isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,027 Commits 1 Branch 0 Tags
cd30e84743eddb30dc5e21e76a78fbaa4dc40cdc
Commit Graph

77 Commits

Author SHA1 Message Date
Todd C. Miller
cd30e84743 Define LDAPNOINIT before calling ldap_init(), etc. to disable user 
ldaprc and system defaults that could affect how LDAP works.
 2008-01-01 19:01:42 +00:00
Todd C. Miller
d6e9445a6a no longer need to check def_ignore_local_sudoers here 2007-12-31 21:44:46 +00:00
Todd C. Miller
b289130680 belt and suspenders; zero out result after freeing it 2007-12-31 21:10:49 +00:00
Todd C. Miller
926dcd0bcc Refactor line reading into a separate function, sudo_parseln(), 
which removes comments, leading/trailing whitespace and newlines.
May want to rethink the use of sudo_parseln() for /etc/ldap.secret
 2007-12-31 20:04:46 +00:00
Todd C. Miller
09439030f6 make it clear that the global options are from LDAP 2007-12-31 19:24:10 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
1a69e42d95 include limits.h 2007-12-21 21:20:30 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying 
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
 2007-12-19 19:28:57 +00:00
Todd C. Miller
f60e1d3cb7 fix compilation on solaris 2007-12-19 19:25:10 +00:00
Todd C. Miller
dbe2b9e4f3 fix LDAP_OPT_NETWORK_TIMEOUT setting 2007-12-18 14:54:45 +00:00
Todd C. Miller
3be9fcbedb fix compilation on Solaris 2007-12-18 01:10:10 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors. 
Only the OpenLDAP flavor has been tested.
 2007-12-17 12:31:40 +00:00
Todd C. Miller
c5b5f0cfd7 Distinguish between LDAP conf settings that are connection-specific 
(which take an ld pointer) and those that are default settings (which do not).
 2007-12-16 19:08:05 +00:00
Todd C. Miller
06e6097a49 Improved warnings on error. 2007-12-14 21:46:31 +00:00
Todd C. Miller
7c1889af15 Make ldap config table driven and set the config *after* we open the 
connection.
 2007-12-14 20:59:17 +00:00
Todd C. Miller
6acbe17288 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define 2007-12-13 21:41:58 +00:00
Todd C. Miller
ae98617dfe add -g support for LDAP 2007-12-08 00:09:28 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
e6c0ba72f3 s/setenv_ok/setenv_implied/g 2007-11-21 18:50:47 +00:00
Todd C. Miller
fff47a319a hostname_matches() returns TRUE on match in sudo 1.7. 2007-11-21 18:44:48 +00:00
Todd C. Miller
4a39e1bebe use strcmp, not strcasecmp when comparing ALL 2007-11-21 18:26:59 +00:00
Todd C. Miller
6751e9a9cd Make sudo ALL imply setenv. Note that unlike with file-based sudoers 
this does affect all the commands in the sudoRole.
 2007-11-21 16:41:49 +00:00
Todd C. Miller
19ff128f31 back out partial ldaps support mistakenly committed 2007-09-04 22:51:35 +00:00
Todd C. Miller
84a22a2d52 Add support for unix groups and netgroups in sudoRunas 2007-09-04 14:57:14 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
3a96b6de4f Add support for using gss_krb5_ccache_name() instead of setting 
KRB5CCNAME.  Also use sudo_unsetenv() in the non-gss_krb5_ccache_name()
case if there was no KRB5CCNAME in the original environment.
TODO: configure setup for gss_krb5_ccache_name()
 2007-07-16 23:40:54 +00:00
Todd C. Miller
f5ad187edf Add support for sasl_secprops in ldap.conf 2007-07-16 22:44:07 +00:00
Todd C. Miller
328a6b493b The ldap.conf variable is sasl_auth_id not sasl_authid. 2007-07-16 11:27:41 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
8cb8c55f94 Fix use_sasl vs. rootuse_sasl logic. 2007-07-15 16:47:53 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server. 
Adapted from a diff by Tom McLaughlin.
 2007-07-15 13:23:20 +00:00
Todd C. Miller
16166fc5e6 warn -> warning 2007-07-08 18:41:17 +00:00
Todd C. Miller
296680928d Do a sub tree search instead of a base search (one level in the 
tree only) for sudo right objects.  This allows system administrators
to categorize the rights in a tree to make them easier to manage.
 2006-06-15 18:44:42 +00:00
Todd C. Miller
7c588a0143 Convert GET_OPT and GET_OPTI to use just 2 args. 
Add timelimit and bind_timelimit support; adapted from gentoo.
 2005-12-04 17:16:36 +00:00
Todd C. Miller
920c811687 Support comments that start in the middle of a line 2005-11-23 23:57:10 +00:00
Todd C. Miller
4e86b1d74a Remove ncat() in favor of just counting bytes and pre-allocating what is 
needed.
 2005-06-27 00:10:06 +00:00
Todd C. Miller
73730b872b Fix up some comments 
Add missing fclose() for the rootbinddn case
 2005-06-26 23:44:30 +00:00
Todd C. Miller
380d3c8c7b align struct ldap_config 2005-06-26 23:38:44 +00:00
Todd C. Miller
76f3c652d6 use LINE_MAX for max conf file line size 2005-06-26 23:37:54 +00:00
Todd C. Miller
3b30d7514a Support rootbinddn in ldap.conf 2005-06-25 22:03:10 +00:00
Todd C. Miller
9800e99ffc Don't set safe_cmnd for the "sudo ALL" case. 2005-06-23 02:57:18 +00:00
Todd C. Miller
fe4f33ab94 Reorganize LDAP code to better match normal sudoers parsing. Instead 
of storing strings for later printing in -l mode we do another query
since the authenticating user and the user being listed may not be
the same (the new -U flag).  Also add support for "sudo -l command".

There is still a fair bit if duplicated code that can probably
be refactored.
 2005-04-12 01:33:23 +00:00
Todd C. Miller
b8cbf50a38 Replace pass variable with do_netgr for better readability. 2005-04-11 04:37:49 +00:00
Todd C. Miller
3f84e1b18d use DPRINTF macro 2005-04-11 03:49:46 +00:00
Todd C. Miller
f1d67a9b34 estrdup, not strdup 2005-04-11 03:18:38 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
e3c99d9c84 Removed duplicate call to ldap_unbind_s introduced along with sudo_ldap_close. 2005-03-27 02:34:25 +00:00