Don't escape double quotes (") in a command when printing it.

Previously, cvtsudoers and "sudo -l" would escape double quotes in a command or command line argument, which is not valid sudoers syntax.
2022-02-08 15:44:18 -07:00
parent 8adad85b4b
commit 10ad934b77
8 changed files with 43 additions and 3 deletions
--- a/plugins/sudoers/fmtsudoers.c
+++ b/plugins/sudoers/fmtsudoers.c
@@ -68,11 +68,11 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf,
 	    }
 	    if (negated)
 		sudo_lbuf_append(lbuf, "!");
-	    sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED" \t", "%s",
+	    sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED_CMD, "%s",
 		c->cmnd ? c->cmnd : "ALL");
 	    if (c->args) {
 		sudo_lbuf_append(lbuf, " ");
-		sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", c->args);
+		sudo_lbuf_append_quoted(lbuf, SUDOERS_QUOTED_ARG, "%s", c->args);
 	    }
 	    break;
 	case USERGROUP:
--- a/plugins/sudoers/parse.h
+++ b/plugins/sudoers/parse.h
@@ -24,7 +24,9 @@
 #include "sudo_queue.h"

 /* Characters that must be quoted in sudoers. */
-#define SUDOERS_QUOTED	":\\,=#\""
+#define SUDOERS_QUOTED		":\\,=#\""
+#define SUDOERS_QUOTED_CMD	":\\,= \t#"
+#define SUDOERS_QUOTED_ARG	":\\,=#"

 /* Returns true if string 's' contains meta characters. */
 #define has_meta(s)	(strpbrk(s, "\\?*[]") != NULL)
--- a/plugins/sudoers/regress/sudoers/test2.in
+++ b/plugins/sudoers/regress/sudoers/test2.in
@@ -58,3 +58,6 @@ Defaults>"some one" set_home
 "%:C/non_UNIX_0 c"	"hostf" = ("root") ALL
 "%:C/non\'UNIX_3 c"	"hostg" = ("root") ALL
 "+netgr"		"hosth" = ("root") ALL
+
+# Check that quotes don't need escaping in command and args
+user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar ""
--- a/plugins/sudoers/regress/sudoers/test2.json.ok
+++ b/plugins/sudoers/regress/sudoers/test2.json.ok
@@ -398,6 +398,23 @@
                    ]
                }
            ]
+        },
+        {
+            "User_List": [
+                { "username": "user" }
+            ],
+            "Host_List": [
+                { "hostname": "ALL" }
+            ],
+            "Cmnd_Specs": [
+                {
+                    "Commands": [
+                        { "command": "/bin/ls \"\"" },
+                        { "command": "/bin/echo \" \"" },
+                        { "command": "/bin/foo\"bar \"\"" }
+                    ]
+                }
+            ]
        }
    ]
 }
--- a/plugins/sudoers/regress/sudoers/test2.ldif.ok
+++ b/plugins/sudoers/regress/sudoers/test2.ldif.ok
@@ -155,3 +155,14 @@ sudoRunAsUser: root
 sudoCommand: ALL
 sudoOrder: 13

+dn: cn=user,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: user
+sudoUser: user
+sudoHost: ALL
+sudoCommand: /bin/ls ""
+sudoCommand: /bin/echo " "
+sudoCommand: /bin/foo"bar ""
+sudoOrder: 14
+
--- a/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok
+++ b/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok
@@ -36,3 +36,6 @@ foo\:bar\" hoste = (root) ALL

 # sudoRole +netgr
 +netgr hosth = (root) ALL
+
+# sudoRole user
+user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar ""
--- a/plugins/sudoers/regress/sudoers/test2.out.ok
+++ b/plugins/sudoers/regress/sudoers/test2.out.ok
@@ -40,3 +40,4 @@ foo\:bar\" hoste = (root) ALL
 "%:C/non_UNIX_0 c" hostf = (root) ALL
 "%:C/non\'UNIX_3 c" hostg = (root) ALL
 +netgr hosth = (root) ALL
+user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar ""
--- a/plugins/sudoers/regress/sudoers/test2.toke.ok
+++ b/plugins/sudoers/regress/sudoers/test2.toke.ok
@@ -58,3 +58,6 @@ BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR S
 BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL 
 BEGINSTR STRBODY BACKSLASH STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL 
 BEGINSTR STRBODY ENDSTR NETGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL 
+
+#
+WORD(6) ALL = COMMAND ARG , COMMAND ARG ARG , COMMAND ARG