isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,027 Commits 1 Branch 0 Tags
49f2d67070b51f6b72f8189b53abe9de6e2c727b
Commit Graph

144 Commits

Author SHA1 Message Date
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
53a95e3a50 Always allocate a struct sudo_command for the command, even for ALL. 
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
 2021-08-18 09:12:19 -06:00
Todd C. Miller
10d3d69aa1 Pass a struct to the match functions to track the resolved command. 
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
 2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
e99082e05b Fix special handling of ipa_hostname that was lost in sudo 1.8.24. 
We now include the long and short hostname in sudo parser container.
 2019-08-15 14:20:12 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
36d4373403 Split command match code out into match_command.c. 
Also remove unused SUDOERS_NAME_MATCH code.
 2019-02-18 11:35:52 -07:00
Todd C. Miller
a04409747c Split out digest matching into its own file. 2019-02-17 06:47:37 -07:00
Todd C. Miller
bc25915050 Add stub definition of digest_matches() for SUDOERS_NAME_MATCH 2019-02-06 13:12:33 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
cfa4879dbd Fix memory leak in runaslist_matches(). 2018-10-31 10:03:02 -06:00
Todd C. Miller
391ed95f50 Allow the group set by "sudo -g" to be any of the target user's groups. 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
 2018-10-27 06:37:34 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
c2d93b8c97 Simplify the logic surrounding sudoers_args in command_args_match(). 
We only need to check that sudoers_args is non-NULL once.
Found by PVS-Studio.
 2018-10-18 14:24:55 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
154a5f59a9 Move digest code into libutil 2018-05-24 21:04:07 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00
Todd C. Miller
4a3aa5f6e6 Add debug warning if lseek() fails (should not be possible). 2018-05-11 07:51:43 -06:00
Todd C. Miller
7b1e78d6df Fix swapped args of lseek() when rewinding. This didn't cause a 
problem because the value of SEEK_SET is 0.
 2018-05-11 07:45:22 -06:00
Todd C. Miller
a18e811485 O_EXEC for fexecve() not O_SEARCH. 2018-04-25 14:55:55 -06:00
Todd C. Miller
cfdae3a4fd Move the check for /dev/fd/N until *after* the digest has been 
checked.  We still need to be able to check the digest even if there
is no /dev/fd/N or fexecve().
 2018-04-24 07:21:08 -06:00
Todd C. Miller
64c78a61cb Rewind the fd after calling sudo_filedigest(). Otherwise, when 
running a script via fexecve(), the interpreter may get EOF when
reading /dev/fd/N.  This only appears to affect BSD systems with
fdescfs.  Bug #831.
 2018-04-23 20:43:04 -06:00
Todd C. Miller
6e22da3412 In open_cmnd(), return true, not false, if we the /dev/fd/N pathname 
is not present.  We don't want to fail a match because of this.
 2018-04-23 14:42:35 -06:00
Todd C. Miller
def2e761e3 We can only use fexecve() on a script if /dev/fd/N exists. 
Some systems, such as FreeBSD, don't have /dev/fd mounted
by default.  Bug #831
 2018-04-23 10:54:51 -06:00
Todd C. Miller
1bfe03000d Prune alias contents when pruning and expanding aliases. 
This abuses the userlist_matches_filter() and hostlist_matches_filter()
functions.  A better approach would be to call the correct function
from user_matches() and host_matches().
 2018-04-15 08:14:46 -06:00
Todd C. Miller
7663ae7b27 Add option to prune non-matching entries from cvtsudoers output with -m 
option is used.
 2018-04-04 09:51:05 -06:00
Todd C. Miller
e26ef96a65 Add case_insensitive_group and case_insensitive_user sudoers options, 
which are enabled by default.
 2018-03-05 10:42:02 -07:00
Todd C. Miller
fff4acc1f7 Use a case-insensitive comparison when matching user and group names 
in sudoers with the passwd or group database.  This can be necessary
when users and groups are stored in AD or LDAP.
 2018-03-01 20:31:01 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
ba8f756695 Always set the close-on-exec bit on the fd used to generate the 
digest (i.e. the command to run) on systems that lack fexecve(2).
That way we don't need to explicitly close it using #ifdefs.
 2017-01-27 09:26:51 -07:00
Todd C. Miller
26b8dc11bf Fix fdexec=never when a digest is present. 2017-01-23 07:43:32 -08:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
5514ea6851 Add support for digest matching when the command is a glob-style 
pattern or a directory.  For example:

millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/
millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/*

would only match /bin/ls (assuming the digest matches).

Previously, only explicit path matches checked the digest.
 2017-01-21 16:43:46 -07:00
Todd C. Miller
1bccd14180 runas_pw can no longer be NULL 2016-09-19 06:08:00 -06:00
Todd C. Miller
b165a5ff71 Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding 
whether to check runas user/group instead of checking runas_pw or
runas_gr.
 2016-09-15 13:47:38 -06:00
Todd C. Miller
d2af18c1fa runas_pw can no longer be NULL here 2016-09-15 09:40:41 -06:00
Todd C. Miller
ef82f792a1 Update check for whether or not the runas user was set in the ldap 
and sssd backends to match the sudoers file backend.  Introduces
the runas_user_set() macro to improve readability.  Previously,
runas_pw was set late, now it is set before checking sudoers.
 2016-09-15 09:37:53 -06:00
Todd C. Miller
ca2a1f3109 Don't check the username when matching a host netgroup unless 
def_netgroup_tuple is enabled.
 2016-09-13 09:12:42 -06:00
Todd C. Miller
c73dec723c Move valid domain name check into a new valid_domain() function. 
Fix memory leak if getdomainname(2) fails and avoid using heap
garbage for the domain name matching in this case.
 2016-09-13 09:06:25 -06:00