isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,309 Commits 1 Branch 0 Tags
e64a089aea42710098666e55427fce9c97a1c94d
Commit Graph

178 Commits

Author SHA1 Message Date
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings. 
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
 2021-11-20 08:01:37 -07:00
Todd C. Miller
8e656b63c8 free_defs_val: free rlimits like strings (which they are). 2021-11-09 13:45:06 -07:00
Todd C. Miller
19065cb221 Use strtoul() on systems without strtoull(). 
We can assume that systems without strtoull() have 32-bit resource limits.
 2021-11-08 18:21:15 -07:00
Todd C. Miller
f279df5e18 Add basic support for setting resource limits in sudoers. 
The default for rlimit_core is "0,0"
Resource limits are passed back to the front-end in command_info[]
when set.
 2021-11-08 17:46:19 -07:00
Todd C. Miller
0ea561ca6a Limit paths for command, cwd and chroot to PATH_MAX bytes. 
This helps prevent the fuzzer from going off the rails.
 2021-09-19 18:13:43 -06:00
Todd C. Miller
d7cdf1e47c append_defaults() should not be passed a value for boolean flags. 
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front-end.
Bug #993.
 2021-09-14 08:02:37 -06:00
Todd C. Miller
132936f8f0 Make it possible to call the sudoers policy check function multiple times. 
We need to reset the Defaults values to their original state.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
1032fca5b8 Trying to use "+=" or "-=" operators on a non-list is an error. 
Previously, they were simply treated as "=" for non-lists.
 2021-07-29 09:29:10 -06:00
Todd C. Miller
d1cc1c59e8 Correct the integer overflow check in store_timespec(). 
Fixes oss-fuzz issue #31463
 2021-02-26 16:43:48 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
7bafd52fac Remove unnecessary break statement. 2021-02-25 13:19:55 -07:00
Todd C. Miller
cbd11c44d2 Update Defaults settings after parsing sudoers. 
Also stub out dump_defaults when fuzzing as it is not used.
 2021-02-24 12:29:34 -07:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
e4a2765cce Add missing initialization of def_log_format to sudo. 2020-11-17 11:11:52 -07:00
Todd C. Miller
6286ce1d16 Store column number for aliases, defaults and userspecs too. 
This is used to provided the column number along with the line
number in error messages.  For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
 2020-11-02 05:39:06 -07:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
4416bd5977 Use libeventlog in sudoers instead of doing our own logging. 2020-10-26 16:10:40 -06:00
Todd C. Miller
bd1ca79cca Add support for mailing eventlog entries and for logging raw messages. 
These will be used by the sudoers plugin.
 2020-10-26 16:10:37 -06:00
Todd C. Miller
def99ffd78 Fix typo in warning for T_CHPATH, list '~' not '*' twice. 
Bug #938
 2020-09-14 06:54:15 -06:00
Todd C. Miller
10d3d69aa1 Pass a struct to the match functions to track the resolved command. 
This makes it possible to update user_cmnd and cmnd_status modified
by per-rule CHROOT settings.
 2020-09-09 15:26:45 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
3235e4353c Display more specific parser error messages when possible. 2020-08-07 14:20:45 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
e9a39c149a Add some debugging statements around Defaults lookup. 2020-07-06 09:03:15 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
8186b98208 Adapt sudoers iolog client to log server dual port changes. 
The TLS handshake now occurs before the ServerHello message is read.
This fixes potential man-in-the-middle attacks and works better with
TLS 1.3.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Laszlo Orban
6f3f45aa24 sudoers: disable SO_KEEPALIVE socket option based on log_server_disable_keepalive flag in sudoers 2020-01-22 10:52:18 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
9048ee6c48 Set def_mailerflags even if sendmail was not found at configure time. 
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
 2019-04-19 10:14:10 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
2121693879 Move definition of TIME_T_MAX to sudo_util.h 2018-09-24 14:21:58 -06:00
Todd C. Miller
9e6c14b091 Fix printing of T_TIMESPEC values. 2018-08-21 17:35:44 -06:00
Todd C. Miller
171686c422 update_defaults() needs to be able to take a defaults_list for 
the ldap/sssd backends which support per-role defaults.
 2018-08-02 14:06:36 -06:00
Todd C. Miller
70d519c8ad o Move userspecs, defaults and aliases into a new struct sudoers_parse_tree. 
o The parse tree is now passed to the alias, match and defaults functions.
o The nss API has been changed so that the nss parse() function returns
  a pointer to a struct sudoers_parse_tree which will be filled in
  by the getdefs() and query() functions.
 2018-07-26 15:12:33 -06:00
Todd C. Miller
f9be3a48a2 Simplify the nss interface such that each sudoers provider fills 
in a per-nss list of userspecs and defaults instead of using separate
lookup and list functions.  This makes it possible to have a single
implementation of the code for sudoers lookup and listing.
 2018-05-14 09:05:03 -06:00
Todd C. Miller
71e98d9493 Include parse.h in sudoers.h since it will soon be required. 2018-05-14 09:05:02 -06:00