Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Sudo Project

Provide privileged access management for the masses.
Collective - Host: opensource - https://opencollective.com/sudo-project - Website: https://www.sudo.ws - Code: https://github.com/sudo-project

Add forward declaration of struct timeval for deprecated APIs.

github.com/sudo-project/sudo - c321b3e6099e623210ade75b0280c0b78e6cd0f1 authored almost 5 years ago by Todd C. Miller <[email protected]>
Fix compilation on systems with SIGRTMIN/SIGRTMAX but not _SC_RTSIG_MAX.

github.com/sudo-project/sudo - 4347ed90d4d35418e3344919015a6a90cb8080e5 authored almost 5 years ago by Todd C. Miller <[email protected]>
Older systems may not support WCONTINUED.

github.com/sudo-project/sudo - 291221c698748fed68498a4428046a61f859b19e authored almost 5 years ago by Todd C. Miller <[email protected]>
Support systems that have nl_langinfo(3) but not the CODESET define.

Fixes compilation on old NetBSD versions.

github.com/sudo-project/sudo - 58d50f44cd482b1decef80bbeb6bb08f847c3673 authored almost 5 years ago by Todd C. Miller <[email protected]>
Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2

github.com/sudo-project/sudo - 8b571c59a5e9a704d02b693c277ea3d02f32caae authored almost 5 years ago by Todd C. Miller <[email protected]>
Move init.d and sudo.pp to the etc dir.

github.com/sudo-project/sudo - c6f8f4b545838df172cbe707ae2de6fdec6b9eab authored almost 5 years ago by Todd C. Miller <[email protected]>
Add cfmakeraw() for systems without it.

github.com/sudo-project/sudo - 4690d3ecf69d50910d2480b4df38249a88ed2f1a authored almost 5 years ago by Todd C. Miller <[email protected]>
Remove indent.pro from MANIFEST

github.com/sudo-project/sudo - 1b10ac03eaca99e837050430eae465f4f2183eb4 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add uncrustify.files to ignore file.

github.com/sudo-project/sudo - d089bd94e6376292aa4c5bf57f0f8add182961fd authored almost 5 years ago by Todd C. Miller <[email protected]>
Substitute @prefix@ in for the example paths.

We can't use @exampledir@ here since it contains Makefile variables.

github.com/sudo-project/sudo - 79e52c7764e7191b3f45d64db755a414588e85cc authored almost 5 years ago by Todd C. Miller <[email protected]>
debug_decl and debug_decl_vars now require a semicolon at the end.

github.com/sudo-project/sudo - 486ee2b71fe74ebec90131edb3cd161b4907a837 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add sudo_plugin_python manual page.

Based on markdown docs from Robert Manner.

github.com/sudo-project/sudo - 5dcc28180e3b6a5cd7a601c6792e189909fe742d authored almost 5 years ago by Todd C. Miller <[email protected]>
Output the name of the limit when warning about setrlimit or getrlimit.

From Kimmo Suominen.

github.com/sudo-project/sudo - 4392b5726e6310bf1e6199d3036165e300cdaef1 authored almost 5 years ago by Todd C. Miller <[email protected]>
regen

github.com/sudo-project/sudo - 96a03a0891e026a540ba2a2b2c26ca2b77233198 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add python module files to MANIFEST

github.com/sudo-project/sudo - 42732821fde1ac85da345633274fb1b52a1fce47 authored almost 5 years ago by Todd C. Miller <[email protected]>
plugins/python: a plugin which can load policy/io plugin written in python

github.com/sudo-project/sudo - babdcbd03166317e785c804eff9d161bc5f611fc authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: example plugin demonstrating conversation and debug API

github.com/sudo-project/sudo - 4ad362dd8fbd1c0809444dc41f69bd4b5eddf17c authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add example io python plugin

github.com/sudo-project/sudo - ee856cc4ba6b3a8cc0e4d5599d4020e1724ac4a6 authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add example python policy plugin

github.com/sudo-project/sudo - d8432fca340e35454d3f46b2c784f1816f396f02 authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add example python group plugin

github.com/sudo-project/sudo - 523bcbedb6cef347ae54031b7ef7d2e180cdb1e4 authored almost 5 years ago by Robert Manner <[email protected]>
Makefile.in: fix calling log2cl when doing out of source build

If doing build out of source and not calling configure by absolute path,
$(top_srcdir) variable ...

github.com/sudo-project/sudo - 80fa75f0e80a0569bcbee395ed24649fe55bab04 authored almost 5 years ago by Robert Manner <[email protected]>
src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option

It can be used to disable the enforcement that a plugin (shared object or
an imported python mod...

