isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move check_user_* functions to check_util.c so testsudoers can use them.

Browse Source
This commit is contained in:
Todd C. Miller
2023-06-30 10:43:18 -06:00
parent 689efe3cdd
commit 01ad570e24
7 changed files with 182 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
MANIFEST
View File

@@ -618,6 +618,7 @@ plugins/sudoers/canon_path.c
plugins/sudoers/check.c plugins/sudoers/check.c
plugins/sudoers/check.h plugins/sudoers/check.h
plugins/sudoers/check_aliases.c plugins/sudoers/check_aliases.c
plugins/sudoers/check_util.c
plugins/sudoers/cvtsudoers.c plugins/sudoers/cvtsudoers.c
plugins/sudoers/cvtsudoers.h plugins/sudoers/cvtsudoers.h
plugins/sudoers/cvtsudoers_csv.c plugins/sudoers/cvtsudoers_csv.c

49
plugins/sudoers/Makefile.in
View File

@@ -183,14 +183,15 @@ LIBPARSESUDOERS_OBJS = alias.lo b64_decode.lo canon_path.lo defaults.lo \
LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i
SUDOERS_OBJS = $(AUTH_OBJS) audit.lo boottime.lo check.lo display.lo \ SUDOERS_OBJS = $(AUTH_OBJS) audit.lo boottime.lo check.lo check_util.lo \
editor.lo env.lo sudoers_hooks.lo env_pattern.lo file.lo \ display.lo editor.lo env.lo sudoers_hooks.lo \
find_path.lo fmtsudoers.lo gc.lo goodpath.lo group_plugin.lo \ env_pattern.lo file.lo find_path.lo fmtsudoers.lo \
interfaces.lo iolog.lo iolog_path_escapes.lo locale.lo \ gc.lo goodpath.lo group_plugin.lo interfaces.lo \
log_client.lo logging.lo lookup.lo pivot.lo policy.lo \ iolog.lo iolog_path_escapes.lo locale.lo log_client.lo \
prompt.lo serialize_list.lo set_perms.lo starttime.lo \ logging.lo lookup.lo pivot.lo policy.lo prompt.lo \
strlcpy_unesc.lo strvec_join.lo sudo_nss.lo sudoers.lo \ serialize_list.lo set_perms.lo starttime.lo \
timestamp.lo unesc_str.lo @SUDOERS_OBJS@ strlcpy_unesc.lo strvec_join.lo sudo_nss.lo sudoers.lo \
timestamp.lo unesc_str.lo @SUDOERS_OBJS@
SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i) SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i)
@@ -254,10 +255,10 @@ CHECK_UNESC_OBJS = check_unesc.o strlcpy_unesc.lo strvec_join.lo \
CHECK_SERIALIZE_LIST_OBJS = check_serialize_list.lo serialize_list.lo \ CHECK_SERIALIZE_LIST_OBJS = check_serialize_list.lo serialize_list.lo \
sudoers_debug.lo sudoers_debug.lo
FUZZ_POLICY_OBJS = editor.lo env.lo env_pattern.lo fuzz_policy.o fuzz_stubs.o \ FUZZ_POLICY_OBJS = editor.lo env.lo env_pattern.lo fuzz_policy.o \
gc.lo iolog_path_escapes.lo locale.lo policy.lo \ fuzz_stubs.o gc.lo iolog_path_escapes.lo locale.lo \
serialize_list.lo strlcpy_unesc.lo strvec_join.lo \ policy.lo serialize_list.lo strlcpy_unesc.lo \
sudoers.lo sudoers_hooks.lo strvec_join.lo sudoers.lo sudoers_hooks.lo
FUZZ_POLICY_CORPUS = $(srcdir)/regress/corpus/seed/policy/policy.* FUZZ_POLICY_CORPUS = $(srcdir)/regress/corpus/seed/policy/policy.*
@@ -1244,6 +1245,30 @@ check_unesc.i: $(srcdir)/regress/unescape/check_unesc.c $(devdir)/def_data.h \
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
check_unesc.plog: check_unesc.i check_unesc.plog: check_unesc.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/unescape/check_unesc.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/unescape/check_unesc.c --i-file $< --output-file $@
check_util.lo: $(srcdir)/check_util.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check_util.c
check_util.i: $(srcdir)/check_util.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
check_util.plog: check_util.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/check_util.c --i-file $< --output-file $@
cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
$(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \

25
plugins/sudoers/check.c
View File

@@ -374,28 +374,3 @@ get_authpw(int mode)
debug_return_ptr(pw); debug_return_ptr(pw);
} }
/*
* Returns true if the specified shell is allowed by /etc/shells, else false.
*/
bool
check_user_shell(const struct passwd *pw)
{
const char *shell;
debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH);
if (!def_runas_check_shell)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: checking /etc/shells for %s", __func__, pw->pw_shell);
setusershell();
while ((shell = getusershell()) != NULL) {
if (strcmp(shell, pw->pw_shell) == 0)
debug_return_bool(true);
}
endusershell();
debug_return_bool(false);
}

