isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,135 Commits 1 Branch 0 Tags
df7a6ea4e8aa6a6b6acd73c8ec6f0f5865337f28
Commit Graph

2229 Commits

Author SHA1 Message Date
Todd C. Miller
df7a6ea4e8 Don't always expand aliases when formatting a host-based Defaults 
line.  This was missed when expand_aliases support was added.
 2018-04-12 06:25:35 -06:00
Todd C. Miller
2b2565b2c3 Allow host and user aliases to be specified in match filters. 2018-04-12 06:21:20 -06:00
Todd C. Miller
aa900c0f24 Update copyright year. 2018-04-12 05:13:49 -06:00
Todd C. Miller
7a3472cb07 sync with translationproject.org 2018-04-10 16:07:42 -06:00
Todd C. Miller
9e91d3f451 When the -d option is used, remove aliases used by the non-converted 
Defaults settings if the aliases are not also referenced by userspecs.
 2018-04-09 11:13:33 -06:00
Todd C. Miller
8c64cd97d2 regen 2018-04-05 07:00:25 -06:00
Todd C. Miller
512e0be834 Use btime in /proc/stat to determine system start time instead of 
/proc/uptime.  Fixes the process start time test when run from a
container where /proc/uptime is the uptime of the container but the
process start time is relative to the host system boot time.
Bug #829
 2018-04-04 11:28:53 -06:00
Todd C. Miller
7663ae7b27 Add option to prune non-matching entries from cvtsudoers output with -m 
option is used.
 2018-04-04 09:51:05 -06:00
Todd C. Miller
5c1d9899e1 Allow defaults types and suppression list to be specified in 
the config file.
 2018-04-02 07:41:56 -06:00
Todd C. Miller
18ba38ef4c Refactor common alias code out of cvtsudoers and visudo and into alias.c. 2018-04-02 07:41:09 -06:00
Todd C. Miller
dbd5613b1a Avoid NULL deref in an error path. CID 183467 2018-03-29 18:53:53 -06:00
Todd C. Miller
18371cacba No need to initialize the last pointer passed to strtok_r(). 
This was originally added to appease newer gcc but no longer
seems to be required.  CID 183466, CID 183468, CID 183469
 2018-03-29 18:53:51 -06:00
Todd C. Miller
6f66216441 Avoid false positive NULL dereference by uses value.u.string 
instead of name as the former is guaranteed not to be NULL.
Fixes CID 183465.
 2018-03-29 18:53:50 -06:00
Todd C. Miller
b4b5243bff regen 2018-03-29 10:20:26 -06:00
Todd C. Miller
dd545f38ca Add support for "cvtsudoers -d all" 2018-03-28 17:43:58 -06:00
Todd C. Miller
aa402cdc3c Add -d option to control what type of Defaults entries are converted. 2018-03-28 08:33:07 -06:00
Todd C. Miller
6da40a7b5b Fix typo in strcmp(), we are comparing var not val. 2018-03-23 09:54:52 -06:00
Todd C. Miller
30f8174084 regen 2018-03-22 13:30:25 -06:00
Todd C. Miller
14ee65c525 Add -M option to cvtsudoers to force the use of the local passwd 
and group databases when matching.
 2018-03-22 13:24:41 -06:00
Todd C. Miller
8a237eb07d Add cvtsudoers command line option to suppress certain parts of the 
security policy.  Can be used to suppress displaying of Defaults
entries, aliases or privileges.
 2018-03-22 11:38:39 -06:00
Todd C. Miller
af6e1cd7c6 Silence a false positive from the clang static analyzer. 2018-03-21 15:03:17 -06:00
Todd C. Miller
821e8a07da Silence a false positive from the clang static analyzer. 2018-03-21 14:55:17 -06:00
Todd C. Miller
fbed17e1a4 Fix memory leak on error path. 2018-03-21 14:43:17 -06:00
Todd C. Miller
e9512df6b6 regen 2018-03-21 13:33:44 -06:00
Todd C. Miller
bbd3e558b1 Move cvtsudoers string functions into cvtsudoers.c 2018-03-21 13:29:47 -06:00
Todd C. Miller
9ab5dc5f76 regen 2018-03-21 13:29:18 -06:00
Todd C. Miller
ff79de8592 Initial support filtering by user, group and host in cvtsudoers. 
