Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/sudo-project/sudo

Utility to execute a command as another user
https://github.com/sudo-project/sudo

Handle empty string and treat it as safe.

03aa84ed0342476aa3eb60186f9a42268e8591b7 authored over 6 years ago by Todd C. Miller <[email protected]>
Add support for base64-encoding non-safe strings in LDIF output.

1bc8e9abfde1f117446ea62b35cdcfdebc3424af authored over 6 years ago by Todd C. Miller <[email protected]>
Add base64_encode() by Jon Mayo.

574c9fcd7ada5c888bef783893865e6a815473b8 authored over 6 years ago by Todd C. Miller <[email protected]>
Add support for parsing base64-encoded attributes

1ab3606019ee312b9dcdbf0d2acf8f73dc8df7af authored over 6 years ago by Todd C. Miller <[email protected]>
rfc2253 says we need to escape " and leading and trailing space.

7d42a609d9885cce4b4e4a35dae4734d13d93e7d authored over 6 years ago by Todd C. Miller <[email protected]>
Define ZLIB_CONST so we get the const version of the API.

dfb66044ed5488c61695ab7503b2648c97bf943d authored over 6 years ago by Todd C. Miller <[email protected]>
Fix logic inversion when handing the authenticate Defaults option

for "sudo -l" and "sudo -v" in long list mode.

1494f25ba37f4354423bcad079b0fa92ae6d83a7 authored over 6 years ago by Todd C. Miller <[email protected]>
Set handle->pw before sss_to_sudoers() since sss_check_user()

uses it. Coverity CID 185651

c30ad97107f05be9aa4440ad9edf8a4210cbcd13 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix memory leak on error, CID 185602

8ce49ecb2b30860cf2f5b4a4df6274f4486ab768 authored over 6 years ago by Todd C. Miller <[email protected]>
Some ldap_get_values_len -> sudo_ldap_get_values_len that were

missed before.

8ad51fe089818e43ff667a944c50f301f3ed4cb7 authored over 6 years ago by Todd C. Miller <[email protected]>
When building up the cmndspec, add the actual command member last.

This simplifies the logic regarding the SETENV tag and alsomakes
"out of memory" cleanup simpler.

b7e6d049076870e43a9f332a9f4c618b87b1baaf authored over 6 years ago by Todd C. Miller <[email protected]>
Fix format string mismatch, sudo_order is unsigned.

2102800824220df20ab537c8a0db89c2d250e10e authored over 6 years ago by Todd C. Miller <[email protected]>
Add cppcheck annotation to suppress memory leak false positive.

b31656b7f1eb3b1ff0cb028216a4cb45d3b0db6b authored over 6 years ago by Todd C. Miller <[email protected]>
Sudo "ALL" implies the SETENV tag.

3ca0882d14adadaab47fa4010a31123c171fd862 authored over 6 years ago by Todd C. Miller <[email protected]>
Only set MODE_PRESERVE_ENV when preserving the entire environment.

Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
used in conjunction with --pres...

cf9c0102d48235d0451f70568f749b7de35c10e1 authored over 6 years ago by Todd C. Miller <[email protected]>
Add free_userspecs() and free_default() and use them instead of

looping over the lists and calling free_userspec() and free_default().

f38317269d0226ac8e953ae86f0a9cb8f0a3f57a authored over 6 years ago by Todd C. Miller <[email protected]>
Depending on the bos level, AIX 6.1 may or may not include

getline/getdelim and AIX 7.1 may or may not include memset_s.
Since we need to build packages tha...

3a4c0e06c1105eea216d88163ae5a8ebc3ad9913 authored over 6 years ago by Todd C. Miller <[email protected]>
Do not leak struct sudo_command when the command is ALL.

Coverity CID 185602.

93eec5fb9f3180d54dbdefcb31ede15340d1a4ee authored over 6 years ago by Todd C. Miller <[email protected]>
Sudo 1.8.24

808ec34ab439c69eaf61a66d444af50c3de187eb authored over 6 years ago by Todd C. Miller <[email protected]>
Improve comments about why we need to do a user check and how it

related to netgroups.

9f36ae62f0c9c2eb5ccc02cd88842305017a2351 authored over 6 years ago by Todd C. Miller <[email protected]>
Add checks for ldap/sss functions failing due to memory allocation

errors.

d052f8a68b0a87d8842d2ad29785b231d2c6259c authored over 6 years ago by Todd C. Miller <[email protected]>
Let the main sudoers lookup code check the host name. We still

check the user name so it is possible to use a single userspec
but this may change in the future.

