isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,685 Commits 1 Branch 0 Tags
e3edd7a09a7b9bb33fceec15ce720f68f57811f0
Commit Graph

239 Commits

Author SHA1 Message Date
Todd C. Miller
e343e07543 Use #include <foo.h> instead of #include "foo.h" in most cases. 
We rely on the include path to find many of these headers.  It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
 2023-09-25 10:13:28 -06:00
Todd C. Miller
94b80e3ad4 Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED. 2023-09-19 15:16:30 -06:00
Todd C. Miller
a9801cc99d Parse euid and egid from sudo front-end. 
These are needed by bsm_audit.c.
 2023-09-13 12:43:39 -06:00
Todd C. Miller
38ddbb14f1 Parse pid and ppid from sudo front-end. 
We can now use the stored ppid in ts_init_key().
 2023-09-13 12:29:40 -06:00
Todd C. Miller
956de5cbbc sudoers_sethost: refactor code to set host names in sudoers_context. 
The sudoers_sethost() function can be shared by the sudoers plugin,
visudo, cvtsudoers and testsudoers.
 2023-09-02 15:25:58 -06:00
Todd C. Miller
75209e2718 Rename check.h -> timestamp.h and add remaining timestamp.c prototypes. 2023-08-29 11:16:23 -06:00
Todd C. Miller
3c05e748a4 Add ignore_perms plugin argument to skip the sudoers file security checks. 
This is not intended to be used in a production environment.
 2023-08-29 09:55:09 -06:00
Todd C. Miller
30fc288291 Move tty_present() into policy.c as sudoers_tty_present(). 
This function is policy-dependent.  For the modern sudo front-end
it will simply check tcpgid and/or ttypath.
 2023-08-25 11:19:42 -06:00
Todd C. Miller
c7157ce0b1 Move a few fields from sudoers_user_contect to sudoers_context. 
They are not really specific to the user or user-specified.
 2023-08-21 15:30:12 -06:00
Todd C. Miller
9aaba80a04 Remove dead code dealing with unknown user and MODE_INVALIDATE. 
The timestamp unlink code does not need the user's struct passwd
pointer, just the user name (which we already have).  Found by
PVS-Studio.
 2023-08-21 13:21:51 -06:00
Todd C. Miller
8161205447 MODE_KILL is never set in the sudoers plugin, remove it. 2023-08-21 12:52:21 -06:00
Todd C. Miller
c6987aa26e Cast int to size_t before adding instead of casting the result. 
Quiets PVS-Studio warning V1028.
 2023-08-21 12:50:31 -06:00
Todd C. Miller
ff5914d7f7 Move sudoedit_nfiles into struct sudoers_context. 2023-08-21 10:47:25 -06:00
Todd C. Miller
3473bf9360 Move sudo_mode into struct sudoers_context. 2023-08-21 10:47:23 -06:00
Todd C. Miller
87571dab0a Add struct sudoers_conf to struct sudoers_plugin_context. 
There's now no need to pass this directly to init_parser() since we
already pass in a pointer to a sudoers_context struct.
 2023-08-21 09:21:54 -06:00
Todd C. Miller
9e53d903ea Store policy paths in struct sudoers_context. 
This removes the need for the getters in policy.c.
 2023-08-21 09:21:53 -06:00
Todd C. Miller
2440174954 Make struct sudoers_context private to sudoers.c. 
We now pass a pointer to the context where necessary.  There are a
few cases where we need to request the context from sudoers via
sudoers_get_context() for the plugin API functions.  If the plugin
API was able to pass around a closure pointer this would not be
necessary.
 2023-08-21 09:21:49 -06:00
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
f17aebe6aa No need to clear errno when using sudo_strtonum(). 2023-08-14 16:29:47 -06:00
Todd C. Miller
20baa39007 Move max_groups out of sudoers_user_context and into pwutil.c. 
It is only used by the local password pwutil implementation.
 2023-08-14 16:29:15 -06:00
Todd C. Miller
08afb5183f Move RUNAS_{USER,GROUP}_SPECIFIED flags into struct sudoers_runas_context. 2023-08-14 09:01:39 -06:00
Todd C. Miller
392f0d61cb Make path_plugin_dir private to policy.c and add getter. 2023-08-13 17:05:00 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
bd8cccb5dd Rename struct sudo_user -> struct sudo_user_context. 
Also rename the sudo_user global to user_ctx.
 2023-08-12 10:39:47 -06:00
Todd C. Miller
e178b85821 Store the source of the matching rule and store in the event log. 
The JSON logs will store the matching rule source.
 2023-08-08 09:57:09 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
e7d4c05ace check_user_runcwd: allow -D option if it matches the cwd in sudoers 
Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if sudoers specified a different one.
The user-specified runcwd was ignored but it is better to error out
in this case.  It is now also possible to use "sudo -D" with the
directory specified in sudoers.
 2023-06-28 09:59:33 -06:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Rose
0bb41ed82a Set command_info to NULL once it is freed 
The lack of setting to NULL is a holdover from when command_info was a local variable and not a global one. However, we given how other global variables are set to NULL, it is best that we do the same here to avoid potential issues should sudoers_policy_store_result be called again after the first time failed, otherwise we could get a double-free.
 2023-06-26 15:08:51 -04:00
Todd C. Miller
bde363e060 Rename parser_conf -> sudoers_conf in all but the parser itself. 2023-05-09 07:29:06 -06:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
c0fa3a4d24 Rename force_umask to override_umask and make it private to sudoers.c. 
Add getter for policy.c.
 2023-05-04 13:46:20 -06:00
Todd C. Miller
d5de5890f5 Make login_style private to bsdauth.c 
Add a setter for policy.c to handle auth_type from the front-end.
 2023-05-04 13:06:09 -06:00
Todd C. Miller
80768ed3a8 Make path_ldap_conf and path_ldap_secret private to policy.c. 
Add getters for both so the ldap code can access them.
 2023-05-02 10:47:53 -06:00
Todd C. Miller
f553ddc430 Make sudoers_file private to policy.c and visudo.c. 
We just need a way for the policy (and visudo) to override the
default sudoers path.  This adds a getter to be used in file.c when
sudoers is first opened.
 2023-05-02 10:47:47 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
cd5cd45336 sudoers_cleanup: run the garbage collector at the end 2023-03-10 15:03:44 -07:00
Todd C. Miller
452d63d6c1 sudoers_policy_list: do not set runas_pw to list_pw when listing 
This change introduced in sudo 1.9.13 is not actually needed.  The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw.  GitHub issue #248
 2023-03-03 11:16:44 -07:00
Todd C. Miller
26385b45cf Recover from missing include file unless error_recovery is disabled. 
It is still treated as an error from a logging perspective, and
mail is still sent.
 2023-02-09 15:33:58 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
4989856321 Use tcpgid if passed from sudo front-end and use it in tty_present(). 
This can be used as another indicator that a terminal is present
without having to open /dev/tty.
 2022-09-15 16:34:49 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00