isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,538 Commits 1 Branch 0 Tags
6842dd1bfdfba1a8833f4534e747d39f8e6e44e6
Commit Graph

182 Commits

Author SHA1 Message Date
Todd C. Miller
77f94f291a sudo_digest_getlen: return size_t, and 0 on error instead of -1 
This is an API change, sudo_digest_getlen_v1 remains for binary
compatibility.
 2023-08-07 08:43:13 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
97e574091a Avoid passing debug_return_size_t() a negative number. 2023-07-01 10:39:25 -06:00
Rose
6ea68d208e Regenerate toke.c using updated flex 
Use the current version of flex to generate toke.c
 2023-07-01 11:47:04 -04:00
Todd C. Miller
1278e36ff3 Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it unsigned. 
This makes the digest type consistently unsigned instead of a mix
of signed (for the -1 value in the tokenizer) and unsigned.
 2023-06-03 08:59:14 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
fb9d0d79a7 push_include_int: Avoid passing close(2) a negative value on error. 
Coverity CID 314108
 2023-05-08 14:18:56 -06:00
Todd C. Miller
f553ddc430 Make sudoers_file private to policy.c and visudo.c. 
We just need a way for the policy (and visudo) to override the
default sudoers path.  This adds a getter to be used in file.c when
sudoers is first opened.
 2023-05-02 10:47:47 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
738387aa4d Split push_include() into push_include() and push_includedir(). 
This moves the "isdir" function argument to the internal version.
 2023-03-20 13:01:02 -06:00
Todd C. Miller
0197491e9c Move handling of the "list" pseudo-command from lexer to parser. 
The special handling of "list" in the lexer meant it could not
be used as a user, group or host, which was unintentional.
GitHub issue #246.
 2023-02-28 08:47:45 -07:00
Todd C. Miller
8309fbb970 sudoers_trace_print: this is a no-op if not debugging 2023-01-04 10:44:58 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
3dc8497b48 Add additional PVS-studio suppression comments for generated code. 2022-07-08 10:53:00 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
4a49f16967 expand_include: add bounds checking when expanding %h escape. 2021-09-21 19:33:51 -06:00
Todd C. Miller
dc90df8de5 Check snprintf() return values even if we preallocated the correct amount. 
There are no remaining unchecked snprintf() that can actually overflow.
 2021-09-21 19:13:35 -06:00
Todd C. Miller
d9e8c852ba Quiet pvs-studio false positive: V557 Array overrun is possible. 
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
 2021-09-18 09:51:32 -06:00
Todd C. Miller
786e5865cb Add "intercept" Defaults setting to allow interception of sub-commands. 
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell.  Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
ac8f23ef9a Initialize the lbuf used by sudoers_trace_print() in init_lexer(). 
Free the old buffer if there is one, otherwise it would never be freed.
 2021-03-01 18:57:05 -07:00
Todd C. Miller
9937d08031 Distinguish between EOF and error using feof(3), not ferror(3). 
Our getdelim(3) emulation won't set the error flag if the error is
due to an allocation failure.  This explains the premature EOF
without error seen in Bug #960.
 2021-02-17 18:57:21 -07:00
Todd C. Miller
cbf73e19bb Portable workaround for getdelim(3) implementations modify buf on EOF. 
We should assume that the contents of buf are undefined when getdelim(3)
returns -1.  We now peek ahead one char and skip the getdelim(3) call if
EOF is detected.  This will preserve the original value of the last line.
 2021-02-09 18:23:23 -07:00
Todd C. Miller
cf18011466 Some getdelim(3) implementations write a NUL to the buffer on EOF. 
AIX and Illumos appear to have this behavior.  We now preserve the
first character of the buffer on EOF to work around this.
Fixes reporting of syntax errors on the last line of a file.
 2021-02-09 09:06:17 -07:00
Todd C. Miller
04de04f544 The lexer now sets an error string before returning ERROR. 
The parser will use that when reporting on an ERROR state.  This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors.  It also means we
only get one error per sudoers line.
 2021-02-08 13:43:49 -07:00
Todd C. Miller
9325a342b5 Go back to storing the last error file/line in sudoerserrorf(). 
This is still the best way to avoid displaying more than one error
per line.
 2021-02-08 08:00:04 -07:00
Todd C. Miller
665f8d2e3e Only strip double quotes from an include path if len >= 2. 
Found locally using libfuzzer/oss-fuzz.
 2021-02-03 16:50:04 -07:00
Todd C. Miller
f5fc5d6417 If getdelim() returns a string with embedded NULs, truncate on first one. 
This should avoid some issues with the fuzzer.
 2021-02-03 15:13:18 -07:00
Todd C. Miller
10e37223b5 Reallocate the buffer correctly when appending a newline. 
Fixes a potential buffer overflow introduced in the last commit.
 2021-02-03 15:13:03 -07:00
Todd C. Miller
884b2fb86b Fix NUL termination when parsing a sudoers file with no ending newline. 
oss-fuzz issue #30252
 2021-02-03 13:49:21 -07:00
Todd C. Miller
077c9b0c74 sudoersrestart() does not reset state to INITIAL, do it in init_lexer(). 
Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
 2021-02-03 13:00:09 -07:00
Todd C. Miller
63a63680b6 Push lexer leak tracking down into check_fill.c. 
This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to be more readable.
 2021-02-03 12:57:04 -07:00
Todd C. Miller
f30670a42f Plug a few more parser leaks. 2021-02-01 19:56:52 -07:00
Todd C. Miller
9ed14870c6 Add garbage collection to the sudoers parser to clean up on error. 
This makes it possible to avoid memory leaks when there is a parse error.
 2021-02-01 15:06:20 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
772619b7ef Remove special case EOF handling; lines now always end in a newline. 
Previously we needed to emulate some of the state transitions that
happen at end-of-line at end-of-file as well.  Those are no longer
needed now that we are guaranteed to always have a newline at the end.
 2020-09-28 10:10:16 -06:00
Todd C. Miller
f984f49c38 Increment sudolinebuf.size after realloc(). 2020-09-27 21:31:44 -06:00
Todd C. Miller
e8747a33f8 Add a newline at end of line if one is missing. 
This is simpler than having to support entries that end at EOF too.
 2020-09-27 20:21:05 -06:00
Todd C. Miller
9bb91cb64b Fix handling of a command spec without a newline at the end. 
For include files, we may need to inject a newline token now that
the grammar requires lines to end with a newline or EOF.  There is
no END (EOF) token processed after popping off an include file since
everything is just treated as one big file.
 2020-09-27 10:05:35 -06:00
Todd C. Miller
0276a565e6 Mark sudoerserror() messages for translation. 2020-09-27 06:51:16 -06:00
Todd C. Miller
ddc1383838 Fix line number accounting when a string contains a newline. 
Strings are not allowed to span multiple lines without a continuation
character.  Also provide a better error message if we are in the
middle of a string and hit EOF.
 2020-09-27 06:47:19 -06:00
Todd C. Miller
7d20900616 Use sudoerschar (yychar) instead of last_token. 
The parser already provides a way to examing the last token processed,
we don't need to add our own.
 2020-09-26 06:39:57 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00