isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,027 Commits 1 Branch 0 Tags
cd30e84743eddb30dc5e21e76a78fbaa4dc40cdc
Commit Graph

4027 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cd30e84743 Define LDAPNOINIT before calling ldap_init(), etc. to disable user 
ldaprc and system defaults that could affect how LDAP works.
 2008-01-01 19:01:42 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
d2de8d5fed Honor def_ignore_local_sudoers 2008-01-01 18:12:00 +00:00
Todd C. Miller
d6e9445a6a no longer need to check def_ignore_local_sudoers here 2007-12-31 21:44:46 +00:00
Todd C. Miller
4d8f37f4bd Refactor group vector resetting into a function and also call it 
from display_cmnd.
Stop after the first sucessful match in display_cmnd.
Print a newline between each display_privs method.
 2007-12-31 21:36:53 +00:00
Todd C. Miller
36b221af26 fix double free introduced in rev 1.218 2007-12-31 21:23:46 +00:00
Todd C. Miller
b289130680 belt and suspenders; zero out result after freeing it 2007-12-31 21:10:49 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
09439030f6 make it clear that the global options are from LDAP 2007-12-31 19:24:10 +00:00
Todd C. Miller
e6d707b2d3 allocate proper amount of space for error string 2007-12-31 19:13:06 +00:00
Todd C. Miller
de3bb58929 actual sudo nss code 2007-12-31 15:24:57 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
3008bb494a move update_defaults() to parse.c 2007-12-31 12:54:47 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
1a69e42d95 include limits.h 2007-12-21 21:20:30 +00:00
Todd C. Miller
12b86ef41b reword LDAP SASL 2007-12-20 15:02:51 +00:00
Todd C. Miller
d7090332e5 sync 2007-12-19 21:40:47 +00:00
Todd C. Miller
e60093477e Add an example sudoRole, clarify netscape vs. openldap a bit more 2007-12-19 21:39:00 +00:00
Todd C. Miller
9dc049ccf4 Be clear on what is OpenLDAP vs. Netscape-derived 2007-12-19 19:42:16 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
f60e1d3cb7 fix compilation on solaris 2007-12-19 19:25:10 +00:00
Todd C. Miller
9ed999b7a5 add missing .h and .c files for missing lib objs 2007-12-19 19:23:07 +00:00
Todd C. Miller
dbe2b9e4f3 fix LDAP_OPT_NETWORK_TIMEOUT setting 2007-12-18 14:54:45 +00:00
Todd C. Miller
3be9fcbedb fix compilation on Solaris 2007-12-18 01:10:10 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
6aa8308750 try to clear up which variables are for OpenLDAP and which are for netscape-derived SDKs 2007-12-17 13:08:29 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
ed88a812ec ld -> ldap_conn 2007-12-17 01:02:44 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
c5b5f0cfd7 Distinguish between LDAP conf settings that are connection-specific 
(which take an ld pointer) and those that are default settings (which do not).
 2007-12-16 19:08:05 +00:00
Todd C. Miller
06e6097a49 Improved warnings on error. 2007-12-14 21:46:31 +00:00
Todd C. Miller
7c1889af15 Make ldap config table driven and set the config *after* we open the 
connection.
 2007-12-14 20:59:17 +00:00
Todd C. Miller
6acbe17288 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define 2007-12-13 21:41:58 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00
Todd C. Miller
5ae3bb2dd3 minor update 2007-12-10 22:12:34 +00:00
Todd C. Miller
51d8416545 regen 2007-12-10 15:56:23 +00:00
Todd C. Miller
3e7a467e81 sync 2007-12-08 00:17:21 +00:00
Todd C. Miller
ae98617dfe add -g support for LDAP 2007-12-08 00:09:28 +00:00
Todd C. Miller
3592cc0b18 The -i and -s flags can now take an optional command. 2007-12-03 16:36:49 +00:00
Todd C. Miller
74c5dc4fad Add passprompt_override flag to sudoers that will cause the prompt 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
 2007-12-02 17:13:48 +00:00
Todd C. Miller
4efd981d68 Move setting of login class until after sudoers has been parsed. 
Set NewArgv[0] for -i after runas_pw has been set.
 2007-12-02 00:51:32 +00:00
Todd C. Miller
c148eb52d6 Move the dgettext check. 2007-12-02 00:34:54 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM 
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
 2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
a85dd4b861 Fix typos; Martynas Venckus 2007-11-27 17:13:03 +00:00
Todd C. Miller
9c5696978c Don't assume runas_pw is set; it may not be in the -g case. 2007-11-26 00:26:42 +00:00