/* * Log and audit that user was not allowed to run the command. */ bool log_failure(int status, int flags) { bool ret, inform_user = true; debug_decl(log_failure, SUDOERS_DEBUG_LOGGING) /* The user doesn't always get to see the log message (path info). */ if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info && (flags == NOT_FOUND_DOT || flags == NOT_FOUND)) inform_user = false; ret = log_denial(status, inform_user); if (!inform_user) { /* * We'd like to not leak path info at all here, but that can * *really* confuse the users. To really close the leak we'd * have to say "not allowed to run foo" even when the problem * is just "no foo in path" since the user can trivially set * their path to just contain a single dir. */ if (flags == NOT_FOUND) sudo_warnx(U_("%s: command not found"), user_cmnd); else if (flags == NOT_FOUND_DOT) sudo_warnx(U_("ignoring \"%s\" found in '.'\nUse \"sudo ./%s\" if this is the \"%s\" you wish to run."), user_cmnd, user_cmnd, user_cmnd); } debug_return_bool(ret); }
/* * Set the exec and tty contexts in preparation for fork/exec. * Must run as root, before the uid change. * If ptyfd is not -1, it indicates we are running * in a pty and do not need to reset std{in,out,err}. * Returns 0 on success and -1 on failure. */ int selinux_setup(const char *role, const char *type, const char *ttyn, int ptyfd) { int ret = -1; debug_decl(selinux_setup, SUDO_DEBUG_SELINUX) /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { sudo_warn(U_("failed to get old_context")); goto done; } se_state.enforcing = security_getenforce(); if (se_state.enforcing < 0) { sudo_warn(U_("unable to determine enforcing mode.")); goto done; } #ifdef DEBUG sudo_warnx("your old context was %s", se_state.old_context); #endif se_state.new_context = get_exec_context(se_state.old_context, role, type); if (!se_state.new_context) { #ifdef HAVE_LINUX_AUDIT audit_role_change(se_state.old_context, "?", se_state.ttyn, 0); #endif goto done; } if (relabel_tty(ttyn, ptyfd) < 0) { sudo_warn(U_("unable to set tty context to %s"), se_state.new_context); goto done; } #ifdef DEBUG if (se_state.ttyfd != -1) { sudo_warnx("your old tty context is %s", se_state.tty_context); sudo_warnx("your new tty context is %s", se_state.new_tty_context); } #endif #ifdef HAVE_LINUX_AUDIT audit_role_change(se_state.old_context, se_state.new_context, se_state.ttyn, 1); #endif ret = 0; done: debug_return_int(ret); }
/* * This function attempts to revert the relabeling done to the tty. * fd - referencing the opened ttyn * ttyn - name of tty to restore * * Returns zero on success, non-zero otherwise */ int selinux_restore_tty(void) { int retval = 0; security_context_t chk_tty_context = NULL; debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX) if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL) goto skip_relabel; /* Verify that the tty still has the context set by sudo. */ if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) { sudo_warn(U_("unable to fgetfilecon %s"), se_state.ttyn); goto skip_relabel; } if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) { sudo_warnx(U_("%s changed labels"), se_state.ttyn); goto skip_relabel; } if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0) sudo_warn(U_("unable to restore context for %s"), se_state.ttyn); skip_relabel: if (se_state.ttyfd != -1) { close(se_state.ttyfd); se_state.ttyfd = -1; } if (chk_tty_context != NULL) { freecon(chk_tty_context); chk_tty_context = NULL; } debug_return_int(retval); }
