Merge in Solaris privilege support by Darren Moffat and John Zolnowsky
This commit is contained in:
4
NEWS
4
NEWS
@@ -36,6 +36,10 @@ What's new in Sudo 1.8.6?
|
||||
* The sudo manuals are now formatted in mdoc. Versions using the
|
||||
legacy man macros are provided for systems that lack mdoc.
|
||||
|
||||
* New support for Solaris privilege sets. This makes it possible
|
||||
to specify fine-grained privileges in the sudoers file on Solaris
|
||||
10 and above.
|
||||
|
||||
What's new in Sudo 1.8.5p2?
|
||||
|
||||
* Fixed use of the SUDO_ASKPASS environment variable which was
|
||||
|
@@ -48,6 +48,7 @@ AC_SUBST([SUDOERS_GID])
|
||||
AC_SUBST([DEVEL])
|
||||
AC_SUBST([BAMAN])
|
||||
AC_SUBST([LCMAN])
|
||||
AC_SUBST([PSMAN])
|
||||
AC_SUBST([SEMAN])
|
||||
AC_SUBST([devdir])
|
||||
AC_SUBST([mansectsu])
|
||||
@@ -175,6 +176,7 @@ DEVEL=
|
||||
LDAP="#"
|
||||
BAMAN=0
|
||||
LCMAN=0
|
||||
PSMAN=0
|
||||
SEMAN=0
|
||||
LIBINTL=
|
||||
ZLIB=
|
||||
@@ -1558,7 +1560,7 @@ case "$host" in
|
||||
: ${mansectform='4'}
|
||||
: ${with_rpath='yes'}
|
||||
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
|
||||
AC_CHECK_FUNCS(priv_set)
|
||||
AC_CHECK_FUNCS(priv_set, [PSMAN=1])
|
||||
;;
|
||||
*-*-aix*)
|
||||
# To get all prototypes (so we pass -Wall)
|
||||
|
@@ -96,6 +96,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
|
||||
Michael Meskes
|
||||
Todd C. Miller
|
||||
Loic Minier
|
||||
Darren Moffat
|
||||
Jan Thomas Moldung
|
||||
Charles Morris
|
||||
Andreas Mueller
|
||||
@@ -163,3 +164,4 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
|
||||
Marco van Wieringen
|
||||
David Wood
|
||||
Gustavo Zacarias
|
||||
John Zolnowsky
|
||||
|
@@ -95,7 +95,7 @@ Makefile: $(srcdir)/Makefile.in
|
||||
|
||||
varsub: $(top_srcdir)/configure.in
|
||||
@if [ -n "$(DEVEL)" ]; then \
|
||||
printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#5#g\ns#@%s@#8#g\ns#@%s@#%s#\n' SEMAN BAMAN LCMAN sysconfdir prefix mansectform mansectsu PACKAGE_VERSION $(VERSION) > $@; \
|
||||
printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#5#g\ns#@%s@#8#g\ns#@%s@#%s#\n' SEMAN BAMAN LCMAN PSMAN sysconfdir prefix mansectform mansectsu PACKAGE_VERSION $(VERSION) > $@; \
|
||||
sed -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(top_srcdir)/configure.in | sed -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@; \
|
||||
fi
|
||||
|
||||
|
@@ -99,6 +99,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
|
||||
Michael Meskes
|
||||
Todd C. Miller
|
||||
Loic Minier
|
||||
Darren Moffat
|
||||
Jan Thomas Moldung
|
||||
Charles Morris
|
||||
Andreas Mueller
|
||||
@@ -166,3 +167,4 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
|
||||
Marco van Wieringen
|
||||
David Wood
|
||||
Gustavo Zacarias
|
||||
John Zolnowsky
|
||||
|
@@ -339,12 +339,14 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
|
||||
Cmnd_Spec_List ::= Cmnd_Spec |
|
||||
Cmnd_Spec ',' Cmnd_Spec_List
|
||||
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd
|
||||
|
||||
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
|
||||
|
||||
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
|
||||
|
||||
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
|
||||
|
||||
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
|
||||
'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
|
||||
'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
|
||||
@@ -432,6 +434,12 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
|
||||
in _s_u_d_o_e_r_s. A role or type specified on the command line, however, will
|
||||
supercede the values in _s_u_d_o_e_r_s.
|
||||
|
||||
SSoollaarriiss__PPrriivv__SSppeecc
|
||||
On Solaris systems, _s_u_d_o_e_r_s entries may optionally specify Solaris
|
||||
privilege set and/or limit privilege set associated with a command. If
|
||||
privileges or limit privileges are specified with the command it will
|
||||
override any default values specified in _s_u_d_o_e_r_s.
