intercept_check_policy: add oom label and fix approval failure case.
If the approval plugin fails we need to set the state to POLICY_REJECT just like we do if the policy rejected the command.
This commit is contained in:
Todd C. Miller
@@ -341,7 +341,7 @@ bad:
|
|||||||
/*
|
/*
|
||||||
* Perform a policy check for the given command.
|
* Perform a policy check for the given command.
|
||||||
* While argv must be NULL-terminated, envp need not be.
|
* While argv must be NULL-terminated, envp need not be.
|
||||||
* The status of the policy check is stored in closure->state.
|
* Sets closure->state to the result of the policy check before returning.
|
||||||
* Return false on error, else true.
|
* Return false on error, else true.
|
||||||
*/
|
*/
|
||||||
bool
|
bool
|
||||||
@@ -353,7 +353,7 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
|
|||||||
char **command_info_copy = NULL;
|
char **command_info_copy = NULL;
|
||||||
char **user_env_out = NULL;
|
char **user_env_out = NULL;
|
||||||
char **run_argv = NULL;
|
char **run_argv = NULL;
|
||||||
bool ret = false;
|
bool ret = true;
|
||||||
int i, rc;
|
int i, rc;
|
||||||
debug_decl(intercept_check_policy, SUDO_DEBUG_EXEC);
|
debug_decl(intercept_check_policy, SUDO_DEBUG_EXEC);
|
||||||
|
|
||||||
@@ -371,10 +371,8 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
|
|||||||
/* Rebuild command_info[] with runcwd and extract command. */
|
/* Rebuild command_info[] with runcwd and extract command. */
|
||||||
command_info_copy = update_command_info(command_info, NULL,
|
command_info_copy = update_command_info(command_info, NULL,
|
||||||
runcwd ? runcwd : "unknown", &closure->command);
|
runcwd ? runcwd : "unknown", &closure->command);
|
||||||
if (command_info_copy == NULL) {
|
if (command_info_copy == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
command_info = command_info_copy;
|
command_info = command_info_copy;
|
||||||
closure->state = POLICY_ACCEPT;
|
closure->state = POLICY_ACCEPT;
|
||||||
break;
|
break;
|
||||||
@@ -384,28 +382,24 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
|
|||||||
audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN,
|
audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN,
|
||||||
closure->errstr, command_info);
|
closure->errstr, command_info);
|
||||||
closure->state = POLICY_REJECT;
|
closure->state = POLICY_REJECT;
|
||||||
ret = true;
|
|
||||||
goto done;
|
goto done;
|
||||||
default:
|
default:
|
||||||
goto done;
|
/* Plugin error? */
|
||||||
|
goto bad;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* No actual policy check, just logging child processes. */
|
/* No actual policy check, just logging child processes. */
|
||||||
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
|
||||||
"not checking policy, audit only");
|
"not checking policy, audit only");
|
||||||
closure->command = strdup(command);
|
closure->command = strdup(command);
|
||||||
if (closure->command == NULL) {
|
if (closure->command == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Rebuild command_info[] with new command and runcwd. */
|
/* Rebuild command_info[] with new command and runcwd. */
|
||||||
command_info = update_command_info(closure->details->info,
|
command_info = update_command_info(closure->details->info,
|
||||||
command, runcwd ? runcwd : "unknown", NULL);
|
command, runcwd ? runcwd : "unknown", NULL);
|
||||||
if (command_info == NULL) {
|
if (command_info == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
closure->state = POLICY_ACCEPT;
|
closure->state = POLICY_ACCEPT;
|
||||||
run_argv = argv;
|
run_argv = argv;
|
||||||
}
|
}
|
||||||
@@ -427,31 +421,23 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