bool fill_txt(const char *src, size_t len, size_t olen) { char *dst; int h; debug_decl(fill_txt, SUDOERS_DEBUG_PARSER) dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); debug_return_bool(false); } sudoerslval.string = dst; /* Copy the string and collapse any escaped characters. */ dst += olen; while (len--) { if (*src == '\\' && len) { if (src[1] == 'x' && len >= 3 && (h = hexchar(src + 2)) != -1) { *dst++ = h; src += 4; len -= 3; } else { src++; len--; *dst++ = *src++; } } else { *dst++ = *src++; } } *dst = '\0'; debug_return_bool(true); }
bool fill_cmnd(const char *src, size_t len) { char *dst; size_t i; debug_decl(fill_cmnd, SUDOERS_DEBUG_PARSER) arg_len = arg_size = 0; dst = sudoerslval.command.cmnd = malloc(len + 1); if (dst == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); sudoerserror(NULL); debug_return_bool(false); } sudoerslval.command.args = NULL; /* Copy the string and collapse any escaped sudo-specific characters. */ for (i = 0; i < len; i++) { if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1])) *dst++ = src[++i]; else *dst++ = src[i]; } *dst = '\0'; debug_return_bool(true); }
/* * Parse a comma-separated list of gids into an allocated array of GETGROUPS_T. * If a pointer to the base gid is specified, it is stored as the first element * in the array. * Returns the number of gids in the allocated array. */ int sudo_parse_gids_v1(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp) { int ngids = 0; GETGROUPS_T *gids; const char *cp = gidstr; const char *errstr; char *ep; debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL) /* Count groups. */ if (*cp != '\0') { ngids++; do { if (*cp++ == ',') ngids++; } while (*cp != '\0'); } /* Base gid is optional. */ if (basegid != NULL) ngids++; /* Allocate and fill in array. */ if (ngids != 0) { gids = reallocarray(NULL, ngids, sizeof(GETGROUPS_T)); if (gids == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(-1); } ngids = 0; if (basegid != NULL) gids[ngids++] = *basegid; cp = gidstr; do { gids[ngids] = (GETGROUPS_T) sudo_strtoid(cp, ",", &ep, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), cp, U_(errstr)); free(gids); debug_return_int(-1); } if (basegid == NULL || gids[ngids] != *basegid) ngids++; cp = ep + 1; } while (*ep != '\0'); *gidsp = gids; } debug_return_int(ngids); }
bool fill_args(const char *s, size_t len, int addspace) { unsigned int new_len; char *p; debug_decl(fill_args, SUDOERS_DEBUG_PARSER) if (arg_size == 0) { addspace = 0; new_len = len; } else new_len = arg_len + len + addspace; if (new_len >= arg_size) { /* Allocate in increments of 128 bytes to avoid excessive realloc(). */ arg_size = (new_len + 1 + 127) & ~127; p = realloc(sudoerslval.command.args, arg_size); if (p == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } else sudoerslval.command.args = p; } /* Efficiently append the arg (with a leading space if needed). */ p = sudoerslval.command.args + arg_len; if (addspace) *p++ = ' '; len = arg_size - (p - sudoerslval.command.args); if (strlcpy(p, s, len) >= len) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto bad; } arg_len = new_len; debug_return_bool(true); bad: sudoerserror(NULL); free(sudoerslval.command.args); sudoerslval.command.args = NULL; arg_len = arg_size = 0; debug_return_bool(false); }
void selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec) { char **nargv; const char *sesh; int argc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) sesh = sudo_conf_sesh_path(); if (sesh == NULL) { sudo_warnx("internal error: sesh path not set"); errno = EINVAL; debug_return; } if (setexeccon(se_state.new_context)) { sudo_warn(U_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #ifdef HAVE_SETKEYCREATECON if (setkeycreatecon(se_state.new_context)) { sudo_warn(U_("unable to set key creation context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #endif /* HAVE_SETKEYCREATECON */ /* * Build new argv with sesh as argv[0]. * If argv[0] ends in -noexec, sesh will disable execute * for the command it runs. */ for (argc = 0; argv[argc] != NULL; argc++) continue; nargv = sudo_emallocarray(argc + 2, sizeof(char *)); if (noexec) nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; else nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; nargv[1] = (char *)path; memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ sudo_execve(sesh, nargv, envp, false); serrno = errno; free(nargv); errno = serrno; debug_return; }
/* * securid_init - Initialises communications with ACE server * Arguments in: * pw - UNUSED * auth - sudo authentication structure * * Results out: * auth - auth->data contains pointer to new SecurID handle * return code - Fatal if initialization unsuccessful, otherwise * success. */ int sudo_securid_init(struct passwd *pw, sudo_auth *auth) { static SDI_HANDLE sd_dat; /* SecurID handle */ debug_decl(sudo_securid_init, SUDOERS_DEBUG_AUTH) auth->data = (void *) &sd_dat; /* For method-specific data */ /* Start communications */ if (AceInitialize() != SD_FALSE) debug_return_int(AUTH_SUCCESS); sudo_warnx(U_("failed to initialise the ACE API library")); debug_return_int(AUTH_FATAL); }
int linux_audit_command(char *argv[], int result) { int au_fd, rc = -1; char *command, *cp, **av; size_t size, n; debug_decl(linux_audit_command, SUDOERS_DEBUG_AUDIT) /* Don't return an error if auditing is not configured. */ if ((au_fd = linux_audit_open()) < 0) debug_return_int(au_fd == AUDIT_NOT_CONFIGURED ? 0 : -1); /* Convert argv to a flat string. */ for (size = 0, av = argv; *av != NULL; av++) size += strlen(*av) + 1; command = cp = sudo_emalloc(size); for (av = argv; *av != NULL; av++) { n = strlcpy(cp, *av, size - (cp - command)); if (n >= size - (cp - command)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } cp += n; *cp++ = ' '; } *--cp = '\0'; /* Log command, ignoring ECONNREFUSED on error. */ if (audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result) <= 0) { if (errno != ECONNREFUSED) { sudo_warn(U_("unable to send audit message")); goto done; } } rc = 0; done: sudo_efree(command); debug_return_int(rc); }
/* * Get a password entry by name and allocate space for it. */ struct passwd * sudo_getpwnam(const char *name) { struct cache_item key, *item; struct rbnode *node; size_t len; debug_decl(sudo_getpwnam, SUDOERS_DEBUG_NSS) key.k.name = (char *) name; if ((node = rbfind(pwcache_byname, &key)) != NULL) { item = node->data; goto done; } /* * Cache passwd db entry if it exists or a negative response if not. */ #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) name); #endif item = sudo_make_pwitem((uid_t)-1, name); if (item == NULL) { len = strlen(name) + 1; item = sudo_ecalloc(1, sizeof(*item) + len); item->refcnt = 1; item->k.name = (char *) item + sizeof(*item); memcpy(item->k.name, name, len); /* item->d.pw = NULL; */ } if (rbinsert(pwcache_byname, item) != NULL) { /* should not happen */ sudo_warnx(U_("unable to cache user %s, already exists"), name); item->refcnt = 0; } #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif done: item->refcnt++; debug_return_ptr(item->d.pw); }
/* * Get a password entry by uid and allocate space for it. */ struct passwd * sudo_getpwuid(uid_t uid) { struct cache_item key, *item; struct rbnode *node; debug_decl(sudo_getpwuid, SUDOERS_DEBUG_NSS) key.k.uid = uid; if ((node = rbfind(pwcache_byuid, &key)) != NULL) { item = node->data; goto done; } /* * Cache passwd db entry if it exists or a negative response if not. */ #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(uid)); #endif item = sudo_make_pwitem(uid, NULL); if (item == NULL) { item = sudo_ecalloc(1, sizeof(*item)); item->refcnt = 1; item->k.uid = uid; /* item->d.pw = NULL; */ } if (rbinsert(pwcache_byuid, item) != NULL) { /* should not happen */ sudo_warnx(U_("unable to cache uid %u, already exists"), (unsigned int) uid); item->refcnt = 0; } #ifdef HAVE_SETAUTHDB aix_restoreauthdb(); #endif done: item->refcnt++; debug_return_ptr(item->d.pw); }
