isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

211 Commits

Author SHA1 Message Date
Todd C. Miller
958066eddb Update comment to match reality. 2021-05-24 13:10:53 -06:00
Alexandru Ardelean
058fde9251 plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS 
Since this flag isn't set, the sudo_mode variable gets invalidated and
running the 'sudo' command seems to error out with message
'sudoers_policy_check: invalid mode flags from sudo front end: 0x80001"'
 2021-03-15 09:18:11 -06:00
Todd C. Miller
f86c11c4a1 Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command". 2021-02-28 08:55:18 -07:00
Todd C. Miller
65b598602b Only add command_info to garbage collector on successful return. 
Otherwise it will be freed on failure.
 2021-02-25 19:48:46 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
df91e15b82 In sudoers_policy_close() call sudoers_cleanup() instead of sudo_user_free(). 
If we didn't call sudoers_policy_main() due to an early error there
may be more things to clean up.
 2021-02-16 10:37:04 -07:00
Todd C. Miller
ecdf732adc Check for invalid flag combinations from front-end for all cases. 
The checks are now performed in the check_policy, list, validate
and invalidate functions instead of as part of the open function.
We can't perform the checks in open because we don't yet know what
operation is going to be performed.
 2021-02-16 09:33:39 -07:00
Todd C. Miller
ae3a098d2f Always dynamically allocate user_cmnd, it is freed in sudo_user_free(). 
Instead of setting user_cmnd in the policy functions, always set argv.
Calling sudoers_policy_main() with argc of 0 is no longer allowed.
 2021-02-16 09:32:34 -07:00
Todd C. Miller
c09169e812 No need for sudoers_cleanup() in sudoers_policy_invalidate(). 
The sudoers close() function is now called even for "sudo -k".
Also no need to set user_cmnd, it is not used in this code path.
 2021-02-16 08:26:49 -07:00
Todd C. Miller
52e3fcc795 Free struct sudo_user in sudoers_policy_close() and sudoers_cleanup(). 
Also, do not NULL out the close function if NO_LEAKS is defined.
 2021-02-15 08:29:47 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
7f0b269238 Do not include errno string for invalid params from front-end. 2021-02-14 07:48:58 -07:00
Todd C. Miller
561740cd54 Always dynamically allocate user_role, user_type, user_privs, user_limitprivs 2021-02-14 07:47:48 -07:00
Todd C. Miller
5c0454495c Remove dead code, front-end does not set runas_privs or runas_limitprivs 2021-02-14 07:39:41 -07:00
Todd C. Miller
e89a8133ac Reset sudoers path, owner and mode before parsing plugin arguments. 
This is only needed when calling sudoers_policy_deserialize_info()
more than once, which is true for the policy fuzzer.
 2021-02-12 21:15:36 -07:00
Todd C. Miller
ed79627699 Plug memory leak if there are duplicate user_info entries. 2021-02-12 19:04:37 -07:00
Todd C. Miller
e5ad88488d Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4. 
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is before struct sudo_user is setup.  This
adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
after the invoking user is determined.  Reported by Roman Fiedler.
 2021-01-29 05:42:34 -07:00
Todd C. Miller
c4d384082f Add sudoedit flag checks in plugin that are consistent with front-end. 
Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept consistent between the sudo front-end
and the sudoers plugin.
 2021-01-23 08:43:59 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
4551b19f6c The lower bounds for the "closefrom" option is 3, not 4. 
This is a regression introduced in sudo 1.8.9 with the strtonum()
conversion.  Bug #950.
 2020-12-16 18:22:40 -07:00
Todd C. Miller
63739dd326 Store the user-provided runas user and group name in struct sudo_user. 
This makes it available for event logging in case the name doesn't resolve.
 2020-12-05 09:05:42 -07:00
Todd C. Miller
7d0b19d2a0 Don't free the private copy of the environment until the close function. 
We may need to use it when logging from the audit reject function.
 2020-11-17 13:44:32 -07:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
a5a5cc7f85 sudoers_policy_store() -> sudoers_policy_store_result() 2020-10-16 05:56:03 -06:00
Todd C. Miller
bf9d208662 Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). 
It is called even when there is no command to execute.
Also pass in status of whether or not the command was accepted.
 2020-10-14 06:33:35 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
226307591c Log the runcwd not submitcwd in the sudo-style log file. 
The log entry should reflect the working directory the command
actually ran in.
 2020-09-02 11:23:26 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
a5a7215936 Track whether the session was opened in sudoers. 
In sudoers_policy_close() only warn about being unable to run the
command if we actually opened the session (and thus passed all
approval plugins).
 2020-06-04 13:34:20 -06:00
Todd C. Miller
b519481912 Defer logging of the successful command until approval plugins have run. 
This adds audit plugin support to the sudoers module, currently
only used for accept events.  As a result, the sudoers file is now
initially parsed as an audit plugin.
 2020-06-02 09:07:46 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
8186b98208 Adapt sudoers iolog client to log server dual port changes. 
The TLS handshake now occurs before the ServerHello message is read.
This fixes potential man-in-the-middle attacks and works better with
TLS 1.3.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
ae7bb12335 Free passwd and group caches in I/O plugin after log_warning(), not before. 
The logging functions may try to use the cache via set_perms(PERM_ROOT).
 2020-04-17 15:07:25 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
390ace9253 Only set errstr for plugin API version 1.15 and above. 2020-03-16 14:26:56 -06:00
Todd C. Miller
f6a264e719 Avoid calling sudoers_policy_exec_setup() on error. 
We only want to pass the execution environment back for commands
that are accepted or rejected.
Also avoid potentially freeing the wrong pointer when garbage
collection is enabled.
 2020-02-24 19:59:44 -07:00
Todd C. Miller
c2faa9e6ef Add runas_user and runas_group (if set) to command_info for audit plugin. 
Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.
 2020-02-05 10:53:50 -07:00
Todd C. Miller
45e589d443 Pass back a failure or error string to the front end. 
The audit_failure() function now stores the failure string.
This will allow an audit plugin to log the reason if the user's
request is a rejected.
 2020-01-30 13:25:36 -07:00
Laszlo Orban
6f3f45aa24 sudoers: disable SO_KEEPALIVE socket option based on log_server_disable_keepalive flag in sudoers 2020-01-22 10:52:18 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Laszlo Orban
a409d8f1fc process tls config options 2019-11-28 15:58:56 +01:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00
Todd C. Miller
f913249dd0 Rename "log_server" in sudoers to "log_servers" to match I/O plugin. 2019-11-18 09:39:03 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00