isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,579 Commits 1 Branch 0 Tags
c7157ce0b13b032e73e4ea70e95f45bba4afd813
Commit Graph

479 Commits

Author SHA1 Message Date
Todd C. Miller
c7157ce0b1 Move a few fields from sudoers_user_contect to sudoers_context. 
They are not really specific to the user or user-specified.
 2023-08-21 15:30:12 -06:00
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
837da1bef0 Move NewArgv, NewArgc and saved_argv into struct sudoers_context. 2023-08-21 09:22:24 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
217b7b46f3 Move list_pw global into struct runas_context. 2023-08-13 09:34:57 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
930ca00252 Pass explicit struct passwd * to create_admin_success_flag(). 2023-08-12 10:39:49 -06:00
Todd C. Miller
30c49288f7 Make sudoers_user_ctx_free() private to sudoers.c 2023-08-12 10:39:48 -06:00
Todd C. Miller
bd8cccb5dd Rename struct sudo_user -> struct sudo_user_context. 
Also rename the sudo_user global to user_ctx.
 2023-08-12 10:39:47 -06:00
Todd C. Miller
603148e7f2 Move sudoers parser callbacks to callbacks.c. 2023-08-10 15:49:30 -06:00
Todd C. Miller
0f2e5dae90 Use const pointers where possible in the display code. 2023-08-09 11:19:17 -06:00
Todd C. Miller
60eef27e6d Add verbose version of "sudo -l command" by using an extra -l. 
The output of "sudo -ll command" consists of the matching sudoers
rule (in long form) with the addition of a "Matched" entry that
shows the fully-qualfied path along with any arguments.
 2023-08-09 10:16:10 -06:00
Todd C. Miller
e178b85821 Store the source of the matching rule and store in the event log. 
The JSON logs will store the matching rule source.
 2023-08-08 09:57:09 -06:00
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
fa66c16689 sudoers_check_common: MODE_PRESERVE_ENV is not valid with MODE_CHECK. 
We should only check for MODE_PRESERVE_ENV when running a command.
 2023-07-17 10:52:23 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
0205f6fc75 sudoers_check_common: remove extraneous return statement. 2023-07-07 14:54:10 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
e025cca440 Add callbacks to sudoers_lookup() so we can use it in testsudoers. 
Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
 2023-06-29 17:30:39 -06:00
Todd C. Miller
1c7a20d744 check_user_runcwd: only allow sudo's -D option if sudoers specifies a runcwd. 
Previously, the user could specify the runas user's home dir for
"sudo -i" or the user's existing cwd when -i is not specified.
This behavior was never documented and is inconsistent with how
the -R option is handled.
 2023-06-29 11:24:04 -06:00
Todd C. Miller
e7d4c05ace check_user_runcwd: allow -D option if it matches the cwd in sudoers 
Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if sudoers specified a different one.
The user-specified runcwd was ignored but it is better to error out
in this case.  It is now also possible to use "sudo -D" with the
directory specified in sudoers.
 2023-06-28 09:59:33 -06:00
Todd C. Miller
01ff7c476d parse.h is already included by sudoers.h. 2023-05-09 13:44:16 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
c0fa3a4d24 Rename force_umask to override_umask and make it private to sudoers.c. 
Add getter for policy.c.
 2023-05-04 13:46:20 -06:00
Todd C. Miller
72489d7a83 Make timestamp_uid and timestamp_gid private to timestamp.c. 
Add getter (for set_perms.c) and setter (for sudoers.c).
 2023-05-04 13:08:23 -06:00
Todd C. Miller
f258a15df5 Add reset_parser() and use in place of init_parser(NULL). 2023-05-02 13:27:17 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
859a81ad24 Move the root_sudo check until after we apply per-command Defaults. 
It is possible, though unlikely, for "root_sudo" to be used in
a per-command Defaults statement.
 2023-04-05 13:25:32 -06:00
Todd C. Miller
ab4b947169 sudoers_policy_main: restore locale if sudoers_lookup() fails. 
Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
locale would still be in effect instead of the original locale.
 2023-04-01 10:22:07 -06:00
Todd C. Miller
ac12f82d86 Warn with "unknown user" not "unknown uid" if user cannot be resolved. 
Prior to sudo 1.8 this was after a getpwuid() but now we use
getpwnam().
 2023-03-29 14:49:41 -06:00
Todd C. Miller
ad890acf6c Set timestamp_uid and timestamp_gid via a callback. 
This also makes it possible to include the location of the line in
the sudoers file in the warning message (and mail).
 2023-03-29 14:37:09 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
c09aabecdc Plugin a memory leak in intercept mode. 2023-03-10 15:00:20 -07:00
Todd C. Miller
d9e9307d98 Fix "sudo -l command args", broken in sudo 1.9.13. 
The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior.  GitHub issue #249
 2023-03-03 11:12:18 -07:00
Todd C. Miller
fb6740fa2e Add sudoers open errors to the list of parse errors sent via mail. 
Previously there would be one email for the open failure and a
separate one describing the parse error.  Now a single email message
contains everything.
 2023-02-22 18:49:09 -07:00
Todd C. Miller
0ef5373678 Add canon_path(), a realpath() wrapper that performs caching. 
This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the command to be run.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00