isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

3430 Commits

Author SHA1 Message Date
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
fb9d0d79a7 push_include_int: Avoid passing close(2) a negative value on error. 
Coverity CID 314108
 2023-05-08 14:18:56 -06:00
Todd C. Miller
f722272b7c Eliminate dead store. Coverity CID 315032. 2023-05-08 14:15:48 -06:00
Todd C. Miller
c0fa3a4d24 Rename force_umask to override_umask and make it private to sudoers.c. 
Add getter for policy.c.
 2023-05-04 13:46:20 -06:00
Todd C. Miller
72489d7a83 Make timestamp_uid and timestamp_gid private to timestamp.c. 
Add getter (for set_perms.c) and setter (for sudoers.c).
 2023-05-04 13:08:23 -06:00
Todd C. Miller
d5de5890f5 Make login_style private to bsdauth.c 
Add a setter for policy.c to handle auth_type from the front-end.
 2023-05-04 13:06:09 -06:00
Rose
459a49b1fe Prefer size_t over int, as casting can take extra instructions 2023-05-03 15:18:05 -04:00
Todd C. Miller
bbbaea5b2f Rename init_parser_ext() to init_parser() and remove old wrapper. 
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
 2023-05-02 13:29:49 -06:00
Todd C. Miller
f258a15df5 Add reset_parser() and use in place of init_parser(NULL). 2023-05-02 13:27:17 -06:00
Todd C. Miller
80768ed3a8 Make path_ldap_conf and path_ldap_secret private to policy.c. 
Add getters for both so the ldap code can access them.
 2023-05-02 10:47:53 -06:00
Todd C. Miller
f553ddc430 Make sudoers_file private to policy.c and visudo.c. 
We just need a way for the policy (and visudo) to override the
default sudoers path.  This adds a getter to be used in file.c when
sudoers is first opened.
 2023-05-02 10:47:47 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
7a6ac5d26e Track the destination sudoers path for each parsed file. 
When adminconfdir is enabled, the destination pathh may be different
from the path we opened.  We always store an edited file in the
adminconfdir (if enabled).  This makes it possible to use visudo
when /etc/sudoers is located on a read-only file system.
 2023-05-02 10:45:56 -06:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it. 
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
 2023-05-02 10:37:39 -06:00
Todd C. Miller
9ad6dfa371 Substitute for _PATH_SUDO* variables in pathnames.h. 
Previously these were hard-coded with Makefile overrides.
 2023-02-08 16:47:18 -07:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
d1f2452c08 getaddrinfo stub: set sin_port 2023-04-26 16:27:34 -06:00
Todd C. Miller
2898c85119 Avoid NULL deref in stub getaddrinfo() when nodename is NULL. 
Also add support for parsing servname.  We only need to support a
subset of getaddrinfo() functionality in the fuzzer.
 2023-04-26 13:23:31 -06:00
Todd C. Miller
cc22cca34f Add an fd argument to sudo_get_ttysize() instead of always using stderr. 
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
 2023-04-16 15:45:19 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
859a81ad24 Move the root_sudo check until after we apply per-command Defaults. 
It is possible, though unlikely, for "root_sudo" to be used in
a per-command Defaults statement.
 2023-04-05 13:25:32 -06:00
Todd C. Miller
ab4b947169 sudoers_policy_main: restore locale if sudoers_lookup() fails. 
Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
locale would still be in effect instead of the original locale.
 2023-04-01 10:22:07 -06:00
Todd C. Miller
fb0a36c1a5 sudoers_lookup_pseudo: remove validated function argument 
This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction.  Make validated a local variables,
initialized to 0, instead.  No change in behavior.
 2023-04-01 10:17:31 -06:00
Todd C. Miller
0a4c8872a8 The I/O log file name is not just the basename of the full iolog_path. 
The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(iolog_path).  In the future we may wish
to pass in iolog_file and iolog_dir in addition to iolog_path.
Fixes Bug #1046.
 2023-03-31 15:51:14 -06:00
Todd C. Miller
ac12f82d86 Warn with "unknown user" not "unknown uid" if user cannot be resolved. 
Prior to sudo 1.8 this was after a getpwuid() but now we use
getpwnam().
 2023-03-29 14:49:41 -06:00
Todd C. Miller
ad890acf6c Set timestamp_uid and timestamp_gid via a callback. 
This also makes it possible to include the location of the line in
the sudoers file in the warning message (and mail).
 2023-03-29 14:37:09 -06:00
Todd C. Miller
a17491972b Quiet compiler warnings on systems where pid_t is not an int. 
Historically, pid_t was a long on some 32-bit systems like Solaris.
 2023-03-22 14:48:49 -06:00
Todd C. Miller
775059156f Silence "used uninitialized" false positives with older gcc versions. 2023-03-22 13:52:43 -06:00
Todd C. Miller
c64993a0b3 visudo: restore controlling terminal after running the editor. 
Otherwise, visudo will get SIGTTOU if it tries to write to the
terminal after the editor finishes.  Also avoid races by setting
the process group ID in both the parent and child, and grant the
controlling terminal in the parent, not the child.
 2023-03-21 09:22:53 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
738387aa4d Split push_include() into push_include() and push_includedir(). 
This moves the "isdir" function argument to the internal version.
 2023-03-20 13:01:02 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
1f19a6b72b Pass around const struct sudoers_parse_tree pointers where possible. 2023-03-17 13:31:36 -06:00
Todd C. Miller
70c533ec79 Move non-config-related macros to from sudo_ldap_conf.h to sudo_ldap.h. 2023-03-17 10:59:30 -06:00
Todd C. Miller
b965d222d8 sudo_ldap_netgroup_match_str: "-" in a netgroup can never match. 
We already check for a NULL value above so "str == NULL" is always
false.  Found by PVS-Studio.
 2023-03-15 10:06:04 -06:00
Todd C. Miller
d8e6396c55 Declare domain even if the system lacks innetgr(). 
Fixes a build error on musl-based systems like Alpine.
 2023-03-13 15:21:38 -06:00
Todd C. Miller
34933ef9d0 Remove unused sudoers_gc_init() function. 2023-03-11 08:06:54 -07:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
c09aabecdc Plugin a memory leak in intercept mode. 2023-03-10 15:00:20 -07:00
Todd C. Miller
33c385a78e Plug memory leak if ldap_get_option() fails with LDAP_NO_MEMORY. 2023-03-10 13:45:53 -07:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation. 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
 2023-03-10 10:05:33 -07:00
Todd C. Miller
554df8d934 Move some functions from ldap.c to ldap_util.c. 
These will be used by the LDAP innetgr() implementation.
 2023-03-10 10:02:36 -07:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
689022978c A user with "list" privs for root may not list all users. 
A user with "sudo ALL" for root _is_ allowed to list any user.
 2023-03-03 13:57:27 -07:00
Todd C. Miller
452d63d6c1 sudoers_policy_list: do not set runas_pw to list_pw when listing 
This change introduced in sudo 1.9.13 is not actually needed.  The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw.  GitHub issue #248
 2023-03-03 11:16:44 -07:00