isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,243 Commits 1 Branch 0 Tags
ee2bdd2488ce14ff66cf8fa3fdd416f1684b995f
Commit Graph

47 Commits

Author SHA1 Message Date
Todd C. Miller
006427345c Restore RLIMIT_NPROC after the uid switch if it appears that runas_setup() 
did not do it for us.  Fixes a bash script problem on SuSE with RLIMIT_NPROC
set to RLIM_INFINITY.
 2010-07-16 14:05:03 -04:00
Todd C. Miller
e6b48d415c Replace built-in non-unix group support with a sudoers group plugin. 
Include a sample plugin that can read Unix-format group files.
 2010-07-02 11:11:25 -04:00
Todd C. Miller
30fe4a067c Set usrinfo for AIX 
Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.
 2010-06-29 13:08:05 -04:00
Todd C. Miller
4fb8a83e6f Fix -A flag when askpass is specified in sudo.conf or if sudo doesn't need 
to read a password.
 2010-06-15 15:11:10 -04:00
Todd C. Miller
f64bb67c6c Clean up some XXXs 2010-06-15 15:01:11 -04:00
Todd C. Miller
c2f8d24f20 Check for dup2() failure. 2010-06-15 09:02:23 -04:00
Todd C. Miller
a28a4764e6 Print configure args with verbose version information. 2010-06-11 10:53:44 -04:00
Todd C. Miller
879d01796c Print sudo version as well. 2010-06-10 14:25:25 -04:00
Todd C. Miller
34613c8465 Use a flag bit in struct command_details for selinux instead of a separate 
field.
 2010-06-09 16:25:44 -04:00
Todd C. Miller
4c1ef12648 Implement background mode. If I/O logging we use pipes instead of a pty. 2010-06-09 16:19:45 -04:00
Todd C. Miller
edd34a2d7e Add selinux_enabled flag into struct command_details and 
set it in command_info_to_details().
Return an error from selinux_setup() instead of exiting.
Call selinux_setup() from exec_setup().
 2010-06-08 17:59:18 -04:00
Todd C. Miller
2b8fc46e2c Fix symbol name conflict with sudo_printf. 2010-06-02 11:10:04 -04:00
Todd C. Miller
d2d68aa24d Re-enable cleanup functions in sudoers plugin and sudo driver 
for error()/errorx().
 2010-05-28 12:15:14 -04:00
Todd C. Miller
9773ba3f79 Rename script_execve to sudo_execve and rename script_foo in exec.c 2010-05-27 16:46:31 -04:00
Todd C. Miller
f8f82ffa8e Rename script_setup() to pty_setup() and call from script_execve() 
directly.
 2010-05-27 16:29:48 -04:00
Todd C. Miller
7e6d1d1f7d Add init_session function to struct policy_plugin that gets called 
before the uid/gid/etc changes.  A struct passwd pointer is passed in,which may be NULL if the user does not exist in the passwd database.The sudoers module uses init_session to open the pam session as needed.
 2010-05-27 14:46:39 -04:00
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
20c125297f Avoid possible malloc(0) if plugin returns an empty groups list. 2010-05-20 17:10:16 -04:00
Todd C. Miller
9360e67a3d Add debugging info when calling plugin close function 2010-05-20 17:01:53 -04:00
Todd C. Miller
55ef027d88 Add argc and argv to I/O logger open function. 2010-05-17 10:38:56 -04:00
Todd C. Miller
fa717176b2 Remove check_sudoedit function pointer in struct sudo_policy. 
Instead, sudo will set sudoedit=true in the settings array.
The plugin should check for this and modify argv_out as appropriate
in check_policy.
 2010-05-17 10:25:27 -04:00
Todd C. Miller
3ac9aee52e If plugin sets "sudoedit=true" in the command info, enable 
sudoedit mode even if not invoked as sudoedit.  This allows
a plugin to enable sudoedit when the user runs an editor.
 2010-05-16 19:27:04 -04:00
Todd C. Miller
7c9c5855fd Change how we handle the sudoedit argv. We now require that there 
be a "--" in argv to separate the editor and any command line arguments
from the files to be edited.
