]> granicus.if.org Git - sudo/log
sudo
8 years agoAdd Bug #753 and fix reference to Bug #752.
Todd C. Miller [Mon, 22 Aug 2016 12:32:54 +0000 (06:32 -0600)]
Add Bug #753 and fix reference to Bug #752.

8 years agosync with translationproject.org
Todd C. Miller [Mon, 22 Aug 2016 01:23:52 +0000 (19:23 -0600)]
sync with translationproject.org

8 years agoregen pot files
Todd C. Miller [Sun, 21 Aug 2016 20:10:56 +0000 (14:10 -0600)]
regen pot files

8 years agoUpdate with logging changes.
Todd C. Miller [Wed, 17 Aug 2016 21:23:33 +0000 (15:23 -0600)]
Update with logging changes.

8 years agoAvoid duplicate warnings when we cannot write to the log file.
Todd C. Miller [Wed, 17 Aug 2016 20:51:20 +0000 (14:51 -0600)]
Avoid duplicate warnings when we cannot write to the log file.
Also send the warning in mail if possible.

8 years agoMove the ignoring of I/O log plugin errors into the I/O log plugin
Todd C. Miller [Wed, 17 Aug 2016 20:38:00 +0000 (14:38 -0600)]
Move the ignoring of I/O log plugin errors into the I/O log plugin
itself.

8 years agoMake the behavior when we cannot write to a log or audit file
Todd C. Miller [Wed, 17 Aug 2016 13:22:51 +0000 (07:22 -0600)]
Make the behavior when we cannot write to a log or audit file
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751

8 years agoMake sure we print an error message to stderr (and not just send
Todd C. Miller [Mon, 15 Aug 2016 13:25:18 +0000 (07:25 -0600)]
Make sure we print an error message to stderr (and not just send
mail) if do_logfile() fails.  Bug #751

8 years agoSeparate out the supplemental group ID checks from the supplemental
Todd C. Miller [Sun, 14 Aug 2016 03:12:22 +0000 (21:12 -0600)]
Separate out the supplemental group ID checks from the supplemental
group name checks in user_in_group().  We now call sudo_get_gidlist()
only when the group name in sudoers begins with a '#' (which is
seldom used).

8 years agoCache the user's group IDs and group names separately and only
Todd C. Miller [Sat, 13 Aug 2016 22:27:44 +0000 (16:27 -0600)]
Cache the user's group IDs and group names separately and only
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.

8 years agoRemove the "op" parameter from all the store_foo() functions except
Todd C. Miller [Fri, 12 Aug 2016 22:41:51 +0000 (16:41 -0600)]
Remove the "op" parameter from all the store_foo() functions except
store_list() where it is actually needed.  For the others, a NULL
value indicates the setting was negated.  This unconfuses static
analyzers (and perhaps humans too).

8 years agoFlags always have a NULL value. Regression introduced by refactor
Todd C. Miller [Fri, 12 Aug 2016 21:03:54 +0000 (15:03 -0600)]
Flags always have a NULL value.  Regression introduced by refactor
of set_default_entry().

8 years agoSet rc to true when setting a flag Defaults value.
Todd C. Miller [Fri, 12 Aug 2016 17:32:36 +0000 (11:32 -0600)]
Set rc to true when setting a flag Defaults value.

8 years agosuppress a cppcheck false positive
Todd C. Miller [Fri, 12 Aug 2016 17:11:49 +0000 (11:11 -0600)]
suppress a cppcheck false positive

8 years agoRefactor the error parts of set_default_entry() so the switch() is
Todd C. Miller [Fri, 12 Aug 2016 16:37:41 +0000 (10:37 -0600)]
Refactor the error parts of set_default_entry() so the switch() is
mostly just calls to store_foo() functions.  Avoids a lot of
duplicated error checking and silences a cppcheck false positive.

8 years agoIn set_default_entry() check for unsupported Defaults type.
Todd C. Miller [Fri, 12 Aug 2016 15:37:11 +0000 (09:37 -0600)]
In set_default_entry() check for unsupported Defaults type.

8 years agoAdd missing break in switch that sets the max limit for RLIMIT_NOFILE.
Todd C. Miller [Fri, 12 Aug 2016 15:24:41 +0000 (09:24 -0600)]
Add missing break in switch that sets the max limit for RLIMIT_NOFILE.
Found by cppcheck.

