Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/sudo-project/sudo

Utility to execute a command as another user
https://github.com/sudo-project/sudo

Add cvtsudoers command line option to suppress certain parts of the

security policy. Can be used to suppress displaying of Defaults
entries, aliases or privileges.

8a237eb07d5b761ba0d9ddd15837c7a48ea56875 authored over 6 years ago by Todd C. Miller <[email protected]>
Silence a false positive from the clang static analyzer.

af6e1cd7c6be3bd5a831b57d3eec258f51f5042d authored over 6 years ago by Todd C. Miller <[email protected]>
Silence a false positive from the clang static analyzer.

821e8a07da9cd1bfd125fe0daa55739fa58a7e16 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix memory leak on error path.

fbed17e1a47a7779eeab107c391948ba0f480c4f authored over 6 years ago by Todd C. Miller <[email protected]>
regen

e9512df6b6936fb7f0e57d356a27f9d0acdbad12 authored over 6 years ago by Todd C. Miller <[email protected]>
Move cvtsudoers string functions into cvtsudoers.c

bbd3e558b14002583d9cc4d27145fe08ef96bcde authored over 6 years ago by Todd C. Miller <[email protected]>
regen

9ab5dc5f76574b020c015f929f6a3b37bb7f2499 authored over 6 years ago by Todd C. Miller <[email protected]>
Initial support filtering by user, group and host in cvtsudoers.

Currently forces alias expansion when a filter is applied and the
entire matching user or host li...

ff79de85924a3afdb91e0d308ed2bba8fac47dc3 authored over 6 years ago by Todd C. Miller <[email protected]>
Add free_default() to free a struct defaults pointer so we have a

single place where we free the defaults. A pointer to the previous
Default's binding may be pass...

bc5e2d06a7a39e8bed61b57285a8e2af35d25448 authored over 6 years ago by Todd C. Miller <[email protected]>
Decrease bullet width to 1n.

b6c53ac84657356370abc4a5cc6241db0e51c9b6 authored over 6 years ago by Todd C. Miller <[email protected]>
Add aix_setauthdb() before the initial getpwuid() call.

b06e046835f44ba32163b3e96879e291d1dc0e50 authored over 6 years ago by Todd C. Miller <[email protected]>
fix compilation on Solaris

910f2889486e819fbffebe2a270492936cd28dd7 authored over 6 years ago by Todd C. Miller <[email protected]>
Make "sudoreplay -m 0" skip the pauses entirely.

1cb5ab8b9c3213157bf3f67cbbcec57115376a57 authored over 6 years ago by Todd C. Miller <[email protected]>
Document that a negative value for -m will elmininate the pauses.

0ffd23945ff16853e38b6892c8de30b234948d3c authored over 6 years ago by Todd C. Miller <[email protected]>
Update copyright date, remove unneeded include and add a few comments.

24f8e62e7522cf1204964f836e3c7c269e7b34ae authored over 6 years ago by Todd C. Miller <[email protected]>
Use fmtsudoers functions in testsudoers.

e6c0d80fa8a255105dea6a94dd4db33cdb13680f authored over 6 years ago by Todd C. Miller <[email protected]>
Add test for empty runas user list.

81a373677ab77361b7d00541da27404527e7870d authored over 6 years ago by Todd C. Miller <[email protected]>
Don't print an empty user list as ALL.

3e7db4828430670ccd76b547a5e8b58c564d0c67 authored over 6 years ago by Todd C. Miller <[email protected]>
In sudoers_format_userspecs make the separator optional and silence

a printf format warning.

bb31544fcc0940c392ef1eff1a700650fd9b666f authored over 6 years ago by Todd C. Miller <[email protected]>
Use correct defines when checking for sysctl kinfo_proc support.

f984de1ba991dcafafd7926f894fdb7cd8d1f062 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix crash when converting sudoers entry with a runas list that is

present but empty.

bdbd102c9c0f3fb2c0af9f2eeef2abe78390b551 authored over 6 years ago by Todd C. Miller <[email protected]>
Less confusing sysctl checks for kinfo_proc.