|
|||||||
for (i = 0; run_argv[i] != NULL; i++)
|
for (i = 0; run_argv[i] != NULL; i++)
|
||||||
continue;
|
continue;
|
||||||
closure->run_argv = reallocarray(NULL, i + 1, sizeof(char *));
|
closure->run_argv = reallocarray(NULL, i + 1, sizeof(char *));
|
||||||
if (closure->run_argv == NULL) {
|
if (closure->run_argv == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
for (i = 0; run_argv[i] != NULL; i++) {
|
for (i = 0; run_argv[i] != NULL; i++) {
|
||||||
closure->run_argv[i] = strdup(run_argv[i]);
|
closure->run_argv[i] = strdup(run_argv[i]);
|
||||||
if (closure->run_argv[i] == NULL) {
|
if (closure->run_argv[i] == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
closure->run_argv[i] = NULL;
|
closure->run_argv[i] = NULL;
|
||||||
|
|
||||||
/* Make a copy of envp, which may not be NULL-terminated. */
|
/* Make a copy of envp, which may not be NULL-terminated. */
|
||||||
closure->run_envp = reallocarray(NULL, envc + 1, sizeof(char *));
|
closure->run_envp = reallocarray(NULL, envc + 1, sizeof(char *));
|
||||||
if (closure->run_envp == NULL) {
|
if (closure->run_envp == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
for (i = 0; i < envc; i++) {
|
for (i = 0; i < envc; i++) {
|
||||||
closure->run_envp[i] = strdup(envp[i]);
|
closure->run_envp[i] = strdup(envp[i]);
|
||||||
if (closure->run_envp[i] == NULL) {
|
if (closure->run_envp[i] == NULL)
|
||||||
closure->errstr = N_("unable to allocate memory");
|
goto oom;
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
closure->run_envp[i] = NULL;
|
closure->run_envp[i] = NULL;
|
||||||
|
|
||||||
@@ -460,24 +446,32 @@ intercept_check_policy(const char *command, int argc, char **argv, int envc,
|
|||||||
closure->run_argv, closure->run_envp);
|
closure->run_argv, closure->run_envp);
|
||||||
|
|
||||||
/* Call approval plugins and audit the result. */
|
/* Call approval plugins and audit the result. */
|
||||||
if (!approval_check(command_info, closure->run_argv, closure->run_envp))
|
if (!approval_check(command_info, closure->run_argv, closure->run_envp)) {
|
||||||
debug_return_int(0);
|
if (closure->errstr == NULL)
|
||||||
|
closure->errstr = N_("approval plugin error");
|
||||||
|
closure->state = POLICY_REJECT;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Audit the event again for the sudo front-end. */
|
/* Audit the event again for the sudo front-end. */
|
||||||
audit_accept("sudo", SUDO_FRONT_END, command_info, closure->run_argv,
|
audit_accept("sudo", SUDO_FRONT_END, command_info, closure->run_argv,
|
||||||
closure->run_envp);
|
closure->run_envp);
|
||||||
|
|
||||||
ret = true;
|
goto done;
|
||||||
|
|
||||||
done:
|
oom:
|
||||||
if (!ret) {
|
closure->errstr = N_("unable to allocate memory");
|
||||||
|
|
||||||
|
bad:
|
||||||
if (closure->errstr == NULL)
|
if (closure->errstr == NULL)
|
||||||
closure->errstr = N_("policy plugin error");
|
closure->errstr = N_("policy plugin error");
|
||||||
audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, closure->errstr,
|
audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, closure->errstr,
|
||||||
command_info ? command_info : closure->details->info);
|
command_info ? command_info : closure->details->info);
|
||||||
closure->state = POLICY_ERROR;
|
closure->state = POLICY_ERROR;
|
||||||
}
|
ret = false;
|
||||||
|
|
||||||
|
done:
|
||||||
if (command_info_copy != NULL) {
|
if (command_info_copy != NULL) {
|
||||||
for (i = 0; command_info_copy[i] != NULL; i++) {
|
for (i = 0; command_info_copy[i] != NULL; i++) {
|
||||||
free(command_info_copy[i]);
|
free(command_info_copy[i]);
|
||||||
|
|||||||
Reference in New Issue
Block a user