|
||||
|
||||
TTaagg__SSppeecc
|
||||
A command may have zero or more tags associated with it. There are ten
|
||||
possible tag values: NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
|
||||
@@ -1108,6 +1116,13 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
|
||||
unique combination of digits and letters, similar to
|
||||
the mktemp(3) function.
|
||||
|
||||
limitprivs The default Solaris limit privileges to use when
|
||||
constructing a new privilege set for a command. This
|
||||
bounds all privileges of the executing process. The
|
||||
default limit privileges may be overridden on a per-
|
||||
command basis in _s_u_d_o_e_r_s. This option is only
|
||||
available if ssuuddooeerrss is built on Solaris 10 or higher.
|
||||
|
||||
mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The
|
||||
escape %h will expand to the host name of the machine.
|
||||
Default is ``*** SECURITY information for %h ***''.
|
||||
@@ -1142,11 +1157,21 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
|
||||
|
||||
The default value is ``Password:''.
|
||||
|
||||
privs The default Solaris privileges to use when constructing
|
||||
a new privilege set for a command. This is passed to
|
||||
the executing process via the inherited privilege set,
|
||||
but is bounded by the limit privileges. If the _p_r_i_v_s
|
||||
option is specified but the _l_i_m_i_t_p_r_i_v_s option is not,
|
||||
the limit privileges of the executing process is set to
|
||||
_p_r_i_v_s. The default privileges may be overridden on a
|
||||
per-command basis in _s_u_d_o_e_r_s. This option is only
|
||||
available if ssuuddooeerrss is built on Solaris 10 or higher.
|
||||
|
||||
role The default SELinux role to use when constructing a new
|
||||
security context to run the command. The default role
|
||||
may be overridden on a per-command basis in _s_u_d_o_e_r_s or
|
||||
via command line options. This option is only
|
||||
available whe ssuuddoo is built with SELinux support.
|
||||
available when ssuuddoo is built with SELinux support.
|
||||
|
||||
runas_default The default user to run commands as if the --uu option is
|
||||
not specified on the command line. This defaults to
|
||||
|
@@ -742,12 +742,14 @@ User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e
|
||||
Cmnd_Spec_List ::= Cmnd_Spec |
|
||||
Cmnd_Spec ',' Cmnd_Spec_List
|
||||
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd
|
||||
|
||||
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
|
||||
|
||||
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
|
||||
|
||||
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
|
||||
|
||||
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
|
||||
'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
|
||||
'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
|
||||
@@ -951,6 +953,14 @@ specified in
|
||||
A role or type specified on the command line,
|
||||
however, will supercede the values in
|
||||
\fIsudoers\fR.
|
||||
.SS "Solaris_Priv_Spec"
|
||||
On Solaris systems,
|
||||
\fIsudoers\fR
|
||||
entries may optionally specify Solaris privilege set and/or limit
|
||||
privilege set associated with a command.
|
||||
If privileges or limit privileges are specified with the command
|
||||
it will override any default values specified in
|
||||
\fIsudoers\fR.
|
||||
.SS "Tag_Spec"
|
||||
A command may have zero or more tags associated with it.
|
||||
There are
|
||||
@@ -2398,6 +2408,16 @@ mktemp(3)
|
||||
function.
|
||||
.PD
|
||||
.TP 18n
|
||||
limitprivs
|
||||
The default Solaris limit privileges to use when constructing a new
|
||||
privilege set for a command.
|
||||
This bounds all privileges of the executing process.
|
||||
The default limit privileges may be overridden on a per-command basis in
|
||||
\fIsudoers\fR.
|
||||
This option is only available if
|
||||
\fBsudoers\fR
|
||||
is built on Solaris 10 or higher.
|
||||
.TP 18n
|
||||
mailsub
|
||||
Subject of the mail sent to the
|
||||
\fImailto\fR
|
||||
@@ -2463,16 +2483,33 @@ The default value is
|
||||
.RE
|
||||
.PD 0
|
||||
.TP 18n
|
||||
privs
|
||||
The default Solaris privileges to use when constructing a new
|
||||
privilege set for a command.
|
||||
This is passed to the executing process via the inherited privilege set,
|
||||
but is bounded by the limit privileges.
|
||||
If the
|
||||
\fIprivs\fR
|
||||
option is specified but the
|
||||
\fIlimitprivs\fR
|
||||
option is not, the limit privileges of the executing process is set to
|
||||
\fIprivs\fR.
|
||||
The default privileges may be overridden on a per-command basis in
|
||||
\fIsudoers\fR.
