isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

3468 Commits

Author SHA1 Message Date
Todd C. Miller
f6291bf83e Move code to display a cmndspec in long form to display_cmndspec_long(). 2023-08-09 09:58:24 -06:00
Todd C. Miller
5a1a3ff74b sudo -ll: display the sudoers file the rule came from. 2023-08-09 08:50:56 -06:00
Todd C. Miller
e178b85821 Store the source of the matching rule and store in the event log. 
The JSON logs will store the matching rule source.
 2023-08-08 09:57:09 -06:00
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
1e6c5f3e79 Fix checking of SSL_{read,write}_ex() return value. 
These have a boolean-style return value.  However, our emulated
versions can return -1 on error, which we need to preserve for older
versions of SSL_get_error() which expect it.
 2023-08-08 10:18:57 -06:00
Todd C. Miller
77f94f291a sudo_digest_getlen: return size_t, and 0 on error instead of -1 
This is an API change, sudo_digest_getlen_v1 remains for binary
compatibility.
 2023-08-07 08:43:13 -06:00
Todd C. Miller
184e03b4a9 ERR_get_error() returns unsigned long, not int. 2023-08-07 08:05:00 -06:00
Todd C. Miller
861ed2b7d4 We now must pass "err" SSL_get_error(), not "nread". 2023-08-07 07:59:58 -06:00
Todd C. Miller
d6d467b92e Add implementation of SSL_read_ex/SSL_write_ex for those without. 2023-08-05 10:38:02 -06:00
Todd C. Miller
e6d14c95b6 Use SSL_read_ex() and SSL_write_ex() instead of SSL_read() and SSL_write(). 2023-08-05 10:38:01 -06:00
Todd C. Miller
4f3786f70f visudo: do not create a new file if the user made no changes 
This prevents visudo from creating a new zero-length sudoers file
if the user exited the editor without making any changes.  Files
created via a @include directive are preserved, even if empty, to
avoid a parse error.  GitHub issue #294.
 2023-07-27 11:23:25 -06:00
Todd C. Miller
14f1a12e2d testsudoers: add -L, -l and -v tests 2023-07-26 13:59:33 -06:00
Todd C. Miller
d62d704e55 testsudoers: display when a password is required 2023-07-26 11:14:45 -06:00
Todd C. Miller
75256516bd testsudoers: add -L, -l and -v options. 
This makes it possible to test "sudo -l" and "sudo -v" using
testsudoers.
 2023-07-26 10:37:52 -06:00
Todd C. Miller
538be58ac0 sudoers_lookup_pseudo: sync with sudoers_lookup_check 
This makes sudoers_lookup_pseudo(), which is used for pseudo-command
like "list" and "validate" a bit more like sudoers_lookup_check().
Time of day checks are performed, and callbacks are supported.  We
cannot use the same code for regular commands and pseudo-commands
due to the "pwcheck == all" case.
 2023-07-25 15:57:20 -06:00
Todd C. Miller
d486db46cf Fix user warning message for "sudo -l command" when not allowed. 
Reported by the sudo-rs project.

