isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,241 Commits 1 Branch 0 Tags
cccefb962b76505fd9916e39c3ae7108b09c0bcc
Commit Graph

11241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
476f00b82f Emulate closefrom() on macOS using proc_pidinfo(). 
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in OpenSSH by likan_999.student AT sina.com
 2021-09-27 13:44:41 -06:00
Todd C. Miller
73e9256f9d Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure. 
FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
This is only used to present the user with a more appropriate error
message.
 2021-09-26 08:05:08 -06:00
Todd C. Miller
1d203c8344 Fix typo in last commit, use boolean AND not bitwise. 2021-09-24 10:57:12 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option. 
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
 2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers. 
These are based on the code in testsudoers.
 2021-09-23 19:18:25 -06:00
Todd C. Miller
a7367ce47d Move cppcheck suppression annotation to where it needs to be. 2021-09-22 15:51:45 -06:00
Todd C. Miller
99655f28de format string fix: print signal number as unsigned. 
Quiets a cppcheck warning; mksiglist.c already has this fixed.
 2021-09-22 11:23:41 -06:00
Todd C. Miller
86df86ed94 Fix memory leak on error path if snprintf() overflows. 
Coverity CID 188804
 2021-09-22 11:17:55 -06:00
Todd C. Miller
b9b8451830 Avoid reinitializing other auth methods. 2021-09-21 20:05:35 -06:00
Todd C. Miller
4a49f16967 expand_include: add bounds checking when expanding %h escape. 2021-09-21 19:33:51 -06:00
Todd C. Miller
dc90df8de5 Check snprintf() return values even if we preallocated the correct amount. 
There are no remaining unchecked snprintf() that can actually overflow.
 2021-09-21 19:13:35 -06:00
Todd C. Miller
23d04dde24 iolog_nextid(): make iolog_dir argument const. 
We make a copy of the directory so there's no real reason that
parameter can't be const.
 2021-09-21 19:09:21 -06:00
Todd C. Miller
0f2252f898 Amend truncation fix, the real problem was the size passed to snprintf(). 
sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to add one to the length.
 2021-09-21 19:01:22 -06:00
Todd C. Miller
e23874d0fa Fix truncation of the last char of the sudoRole cn passed to append_default(). 
This string is primarily used for warning messages.
Also check the snprintf() return value to avoid silent truncation.
GitHub issue #115
 2021-09-21 12:49:18 -06:00
Todd C. Miller
4fef09e1c2 Sudo 1.9.8p2 2021-09-20 18:40:48 -06:00
Todd C. Miller
0340a9056e Standardize on "front-end" not "front end" in the man pages. 2021-09-20 16:01:08 -06:00
Todd C. Miller
a036cb0252 fix typo 2021-09-20 15:59:47 -06:00
Todd C. Miller
a78d3cc25d Reuse existing journal file for an accepted/rejected sub-command. 
Otherwise we end up with zero-length files in the incoming queue
dir and may end up relaying one of those instead of the actual
journal file.
 2021-09-20 15:33:10 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
5421c61828 Add intercept_cleanup() stub for when building w/o intercept support. 2021-09-20 09:01:05 -06:00
Todd C. Miller
a8c4d9800b Add intercept_cleanup() to free the closure used by intercept_accept_cb(). 2021-09-20 08:50:42 -06:00
Todd C. Miller
328bc282e0 Don't re-initialize PAM for sub-commands. 2021-09-20 08:14:28 -06:00
Todd C. Miller
8cc7e4bb5e sudo_logsrvd: only send log ID for first command of a session 
There is no need to send the log ID for each sub-command.
 2021-09-20 07:57:31 -06:00
Todd C. Miller
0eb677b74a Only store the first log id received from the server. 
Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-commands.
 2021-09-20 07:49:31 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00
Todd C. Miller
0ea561ca6a Limit paths for command, cwd and chroot to PATH_MAX bytes. 
This helps prevent the fuzzer from going off the rails.
 2021-09-19 18:13:43 -06:00
Todd C. Miller
7ab66eb3a8 sudo -i: missing NULL terminator when moving argv to make room for --login 
Fixes a potential crash for "sudo -i" when the target user has bash
as the shell (which needs the --login option).  Bug #998.
 2021-09-19 13:58:56 -06:00
Todd C. Miller
518bc1b25f Only append argv[] to the log line if argv[0] is not NULL. 
It should not be possible to reach this point with a command defined
but argv[] empty but it doesn't hurt to check.
 2021-09-19 13:56:56 -06:00
Todd C. Miller
613468e4d2 Only warn about an undefined alias or a cycle a single time. 
There's no point in warning about the same problem multiple times.
This implementation assumes a small number of warnings and so just
uses a simple listed link.
 2021-09-18 13:41:51 -06:00
Todd C. Miller
1d2512ae10 Remove now-unused CHECK_INTERCEPT variable. 2021-09-18 13:38:55 -06:00
Todd C. Miller
d9e8c852ba Quiet pvs-studio false positive: V557 Array overrun is possible. 
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
 2021-09-18 09:51:32 -06:00
Todd C. Miller
292916f43c Test that digest matching works with LDAP sudoCommand: ALL 2021-09-17 20:41:34 -06:00
Todd C. Miller
702746f96b Allow a digest to be specified with the "ALL" command for ldap/sssd back-ends. 
This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was made for ldap/sssd.
 2021-09-17 15:29:00 -06:00
Todd C. Miller
49bf0cc84b Use localtime_r() not gmtime_r() when formatting the local time. 
This is consistent with how sudo formatted time stamps prior to
the logging code being split off into libeventlog.
We only need to use gmtime_r() for ISO 8601 time.
 2021-09-17 14:01:29 -06:00
Todd C. Miller
55171df5e5 Check strftime(3) return value in all cases. 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
 2021-09-17 14:01:28 -06:00
Todd C. Miller
698481492c Standardize on "front-end" not "front end" in the man pages. 2021-09-17 10:55:06 -06:00
Todd C. Miller
7c550c5d10 Plugin lines are for approval and audit plugins too. 2021-09-17 10:55:06 -06:00
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
46d71c4360 Store milliseconds in the debug file timestamp. 
Sometime second granularity is not enough.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
78eb240642 When using pkg-config, don't assume the names of the ssl and crypto libs. 
On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting with the system libs.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4289e9609d Teach mkdep.pl about --tag=disable-static in LTFLAGS. 
If static objs are disabled we need to add explicit dependencies for
.o files.  The OpenBSD libtool doesn't use a pic object file when
linking executables so we need to build the non-pic objects too.
 2021-09-13 09:33:17 -06:00
Todd C. Miller
229dfe175d Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. 
The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
binaries will run (not just link).
 2021-09-13 09:33:12 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
052391da9c Add --enable-openssl-pkgconfig-template option. 
This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also libcrypto).
 2021-09-13 09:33:09 -06:00
Todd C. Miller
ecc3aeffc6 Some POSIX yacc fixes for bison 3.8 
yyerror() must be extern void
declare tokens with type instead of using separate %type lines
 2021-09-13 09:33:07 -06:00
Todd C. Miller
18613eee22 mkpkg: limit the number of cores used to 16 2021-09-17 09:10:27 -06:00
Todd C. Miller
cf225d2f10 Add a test to exercise Bug #994 2021-09-17 09:10:27 -06:00
Todd C. Miller
2445576e9b fix typo 2021-09-16 13:49:32 -06:00