904f37e03ff6c6554d22deeb43b24fb375ab03e6 authored over 6 years ago by Todd C. Miller <[email protected]>
Simplify the nss interface such that each sudoers provider fills

in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions. ...

f9be3a48a221560671bd3dc6425f3aac348329b4 authored over 6 years ago by Todd C. Miller <[email protected]>
Include parse.h in sudoers.h since it will soon be required.

71e98d94930ea253ce9c702b4be9de1d94ad0d78 authored over 6 years ago by Todd C. Miller <[email protected]>
Parse "ALL" as a command correctly.

cc3428398a5f31d7f97bb9dd47a9f2a1a9419040 authored over 6 years ago by Todd C. Miller <[email protected]>
Add debug warning if lseek() fails (should not be possible).

4a3aa5f6e6b222d308f2468364d6fe472faf0fde authored over 6 years ago by Todd C. Miller <[email protected]>
Fix swapped args of lseek() when rewinding. This didn't cause a

problem because the value of SEEK_SET is 0.

7b1e78d6dfb537326a2c0e2340a46dec23330b1a authored over 6 years ago by Todd C. Miller <[email protected]>
Fix a format-truncation warning in newer gcc by avoiding using %0x

and %0X in the test. We are formatting a single byte so just do
it one nybble at a time.

6e290763ca51a3ef45eb1c799b519425ecfa7d41 authored over 6 years ago by Todd C. Miller <[email protected]>
Regen with autoconf git commit e17a30e987d7ee695fb4294a82d987ec3dc9b974

AC_HEADER_MAJOR: port to glibc 2.25

3359d7290f9ec450d4867b670da7601637936a04 authored over 6 years ago by Todd C. Miller <[email protected]>
No need to explicitly free role on EOF, it will be freed after the

loop is done.

7a940ce30b71cc9634ba7370c98629aa3023cbdc authored over 6 years ago by Todd C. Miller <[email protected]>
Garbage collect the command argv, envp and info vectors since they are

not available at policy close time.

29d188f4b456f8516114291bbbb56c48db4db086 authored over 6 years ago by Todd C. Miller <[email protected]>
Plug memory leaks on parse error or when an LDIF entry doesn't match

the dn filter.

b0c13e995cb377c4eff0d6b93b0f2cb9a9cdf477 authored over 6 years ago by Todd C. Miller <[email protected]>
Rename variables now that the string list functions are not ldap-specific.

620070f493763c020c6ab898873ae65ead705466 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix typo

1a087cebab531601f13c738d3338c0eae09b7d65 authored over 6 years ago by Todd C. Miller <[email protected]>
fix version

82dfbf458dac14aba179a47c97a0b00d466bf576 authored over 6 years ago by Todd C. Miller <[email protected]>
sync

929396fbced3f916a6c2ec777f1f9fe6bcc3cb4e authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

23b2879e08ecc8288ee144477d411576458d8219 authored over 6 years ago by Todd C. Miller <[email protected]>
O_EXEC for fexecve() not O_SEARCH.

a18e81148593d7e04f2565700a30d8ace53f5de5 authored over 6 years ago by Todd C. Miller <[email protected]>
Document how to suppress the last login message on Solaris.

95fb4458d5f39eeaa73bc853ce8a1756f98e0812 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix compilation error with older Sun Studio compilers.

f53e5e2bdf69a0adc1526684492f8866d66d95d0 authored over 6 years ago by Todd C. Miller <[email protected]>
Update Bug #831 decription.

55869277bd6eff373161765a26623aa8f8a8fd3d authored over 6 years ago by Todd C. Miller <[email protected]>
Add Chinese(Taiwan) translation for sudo.

f23d73dfe1509f79b4aa3f5699d4f99309389219 authored over 6 years ago by Todd C. Miller <[email protected]>
Move the check for /dev/fd/N until *after* the digest has been

checked. We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().

cfdae3a4fd8bdaac4e1cb9ea5b9f83acf192e20a authored over 6 years ago by Todd C. Miller <[email protected]>
Rewind the fd after calling sudo_filedigest(). Otherwise, when

running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N. This only ap...

64c78a61cb534d8c26a421ffb79836a2b5ab028e authored over 6 years ago by Todd C. Miller <[email protected]>
In open_cmnd(), return true, not false, if we the /dev/fd/N pathname

is not present. We don't want to fail a match because of this.

6e22da3412d218844796015d3ffc9cfa3c10de22 authored over 6 years ago by Todd C. Miller <[email protected]>
Bug #831.

3f1ec0c5fd04d91db8e884b2f8971ebe4733bcb0 authored over 6 years ago by Todd C. Miller <[email protected]>
We can only use fexecve() on a script if /dev/fd/N exists.