|
||||
This option is only available if
|
||||
\fBsudoers\fR
|
||||
is built on Solaris 10 or higher.
|
||||
.PD
|
||||
.TP 18n
|
||||
role
|
||||
The default SELinux role to use when constructing a new security
|
||||
context to run the command.
|
||||
The default role may be overridden on a per-command basis in
|
||||
\fIsudoers\fR
|
||||
or via command line options.
|
||||
This option is only available whe
|
||||
This option is only available when
|
||||
\fBsudo\fR
|
||||
is built with SELinux support.
|
||||
.PD
|
||||
.TP 18n
|
||||
runas_default
|
||||
The default user to run commands as if the
|
||||
|
@@ -4,33 +4,54 @@ BEGIN {
|
||||
$cond = -1;
|
||||
}
|
||||
|
||||
# Initialize the numeric register we use for conditionals
|
||||
# Initialize the numeric registers we use for conditionals
|
||||
if ($cond == -1) {
|
||||
$_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.\\\"\n$_";
|
||||
$prefix = "";
|
||||
$prefix = "$prefix.nr BA \@BAMAN\@\n";
|
||||
$prefix = "$prefix.nr LC \@LCMAN\@\n";
|
||||
$prefix = "$prefix.nr PS \@PSMAN\@\n";
|
||||
$prefix = "$prefix.nr SL \@SEMAN\@\n";
|
||||
$_ = "$prefix.\\\"\n$_";
|
||||
$cond = 0;
|
||||
}
|
||||
|
||||
# Make SELinux_Spec conditional
|
||||
if (/(.*)SELinux_Spec\? (.*)$/) {
|
||||
$_ = ".ie \\n(SL $_.el $1$2\n";
|
||||
# Make SELinux_Spec and Solaris_Priv_Spec conditional
|
||||
if (/(.*) SELinux_Spec\? Solaris_Priv_Spec(.*)$/) {
|
||||
$_ = "$1\\*(S+$2\n";
|
||||
$prefix = "";
|
||||
$prefix = "$prefix.ds S+\n";
|
||||
$prefix = "$prefix.if \\n(SL .as S+ \" SELinux_Spec?\n";
|
||||
$prefix = "$prefix.if \\n(PS .as S+ \" Solaris_Priv_Spec?\n";
|
||||
$_ = "$prefix$_";
|
||||
} elsif (/^(.*SELinux_Spec ::=)/) {
|
||||
$_ = ".if \\n(SL \\{\\\n$_";
|
||||
} elsif (/^(.*Solaris_Priv_Spec ::=)/) {
|
||||
$_ = "\\}\n.if \\n(PS \\{\\\n$_";
|
||||
} elsif (/^(.*Tag_Spec ::=)/) {
|
||||
$_ = "\\}\n$_";
|
||||
}
|
||||
|
||||
if (/^\.(Sh|SS|IP|PP)/) {
|
||||
$prefix = $cond ? "\\}\n" : "";
|
||||
$cond = 0;
|
||||
}
|
||||
if (/^\.S[Sh] "SELinux_Spec"/) {
|
||||
$_ = ".if \\n(SL \\{\\\n$_";
|
||||
$_ = "$prefix.if \\n(SL \\{\\\n$_";
|
||||
$cond = 1;
|
||||
} elsif (/^\.IP "(role|type)"/) {
|
||||
$_ = ".if \\n(SL \\{\\\n$_";
|
||||
$_ = "$prefix.if \\n(SL \\{\\\n$_";
|
||||
$cond = 1;
|
||||
} elsif (/^\.S[Sh] "Solaris_Priv_Spec"/) {
|
||||
$_ = "$prefix.if \\n(PS \\{\\\n$_";
|
||||
$cond = 1;
|
||||
} elsif (/^\.IP "(privs|limitprivs)"/) {
|
||||
$_ = "$prefix.if \\n(PS \\{\\\n$_";
|
||||
$cond = 1;
|
||||
} elsif (/^\.IP "use_loginclass"/) {
|
||||
$_ = ".if \\n(LC \\{\\\n$_";
|
||||
$_ = "$prefix.if \\n(LC \\{\\\n$_";
|
||||
$cond = 1;
|
||||
} elsif ($cond && /^\.(Sh|SS|IP|PP)/) {
|
||||
$_ = "\\}\n$_";
|
||||
$cond = 0;
|
||||
} elsif (/^\.(Sh|SS|IP|PP)/) {
|
||||
$_ = "$prefix$_";
|
||||
}
|
||||
|
||||
# Fix up broken pod2man formatting of F<@foo@/bar>
|
||||
|
@@ -714,12 +714,14 @@ User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e
|
||||
Cmnd_Spec_List ::= Cmnd_Spec |
|
||||
Cmnd_Spec ',' Cmnd_Spec_List
|
||||
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd
|
||||
|
||||
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
|
||||
|
||||
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
|
||||
|
||||
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
|
||||
|
||||
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
|
||||
'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
|
||||
'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
|
||||
@@ -898,6 +900,14 @@ specified in
|
||||
A role or type specified on the command line,
|
||||
however, will supercede the values in
|
||||
.Em sudoers .
