Commit Graph

3207 Commits

Author SHA1 Message Date
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings.
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
2021-11-20 08:01:37 -07:00
Todd C. Miller
aed51033e1 cvtsudoers: use init_parse_tree() to initialize a parse tree.
Also free the parse tree before exit.
2021-11-19 12:29:21 -07:00
Todd C. Miller
730ebabdba init_parse_tree() now takes ownership of lhost and shost, if any.
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
2021-11-19 12:29:21 -07:00
Todd C. Miller
f5c6e2df7b cvtsudoers: merge userspecs when multiple sudoers files are specified
If a hostname is specified with the sudoers file, it will be used to
make the userspec host-specific, if possible.  Duplicate userspecs
are removed but conflicting entries are not currently pruned.
2021-11-19 12:29:21 -07:00
Todd C. Miller
d31109ded2 cvtsudoers: merge Defaults when multiple sudoers files are specified
If a hostname is specified with the sudoers file, it will be used to
make the Defaults setting host-specific, if possible.
Duplicate Defaults settings are removed and conflicts are warned about.
It is not possible to resolve all conflicts automatically.
2021-11-19 12:29:21 -07:00
Todd C. Miller
ab9e44a6ca cvtsudoers: merge aliases when multiple sudoers files are specified
Duplicate aliases are remove.  If there are conflicting alias names,
the conflicts are renamed by appending a numerical suffix.
For example, if there are two SERVERS Host_Aliases, the second one
will be renamed to SERVERS_1.
2021-11-19 12:29:21 -07:00
Todd C. Miller
33fbf59467 Add support for specifying the hostname as a prefix to the sudoers file.
If present, the host name is copied into the struct sudoers_parse_tree.
2021-11-16 19:00:56 -07:00
Todd C. Miller
4cb34a2015 cvtsudoers: parse multiple sudoers files and store them in a tail queue
In the future the parsed files will be merged before they are output.
2021-11-11 16:04:45 -07:00
Todd C. Miller
b1309f76db Add sudoers_parse_tree_list, a tail queue of struct sudoers_parse_tree.
This will be used to store multiple parse trees and merge them
into a single sudoers_parse_tree.
2021-11-11 15:40:51 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing.
Only needed when building the seed corpus zip files.
2021-11-10 13:31:42 -07:00
Todd C. Miller
55d17eaa34 install_sudoers: fix return value when there is no temp file to install
This can happen when no changes were made.  Also preserve the edited
temp file on error if we are unable to move it into place.
2021-11-09 16:09:48 -07:00
Todd C. Miller
def7a51f4d Bump plugin version in test data to 1.18. 2021-11-09 13:59:36 -07:00
Todd C. Miller
8e656b63c8 free_defs_val: free rlimits like strings (which they are). 2021-11-09 13:45:06 -07:00
Todd C. Miller
288bb82543 Rename {check,set}_perms variable to {check,set}_mode.
Avoids a name clash with the set_perms() function.
2021-11-09 13:41:27 -07:00
Todd C. Miller
19065cb221 Use strtoul() on systems without strtoull().
We can assume that systems without strtoull() have 32-bit resource limits.
2021-11-08 18:21:15 -07:00
Todd C. Miller
f279df5e18 Add basic support for setting resource limits in sudoers.
The default for rlimit_core is "0,0"
Resource limits are passed back to the front-end in command_info[]
when set.
2021-11-08 17:46:19 -07:00
Todd C. Miller
cdd41af66f visudo: add -O and -P options to check/set owner and permissions.
This can be used in conjunction with the -c option to check that
the sudoers file ownership and permissions are correct.
Bug #1007
2021-11-06 12:37:13 -06:00
Todd C. Miller
a336a8422f Pass status of selinux sudoers setting to front-end as selinux-rbac.
The front-end uses this to decide whether or not to enable SELinux.
If selinux-rbac is true _or_ if it is not present and selinux_role or
selinux_type are set, SELinux support is enabled.
Previously, SELinux support was only enabled if a role was specified.
