isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,420 Commits 1 Branch 0 Tags
a08ea1b14d34d7e363bfa38528049c034b4c0620
Commit Graph

82 Commits

Author SHA1 Message Date
Todd C. Miller
a24f4b8248 Return PAM_CONV_ERR from the conversation function if getpass returns 
NULL or the user pressed ^C.
 2016-06-01 14:48:31 -06:00
Todd C. Miller
5e1084c08a Ignore PAM_SESSION_ERR from pam_open_session() since this can 
apparently happen on systems using Solaris-derived PAM.  Other
errors from pam_open_session() are treated as fatal.  This avoids
the "policy plugin failed session initialization" error message
seen on some systems.
 2016-05-25 08:33:57 -06:00
Todd C. Miller
90fdb6a316 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:33:28 -06:00
Todd C. Miller
4f46e07209 Avoid adding an extraneous warning string to sudoers.pot. 2016-05-12 10:33:32 -06:00
Todd C. Miller
b0be9895d9 Now that pam_open_session() failure is fatal we should print and log 
an error from it.  Bug #744
 2016-05-11 15:01:45 -06:00
Todd C. Miller
b2d1c457ce If the auth_type setting in /etc/security/login.cfg is set to 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
 2016-03-22 16:31:28 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
5dd7ac20e1 Log the number of PAM messages in the conversation function at debug 
level.
 2016-02-26 09:30:31 -07:00
Todd C. Miller
ab11cdde2c auth_getpass() returns a dynamically allocated copy of the plaintext 
password which needs to be freed after checking (and clearing) it.
 2016-01-27 15:36:50 -07:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
ea5ce39c92 When checking whether the PAM prompt matches "Password:", also check 
for the untranslated version.  The PAM module might not be using the
localized string even though it exists.  From Joel Pelaez Jorge.
Fixes Bug #701
 2015-06-25 09:12:15 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
1298ea9107 Add target for "make splint". A few files need extra guards to avoid 
errors on systems where they would not otherwise be compiled.
No warnings from splint.
 2015-05-21 11:07:13 -06:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
496c2e287b Add a space after "Password:" in default password prompt so it is 
easier to read when pwfeedback is enabled.
 2014-09-27 10:24:19 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
5086194c67 Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just 
pass back a return value.
 2014-04-30 16:57:12 -06:00
Todd C. Miller
e8bb08cc46 Use calloc() instead of malloc(n * s) followed by memset(). 
From Jean-Philippe Ouellet.
 2014-04-22 16:06:04 -06:00
Todd C. Miller
7d91691e1f Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when 
changing the user.  This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris.  From Gary Winiger; Bug #642
 2014-04-15 07:16:57 -06:00
Todd C. Miller
65c6f34aa4 If pam_open_session() fails don't call pam_getenvlist() with a NULL 
pam handle.
 2013-10-22 14:47:51 -06:00
Todd C. Miller
e54f11ae47 Fix comment. 2013-08-19 09:19:24 -06:00
Todd C. Miller
ebbdee421a Remove now-obsolete arg to env_merge() 2013-08-18 14:33:35 -06:00
Todd C. Miller
f72f47aa1d Call pam_getenvlist() after we've opened the session to get the 
session-specific environment variables.
 2013-08-17 06:22:46 -06:00
Todd C. Miller
91ec1c476c It is not possible for auth to be NULL here. 2013-08-15 15:22:50 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
6dff70db03 Go back to ignoring the return value of pam_setcred() since with 
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another.  If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2013-07-11 17:50:03 -04:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
1162b55040 Rename log_error() -> log_warning() for consistency with warning()/fatal() 2013-04-18 14:14:03 -04:00
Todd C. Miller
e9726e5974 Better PAM error messages 2013-04-11 09:09:53 -04:00
Todd C. Miller
9914cd8a76 Don't add the "Password: " string we look up in the PAM text domain 
to the sudoers.pot file.
 2013-04-09 09:40:36 -04:00
Todd C. Miller
1791721ef2 Only delete creds if we actually established them. 
Print an error if pam_setcred() fails and we actually authenticated.
 2013-03-07 16:17:44 -05:00
Todd C. Miller
9a4bd3cce4 Fix PAM compilation: def_pam_session, not just pam_session. 2013-02-28 08:38:06 -05:00
Todd C. Miller
59692ad282 Add pam_session sudoers option. 2013-02-24 06:15:37 -05:00
Todd C. Miller
1d7072fe09 Don't include <sys/param.h>. We only needed it for MAXPATHLEN, 
MAXHOSTNAMELEN and the MIN/MAX macros.  We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 2012-12-04 10:40:47 -05:00