isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

109 Commits

Author SHA1 Message Date
Todd C. Miller
f6a9bb2e23 Use a single callback for sudoers_lookup() and add a closure pointer. 
The single callback now receives all the match info (or UNSPEC if
no match was attempted).  This makes it possible to use the callback
for more than just printing testsudoers output.
 2023-08-07 15:06:19 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
01ad570e24 Move check_user_* functions to check_util.c so testsudoers can use them. 2023-06-30 10:43:18 -06:00
Todd C. Miller
e025cca440 Add callbacks to sudoers_lookup() so we can use it in testsudoers. 
Also pass in the time to be used for NOTBEFORE/NOTAFTER checks.
 2023-06-29 17:30:39 -06:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
8cbd5462a6 Move sudoers search path to struct sudoers_parser_config. 
That way we can avoid passing it to init_parser() directly.
We still need sudoers_search_path to be shared between the lexer
and the parser.
 2023-05-08 17:04:38 -06:00
Todd C. Miller
9d7c30c5a8 Add struct sudoers_parser_config and pass it to init_parser(). 
This struct contains parser configuration such as the sudoers file
uid/gid/mode and parse flags such as verbose, strict and recovery.
 2023-05-08 17:03:31 -06:00
Todd C. Miller
72489d7a83 Make timestamp_uid and timestamp_gid private to timestamp.c. 
Add getter (for set_perms.c) and setter (for sudoers.c).
 2023-05-04 13:08:23 -06:00
Todd C. Miller
d5de5890f5 Make login_style private to bsdauth.c 
Add a setter for policy.c to handle auth_type from the front-end.
 2023-05-04 13:06:09 -06:00
Todd C. Miller
bbbaea5b2f Rename init_parser_ext() to init_parser() and remove old wrapper. 
There was only one consumer of the init_parser() wrapper now that
reset_parser() has been introduced.
 2023-05-02 13:29:49 -06:00
Todd C. Miller
f258a15df5 Add reset_parser() and use in place of init_parser(NULL). 2023-05-02 13:27:17 -06:00
Todd C. Miller
5446b009e3 Support adminconfdir for relative include paths in sudoers. 2023-05-02 10:47:11 -06:00
Todd C. Miller
f17b35471f Support sudoers_file being a colon-separated path of files. 
The first file found is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
d1f2452c08 getaddrinfo stub: set sin_port 2023-04-26 16:27:34 -06:00
Todd C. Miller
2898c85119 Avoid NULL deref in stub getaddrinfo() when nodename is NULL. 
Also add support for parsing servname.  We only need to support a
subset of getaddrinfo() functionality in the fuzzer.
 2023-04-26 13:23:31 -06:00
Todd C. Miller
8049e4e32f Replace sudoers_warnings with sudoers_verbose. 
This is now an int, with values > 1 reserved for visudo.
 2023-03-20 18:27:27 -06:00
Todd C. Miller
4b563ea44f Pass around const struct sudo_nss pointers where possible. 2023-03-17 13:41:38 -06:00
Todd C. Miller
c76ac1cab3 sudoers_cleanup: free cached environment before running g/c. 
Avoids a double free in fuzz_policy.
 2023-03-10 15:23:48 -07:00
Todd C. Miller
0aad96bba1 Add per-source innetgr function pointer and use it in netgr_matches(). 
This will be used to implement LDAP-specific netgroup lookups when
netgroup_base is set in ldap.conf.
 2023-03-08 13:44:22 -07:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
1bcddb9602 Stub out pivot_root() and unpivot_root() for all but the sudoers module. 2023-02-21 14:46:27 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
bdef2ad6d2 No longer need to define sudoers_recovery here. 2023-02-09 16:39:25 -07:00
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00
Todd C. Miller
91d7592e8a Use initprogname(), not setprogname() in the fuzzers. 
This results in better coverage for progname.c.
 2022-12-29 15:52:21 -07:00
Todd C. Miller
47a211f194 Update fuzz_policy keywords to match current policy settings. 2022-12-28 16:02:25 -07:00
Todd C. Miller
a7c1b78c67 Add example users and groups to the dictionary. 2022-12-28 16:02:10 -07:00
Todd C. Miller
bca945f074 The contents of the env_add array should not include the leading "env=" prefix. 
The previous fix for this was incomplete.
 2022-12-28 09:25:41 -07:00
Todd C. Miller
62dd5734a2 Plug a memory leak of list_cmnd in the fuzzers. 2022-12-11 14:29:14 -07:00
Todd C. Miller
455f250ac5 Set LDAP base for sudoers_parse_ldif(). 
Without this set the fuzzer will not exercise the dn parsing.
 2022-11-10 09:34:44 -07:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
e7b7fbaf6e Increase the realloc increment from 128 to 1024. 
The contents of the env_add array should not include the leading
"env=" prefix.
 2022-07-09 09:02:25 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
kernelmethod
c20859d55b Add an APPARMOR_PROFILE user spec option to sudoers 
sudoers now supports an APPARMOR_PROFILE option, which can be specified
as e.g.

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo    ALL

The line above says "user alice can run any command as any user/group,
under confinement by the AppArmor profile 'foo'." Profiles can be
specified in any way that complies with the rules of
aa_change_profile(2). For instance, the sudoers configuration

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=unconfined     ALL

allows alice to run any command unconfined (i.e., without an AppArmor
profile), while

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo//&bar      ALL

tells sudoers that alice can run any command under the stacked AppArmor
profiles 'foo' and 'bar'.

The intention of this option is to give sysadmins on Linux distros
supporting AppArmor better options for fine-grained access control.
Among other things, this option can enforce mandatory access control
(MAC) over the operations that a privileged user is able to perform to
ensure that they cannot privesc past the boundaries of a specified
profile. It can also be used to limit which users are able to get
unconfined system access, by enforcing a default AppArmor profile on all
users and then specifying 'APPARMOR_PROFILE=unconfined' for a privileged
subset of users.
 2022-05-23 13:41:56 -06:00
Todd C. Miller
e5a50ae429 If there are multiple parse errors, send them in a single mail message. 2022-03-14 13:54:11 -06:00
Todd C. Miller
65e5b89f1d Pass file, line and column to sudoers defaults callbacks. 2022-03-10 13:35:58 -07:00
Todd C. Miller
d7ddff2a31 Add a hook for sudoers parse errors (including defaults and aliases). 
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
 2022-03-10 13:30:56 -07:00
Todd C. Miller
6ec279532e Add a source to struct sudo_nss and use it if getdefs() fails. 
Also remove useless "Problem with defaults entries" warning in testsudoers.
 2022-03-09 12:38:25 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
9303aec0de Sync fuzzing dictionary with current configuration keyword list. 2022-01-29 10:30:37 -07:00
Todd C. Miller
86f123cd9d Pass the operator to the Defaults callback too. 
That way we can tell what to do in callbacks for lists.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
730ebabdba init_parse_tree() now takes ownership of lhost and shost, if any. 
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00