217e0a9b4baad9915f3ed583887d5f07edbb4d5e authored over 6 years ago by Todd C. Miller <[email protected]>
Add case_insensitive_group and case_insensitive_user sudoers options,

which are enabled by default.

e26ef96a65f045673a100be8cb36a6b0ccbe205b authored over 6 years ago by Todd C. Miller <[email protected]>
Kill dead store found by clang-analyzer.

6014b4075cff2af32bfd0c35a1f85fa42469123b authored over 6 years ago by Todd C. Miller <[email protected]>
Initial support for adding comments that will be emitted when

sudoers is formatted. Currently adds a comment for the source
sudoRole when converting from ldif...

5c36f9dec31c54f1ebc35ef5dcdd473736947205 authored over 6 years ago by Todd C. Miller <[email protected]>
Special case comment lines in lbufs.

670d8e6d77ce327cfbf1f53cc8764652b4cc47d0 authored over 6 years ago by Todd C. Miller <[email protected]>
Handle escaped commas when skipping over the cn.

843213d3de5bb423493d8ee637880b1b9fa8acc3 authored over 6 years ago by Todd C. Miller <[email protected]>
When formatting as sudoers, flush the lbuf after each userspec.

c9b70940cf82cf7a547458966e5c47dd9c9cd679 authored over 6 years ago by Todd C. Miller <[email protected]>
Add tests for round-tripping sudoers -> ldif -> sudoers

4874068070485419d695a5ac6a81cf2a41c7367e authored over 6 years ago by Todd C. Miller <[email protected]>
Add missing sudoOrder support to parse_ldif().

72dd971ee185aec631b94df1f2449b1a43b77184 authored over 6 years ago by Todd C. Miller <[email protected]>
Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and

expand support for NOMAIL tags.

8c7f3e791ca2ba86cef977b17a9943509ae49c77 authored over 6 years ago by Todd C. Miller <[email protected]>
Don't emit an empty sudoRole for global defaults if there are none.

44fc165e7c01bdab1c03fd95d08d13a190c78f75 authored over 6 years ago by Todd C. Miller <[email protected]>
Avoid changing the order of non-negated hosts and commands.

We still put negated hosts/commands at the end of the list.

e96398cac27336f941a3bbb705e3dd6029ed0011 authored over 6 years ago by Todd C. Miller <[email protected]>
Handle parsing boolean options that have no explicit value.

e750bae75d819ff6b54e7f5949c3857654a1178d authored over 6 years ago by Todd C. Miller <[email protected]>
Refactor the code that actually converts the role to sudoers format

into role_to_sudoers() now that it is more involved than just calling
sudo_ldap_role_to_priv().

9af4447c3d9aae823724ca4a7707210188812c89 authored over 6 years ago by Todd C. Miller <[email protected]>
When merging two privileges, use the runas lists of the previous

privilege when possible. Otherwise, the generated sudoers line
will include a runas list for com...

9b20bb1493d6749d05d43097e77d7b5e65d3cd42 authored over 6 years ago by Todd C. Miller <[email protected]>
Use a case-insensitive comparison when matching user and group names

in sudoers with the passwd or group database. This can be necessary
when users and groups are st...

fff4acc1f700267511735ec78aeb7960d345bfae authored over 6 years ago by Todd C. Miller <[email protected]>
Fix clean target for *.sudo regress files

88bc4ba86522705558d49dea49541e8b89f82ca1 authored over 6 years ago by Todd C. Miller <[email protected]>
ignore more binaries

0804cda64e3b8ec4af579c70dc36f943094f3324 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix use of uninitialized variable (conf) if sudoers_debug_register()

happens to fail.

8275ab873f8174d55b83eeebadf7e0dcac733fce authored over 6 years ago by Todd C. Miller <[email protected]>
Split conversion code out of parse_ldif() and into ldif_to_sudoers().

73b5f961eeda7a5563ffa143e8442b5302a8c0a3 authored over 6 years ago by Todd C. Miller <[email protected]>
Quiet a clang analyzer warning.