github.com/sudo-project/sudo - c0d53d75eb9c738e9e241b0789a4d6d9345aee9a authored almost 5 years ago by Robert Manner <[email protected]>
lib/util/sudo_debug.c: add a function for querying if debugging is needed

for a level.
Rationale: this way we can avoid computing details for the log which will
not happe...

github.com/sudo-project/sudo - 6710048c8dccadeb3f32fd0a047a964b70a2e0fe authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add ImportBlocker which forbids loading unsafe python modules

If non root can alter any imported python modules, he is able to run
anything he would like to a...

github.com/sudo-project/sudo - a6bac23babe9f864d286e7f3a4c119b6b301e79d authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add sudo debug helpers

github.com/sudo-project/sudo - 311cf122e248eaf71251da0d552c55305f5c9d75 authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: add a sudo python module

github.com/sudo-project/sudo - 9b49d44e84dd09e9ae94fed8aad826c95d30b843 authored almost 5 years ago by Robert Manner <[email protected]>
plugins/python: make group plugin able to debug

It does not get the debug settings, so it looks them up through
sudo_conf.

github.com/sudo-project/sudo - d888d4459487b0a4e8cc9c987d5f794a2cd04801 authored almost 5 years ago by Robert Manner <[email protected]>
Makefile.in, configure.ac: add python plugin build

github.com/sudo-project/sudo - 91e6bf8ccd4847cf31c4b6d47a1f1c4dfcf54cc4 authored almost 5 years ago by Robert Manner <[email protected]>
Update SUDO_CONV_REPL_MAX in docs.

github.com/sudo-project/sudo - a441580540e7fe6ebcd4b2d09ccf879612f6697d authored almost 5 years ago by Todd C. Miller <[email protected]>
Remove uncrustify.files in clean target

github.com/sudo-project/sudo - 9f4409c256b84e5d0577b72a43d46ac4343db65e authored almost 5 years ago by Todd C. Miller <[email protected]>
Add uncrustify config file for new sudo code style.

github.com/sudo-project/sudo - 60328e5c7e5e7853d805e1cf286fed2608dd6c17 authored almost 5 years ago by Todd C. Miller <[email protected]>
Bump SUDO_CONV_REPL_MAX from 255 to 1023

github.com/sudo-project/sudo - 3a0445af9c6a6588db2d1e3af9a7f2c4aa39876e authored almost 5 years ago by Todd C. Miller <[email protected]>
Minor style cleanups.

Remove extraneous break after return statement.
Convert two old K&R function declarations.

github.com/sudo-project/sudo - 3ec23ad5e15fb9d2f2db4b992b6bf0a577f11bc1 authored almost 5 years ago by Todd C. Miller <[email protected]>
Save/restore the raw form of the file context in case mctrans is not available.

github.com/sudo-project/sudo - 718e6997fcaae6ea065ce74d08dd4aae5917df5e authored almost 5 years ago by Todd C. Miller <[email protected]>
Add runas_check_shell flag to require a runas user to have a valid shell.

Not enabled by default.

github.com/sudo-project/sudo - b14d633ec61ee446fc27e186f97abd7efb6564ae authored almost 5 years ago by Todd C. Miller <[email protected]>
Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs.

Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it. T...

github.com/sudo-project/sudo - df8f06609c2c7841a30f40fbb706c071240177a8 authored almost 5 years ago by Todd C. Miller <[email protected]>
Use cfmakeraw() in sudo_term_raw() instead of doing it manually.

github.com/sudo-project/sudo - d7b4f88658ad8afea426323ad7c0f28c680bec4b authored almost 5 years ago by Todd C. Miller <[email protected]>
Fix event loop called via I/O log close function.

We need to set events that were pending in the old base in the new one.
Fixes sending the final I...

github.com/sudo-project/sudo - 9d737441f48405fb3003a149f706e5edee40a76f authored almost 5 years ago by Todd C. Miller <[email protected]>
Replace timeleft with pending in sudo plugin event API.

github.com/sudo-project/sudo - d0b80b404ca9f6a8ba5f37991e9ff7449ffcd08b authored almost 5 years ago by Todd C. Miller <[email protected]>
Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft().

github.com/sudo-project/sudo - bf3b93f080f679f402785dc5aadade5aa1e4a07a authored almost 5 years ago by Todd C. Miller <[email protected]>
Add sudo_ev_pending(), used to check whether an event is pending.