8 years agoCheck sudoers_initlocale return value and treat as oom.
Todd C. Miller [Fri, 12 Aug 2016 12:00:17 +0000 (06:00 -0600)]
Check sudoers_initlocale return value and treat as oom.
Coverity CID 141832

8 years agoSet runas_pw early and adjust runaslist_matches() to deal. Since
Todd C. Miller [Wed, 10 Aug 2016 16:56:05 +0000 (10:56 -0600)]
Set runas_pw early and adjust runaslist_matches() to deal.  Since
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.

8 years agoLoad sudoers group plugin via an early callback.
Todd C. Miller [Tue, 9 Aug 2016 19:14:31 +0000 (13:14 -0600)]
Load sudoers group plugin via an early callback.

8 years agoSystem Integrity Protection on Mac OS X won't allow us to write
Todd C. Miller [Tue, 9 Aug 2016 18:35:08 +0000 (12:35 -0600)]
System Integrity Protection on Mac OS X won't allow us to write
directly to /etc or /var.  We must install in /private/{etc,var}
instead.

8 years agoDocument that fqdn, runas_default and sudoers_locale are parsed early.
Todd C. Miller [Tue, 9 Aug 2016 16:26:02 +0000 (10:26 -0600)]
Document that fqdn, runas_default and sudoers_locale are parsed early.

8 years agoRegen for 1.8.18
Todd C. Miller [Tue, 9 Aug 2016 16:25:50 +0000 (10:25 -0600)]
Regen for 1.8.18

8 years agoAvoid passing around struct defaults when it is not needed. As a
Todd C. Miller [Tue, 9 Aug 2016 02:09:59 +0000 (20:09 -0600)]
Avoid passing around struct defaults when it is not needed.  As a
result, we no longer need to include gram.h in the LDAP and SSSD
backends.

8 years agoInstead of deferring setting early defaults until we have traversed
Todd C. Miller [Mon, 8 Aug 2016 23:04:20 +0000 (17:04 -0600)]
Instead of deferring setting early defaults until we have traversed
the entire defaults list, just defer running the callbacks.  Otherwise,
if the last early default setting we see has a bad value we won't
set any defaults of that type even if there was an earlier one that
was valid.

8 years agoRun callbacks once in set_default_entry() instead of each of the
Todd C. Miller [Mon, 8 Aug 2016 22:47:11 +0000 (16:47 -0600)]
Run callbacks once in set_default_entry() instead of each of the
store_foo() functions.

8 years agoUse /proc/cpuinfo on Linux instead of running lscpu
Todd C. Miller [Wed, 3 Aug 2016 12:31:17 +0000 (06:31 -0600)]
Use /proc/cpuinfo on Linux instead of running lscpu

8 years agoIf using GNU make on a multi-cpu system, use the -j flag to run
Todd C. Miller [Wed, 3 Aug 2016 12:15:25 +0000 (06:15 -0600)]
If using GNU make on a multi-cpu system, use the -j flag to run
make jobs in parallel, up to the number of cpus/cores.

8 years agoOnly check SUDO_USER if euid is 0
Todd C. Miller [Mon, 1 Aug 2016 00:47:36 +0000 (18:47 -0600)]
Only check SUDO_USER if euid is 0

8 years agoInitialize sudo_user based on the SUDO_USER environment variable
Todd C. Miller [Sat, 30 Jul 2016 21:27:36 +0000 (15:27 -0600)]
Initialize sudo_user based on the SUDO_USER environment variable
if present.  This allows things like :Defaults:username editor=foo"
to work when visudo is run via sudo.

8 years agoAdd function name in "command resumed" debug message
Todd C. Miller [Thu, 28 Jul 2016 12:23:39 +0000 (06:23 -0600)]
Add function name in "command resumed" debug message

8 years agoIf waitpid() returns 0 or -1, display a warning, this should never happen.
Todd C. Miller [Thu, 28 Jul 2016 12:16:43 +0000 (06:16 -0600)]
If waitpid() returns 0 or -1, display a warning, this should never happen.
Add a check for unhandled wait status (also should never happen).

8 years agoFlag settings have a NULL value so we can't use that to test whether
Todd C. Miller [Thu, 28 Jul 2016 12:05:39 +0000 (06:05 -0600)]
Flag settings have a NULL value so we can't use that to test whether
an entry in struct early_default is set or not.  Add a "set" member
and use that instead.