Some systems, such as FreeBSD, don't have /dev/fd mounted
by default. Bug #831

def2e761e389195f126e0139e49c7e9b88de8acf authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

16093ee8d93b2ac785fed6c7319fcb32d0469c26 authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

388ef262dee46597b0b5ecb25f6b1c816edc9dd3 authored over 6 years ago by Todd C. Miller <[email protected]>
Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers

and LDIF -> sudoers -> LDIF.

c64e57dad5aa608990f41fb6ab4a3ad2b4699c6e authored over 6 years ago by Todd C. Miller <[email protected]>
Test the -b option when converting from LDIF.

48f74db6043368e85f4de83d40e34b34940bf857 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix the -b option when converting from LDIF.

e1392cd28ac87f6e8b780d8d528d45060e434246 authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

109160df35d63cee0e924134b26ae546da426a61 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix some more typos.

3dd7d969331bdc3c0d014bee25385e215a4f8f9e authored over 6 years ago by Todd C. Miller <[email protected]>
mandoc now preserves the copyright notice, no need to do it ourselves

93a8ddca2bdd91d3d84284d92064ff612e336a0f authored over 6 years ago by Todd C. Miller <[email protected]>
Describe the special handling of LOGNAME, USER and USERNAME.

Fix typos reported by aspell.

1e26c6043e78ee6322b590ea5c2502ce6d719ee2 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix a memory leak on the error path.

8eccfbd7bd1282153f0e053a68ddee42154578b0 authored over 6 years ago by Todd C. Miller <[email protected]>
Document that the editor setting is also used by sudoedit.

3194a00e9e9fd47d99ba90fc69cd2bd266e32e12 authored over 6 years ago by Todd C. Miller <[email protected]>
Plug memory leak when an I/O plugin is specified in sudo.conf

but the I/O plugin is not configured.

18e06825fb26d6527d5168f750f8e0db398cd84c authored over 6 years ago by Todd C. Miller <[email protected]>
Monty Python insults from Philip Hudson

523f0eeeab4f2c3c7a9192b514e0b0cae8640363 authored over 6 years ago by Todd C. Miller <[email protected]>
add examples

f9994f79d793c86ef03155f5e744517a7326a573 authored over 6 years ago by Todd C. Miller <[email protected]>
Update copyright year and regen man pages.

43ea752ded83b047f2cdb84c950c7b993cd8ce07 authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

9de8a0bd05987cd6c6744e929315603236884a1c authored over 6 years ago by Todd C. Miller <[email protected]>
cvtsudoers regress tests

4be8aba9f847a3a97244fe11bfb7fe90cbc7f6df authored over 6 years ago by Todd C. Miller <[email protected]>
Prune alias contents when pruning and expanding aliases.

This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions. A better appr...

1bfe03000d06c9fb8391d79a29a6d55d6209b7fa authored over 6 years ago by Todd C. Miller <[email protected]>
Fix typo

f8f0c16c730b32a855af0befa2ba03ef1d131567 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix cut & pasto that prevented "-d command" from working.

d85e244c6c0d169e30950db7a455b94c42447ec9 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix a user after free crash as well as a memory leak when filtering

Defaults.

38ff6616214c68d045b4e71e7a5e25e7f949e21e authored over 6 years ago by Todd C. Miller <[email protected]>
Document that a User_Alias or Host_Alias may be used in the match filter.

c1accd4b481bd955d5697ba05c1fdc058e2ff64b authored over 6 years ago by Todd C. Miller <[email protected]>
Don't always expand aliases when formatting a host-based Defaults

line. This was missed when expand_aliases support was added.

df7a6ea4e8aa6a6b6acd73c8ec6f0f5865337f28 authored over 6 years ago by Todd C. Miller <[email protected]>
Allow host and user aliases to be specified in match filters.

2b2565b2c32c421fd6a5f514038c7fd426379171 authored over 6 years ago by Todd C. Miller <[email protected]>
Update copyright year.

aa900c0f24ac2593fe5348b070f9cf8f2d2d8751 authored over 6 years ago by Todd C. Miller <[email protected]>
sync with translationproject.org

7a3472cb07f1b91dc3f3c8282efca18f945b4e4d authored over 6 years ago by Todd C. Miller <[email protected]>
When the -d option is used, remove aliases used by the non-converted

Defaults settings if the aliases are not also referenced by userspecs.

9e91d3f451bed48a414c6e82dd26e8b9226b1f78 authored over 6 years ago by Todd C. Miller <[email protected]>
regen

8c64cd97d2a94ef7dda21f68d6e6d70aae9bd51b authored over 6 years ago by Todd C. Miller <[email protected]>
update

9e0c75135ed86a68a54afb673ca85eef9ad67836 authored over 6 years ago by Todd C. Miller <[email protected]>
Mention -p and -M options in the description of -m.