github.com/sudo-project/sudo - 22ffffe12bedbd232ea744d29b31947cffe8f9c6 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add TLS libs when linking check_iolog_plugin

github.com/sudo-project/sudo - 931407284897afee64d8811add7a5998cf04dd89 authored almost 5 years ago by Todd C. Miller <[email protected]>
Remove extraneous newlines in some sudo_warnx() calls.

github.com/sudo-project/sudo - 5711c1b49716e20852ae3c04cbce735140fca9fb authored almost 5 years ago by Todd C. Miller <[email protected]>
Document log_server_cabundle, log_server_peer_cert and log_server_peer_key

github.com/sudo-project/sudo - d98022177e424c7ba6873cb48e7127d9942821b9 authored almost 5 years ago by Todd C. Miller <[email protected]>
Merge pull request #16 from laczau/master

Proper handling of certificate chain file

github.com/sudo-project/sudo - 03d02c4ac516232df226ee59a3f7f60d72b60119 authored almost 5 years ago by Todd C. Miller <[email protected]>
cert files can contain the full chain of trust, so load all certs in every case for verification

github.com/sudo-project/sudo - 5e36cc655c474063133d5865a99ec98eee407424 authored almost 5 years ago by Laszlo Orban <[email protected]>
Sync init_session() prototype with sudo_plugin.h and fix a typo.

github.com/sudo-project/sudo - a1e61f5ac0108195de7a80f5ed3a0a02a80c5886 authored almost 5 years ago by Todd C. Miller <[email protected]>
Only update the time stamp entry after the approval function has succeeded.

Bug #910

github.com/sudo-project/sudo - 4b6de608c25a6ffbdb507be958e12f814b43077c authored almost 5 years ago by Todd C. Miller <[email protected]>
Merge pull request #14 from sudo-project/tls-config-default-values

Audit Server - add default values for cert paths

github.com/sudo-project/sudo - 049bbbfae1e7b4c5a8a71abe8e6d78ce327f26b6 authored almost 5 years ago by Todd C. Miller <[email protected]>
add default values for cert paths

github.com/sudo-project/sudo - 1dceb8bbb859f6eb039c8536dd6b526530deb8ec authored almost 5 years ago by Laszlo Orban <[email protected]>
Add reference counting to debug register/deregister.

Fixes a potential problem when an instance is re-registered.

github.com/sudo-project/sudo - 3ab29e29bbcf7d36c8c7fe34fb4e39730f374d28 authored almost 5 years ago by Todd C. Miller <[email protected]>
Only deregister the sudoers debug instance on last close.

Reference count calls to sudoers_debug_register and only deregister
sudoers_debug_instance when r...

github.com/sudo-project/sudo - 7c782edf53d804f4defa09e05964fc1c17292cbe authored almost 5 years ago by Todd C. Miller <[email protected]>
process tls config options

github.com/sudo-project/sudo - a409d8f1fcd406350b69b8252fa173abebdbda39 authored almost 5 years ago by Laszlo Orban <[email protected]>
implement tls layer in iolog plugin

github.com/sudo-project/sudo - 24cda2592afbcb3a85bd192d3c4fd9711c3b9fb8 authored almost 5 years ago by Laszlo Orban <[email protected]>
add audit server tls related configuration options to sudoers

github.com/sudo-project/sudo - 3ce51d40ce40db634edca7b1a188405e52fecbda authored almost 5 years ago by Laszlo Orban <[email protected]>
optionally link sudoers with openssl libs

github.com/sudo-project/sudo - a9c2cf927274013b6fd92322710efc16fa27b3c5 authored almost 5 years ago by Laszlo Orban <[email protected]>
Merge pull request #11 from sudo-project/audit-server-tls-async

Sudo audit Server - TLS protocol update

github.com/sudo-project/sudo - f5e0e2a4bbca5626d63480afead70151302ab2ea authored almost 5 years ago by Laszlo Orban <[email protected]>
disable timeout for the reader after ServerHello message

github.com/sudo-project/sudo - 06a0f897047facc326fae88a5231b3646d7aa76b authored almost 5 years ago by Laszlo Orban <[email protected]>
use event timeout instead of socket timeout

github.com/sudo-project/sudo - 21e7fdfd559fd929939cdadc97c1602d14ce9da9 authored almost 5 years ago by Laszlo Orban <[email protected]>
adapt sudo sendlog (async communication, unencrypted ServerHello message)

github.com/sudo-project/sudo - f4bbce6708f6f623e3bc1fb5b5287965b094706a authored almost 5 years ago by Laszlo Orban <[email protected]>
Exit if the first call to logsrvd_conf_read() fails.

