isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,949 Commits 1 Branch 0 Tags
99f99e8a56dff9dac67a3d24dec5320fb594f33e
Commit Graph

9949 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Manner
99f99e8a56 plugins/python/sudo_python_module.c: fix options_as_dict if no equal sign 
The intented behaviour was that those get skipped, but the PyList_GetItem
sets the interpreter into error state, so python has raised exception.
 2020-02-10 05:24:16 -07:00
Robert Manner
21c02e1732 plugins/python/sudo_python_module.c: use IntEnums instead of constants 
It is a bit more code, but it is more "pythonic" and easier to debug
as the enum values also know their names.

It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as sudo.RC will
be the "type" of the enum, but I guess that is acceptable before the
initial release.
 2020-02-10 05:24:16 -07:00
Robert Manner
67ab6fd5d6 plugins/python/python_plugin_policy: add missing debug return 2020-02-10 05:24:16 -07:00
Robert Manner
62524416eb plugins/python/pyhelpers: add helpers for attribute handling 
to simplify code a bit.
 2020-02-10 05:24:16 -07:00
Robert Manner
4110800c14 plugins/python/example_io_plugin: close the file at destroy 
to avoid warning of debug python build.
 2020-02-10 05:24:16 -07:00
Robert Manner
a3a7630ff4 plugins/python: memleak fixes in test 
The main problem was that string array objects were constructed
differently:
- if constructed by the test, then the elements were constant
- if constructed by the plugin, then the elements were allocated

Modified it so that now each array contains allocated strings so
they can be handled similarly. For freeing, I have used the
str_array_free function from the plugin, so I have linked its object
into the test runner.

