isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,492 Commits 1 Branch 0 Tags
df0fd4153043befd4815e18f3cfca72ae29baf24
Commit Graph

1389 Commits

Author SHA1 Message Date
Todd C. Miller
3cdb944de4 Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw 
or targetpw is set.  Bug #639
 2014-03-19 16:55:37 -06:00
Todd C. Miller
4d712aa903 Don't write an empty timestamp record when timestamp_timeout is 
zero.  If we find an empty record in the timestamp file, overwrite
it with a good one, truncating the file as needed.
 2014-03-17 07:14:55 -06:00
Todd C. Miller
403a48da40 Fix typo/thinko that prevented "Defaults !tty_tickets" from working. 2014-03-13 13:38:42 -06:00
Todd C. Miller
35c41deb41 Fix "sudo -l command" output when the matching command is negated. 
Bug #636
 2014-03-13 08:21:04 -06:00
Todd C. Miller
5c6d2ad689 CWD no longer used. 2014-03-11 09:00:48 -06:00
Todd C. Miller
ee135ea261 Fix diff of toke and err output files in "make check" 2014-03-11 08:52:52 -06:00
Todd C. Miller
8461dc6e24 Fix compiler warning in debug code. 2014-03-06 15:21:49 -07:00
Todd C. Miller
0030bfe7d5 Fix handling of '!' operator when converting sudoers. We now add 
a "negated" boolean flag to objects that have the '!' operator.
 2014-03-04 16:18:35 -07:00
Todd C. Miller
c934882c3e Czech translation for sudoers from translationproject.org 2014-03-01 07:53:17 -07:00
Todd C. Miller
d75e5f6fef Fix typo in setreuid() PERM_ROOT error message. 2014-02-27 16:40:28 -07:00
Todd C. Miller
f2f96d849b Fix conversion of timestamp_timeout from double to struct timeval. 
Also quiet a printf format warning on 32-bit systems.
 2014-02-26 10:29:52 -07:00
Todd C. Miller
b41f5c2d3b Serbian translation for sudoers from translationproject.org. 2014-02-25 17:14:51 -07:00
Todd C. Miller
58341a8bfc When exporting sudoers in JSON format, use the same type of Options 
object for both Defaults and Cmnd_Specs.
 2014-02-24 09:31:14 -07:00
Todd C. Miller
0cdf4407df sync with translationproject.org 2014-02-17 10:31:40 -07:00
Todd C. Miller
c6e310b948 We also need to open the sudoers file as root if there is a GID 
mismatch.
 2014-02-17 10:20:14 -07:00
Todd C. Miller
0a6ec9615b Fix indentation of Defaults entries. The initial indent should be 
outside the loop iterating over the entries.
 2014-02-12 15:00:04 -07:00
Todd C. Miller
198e73b5c8 sync with translationproject.org 2014-02-11 09:55:33 -07:00
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
d748ebe48b Add some initprogname() calls to the test programs. 2014-02-08 06:24:01 -07:00
Todd C. Miller
8b94d558df regen 2014-02-07 15:15:09 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7a1cd11c0d Update copyright year. 2014-02-06 16:00:56 -07:00
Todd C. Miller
f7a419b5f9 Use a default LDAP search filter of (objectClass=sudoRole). When 
constructing the netgroup query, add (sudoUser=*) to the query so
we don't fall below the 3 character OpenLDAP substring threshold.
Otherwise the index for sudoUser will never be used for that query.
Pointed out by Michael Stroeder.
 2014-02-06 15:50:08 -07:00
Todd C. Miller
b299763e34 Don't warn about an insecure lecture dir twice. 
Display warnings in the user's locale.
 2014-02-06 15:46:27 -07:00
Todd C. Miller
85598f77b2 Use inet_pton() instead of inet_aton() and include a version from 
BIND for those without it.
 2014-02-05 10:00:07 -07:00
Todd C. Miller
efd31a31ec Add back boottime.lo 2014-02-03 08:08:54 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
a9a7768d56 regen 2014-02-02 05:23:54 -07:00
Todd C. Miller
32b897ac67 Restore warning when sudoers is unable to update the time stamp file. 2014-02-01 06:11:29 -07:00
Todd C. Miller
aeb5ceead8 Replace --with-timedir and --with-lecture_dir with --with-rundir 
and --with-vardir which are the parent directories of the time stamp
and lecture dirs.  These directories need to be searchable by
non-root so that the timestampowner setting can function.
 2014-02-01 05:57:34 -07:00
Todd C. Miller
fb29e91ef0 Fix use of timestampowner in the new time stamp world order. Parent 
directories for timestampdir and lecture_dir are now created with
the execute bit set so that we can traverse them as non-root.
 2014-02-01 05:47:16 -07:00
Todd C. Miller
a2dc10ece7 Regen Makefiles. 2014-01-31 15:46:25 -07:00
Todd C. Miller
d0f343ba2e Move ctim_get and mtim_get to sudo_util.h 2014-01-31 15:43:34 -07:00
Todd C. Miller
32b4713d6d sprinkle some debug printfs and add function header comments 2014-01-31 15:28:41 -07:00
Todd C. Miller
d7257a63e7 Properly handle the case where /var/run/sudo/ts doesn't exist. 2014-01-31 15:02:31 -07:00
Todd C. Miller
596fc68aca Warn on ftruncate failure(). 2014-01-30 16:24:48 -07:00
Todd C. Miller
63e7aa9942 Fix checking of lecture status. 2014-01-30 16:15:03 -07:00
Todd C. Miller
b813c4de48 Use sudo_timeval macros and remove compat macros from missing.h 2014-01-30 15:51:59 -07:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
db3b776277 When listing a user's privileges, always prompt the user for their 
own password, regardless of the value of target_pw, root_pw or
runas_pw.
 2014-01-29 15:19:45 -07:00
Todd C. Miller
aaecd326e4 Use inet_aton() instead of inet_addr() as it allows us to distinguish 
between the address (or mask 255.255.255.255) and an error.  In the
future we may consider switching to inet_pton() for IPv4 too.
 2014-01-26 13:23:09 -07:00
Todd C. Miller
f6542e90f0 Fix typo in the AIX case. 2014-01-24 09:43:10 -07:00
Todd C. Miller
7e88cc27bf Size pointer for sudo_parseln() should be size_t not ssize_t. 
This was already correct for the nsswitch.conf case.
 2014-01-24 09:39:11 -07:00
Todd C. Miller
4c9650f78f If inet_addr() returns INADDR_NONE, return false instead of iterating 
through the interfaces looking for a match that will never happen.
 2014-01-22 20:48:49 -07:00
Todd C. Miller
ae6fb933f0 Do not assume localtime(), gmtime() and ctime() always return non-NULL. 2014-01-21 16:32:00 -07:00
Todd C. Miller
5a6db565c1 Update copyright years 2014-01-15 06:19:34 -07:00
Todd C. Miller
5f88e95bc9 Eliminate dead store found by clang checker. 2014-01-15 06:13:23 -07:00
Todd C. Miller
bec5786e5e Remove dead store; found by cppcheck 2014-01-13 09:52:41 -07:00
Todd C. Miller
aa93ef78a7 Quiet a few innocuous cppcheck warnings. 2014-01-08 17:01:03 -07:00
Todd C. Miller
57113a536f Handle in_res being NULL for sudo_debug_printf() in sudo_sss_filter_result(). 2014-01-08 16:48:27 -07:00