2021-11-05 12:32:02 -06:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
2021-10-31 09:27:34 -06:00
Todd C. Miller
dcd2199f79 Take daylight saving time into consideration when computing offset.
Otherwise, the resulting time may be off by and hour, depending on
whether DST is currently active compared to the target time.
2021-10-31 08:42:49 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer.
Based on changes from Hayden Roche
2021-10-25 13:17:57 -06:00
Todd C. Miller
465bfbba72 regenerate dependencies 2021-10-25 12:32:02 -06:00
Todd C. Miller
88c577171e Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined. 2021-10-21 19:53:48 -06:00
Todd C. Miller
00f0c233b2 Only include log_client.h if SUDOERS_LOG_CLIENT is defined. 2021-10-21 19:46:35 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h.
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
2021-10-20 10:31:35 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog.
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
2021-10-19 08:58:34 -06:00
Todd C. Miller
369d21323b Display a more helpful message if the user tries to run "sudo cd".
Since "cd" is a shell built-in command it cannot be run directly
via sudo.  The user either needs to spawn a shell via "sudo -s"
or use the -D option to run a command in a specific directory.
2021-10-11 11:05:58 -06:00
Todd C. Miller
4b7b3c05e9 Fix typos in SELinux and Solaris priv support. 2021-10-10 16:06:01 -06:00
Todd C. Miller
430048d167 cvtsudoers: initial support for CSV output
For CSV output we double quotes strings that contain commas.  For
each literal double quote character present inside the string, two
double quotes are output.
2021-10-10 14:24:31 -06:00
Todd C. Miller
de5ca187b8 regenerate dependencies 2021-10-10 14:23:13 -06:00
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used.
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
2021-10-07 08:19:11 -06:00
Todd C. Miller
4e4b506f22 Sync "sudo -l" output with normal sudo log format.
It now prints runchroot and runcwd (falling back on cwd).
As a result, submithost is now printed first, matching sudo.
Also avoid printing NULL pointers and skip entries that don't have
at least command, submituser and runuser set.
2021-10-01 10:33:55 -06:00
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
2021-09-29 10:25:19 -06:00
Todd C. Miller
dde951a098 Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr).
Avoids extraneous output in the fuzzer.
2021-09-29 09:15:24 -06:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers.
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers.
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output.
Excessive output makes the fuzzer runs much less efficient.
2021-09-28 18:53:49 -06:00
Todd C. Miller
1d203c8344 Fix typo in last commit, use boolean AND not bitwise. 2021-09-24 10:57:12 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option.
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers.
These are based on the code in testsudoers.
2021-09-23 19:18:25 -06:00
Todd C. Miller
86df86ed94 Fix memory leak on error path if snprintf() overflows.
Coverity CID 188804
2021-09-22 11:17:55 -06:00
Todd C. Miller
b9b8451830 Avoid reinitializing other auth methods. 2021-09-21 20:05:35 -06:00
Todd C. Miller
4a49f16967 expand_include: add bounds checking when expanding %h escape. 2021-09-21 19:33:51 -06:00
Todd C. Miller
dc90df8de5 Check snprintf() return values even if we preallocated the correct amount.
There are no remaining unchecked snprintf() that can actually overflow.
2021-09-21 19:13:35 -06:00
Todd C. Miller
0f2252f898 Amend truncation fix, the real problem was the size passed to snprintf().
sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to add one to the length.
2021-09-21 19:01:22 -06:00
Todd C. Miller
e23874d0fa Fix truncation of the last char of the sudoRole cn passed to append_default().
This string is primarily used for warning messages.
Also check the snprintf() return value to avoid silent truncation.
GitHub issue #115
2021-09-21 12:49:18 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser.
It is only the alias and defaults warnings we need to suppress.
2021-09-20 12:46:37 -06:00
Todd C. Miller
328bc282e0 Don't re-initialize PAM for sub-commands. 2021-09-20 08:14:28 -06:00
Todd C. Miller
0eb677b74a Only store the first log id received from the server.
Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-commands.
2021-09-20 07:49:31 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
2021-09-19 19:36:25 -06:00