isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,154 Commits 1 Branch 0 Tags
18f1884ddc6b984b463e4392bdd0444431471d5c
Commit Graph

133 Commits

Author SHA1 Message Date
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
786e5865cb Add "intercept" Defaults setting to allow interception of sub-commands. 
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell.  Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
5813358b2b Don't print a NULL as a string if role/type/privs/limitprivs is not set. 
We can't rely on printf("%s", NULL) not crashing.
 2021-02-18 06:09:08 -07:00
Todd C. Miller
561740cd54 Always dynamically allocate user_role, user_type, user_privs, user_limitprivs 2021-02-14 07:47:48 -07:00
Todd C. Miller
6286ce1d16 Store column number for aliases, defaults and userspecs too. 
This is used to provided the column number along with the line
number in error messages.  For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
 2020-11-02 05:39:06 -07:00
Todd C. Miller
10d3d69aa1 Pass a struct to the match functions to track the resolved command. 
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
 2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
9ff960457a Add support for runchroot and runcwd to "sudo -l" and cvtsudoers. 2020-09-01 06:26:05 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
49e43f580c Avoid passing NULL to printf in match debug code for LDAP/SSSD. 
The file name in struct userspec was not set for the LDAP and SSSD
backends.  There is no actual file in this case so set the name to
LDAP/SSSD.  Also add a guard to make sure we don't try to print
NULL in sudoers_lookup_check() if name is left unset.
 2020-06-04 11:31:12 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
d494b81556 The fix for bug #869 broke "sudo -v" when verifypw=all (the default) 2019-10-15 07:23:51 -06:00
Todd C. Miller
5e424640b9 Use strftime(3) instead of formatting struct tm by hand. 
Fixes a warning on newer versions of gcc.
 2019-07-19 20:14:44 -06:00
Todd C. Miller
12c29e91bd Use the runhost for "User foo is not allowed to run sudo on bar." 
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host specified via -h.
 2019-05-29 15:26:57 -06:00
Todd C. Miller
e28ba02c78 Fix a typo. 2019-05-22 08:58:51 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
ecc9c366e4 Fix listpw=never and verifypw=never. Bug #869 2019-01-22 06:41:16 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
1e5af35564 Refactor code to convert defaults to tags and do conversion on 
output for "sudo -l".

Remove the short_list (was long_list) global in favor of a verbose
argument.
 2018-08-05 07:17:34 -06:00
Todd C. Miller
608574a219 For ldap/sssd, include defaults in the generate privilege unless 
we are listing in short mode (in which case we convert them to tags
if possible).  Fixes a problem where sudoOptions were not being
applied to the command.
 2018-08-02 14:45:00 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
0b31f186cd Move cached userspecs and defaults into the handle object. 2018-05-29 09:39:40 -06:00
Todd C. Miller
1494f25ba3 Fix logic inversion when handing the authenticate Defaults option 
for "sudo -l" and "sudo -v" in long list mode.
 2018-05-16 12:14:14 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
64e99328e3 Move sudoers formatting code into fmtsudoers. 2018-02-09 18:22:04 -07:00
Todd C. Miller
dda1d6cef7 Clean up some XXX in parse.c 2018-02-09 18:22:03 -07:00
Todd C. Miller
2522229e86 Rename sudo_file_append_default() -> sudo_lbuf_append_default() and 
use it for ldap and sssd too.
 2018-02-09 18:22:02 -07:00
Todd C. Miller
4e2402a8e4 Convert ldap results into a sudoers userspec so we can use the "sudo 
-l" output functions in parse.c.
 2018-02-09 18:21:01 -07:00
Todd C. Miller
105ced47b8 For "sudo -l", if a word includes spaces, print it in double quotes. 
Also escape spaces in the command path.  This matches the sudoers
quoting rules.
 2018-02-03 06:59:37 -07:00
Todd C. Miller
df08d0d8f4 When printing a member name, quote sudoers special characters unless 
it is a UID/GID, in which case we print the '#' unquoted.
 2018-02-02 14:29:17 -07:00
Todd C. Miller
f4ce2b25fc Move SUDOERS_QUOTED define to parse.h 2018-02-02 06:28:04 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
bcc0eeb575 Avoid calling cmnd_matches() in list/verify mode if we already have 
a match.
 2017-11-15 15:09:25 -07:00
Todd C. Miller
88faa58735 In list (-l) or verify (-v) mode, if we have a match but authentication 
is required, clear FLAG_NOPASSWD so that when listpw/verifypw is
set to "all" and there are multiple sudoers sources a password will
be required unless none of the entries in all sources require
authentication.  From Radovan Sroka of RedHat
 2017-11-15 15:06:45 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00