isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
3,516 Commits 1 Branch 0 Tags
f75a034f06d05e5342a920c6ecce6e91446b87f7
Commit Graph

3516 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f75a034f06 Set safe_cmnd after sudoers_lookup() if it has not been set. 
Previously it was set by sudo "ALL" in the parser but at that point
the fully-qualified pathname has not yet been found.
 2004-11-24 21:28:55 +00:00
Todd C. Miller
9c526bdc30 Correctly handle multiple privileges per userspec and runas inheritence. 2004-11-23 23:18:15 +00:00
Todd C. Miller
f2bdbda17f Zero out sd_un for each entry in sudo_defs_table in init_defaults. 2004-11-21 19:09:47 +00:00
Todd C. Miller
77cd81f41d make per-command defaults work with sudoedit 2004-11-19 23:04:14 +00:00
Todd C. Miller
e605070143 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, 
we just set the approriate defaults variable.
 2004-11-19 23:00:28 +00:00
Todd C. Miller
9c954d803f Document per-command Defaults. 2004-11-19 22:09:10 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
0cddfc3684 Change an occurence of user_matches() -> runas_matches() missed previously 
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members.  user_matches() still needs to pass in a passwd struct
because of "sudo -l"
 2004-11-19 20:03:33 +00:00
Todd C. Miller
2c3cff1704 Check def_authenticate, def_noexec and def_monitor when setting return flags. 
XXX May be better to just set the defaults directly and get rid of those flags.
 2004-11-19 19:46:55 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
bb60da6bba Back out part of rev 1.263; fix -I order 2004-11-19 18:30:43 +00:00
Todd C. Miller
faa9a89722 More robust parsing if #include; could be much better still. 2004-11-19 18:12:59 +00:00
Todd C. Miller
6a78b91949 Make arg splitting in visudo and sudoedit consistent. 2004-11-19 17:55:14 +00:00
Todd C. Miller
07139128f7 Split alias routines out into their own file. 2004-11-19 17:35:21 +00:00
Todd C. Miller
55d6af8463 __attribute__ is already defined in compat.h 2004-11-19 17:32:25 +00:00
Todd C. Miller
3f9ee04fbb quit() should not be __noreturn__ as it is non-void on some platforms. 2004-11-19 17:30:22 +00:00
Todd C. Miller
a414762c4e Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-19 17:24:20 +00:00
Todd C. Miller
f38c58574a Clarify comments about the data structures 2004-11-19 16:54:55 +00:00
Todd C. Miller
75ad6b81a2 Add support for VISUAL and EDITOR containing command line args. 
If env_editor is not set any args in VISUAL and EDITOR are ignored.
Arguments are also now supported in def_editor.
 2004-11-18 20:28:53 +00:00
Todd C. Miller
cf02ff7f52 alias_matches() is no more 2004-11-17 19:25:54 +00:00
Todd C. Miller
0e71bf81ac sync 2004-11-17 19:09:21 +00:00
Todd C. Miller
81f5587329 When regenerating the parser, don't replace gram.h unless it has changed. 2004-11-17 18:19:45 +00:00
Todd C. Miller
761695f324 remove Makefile.binary for distclean 2004-11-17 16:56:25 +00:00
Todd C. Miller
b2ef18bbd3 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make sure 
we can't overflow new_env.
 2004-11-17 16:18:33 +00:00
Todd C. Miller
88ce50751e paranoia when stripping trailing slashes from tempdir. 2004-11-17 15:33:45 +00:00
Todd C. Miller
d427384ae4 Set user_ngroups to 0 if getgroups() returns an error. 2004-11-17 00:00:48 +00:00
Todd C. Miller
f7f282ba13 Add configure check for getgroups() 2004-11-16 23:59:56 +00:00
Todd C. Miller
fc85c6f02d Use supplementary group vector in struct sudo_user. 2004-11-16 23:55:26 +00:00
Todd C. Miller
596d1ef5a4 Only do string comparisons on the group members if there is no 
supplemental group list.
 2004-11-16 23:40:58 +00:00
Todd C. Miller
cfbf7768ff sync 2004-11-16 21:10:22 +00:00
Todd C. Miller
900db20f7a On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so 
chop off any trailing slashes we see and add an explicit one.
 2004-11-16 20:54:37 +00:00
Todd C. Miller
0ed2557959 remove bogus XXX comment 2004-11-16 17:02:58 +00:00
Todd C. Miller
3e97ace970 Get rid of alias_matches and correctly fall through to the non-alias 
cases when there is no alias with the specified name.
 2004-11-16 16:10:09 +00:00
Todd C. Miller
4620e8fa6f Cache non-existent passwd/group entries too. 2004-11-16 15:47:55 +00:00
Todd C. Miller
7679efc432 regen 2004-11-16 15:45:49 +00:00
Todd C. Miller
8680307dbd fix typo 2004-11-16 04:32:29 +00:00
Todd C. Miller
9846e562ad Implement group caching and use the passwd and group caches throughout. 2004-11-16 04:24:11 +00:00
Todd C. Miller
fd46c2c3ef Properly negate the return value of alias_matches() when appropriate. 2004-11-15 19:43:47 +00:00
Todd C. Miller
61ba998eec Make hostname_matches() return TRUE for a match, else FALSE like the 
caller expects.
 2004-11-15 19:38:31 +00:00
Todd C. Miller
cf356ed802 Add missing dependencies on gram.h 2004-11-15 18:24:09 +00:00
Todd C. Miller
814103ee29 Use runas_matches in alias_matches() now that we have it. 2004-11-15 18:06:11 +00:00
Todd C. Miller
74169a83e0 Expand aliases in "sudo -l" mode 2004-11-15 18:00:29 +00:00
Todd C. Miller
d076091ab3 Use ALIAS for the member type when storing an alias instead of 
HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on
the more generic type.  Expand runas_matches instead of calling
user_matches() inside of it since user_matches() looks up USERALIASes,
not RUNASALIASes.
 2004-11-15 17:33:52 +00:00
Todd C. Miller
77cb1b56aa Paranoia; zero out pw_passwd before freeing passwd entry. 2004-11-15 17:05:54 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
244eec5cdb Use userpw_matches() to compare usernames, not strcmp(), since the latter 
checks for "#uid".
 2004-11-15 14:59:03 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid, 
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
 2004-11-15 14:53:05 +00:00
Todd C. Miller
99158cc7ef add cast to uid_t 2004-11-15 14:50:03 +00:00
Todd C. Miller
7ee6d68151 missing free in alias_destroy 2004-11-15 14:49:48 +00:00
Todd C. Miller
ec431b4e3b Can't use rbapply() for rbdestroy since the destructor is passed a 
data pointer, not a node pointer.
 2004-11-15 14:49:17 +00:00