isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

414 Commits

Author SHA1 Message Date
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
14f1a12e2d testsudoers: add -L, -l and -v tests 2023-07-26 13:59:33 -06:00
Todd C. Miller
d62d704e55 testsudoers: display when a password is required 2023-07-26 11:14:45 -06:00
Todd C. Miller
7499b2d274 All test programs should accept the -v option, even if it is ignored. 2023-07-20 10:10:05 -06:00
Todd C. Miller
db704c22ec runas_userlist_matches: fix matching a Runas_Spec with an empty runas user. 
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
 2023-07-15 08:44:57 -06:00
Todd C. Miller
d1625f9c83 Only allow the user to specify -D or -R for the special "*" value. 
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*".  If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
 2023-07-10 14:30:40 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Todd C. Miller
5fbf431c42 Fix a few memory leaks in the tests. 2023-06-30 19:08:04 -06:00
Todd C. Miller
ac9b6c94d9 Add test for runas_check_shell and check_user_shell() 2023-06-30 10:43:39 -06:00
Todd C. Miller
bdc8a7f35e testsudoers: add -D and -R options to set cwd and chroot like sudo 2023-06-30 10:43:37 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
260c2fb835 testsudoers: display "Parse error" if there was a parse error. 
Previously, we just printed "Command unmatched" which makes it
harder to see that an error occurred.
 2023-06-29 20:10:15 -06:00
Todd C. Miller
6a21aec0a6 testsudoers: use allowed/denied/unmatched instead of just matched/unmatched 
This makes it possible to tell whether an entry was rejected due
to a negative match (explicitly denied) as opposed to a non-match.
Also fixes a bug where the runas status was only printed for positive
matches.
 2023-06-29 20:02:32 -06:00
Todd C. Miller
fd25bfc892 testsudoers: use sudoers_lookup() instead of a custom loop. 2023-06-29 17:31:55 -06:00
Todd C. Miller
e025cca440 Add callbacks to sudoers_lookup() so we can use it in testsudoers. 
Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
 2023-06-29 17:30:39 -06:00
Todd C. Miller
41b82006de Merge pull request #278 from AtariDreams/types 
Avoid compiler casting warnings Part 2
 2023-06-29 12:26:07 -06:00
Todd C. Miller
2c1a473ddc testsudoers: add support for NOTBEFORE and NOTAFTER 
Also adds -T option to set the value of "now".
 2023-06-29 11:13:01 -06:00
Rose
22079c3072 Avoid compiler casting warnings Part 2 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-29 13:10:27 -04:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
baf482763c Add tests to exercise recent runas user and group bug fixes. 2023-06-14 10:29:07 -06:00
Todd C. Miller
0d17325039 Add test to exercise the bug that prevented the group specified via 
"sudo -g" from matching when a Runas_Alias was used in the user or
group portion of a Runas_Spec.
 2023-06-14 10:15:38 -06:00
Todd C. Miller
64ab8cd236 Populate runasusers even when only a grouplist is specified. 
When a sudoers rule permits the user to run commands as a group,
not a user, we should set the runasusers to single member with the
special MYSELF token.  This guarantees that the only time runasusers
will be NULL is when no runaslist is present.
 2023-06-13 15:46:46 -06:00
Todd C. Miller
1278e36ff3 Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it unsigned. 
This makes the digest type consistently unsigned instead of a mix
of signed (for the -1 value in the tokenizer) and unsigned.
 2023-06-03 08:59:14 -06:00
Todd C. Miller
91f100f5bc check_fill: sudoers_strict() is now a function, not a global variable 2023-05-09 14:16:17 -06:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
72489d7a83 Make timestamp_uid and timestamp_gid private to timestamp.c. 
Add getter (for set_perms.c) and setter (for sudoers.c).
 2023-05-04 13:08:23 -06:00
Todd C. Miller
d5de5890f5 Make login_style private to bsdauth.c 
Add a setter for policy.c to handle auth_type from the front-end.
 2023-05-04 13:06:09 -06:00
Todd C. Miller
bbbaea5b2f Rename init_parser_ext() to init_parser() and remove old wrapper. 
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
 2023-05-02 13:29:49 -06:00
Todd C. Miller
f258a15df5 Add reset_parser() and use in place of init_parser(NULL). 2023-05-02 13:27:17 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
d1f2452c08 getaddrinfo stub: set sin_port 2023-04-26 16:27:34 -06:00
Todd C. Miller
2898c85119 Avoid NULL deref in stub getaddrinfo() when nodename is NULL. 
Also add support for parsing servname.  We only need to support a
subset of getaddrinfo() functionality in the fuzzer.
 2023-04-26 13:23:31 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
43378de75e Test non-fully qualified path name. 2023-02-28 09:11:26 -07:00
Todd C. Miller
172515c94d Add test for using "list" as user, runas and host. 2023-02-28 08:56:44 -07:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
1bcddb9602 Stub out pivot_root() and unpivot_root() for all but the sudoers module. 2023-02-21 14:46:27 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
a72bc5e6bf get_starttime: add support for GNU Hurd using the mach task_info call. 
This is currently Hurd-specific but could be made Mach-generic as
long as the equivalent of pid2task() is available.
 2023-02-19 07:18:37 -07:00
Todd C. Miller
0b000aab86 Only test get_starttime() on platforms where we support it. 
Fixes a test failure on systems where we have no way to determine
a process's start time.
 2023-02-18 11:46:33 -07:00
Todd C. Miller
bdef2ad6d2 No longer need to define sudoers_recovery here. 2023-02-09 16:39:25 -07:00
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00