|
||||
.Ss Solaris_Priv_Spec
|
||||
On Solaris systems,
|
||||
.Em sudoers
|
||||
entries may optionally specify Solaris privilege set and/or limit
|
||||
privilege set associated with a command.
|
||||
If privileges or limit privileges are specified with the command
|
||||
it will override any default values specified in
|
||||
.Em sudoers .
|
||||
.Ss Tag_Spec
|
||||
A command may have zero or more tags associated with it.
|
||||
There are
|
||||
@@ -2266,6 +2276,15 @@ will have the
|
||||
replaced with a unique combination of digits and letters, similar to the
|
||||
.Xr mktemp 3
|
||||
function.
|
||||
.It limitprivs
|
||||
The default Solaris limit privileges to use when constructing a new
|
||||
privilege set for a command.
|
||||
This bounds all privileges of the executing process.
|
||||
The default limit privileges may be overridden on a per-command basis in
|
||||
.Em sudoers .
|
||||
This option is only available if
|
||||
.Nm
|
||||
is built on Solaris 10 or higher.
|
||||
.It mailsub
|
||||
Subject of the mail sent to the
|
||||
.Em mailto
|
||||
@@ -2320,13 +2339,29 @@ character
|
||||
.Pp
|
||||
The default value is
|
||||
.Dq Li @passprompt@ .
|
||||
.It privs
|
||||
The default Solaris privileges to use when constructing a new
|
||||
privilege set for a command.
|
||||
This is passed to the executing process via the inherited privilege set,
|
||||
but is bounded by the limit privileges.
|
||||
If the
|
||||
.Em privs
|
||||
option is specified but the
|
||||
.Em limitprivs
|
||||
option is not, the limit privileges of the executing process is set to
|
||||
.Em privs .
|
||||
The default privileges may be overridden on a per-command basis in
|
||||
.Em sudoers .
|
||||
This option is only available if
|
||||
.Nm
|
||||
is built on Solaris 10 or higher.
|
||||
.It role
|
||||
The default SELinux role to use when constructing a new security
|
||||
context to run the command.
|
||||
The default role may be overridden on a per-command basis in
|
||||
.Em sudoers
|
||||
or via command line options.
|
||||
This option is only available whe
|
||||
This option is only available when
|
||||
.Nm sudo
|
||||
is built with SELinux support.
|
||||
.It runas_default
|
||||
|
@@ -402,12 +402,14 @@ See L<"SUDOERS OPTIONS"> for a list of supported Defaults parameters.
|
||||
Cmnd_Spec_List ::= Cmnd_Spec |
|
||||
Cmnd_Spec ',' Cmnd_Spec_List
|
||||
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
|
||||
Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Solaris_Priv_Spec? Tag_Spec* Cmnd
|
||||
|
||||
Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
|
||||
|
||||
SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
|
||||
|
||||
Solaris_Priv_Spec ::= ('PRIVS=privset' | 'LIMITPRIVS=privset')
|
||||
|
||||
Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
|
||||
'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
|
||||
'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
|
||||
@@ -499,6 +501,13 @@ type is specified with the command it will override any default values
|
||||
specified in I<sudoers>. A role or type specified on the command line,
|
||||
however, will supercede the values in I<sudoers>.
|
||||
|
||||
=head2 Solaris_Priv_Spec
|
||||
|
||||
On Solaris systems, I<sudoers> entries may optionally specify
|
||||
a Solaris privilege set and/or limit privilege set associated with a command.
|
||||
If privileges or limit privileges are specified with the command
|
||||
it will override any default values specified in I<sudoers>.
|
||||
|
||||
=head2 Tag_Spec
|
||||
|
||||
A command may have zero or more tags associated with it. There are
|
||||
@@ -1279,6 +1288,16 @@ In addition to the escape sequences, path names that end in six or
|
||||
more C<X>s will have the C<X>s replaced with a unique combination
|
||||
of digits and letters, similar to the mktemp() function.