 2010-05-13 17:11:31 -04:00
Todd C. Miller
fdd28d411f Work in progress support for sudoedit. The actual interface used by the 
plugin for sudoedit is likely to change.
 2010-05-13 14:09:21 -04:00
Todd C. Miller
9fbec34fed Add pointer to a printf like function to plugin open functon. 
This can be used instead of the conversation function to display
info and error messages.
 2010-05-04 19:17:31 -04:00
Todd C. Miller
f19be6da31 Handle plugin's open function returning -2 (usage error). 2010-04-13 09:36:43 -04:00
Todd C. Miller
0494774f30 Call the I/O log open function before the I/O version function. 2010-04-11 17:13:11 -04:00
Todd C. Miller
44341c9c15 Main sudo should not block signals; the plugin should do this in 
check_policy.
 2010-04-01 06:35:19 -04:00
Todd C. Miller
e17f1e5cbd Delay calling the I/O plugin open function until the policy plugin 
returns success.
 2010-03-28 08:41:06 -04:00
Todd C. Miller
43ea59f64f Fix iteration over runas_groups list. 2010-03-22 18:08:17 -04:00
Todd C. Miller
7af5cdfaf4 Fix setting of groups list 2010-03-22 08:26:05 -04:00
Todd C. Miller
6b180d24da Fix the -s and -i flags and add support for the "implied_shell" 
option.  If the user does not specify a command, sudo will now pass
in the path to the user's shell and set impied_shell=true.  The
plugin can them either check the command normally or return -2 to
cause sudo to print a usage message and exit.
 2010-03-21 08:54:06 -04:00
Todd C. Miller
eec5235d19 Rewrite compat/getprogname.c and add setprogname(). 
The progname is now passed to the plugin via the settings array.
 2010-03-19 07:52:31 -04:00
Todd C. Miller
038ec569de Use number of tty columns that is passed in user_info instead of 
getting it directly in the lbuf code.
 2010-03-17 21:25:32 -04:00
Todd C. Miller
96a98bed4b Add tty size to user info 2010-03-17 10:36:02 -04:00
Todd C. Miller
ee223889c1 Wire up invalidate and validate methods for sudoers 2010-03-15 20:24:55 -04:00
Todd C. Miller
4e938c0074 Wire up SIGALRM handler 
Set close on exec flag for child side of the socketpair
Fix signal handling when not doing I/O logging
 2010-03-06 14:34:23 -05:00
Todd C. Miller
d73f580f5a g/c unused SIGCHLD handler 2010-03-06 14:29:32 -05:00
Todd C. Miller
cc23068c2a Don't use emalloc() in fmt_string(); we want to be able to use it from 
a plugin.
 2010-03-06 14:29:04 -05:00
Todd C. Miller
c857c74e3a Convert to ANSI C 2010-03-04 20:18:22 -05:00
Todd C. Miller
f145264ee0 Refactor script_execve() a bit so that it can be used in non-script 
mode.  Needs more cleanup.
 2010-02-27 16:53:56 -05:00
Todd C. Miller
157b7805cf Ignore empty entries in command_info list 2010-02-27 13:36:30 -05:00
Todd C. Miller
9e5ff964ad Make user_details extern so tgetpass can get at the uid and gid. 
Set uid/gid to user before executing askpass program.
Check environment for SUDO_ASKPASS and use that if set.
TODO: a way for the policy to set the askpass program itself
 2010-02-24 19:53:45 -05:00
Todd C. Miller
f3b2c9ac1d No longer need sudo_usage.h in sudo.c 2010-02-24 07:49:16 -05:00
Todd C. Miller
c2aaf8fbfb Make sudo_debug do a single vfprintf() which will result in a single 
write call on most systems.  Avoids problems with interleaved debug
printf from different processes.  Also remove an extraneous error case
since recv() can't return a short read and add some more XXX.
 2010-02-21 10:24:27 -05:00
Todd C. Miller
abb431b363 Wire up debug_level 2010-02-20 13:25:10 -05:00
Todd C. Miller
b6a4cf7233 Modular sudo front-end which loads policy and I/O plugins that do 
most the actual work.  Currently relies on dynamic loading using
dlopen().  See doc/plugin.pod for the plugin API.
 2010-02-20 09:41:49 -05:00