isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,283 Commits 1 Branch 0 Tags
ce97ca28db2bc09b07d555895bceafac4b8418b3
Commit Graph

109 Commits

Author SHA1 Message Date
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
496c2e287b Add a space after "Password:" in default password prompt so it is 
easier to read when pwfeedback is enabled.
 2014-09-27 10:24:19 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
5086194c67 Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just 
pass back a return value.
 2014-04-30 16:57:12 -06:00
Todd C. Miller
e8bb08cc46 Use calloc() instead of malloc(n * s) followed by memset(). 
From Jean-Philippe Ouellet.
 2014-04-22 16:06:04 -06:00
Todd C. Miller
7d91691e1f Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when 
changing the user.  This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris.  From Gary Winiger; Bug #642
 2014-04-15 07:16:57 -06:00
Todd C. Miller
65c6f34aa4 If pam_open_session() fails don't call pam_getenvlist() with a NULL 
pam handle.
 2013-10-22 14:47:51 -06:00
Todd C. Miller
e54f11ae47 Fix comment. 2013-08-19 09:19:24 -06:00
Todd C. Miller
ebbdee421a Remove now-obsolete arg to env_merge() 2013-08-18 14:33:35 -06:00
Todd C. Miller
f72f47aa1d Call pam_getenvlist() after we've opened the session to get the 
session-specific environment variables.
 2013-08-17 06:22:46 -06:00
Todd C. Miller
91ec1c476c It is not possible for auth to be NULL here. 2013-08-15 15:22:50 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
6dff70db03 Go back to ignoring the return value of pam_setcred() since with 
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another.  If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2013-07-11 17:50:03 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
1162b55040 Rename log_error() -> log_warning() for consistency with warning()/fatal() 2013-04-18 14:14:03 -04:00
Todd C. Miller
e9726e5974 Better PAM error messages 2013-04-11 09:09:53 -04:00
Todd C. Miller
9914cd8a76 Don't add the "Password: " string we look up in the PAM text domain 
to the sudoers.pot file.
 2013-04-09 09:40:36 -04:00
Todd C. Miller
1791721ef2 Only delete creds if we actually established them. 
Print an error if pam_setcred() fails and we actually authenticated.
 2013-03-07 16:17:44 -05:00
Todd C. Miller
9a4bd3cce4 Fix PAM compilation: def_pam_session, not just pam_session. 2013-02-28 08:38:06 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00
Todd C. Miller
a0c53bd751 Call gettext inside log_error et al instead of having the caller do it. This way we can display any messages to the user in their own locale but log in the sudoers local. 2012-11-08 15:37:44 -05:00
Todd C. Miller
989361c275 Pass PAM_SILENT when deleting creds to remove an annoying warning 
message on Solaris.
 2012-04-24 09:48:58 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
cf4562c031 Delete creds after closing the PAM session. 2012-04-23 16:11:49 -04:00
Todd C. Miller
dfc90ff0b1 Instead of treating ^C from tgetpass() specially, always 
return AUTH_INTR if tgetpass() returned NULL.
Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X
returns this when there is no tty.
 2012-04-11 19:51:56 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
6d10909949 Pass a pointer to user_env in to the init_session policy plugin 
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time.  We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
 2012-03-15 09:18:36 -04:00
Todd C. Miller
dd2fcf16d6 Fix typo, return_debug vs. debug_return 2011-11-29 14:41:00 -05:00
Todd C. Miller
6fd3e03857 Prefix authentication functions with a "sudo_" prefix to avoid 
namespace problems.
 2011-11-13 11:46:39 -05:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
bceb5df158 Modify the authentication API such that the init and cleanup functions 
are always called, regardless of whether or not we are going to
verify a password.  This is needed for proper PAM session support.
 2011-09-27 13:18:46 -04:00
Todd C. Miller
c5f8dc95c6 Fix a PAM_USER mismatch in session open/close. We update PAM_USER 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
 2011-09-27 11:13:44 -04:00
Todd C. Miller
d006b00a4f Fix gettext marker. 2011-05-16 16:44:11 -04:00
Todd C. Miller
15bc74bd67 Include libint.h where needed. 2011-05-16 16:37:11 -04:00
Todd C. Miller
b643b190a7 Prepare sudoers module messages for translation. 2011-05-16 16:32:05 -04:00
Todd C. Miller
96b7c1f0f4 Add initial scaffolding to support localization via gettext() 2011-05-04 15:26:31 -04:00
Todd C. Miller
53da5e8cdf Update copyright years. 2011-03-11 15:34:35 -05:00
Todd C. Miller
ae2f7638f5 standardize on "return foo;" rather than "return(foo);" or "return (foo);" 2011-01-24 15:15:18 -05:00
Todd C. Miller
6a52054147 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more useful 
message and return AUTH_FATAL so sudo does not keep trying to validate
the user.
 2010-10-11 09:12:23 -04:00
Todd C. Miller
6ce5c4cd97 If the user hits ^C while a password is being read, error out before 
reading any further passwords in the pam conversation function.
Otherwise, if multiple PAM auth methods are required, the user will
have to hit ^C for each one.
 2010-08-14 10:18:49 -04:00
Todd C. Miller
efbc7f1d57 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug. 
On Linux it causes a DNS lookup via libaudit.
 2010-07-13 08:56:31 -04:00
Todd C. Miller
d9de7b5f8e Add support for a sudo-i pam.d file to be used for "sudo -i". 
Adapted from a RedHat patch.
 2010-07-12 17:57:53 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00