isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,267 Commits 1 Branch 0 Tags
e82b67314c47cf3fa55f5123d039980e73f441b8
Commit Graph

783 Commits

Author SHA1 Message Date
Todd C. Miller
e82b67314c Need to call ldapssl_clientauth_init() for start_tls on Mozilla 
LDAP SDK.
 2012-04-24 12:52:36 -04:00
Todd C. Miller
28268ed99c Fix printing of invalid uri 2012-04-24 10:34:02 -04:00
Todd C. Miller
989361c275 Pass PAM_SILENT when deleting creds to remove an annoying warning 
message on Solaris.
 2012-04-24 09:48:58 -04:00
Todd C. Miller
f6c7ae2519 sudo_ldap_set_options_global() should not take an LDAP handle as 
an argument since the options affect the global settings.
 2012-04-23 19:56:41 -04:00
Todd C. Miller
23b7a1fa5c Call the policy's init_session() function before we fork the child. 
That way, the session is created and destroyed in the same process,
which is needed by some modules, such as  pam_mount.
 2012-04-23 16:38:16 -04:00
Todd C. Miller
cf4562c031 Delete creds after closing the PAM session. 2012-04-23 16:11:49 -04:00
Todd C. Miller
cde9f8aa12 Provide a more useful error message if using a Mozilla-style LDAP 
SDK and you forgot to specify TLS_CERT in ldap.conf.
 2012-04-23 15:30:34 -04:00
Todd C. Miller
9f461efd5f Split global and per-connection LDAP options into separate arrays. 
Set global LDAP options before calling ldap_initialize() or ldap_init().
After we have an LDAP handle, set the per-connection options.
Fixes a problem with OpenLDAP using the nss crypto backend; bug #342
 2012-04-23 13:08:57 -04:00
Todd C. Miller
3491dd8189 sync with translationproject.org 2012-04-23 08:12:36 -04:00
Todd C. Miller
4c36371ee1 Add German translation for sudo 
Add Croatian translation for sudoers
 2012-04-19 11:54:15 -04:00
Todd C. Miller
f3ab15b117 typo fix in comment 2012-04-19 11:49:18 -04:00
Todd C. Miller
0ed6753914 Sort xgettext output by file name. 2012-04-16 12:55:11 -04:00
Todd C. Miller
28688e70a2 regen 2012-04-13 16:22:16 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
45fcc29dd6 Sort output of "sudoreplay -l" 2012-04-13 08:35:19 -04:00
Todd C. Miller
dffaeb9cb5 Fix duplicate free introduced in last rev 2012-04-12 15:17:00 -04:00
Todd C. Miller
dfc90ff0b1 Instead of treating ^C from tgetpass() specially, always 
return AUTH_INTR if tgetpass() returned NULL.
Treat PAM_AUTHINFO_UNAVAIL like PAM_AUTH_ERR which Mac OS X
returns this when there is no tty.
 2012-04-11 19:51:56 -04:00
Todd C. Miller
53357633f1 Fix restoration of AIX permissions. 2012-04-09 15:39:01 -04:00
Todd C. Miller
5029c3cdce Plug memory leak in parse_logfile() in the error path. 2012-04-09 09:14:53 -04:00
Todd C. Miller
21f3e0deb2 sync with translationproject.org 2012-04-09 09:09:13 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
7a6664e2e0 If I/O log file includes rows + cols, warn if the user's tty is 
not big enough.
 2012-04-06 16:37:40 -04:00
Todd C. Miller
ce8fd0ea39 Fix printing of TSID in "sudoreplay -l" 2012-04-06 16:34:43 -04:00
Todd C. Miller
c8ce3a0a85 Log the process id in the debug file output. Since we don't want 
to keep calling getpid(), stash the value at init time and when we
fork().
 2012-04-06 15:20:16 -04:00
Todd C. Miller
087059b295 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". 
Update tty_is_devpts() to match so we can determine when the tty
has been reused.
 2012-04-05 13:21:22 -04:00
Todd C. Miller
2c84bd4d08 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. 
Log the function, file and line number in the debug log for warning()
and error().
 2012-04-05 12:37:15 -04:00
Todd C. Miller
2965dbfccb regen 2012-03-30 15:45:11 -04:00
Todd C. Miller
d00c2f34e8 Use ecalloc() 2012-03-30 15:25:15 -04:00
Todd C. Miller
aecb5206e2 Fix compiler warnings on some platforms and provide a better method 
of defeating gcc's warn_unused_result attribute.
 2012-03-29 10:33:40 -04:00
Todd C. Miller
8cc1507bbf regen 2012-03-28 14:08:28 -04:00
Todd C. Miller
5ff23fb854 Use error() instead of log_fatal() 2012-03-28 13:47:49 -04:00
Todd C. Miller
b78ca957a3 Fix signedness of didvar in env_update_didvar() 2012-03-28 13:39:37 -04:00
Todd C. Miller
e3e2397cba Quiet a compiler warning on some platforms. 2012-03-28 13:17:11 -04:00
Todd C. Miller
ea2fd83b35 Undo an incorrect int -> bool conversion. 2012-03-28 10:51:22 -04:00
Todd C. Miller
a142d780c7 Add Swedish sudo and sudoers translations from translationproject.org 2012-03-28 09:56:26 -04:00
Todd C. Miller
cfdc45ea62 No need to preserve ODMDIR on AIX now that we always read 
/etc/environment.
 2012-03-28 08:18:26 -04:00
Todd C. Miller
caf01d98c4 When initializing the environment for env_reset, start out with 
the contents of /etc/environment on AIX and login.conf on BSD.
 2012-03-27 18:57:11 -04:00
Todd C. Miller
12422f928c Quiet a clang-analyzer false positive. 2012-03-27 13:01:45 -04:00
Todd C. Miller
238186abc9 Quiet a clang-analyzer dead store warning. 2012-03-26 11:03:23 -04:00
Todd C. Miller
d9e5ea4814 If the "timestampowner" user cannot be resolved, use ROOT_UID instead 
of exiting with a fatal error.
 2012-03-26 11:02:06 -04:00
Todd C. Miller
44ce5720de Remove the NO_EXIT flag to log_error() and add a log_fatal() function 
that exits and is marked no_return.  Fixes false positives from
static analyzers and is easier for humans to read too.
 2012-03-26 10:59:14 -04:00
Todd C. Miller
413c2accd9 sync with translationproject.org 2012-03-24 13:38:38 -04:00
Todd C. Miller
048a4e3f80 sync with translationproject.org 2012-03-20 14:08:58 -04:00
Todd C. Miller
55d1a1a79d Use ecalloc() when allocating structs. 2012-03-19 11:24:24 -04:00
Todd C. Miller
9eeacad6d9 sync with translationproject.org 2012-03-18 12:47:27 -04:00
Todd C. Miller
c85afe4b9c Remove unused label 2012-03-16 20:13:43 -04:00
Todd C. Miller
2ff9d0318c Remove bogus optimization that could lead to a double free of the 
group list.
 2012-03-16 12:00:32 -04:00
Todd C. Miller
6d10909949 Pass a pointer to user_env in to the init_session policy plugin 
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time.  We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
 2012-03-15 09:18:36 -04:00
Todd C. Miller
0b1baf07ec Add explicit NULL entries for init_session, register_hooks and 
deregister_hooks with appropriate comments.
 2012-03-15 09:02:19 -04:00
Todd C. Miller
b330cbbed8 We should always call warning() with a format string or a string literal. 
In this case, the argument (path) is not user-controlled.
 2012-03-15 08:47:23 -04:00