. Miller
9f0abb4692 Add support for setenv entries in login.conf. We can't use LOGIN_SETENV 
since the plugin sets up the envp the command is executed with.
Also regen the Makefile.in files while here.  Fixes bug #527
 2011-12-05 10:43:44 -05:00
Todd C. Miller
38a4990e4a Add getaddrinfo() for those without it, written by Russ Allbery 2011-12-02 17:28:50 -05:00
Todd C. Miller
db3fd558be Remove inaccurate comment 2011-12-02 14:41:32 -05:00
Todd C. Miller
199eeb38d4 Fetch the login class for the user we authenticate specifically when 
using BSD authentication.  That user may have a different login class
than what we will use to run the command.  When setting the login
class for the command, use the target user's struct passwd, not
the invoking user's.  Fixes bug 526
 2011-12-02 14:29:54 -05:00