isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
6,178 Commits 1 Branch 0 Tags
cfdc45ea626800f855ca4675ac2c08e5990b2cb1
Commit Graph

748 Commits

Author SHA1 Message Date
Todd C. Miller
cfdc45ea62 No need to preserve ODMDIR on AIX now that we always read 
/etc/environment.
 2012-03-28 08:18:26 -04:00
Todd C. Miller
caf01d98c4 When initializing the environment for env_reset, start out with 
the contents of /etc/environment on AIX and login.conf on BSD.
 2012-03-27 18:57:11 -04:00
Todd C. Miller
12422f928c Quiet a clang-analyzer false positive. 2012-03-27 13:01:45 -04:00
Todd C. Miller
238186abc9 Quiet a clang-analyzer dead store warning. 2012-03-26 11:03:23 -04:00
Todd C. Miller
d9e5ea4814 If the "timestampowner" user cannot be resolved, use ROOT_UID instead 
of exiting with a fatal error.
 2012-03-26 11:02:06 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
413c2accd9 sync with translationproject.org 2012-03-24 13:38:38 -04:00
Todd C. Miller
048a4e3f80 sync with translationproject.org 2012-03-20 14:08:58 -04:00
Todd C. Miller
55d1a1a79d Use ecalloc() when allocating structs. 2012-03-19 11:24:24 -04:00
Todd C. Miller
9eeacad6d9 sync with translationproject.org 2012-03-18 12:47:27 -04:00
Todd C. Miller
c85afe4b9c Remove unused label 2012-03-16 20:13:43 -04:00
Todd C. Miller
2ff9d0318c Remove bogus optimization that could lead to a double free of the 
group list.
 2012-03-16 12:00:32 -04:00
Todd C. Miller
6d10909949 Pass a pointer to user_env in to the init_session policy plugin 
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time.  We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
 2012-03-15 09:18:36 -04:00
Todd C. Miller
0b1baf07ec Add explicit NULL entries for init_session, register_hooks and 
deregister_hooks with appropriate comments.
 2012-03-15 09:02:19 -04:00
Todd C. Miller
b330cbbed8 We should always call warning() with a format string or a string literal. 
In this case, the argument (path) is not user-controlled.
 2012-03-15 08:47:23 -04:00
Todd C. Miller
c3ea638b34 regen 2012-03-14 14:20:55 -04:00
Todd C. Miller
d539c606e0 Fix bogus int -> bool conversion; tags can have a value of -1. 2012-03-12 19:34:19 -04:00
Todd C. Miller
19fc56462d Add env_should_keep() and env_should_delete() wrapper functions to 
simplify things a bit and hide the fact that matches_env_check()
is not bool.
 2012-03-12 16:45:22 -04:00
Todd C. Miller
749784ea5b matches_env_check() returns int, not boolean 2012-03-12 13:53:54 -04:00
Todd C. Miller
1e8f5d4aa4 Use normal error path if unable to set sudoers gid. 2012-03-10 16:38:14 -05:00
Todd C. Miller
7971a5e499 Make this work again on systems w/o seteuid(). 2012-03-10 15:29:46 -05:00
Todd C. Miller
9c2dd5eec6 Fix compilation if no seteuid/setreuid/setresuid available. 2012-03-09 17:28:59 -05:00
Todd C. Miller
b49bb17c3e Better error messages, and added debugging throughout. 
Fixed seteuid() version of set_perms()/restore_perms().
Fixed logic bug in AIX version of restore_perms().
Added checks to avoid changing uid/gid when we don't have to.
Never set gid/uid state to -1, use the old value instead.
 2012-03-09 17:07:41 -05:00
Todd C. Miller
08c6c776c9 Don't read /etc/environment on Linux when using PAM, PAM should set 
the environment variables as needed via pam_env.
 2012-03-08 14:51:03 -05:00
Todd C. Miller
d4a3a5d8b9 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we 
hook setenv.