8da213c8be74e23e9e6c008c2ff27e0a0c653668 authored over 6 years ago by Todd C. Miller <[email protected]>
rename ldap_common.c -> ldap_util.c

120bb6de7f6b2f319aab3f20220822f17aa02268 authored over 6 years ago by Todd C. Miller <[email protected]>
When converting from ldif to sudoers, sudoRole objects with the

same user if possible. If both user and host are the same, merge
into a single privilege. This ...

3a2ae844ecb10fea81e5979627959a5d28d93f83 authored over 6 years ago by Todd C. Miller <[email protected]>
plug memory leaks

56bdde13392c8574f615285be70ea648ae456e83 authored over 6 years ago by Todd C. Miller <[email protected]>
Restore line to set MODE_PRESERVE_ENV in flags when the -E command

line option is used. The caller doesn't check MODE_PRESERVE_ENV
these days but parse_args uses i...

4b29e0bd707b1da7570804beb2d5dc6abe0f51e5 authored over 6 years ago by Todd C. Miller <[email protected]>
Add missing close parenthesis in "Including other files from within

sudoers" section. Bug #824

12affcd5ef0dcea29d09169402ee0cb07c9a86a2 authored over 6 years ago by Todd C. Miller <[email protected]>
When converting from LDAP to sudoers, put negated hosts and commands

at the end of the list. Since LDAP doesn't guarantee attribute order
we need to make sure negate...

7919b9ad2e145034cafacb364f28d5d228b52f2c authored over 6 years ago by Todd C. Miller <[email protected]>
We may need the hostname to resolve %h escapes in include files.

6f097eb023b0632d8fc7b30320d5a30126b90a1d authored over 6 years ago by Todd C. Miller <[email protected]>
Setting a sudoOrder start point of 0 will disable creation of

sudoOrder attributes in the resulting LDIF output.

b3a0c3272b59d744a1313772bafd2c2c5b44680e authored over 6 years ago by Todd C. Miller <[email protected]>
Don't need to fill in struct sudo_user since we don't do matching.

111d79b53c0469eb5a436c53072c4ea19d13efd1 authored over 6 years ago by Todd C. Miller <[email protected]>
Add support for setting default options in a config file. In

addition to expand_aliases, input_format and output_format, both
the initial sudoOrder and the in...

5999cfb906762f386cb500ea196a1a7db6029081 authored over 6 years ago by Todd C. Miller <[email protected]>
cvtsudoers can now read LDIF

fc82a16655e566277678d2530e85f6bdf2d63b83 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix a typo.

bb062332479255d8618666f6daeefc2f6a187512 authored over 6 years ago by Todd C. Miller <[email protected]>
Deal with user_name not being set in cvtsudoers.

19502307aacffca11321edc48fea64a9b8e61f7f authored over 6 years ago by Todd C. Miller <[email protected]>
Initial support for parsing sudoers LDIF files in cvtsudoers.

This makes it possible to convert from LDAP sudoers to a traditional
sudoers file. Semantic diff...

ceea24b96554951c21b1241c6ec74eb61d5cc28d authored over 6 years ago by Todd C. Miller <[email protected]>
Fix LDIF conversion of commands with an associated digest.

8b22ed783786bb6e53f0d20b2dc36f1a8486342c authored over 6 years ago by Todd C. Miller <[email protected]>
In array_to_member_list() use the correct type for netgroups and

user groups.

91f97d2f23843f73a868b9b691fc1c9e2eaa27b8 authored over 6 years ago by Todd C. Miller <[email protected]>
Prepend digest to command if present.

Fix printing of group IDs and non-unix groups.

337ace6441c066ff2a9785a1b0df1666077cf5fd authored over 6 years ago by Todd C. Miller <[email protected]>
Fix gcc false positive for uninitialized variable

c13557b6cb0355754086b5cb45c6aed31860df7a authored over 6 years ago by Todd C. Miller <[email protected]>
Update Polypkg to the latest version from git.