|
||||
|
||||
=item limitprivs
|
||||
|
||||
The default Solaris limit privileges to use
|
||||
when constructing a new privilege set for a command.
|
||||
This bounds all privileges of the executing process.
|
||||
The default limit privileges may be overridden
|
||||
on a per-command basis in I<sudoers>.
|
||||
This option is only available when B<sudo> is built on
|
||||
Solaris 10 or higher.
|
||||
|
||||
=item mailsub
|
||||
|
||||
Subject of the mail sent to the I<mailto> user. The escape C<%h>
|
||||
@@ -1330,12 +1349,24 @@ two consecutive C<%> characters are collapsed into a single C<%> character
|
||||
|
||||
The default value is "C<@passprompt@>".
|
||||
|
||||
=item privs
|
||||
|
||||
The default Solaris privileges to use
|
||||
when constructing a new privilege set to run the command.
|
||||
This is passed to the executing process via the inherited privilege set,
|
||||
but is bounded by the limit privileges.
|
||||
If the I<privs> option is specified but the I<limitprivs> option is not,
|
||||
the limit privileges of the executing process is set to I<privs>.
|
||||
The default privileges may be overridden on a per-command basis in I<sudoers>.
|
||||
This option is only available when B<sudo> is built on
|
||||
Solaris 10 or higher.
|
||||
|
||||
=item role
|
||||
|
||||
The default SELinux role to use when constructing a new security
|
||||
context to run the command. The default role may be overridden on
|
||||
a per-command basis in I<sudoers> or via command line options.
|
||||
This option is only available whe B<sudo> is built with SELinux support.
|
||||
This option is only available when B<sudo> is built with SELinux support.
|
||||
|
||||
=item runas_default
|
||||
|
||||
|
@@ -342,6 +342,14 @@ struct sudo_defs_types sudo_defs_table[] = {
|
||||
"utmp_runas", T_FLAG,
|
||||
N_("Set the user in utmp to the runas user, not the invoking user"),
|
||||
NULL,
|
||||
}, {
|
||||
"privs", T_STR,
|
||||
N_("Set of permitted privileges"),
|
||||
NULL,
|
||||
}, {
|
||||
"limitprivs", T_STR,
|
||||
N_("Set of limit privileges"),
|
||||
NULL,
|
||||
}, {
|
||||
NULL, 0, NULL
|
||||
}
|
||||
|
@@ -158,6 +158,10 @@
|
||||
#define I_SET_UTMP 78
|
||||
#define def_utmp_runas (sudo_defs_table[79].sd_un.flag)
|
||||
#define I_UTMP_RUNAS 79
|
||||
#define def_privs (sudo_defs_table[80].sd_un.str)
|
||||
#define I_PRIVS 80
|
||||
#define def_limitprivs (sudo_defs_table[81].sd_un.str)
|
||||
#define I_LIMITPRIVS 81
|
||||
|
||||
enum def_tuple {
|
||||
never,
|
||||
|
@@ -253,3 +253,9 @@ set_utmp
|
||||
utmp_runas
|
||||
T_FLAG
|
||||
"Set the user in utmp to the runas user, not the invoking user"
|
||||
privs
|
||||
T_STR
|
||||
"Set of permitted privileges"
|
||||
limitprivs
|
||||
T_STR
|
||||
"Set of limit privileges"
|
||||
|
File diff suppressed because it is too large
Load Diff
@@ -29,6 +29,8 @@
|
||||
#define ERROR 285
|
||||
#define TYPE 286
|
||||
#define ROLE 287
|
||||
#define PRIVS 288
|
||||
#define LIMITPRIVS 289
|
||||
#ifndef YYSTYPE_DEFINED
|
||||
#define YYSTYPE_DEFINED
|
||||
typedef union {
|
||||
@@ -40,6 +42,7 @@ typedef union {
|
||||
struct sudo_command command;
|
||||
struct cmndtag tag;
|
||||
struct selinux_info seinfo;
|
||||
struct solaris_privs_info privinfo;
|
||||
char *string;
|
||||
int tok;
|
||||
} YYSTYPE;
|
||||
|
@@ -123,6 +123,7 @@ yyerror(const char *s)
|
||||
struct sudo_command command;
|
||||
struct cmndtag tag;
|
||||
struct selinux_info seinfo;
|
||||
struct solaris_privs_info privinfo;
|
||||
char *string;
|
||||
int tok;
|
||||
}
|
||||
@@ -161,6 +162,8 @@ yyerror(const char *s)
|
||||
%token <tok> ERROR
|
||||
%token <tok> TYPE /* SELinux type */
|
||||