/* * securid_setup - Initialises a SecurID transaction and locks out other * ACE servers * * Arguments in: * pw - struct passwd for username * promptp - UNUSED * auth - sudo authentication structure for SecurID handle * * Results out: * return code - Success if transaction started correctly, fatal * otherwise */ int sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int retval; debug_decl(sudo_securid_setup, SUDOERS_DEBUG_AUTH) /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { sudo_warnx(U_("unable to contact the SecurID server")); debug_return_int(AUTH_FATAL); } /* Lock new PIN code */ retval = SD_Lock(*sd, pw->pw_name); switch (retval) { case ACM_OK: sudo_warnx(U_("User ID locked for SecurID Authentication")); debug_return_int(AUTH_SUCCESS); case ACE_UNDEFINED_USERNAME: sudo_warnx(U_("invalid username length for SecurID")); debug_return_int(AUTH_FATAL); case ACE_ERR_INVALID_HANDLE: sudo_warnx(U_("invalid Authentication Handle for SecurID")); debug_return_int(AUTH_FATAL); case ACM_ACCESS_DENIED: sudo_warnx(U_("SecurID communication failed")); debug_return_int(AUTH_FATAL); default: sudo_warnx(U_("unknown SecurID error")); debug_return_int(AUTH_FATAL); } }
static bool do_logfile(const char *msg) { static bool warned = false; const char *timestr; int len, oldlocale; bool ret = false; char *full_line; mode_t oldmask; FILE *fp; debug_decl(do_logfile, SUDOERS_DEBUG_LOGGING) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); oldmask = umask(S_IRWXG|S_IRWXO); fp = fopen(def_logfile, "a"); (void) umask(oldmask); if (fp == NULL) { if (!warned) { log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG, N_("unable to open log file: %s"), def_logfile); warned = true; } goto done; } if (!sudo_lock_file(fileno(fp), SUDO_LOCK)) { if (!warned) { log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG, N_("unable to lock log file: %s"), def_logfile); warned = true; } goto done; } timestr = get_timestr(time(NULL), def_log_year); if (timestr == NULL) timestr = "invalid date"; if (def_log_host) { len = asprintf(&full_line, "%s : %s : HOST=%s : %s", timestr, user_name, user_srunhost, msg); } else { len = asprintf(&full_line, "%s : %s : %s", timestr, user_name, msg); } if (len == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } if ((size_t)def_loglinelen < sizeof(LOG_INDENT)) { /* Don't pretty-print long log file lines (hard to grep). */ (void) fputs(full_line, fp); (void) fputc('\n', fp); } else { /* Write line with word wrap around def_loglinelen chars. */ writeln_wrap(fp, full_line, len, def_loglinelen); } free(full_line); (void) fflush(fp); if (ferror(fp)) { if (!warned) { log_warning(SLOG_SEND_MAIL|SLOG_NO_LOG, N_("unable to write log file: %s"), def_logfile); warned = true; } goto done; } ret = true; done: if (fp != NULL) (void) fclose(fp); sudoers_setlocale(oldlocale, NULL); debug_return_bool(ret); }
