isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

90 Commits

Author SHA1 Message Date
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
394524fd5d Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from 
pam_acct_mgmt() if authentication is disabled for the user.
Bug #843
 2018-07-26 12:31:29 -06:00
Todd C. Miller
4c0c225062 Store passwd_timeout and timestamp_timeout as a struct timespec 
instead of as a float.  Remove timeout argument to auth_getpass()
as it was never used.
 2018-01-22 12:18:48 -07:00
Todd C. Miller
594c2d4efd Add an approval function to the sudo auth API which is run after 
the user's password has been verified.  The approval function is
run even if no password is required.  This is currently only used
for PAM (use pam_acct_mgmt) and BSD auth (auth_approval).
 2018-01-16 10:27:58 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
8e021c39fa Fix a logic error in 96651906de42 which prevented sudo from using 
the PAM-supplied prompt.  Bug #799
 2017-09-05 09:30:19 -06:00
Todd C. Miller
43cbcbc24d When deciding which prompt to use (PAM's or sudo's) treat the PAM 
prompt "username's Password:" as equivalent to "Password:".
Some PAM modules (on AIX at least) use this prompt.
 2017-07-20 16:06:47 -06:00
Todd C. Miller
a24f4b8248 Return PAM_CONV_ERR from the conversation function if getpass returns 
NULL or the user pressed ^C.
 2016-06-01 14:48:31 -06:00
Todd C. Miller
5e1084c08a Ignore PAM_SESSION_ERR from pam_open_session() since this can 
apparently happen on systems using Solaris-derived PAM.  Other
errors from pam_open_session() are treated as fatal.  This avoids
the "policy plugin failed session initialization" error message
seen on some systems.
 2016-05-25 08:33:57 -06:00
Todd C. Miller
90fdb6a316 Do not write directly to stdout/stderr, use sudo_printf which calls 
the conversation function.
 2016-05-14 19:33:28 -06:00
Todd C. Miller
4f46e07209 Avoid adding an extraneous warning string to sudoers.pot. 2016-05-12 10:33:32 -06:00
Todd C. Miller
b0be9895d9 Now that pam_open_session() failure is fatal we should print and log 
an error from it.  Bug #744
 2016-05-11 15:01:45 -06:00
Todd C. Miller
b2d1c457ce If the auth_type setting in /etc/security/login.cfg is set to 
PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
Skip the auth_type check if sudo is not compiled with PAM support.
 2016-03-22 16:31:28 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
5dd7ac20e1 Log the number of PAM messages in the conversation function at debug 
level.
 2016-02-26 09:30:31 -07:00
Todd C. Miller
ab11cdde2c auth_getpass() returns a dynamically allocated copy of the plaintext 
password which needs to be freed after checking (and clearing) it.
 2016-01-27 15:36:50 -07:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
ea5ce39c92 When checking whether the PAM prompt matches "Password:", also check 
for the untranslated version.  The PAM module might not be using the
localized string even though it exists.  From Joel Pelaez Jorge.
Fixes Bug #701
 2015-06-25 09:12:15 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
d004b02fc6 Use non-exiting allocatings in the sudoers plugin. 2015-06-17 06:49:59 -06:00
Todd C. Miller
1298ea9107 Add target for "make splint". A few files need extra guards to avoid 
errors on systems where they would not otherwise be compiled.
No warnings from splint.
 2015-05-21 11:07:13 -06:00
Todd C. Miller
a604f0f02d Pam conversation function changes: 
o use PAM_BUF_ERR as the return value when calloc() fails.
 o sanity check the value of num_msg
 o remove the workaround for old Apple PAM
 o PAM_AUTH_ERR is not a valid PAM conversation function return value

If getpass_error is set after a call to pam_verify (usually because
the user pressed ^C), return AUTH_INTR immediately instead of
checking the pam_verify return value.
 2015-02-23 11:12:45 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
e9914a91b1 The sudoers plugin now defines its own list of debugging subsystem names 
and defines.
 2014-10-22 13:30:52 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
496c2e287b Add a space after "Password:" in default password prompt so it is 
easier to read when pwfeedback is enabled.
 2014-09-27 10:24:19 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
b0f1fa7d05 Rename log_warning flags and only send mail if SLOG_SEND_MAIL is 
set instead of mailing by default like we used to.
 2014-05-02 20:54:01 -06:00
Todd C. Miller
954a3e77b1 Add log_warningx 2014-05-02 16:40:30 -06:00
Todd C. Miller
5086194c67 Eliminate calls to fatal()/fatalx()/log_fatal() in env.c and just 
pass back a return value.
 2014-04-30 16:57:12 -06:00
Todd C. Miller
e8bb08cc46 Use calloc() instead of malloc(n * s) followed by memset(). 
From Jean-Philippe Ouellet.
 2014-04-22 16:06:04 -06:00
Todd C. Miller
7d91691e1f Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when 
changing the user.  This is the correct flag to use with
a program that changes the uid like su or sudo and fixes a
role problem on Solaris.  From Gary Winiger; Bug #642
 2014-04-15 07:16:57 -06:00
Todd C. Miller
65c6f34aa4 If pam_open_session() fails don't call pam_getenvlist() with a NULL 
pam handle.
 2013-10-22 14:47:51 -06:00
Todd C. Miller
e54f11ae47 Fix comment. 2013-08-19 09:19:24 -06:00
Todd C. Miller
ebbdee421a Remove now-obsolete arg to env_merge() 2013-08-18 14:33:35 -06:00
Todd C. Miller
f72f47aa1d Call pam_getenvlist() after we've opened the session to get the 
session-specific environment variables.
 2013-08-17 06:22:46 -06:00
Todd C. Miller
91ec1c476c It is not possible for auth to be NULL here. 2013-08-15 15:22:50 -06:00
Todd C. Miller
3898f5d7ff Add pam_setcred sudoers option to allow the user to control whether 
pam_setcred() is called on the user's behalf.
 2013-08-06 14:44:21 -06:00
Todd C. Miller
52954481e1 Add pam_service and pam_login_service sudoers settings to control 
the service name passed to pam_start.
 2013-08-06 11:01:36 -06:00
Todd C. Miller
1f3ea50afd Implement memset_s() and use it instead of zero_bytes(). 
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
 2013-08-03 08:30:06 -06:00
Todd C. Miller
6dff70db03 Go back to ignoring the return value of pam_setcred() since with 
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another.  If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2013-07-11 17:50:03 -04:00