%token <tok> ROLE /* SELinux role */
|
||||
%token <tok> PRIVS /* Solaris privileges */
|
||||
%token <tok> LIMITPRIVS /* Solaris limit privileges */
|
||||
|
||||
%type <cmndspec> cmndspec
|
||||
%type <cmndspec> cmndspeclist
|
||||
@@ -186,6 +189,9 @@ yyerror(const char *s)
|
||||
%type <seinfo> selinux
|
||||
%type <string> rolespec
|
||||
%type <string> typespec
|
||||
%type <privinfo> solarisprivs
|
||||
%type <string> privsspec
|
||||
%type <string> limitprivsspec
|
||||
|
||||
%%
|
||||
|
||||
@@ -313,6 +319,13 @@ cmndspeclist : cmndspec
|
||||
if ($3->type == NULL)
|
||||
$3->type = $3->prev->type;
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
/* propagate privs & limitprivs */
|
||||
if ($3->privs == NULL)
|
||||
$3->privs = $3->prev->privs;
|
||||
if ($3->limitprivs == NULL)
|
||||
$3->limitprivs = $3->prev->limitprivs;
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
/* propagate tags and runas list */
|
||||
if ($3->tags.nopasswd == UNSPEC)
|
||||
$3->tags.nopasswd = $3->prev->tags.nopasswd;
|
||||
@@ -336,7 +349,7 @@ cmndspeclist : cmndspec
|
||||
}
|
||||
;
|
||||
|
||||
cmndspec : runasspec selinux cmndtag opcmnd {
|
||||
cmndspec : runasspec selinux solarisprivs cmndtag opcmnd {
|
||||
struct cmndspec *cs = ecalloc(1, sizeof(*cs));
|
||||
if ($1 != NULL) {
|
||||
list2tq(&cs->runasuserlist, $1->runasusers);
|
||||
@@ -350,8 +363,12 @@ cmndspec : runasspec selinux cmndtag opcmnd {
|
||||
cs->role = $2.role;
|
||||
cs->type = $2.type;
|
||||
#endif
|
||||
cs->tags = $3;
|
||||
cs->cmnd = $4;
|
||||
#ifdef HAVE_PRIV_SET
|
||||
cs->privs = $3.privs;
|
||||
cs->limitprivs = $3.limitprivs;
|
||||
#endif
|
||||
cs->tags = $4;
|
||||
cs->cmnd = $5;
|
||||
cs->prev = cs;
|
||||
cs->next = NULL;
|
||||
/* sudo "ALL" implies the SETENV tag */
|
||||
@@ -404,6 +421,36 @@ selinux : /* empty */ {
|
||||
}
|
||||
;
|
||||
|
||||
privsspec : PRIVS '=' WORD {
|
||||
$$ = $3;
|
||||
}
|
||||
;
|
||||
limitprivsspec : LIMITPRIVS '=' WORD {
|
||||
$$ = $3;
|
||||
}
|
||||
;
|
||||
|
||||
solarisprivs : /* empty */ {
|
||||
$$.privs = NULL;
|
||||
$$.limitprivs = NULL;
|
||||
}
|
||||
| privsspec {
|
||||
$$.privs = $1;
|
||||
$$.limitprivs = NULL;
|
||||
}
|
||||
| limitprivsspec {
|
||||
$$.privs = NULL;
|
||||
$$.limitprivs = $1;
|
||||
}
|
||||
| privsspec limitprivsspec {
|
||||
$$.privs = $1;
|
||||
$$.limitprivs = $2;
|
||||
}
|
||||
| limitprivsspec privsspec {
|
||||
$$.limitprivs = $1;
|
||||
$$.privs = $2;
|
||||
}
|
||||
|
||||
runasspec : /* empty */ {
|
||||
$$ = NULL;
|
||||
}
|
||||
@@ -716,6 +763,9 @@ init_parser(const char *path, int quiet)
|
||||
#ifdef HAVE_SELINUX
|
||||
char *role = NULL, *type = NULL;
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
char *privs = NULL, *limitprivs = NULL;
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
|
||||
while ((m = tq_pop(&priv->hostlist)) != NULL) {
|
||||
efree(m->name);
|
||||
@@ -733,6 +783,17 @@ init_parser(const char *path, int quiet)
|
||||
efree(cs->type);
|
||||
}
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
/* Only free the first instance of privs/limitprivs. */
|
||||
if (cs->privs != privs) {
|
||||
privs = cs->privs;
|
||||
efree(cs->privs);
|
||||
}
|
||||
if (cs->limitprivs != limitprivs) {
|
||||
limitprivs = cs->limitprivs;
|
||||
efree(cs->limitprivs);
|
||||
}
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
if (tq_last(&cs->runasuserlist) != runasuser) {
|
||||
runasuser = tq_last(&cs->runasuserlist);
|
||||
while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
|
||||
|
@@ -239,6 +239,13 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag)
|
||||
if (user_type == NULL)
|
||||