Happy path is now free of "definitely lost" memleaks, so the test
can be used for valgrind.
 2020-02-10 05:24:16 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
c5afbf00fc Mark main sudo usage() function __noreturn__. 
This splits the usage printing out into display_usage().
 2020-02-08 12:17:33 -07:00
Todd C. Miller
c92f39ed3d Use json functions from libsudo_util in cvtsudoers. 2020-02-08 09:11:02 -07:00
Todd C. Miller
d25ce46c56 Check localtime() return value; coverity CID 208156 2020-02-07 13:58:31 -07:00
Todd C. Miller
a75992897c Check fseeko() return value; coverity CID 207993 2020-02-07 13:24:11 -07:00
Todd C. Miller
630fc9b17b Make restart and elapsed members of the closure structs not pointers. 
Fixes coverity CID 207992
 2020-02-07 13:12:38 -07:00
Todd C. Miller
9d5f066180 Check return value of sudo_lock_file(); coverity CID 207991 2020-02-07 12:59:52 -07:00
Todd C. Miller
589adfee2d Only keepalive if accept() succeeded; coverity CID 207990 2020-02-07 12:54:53 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
aa1ca9c9ba Add sample approval plugin that simply tests for "business hours" 2020-02-06 13:53:09 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
0972dafb1f Refactor code to alloc and insert a new plugin_container. 
The only outlier is the policy plugin which is not part of a list
since there can only be a single policy plugin.
 2020-02-06 12:49:15 -07:00
Todd C. Miller
ce21233fbe Tech audit_json about approval plugin accept/reject 2020-02-06 12:49:13 -07:00
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
404b28c4d0 Exported symbol is audit_json 2020-02-05 21:12:49 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
c2faa9e6ef Add runas_user and runas_group (if set) to command_info for audit plugin. 
Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.
 2020-02-05 10:53:50 -07:00
Todd C. Miller
d219c64635 Only enable pwfeedback when reading password from /dev/tty. 
This effectively disables pwfeedback when the -S or -A options are used.
 2020-02-05 10:53:49 -07:00
Laszlo Orban
0ca2d1427b fixed compiler error when sudo is configured without --enable-openssl 2020-02-03 06:09:47 -07:00
Todd C. Miller
cec6b1708a Regenerate .man.in files from .mdoc.in 2020-02-02 16:13:05 -07:00
Todd C. Miller
b35cc96f0e Update documentation for setbase when the given base is NULL. 2020-02-02 16:12:39 -07:00
Todd C. Miller
658702b6d4 For plugin events, set the sudo event base for setbase(NULL). 
This makes it possible for a plugin to change the event base
to a local one and then reset it back to its original value.
 2020-02-02 12:37:11 -07:00
Todd C. Miller
49e7e4ecd5 Don't display "error in event loop" on loop break reading ServerHello. 
We should already have displayed a more useful error message.
Otherwise, we can get two "error in event loop" warnings if
the TLS handshake fails (in addition to other error messages).
 2020-02-01 08:32:27 -07:00
Todd C. Miller
b9bea25592 Read ServerHello message synchronously before the command is executed. 
Otherwise, the command could be run before the TLS handshake completes.
 2020-01-31 19:48:27 -07:00
Laszlo Orban
1e5562df93 Refactor sudo_sendlog in order to be able to send one I/O log multiple times in parallel (for testing purposes) 2020-01-31 13:45:13 -07:00
Todd C. Miller
790f8bb629 Document audit plugin in the sudo_plugin manual. 2020-01-30 20:57:40 -07:00
Todd C. Miller
1b7dc82fee Change audit close arguments to a type and value. 
That way we can distinguish between different error types.
 2020-01-30 17:05:27 -07:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00
Todd C. Miller
a88a05c1eb Adapt python plugin to new plugin API changes 2020-01-30 13:25:38 -07:00
Todd C. Miller
45e589d443 Pass back a failure or error string to the front end. 
The audit_failure() function now stores the failure string.
This will allow an audit plugin to log the reason if the user's
request is a rejected.
 2020-01-30 13:25:36 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Todd C. Miller
88f9f2ba9a Add a simple API for writing JSON records. 
To be used by the upcoming JSON audit module.
 2020-01-30 13:12:25 -07:00
Todd C. Miller
ed294b8283 Add code to generate universally unique identifiers. 
We create type 4, variant 1 uuids (random).
 2020-01-30 13:12:25 -07:00
Todd C. Miller
dc45c4d4ea Add tests for arc4random_buf() and an implementation for those without. 2020-01-30 13:12:25 -07:00
Todd C. Miller
df2e3f7c7f Sudo 1.8.31 changes. 2020-01-29 20:26:32 -07:00
Todd C. Miller
fa8ffeb175 Fix a buffer overflow when pwfeedback is enabled and input is a not a tty. 
In getln() if the user enters ^U (erase line) and the write(2) fails,
the remaining buffer size is reset but the current pointer is not.
While here, fix an incorrect break for erase when write(2) fails.
Also disable pwfeedback when input is not a tty as it cannot work.
CVE-2019-18634
Credit: Joe Vennix from Apple Information Security.
 2020-01-29 20:15:21 -07:00
Todd C. Miller
0fcb647160 Check for presence of fseeko() regardless of utmp type. 2020-01-28 13:00:54 -07:00
Todd C. Miller
604945f93e Fix warning about unresolved host name with "sudo -l -h hostname". 
The resolve_host() function returns 0 on success, not bool.
 2020-01-28 13:00:54 -07:00
Todd C. Miller
4e87e1a97b Fix typo in a test: python_policy->close not python_io->close 2020-01-28 13:00:33 -07:00
Robert Manner
f268e851d7 plugins/sudo_python_module: Fix double free in sudo.options_as_dict function 
PyArg_ParseTuple sets the py_config_tuple pointer, but it does not
increment the reference count, so by decrementing, we end up freeing
the argument passed in.
 2020-01-28 07:20:44 -07:00
Todd C. Miller
9d69c4a022 Allow getentropy.c to compile when MAP_ANON is unavailable. 2020-01-28 06:59:16 -07:00
Todd C. Miller
13cc65038f Remove multi-thread support from arc4random. 
Sudo is not multi-threaded so we don't need the added complexity.
 2020-01-28 06:41:42 -07:00
Todd C. Miller
aa7ea419f0 Backed out changeset 9dce3ebb2c37 
MAP_SGI_ANYADDR cannot be used in place of MAP_ANON
 2020-01-28 05:49:41 -07:00