115
plugins/sudoers/check_util.c Normal file
View File

@@ -0,0 +1,115 @@
/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2019-2020, 2023 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* This is an open source non-commercial project. Dear PVS-Studio, please check it.
* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include "sudoers.h"
/*
* Returns true if the specified shell is allowed by /etc/shells, else false.
*/
bool
check_user_shell(const struct passwd *pw)
{
const char *shell;
debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH);
if (!def_runas_check_shell)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: checking /etc/shells for %s", __func__, pw->pw_shell);
setusershell();
while ((shell = getusershell()) != NULL) {
if (strcmp(shell, pw->pw_shell) == 0)
debug_return_bool(true);
}
endusershell();
debug_return_bool(false);
}
/*
* Check whether user_runchroot matches def_runchroot.
* Returns true if matched, false if not matched and -1 on error.
*/
int
check_user_runchroot(void)
{
debug_decl(check_user_runchroot, SUDOERS_DEBUG_AUTH);
if (user_runchroot == NULL)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"def_runchroot %s, user_runchroot %s",
def_runchroot ? def_runchroot : "none",
user_runchroot ? user_runchroot : "none");
if (def_runchroot == NULL || (strcmp(def_runchroot, "*") != 0 &&
strcmp(def_runchroot, user_runchroot) != 0)) {
debug_return_bool(false);
}
free(def_runchroot);
if ((def_runchroot = strdup(user_runchroot)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(-1);
}
debug_return_bool(true);
}
/*
* Check whether user_runcwd matches def_runcwd.
* Returns true if matched, false if not matched and -1 on error.
*/
int
check_user_runcwd(void)
{
debug_decl(check_user_runcwd, SUDOERS_DEBUG_AUTH);
if (user_runcwd == NULL)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"def_runcwd %s, user_runcwd %s",
def_runcwd ? def_runcwd : "none",
user_runcwd ? user_runcwd : "none");
if (def_runcwd == NULL || (strcmp(def_runcwd, "*") != 0 &&
strcmp(def_runcwd, user_runcwd) != 0)) {
debug_return_bool(false);
}
free(def_runcwd);
if ((def_runcwd = strdup(user_runcwd)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(-1);
}
debug_return_bool(true);
}

14
plugins/sudoers/regress/fuzz/fuzz_policy.c
View File

@@ -712,6 +712,20 @@ check_user(int validated, int mode)
return true; return true;
} }
/* STUB */
int
check_user_runchroot(void)
{
return true;
}
/* STUB */
int
check_user_runcwd(void)
{
return true;
}
/* STUB */ /* STUB */
bool bool
check_user_shell(const struct passwd *pw) check_user_shell(const struct passwd *pw)

71
plugins/sudoers/sudoers.c
View File

@@ -325,67 +325,6 @@ done:
debug_return_str(iolog_path); debug_return_str(iolog_path);
} }
static int
check_user_runchroot(void)
{
debug_decl(check_user_runchroot, SUDOERS_DEBUG_PLUGIN);
if (user_runchroot == NULL)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"def_runchroot %s, user_runchroot %s",
def_runchroot ? def_runchroot : "none",
user_runchroot ? user_runchroot : "none");
/* If runchroot set in sudoers, it must match user_runchroot (or be '*'). */
if (def_runchroot == NULL || (strcmp(def_runchroot, "*") != 0 &&
strcmp(def_runchroot, user_runchroot) != 0)) {
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
N_("user not allowed to change root directory to %s"),
user_runchroot);
sudo_warnx(U_("you are not permitted to use the -R option with %s"),
user_cmnd);
debug_return_bool(false);
}
free(def_runchroot);
if ((def_runchroot = strdup(user_runchroot)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(-1);
}
debug_return_bool(true);
}
static int
check_user_runcwd(void)
{
debug_decl(check_user_runcwd, SUDOERS_DEBUG_PLUGIN);
if (user_runcwd == NULL)
debug_return_bool(true);
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"def_runcwd %s, user_runcwd %s",
def_runcwd ? def_runcwd : "none",
user_runcwd ? user_runcwd : "none");
/* If runcwd set in sudoers, it must match user_runcwd (or be '*'). */
if (def_runcwd == NULL || (strcmp(def_runcwd, "*") != 0 &&
strcmp(def_runcwd, user_runcwd) != 0)) {
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
N_("user not allowed to change directory to %s"), user_runcwd);
sudo_warnx(U_("you are not permitted to use the -D option with %s"),
user_cmnd);
debug_return_bool(false);
}
free(def_runcwd);
if ((def_runcwd = strdup(user_runcwd)) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_int(-1);
}
debug_return_bool(true);
}
/* /*
* Find the command, perform a sudoers lookup, ask for a password as * Find the command, perform a sudoers lookup, ask for a password as
* needed, and perform post-lokup checks. Logs success/failure. * needed, and perform post-lokup checks. Logs success/failure.
@@ -522,6 +461,11 @@ sudoers_check_common(int pwflag)
case true: case true:
break; break;
case false: case false:
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
N_("user not allowed to change root directory to %s"),
user_runchroot);
sudo_warnx(U_("you are not permitted to use the -R option with %s"),
user_cmnd);
goto bad; goto bad;
default: default:
goto done; goto done;
@@ -532,6 +476,11 @@ sudoers_check_common(int pwflag)
case true: case true:
break; break;
case false: case false:
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
N_("user not allowed to change directory to %s"), user_runcwd);
sudo_warnx(U_("you are not permitted to use the -D option with %s"),
user_cmnd);
debug_return_bool(false);
goto bad; goto bad;
default: default:
goto done; goto done;

6
plugins/sudoers/sudoers.h
View File

@@ -296,9 +296,13 @@ int find_path(const char *infile, char **outfile, struct stat *sbp,
/* check.c */ /* check.c */
int check_user(int validate, int mode); int check_user(int validate, int mode);
bool check_user_shell(const struct passwd *pw);
bool user_is_exempt(void); bool user_is_exempt(void);
/* check_util.c */
bool check_user_shell(const struct passwd *pw);
int check_user_runchroot(void);
int check_user_runcwd(void);
/* prompt.c */ /* prompt.c */
char *expand_prompt(const char *old_prompt, const char *auth_user); char *expand_prompt(const char *old_prompt, const char *auth_user);