user_type = cs->type ? estrdup(cs->type) : def_type;
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
/* Set Solaris privilege sets */
|
||||
if (runas_privs == NULL)
|
||||
runas_privs = cs->privs ? estrdup(cs->privs) : def_privs;
|
||||
if (runas_limitprivs == NULL)
|
||||
runas_limitprivs = cs->limitprivs ? estrdup(cs->limitprivs) : def_limitprivs;
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
goto matched2;
|
||||
}
|
||||
}
|
||||
@@ -281,6 +288,12 @@ sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags,
|
||||
struct member *m;
|
||||
debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS)
|
||||
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (cs->privs)
|
||||
lbuf_append(lbuf, "PRIVS=\"%s\" ", cs->privs);
|
||||
if (cs->limitprivs)
|
||||
lbuf_append(lbuf, "LIMITPRIVS=\"%s\" ", cs->limitprivs);
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
#ifdef HAVE_SELINUX
|
||||
if (cs->role)
|
||||
lbuf_append(lbuf, "ROLE=%s ", cs->role);
|
||||
|
@@ -57,7 +57,17 @@ struct selinux_info {
|
||||
};
|
||||
|
||||
/*
|
||||
* The parses sudoers file is stored as a collection of linked lists,
|
||||
* Solaris privileges container struct
|
||||
* Currently just contains permitted and limit privileges.
|
||||
* It could have PFEXEC and PRIV_AWARE flags added in the future.
|
||||
*/
|
||||
struct solaris_privs_info {
|
||||
char *privs;
|
||||
char *limitprivs;
|
||||
};
|
||||
|
||||
/*
|
||||
* The parsed sudoers file is stored as a collection of linked lists,
|
||||
* modelled after the yacc grammar.
|
||||
*
|
||||
* Other than the alias struct, which is stored in a red-black tree,
|
||||
@@ -111,6 +121,9 @@ struct cmndspec {
|
||||
#ifdef HAVE_SELINUX
|
||||
char *role, *type; /* SELinux role and type */
|
||||
#endif
|
||||
#ifdef HAVE_PRIV_SET
|
||||
char *privs, *limitprivs; /* Solaris privilege sets */
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
|
@@ -697,6 +697,12 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
if (user_type != NULL)
|
||||
command_info[info_len++] = fmt_string("selinux_type", user_type);
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (runas_privs != NULL)
|
||||
command_info[info_len++] = fmt_string("runas_privs", runas_privs);
|
||||
if (runas_limitprivs != NULL)
|
||||
command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs);
|
||||
#endif /* HAVE_SELINUX */
|
||||
|
||||
/* Must audit before uid change. */
|
||||
audit_success(NewArgv);
|
||||
@@ -1312,6 +1318,16 @@ deserialize_info(char * const args[], char * const settings[], char * const user
|
||||
def_use_loginclass = true;
|
||||
continue;
|
||||
}
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (MATCHES(*cur, "runas_privs=")) {
|
||||
def_privs = *cur + sizeof("runas_privs=") - 1;
|
||||
continue;
|
||||
}
|
||||
if (MATCHES(*cur, "runas_limitprivs=")) {
|
||||
def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1;
|
||||
continue;
|
||||
}
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
#ifdef HAVE_SELINUX
|
||||
if (MATCHES(*cur, "selinux_role=")) {
|
||||
user_role = *cur + sizeof("selinux_role=") - 1;
|
||||
|
@@ -80,6 +80,10 @@ struct sudo_user {
|
||||
#ifdef HAVE_SELINUX
|
||||
char *role;
|
||||
char *type;
|
||||
#endif
|
||||
#ifdef HAVE_PRIV_SET
|
||||
char *privs;
|
||||
char *limitprivs;
|
||||
#endif
|
||||
char *cwd;
|
||||
char *iolog_file;
|
||||
@@ -185,6 +189,8 @@ struct sudo_user {
|
||||
#define user_role (sudo_user.role)
|
||||
#define user_type (sudo_user.type)
|
||||
#define user_closefrom (sudo_user.closefrom)
|
||||
#define runas_privs (sudo_user.privs)
|
||||
#define runas_limitprivs (sudo_user.limitprivs)
|
||||
|
||||
#ifdef __TANDEM
|
||||