0b7abea16856ac370955f9bfd808239e216271fa authored over 6 years ago by Todd C. Miller <[email protected]>
Check sudoedit temporary directory for writability before using it.

5ae557e308d45e8195f6cb086f1cfe5094e0edd5 authored over 6 years ago by Todd C. Miller <[email protected]>
Use btime in /proc/stat to determine system start time instead of

/proc/uptime. Fixes the process start time test when run from a
container where /proc/uptime is ...

512e0be8344f167b14ebce77c15f45e5671fb265 authored over 6 years ago by Todd C. Miller <[email protected]>
Add option to prune non-matching entries from cvtsudoers output with -m

option is used.

7663ae7b27d64208910307f18a686197f22faf4c authored over 6 years ago by Todd C. Miller <[email protected]>
Allow defaults types and suppression list to be specified in

the config file.

5c1d9899e10ef7d51e56a3635491f00bfe1a8a3a authored over 6 years ago by Todd C. Miller <[email protected]>
Refactor common alias code out of cvtsudoers and visudo and into alias.c.

18ba38ef4c80f47924b2f497c4e071ba173d54ba authored over 6 years ago by Todd C. Miller <[email protected]>
Avoid NULL deref in an error path. CID 183467

dbd5613b1a5ba56b70e0824020c7a432d373b0cd authored over 6 years ago by Todd C. Miller <[email protected]>
No need to initialize the last pointer passed to strtok_r().

This was originally added to appease newer gcc but no longer
seems to be required. CID 183466, C...

18371cacba74d771798ce94ae28f342989cf5ea0 authored over 6 years ago by Todd C. Miller <[email protected]>
Avoid false positive NULL dereference by uses value.u.string

instead of name as the former is guaranteed not to be NULL.
Fixes CID 183465.

6f6621644122ec1a3f27738103c243eec714d3eb authored over 6 years ago by Todd C. Miller <[email protected]>
regen

b4b5243bffbfe061b21eefe13b26c990b9a7c0e6 authored over 6 years ago by Todd C. Miller <[email protected]>
Add a section on convertion from file-based sudoers.

e7ba359abf341bac10195c41bb3d865e4fbb3460 authored over 6 years ago by Todd C. Miller <[email protected]>
Add support for "cvtsudoers -d all"

dd545f38ca4be8c9187de60c18608cada605be32 authored over 6 years ago by Todd C. Miller <[email protected]>
Add -d option to control what type of Defaults entries are converted.

aa402cdc3cd92aa64b18884b05fee2567e104af1 authored over 6 years ago by Todd C. Miller <[email protected]>
In pty_close() we still need to check whether the pty master and

slave fds are open before closing them. When no tty is present but
we are I/O logging pty_close(...

a42cf67acb3a30508178914235dffe252538ecfd authored over 6 years ago by Todd C. Miller <[email protected]>
regen

809c15d1654b5ca7f79de6500633e9e13205df50 authored over 6 years ago by Todd C. Miller <[email protected]>
ignore *.ldif2sudo regress output

693cdbd96e136cb0bf571fadf58a749f8cf1f403 authored over 6 years ago by Todd C. Miller <[email protected]>
In pty_close() there is no need to remove events associated with

the pty slave as there are none. We also don't need to check for
the pty fds being -1 since they...

23364963470bc03b71d375ed8af3bc068914ff9e authored over 6 years ago by Todd C. Miller <[email protected]>
Move cvtsudoers to section 1.

5e7ff154be9ff1a3bc0c36db2a67d437e0d2c3a4 authored over 6 years ago by Todd C. Miller <[email protected]>
In pty_close() close the slave and remove any events associated

with it. Fixes a potential hang when performing the final flush
on non-BSD systems.

4df454310dae96d01d09a05be89dc8c57fd4cef7 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix typo in strcmp(), we are comparing var not val.

6da40a7b5bb2f486ed74f33b936908fdc789cd31 authored over 6 years ago by Todd C. Miller <[email protected]>
sync

22c9ed8e77f382c2b2bcaf697e70f0d2e47b26cc authored over 6 years ago by Todd C. Miller <[email protected]>
sync

7cdc79eb7d8f2adb755ac76d323681edf1531108 authored over 6 years ago by Todd C. Miller <[email protected]>
regen

30f81740844f405e8bc4bd8a61ee47c1855845dd authored over 6 years ago by Todd C. Miller <[email protected]>
Add -M option to cvtsudoers to force the use of the local passwd

and group databases when matching.

14ee65c5255f7bfbe5917c6c27d3be2f66a8e2c0 authored over 6 years ago by Todd C. Miller <[email protected]>