Add cmnd_stat to struct sudo_user and set it in sudo_goodpath().
No longer use gross statics in command_matches().
Also rename some variables for improved clarity.
these in parse.yacc. Also in parse.yacc initialize the *_matches
vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
when setting *_matches to a value that may be NOMATCH/UNSPEC/TRUE/FALSE.
to edit files with the editor of their choice as the invoking user,
not the runas user. Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
function that just sets error and returns -1. This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally. There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
enum type. Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples. This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.
lecture is now a tuple with the following values: never, once, always
We no longer use both an int and string entry for syslog facilities
and priorities. Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
when possible since that allows us to support the stay_setuid option and
we always know exactly what the semantics will be (various Linux kernels
have broken POSIX saved uid support).
call initgroups() if the target user was root. Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set. Idea from TJ Saunders.
Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
the appropriate function at compile time (setreuid() vs. setuid()).
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
that holds flags to be passed in to tgetpass(). Change echo_off
param to tgetpass() into a flags field. There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
until after the sudoers file has been parsed but since there are now
other options that operate that way this one can too. Based on a patch
from bguillory@email.com.
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
correctly from the sudoers file.
