isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,934 Commits 1 Branch 0 Tags
f190bcf94b066d64c0d21b55bc72f149be90522c
Commit Graph

5934 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f190bcf94b Don't print garbage at the end of the custom lecture. 2011-11-12 13:08:13 -05:00
Todd C. Miller
ab437ae6c3 Add lexer tracing as debug@parser 2011-11-12 12:41:44 -05:00
Todd C. Miller
09beba8259 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and 
<def_data.h> and not "def_data.h" when generating the parser in a
build dir.
 2011-11-12 12:18:44 -05:00
Todd C. Miller
f375ee5f01 Better devdir support in mkdep.pl 2011-11-08 15:05:10 -05:00
Todd C. Miller
98790cd0cf Add devdir before srcdir in include path and fix up dependecies 
accordingly.
 2011-11-08 14:10:34 -05:00
Todd C. Miller
0bf68d2103 #include "gram.h" not <gram.h> and "def_data.h" and not <def_data.h>. 2011-11-08 14:09:48 -05:00
Todd C. Miller
1d7722a544 Mark libexec files as optional. If we build without shared object 
support, libexec is not used.
 2011-11-08 08:38:21 -05:00
Todd C. Miller
e58b232740 Change Debug sudo.conf setting to take a program name as the first 
argument.  In the future, this will allow visudo and sudoreplay to
use their own Debug entries.
 2011-11-08 08:24:45 -05:00
Todd C. Miller
5d2c01e3d3 fix sudo_debug_printf priority 2011-11-08 08:22:48 -05:00
Todd C. Miller
6fa91f5697 add missing debug_return_int 2011-11-08 08:22:07 -05:00
Todd C. Miller
3ee9cef0da Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR 2011-11-07 16:33:49 -05:00
Todd C. Miller
d0eb3ae6a0 Add missing word in HOME security note. 2011-11-07 15:52:29 -05:00
Todd C. Miller
cf7ad29f49 Prevent "testsudoers -d username" from trying to malloc(0). 2011-11-07 08:44:05 -05:00
Todd C. Miller
a83507ccd1 Tests for empty sudoers (should parse OK) and syntax errors within 
a line (should report correct line number) both with and without
the trailing newline.
 2011-11-06 17:04:55 -05:00
Todd C. Miller
9fddb9eed7 Print line number when there is a parser error. 2011-11-06 17:00:40 -05:00
Todd C. Miller
bd881c26e8 Keep track of the last token returned. On error, if the last token was 
COMMENT, decrement sudolineno since the error most likely occurred on
the preceding line.  Previously we always uses sudolineno-1 which will
give the wrong line number for errors within a line.
 2011-11-05 07:37:14 -04:00
Todd C. Miller
d2963dda74 update with sudo 1.8.3p1 info 2011-11-03 09:31:44 -04:00
Todd C. Miller
ab803d88b5 Fix crash when "sudo -g group -i" is run. Fixes bug 521 2011-11-03 09:31:20 -04:00
Todd C. Miller
922add7801 Make alias_remove_recursive() return TRUE/FALSE as its callers 
expect and remove two unused arguments.  Fixes bug 519.
 2011-10-26 10:42:30 -04:00
Todd C. Miller
c55b5c9e18 Add regress test for bugzilla 519 2011-10-26 10:20:32 -04:00
Todd C. Miller
300265019f Disable warning/error wrapping in regress tests. 2011-10-26 10:19:48 -04:00
Todd C. Miller
4b3efd497f Do compile-po as part of sync-po so that the .mo files get rebuild 
automatically when we sync with translationproject.org
 2011-10-25 14:54:38 -04:00
Todd C. Miller
85cd642d37 check_addr needs to link with the network libraries on Solaris 2011-10-25 14:50:54 -04:00
Todd C. Miller
6973ed5eb4 When matching a RunasAlias for a runas group, pass the alias in as 
the group_list, not the user_list.  From Daniel Kopecek.
 2011-10-25 10:34:31 -04:00
Todd C. Miller
9b2c889812 We need to init the auth system regardless of whether we need a 
password since we will be closing the PAM session in the monitor
process.  Fixes a crash in the monitor on Solaris; bugzilla #518
 2011-10-25 10:08:26 -04:00
Todd C. Miller
ab75dd2e30 Get rid of done: label. If the child exits we still need to close 
the pty, update utmp and restore the SELinux tty context.
 2011-10-24 11:14:20 -04:00
Todd C. Miller
839919566e Add debug_decl/debug_return (almost) everywhere. 