03f94d62f97d5efefb1507380564a6b21d4c9dad authored over 6 years ago by Todd C. Miller <[email protected]>
Use setpassent() and setgroupent() on systems that support it to

keep the passwd and group database open. Sudo does a lot of passwd
and group lookups so it can b...

faa5baac9b0a228ece99969812aebe8d44f584b2 authored over 6 years ago by Todd C. Miller <[email protected]>
Add option to cvtsudoers to expand aliases in the output.

4f9296928c998f322078b8599ce671ff00c623ff authored over 6 years ago by Todd C. Miller <[email protected]>
Fix conversion of "ALL" in the JSON output format, which was being

printed as an alias.

3f204c5eb8b93e46c54a1bd3a2e8cb396b219db4 authored over 6 years ago by Todd C. Miller <[email protected]>
Clarify that --with-rundir and --with-vardir take sudo-specific directory,

e.g. /var/run/sudo and not just /var/run. Bug #823

e48cbfc10c995abf713ffb64bf31a907f97f9921 authored over 6 years ago by Todd C. Miller <[email protected]>
In pty_cleanup() we need to call sudo_term_restore() even if no I/O

plugins are present as long as /dev/tty exists. Fixes the use_pty
case with no I/O plugins.

d5d170252a1065a6b10c3e8d0a7df1aee13a33df authored over 6 years ago by Todd C. Miller <[email protected]>
Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags.

Similar the dispatch function in libevent.

42fe0409f61ac4fd862a4756fa9b630d5e67553b authored over 6 years ago by Todd C. Miller <[email protected]>
Use /run in preference to /var/run if it exists.

Bug #822

525c6a3d94e7eca5859ffa18771f3f4d4a435a24 authored over 6 years ago by Todd C. Miller <[email protected]>
mention common sudoers formatting changes

59086e9c8ac715f2051c11105dd2a15474d75922 authored over 6 years ago by Todd C. Miller <[email protected]>
Move LDAP configuration bits into ldap_conf.c

43a3a23fedca0c449444b66a71879e7b2a666a80 authored over 6 years ago by Todd C. Miller <[email protected]>
No longer need to include stddef.h

0c08de88cd56d8d54a2e567e0b1b6888980aa822 authored over 6 years ago by Todd C. Miller <[email protected]>
Remove dead store, found by cppcheck.

e2213dc1e36b53ebddab9c809eacd0e7305bfae9 authored over 6 years ago by Todd C. Miller <[email protected]>
simplify iterator

34820c6b15e0fc64d1e2fdd49a88cf99f404d487 authored over 6 years ago by Todd C. Miller <[email protected]>
Silence a false positive from cppcheck.

6e2a2670601337c78f10a82a9108433528711409 authored over 6 years ago by Todd C. Miller <[email protected]>
Cast version to int when printing. Avoids a cppcheck warning.

d0d413d07765bb0a4efc3b452f83904904f7248c authored over 6 years ago by Todd C. Miller <[email protected]>
Use an iterator instead of fragile pointer arithmetic to iterate

over value arrays in sudo_ldap_role_to_priv().

4459ee42ed8beb0fad9d8aa407bfceb48d834ea4 authored over 6 years ago by Todd C. Miller <[email protected]>
Move sudoers formatting code into fmtsudoers.

64e99328e3fc2e5a913c236f9e6398334c92ed01 authored over 6 years ago by Todd C. Miller <[email protected]>
Clean up some XXX in parse.c

dda1d6cef7b7608399eb68bb0f23add82087eac2 authored over 6 years ago by Todd C. Miller <[email protected]>
Rename sudo_file_append_default() -> sudo_lbuf_append_default() and

use it for ldap and sssd too.

2522229e86353d96a964fca654d248e27cee618e authored over 6 years ago by Todd C. Miller <[email protected]>
Move common bits of ldap to sudoers conversion into ldap_common.c

and use it in sssd.c.

3226f7e28b7000d3c9d32346a1265a562ca7fc1e authored over 6 years ago by Todd C. Miller <[email protected]>
Convert ldap results into a sudoers userspec so we can use the "sudo

-l" output functions in parse.c.

