isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,830 Commits 1 Branch 0 Tags
main
Commit Graph

316 Commits

Author SHA1 Message Date
Todd C. Miller
46e31a74d7 Add "json_pretty" log format, currently the same as "json". 
In a future version, "json" will be an alias for "json_compact"
instead.  GitHub issue #357.
 2024-03-09 10:59:54 -07:00
Todd C. Miller
a85494b5c4 Add ttydev to sudoers_user_context and use for timestamp file. 
GitHub issue #329
 2023-11-25 16:26:45 -07:00
Todd C. Miller
39ea3176c1 Replace submit_time in struct sudoers_context with start_time. 
We need to track the (monotonic) command start time to be able to
generate an accurate run time.  Instead of setting submit time when
the policy initializes (and using that time for logging purposes),
set evlog->submit_time to the current wallclock time when we need
to perform logging.  This is more consistent with how sudo logging
was performed in the past.  Fixes GitHub issues #327.
 2023-11-23 09:08:04 -05:00
Todd C. Miller
e0d912d1db Use C99 designated struct initializers. 
This is less error-prone and would have avoided GitHub issue #325.
 2023-11-07 14:47:48 -07:00
Todd C. Miller
87c193f3f9 Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER. 
Fixes GitHub issue #325, a bug introduced in sudo 1.9.15.
 2023-11-07 13:38:30 -07:00
Todd C. Miller
886f1414eb Move the check for running setid commands in intercept mode to later. 
Checking for setid commands in intercept mode after command matching
allows us to log a proper error message.  Previously, we simply
ignored setid commands when matching and the only indication of why
was in the debug logs.
 2023-11-02 13:44:17 -06:00
Todd C. Miller
392ae0f030 Avoid a double-free in fuzz_policy caused by the early env_init(NULL). 
This adds an env_free() function to explicitly free both the old
and new copies of the environment.  It is really only needed by
fuzz_policy, which calls the policy module multiple times.
 2023-10-22 09:56:16 -06:00
Todd C. Miller
726b646b48 struct eventlog: rename argv/env to runargv/runenv. 
This matches the JSON logs.
 2023-10-21 19:15:46 -06:00
Todd C. Miller
c7a61a9438 struct sudoers_user_context: rename env_vars to env_add 2023-10-21 19:15:45 -06:00
Rose
97f8052427 Add restrict to strlcpy and expand_prompt 2023-10-17 10:33:15 -06:00
Todd C. Miller
2d437c793d Fix spelling: resistent -> resistant 2023-10-12 10:20:34 -06:00
Todd C. Miller
29feb41da2 max_groups in sudoers_plugin_settings is no longer used. 2023-09-25 11:32:15 -06:00
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
6e75f2311d Add resolve_cmnd(), a wrapper around find_path(). 
This is a convenience function that sets PERM_RUNAS and calls
find_path().  If the command is not found it will retry with PERM_USER
instead.
 2023-09-18 12:42:51 -06:00
Todd C. Miller
8fcb21b5cd Promote strict field in sudoers_parser_config from bool to int. 
This will be used by visudo to indicate when "visudo -s" is run.
 2023-09-18 12:42:51 -06:00
Todd C. Miller
c277e55f42 Rename callbacks.c -> sudoers_cb.c. 2023-09-18 12:42:51 -06:00
Todd C. Miller
a127ddf6db Undefine AUTH_{SUCCESS,FAILURE,ERROR} before defining them. 
Quiets a warning on AIX where usersec.h defines AUTH_SUCCESS and
AUTH_FAILURE.  We avoided this problem in the past because the old
values for AUTH_SUCCESS and AUTH_FAILURE match what AIX defines.
 2023-09-15 10:53:28 -06:00
Todd C. Miller
51d6b0f425 Promote verbose flag to int for display_privs and display_cmnd. 
A negative verbosity will prevent non-error output from being
displayed.
 2023-09-15 10:01:35 -06:00
Todd C. Miller
b8f2680cf0 Make flag in union sudo_defs_val bool to match how it is used. 
Adjust find_path()'s ignore_dot function argument to match.
 2023-09-13 14:59:29 -06:00
Todd C. Miller
a9801cc99d Parse euid and egid from sudo front-end. 
These are needed by bsm_audit.c.
 2023-09-13 12:43:39 -06:00
Todd C. Miller
38ddbb14f1 Parse pid and ppid from sudo front-end. 
We can now use the stored ppid in ts_init_key().
 2023-09-13 12:29:40 -06:00
Todd C. Miller
0b52ffd1a2 Don't expose the implementation of the pivot_root state. 2023-09-11 16:15:41 -06:00
Todd C. Miller
c54bdd799b Return AUTH_* flags from check_user() instead of 1/0/-1. 2023-09-09 14:59:46 -06:00
Todd C. Miller
2fdb4db339 Wrap valid_shell and add to sudo_pwutil_set_backend(). 
This will make it possible to support a different getusershell()
implementation for testsudoers in the future.
 2023-09-09 14:48:25 -06:00
Todd C. Miller
d18ee8e0e7 Move check_user_shell() to pwutil.c as user_shell_valid() 
This will make it possible to support a different backend which may
be used by testsudoers in the future.
 2023-09-09 14:07:28 -06:00
Todd C. Miller
956de5cbbc sudoers_sethost: refactor code to set host names in sudoers_context. 
The sudoers_sethost() function can be shared by the sudoers plugin,
visudo, cvtsudoers and testsudoers.
 2023-09-02 15:25:58 -06:00
Todd C. Miller
05f823df22 Move sudoers_debug.c prototypes to sudoers_debug.h. 2023-08-29 13:54:45 -06:00
Todd C. Miller
35a7283dd9 sudo_conv, sudo_printf and plugin_event_alloc live in policy.c. 2023-08-29 13:46:43 -06:00
Todd C. Miller
75209e2718 Rename check.h -> timestamp.h and add remaining timestamp.c prototypes. 2023-08-29 11:16:23 -06:00
Todd C. Miller
3c05e748a4 Add ignore_perms plugin argument to skip the sudoers file security checks. 
This is not intended to be used in a production environment.
 2023-08-29 09:55:09 -06:00
Todd C. Miller
30fc288291 Move tty_present() into policy.c as sudoers_tty_present(). 
This function is policy-dependent.  For the modern sudo front-end
it will simply check tcpgid and/or ttypath.
 2023-08-25 11:19:42 -06:00
Todd C. Miller
091051125b Move timestampowner sudoers callback to timestamp.c. 2023-08-22 17:04:08 -06:00
Todd C. Miller
c7157ce0b1 Move a few fields from sudoers_user_contect to sudoers_context. 
They are not really specific to the user or user-specified.
 2023-08-21 15:30:12 -06:00
Todd C. Miller
8161205447 MODE_KILL is never set in the sudoers plugin, remove it. 2023-08-21 12:52:21 -06:00
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
837da1bef0 Move NewArgv, NewArgc and saved_argv into struct sudoers_context. 2023-08-21 09:22:24 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
20baa39007 Move max_groups out of sudoers_user_context and into pwutil.c. 
It is only used by the local password pwutil implementation.
 2023-08-14 16:29:15 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00
Todd C. Miller
392f0d61cb Make path_plugin_dir private to policy.c and add getter. 2023-08-13 17:05:00 -06:00
Todd C. Miller
217b7b46f3 Move list_pw global into struct runas_context. 2023-08-13 09:34:57 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
30c49288f7 Make sudoers_user_ctx_free() private to sudoers.c 2023-08-12 10:39:48 -06:00