isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,830 Commits 1 Branch 0 Tags
main
Commit Graph

281 Commits

Author SHA1 Message Date
Todd C. Miller
17868f89d7 Fix a bug in host matching where a negated sudoHost entry would 
prevent other sudoHosts following it from matching.
 2016-11-08 14:35:23 -07:00
Todd C. Miller
738c3cbf3e Use "ret", not "rc" for the function return value. 2016-11-07 13:39:42 -07:00
Todd C. Miller
df8404dbd4 Instead of parsing sudoers Defaults twice, parse once while reading 
sudoers and then just set the parsed value in update_defaults().
 2016-11-06 18:59:49 -07:00
Todd C. Miller
75e29f163e Add file:linenumber prefix to all Defaults warnings so we can see 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
 2016-11-02 17:07:32 -06:00
Todd C. Miller
a401107564 Check for sudo_ldap_result_last_search() returning NULL. This can't 
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.
 2016-10-26 13:49:05 -06:00
Todd C. Miller
0a68d6799e Fix matching when no sudoRunAsUser is present in a sudoRole. 
If only a sudoRunAsGroup is present, match on the invoking user
if the -g option was specified and the group matched.
If no sudoRunAsGroup is present and the -g option was specified,
allow it if it matches the passwd gid of the runas user.
This matches the behavior of the sudoers backend.
 2016-09-19 06:19:49 -06:00
Todd C. Miller
9a55c0c25d user_matched and group_matched must be type int, not bool 2016-09-15 15:22:06 -06:00
Todd C. Miller
b165a5ff71 Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding 
whether to check runas user/group instead of checking runas_pw or
runas_gr.
 2016-09-15 13:47:38 -06:00
Todd C. Miller
0ff95dfaaa When matching against runas_default use userpw_matches() instead 
of just strcasecmp().
 2016-09-15 13:36:43 -06:00
Todd C. Miller
d64153967e Fix printing of the default runas user when a RunAsGroup is specified 
but no RunAsUser is present.
 2016-09-15 11:29:27 -06:00
Todd C. Miller
fb32867e4c Only match against runas_default if both sudoRunAsUser and 
sudoRunAsGroup are missing.
 2016-09-15 10:46:57 -06:00
Todd C. Miller
ef82f792a1 Update check for whether or not the runas user was set in the ldap 
and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.
 2016-09-15 09:37:53 -06:00
Todd C. Miller
f51fbfa40d Support negated sudoHost entries. 2016-09-14 10:22:52 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00
Todd C. Miller
5b51b7f11a Fix "sudo -l command" in the LDAP and SSS backends when the command 
is not allowed.
 2016-08-29 10:04:24 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
9d94ee11c0 Avoid passing around struct defaults when it is not needed. As a 
result, we no longer need to include gram.h in the LDAP and SSSD
backends.
 2016-08-08 20:09:59 -06:00
Todd C. Miller
0bf2d9b162 Instead of deferring setting early defaults until we have traversed 
the entire defaults list, just defer running the callbacks.  Otherwise,
if the last early default setting we see has a bad value we won't
set any defaults of that type even if there was an earlier one that
was valid.
 2016-08-08 17:04:20 -06:00
Todd C. Miller
16551031f9 Add support for early defaults to the ldap and sssd backends. 2016-07-27 14:20:17 -06:00
Todd C. Miller
256ca993b9 Update defaults in visudo after sudoers has been edited so we pick 
up locale changes.  The init_defaults() function will now re-init
the sudoers locale.
 2016-07-22 10:41:56 -06:00
Todd C. Miller
a71cac91f2 Avoid using !strcmp() 2016-06-03 13:58:12 -06:00
Todd C. Miller
9d526c1af5 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:34:13 -06:00
Todd C. Miller
194c7c8069 In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label 
so we only have to cleanup in one place.  Coverity CID 104577.
 2016-05-07 08:18:27 -06:00
Todd C. Miller
0568fa90cf Fix memory leak in sudo_netgroup_lookup() in the non-error case. 
Coverity CID 104572, 104573, 104574, 104575.
 2016-05-07 07:57:15 -06:00
Todd C. Miller
334b8f36a8 Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails. 
Coverity CID 104571.
 2016-05-07 07:49:35 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
6717c32022 When determining whether or not "sudo -l" or "sudo -b" should prompt 
for a password, take all sudoers sources into account.  In other
words, if both file and ldap sudoers sources are in use, "sudo -v"
will now require that all entries in both sources be have NOPASSWD
(file) or !authenticate (ldap) in the entries.
 2016-04-19 10:08:51 -06:00
Todd C. Miller
95dd64ea75 Fix the check for whether a user is allowed to lists another user's 
privileges.  The "matched" variable is not boolean, it can also
have the value UNSPEC so we need to check explicitly for true.
Bug #738
 2016-02-26 09:32:08 -07:00
Todd C. Miller
f4e5b135bb Update copyright year 2016-01-20 15:40:51 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
9d7bc0311f Use asprintf() to generate the netgroup filter instead of using 
lots of concatenation.
 2016-01-12 14:29:09 -07:00
Todd C. Miller
55fdf66c1d In sudo_netgroup_lookup() only build up the search filter once 
instead of once per netgroup_base.
 2016-01-11 16:35:05 -07:00
Todd C. Miller
7c454656d5 It is safe to pass ldap_msgfree() a NULL pointer. 2016-01-11 16:24:22 -07:00
Todd C. Miller
ae5a2f4072 On overflow, warn before freeing anything. 2016-01-11 16:23:19 -07:00
Todd C. Miller
0f991ff78b Use user_runhost and user_srunhost instead of user_host and user_shost. 
Fixes "sudo -l -h other_host" for LDAP and sssd.
 2016-01-11 15:54:02 -07:00
Todd C. Miller
14b454cc0d Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:44:05 -07:00
Todd C. Miller
d46d0fbc6f When parsing sudoOptions that include an operator (!, +, +=, -=) 
strip out any whitespace on either side of the operator.
 2015-12-09 14:57:33 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
ff5b6dbb60 Add missing check for calloc(3) return value. 2015-07-14 13:56:29 -06:00
Todd C. Miller
ea85db3ecd Add support for parsing quoted strings in a sudoOption just like 
sudoers Defaults settings.
 2015-07-07 10:58:05 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
54f9de6cce Add an error flag to the lbuf struct to simplify error checking. 
Callers of the lbuf functions now check the error flag to tell if
a memory allocation error ocurred.
 2015-06-26 15:58:04 -06:00
Todd C. Miller
81f94499bf Check restore_perms() return value in all cases, pushing the 
return value back up the call stack.
 2015-06-25 11:12:36 -06:00
Todd C. Miller
d84757951f Silence clang analyzer warning on glibc systems where the first 
argument to qsort() is marked as non-NULL.
Also change some counters from into to unsigned int and two flags
from int to bool.
 2015-06-24 10:32:08 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00