isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,206 Commits 1 Branch 0 Tags
49e43f580c67609dfa123e35d2394a9af8d076ab
Commit Graph

106 Commits

Author SHA1 Message Date
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
9b8cb1a57a Do not try to delete creds we did not set. 
If pam_setcred() fails when opening the PAM session, we don't want
to call it with PAM_DELETE_CRED when closing the session.
 2020-04-02 09:32:41 -06:00
Todd C. Miller
ec3fdd3aa8 Add a force flag to sudo_auth_cleanup() to force immediate cleanup. 
This is used for PAM authentication to make sure pam_end() is called
via sudo_auth_cleanup() when the user authenticates successfully but
sudoers denies the command.  Debian bug #669687
 2020-04-01 14:41:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
5138ed9bec Add sudo_pam_strerror(), like pam_strerror() but never returns NULL. 
It also uses strerror(errno) for PAM_SYSTEM_ERR.
 2019-08-29 17:30:13 -06:00
Todd C. Miller
60862b4d07 If pam_start() fails, display the PAM error using pam_strerror(). 
It is legal to pass pam_strerror() a NULL handle.
 2019-08-29 08:31:21 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication. 
This prevents the password and PAM prompts from being redirected.
Bug #895
 2019-08-26 19:30:11 -06:00
Todd C. Miller
30a5ee9c5d Remove second catopen() which is never called. 2019-05-06 10:04:07 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
96ac6adae5 Filter out last login messages on HP-UX unless running a shell. 
HP-UX in trusted mode will display last login messages as part of
the PAM account management module by libpam_comsec.  There is no
way to suppress these messages from the PAM configuration in trusted
mode so we need to filter them in the conversation function.  In
regular mode, similar (but different) messages may be produced by
libpam_hpsec.
 2019-04-28 07:26:45 -06:00
Todd C. Miller
f0910c01da Restrict the PAM_TTY kludge to Solaris and Linux-PAM. 
Setting PAM_TTY to the empty string causes problems with some modules
on HP-UX so restrict it to systems where it is fixes known issues.
 2019-04-08 08:50:03 -06:00
Todd C. Miller
e2675d8f1e Use PAM_SILENT to prevent pam_lastlog from printing last login 
information on RedHat except when explicitly running a shell.
Adapted from a patch from Nir Soffer.  Bug #867
 2019-01-07 09:50:40 -07:00
Todd C. Miller
5242773489 In sudo_pam_approval(), for the exempt case, only overwrite pam 
status when the passwd is expired or needs to be updated.
 2018-12-08 08:10:04 -07:00
Todd C. Miller
4125808a85 The fix for bug #843 was incomplete and caused pam_end() to be called early. 
sudo_pam_approval() must not set the global pam status to an error
value if it returns AUTH_SUCCESS.  Otherwise, sudo_pam_cleanup()
will call pam_end() before sudo_pam_begin_session().  This resulted
in a NULL PAM handle being used in sudo_pam_begin_session().
 2018-12-07 09:51:34 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
394524fd5d Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from 
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843
 2018-07-26 12:31:29 -06:00
Todd C. Miller
4c0c225062 Store passwd_timeout and timestamp_timeout as a struct timespec 
instead of as a float.  Remove timeout argument to auth_getpass()
as it was never used.
 2018-01-22 12:18:48 -07:00
Todd C. Miller
594c2d4efd Add an approval function to the sudo auth API which is run after 
the user's password has been verified.  The approval function is
run even if no password is required.  This is currently only used
for PAM (use pam_acct_mgmt) and BSD auth (auth_approval).
 2018-01-16 10:27:58 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
8e021c39fa Fix a logic error in 96651906de42 which prevented sudo from using 
the PAM-supplied prompt.  Bug #799
 2017-09-05 09:30:19 -06:00
Todd C. Miller
43cbcbc24d When deciding which prompt to use (PAM's or sudo's) treat the PAM 
prompt "username's Password:" as equivalent to "Password:".
Some PAM modules (on AIX at least) use this prompt.
 2017-07-20 16:06:47 -06:00
Todd C. Miller
a24f4b8248 Return PAM_CONV_ERR from the conversation function if getpass returns 
NULL or the user pressed ^C.
 2016-06-01 14:48:31 -06:00
Todd C. Miller
5e1084c08a Ignore PAM_SESSION_ERR from pam_open_session() since this can 
apparently happen on systems using Solaris-derived PAM.  Other
errors from pam_open_session() are treated as fatal.  This avoids
the "policy plugin failed session initialization" error message
seen on some systems.
 2016-05-25 08:33:57 -06:00
Todd C. Miller
90fdb6a316 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:33:28 -06:00
Todd C. Miller
4f46e07209 Avoid adding an extraneous warning string to sudoers.pot. 2016-05-12 10:33:32 -06:00
Todd C. Miller
b0be9895d9 Now that pam_open_session() failure is fatal we should print and log 
an error from it.  Bug #744
 2016-05-11 15:01:45 -06:00
Todd C. Miller
b2d1c457ce If the auth_type setting in /etc/security/login.cfg is set to 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
 2016-03-22 16:31:28 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
5dd7ac20e1 Log the number of PAM messages in the conversation function at debug 
level.
 2016-02-26 09:30:31 -07:00
Todd C. Miller
ab11cdde2c auth_getpass() returns a dynamically allocated copy of the plaintext 
password which needs to be freed after checking (and clearing) it.
 2016-01-27 15:36:50 -07:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
ea5ce39c92 When checking whether the PAM prompt matches "Password:", also check 
for the untranslated version.  The PAM module might not be using the
localized string even though it exists.  From Joel Pelaez Jorge.
Fixes Bug #701
 2015-06-25 09:12:15 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
1298ea9107 Add target for "make splint". A few files need extra guards to avoid 
errors on systems where they would not otherwise be compiled.
No warnings from splint.
 2015-05-21 11:07:13 -06:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
496c2e287b Add a space after "Password:" in default password prompt so it is 
easier to read when pwfeedback is enabled.
 2014-09-27 10:24:19 -06:00