8 years agoExplicitly check for a continued process with waitpid(2). Otherwise,
Todd C. Miller [Wed, 27 Jul 2016 22:17:41 +0000 (16:17 -0600)]
Explicitly check for a continued process with waitpid(2).  Otherwise,
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1.  Fixes suspend
and resume on Linux and probably others.

8 years agoFix --with-fqdn, the value should be NULL since it is a flag.
Todd C. Miller [Wed, 27 Jul 2016 21:03:48 +0000 (15:03 -0600)]
Fix --with-fqdn, the value should be NULL since it is a flag.

8 years agoAdd support for early defaults to the ldap and sssd backends.
Todd C. Miller [Wed, 27 Jul 2016 20:20:17 +0000 (14:20 -0600)]
Add support for early defaults to the ldap and sssd backends.

8 years agoRepair symlink check in sudo_edit_openat_nofollow() on systems
Todd C. Miller [Mon, 25 Jul 2016 16:41:33 +0000 (10:41 -0600)]
Repair symlink check in sudo_edit_openat_nofollow() on systems
without O_NOFOLLOW, it must be done relative to dfd.  Previously
the lstat() would always fail, possibly leading to a false positive.
Also add an early symlink check like in sudo_edit() while here.

8 years agoOn systems that lack the O_NOFOLLOW open(2) flag, check in
Todd C. Miller [Mon, 25 Jul 2016 16:26:54 +0000 (10:26 -0600)]
On systems that lack the O_NOFOLLOW open(2) flag, check in
sudo_edit_open() whether the path to be opened is symlink before
opening it.  This is racey but we detect losing the last post-open
and it is better to fail early if possible.  When editing a link
to a non-existent file, a zero-length file will be left behind but
it is too dangerous to try and remove it after the fact.
Bug #753

8 years agoUpdate debug_decl for sudo_edit_openat_nofollow()
Todd C. Miller [Mon, 25 Jul 2016 16:22:29 +0000 (10:22 -0600)]
Update debug_decl for sudo_edit_openat_nofollow()
Remove unused variables when O_NOFOLLOW is not present.

8 years agoSplit set_default_entry() out of set_default() so we can call it
Todd C. Miller [Sat, 23 Jul 2016 15:10:48 +0000 (09:10 -0600)]
Split set_default_entry() out of set_default() so we can call it
from check_defaults() to validate the defaults value.  In visudo,
suppress warnings from update_defaults() and rely on check_defaults()
to provide warnings.

8 years agoSplit binding match code out of default_type_matches() into
Todd C. Miller [Sat, 23 Jul 2016 14:45:43 +0000 (08:45 -0600)]
Split binding match code out of default_type_matches() into
default_binding_matches().  We can now use default_type_matches()
in check_defaults().

8 years agoPass quiet flag to init_parser() and update_defaults() when doing
Todd C. Miller [Sat, 23 Jul 2016 11:53:35 +0000 (05:53 -0600)]
Pass quiet flag to init_parser() and update_defaults() when doing
first parse of sudoers.

8 years agoUpdate defaults in visudo after sudoers has been edited so we pick
Todd C. Miller [Fri, 22 Jul 2016 16:41:56 +0000 (10:41 -0600)]
Update defaults in visudo after sudoers has been edited so we pick
up locale changes.  The init_defaults() function will now re-init
the sudoers locale.

8 years agoSet sudoers locale before calling sudoersparse(). We don't need
Todd C. Miller [Thu, 21 Jul 2016 01:58:42 +0000 (19:58 -0600)]
Set sudoers locale before calling sudoersparse().  We don't need
to restore the user's locale since warnings are displayed in the
user's locale anyway.

8 years agoSet the locale to the sudoers locale when parsing and restore the
Todd C. Miller [Wed, 20 Jul 2016 22:41:23 +0000 (16:41 -0600)]
Set the locale to the sudoers locale when parsing and restore the
user's locale afterward.  Also set the warn/fatal locale helper
function so warning messages during a sudoers parse are displayed
in the user's own locale.

8 years agoAdd forward decl of union sudo_defs_val to silence a gcc warning.
Todd C. Miller [Wed, 20 Jul 2016 22:39:26 +0000 (16:39 -0600)]
Add forward decl of union sudo_defs_val to silence a gcc warning.

8 years agoSet the warn/fatal locale helper function in sudoers_policy_init()
Todd C. Miller [Wed, 20 Jul 2016 21:52:32 +0000 (15:52 -0600)]
Set the warn/fatal locale helper function in sudoers_policy_init()
so warning messages during sudoers loading are displayed in the
user's own locale.