There was a missing space between "list" and the actual command.
This also changes the output to include the command as specified
by the user, not the path found in the path.  Previously, if the
command did not exist it would not be included in the message.
 2023-07-25 13:56:08 -06:00
Todd C. Miller
432ac12128 Pass TEST_VERBOSE to all test programs. 2023-07-20 10:13:40 -06:00
Todd C. Miller
7499b2d274 All test programs should accept the -v option, even if it is ignored. 2023-07-20 10:10:05 -06:00
Todd C. Miller
fa66c16689 sudoers_check_common: MODE_PRESERVE_ENV is not valid with MODE_CHECK. 
We should only check for MODE_PRESERVE_ENV when running a command.
 2023-07-17 10:52:23 -06:00
Todd C. Miller
db704c22ec runas_userlist_matches: fix matching a Runas_Spec with an empty runas user. 
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
 2023-07-15 08:44:57 -06:00
Todd C. Miller
625653de08 sudo_term_raw: change the isig argument into a flags field 
There are current two flags: SUDO_TERM_ISIG (enable terminal signals)
and SUDO_TERM_OFLAG (preserve output flags).
 2023-07-14 13:12:51 -06:00
Todd C. Miller
56828f6412 fmt_info_messages: don't include ttyname if it is NULL 
The NULL check was commented out for testing but should have been
restored.  Fixes a potential protocol error message from sudo_logsrvd.
 2023-07-11 14:15:46 -06:00
Todd C. Miller
dc1a5d7b40 sudo_krb5_ccname_path: avoid gcc false positive for ccname being NULL 
The callers all verify that they don't pass a NULL ccname so I'm
not sure how the compiler is getting confused (and why now?).
 2023-07-10 15:21:31 -06:00
Todd C. Miller
d1625f9c83 Only allow the user to specify -D or -R for the special "*" value. 
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*".  If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
 2023-07-10 14:30:40 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
9f7128fe83 parse_timeout: move overflow check to the correct location 
It was not covering all cases in its original location.
Fixes oss-fuzz issue 60454 with fuzz_sudoers.
 2023-07-08 10:16:35 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
548e3e3125 testsudoers: avoid extern definitions where possible 2023-07-07 15:23:54 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
0205f6fc75 sudoers_check_common: remove extraneous return statement. 2023-07-07 14:54:10 -06:00
Todd C. Miller
43e914a5d3 Copy, don't append group ID in fill_group() and fill_runas_group() 
This only affects the case where a group ID cannot be resolved.
 2023-07-05 11:49:07 -06:00
Todd C. Miller
2848dddd87 Rename print_usage() to display_usage() 2023-07-04 19:48:41 -06:00
Todd C. Miller
fd061e4d69 Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. 2023-07-04 16:24:48 -06:00
Todd C. Miller
f1d9063477 Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD. 2023-07-04 14:14:07 -06:00
Rose
cbed9daa46 Fixed even more signedness and conversion issues 
This should be the last of them.
 2023-07-03 22:07:35 -04:00
Todd C. Miller
e95bd883d7 Promote length/size/offset in struct connection_buffer to size_t. 2023-07-03 17:02:24 -06:00
Todd C. Miller
56a431f7ea Make sudo_pow2_roundup() operate on size_t. 2023-07-03 16:51:05 -06:00
Todd C. Miller
04c7e910ef Fix up indentation. 2023-07-01 16:03:33 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Todd C. Miller
97e574091a Avoid passing debug_return_size_t() a negative number. 2023-07-01 10:39:25 -06:00
Rose
6ea68d208e Regenerate toke.c using updated flex 
Use the current version of flex to generate toke.c
 2023-07-01 11:47:04 -04:00
Todd C. Miller
5fbf431c42 Fix a few memory leaks in the tests. 2023-06-30 19:08:04 -06:00
Todd C. Miller
ac9b6c94d9 Add test for runas_check_shell and check_user_shell() 2023-06-30 10:43:39 -06:00
Todd C. Miller
bdc8a7f35e testsudoers: add -D and -R options to set cwd and chroot like sudo 2023-06-30 10:43:37 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
689efe3cdd testsudoers: make lbuf private to dump_sudoers() 
It is no longer used directly in main.
 2023-06-29 20:17:22 -06:00
Todd C. Miller
260c2fb835 testsudoers: display "Parse error" if there was a parse error. 
Previously, we just printed "Command unmatched" which makes it
harder to see that an error occurred.
 2023-06-29 20:10:15 -06:00
Todd C. Miller
6a21aec0a6 testsudoers: use allowed/denied/unmatched instead of just matched/unmatched 
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
 2023-06-29 20:02:32 -06:00
Todd C. Miller
fd25bfc892 testsudoers: use sudoers_lookup() instead of a custom loop. 2023-06-29 17:31:55 -06:00
Todd C. Miller
e025cca440 Add callbacks to sudoers_lookup() so we can use it in testsudoers. 
Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
 2023-06-29 17:30:39 -06:00