Remove old sudo_debug() and convert users to sudo_debug_printf().
 2011-10-22 14:40:21 -04:00
Todd C. Miller
9923464d96 Wrap error/errorx and warning/warningx functions with debug statements. 
Disable wrapping for standalone sudoers programs as well as memory
allocation functions (to avoid infinite recursion).
 2011-10-22 14:28:33 -04:00
Todd C. Miller
749a7695d0 Add checks for __func__ and __FUNCTION__ and mention that we now 
require a cpp that supports variadic macros.
 2011-10-22 14:20:52 -04:00
Todd C. Miller
53e3ad11b5 New debug framework for sudo and plugins using /etc/sudo.conf that 
also supports function call tracing.
 2011-10-22 14:00:52 -04:00
Todd C. Miller
697caf8df3 Update Japanese sudoers translation from translationproject.org 2011-10-21 09:00:42 -04:00
Todd C. Miller
8ef560b85c Override and ignore the --disable-static option. Sudo already runs 
libtool with -tag=disable-static where applicable and we need non-PIC
objects to build the executables.
 2011-10-12 08:24:13 -04:00
Todd C. Miller
ce8b4e53a5 Add sudoedit fix 2011-10-10 15:52:47 -04:00
Todd C. Miller
3f526029ae regen pot files 2011-10-10 15:50:41 -04:00
Todd C. Miller
b7a6107702 Ignore set_logname (which is now the default) for sudoedit since 
we want the LOGNAME, USER and USERNAME environment variables to
refer to the calling user since that is who the editor runs as.
This allows the editor to find the user's startup files.
Fixes bugzilla #515
 2011-10-10 13:10:24 -04:00
Todd C. Miller
a6602fa0e4 Instead of trying to grow the buffer in make_grlist_item(), simply 
increase the total length, free the old buffer and allocate a new
one.  This is less error prone and saves us from having to adjust
all the pointers in the buffer.  This code path is only taken when
there are groups longer than the length of the user field in struct
utmp or utmpx, which should be quite rare.
 2011-10-10 11:10:59 -04:00
Todd C. Miller
dd3902e115 Add Italian translation for sudo from translationproject.org 2011-10-10 11:00:09 -04:00
Todd C. Miller
82dd8f65fd Japanese translation for sudo and sudoers from translationproject.org 2011-10-10 06:45:28 -04:00
Todd C. Miller
fb49b16e4a sudoreplay depends on timestr.lo too; from Mike Frysinger 2011-10-07 16:09:48 -04:00
Todd C. Miller
063c6ee60a Regen sudoers pot file. 2011-10-04 12:32:05 -04:00
Todd C. Miller
a4378bd94c Update with latest sudo 1.8.3 news 2011-10-04 12:22:08 -04:00
Todd C. Miller
930122d346 It appears that LDAP or NSS may modify the euid so we need to be 
root for the open().  We restore the old perms at the end of
sudoers_policy_open().
 2011-10-04 11:15:06 -04:00
Todd C. Miller
b743b77a0d Better warning message on setuid() failure for the setreuid() 
version of set_perms().
 2011-10-04 11:13:28 -04:00
Todd C. Miller
45ad681cd6 Delref auth_pw at the end of check_user() instead of getting a ref 
twice.
 2011-09-27 16:21:21 -04:00
Todd C. Miller
1e93d1fbb6 Make sudo_auth_{init,cleanup} return TRUE on success and check for 
sudo_auth_init() return value in check_user().
 2011-09-27 15:41:22 -04:00
Todd C. Miller
4540a7525e Do not return without restoring permissions. 2011-09-27 15:22:08 -04:00
Todd C. Miller
de684e5d2c regen pot files 2011-09-27 14:07:18 -04:00
Todd C. Miller
bceb5df158 Modify the authentication API such that the init and cleanup functions 
are always called, regardless of whether or not we are going to
verify a password.  This is needed for proper PAM session support.
 2011-09-27 13:18:46 -04:00
Todd C. Miller
c21595044d Add missing dependency for getspwuid.lo and regen other depends. 2011-09-27 13:15:48 -04:00
Todd C. Miller
c5f8dc95c6 Fix a PAM_USER mismatch in session open/close. We update PAM_USER 
to the target user immediately before setting resource limits, which
is after the monitor process has forked (so it has the old value).
Also, if the user did not authenticate, there is no pamh in the
monitor so we need to init pam here too.  This means we end up
calling pam_start() twice, which should be fixed, but at least the
session is always properly closed now.
 2011-09-27 11:13:44 -04:00