isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,206 Commits 1 Branch 0 Tags
49e43f580c67609dfa123e35d2394a9af8d076ab
Commit Graph

2719 Commits

Author SHA1 Message Date
Robert Manner
91e6bf8ccd Makefile.in, configure.ac: add python plugin build 2019-12-14 12:55:42 -07:00
Robert Manner
d888d44594 plugins/python: make group plugin able to debug 
It does not get the debug settings, so it looks them up through
sudo_conf.
 2019-12-14 12:55:42 -07:00
Robert Manner
9b49d44e84 plugins/python: add a sudo python module 2019-12-14 12:55:42 -07:00
Robert Manner
a6bac23bab plugins/python: add ImportBlocker which forbids loading unsafe python modules 
If non root can alter any imported python modules, he is able to run
anything he would like to as root user.
This class is a helper to avoid such situation.

This feature can be disabled with 'DeveloperMode=1' plugin option.
 2019-12-14 12:55:42 -07:00
Robert Manner
babdcbd031 plugins/python: a plugin which can load policy/io plugin written in python 2019-12-14 12:55:42 -07:00
Robert Manner
311cf122e2 plugins/python: add sudo debug helpers 2019-12-14 12:55:42 -07:00
Robert Manner
c0d53d75eb src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
 2019-12-14 12:55:42 -07:00
Todd C. Miller
3ec23ad5e1 Minor style cleanups. 
Remove extraneous break after return statement.
Convert two old K&R function declarations.
 2019-12-13 19:27:38 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
9d737441f4 Fix event loop called via I/O log close function. 
We need to set events that were pending in the old base in the new one.
Fixes sending the final I/O log data and the ExitMessage to the server.
 2019-12-07 08:42:12 -07:00
Todd C. Miller
bf3b93f080 Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft(). 2019-12-07 08:42:09 -07:00
Todd C. Miller
9314072848 Add TLS libs when linking check_iolog_plugin 2019-12-07 08:38:08 -07:00
Todd C. Miller
5711c1b497 Remove extraneous newlines in some sudo_warnx() calls. 2019-12-06 13:37:22 -07:00
Todd C. Miller
4b6de608c2 Only update the time stamp entry after the approval function has succeeded. 
Bug #910
 2019-12-04 12:38:22 -07:00
Todd C. Miller
7c782edf53 Only deregister the sudoers debug instance on last close. 
Reference count calls to sudoers_debug_register and only deregister
sudoers_debug_instance when refcnt reaches 0.
Fixes a problem where the debug system was deregistered when the
sudoers policy is closed even though the iolog plugin is active.
 2019-12-03 20:03:07 -07:00
Laszlo Orban
24cda2592a implement tls layer in iolog plugin 2019-11-28 15:58:56 +01:00
Laszlo Orban
a409d8f1fc process tls config options 2019-11-28 15:58:56 +01:00
Laszlo Orban
3ce51d40ce add audit server tls related configuration options to sudoers 2019-11-28 11:16:54 +01:00
Laszlo Orban
a9c2cf9272 optionally link sudoers with openssl libs 2019-11-28 11:07:05 +01:00
Todd C. Miller
333ea878e2 Add some missing files to "make clean" and "make distclean" 2019-11-25 13:28:58 -07:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00
Todd C. Miller
2143746370 Avoid NULL deref on an error path if calloc() fails. 
Coverity CID 205873
 2019-11-19 19:00:31 -07:00
Todd C. Miller
c7cac7c0e6 Sync with argument handling in group_plugin.c 2019-11-19 12:46:21 -07:00
Todd C. Miller
a3266edc27 If a group plugin has optional arguments, NULL terminate the vector. 
Otherwise, the plugin cannot determine the end of arguments.
The behavior now matches the plugin documentation.
 2019-11-19 10:30:22 -07:00
Todd C. Miller
d10220162d Don't touch the local iolog sequence file if we are logging remotely 2019-11-18 13:51:52 -07:00
Todd C. Miller
6c2821fe42 Plug a memory leak found by leak sanitizer 2019-11-18 11:50:25 -07:00
Todd C. Miller
3241b82a7e Make a shallow copy of user_env in I/O plugin in case it is reallocated. 
The policy plugin's session init function may reallocate the user
environment pointer.  Fixes a use after free when PAM is used.
 2019-11-18 10:29:11 -07:00
Todd C. Miller
f913249dd0 Rename "log_server" in sudoers to "log_servers" to match I/O plugin. 2019-11-18 09:39:03 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
71aed42f9e Do not warn about a missing /etc/environment file on Linux without PAM. 
Bug #907
 2019-11-06 09:55:14 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
655fdde22b We haven't needed -I$(top_srcdir) for a long time. 2019-11-02 12:00:04 -06:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
5a1e5e9fae regen 2019-10-24 20:04:33 -06:00
Todd C. Miller
ee91b7360b Simplify expand_iolog_path() 2019-10-24 20:04:33 -06:00
Todd C. Miller
13e3eaad5f Simplify iolog_set_user and iolog_set_group 2019-10-24 20:04:33 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
aaf5d0dc6e Read logsrvd.conf in two steps: first read, then apply if OK. 
This fixes a problem where when logsrvd.conf was reloaded while
running (due to SIGHUP) and there was an error we could end up with
a partial config.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
7ba7c5835e Enable sudo_logsrvd.conf settings. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e0c9a9dfa3 Move mkdir_parents to libsudo_util. 2019-10-24 20:04:31 -06:00
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
0375eaca58 regen 2019-10-21 19:55:08 -06:00