isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,323 Commits 1 Branch 0 Tags
db9f50f13c819ff9ce5e8760d2a1cf15ec7e84dc
Commit Graph

803 Commits

Author SHA1 Message Date
Todd C. Miller
54cfac04d1 If there are no privs to print, write the message to the lbuf instead 
of printing it directly.
 2012-06-01 16:27:17 -04:00
Todd C. Miller
b406b51da0 No need to loop over atomic_writev(), it guarantees to write all 
data or return an error.

Fix handling of stdout/stderr that contains "\r\n" and handle a
"\r\n" pair that spans a buffer.
 2012-05-30 10:46:02 -04:00
Todd C. Miller
12be3e7f54 Instead of doing extra write()s when replaying stdout, build up a 
vector for writev() instead.  This results in far fewer system
calls.
 2012-05-29 13:46:28 -04:00
Todd C. Miller
7a6cad5026 When replaying a log of stdout or stderr, do newline to carriage 
return + linefeed conversion.  We cannot have termios do this for
us since we've disabled output postprocessing (POST) when setting
raw mode.
 2012-05-25 16:24:42 -04:00
Todd C. Miller
ca9331d498 Add tests for sudoers mode, owner and group checks. 2012-05-21 15:39:24 -04:00
Todd C. Miller
0d82c4c7ee If sudoers_mode is group-readable but the actual sudoers file is 
not, open the file as uid 0, not uid 1.  This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
 2012-05-21 13:59:02 -04:00
Todd C. Miller
4f296fe211 Add basic tests for #include and #includedir 2012-05-18 14:29:55 -04:00
Todd C. Miller
b35cd75533 Add -U sudoers_uid option to testsudoers. 2012-05-18 14:29:29 -04:00
Todd C. Miller
8a7ac44590 Fix #includedir; from Mike Frysinger 2012-05-17 15:42:57 -04:00
Todd C. Miller
2b7659f709 Don't prompt for a password if the user is in the exempt group, is 
root, or is running the command as themselves even if the -k option
was specified.  This makes "sudo -k command" consistent with the
behavior one would get if the user ran "sudo -k" immediately before
running the command.
 2012-05-17 10:20:14 -04:00
Todd C. Miller
0d5a941319 Add missing break between AF_INET and AF_INET6 in addr_matches_if_netmask() 2012-05-14 14:47:48 -04:00
Todd C. Miller
d841ae9cd0 Move systrace monitor code to the attic 2012-05-14 09:47:17 -04:00
Todd C. Miller
0d69580776 Fix an alignment problem on NetBSD systems with a 64-bit time_t and 
strict alignment.  Based on a patch from Martin Husemann.
 2012-05-10 11:06:46 -04:00
Todd C. Miller
c690ac2073 update depends 2012-05-08 16:57:06 -04:00
Todd C. Miller
aa3defa3f0 Only call gr_delref() when use sudo's password caching functions. 2012-05-08 16:39:37 -04:00
Todd C. Miller
75d70b334b Add missing dependency on libreplace.la 2012-05-08 16:38:36 -04:00
Todd C. Miller
994d2ff69a Add group plugin that does lookups by name using the system group 
database.
 2012-05-08 13:35:52 -04:00
Todd C. Miller
4455139d54 sync with translationproject.org 2012-05-08 10:57:07 -04:00
Todd C. Miller
64178f8b67 sync with translationproject.org 2012-05-03 15:46:39 -04:00
Todd C. Miller
4b8982ebde regen 2012-04-24 13:42:28 -04:00
Todd C. Miller
e82b67314c Need to call ldapssl_clientauth_init() for start_tls on Mozilla 
LDAP SDK.
 2012-04-24 12:52:36 -04:00
Todd C. Miller
28268ed99c Fix printing of invalid uri 2012-04-24 10:34:02 -04:00
Todd C. Miller
989361c275 Pass PAM_SILENT when deleting creds to remove an annoying warning 
message on Solaris.
 2012-04-24 09:48:58 -04:00
Todd C. Miller
f6c7ae2519 sudo_ldap_set_options_global() should not take an LDAP handle as 
an argument since the options affect the global settings.
 2012-04-23 19:56:41 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
cf4562c031 Delete creds after closing the PAM session. 2012-04-23 16:11:49 -04:00
Todd C. Miller
cde9f8aa12 Provide a more useful error message if using a Mozilla-style LDAP 
SDK and you forgot to specify TLS_CERT in ldap.conf.
 2012-04-23 15:30:34 -04:00
Todd C. Miller
9f461efd5f Split global and per-connection LDAP options into separate arrays. 
Set global LDAP options before calling ldap_initialize() or ldap_init().
After we have an LDAP handle, set the per-connection options.
Fixes a problem with OpenLDAP using the nss crypto backend; bug #342
 2012-04-23 13:08:57 -04:00
Todd C. Miller
3491dd8189 sync with translationproject.org 2012-04-23 08:12:36 -04:00
Todd C. Miller
4c36371ee1 Add German translation for sudo 
Add Croatian translation for sudoers
 2012-04-19 11:54:15 -04:00
Todd C. Miller
f3ab15b117 typo fix in comment 2012-04-19 11:49:18 -04:00
Todd C. Miller
0ed6753914 Sort xgettext output by file name. 2012-04-16 12:55:11 -04:00
Todd C. Miller
28688e70a2 regen 2012-04-13 16:22:16 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
45fcc29dd6 Sort output of "sudoreplay -l" 2012-04-13 08:35:19 -04:00
Todd C. Miller
dffaeb9cb5 Fix duplicate free introduced in last rev 2012-04-12 15:17:00 -04:00
Todd C. Miller
dfc90ff0b1 Instead of treating ^C from tgetpass() specially, always 
return AUTH_INTR if tgetpass() returned NULL.
Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X
returns this when there is no tty.
 2012-04-11 19:51:56 -04:00
Todd C. Miller
53357633f1 Fix restoration of AIX permissions. 2012-04-09 15:39:01 -04:00
Todd C. Miller
5029c3cdce Plug memory leak in parse_logfile() in the error path. 2012-04-09 09:14:53 -04:00
Todd C. Miller
21f3e0deb2 sync with translationproject.org 2012-04-09 09:09:13 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
7a6664e2e0 If I/O log file includes rows + cols, warn if the user's tty is 
not big enough.
 2012-04-06 16:37:40 -04:00
Todd C. Miller
ce8fd0ea39 Fix printing of TSID in "sudoreplay -l" 2012-04-06 16:34:43 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
087059b295 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". 
Update tty_is_devpts() to match so we can determine when the tty
has been reused.
 2012-04-05 13:21:22 -04:00
Todd C. Miller
2c84bd4d08 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. 
Log the function, file and line number in the debug log for warning()
and error().
 2012-04-05 12:37:15 -04:00
Todd C. Miller
2965dbfccb regen 2012-03-30 15:45:11 -04:00
Todd C. Miller
d00c2f34e8 Use ecalloc() 2012-03-30 15:25:15 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
8cc1507bbf regen 2012-03-28 14:08:28 -04:00