4e2402a8e4a5401b8551742074e2cb3e14803fd2 authored over 6 years ago by Todd C. Miller <[email protected]>
Don't mark sudoers.dist volatile, it only gets used on systems that

don't have the concept of volatile files.

787717755b359c8905cc0c0763890dffe4f7fac4 authored over 6 years ago by Todd C. Miller <[email protected]>
Refactor member freeing code into free_member().

Refactor userspec freeing code into free_userspec().

5cca4b6906f3da866cf46d696386a1c76435a657 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix compilation with glibc where stdout is not constant.

9d49592f1459fc899633dba9d613f49f47fbcbc4 authored over 6 years ago by Todd C. Miller <[email protected]>
For "sudo -l", if a word includes spaces, print it in double quotes.

Also escape spaces in the command path. This matches the sudoers
quoting rules.

57e7b4b49e0742161eae9beab2f407629d2dba41 authored over 6 years ago by Todd C. Miller <[email protected]>
Display sudoNotBefore and sudoNotAfter in "sudo -l"

3189de5bb9af76d1877dbb0a632dc6f60e32a040 authored over 6 years ago by Todd C. Miller <[email protected]>
For "sudo -l", if a word includes spaces, print it in double quotes.

Also escape spaces in the command path. This matches the sudoers
quoting rules.

105ced47b8bbf6f0184abb8438501df1cfb38550 authored over 6 years ago by Todd C. Miller <[email protected]>
Add back printing of negation operator ('!') when printing a word

with spaces in it.

40c200af1834a09ff461346814f32cfee11a2c89 authored over 6 years ago by Todd C. Miller <[email protected]>
Use visudo to validate "cvtsudoers -f sudoers" output.

1aca11c7889dd222a0a207022a2e81b0805e929f authored over 6 years ago by Todd C. Miller <[email protected]>
Remove syslog_goodpri and syslog_badpri without a value that causes

visudo to report an error.

f31ba6c22f2a0c970ce2ae54fa97705d66859dc4 authored over 6 years ago by Todd C. Miller <[email protected]>
When outputting sudoers, if a word includes spaces, print it in

double quotes. Also escape spaces in the command path.

61b6ae64de194c496be08c5ba3570ab1cdeca890 authored over 6 years ago by Todd C. Miller <[email protected]>
Add sudoers output format to cvtsudoers. In the future this may

be used with filters to emit a partial sudoers file instead of a
full one.

3354cbd0211269dec1b82fa208cbc15d1841b87e authored over 6 years ago by Todd C. Miller <[email protected]>
When printing a member name, quote sudoers special characters unless

it is a UID/GID, in which case we print the '#' unquoted.

df08d0d8f464e5f94601c6c7980570cd340a910b authored over 6 years ago by Todd C. Miller <[email protected]>
Move SUDOERS_QUOTED define to parse.h

f4ce2b25fc6cf465272908683bf8a425aaebb11e authored over 6 years ago by Todd C. Miller <[email protected]>
Remove extraneous break statement and fix some whitespace.

07d9cec271dda2d671412efa52f65a1a93114198 authored over 6 years ago by Todd C. Miller <[email protected]>
The max timeout for kernel time stamps is 60 minutes, not 3600 minutes.

5de49b2d6b6fdbfc49649e303d0dc5a5256db355 authored over 6 years ago by Todd C. Miller <[email protected]>
Check the return value of sudoers_debug_register().

Coverity CID 182574

5e9e641b3d2a93c213747e05bc9a4c1f7bd822f0 authored over 6 years ago by Todd C. Miller <[email protected]>
Fix memory leak, su->count is now 0 when it is unused, not 1.

Covertity CID 182573

f3ef0f50910e01057326b076eedc2541f2f86093 authored over 6 years ago by Todd C. Miller <[email protected]>
Quiet a clang analyzer false positive.

7766278031ef3ce6b6bf06ec22256dda2f74fff6 authored over 6 years ago by Todd C. Miller <[email protected]>
Quote special characters when creating the cn as per RFC2253

b374effcb447af1ee08df9b76f332e7758236462 authored over 6 years ago by Todd C. Miller <[email protected]>