isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,626 Commits 1 Branch 0 Tags
e90fa482f917100d46b0534b5b36d8a9e8abeb8c
Commit Graph

4626 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
48eee67e55 Only set std_prompt for the PAM_PROMPT_* cases. The conversation function 
may be called for non-password reading purposes so we must be careful
not to use def_prompt in cases where it may not be set.
 2008-02-22 20:19:34 +00:00
Todd C. Miller
1a347284ea Don't free the new tty context, we need to keep it around when we restore the tty context after the command completes 2008-02-20 17:00:40 +00:00
Todd C. Miller
361280501f s/newrole/sudo/ 2008-02-19 21:04:20 +00:00
Todd C. Miller
c2378eb4d1 Only put login_cap(3) in SEE ALSO section if we have login.conf support 2008-02-19 18:21:41 +00:00
Todd C. Miller
795a303ea1 regen 2008-02-18 16:05:20 +00:00
Todd C. Miller
b072179192 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
2b4e67ff8e Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
ef16f80a32 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
a228c72091 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
cf6bca4b07 Substitute in comment characters for lines partaining to login.conf, 
BSD auth and SELinux and only enable them if pertinent.
 2008-02-18 15:53:33 +00:00
Todd C. Miller
7a1e2dfb59 Remove the =cut on the first line (above the copyright notice) to quiet 
pod2man.  Also remove the hackery in the FILES section and just deal
with the fact that there will a newline between each pathname.
 2008-02-18 15:42:43 +00:00
Todd C. Miller
07daaa3903 run sudo.man.pl when generating sudo.man.in 2008-02-17 13:19:49 +00:00
Todd C. Miller
279ee07ee0 comment out SELinux manual bits unless --with-selinux was specified 2008-02-17 13:11:38 +00:00
Todd C. Miller
229b231461 document role and type defaults for SELinux 2008-02-17 13:04:45 +00:00
Todd C. Miller
211be00ccb Document "sudo -ll" and make "sudo -l -l" be equivalent. 2008-02-17 01:26:23 +00:00
Todd C. Miller
506285209d Treat k*bsd*-gnu like Linux, not BSD. 
Fixes compilation problems on Debian GNU/kFreeBSD.
 2008-02-15 20:23:54 +00:00
Todd C. Miller
dd2c345be9 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of verify_krb_v5_tgt() 2008-02-13 22:17:14 +00:00
Todd C. Miller
04bb8f00fc Remove dependence on VALIDATE_NOT_OK in logging functions. 
Split log_auth() into log_allowed() and log_denial()
Replace mail_auth() with should_mail() and a call to send_mail()
 2008-02-13 12:28:37 +00:00
Todd C. Miller
4f5d9371a3 Add debugging so we can tell if the krb5 ccache is accessible 2008-02-10 23:06:19 +00:00
Todd C. Miller
ebae55854a mention --with-selinux 2008-02-10 22:34:40 +00:00
Todd C. Miller
9635907f29 regen 2008-02-09 14:48:21 +00:00
Todd C. Miller
cc47d67b4f add Sudo tag 2008-02-09 14:43:32 +00:00
Todd C. Miller
4c992e1901 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:07 +00:00
Todd C. Miller
c7a2ef7a1e Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
5d20923c2f Add long list (sudo -ll) support for printing verbose LDAP and sudoers 
file entries.  Still need to update manual.
 2008-02-08 13:18:12 +00:00
Todd C. Miller
3c7b76bb54 Unify the -l output for file and ldap based sudoers and use lbufs for both. 
The ldap output does not currently include options that cannot be represented
as tags.  This will be remedied in a long list output mode to come.
 2008-02-03 15:43:38 +00:00
Todd C. Miller
8e33f63484 Use a specific error message for errno == EAGAIN when setuid() et al fails. 
On Linux systems setuid() will fail with errno set to EAGAIN if changing
to the new uid would result in a resource limit violation.
 2008-01-27 21:37:54 +00:00
Todd C. Miller
72656eaf3b Unlimit nproc on Linux systems where calling the setuid() family 
of syscalls causes the nroc resource limit to be checked.  The
limits will be reset by pam_limits.so when PAM is used.  In the
non-PAM case the nproc limit will remain unlimited but there doesn't
seem to be a way around that other than having sudo parse
/etc/security/limits.conf directly.
 2008-01-27 21:34:41 +00:00
Todd C. Miller
801860b298 Only read /etc/environment on Linux and AIX 2008-01-27 21:31:27 +00:00
Todd C. Miller
f0dc1caa45 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent 
ldap.conf and ldap.secret paths from going into config.h.
Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
since in some versions of bash they will end up literally in the resulting
define.
 2008-01-23 11:33:27 +00:00
Todd C. Miller
cc346a5ecf mention --with-nsswitch=no 2008-01-21 18:22:51 +00:00
Todd C. Miller
48df9c481b ldap_ssl.h depends on ldap.h being included first 2008-01-21 16:43:10 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength 
defines on HP-UX at least.
 2008-01-21 16:07:42 +00:00
Todd C. Miller
870334373d sync 2008-01-21 15:04:40 +00:00
Todd C. Miller
40fb31c0a5 sync 2008-01-21 15:02:46 +00:00
Todd C. Miller
bc5772f798 regen 2008-01-21 15:01:37 +00:00
Todd C. Miller
b54eff661f Use 78n line length when formatting cat pages. 2008-01-21 15:00:54 +00:00
Todd C. Miller
57a6ebde5d Remove redundant info that is now in sudoers.ldap.pod 2008-01-21 14:50:54 +00:00
Todd C. Miller
a48e85e1ab Reorganize the first section a bit. Substitute the proper path for 
/etc/sudoers.
 2008-01-20 21:18:56 +00:00
Todd C. Miller
e1db0d126f Substitute values for ldap.conf, ldap.secret and nsswitch.conf 
Move schema into EXAMPLES
 2008-01-20 15:17:35 +00:00
Todd C. Miller
c268627f90 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into 
sudoers.ldap.man.
 2008-01-20 15:15:47 +00:00
Todd C. Miller
49f2264ad6 substitute for sudoers.ldap.man 2008-01-20 01:35:54 +00:00
Todd C. Miller
32d57a928d Fix cut & pasto introduced when adding sudoers.ldap man page. 2008-01-20 01:34:44 +00:00
Todd C. Miller
961a79b743 Fill in some of the missing pieces. Still needs some reorganization and 
editing.
 2008-01-20 01:25:39 +00:00
Todd C. Miller
907be979cb Beginnings of a sudoers.ldap man page. Currently, much of the information 
is adapted from README.LDAP.
 2008-01-19 20:06:09 +00:00
Todd C. Miller
2a5a01c22d When copying gr_mem we must guarantee that the storage space for 
gr_mem is properly aligned.  The simplest way to do this is to
simply store gr_mem directly after struct group.  This is not a
problem for gr_passwd or gr_name as they are simple strings.
 2008-01-18 22:32:52 +00:00
Todd C. Miller
09c1189d1b Fix a typo/thinko in one of the calls to sudo_ldap_check_user_netgroup(). 
From Marco van Wieringen.
 2008-01-18 21:47:05 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
5fc4d8fa10 Make sure we define SIZE_MAX for yacc's skeleton.c 2008-01-16 23:20:35 +00:00