8 years agoMove sudoers locale callback function to locale.c and user it in
Todd C. Miller [Wed, 20 Jul 2016 20:16:00 +0000 (14:16 -0600)]
Move sudoers locale callback function to locale.c and user it in
visudo and testsudoers.

8 years agoIn cb_sudoers_locale() actually set the locale in addition to storing
Todd C. Miller [Wed, 20 Jul 2016 19:36:45 +0000 (13:36 -0600)]
In cb_sudoers_locale() actually set the locale in addition to storing
its name.  Otherwise, it won't take effect until sudoers lookup time.

8 years agoFix regression that would cause early defaults entries to be
Todd C. Miller [Wed, 20 Jul 2016 19:35:04 +0000 (13:35 -0600)]
Fix regression that would cause early defaults entries to be
set multiple times.

8 years agosudo 1.8.18
Todd C. Miller [Wed, 20 Jul 2016 15:51:11 +0000 (09:51 -0600)]
sudo 1.8.18

8 years agoOnly set early defaults once, regardless of how many times the
Todd C. Miller [Tue, 19 Jul 2016 20:58:06 +0000 (14:58 -0600)]
Only set early defaults once, regardless of how many times the
variable is set in sudoers.  This avoids running an early callback
more than once.  For example, we don't want to call cb_fqdn() if
sudo is compiled with FQDN set but sudoers has "Defaults !fqdn".

8 years agoMake strings const in functions that set defaults as they are
Todd C. Miller [Tue, 19 Jul 2016 20:55:27 +0000 (14:55 -0600)]
Make strings const in functions that set defaults as they are
not modified.

8 years agoIn cb_fqdn() just return if the fqdn flag is set to false.
Todd C. Miller [Tue, 19 Jul 2016 20:52:33 +0000 (14:52 -0600)]
In cb_fqdn() just return if the fqdn flag is set to false.

8 years agoImplement callbacks for defaults flags (T_FLAG).
Todd C. Miller [Mon, 18 Jul 2016 18:37:45 +0000 (12:37 -0600)]
Implement callbacks for defaults flags (T_FLAG).

8 years agoadd debug_decl for cb_runas_default and cb_sudoers_locale
Todd C. Miller [Mon, 18 Jul 2016 18:20:46 +0000 (12:20 -0600)]
add debug_decl for cb_runas_default and cb_sudoers_locale

8 years agoConvert fqdn to a callback and add it to the list of early defaults.
Todd C. Miller [Mon, 18 Jul 2016 18:19:07 +0000 (12:19 -0600)]
Convert fqdn to a callback and add it to the list of early defaults.

8 years agoChange defaults callbacks to take a union sudo_defs_val * instead
Todd C. Miller [Mon, 18 Jul 2016 18:11:25 +0000 (12:11 -0600)]
Change defaults callbacks to take a union sudo_defs_val * instead
of a char *.

8 years agoWhen updating defaults, process certain values fist since they can
Todd C. Miller [Mon, 18 Jul 2016 17:37:32 +0000 (11:37 -0600)]
When updating defaults, process certain values fist since they can
influence how other defaults are parsed.  Currently, runas_default
and sudoers_locale are processed early.

8 years agoFix typo introduced in last commit to fix fill_args() overflow check.
Todd C. Miller [Sun, 17 Jul 2016 02:59:59 +0000 (20:59 -0600)]
Fix typo introduced in last commit to fix fill_args() overflow check.

8 years agoFix underflow checl in fill_args().
Todd C. Miller [Sun, 17 Jul 2016 02:54:07 +0000 (20:54 -0600)]
Fix underflow checl in fill_args().

8 years agoMake sure we account for the trailing NUL when computing arg_size
Todd C. Miller [Sun, 17 Jul 2016 02:12:17 +0000 (20:12 -0600)]
Make sure we account for the trailing NUL when computing arg_size
in fill_args().  Bug #752

8 years agoMake arg_size and arg_len unsigned since we do bitwise operations
Todd C. Miller [Sat, 16 Jul 2016 22:22:40 +0000 (16:22 -0600)]
Make arg_size and arg_len unsigned since we do bitwise operations
on them.

8 years agoOnly remove backup files as part of "make uninstall" when INSTALL_BACKUP
Todd C. Miller [Fri, 8 Jul 2016 18:56:47 +0000 (12:56 -0600)]
Only remove backup files as part of "make uninstall" when INSTALL_BACKUP
is set.

