isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,930 Commits 1 Branch 0 Tags
db17cadaf65c7fc85d54c9f1a126136f6a9297b0
Commit Graph

832 Commits

Author SHA1 Message Date
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
cec6b1708a Regenerate .man.in files from .mdoc.in 2020-02-02 16:13:05 -07:00
Todd C. Miller
b35cc96f0e Update documentation for setbase when the given base is NULL. 2020-02-02 16:12:39 -07:00
Todd C. Miller
790f8bb629 Document audit plugin in the sudo_plugin manual. 2020-01-30 20:57:40 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Robert Manner
9294108cd6 doc/sudo_plugin_python: update doc about the multiple I/O plugin loading 2020-01-23 12:46:14 -07:00
Todd C. Miller
f4716a75e4 Document new tls_verify setting. 2020-01-23 11:42:08 -07:00
Todd C. Miller
07a2965bab Document TCP keepalive options in the manual pages. 2020-01-22 11:07:01 -07:00
Todd C. Miller
b8e1422e84 Add proper diacritical to Róbert's name. 2020-01-22 10:48:31 -07:00
Todd C. Miller
5913c63642 Add abs_top_srcdir and abs_top_builddir and use them. 
Configure provides absolution versions of srcdir, builddir, top_srcdir
and top_builddir.  We can use these instead of calling pwd.
 2020-01-20 06:37:42 -07:00
Todd C. Miller
0ab02b8a16 Fix mdoc lint warnings by removing .Pp before and after .Ss. 2020-01-17 09:47:52 -07:00
Todd C. Miller
c9f26ebbb4 Remove whitespace at the end of the line in example sudo.conf 2020-01-17 09:47:52 -07:00
Todd C. Miller
e7480c3410 Add newline before list of artwork authors. 2020-01-10 10:42:39 -07:00
Todd C. Miller
bf68dce053 Update copyright year. 2020-01-10 10:26:12 -07:00
Todd C. Miller
b141213a10 Add Robert Manner 2020-01-07 09:46:07 -07:00
Todd C. Miller
b527ac3fb5 Update sample sudo.conf with all supported settings. 
The deprecated "max_groups" setting is not documented.
 2020-01-02 14:07:30 -07:00
Todd C. Miller
8aa815643f Remove POD-style C<> markup (typewriter font) from sudo.conf 2020-01-02 13:12:27 -07:00
Robert Manner
3f890e4db8 doc/sudo_plugin_python: indent code examples for easier readability 2020-01-02 11:53:08 -05:00
Robert Manner
9871f7e37b doc/sudo.conf: document developer_mode option 2020-01-02 11:53:08 -05:00
Todd C. Miller
a76b7543bf fix typo in previous 2019-12-31 07:48:57 -07:00
Todd C. Miller
a8c39ea81b Changes in sudo 1.8.30 2019-12-31 06:02:19 -07:00
Todd C. Miller
79e52c7764 Substitute @prefix@ in for the example paths. 
We can't use @exampledir@ here since it contains Makefile variables.
 2019-12-23 07:27:54 -07:00
Todd C. Miller
5dcc28180e Add sudo_plugin_python manual page. 
Based on markdown docs from Robert Manner.
 2019-12-21 12:54:55 -07:00
Todd C. Miller
a441580540 Update SUDO_CONV_REPL_MAX in docs. 2019-12-14 12:40:55 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
d0b80b404c Replace timeleft with pending in sudo plugin event API. 2019-12-07 08:42:10 -07:00
Todd C. Miller
d98022177e Document log_server_cabundle, log_server_peer_cert and log_server_peer_key 2019-12-06 13:23:51 -07:00
Todd C. Miller
a1e61f5ac0 Sync init_session() prototype with sudo_plugin.h and fix a typo. 2019-12-05 16:57:12 -07:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00
Todd C. Miller
b31b830518 Document the process of creating self-signed certificates for sudo_logsrvd. 
Based on a document from Laszlo Orban.
 2019-11-19 14:29:40 -07:00
Todd C. Miller
368e12b0f9 If there is no session or terminal group ID, pass the plugin a value of 0. 
This behavior already matches what is documented in the sudo_plugin
manual for "sid" but the "tcpgid" entry needed to be updated.
 2019-11-18 16:25:52 -07:00
Todd C. Miller
f913249dd0 Rename "log_server" in sudoers to "log_servers" to match I/O plugin. 2019-11-18 09:39:03 -07:00
Todd C. Miller
82fea739af Add Laszlo Orban 2019-11-17 06:44:09 -07:00
Todd C. Miller
4bb2b2f605 regen 2019-11-16 19:14:40 -07:00
Todd C. Miller
366a63ce58 Change TLS example file locations to be under /etc/ssl/sudo. 2019-11-16 19:13:53 -07:00
Todd C. Miller
49c09ee2d8 Document sudo_logsrvd TLS configuration. 2019-11-16 13:01:49 -07:00
Todd C. Miller
d8ccf11c58 Document the log_server and log_server_timeout options 2019-11-15 13:41:52 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
da82b16fc4 Add sudo logo designers 2019-11-11 19:57:39 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
e6fe02d646 Reference timestamp_type and timestamp_timeout in sudoers. 
This should help users find details on how time stamp files work.
 2019-11-01 12:42:41 -06:00
Todd C. Miller
955fa11b53 Clear the write bit on the timing file for completed logs. 
This allows us to tell whether or not a log can be restarted.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
1df3230c2a Document the sudo log server protocol 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
8a16e62a88 Import protobuf-c source since to avoid an external dependency. 
The files generated with protoc-c are not standalone.
We need to include protobuf-c.c and protobuf-c.h from the protobuf-c
distribution too.  Building protoc-c requires a relative recent
version of gcc which limits its portability.
 2019-10-24 20:04:30 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00