 2012-03-07 16:38:57 -05:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
a16dee915b Add support for plugin args at the end of a Plugin line in sudo.conf. 
Bump the minor number accordingly and update the documentation.  A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
 2012-03-02 11:04:09 -05:00
Todd C. Miller
c623857fc9 update depends 2012-03-01 13:19:30 -05:00
Todd C. Miller
8d05f0d1b0 Add type param to sudo_secure_path() and add sudo_secure_file() 
and sudo_secure_dir() wrappers which get by #includedir in sudoers.
 2012-02-29 15:50:48 -05:00
Todd C. Miller
35280a8437 Check the owner and mode in -c (check) mode unless the -f option 
is specified.  Previously, the owner and mode were checked on the
main sudoers file when the -s (strict) option was given, but this
was not documented.
 2012-02-28 14:16:39 -05:00
Todd C. Miller
5c970b2179 New Lithuanian sudoers translation from translationproject.org 2012-02-25 13:42:26 -05:00
Todd C. Miller
5802083375 Update from translationproject.org 2012-02-25 13:40:32 -05:00
Todd C. Miller
4f9da8fdaa When adding gids to the LDAP filter, only add the primary gid once. 
This is consistent with the space computation/allocation.
From Eric Lakin
 2012-02-24 15:17:48 -05:00
Todd C. Miller
415454ff59 Relax the user/group/mode checks on sudoers files. As long as the 
file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK.  Note that visudo will still
set the mode to the value specified at configure time.
 2012-02-22 13:04:03 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
6fb0090db9 Fix the description of noexec. 2012-02-21 05:15:48 -05:00
Todd C. Miller
f6fdc909b4 The "op" parameter to set_default() must be int, not bool since it is 
set to '+' or '-' for list add and subtract.
 2012-02-21 05:13:13 -05:00
Todd C. Miller
d439d8b489 Sync with translationproject.org 2012-02-10 14:30:01 -05:00
Todd C. Miller
dfbd6e429b Got back to using "install-sh -M" for files installed as non-readable 
by owner.  This fixes "make install" as non-root for package building.
 2012-02-10 11:31:54 -05:00
Todd C. Miller
5c941edc97 Sync with translationproject.org 2012-02-09 11:17:35 -05:00
Todd C. Miller
cb66fc6f10 Use -m not -M for install-sh for everything except setuid. 
Install locale .mo files mode 0444, not 0644.
If timedir parent doesn't exist, use default dir mode, not 0700.
 2012-02-09 11:11:58 -05:00
Todd C. Miller
e066ff5caf More complete fix for LDR_PRELOAD on AIX. The addition of 
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD.  Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
 2012-02-06 15:46:17 -05:00
Todd C. Miller
8dd16b63d2 regen 2012-02-06 13:40:24 -05:00
Todd C. Miller
656807823d For PERM_ROOT when using setreuid(), only set the euid to 0 prior 
to the call to setuid(0) if the current euid is non-zero.  This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
 2012-02-06 13:29:19 -05:00
Todd C. Miller
3da971ba33 Better debug subsystem usage 2012-02-02 11:28:33 -05:00
Todd C. Miller
491b4495f5 Fix the sudoers permission check when the expected sudoers mode is 
owner-writable.
 2012-01-31 16:24:57 -05:00
Todd C. Miller
f3f986c75d regen 2012-01-29 14:48:20 -05:00
Todd C. Miller
a5dfea7cd4 For "sudo -g" prepend the specified group ID to the beginning of 
the groups list.  This matches BSD convention where the effective
gid is the first entry in the group list.  This is required on newer
FreeBSD where the effective gid is not tracked separately and thus
setgroups() changes the egid if this convention is not followed.
Fixes bug #532
 2012-01-19 11:03:22 -05:00
Todd C. Miller
0df60d8ec0 Update po files from translationproject.org 2012-01-14 07:19:43 -05:00
Todd C. Miller
ee0fb36d8b regen dependencies 2012-01-13 06:02:17 -05:00