It is not fatal if subsequent calls fail (due to SIGHUP) since we
keep a copy of the old config b...

github.com/sudo-project/sudo - 1747e50090f8af96293de4a36f2e1cc96fee1375 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add some missing files to "make clean" and "make distclean"

github.com/sudo-project/sudo - 333ea878e20b5ca287d3c1d0228044e6811ed78d authored almost 5 years ago by Todd C. Miller <[email protected]>
Update .hgignore and convert to .gitignore

github.com/sudo-project/sudo - 42adbca7adcff5fac6786002122e7b399bd3fbe2 authored almost 5 years ago by Todd C. Miller <[email protected]>
ServerHello message is now unencrypted, TLS communication has been refactored to full async

github.com/sudo-project/sudo - f67d0d13cf5881cf4a71304fa199257e8333c585 authored almost 5 years ago by Laszlo Orban <[email protected]>
extend ServerHello message with two fields (tls, tls_checkpeer)

github.com/sudo-project/sudo - 33f6a16764ce95820d749208080b6184408e6ca7 authored almost 5 years ago by Laszlo Orban <[email protected]>
For plugin API 1.15 and up, always call the plugin close function.

Previously, it was only called when a command was run (including
sudoedit). Now, plugin operatio...

github.com/sudo-project/sudo - f976a5d8662c332f336a1ee2f987c6bb5e53713d authored almost 5 years ago by Todd C. Miller <[email protected]>
Avoid NULL deref on an error path if calloc() fails.

Coverity CID 205873

github.com/sudo-project/sudo - 2143746370e4366aa112173a3d64db752d4741e3 authored almost 5 years ago by Todd C. Miller <[email protected]>
Fix potential fd leak when converting trailing newline to cr + nl.

Coverity CID 205872

github.com/sudo-project/sudo - e0a4b2d68aacd4515de425ca76de35d2818fca59 authored almost 5 years ago by Todd C. Miller <[email protected]>
Document the process of creating self-signed certificates for sudo_logsrvd.

Based on a document from Laszlo Orban.

github.com/sudo-project/sudo - b31b8305189601785353b8cbaf8b50db56769d59 authored almost 5 years ago by Todd C. Miller <[email protected]>
Sync with argument handling in group_plugin.c

github.com/sudo-project/sudo - c7cac7c0e6b0d2892764f7afcbc91aa2ff538869 authored almost 5 years ago by Todd C. Miller <[email protected]>
If a group plugin has optional arguments, NULL terminate the vector.

Otherwise, the plugin cannot determine the end of arguments.
The behavior now matches the plugin ...

github.com/sudo-project/sudo - a3266edc27443104bb9193b6f074e1a2002e173e authored almost 5 years ago by Todd C. Miller <[email protected]>
If there is no session or terminal group ID, pass the plugin a value of 0.

This behavior already matches what is documented in the sudo_plugin
manual for "sid" but the "tcp...

github.com/sudo-project/sudo - 368e12b0f9375320e7dc0e26c08afc62034f481e authored almost 5 years ago by Todd C. Miller <[email protected]>
Don't touch the local iolog sequence file if we are logging remotely

github.com/sudo-project/sudo - d10220162d0ca81e1322ce21162ca64db7168c06 authored almost 5 years ago by Todd C. Miller <[email protected]>
Plug a memory leak found by leak sanitizer

github.com/sudo-project/sudo - 6c2821fe423157b1d98fe8b5a2ba5bec189ecf47 authored almost 5 years ago by Todd C. Miller <[email protected]>
Make a shallow copy of user_env in I/O plugin in case it is reallocated.

The policy plugin's session init function may reallocate the user
environment pointer. Fixes a u...

github.com/sudo-project/sudo - 3241b82a7e16a50b1203ae3aaf227fc00e0612ac authored almost 5 years ago by Todd C. Miller <[email protected]>
Rename "log_server" in sudoers to "log_servers" to match I/O plugin.

github.com/sudo-project/sudo - f913249dd09589cea89b00a4cf69fe4a8d7108a1 authored almost 5 years ago by Todd C. Miller <[email protected]>
Check closure->ssl for non-NULL instead of logsrvd_conf_get_tls_opt().

It's a little more obvious this way and ssl is only non-NULL when the
tls option is enabled anyway.

github.com/sudo-project/sudo - 810669c4f049baff08332022237661bf856d5302 authored almost 5 years ago by Todd C. Miller <[email protected]>
Init iolog_dir_fd and sock in connection_closure before adding to list.