/* * Setup the execution environment. * Builds up the command_info list and sets argv and envp. * Returns 1 on success and -1 on error. */ int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v) { struct sudoers_exec_args *exec_args = v; char **command_info; int info_len = 0; int rval = -1; debug_decl(sudoers_policy_exec_setup, SUDOERS_DEBUG_PLUGIN) /* Increase the length of command_info as needed, it is *not* checked. */ command_info = sudo_ecalloc(32, sizeof(char **)); command_info[info_len++] = sudo_new_key_val("command", safe_cmnd); if (def_log_input || def_log_output) { if (iolog_path) command_info[info_len++] = iolog_path; if (def_log_input) { command_info[info_len++] = sudo_estrdup("iolog_stdin=true"); command_info[info_len++] = sudo_estrdup("iolog_ttyin=true"); } if (def_log_output) { command_info[info_len++] = sudo_estrdup("iolog_stdout=true"); command_info[info_len++] = sudo_estrdup("iolog_stderr=true"); command_info[info_len++] = sudo_estrdup("iolog_ttyout=true"); } if (def_compress_io) { command_info[info_len++] = sudo_estrdup("iolog_compress=true"); } if (def_maxseq) { sudo_easprintf(&command_info[info_len++], "maxseq=%u", def_maxseq); } } if (ISSET(sudo_mode, MODE_EDIT)) command_info[info_len++] = sudo_estrdup("sudoedit=true"); if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { /* Set cwd to run user's homedir. */ command_info[info_len++] = sudo_new_key_val("cwd", runas_pw->pw_dir); } if (def_stay_setuid) { sudo_easprintf(&command_info[info_len++], "runas_uid=%u", (unsigned int)user_uid); sudo_easprintf(&command_info[info_len++], "runas_gid=%u", (unsigned int)user_gid); sudo_easprintf(&command_info[info_len++], "runas_euid=%u", (unsigned int)runas_pw->pw_uid); sudo_easprintf(&command_info[info_len++], "runas_egid=%u", runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid); } else { sudo_easprintf(&command_info[info_len++], "runas_uid=%u", (unsigned int)runas_pw->pw_uid); sudo_easprintf(&command_info[info_len++], "runas_gid=%u", runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid); } if (def_preserve_groups) { command_info[info_len++] = "preserve_groups=true"; } else { int i, len; gid_t egid; size_t glsize; char *cp, *gid_list; struct group_list *grlist = sudo_get_grlist(runas_pw); /* We reserve an extra spot in the list for the effective gid. */ glsize = sizeof("runas_groups=") - 1 + ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1)); gid_list = sudo_emalloc(glsize); memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1); cp = gid_list + sizeof("runas_groups=") - 1; /* On BSD systems the effective gid is the first group in the list. */ egid = runas_gr ? (unsigned int)runas_gr->gr_gid : (unsigned int)runas_pw->pw_gid; len = snprintf(cp, glsize - (cp - gid_list), "%u", egid); if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } cp += len; for (i = 0; i < grlist->ngids; i++) { if (grlist->gids[i] != egid) { len = snprintf(cp, glsize - (cp - gid_list), ",%u", (unsigned int) grlist->gids[i]); if (len < 0 || (size_t)len >= glsize - (cp - gid_list)) { sudo_warnx(U_("internal error, %s overflow"), __func__); goto done; } cp += len; } } command_info[info_len++] = gid_list; sudo_grlist_delref(grlist); } if (def_closefrom >= 0) sudo_easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom); if (def_noexec) command_info[info_len++] = sudo_estrdup("noexec=true"); if (def_exec_background) command_info[info_len++] = sudo_estrdup("exec_background=true"); if (def_set_utmp) command_info[info_len++] = sudo_estrdup("set_utmp=true"); if (def_use_pty) command_info[info_len++] = sudo_estrdup("use_pty=true"); if (def_utmp_runas) command_info[info_len++] = sudo_new_key_val("utmp_user", runas_pw->pw_name); if (cmnd_umask != 0777) sudo_easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)cmnd_umask); #ifdef HAVE_LOGIN_CAP_H if (def_use_loginclass) command_info[info_len++] = sudo_new_key_val("login_class", login_class); #endif /* HAVE_LOGIN_CAP_H */ #ifdef HAVE_SELINUX if (user_role != NULL) command_info[info_len++] = sudo_new_key_val("selinux_role", user_role); if (user_type != NULL) command_info[info_len++] = sudo_new_key_val("selinux_type", user_type); #endif /* HAVE_SELINUX */ #ifdef HAVE_PRIV_SET if (runas_privs != NULL) command_info[info_len++] = sudo_new_key_val("runas_privs", runas_privs); if (runas_limitprivs != NULL) command_info[info_len++] = sudo_new_key_val("runas_limitprivs", runas_limitprivs); #endif /* HAVE_SELINUX */ /* Fill in exec environment info */ *(exec_args->argv) = argv; *(exec_args->envp) = envp; *(exec_args->info) = command_info; rval = true; done: debug_return_bool(rval); }
