isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,602 Commits 1 Branch 0 Tags
2eb8ff17be0d028cc44aaaca0a74eb75a6151305
Commit Graph

232 Commits

Author SHA1 Message Date
Todd C. Miller
4ab6a87b96 Initialize intercept_allow_setid to true if we use ptrace(2) and seccomp(2). 2022-05-04 13:32:28 -06:00
Todd C. Miller
65e5b89f1d Pass file, line and column to sudoers defaults callbacks. 2022-03-10 13:35:58 -07:00
Todd C. Miller
d7ddff2a31 Add a hook for sudoers parse errors (including defaults and aliases). 
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
 2022-03-10 13:30:56 -07:00
Todd C. Miller
7d3f9293c6 Preserve the column and error message when there is a syntax error. 
This information is now included in the error mail sent to root.
 2022-03-06 18:54:30 -07:00
Todd C. Miller
5ea0bf4ee2 Escape/unescape commas when serializing/deserializing a stringlist. 2022-01-28 08:52:42 -07:00
Todd C. Miller
86f123cd9d Pass the operator to the Defaults callback too. 
That way we can tell what to do in callbacks for lists.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
48bc498a6f Add pam_askpass_service sudoers setting for "sudo -A". 
This makes it possible to use a different PAM configuration for
when "sudo -A" is used.  The main use case is to only use PAM modules
that can interact with the askpass program.  GitHub issue #112.
 2022-01-08 11:35:03 -07:00
Todd C. Miller
521ef37aea Push non-interactive mode checking down into the auth methods. 
For "sudo -n" we only want to reject a command if user input is
actually required.  In the case of PAM at least, we may not need
to interact with the user.  Bug #956, GitHub issue #83
 2022-01-04 18:57:36 -07:00
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
9798fd86bf Add garbage collection to resolve_editor(). 
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
 2021-08-10 12:58:18 -06:00
Todd C. Miller
788708c9ff Add intercept_authenticate sudoers option, defaults to false. 
By default, sudoers will not require authentication of commands run
via an intercepted session.  To require authenticaton of subsequent
commands, enable intercept_authenticate in sudoers.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
132936f8f0 Make it possible to call the sudoers policy check function multiple times. 
We need to reset the Defaults values to their original state.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
fa7250ead7 Create a UUID and log it in the JSON version of the event log. 2021-07-15 11:07:25 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
7463a1989f Add sudo_mkgrent(), to be used to prime the group cache in tests/fuzzers. 2021-02-22 08:00:46 -07:00
Todd C. Miller
52e3fcc795 Free struct sudo_user in sudoers_policy_close() and sudoers_cleanup(). 
Also, do not NULL out the close function if NO_LEAKS is defined.
 2021-02-15 08:29:47 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
3237a18ee3 Use sudoersrestart() in fuzz_sudoers.c 
Since we run the parser multiple times we need to restart it each time.
 2021-02-03 12:52:15 -07:00
Todd C. Miller
a74e8502c0 Garbage collect unused gc_remove() function. 2021-02-01 15:08:08 -07:00
Todd C. Miller
c9eff93854 strvec_join: free result on error and actually use separator char 2021-01-28 05:57:23 -07:00
Todd C. Miller
29acc64192 Refactor code to flatten an argument vector into a string. 
This is used when building up the user_args string.
 2021-01-27 21:27:14 -07:00
Todd C. Miller
2804c2c78e Add strlcpy_unescape() function to undo escaping from front-end. 
Includes unit test.
 2021-01-27 15:41:54 -07:00
Todd C. Miller
63739dd326 Store the user-provided runas user and group name in struct sudo_user. 
This makes it available for event logging in case the name doesn't resolve.
 2020-12-05 09:05:42 -07:00
Todd C. Miller
008a0e8dc1 Store iolog_path in struct sudo_user for use in the event log. 2020-12-05 08:31:46 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
226307591c Log the runcwd not submitcwd in the sudo-style log file. 
The log entry should reflect the working directory the command
actually ran in.
 2020-09-02 11:23:26 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
b519481912 Defer logging of the successful command until approval plugins have run. 
This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.
 2020-06-02 09:07:46 -06:00
Todd C. Miller
d85d370c63 Add dependent system includes to make sudo_*.h more standalone. 
In the past we've relied on the various .c files to include the
system headers that define types that the sudo_*.h headers require.
This is fragile and can cause issues when includes get re-ordered.
 2020-05-18 04:47:21 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup. 
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
 2020-04-01 14:41:38 -06:00
Todd C. Miller
45e589d443 Pass back a failure or error string to the front end. 
The audit_failure() function now stores the failure string.
This will allow an audit plugin to log the reason if the user's
request is a rejected.
 2020-01-30 13:25:36 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e0c9a9dfa3 Move mkdir_parents to libsudo_util. 2019-10-24 20:04:31 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
e1205f08d6 Add simple API for to allow reading environment data from different sources. 
Currently, this is used to read a file like /etc/environment.
 2019-02-20 17:05:02 -07:00
Todd C. Miller
928faf27f2 Add fallback values for sudoers uid, gid and mode if not set in Makefile. 2019-02-05 10:02:17 -07:00
Todd C. Miller
04d1f56d90 Use struct timespec, not struct timeval in the event subsystem. 
Use ppoll() or pselect() if avaialble which use timespec.
 2018-08-25 21:02:05 -06:00