Otherwise we could close the wrong fds in the error path.

github.com/sudo-project/sudo - 5be951bd79f9216e1cb298d68dcd3fe0e1b55902 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add Laszlo Orban

github.com/sudo-project/sudo - 82fea739af1890c052e1a7c6dd8a189403e89ad8 authored almost 5 years ago by Todd C. Miller <[email protected]>
regen

github.com/sudo-project/sudo - 4bb2b2f605854cb41969a097acab70c8b8264060 authored almost 5 years ago by Todd C. Miller <[email protected]>
Change TLS example file locations to be under /etc/ssl/sudo.

github.com/sudo-project/sudo - 366a63ce58126cdbb0f0aa6795028077241098d6 authored almost 5 years ago by Todd C. Miller <[email protected]>
Document sudo_logsrvd TLS configuration.

github.com/sudo-project/sudo - 49c09ee2d8ebad639751d2dbd8b18e998f0de008 authored almost 5 years ago by Todd C. Miller <[email protected]>
Include time.h for struct timespec.

github.com/sudo-project/sudo - dae0da2fe31621903068c73e8305b00cb8c72d53 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add sudo_ev_set_v1 to the exports file.

github.com/sudo-project/sudo - 20bc94635d5e1bad15faeffe8195cd17058810db authored almost 5 years ago by Todd C. Miller <[email protected]>
Document the log_server and log_server_timeout options

github.com/sudo-project/sudo - d8ccf11c5805ad72f9d60352d007c1fd094e32d3 authored almost 5 years ago by Todd C. Miller <[email protected]>
Add support for logging to the log server

github.com/sudo-project/sudo - 82237194dd7372b3d74336b4de4ba430be35cfdb authored almost 5 years ago by Todd C. Miller <[email protected]>
Add a plugin interface to sudo main event loop.

github.com/sudo-project/sudo - 5793023ffd3fecf3f817e275724af7c4b3aa3d3f authored almost 5 years ago by Todd C. Miller <[email protected]>
Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv

github.com/sudo-project/sudo - 58cede6feeabcc53fe128c3665cfd7ad0108ff11 authored almost 5 years ago by Todd C. Miller <[email protected]>
When freeing an event base, reset ev->base to NULL for associated events.

github.com/sudo-project/sudo - f6acc134f42155c9124a49684ee618bf3a03d71f authored almost 5 years ago by Todd C. Miller <[email protected]>
Move cb_timeout() out from under the HAVE_OPENSSL ifdef.

github.com/sudo-project/sudo - 3689839a0e8e12e15ecf56c445ba71a3b2b190ec authored almost 5 years ago by Todd C. Miller <[email protected]>
LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites().

Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 c...

github.com/sudo-project/sudo - 690f145d3f173538eff5447714efc685ee6a1949 authored almost 5 years ago by Todd C. Miller <[email protected]>
Minor style nits that I missed during review.

github.com/sudo-project/sudo - 68480b09599041572964cf6a7698ec599422b38f authored almost 5 years ago by Todd C. Miller <[email protected]>
Avoid calling SSL_CTX_free() on an uninitialized pointer in an error path.

github.com/sudo-project/sudo - c9da8d408402c32c380cd7f77beb0691cec7876a authored almost 5 years ago by Todd C. Miller <[email protected]>
Merge pull request #9 from sudo-project/audit-server-tls-support

Audit server tls support

github.com/sudo-project/sudo - f08c98a6aa19e7a60aa3696b5f64003bf24da2e9 authored almost 5 years ago by Todd C. Miller <[email protected]>
make audit server openssl dependency optional; tls layer is compiled only if sudo is built with --enable-openssl feature switch

github.com/sudo-project/sudo - e201f104d4efe17bcd449cbadbf57da54638597f authored almost 5 years ago by Laszlo Orban <[email protected]>
set timeout value for the socket

github.com/sudo-project/sudo - b9641816d613311a9ee6d48455bbd05574829dec authored almost 5 years ago by Laszlo Orban <[email protected]>
update sudo_sendlog to support openssl tls

github.com/sudo-project/sudo - 8c8023d212fd2e2ec7991853833a0336ac591844 authored almost 5 years ago by Laszlo Orban <[email protected]>
process tls config params in the audit server and establish TLS connection accordingly

github.com/sudo-project/sudo - 361557648162a071cafde09a6dd8e14f83d8aab1 authored almost 5 years ago by Laszlo Orban <[email protected]>
fix copy-paste mistake

github.com/sudo-project/sudo - 037fb9298e619f902c4fae2d46a371963bad0e72 authored almost 5 years ago by Laszlo Orban <[email protected]>
fixed segfault when connection_closure_free() tries to remove a non-existent connection object from the list

github.com/sudo-project/sudo - 9df5e6c11dd48190e7ccd52ee4081db59a04b122 authored almost 5 years ago by Laszlo Orban <[email protected]>