Currently forces alias expansion when a filter is applied and the
entire matching user or host list is printed, even the non-matching
entries.  This effectively allows you to grep sudoers by user, group
and host.
 2018-03-21 12:24:11 -06:00
Todd C. Miller
bc5e2d06a7 Add free_default() to free a struct defaults pointer so we have a 
single place where we free the defaults.  A pointer to the previous
Default's binding may be passed in to avoid freeing an already free
binding.
 2018-03-21 12:11:19 -06:00
Todd C. Miller
910f288948 fix compilation on Solaris 2018-03-10 20:16:20 -07:00
Todd C. Miller
1cb5ab8b9c Make "sudoreplay -m 0" skip the pauses entirely. 2018-03-08 07:53:29 -07:00
Todd C. Miller
24f8e62e75 Update copyright date, remove unneeded include and add a few comments. 2018-03-06 15:59:31 -07:00
Todd C. Miller
e6c0d80fa8 Use fmtsudoers functions in testsudoers. 2018-03-06 15:09:21 -07:00
Todd C. Miller
81a373677a Add test for empty runas user list. 2018-03-06 14:39:11 -07:00
Todd C. Miller
3e7db48284 Don't print an empty user list as ALL. 2018-03-06 14:38:17 -07:00
Todd C. Miller
bb31544fcc In sudoers_format_userspecs make the separator optional and silence 
a printf format warning.
 2018-03-06 13:42:56 -07:00
Todd C. Miller
f984de1ba9 Use correct defines when checking for sysctl kinfo_proc support. 2018-03-06 12:05:07 -07:00
Todd C. Miller
bdbd102c9c Fix crash when converting sudoers entry with a runas list that is 
present but empty.
 2018-03-06 12:00:37 -07:00
Todd C. Miller
217e0a9b4b Less confusing sysctl checks for kinfo_proc. 2018-03-05 17:35:02 -07:00
Todd C. Miller
e26ef96a65 Add case_insensitive_group and case_insensitive_user sudoers options, 
which are enabled by default.
 2018-03-05 10:42:02 -07:00
Todd C. Miller
6014b4075c Kill dead store found by clang-analyzer. 2018-03-04 11:59:45 -07:00
Todd C. Miller
4874068070 Add tests for round-tripping sudoers -> ldif -> sudoers 2018-03-02 11:30:19 -07:00
Todd C. Miller
5c36f9dec3 Initial support for adding comments that will be emitted when 
sudoers is formatted.  Currently adds a comment for the source
sudoRole when converting from ldif -> sudoers.
 2018-03-04 07:03:43 -07:00
Todd C. Miller
670d8e6d77 Special case comment lines in lbufs. 2018-03-04 07:03:41 -07:00
Todd C. Miller
c9b70940cf When formatting as sudoers, flush the lbuf after each userspec. 2018-03-03 07:42:10 -07:00
Todd C. Miller
843213d3de Handle escaped commas when skipping over the cn. 2018-03-04 07:03:38 -07:00
Todd C. Miller
72dd971ee1 Add missing sudoOrder support to parse_ldif(). 2018-03-02 11:27:01 -07:00
Todd C. Miller
8c7f3e791c Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and 
expand support for NOMAIL tags.
 2018-03-02 11:12:14 -07:00
Todd C. Miller
44fc165e7c Don't emit an empty sudoRole for global defaults if there are none. 2018-03-02 10:59:19 -07:00
Todd C. Miller
e96398cac2 Avoid changing the order of non-negated hosts and commands. 
We still put negated hosts/commands at the end of the list.
 2018-03-02 10:58:50 -07:00
Todd C. Miller
e750bae75d Handle parsing boolean options that have no explicit value. 2018-03-02 10:44:33 -07:00