isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

54 Commits

Author SHA1 Message Date
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
1b035b5426 Add padding option to cvtsudoers. 
Bug #856
 2018-10-25 08:40:25 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
58445393a7 No need to set input_file for stdin in parse_ldif(); noted by clang analyzer. 2018-08-29 10:57:37 -06:00
Todd C. Miller
4782b22a47 Move ldif -> sudoers conversion code into parse_ldif.c 2018-08-26 20:02:49 -06:00
Todd C. Miller
52d54997ee Move string list functions to their own file. 2018-08-26 19:48:14 -06:00
Todd C. Miller
5d1dddc467 Eliminate most use of parsed_sudoers in cvtsudoers 2018-08-24 10:27:00 -06:00
Todd C. Miller
b2e3adccf3 Make alias_apply() take 3 arguments, the first being a pointer to the 
struct sudoers_parse_tree.
 2018-08-24 09:52:53 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
620070f493 Rename variables now that the string list functions are not ldap-specific. 2018-05-03 10:49:54 -06:00
Todd C. Miller
1bfe03000d Prune alias contents when pruning and expanding aliases. 
This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions.  A better approach would be to call the correct function
from user_matches() and host_matches().
 2018-04-15 08:14:46 -06:00
Todd C. Miller
d85e244c6c Fix cut & pasto that prevented "-d command" from working. 2018-04-14 06:13:44 -06:00
Todd C. Miller
38ff661621 Fix a user after free crash as well as a memory leak when filtering 
Defaults.
 2018-04-13 10:49:05 -06:00
Todd C. Miller
2b2565b2c3 Allow host and user aliases to be specified in match filters. 2018-04-12 06:21:20 -06:00
Todd C. Miller
9e91d3f451 When the -d option is used, remove aliases used by the non-converted 
Defaults settings if the aliases are not also referenced by userspecs.
 2018-04-09 11:13:33 -06:00
Todd C. Miller
7663ae7b27 Add option to prune non-matching entries from cvtsudoers output with -m 
option is used.
 2018-04-04 09:51:05 -06:00
Todd C. Miller
5c1d9899e1 Allow defaults types and suppression list to be specified in 
the config file.
 2018-04-02 07:41:56 -06:00
Todd C. Miller
18ba38ef4c Refactor common alias code out of cvtsudoers and visudo and into alias.c. 2018-04-02 07:41:09 -06:00
Todd C. Miller
dbd5613b1a Avoid NULL deref in an error path. CID 183467 2018-03-29 18:53:53 -06:00
Todd C. Miller
18371cacba No need to initialize the last pointer passed to strtok_r(). 
This was originally added to appease newer gcc but no longer
seems to be required.  CID 183466, CID 183468, CID 183469
 2018-03-29 18:53:51 -06:00
Todd C. Miller
dd545f38ca Add support for "cvtsudoers -d all" 2018-03-28 17:43:58 -06:00
Todd C. Miller
aa402cdc3c Add -d option to control what type of Defaults entries are converted. 2018-03-28 08:33:07 -06:00
Todd C. Miller
14ee65c525 Add -M option to cvtsudoers to force the use of the local passwd 
and group databases when matching.
 2018-03-22 13:24:41 -06:00
Todd C. Miller
8a237eb07d Add cvtsudoers command line option to suppress certain parts of the 
security policy.  Can be used to suppress displaying of Defaults
entries, aliases or privileges.
 2018-03-22 11:38:39 -06:00
Todd C. Miller
821e8a07da Silence a false positive from the clang static analyzer. 2018-03-21 14:55:17 -06:00
Todd C. Miller
fbed17e1a4 Fix memory leak on error path. 2018-03-21 14:43:17 -06:00
Todd C. Miller
bbd3e558b1 Move cvtsudoers string functions into cvtsudoers.c 2018-03-21 13:29:47 -06:00
Todd C. Miller
ff79de8592 Initial support filtering by user, group and host in cvtsudoers. 
