isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,579 Commits 1 Branch 0 Tags
c7157ce0b13b032e73e4ea70e95f45bba4afd813
Commit Graph

207 Commits

Author SHA1 Message Date
Todd C. Miller
46e6955ba6 Eliminate some clang analyzer false positives. 2023-08-21 10:47:32 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
bbaf293912 Add sudoers_ctx_free() and use it for freeing struct sudoers context. 
This replaces sudoers_user_ctx_free() and sudoers_runas_ctx_free().
 2023-08-21 09:21:52 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
737354390c Pass in directory to check_user_runchroot() and check_user_runcwd(). 
This way we do not rely on the runas_ctx global.
 2023-08-14 13:25:13 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00
Todd C. Miller
392f0d61cb Make path_plugin_dir private to policy.c and add getter. 2023-08-13 17:05:00 -06:00
Todd C. Miller
217b7b46f3 Move list_pw global into struct runas_context. 2023-08-13 09:34:57 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
bd8cccb5dd Rename struct sudo_user -> struct sudo_user_context. 
Also rename the sudo_user global to user_ctx.
 2023-08-12 10:39:47 -06:00
Todd C. Miller
603148e7f2 Move sudoers parser callbacks to callbacks.c. 2023-08-10 15:49:30 -06:00
Todd C. Miller
0f2e5dae90 Use const pointers where possible in the display code. 2023-08-09 11:19:17 -06:00
Todd C. Miller
60eef27e6d Add verbose version of "sudo -l command" by using an extra -l. 
The output of "sudo -ll command" consists of the matching sudoers
rule (in long form) with the addition of a "Matched" entry that
shows the fully-qualfied path along with any arguments.
 2023-08-09 10:16:10 -06:00
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
d62d704e55 testsudoers: display when a password is required 2023-07-26 11:14:45 -06:00
Todd C. Miller
75256516bd testsudoers: add -L, -l and -v options. 
This makes it possible to test "sudo -l" and "sudo -v" using
testsudoers.
 2023-07-26 10:37:52 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
548e3e3125 testsudoers: avoid extern definitions where possible 2023-07-07 15:23:54 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
fd061e4d69 Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. 2023-07-04 16:24:48 -06:00
Todd C. Miller
04c7e910ef Fix up indentation. 2023-07-01 16:03:33 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Todd C. Miller
5fbf431c42 Fix a few memory leaks in the tests. 2023-06-30 19:08:04 -06:00
Todd C. Miller
ac9b6c94d9 Add test for runas_check_shell and check_user_shell() 2023-06-30 10:43:39 -06:00
Todd C. Miller
bdc8a7f35e testsudoers: add -D and -R options to set cwd and chroot like sudo 2023-06-30 10:43:37 -06:00
Todd C. Miller
689efe3cdd testsudoers: make lbuf private to dump_sudoers() 
It is no longer used directly in main.
 2023-06-29 20:17:22 -06:00
Todd C. Miller
260c2fb835 testsudoers: display "Parse error" if there was a parse error. 
Previously, we just printed "Command unmatched" which makes it
harder to see that an error occurred.
 2023-06-29 20:10:15 -06:00
Todd C. Miller
6a21aec0a6 testsudoers: use allowed/denied/unmatched instead of just matched/unmatched 
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
 2023-06-29 20:02:32 -06:00
Todd C. Miller
fd25bfc892 testsudoers: use sudoers_lookup() instead of a custom loop. 2023-06-29 17:31:55 -06:00
Todd C. Miller
41b82006de Merge pull request #278 from AtariDreams/types 
Avoid compiler casting warnings Part 2
 2023-06-29 12:26:07 -06:00
Todd C. Miller
2c1a473ddc testsudoers: add support for NOTBEFORE and NOTAFTER 
Also adds -T option to set the value of "now".
 2023-06-29 11:13:01 -06:00
Rose
22079c3072 Avoid compiler casting warnings Part 2 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-29 13:10:27 -04:00
Todd C. Miller
bde363e060 Rename parser_conf -> sudoers_conf in all but the parser itself. 2023-05-09 07:29:06 -06:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
bbbaea5b2f Rename init_parser_ext() to init_parser() and remove old wrapper. 
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
 2023-05-02 13:29:49 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
1bcddb9602 Stub out pivot_root() and unpivot_root() for all but the sudoers module. 2023-02-21 14:46:27 -07:00
Todd C. Miller
e707ffe58b Place C23 attributes before keywords in function declarations. 
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
 2022-12-01 12:54:53 -07:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00