8 years agoOnly keep backups of installed files on HP-UX where you cannot
Todd C. Miller [Fri, 8 Jul 2016 18:37:41 +0000 (12:37 -0600)]
Only keep backups of installed files on HP-UX where you cannot
unlink a shared library that is in use.

8 years agoIgnore a missing or insecure #includedir, it is not a fatal error.
Todd C. Miller [Sun, 3 Jul 2016 12:19:43 +0000 (06:19 -0600)]
Ignore a missing or insecure #includedir, it is not a fatal error.

8 years agoMake sure we always call sudoerserror() on error in read_dir_files(),
Todd C. Miller [Sun, 3 Jul 2016 12:16:19 +0000 (06:16 -0600)]
Make sure we always call sudoerserror() on error in read_dir_files(),
otherwise sudo will not treat it as a fatal error.

8 years agoSet the sudoers locale before opening the sudoers file.
Todd C. Miller [Thu, 30 Jun 2016 18:40:19 +0000 (12:40 -0600)]
Set the sudoers locale before opening the sudoers file.
Previously the sudoers locale was used when evaluating sudoers
but not during the inital parse.  Bug #748

8 years agoAdd debugging
Todd C. Miller [Thu, 30 Jun 2016 18:38:30 +0000 (12:38 -0600)]
Add debugging

8 years agoDon't link test programs with the sudoers-specific locale code
Todd C. Miller [Thu, 30 Jun 2016 18:12:18 +0000 (12:12 -0600)]
Don't link test programs with the sudoers-specific locale code
if we don't need to.

8 years agosudoreplay does not need to link with the sudoers-specific locale code.
Todd C. Miller [Thu, 30 Jun 2016 17:27:22 +0000 (11:27 -0600)]
sudoreplay does not need to link with the sudoers-specific locale code.

8 years agonew_digest was prototyped as static but not explicitly declared
Todd C. Miller [Mon, 27 Jun 2016 12:00:11 +0000 (06:00 -0600)]
new_digest was prototyped as static but not explicitly declared
static.

8 years agoSome versions of HP-UX 11.11 do not expose struct sockaddr_ext if
Todd C. Miller [Mon, 27 Jun 2016 11:55:31 +0000 (05:55 -0600)]
Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if
_XOPEN_SOURCE_EXTENDED is defined.  Only define _XOPEN_SOURCE_EXTENDED
if we can still compile net/if.h.

8 years agoSome versions of HP-UX make will ignore suffix rules if they are
Todd C. Miller [Mon, 27 Jun 2016 11:48:19 +0000 (05:48 -0600)]
Some versions of HP-UX make will ignore suffix rules if they are
empty.

8 years agoDon't skip debug printfs in handle_sigchld() just because execve()
Todd C. Miller [Thu, 23 Jun 2016 17:27:59 +0000 (11:27 -0600)]
Don't skip debug printfs in handle_sigchld() just because execve()
returned an error.

8 years agoAdd definition of nitems for those without it and use it throughout.
Todd C. Miller [Thu, 23 Jun 2016 16:58:07 +0000 (10:58 -0600)]
Add definition of nitems for those without it and use it throughout.

8 years agoUpdate copyright year.
Todd C. Miller [Thu, 23 Jun 2016 00:19:27 +0000 (18:19 -0600)]
Update copyright year.

8 years agoSudo 1.8.17p1
Todd C. Miller [Wed, 22 Jun 2016 16:26:08 +0000 (10:26 -0600)]
Sudo 1.8.17p1

8 years agoSet user groups in exec_setup() if they were not already set by
Todd C. Miller [Wed, 22 Jun 2016 16:21:29 +0000 (10:21 -0600)]
Set user groups in exec_setup() if they were not already set by
policy_init_session().  Bug #749

8 years agoPoint the reader to the sudoers manual for the list of supported
Todd C. Miller [Wed, 15 Jun 2016 16:10:59 +0000 (10:10 -0600)]
Point the reader to the sudoers manual for the list of supported
arguments after the plugin path.

