isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,398 Commits 1 Branch 0 Tags
f54b69b0cc5a29e7c7e17d54fcbd5150f09e3dfd
Commit Graph

515 Commits

Author SHA1 Message Date
Todd C. Miller
7f05a4ff6f Make set_runaspw static void 2008-01-15 14:23:58 +00:00
Todd C. Miller
055bda6261 comment cleanup and update (c) year 2008-01-05 21:27:02 +00:00
Todd C. Miller
28ed51b441 Improve chaining of multiple sudoers sources by passing in the previous return value to the next in the chain 2008-01-05 18:27:18 +00:00
Todd C. Miller
5a6ad03e59 Remove some already fixed XXXs 2008-01-01 22:06:33 +00:00
Todd C. Miller
156c949750 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output. 2008-01-01 21:42:28 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
0a2166272c Make the inability to read the sudoers file a non-fatal error if 
there are other sudoers sources available.
sudoers_file_lookup now returns "not OK" if sudoers was not present
 2007-12-31 19:26:52 +00:00
Todd C. Miller
adfaebdb4d nss-ify display_privs and display_cmnd. 2007-12-31 15:08:30 +00:00
Todd C. Miller
ae2ae34528 Use nsswitch to hide some sudoers vs. ldap implementation details 
and reduce the number of #ifdef LDAP
TODO: fix display routines and error handling
 2007-12-31 12:39:52 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
ff0a538d04 Call cleanup() before exit in log_error() instead of calling 
sudo_ldap_close() directly.  ldap_conn can now be static to sudo.c
 2007-12-17 12:28:51 +00:00
Todd C. Miller
ed88a812ec ld -> ldap_conn 2007-12-17 01:02:44 +00:00
Todd C. Miller
a68ab16dcd Better ldap cleanup. 2007-12-16 19:42:44 +00:00
Todd C. Miller
3592cc0b18 The -i and -s flags can now take an optional command. 2007-12-03 16:36:49 +00:00
Todd C. Miller
74c5dc4fad Add passprompt_override flag to sudoers that will cause the prompt 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
 2007-12-02 17:13:48 +00:00
Todd C. Miller
4efd981d68 Move setting of login class until after sudoers has been parsed. 
Set NewArgv[0] for -i after runas_pw has been set.
 2007-12-02 00:51:32 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
4f5e88532f PAM wants the full tty path so add user_ttypath which holds the 
full path to the tty or is NULL if no tty was present.
 2007-09-13 23:05:34 +00:00
Todd C. Miller
19fa259480 Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00
Todd C. Miller
fa6536920b Be consistent when using single quotes and backticks. 2007-08-20 14:46:40 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings 
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
 2007-08-19 20:48:09 +00:00
Todd C. Miller
d28030c9fd Fix line wrapping in usage() and use the actual tty width instead of 
assuming 80.
 2007-08-18 12:22:16 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00
Todd C. Miller
c939690786 Deal with OSes where sizeof(gid_t) < sizeof(int). 2007-08-14 19:27:27 +00:00
Todd C. Miller
580be13e74 If we can open sudoers but fail to read the first byte, close the 
file stream before trying again.
 2007-08-14 14:04:41 +00:00
Todd C. Miller
5cd49e1e00 Sort SYNOPSIS and sync usage. From Igor Sobrado. 2007-07-22 19:20:42 +00:00
Todd C. Miller
8f0f4743fd rebuild_env() and insert_env_vars() no longer return environment pointer, 
they set environ directly.

No longer need to pass around an envp pointer since we just operate
on environ now.

Add dosync argument to insert_env() that indicates whether it should
reset environ when realloc()ing env.envp.

Use an initial size of 128 for the environment.
 2007-07-18 16:57:31 +00:00
Todd C. Miller
af18ed5e9d Add support for krb5_ccname in ldap.conf. If specified, it will 
override the default value of KRB5CCNAME in the environment for
the duration of the call to ldap_sasl_interactive_bind_s().
 2007-07-15 19:44:46 +00:00
Todd C. Miller
6462c1edd2 Defer setting user-specified env vars until after authentication. 2007-07-09 19:13:38 +00:00
Todd C. Miller
87a95bb3a6 Allow user to set environment variables on the command line as long 
as they are allowed by env_keep and env_check.  Ie: apply the same
restrictions as normal environment variables.
TODO: deal with secure_path
 2007-07-09 17:22:55 +00:00
Todd C. Miller
5919eb1fa6 Call rebuild_env() in call cases. 
Pass original envp to sudo_edit().
Don't allow -E or env var setting in sudoedit mode.
More accurate usage() when called as sudoedit.
 2007-07-08 18:44:28 +00:00
Todd C. Miller
6f1a9c0bc9 Do not update timestamp if user not validated by sudoers. 2007-07-06 18:51:43 +00:00
Todd C. Miller
3d321157a3 fix typo in Solaris project support 2007-07-01 20:55:14 +00:00
Todd C. Miller
49b66be51e Make -- on the command line match the manual page. 
The implied shell case has been simplified as a result.
 2007-07-01 13:07:06 +00:00
Todd C. Miller
879c46e4dd Add support for setting environment variables on the command line. 
This is only allowed if the setenv sudoers options is enabled or if
the command is prefixed with the SETENV tag.
 2007-06-23 23:58:54 +00:00
Todd C. Miller
60b7ac61bf Add Solaris 10 "project" support. From Michael Brantley. 2007-06-19 22:24:51 +00:00
Todd C. Miller
4dcaba90a0 Don't force sudo into the C locale. 2007-06-18 12:57:21 +00:00
Todd C. Miller
7fb914ea0a cleanenv() is no more. 2007-06-11 22:27:43 +00:00
Todd C. Miller
3f2b6b1460 -i is also one of the mutually exclusive options to list it in the 
warning message.  Noted by Chris Pepper.
 2007-04-16 16:13:33 +00:00
Todd C. Miller
c28a289f11 Print sudoers path in -V mode for root. 2006-07-17 12:25:07 +00:00
Todd C. Miller
2d282cd226 cleanup() now takes an int as an arg so it can be used as a signal 
handler too.
 2005-11-18 01:39:59 +00:00
Todd C. Miller
c7140895af Make a copy of the shell field in the passwd struct for NewArgv to avoid 
a use after free situation after sudo_endpwent() is called.
 2005-11-18 01:38:32 +00:00
Todd C. Miller
b2a32d13c0 Move sudo_end{gr,pw}ent() until just before the exec since they 
free up our cached copy of the passwd structs, including sudo_user
and sudo_runas.  Fixes a use-after-free bug.
 2005-11-11 22:23:08 +00:00
Todd C. Miller
69c627658f Enable malloc debugging on OpenBSD when SUDO_DEVEL is set. 2005-11-11 22:17:59 +00:00
Todd C. Miller
c7ea24f2cc Add explicit cast from mode_t -> u_int in printf to silence warnings on Solaris 2005-04-24 23:24:58 +00:00
Todd C. Miller
f261a99f22 In -l mode, only check local sudoers file if def_ignore_sudoers is not set 
and call LDAP versions from display_privs() and display_cmnd() instead
of directly from main().  Because of this we need to defer closing
the ldap connection until after -l processing has ocurred and we
must pass in the ldap pointer to display_privs() and display_cmnd().
 2005-04-12 01:37:08 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00