isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,314 Commits 1 Branch 0 Tags
003f9550f175f0dff7ca437ee59b5c5bc1f4b36c
Commit Graph

11314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
518bc1b25f Only append argv[] to the log line if argv[0] is not NULL. 
It should not be possible to reach this point with a command defined
but argv[] empty but it doesn't hurt to check.
 2021-09-19 13:56:56 -06:00
Todd C. Miller
613468e4d2 Only warn about an undefined alias or a cycle a single time. 
There's no point in warning about the same problem multiple times.
This implementation assumes a small number of warnings and so just
uses a simple listed link.
 2021-09-18 13:41:51 -06:00
Todd C. Miller
1d2512ae10 Remove now-unused CHECK_INTERCEPT variable. 2021-09-18 13:38:55 -06:00
Todd C. Miller
d9e8c852ba Quiet pvs-studio false positive: V557 Array overrun is possible. 
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
 2021-09-18 09:51:32 -06:00
Todd C. Miller
292916f43c Test that digest matching works with LDAP sudoCommand: ALL 2021-09-17 20:41:34 -06:00
Todd C. Miller
702746f96b Allow a digest to be specified with the "ALL" command for ldap/sssd back-ends. 
This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was made for ldap/sssd.
 2021-09-17 15:29:00 -06:00
Todd C. Miller
49bf0cc84b Use localtime_r() not gmtime_r() when formatting the local time. 
This is consistent with how sudo formatted time stamps prior to
the logging code being split off into libeventlog.
We only need to use gmtime_r() for ISO 8601 time.
 2021-09-17 14:01:29 -06:00
Todd C. Miller
55171df5e5 Check strftime(3) return value in all cases. 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
 2021-09-17 14:01:28 -06:00
Todd C. Miller
698481492c Standardize on "front-end" not "front end" in the man pages. 2021-09-17 10:55:06 -06:00
Todd C. Miller
7c550c5d10 Plugin lines are for approval and audit plugins too. 2021-09-17 10:55:06 -06:00
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
46d71c4360 Store milliseconds in the debug file timestamp. 
Sometime second granularity is not enough.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
78eb240642 When using pkg-config, don't assume the names of the ssl and crypto libs. 
On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting with the system libs.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4289e9609d Teach mkdep.pl about --tag=disable-static in LTFLAGS. 
If static objs are disabled we need to add explicit dependencies for
.o files.  The OpenBSD libtool doesn't use a pic object file when
linking executables so we need to build the non-pic objects too.
 2021-09-13 09:33:17 -06:00
Todd C. Miller
229dfe175d Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. 
The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
binaries will run (not just link).
 2021-09-13 09:33:12 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
052391da9c Add --enable-openssl-pkgconfig-template option. 
This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also libcrypto).
 2021-09-13 09:33:09 -06:00
Todd C. Miller
ecc3aeffc6 Some POSIX yacc fixes for bison 3.8 
yyerror() must be extern void
declare tokens with type instead of using separate %type lines
 2021-09-13 09:33:07 -06:00
Todd C. Miller
18613eee22 mkpkg: limit the number of cores used to 16 2021-09-17 09:10:27 -06:00
Todd C. Miller
cf225d2f10 Add a test to exercise Bug #994 2021-09-17 09:10:27 -06:00
Todd C. Miller
2445576e9b fix typo 2021-09-16 13:49:32 -06:00
Todd C. Miller
eab915ae97 Bug #994. 2021-09-16 11:36:50 -06:00
Todd C. Miller
0c30976ae6 Always allocate a struct sudo_command for the command, even for ALL. 
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that give sudo "ALL" privileges.
Bug #994.
 2021-09-16 11:24:26 -06:00
Todd C. Miller
31e4a0a0a6 Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS 
Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library search path.
 2021-09-16 11:01:07 -06:00
Todd C. Miller
2d632937e6 Fix the OpenSSL link order for the non-pkg-config case. 
Since -lssl depends on -lcrypto, -lcrypto must be listed after -lssl.
Fixes linking of non-dynamic OpenSSL libs.
 2021-09-16 10:04:22 -06:00
Todd C. Miller
e1653be435 Sudo 1.9.8p1 2021-09-15 11:32:52 -06:00
Todd C. Miller
51d5f05e67 sudo_interposer_init: verify message type from sudo 
We should only get a HelloResponse from sudo at this point.
 2021-09-15 11:20:45 -06:00
Todd C. Miller
db750232c5 Avoid symbol name clash to fix --enable-static-sudoers linking. 2021-09-15 11:19:03 -06:00
Todd C. Miller
d7cdf1e47c append_defaults() should not be passed a value for boolean flags. 
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front-end.
Bug #993.
 2021-09-14 08:02:37 -06:00
Todd C. Miller
4b5a67cf8e Add src/intercept.exp to ignore files. 2021-09-09 12:21:20 -06:00
Todd C. Miller
197d4ced38 regen 2021-09-08 17:24:50 -06:00
Todd C. Miller
02966f059e Mention --enable-static-sudoers fix. 2021-09-08 17:10:30 -06:00
Todd C. Miller
4b365300a7 Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to SUDOERS_LDFLAGS. 
Copy pasta is not always the best kind of pasta.
 2021-09-08 15:31:08 -06:00
Todd C. Miller
3a4aec7a62 sudo_intercept.so: only replace execvpe() if it is present. 
execvpe() is a GNU extension also found on *BSD (but not macOS).
 2021-09-08 11:09:59 -06:00
Todd C. Miller
6d5f450a62 We now intercept more than just execve(). 2021-09-08 09:52:10 -06:00
Todd C. Miller
6c456127b3 Implement simple PATH resolution for execvp(). 
We want to use PATH from the current value of the environment, not
the initial value of PATH when the policy was opened.
This is a little different from how real execvp() works since we
use stat() instead of just execve().
 2021-09-07 19:55:47 -06:00
Todd C. Miller
7ae62866e4 Add support for execl, execle, execlp, execvp, and execvpe. 
Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated by the shell.
 2021-09-07 19:55:45 -06:00
Todd C. Miller
bf60451845 Remove conditional include of alloca.h, we don't define HAVE_ALLOCA_H. 
The configure check for alloca() was removed long ago but this got
missed.
 2021-09-03 16:03:48 -06:00
Todd C. Miller
aac09cf7be Define RBAC and mention incompatibility with intercept/log_subcmds. 2021-09-03 14:19:32 -06:00
Todd C. Miller
157ceadfab Fix computation of the token address when handling a partial read. 
We want to treat it as an array of bytes, not an array of tokens.
Coverity CID 240011
 2021-09-02 14:15:50 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
9a9a22e93e Regen .pot files. 2021-09-02 12:20:08 -06:00
Todd C. Miller
2f6cacd1ec Updated translations from translationproject.org 2021-09-02 12:20:05 -06:00
Todd C. Miller
967bcab4db regen 2021-09-01 13:37:17 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
5c2f1ebbcf We now intercept execv() too. 2021-09-01 13:11:42 -06:00
Todd C. Miller
190e495b64 INSTALL: --disable-intercept will also disable "log_subcmds" 2021-09-01 13:10:15 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00