8 years agoforgot to update date in last commit
Todd C. Miller [Wed, 15 Jun 2016 16:08:06 +0000 (10:08 -0600)]
forgot to update date in last commit

8 years agoFix typo; cn=default should be cn=defaults
Todd C. Miller [Wed, 15 Jun 2016 11:14:33 +0000 (05:14 -0600)]
Fix typo; cn=default should be cn=defaults

8 years agoFold lines at 80 characters for the clean: target
Todd C. Miller [Mon, 13 Jun 2016 21:12:44 +0000 (15:12 -0600)]
Fold lines at 80 characters for the clean: target

8 years agoRemove mksiglist, siglist.c, mksigname, signame.c as part of "distclean"
Todd C. Miller [Mon, 13 Jun 2016 19:45:17 +0000 (13:45 -0600)]
Remove mksiglist, siglist.c, mksigname, signame.c as part of "distclean"

8 years agosync with translationproject.org
Todd C. Miller [Mon, 13 Jun 2016 00:57:09 +0000 (18:57 -0600)]
sync with translationproject.org

8 years agoLDAP sudoers doesn't support negated users, groups or netgroups.
Todd C. Miller [Sun, 12 Jun 2016 15:36:19 +0000 (09:36 -0600)]
LDAP sudoers doesn't support negated users, groups or netgroups.

8 years agoBug #746
Todd C. Miller [Thu, 9 Jun 2016 18:25:36 +0000 (12:25 -0600)]
Bug #746

8 years agoWhen matching paths with glob(3), check returned matches against
Todd C. Miller [Thu, 9 Jun 2016 17:41:09 +0000 (11:41 -0600)]
When matching paths with glob(3), check returned matches against
user_cmnd first if it is fully-qualified.  This avoids a lot of
needless stat(2) calls and avoids a mismatch between safe_cmnd and
argv[0] if there are multiple matches with the same inode/dev due
to links.  Bug #746.

8 years agoAdd execve failure in pty bug fix.
Todd C. Miller [Thu, 9 Jun 2016 17:00:02 +0000 (11:00 -0600)]
Add execve failure in pty bug fix.

8 years agosync with translationproject.org
Todd C. Miller [Thu, 9 Jun 2016 16:51:40 +0000 (10:51 -0600)]
sync with translationproject.org

8 years agoIn handle_sigchld() fix the return value when we've already received
Todd C. Miller [Thu, 9 Jun 2016 16:50:58 +0000 (10:50 -0600)]
In handle_sigchld() fix the return value when we've already received
an exec error.  We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.

8 years agoMove sudo_debug_execve() call into sudo_execve().
Todd C. Miller [Thu, 9 Jun 2016 16:48:59 +0000 (10:48 -0600)]
Move sudo_debug_execve() call into sudo_execve().

8 years agosync with translationproject.org
Todd C. Miller [Thu, 9 Jun 2016 13:12:38 +0000 (07:12 -0600)]
sync with translationproject.org

8 years agoupdate for 1.8.17 final
Todd C. Miller [Tue, 7 Jun 2016 19:45:37 +0000 (13:45 -0600)]
update for 1.8.17 final

8 years agoFix setting of hard stack limit when stack_hard is not specified
Todd C. Miller [Tue, 7 Jun 2016 19:06:27 +0000 (13:06 -0600)]
Fix setting of hard stack limit when stack_hard is not specified
in /etc/security/limits.  When 64-bit resource limits are supported
we can use the default value of 8388608 512-byte blocks directly.
We should only resort to using RLIM_SAVED_MAX for 32-bit resource
limits.

8 years agoregen
Todd C. Miller [Mon, 6 Jun 2016 16:07:58 +0000 (10:07 -0600)]
regen

8 years agoIgnore empty ipa_hostname
Todd C. Miller [Sun, 5 Jun 2016 20:42:54 +0000 (14:42 -0600)]
Ignore empty ipa_hostname

8 years agoBetter martching of ipa_hostname in sssd.conf
Todd C. Miller [Sun, 5 Jun 2016 11:40:32 +0000 (05:40 -0600)]
Better martching of ipa_hostname in sssd.conf

8 years agoUse the value of ipa_hostname from /etc/sssd/sssd.conf if present
Todd C. Miller [Sun, 5 Jun 2016 01:52:10 +0000 (19:52 -0600)]
Use the value of ipa_hostname from /etc/sssd/sssd.conf if present
instead of the system hostname.

8 years agoWhen matching host, short-circuit the loop when we get a match.
Todd C. Miller [Fri, 3 Jun 2016 20:07:40 +0000 (14:07 -0600)]
When matching host, short-circuit the loop when we get a match.
Only check username as part of the netgroup when netgroup_tuple is
enabled.