Currently forces alias expansion when a filter is applied and the
entire matching user or host list is printed, even the non-matching
entries.  This effectively allows you to grep sudoers by user, group
and host.
 2018-03-21 12:24:11 -06:00
Todd C. Miller
5c36f9dec3 Initial support for adding comments that will be emitted when 
sudoers is formatted.  Currently adds a comment for the source
sudoRole when converting from ldif -> sudoers.
 2018-03-04 07:03:43 -07:00
Todd C. Miller
670d8e6d77 Special case comment lines in lbufs. 2018-03-04 07:03:41 -07:00
Todd C. Miller
c9b70940cf When formatting as sudoers, flush the lbuf after each userspec. 2018-03-03 07:42:10 -07:00
Todd C. Miller
8275ab873f Fix use of uninitialized variable (conf) if sudoers_debug_register() 
happens to fail.
 2018-03-01 10:18:48 -07:00
Todd C. Miller
6f097eb023 We may need the hostname to resolve %h escapes in include files. 2018-02-24 18:46:00 -07:00
Todd C. Miller
b3a0c3272b Setting a sudoOrder start point of 0 will disable creation of 
sudoOrder attributes in the resulting LDIF output.
 2018-02-24 14:35:38 -07:00
Todd C. Miller
111d79b53c Don't need to fill in struct sudo_user since we don't do matching. 2018-02-24 09:28:01 -07:00
Todd C. Miller
5999cfb906 Add support for setting default options in a config file. In 
addition to expand_aliases, input_format and output_format, both
the initial sudoOrder and the increment when updating sudoOrder for
subsequent sudoRole objects can be specified.  Command line options
have also been added for the start order and increment.
 2018-02-24 09:23:14 -07:00
Todd C. Miller
ceea24b965 Initial support for parsing sudoers LDIF files in cvtsudoers. 
This makes it possible to convert from LDAP sudoers to a traditional
sudoers file.  Semantic differences between file sudoers and LDAP
sudoers mean that LDIF -> sudoers is not completely equivalent.
 2018-02-22 09:53:12 -07:00
Todd C. Miller
4f9296928c Add option to cvtsudoers to expand aliases in the output. 2018-02-19 15:32:56 -07:00
Todd C. Miller
64e99328e3 Move sudoers formatting code into fmtsudoers. 2018-02-09 18:22:04 -07:00
Todd C. Miller
dda1d6cef7 Clean up some XXX in parse.c 2018-02-09 18:22:03 -07:00
Todd C. Miller
9d49592f14 Fix compilation with glibc where stdout is not constant. 2018-02-05 06:23:33 -07:00
Todd C. Miller
40c200af18 Add back printing of negation operator ('!') when printing a word 
with spaces in it.
 2018-02-03 06:57:12 -07:00
Todd C. Miller
61b6ae64de When outputting sudoers, if a word includes spaces, print it in 
double quotes.  Also escape spaces in the command path.
 2018-02-03 06:18:47 -07:00
Todd C. Miller
3354cbd021 Add sudoers output format to cvtsudoers. In the future this may 
be used with filters to emit a partial sudoers file instead of a
full one.
 2018-02-02 14:29:19 -07:00
Todd C. Miller
831de0fc8b Add -b option to specify the base dn. 2018-01-28 19:58:10 -07:00
Todd C. Miller
4acaa9c74a Switch the default output format to LDIF 2018-01-28 19:36:16 -07:00
Todd C. Miller
63321f19a9 Revert 04ec05108b2b, change the default input source back to stdin. 2018-01-28 16:11:02 -07:00
Todd C. Miller
681fb2e76e Add ldif backend to cvtsudoers, to replace sudoers2ldif 2018-01-27 20:08:02 -07:00
Todd C. Miller
cc31b3fd40 Parse sudoers in the front end, not the back end. 2018-01-26 17:29:56 -07:00