# define ROOT_UID 65535
|
||||
|
@@ -636,6 +636,12 @@ print_privilege(struct privilege *priv)
|
||||
if (cs->type)
|
||||
printf("TYPE=%s ", cs->type);
|
||||
#endif /* HAVE_SELINUX */
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (cs->privs)
|
||||
printf("PRIVS=%s ", cs->privs);
|
||||
if (cs->limitprivs)
|
||||
printf("LIMITPRIVS=%s ", cs->limitprivs);
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd)
|
||||
printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : "");
|
||||
if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec)
|
||||
|
File diff suppressed because it is too large
Load Diff
@@ -504,6 +504,23 @@ ALL {
|
||||
goto got_alias;
|
||||
#endif
|
||||
}
|
||||
<INITIAL>PRIVS {
|
||||
#ifdef HAVE_PRIV_SET
|
||||
LEXTRACE("PRIVS ");
|
||||
LEXRETURN(PRIVS);
|
||||
#else
|
||||
goto got_alias;
|
||||
#endif
|
||||
}
|
||||
|
||||
<INITIAL>LIMITPRIVS {
|
||||
#ifdef HAVE_PRIV_SET
|
||||
LEXTRACE("LIMITPRIVS ");
|
||||
LEXRETURN(LIMITPRIVS);
|
||||
#else
|
||||
goto got_alias;
|
||||
#endif
|
||||
}
|
||||
|
||||
[[:upper:]][[:upper:][:digit:]_]* {
|
||||
#ifndef HAVE_SELINUX
|
||||
|
42
src/sudo.c
42
src/sudo.c
@@ -670,6 +670,28 @@ command_info_to_details(char * const info[], struct command_details *details)
|
||||
}
|
||||
break;
|
||||
}
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (strncmp("runas_privs=", info[i], sizeof("runas_privs=") - 1) == 0) {
|
||||
const char *endp;
|
||||
cp = info[i] + sizeof("runas_privs=") - 1;
|
||||
if (*cp == '\0')
|
||||
break;
|
||||
errno = 0;
|
||||
details->privs = priv_str_to_set(cp, ",", &endp);
|
||||
if (details->privs == NULL)
|
||||
warning("invalid runas_privs %s", endp);
|
||||
}
|
||||
if (strncmp("runas_limitprivs=", info[i], sizeof("runas_limitprivs=") - 1) == 0) {
|
||||
const char *endp;
|
||||
cp = info[i] + sizeof("runas_limitprivs=") - 1;
|
||||
if (*cp == '\0')
|
||||
break;
|
||||
errno = 0;
|
||||
details->limitprivs = priv_str_to_set(cp, ",", &endp);
|
||||
if (details->limitprivs == NULL)
|
||||
warning("invalid runas_limitprivs %s", endp);
|
||||
}
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
break;
|
||||
case 's':
|
||||
SET_STRING("selinux_role=", selinux_role)
|
||||
@@ -900,6 +922,26 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
#ifdef HAVE_PROJECT_H
|
||||
set_project(details->pw);
|
||||
#endif
|
||||
#ifdef HAVE_PRIV_SET
|
||||
if (details->privs != NULL) {
|
||||
if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) {
|
||||
warning("unable to set privileges");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
if (details->limitprivs != NULL) {
|
||||
if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) {
|
||||
warning("unable to set limit privileges");
|
||||
goto done;
|
||||
}
|
||||
} else if (details->privs != NULL) {
|
||||
if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) {
|
||||
warning("unable to set limit privileges");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
|
||||
#ifdef HAVE_GETUSERATTR
|
||||
aix_prep_user(details->pw->pw_name, ptyname ? ptyname : user_details.tty);
|
||||
#endif
|
||||
|
@@ -41,6 +41,10 @@
|
||||
#include "sudo_debug.h"
|
||||
#include "gettext.h"
|
||||
|
||||
#ifdef HAVE_PRIV_SET
|
||||
# include <priv.h>
|
||||
#endif
|
||||
|
||||
#ifdef __TANDEM
|
||||
# define ROOT_UID 65535
|
||||
#else
|
||||
@@ -149,6 +153,10 @@ struct command_details {
|
||||
const char *utmp_user;
|
||||
char **argv;
|
||||
char **envp;
|
||||
#ifdef HAVE_PRIV_SET
|
||||
priv_set_t *privs;
|
||||
priv_set_t *limitprivs;
|
||||
#endif
|
||||
};
|
||||
|
||||
/* Status passed between parent and child via socketpair */
|
||||
|
Reference in New Issue
Block a user