/* * Deserialize args, settings and user_info arrays. * Fills in struct sudo_user and other common sudoers state. */ int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) { struct sudoers_policy_open_info *info = v; char * const *cur; const char *p, *errstr, *groups = NULL; const char *remhost = NULL; int flags = 0; debug_decl(sudoers_policy_deserialize_info, SUDOERS_DEBUG_PLUGIN) #define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) /* Parse sudo.conf plugin args. */ if (info->plugin_args != NULL) { for (cur = info->plugin_args; *cur != NULL; cur++) { if (MATCHES(*cur, "sudoers_file=")) { sudoers_file = *cur + sizeof("sudoers_file=") - 1; continue; } if (MATCHES(*cur, "sudoers_uid=")) { p = *cur + sizeof("sudoers_uid=") - 1; sudoers_uid = (uid_t) sudo_strtoid(p, NULL, NULL, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "sudoers_gid=")) { p = *cur + sizeof("sudoers_gid=") - 1; sudoers_gid = (gid_t) sudo_strtoid(p, NULL, NULL, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "sudoers_mode=")) { p = *cur + sizeof("sudoers_mode=") - 1; sudoers_mode = sudo_strtomode(p, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "ldap_conf=")) { path_ldap_conf = *cur + sizeof("ldap_conf=") - 1; continue; } if (MATCHES(*cur, "ldap_secret=")) { path_ldap_secret = *cur + sizeof("ldap_secret=") - 1; continue; } } } /* Parse command line settings. */ user_closefrom = -1; for (cur = info->settings; *cur != NULL; cur++) { if (MATCHES(*cur, "closefrom=")) { errno = 0; p = *cur + sizeof("closefrom=") - 1; user_closefrom = strtonum(p, 4, INT_MAX, &errstr); if (user_closefrom == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "runas_user="******"runas_user="******"runas_group=")) { *runas_group = *cur + sizeof("runas_group=") - 1; sudo_user.flags |= RUNAS_GROUP_SPECIFIED; continue; } if (MATCHES(*cur, "prompt=")) { user_prompt = *cur + sizeof("prompt=") - 1; def_passprompt_override = true; continue; } if (MATCHES(*cur, "set_home=")) { if (sudo_strtobool(*cur + sizeof("set_home=") - 1) == true) SET(flags, MODE_RESET_HOME); continue; } if (MATCHES(*cur, "preserve_environment=")) { if (sudo_strtobool(*cur + sizeof("preserve_environment=") - 1) == true) SET(flags, MODE_PRESERVE_ENV); continue; } if (MATCHES(*cur, "run_shell=")) { if (sudo_strtobool(*cur + sizeof("run_shell=") - 1) == true) SET(flags, MODE_SHELL); continue; } if (MATCHES(*cur, "login_shell=")) { if (sudo_strtobool(*cur + sizeof("login_shell=") - 1) == true) { SET(flags, MODE_LOGIN_SHELL); def_env_reset = true; } continue; } if (MATCHES(*cur, "implied_shell=")) { if (sudo_strtobool(*cur + sizeof("implied_shell=") - 1) == true) SET(flags, MODE_IMPLIED_SHELL); continue; } if (MATCHES(*cur, "preserve_groups=")) { if (sudo_strtobool(*cur + sizeof("preserve_groups=") - 1) == true) SET(flags, MODE_PRESERVE_GROUPS); continue; } if (MATCHES(*cur, "ignore_ticket=")) { if (sudo_strtobool(*cur + sizeof("ignore_ticket=") - 1) == true) SET(flags, MODE_IGNORE_TICKET); continue; } if (MATCHES(*cur, "noninteractive=")) { if (sudo_strtobool(*cur + sizeof("noninteractive=") - 1) == true) SET(flags, MODE_NONINTERACTIVE); continue; } if (MATCHES(*cur, "sudoedit=")) { if (sudo_strtobool(*cur + sizeof("sudoedit=") - 1) == true) SET(flags, MODE_EDIT); continue; } if (MATCHES(*cur, "login_class=")) { login_class = *cur + sizeof("login_class=") - 1; def_use_loginclass = true; continue; } #ifdef HAVE_PRIV_SET if (MATCHES(*cur, "runas_privs=")) { def_privs = *cur + sizeof("runas_privs=") - 1; continue; } if (MATCHES(*cur, "runas_limitprivs=")) { def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1; continue; } #endif /* HAVE_PRIV_SET */ #ifdef HAVE_SELINUX if (MATCHES(*cur, "selinux_role=")) { user_role = *cur + sizeof("selinux_role=") - 1; continue; } if (MATCHES(*cur, "selinux_type=")) { user_type = *cur + sizeof("selinux_type=") - 1; continue; } #endif /* HAVE_SELINUX */ #ifdef HAVE_BSD_AUTH_H if (MATCHES(*cur, "bsdauth_type=")) { login_style = *cur + sizeof("bsdauth_type=") - 1; continue; } #endif /* HAVE_BSD_AUTH_H */ if (MATCHES(*cur, "network_addrs=")) { interfaces_string = *cur + sizeof("network_addrs=") - 1; set_interfaces(interfaces_string); continue; } if (MATCHES(*cur, "max_groups=")) { errno = 0; p = *cur + sizeof("max_groups=") - 1; sudo_user.max_groups = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.max_groups == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "remote_host=")) { remhost = *cur + sizeof("remote_host=") - 1; continue; } } for (cur = info->user_info; *cur != NULL; cur++) { if (MATCHES(*cur, "user="******"user="******"uid=")) { p = *cur + sizeof("uid=") - 1; user_uid = (uid_t) sudo_strtoid(p, NULL, NULL, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "gid=")) { p = *cur + sizeof("gid=") - 1; user_gid = (gid_t) sudo_strtoid(p, NULL, NULL, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "groups=")) { groups = *cur + sizeof("groups=") - 1; continue; } if (MATCHES(*cur, "cwd=")) { user_cwd = sudo_estrdup(*cur + sizeof("cwd=") - 1); continue; } if (MATCHES(*cur, "tty=")) { user_tty = user_ttypath = sudo_estrdup(*cur + sizeof("tty=") - 1); if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) user_tty += sizeof(_PATH_DEV) - 1; continue; } if (MATCHES(*cur, "host=")) { user_host = user_shost = sudo_estrdup(*cur + sizeof("host=") - 1); if ((p = strchr(user_host, '.'))) user_shost = sudo_estrndup(user_host, (size_t)(p - user_host)); continue; } if (MATCHES(*cur, "lines=")) { errno = 0; p = *cur + sizeof("lines=") - 1; sudo_user.lines = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.lines == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "cols=")) { errno = 0; p = *cur + sizeof("cols=") - 1; sudo_user.cols = strtonum(p, 1, INT_MAX, &errstr); if (sudo_user.lines == 0) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } if (MATCHES(*cur, "sid=")) { p = *cur + sizeof("sid=") - 1; sudo_user.sid = (pid_t) sudo_strtoid(p, NULL, NULL, &errstr); if (errstr != NULL) { sudo_warnx(U_("%s: %s"), *cur, U_(errstr)); goto bad; } continue; } } user_runhost = user_srunhost = sudo_estrdup(remhost ? remhost : user_host); if ((p = strchr(user_runhost, '.'))) user_srunhost = sudo_estrndup(user_runhost, (size_t)(p - user_runhost)); if (user_cwd == NULL) user_cwd = sudo_estrdup("unknown"); if (user_tty == NULL) user_tty = sudo_estrdup("unknown"); /* user_ttypath remains NULL */ if (groups != NULL && groups[0] != '\0') { /* sudo_parse_gids() will print a warning on error. */ user_ngids = sudo_parse_gids(groups, &user_gid, &user_gids); if (user_ngids == -1) goto bad; } /* Stash initial umask for later use. */ user_umask = umask(SUDO_UMASK); umask(user_umask); /* Dump settings and user info (XXX - plugin args) */ for (cur = info->settings; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); for (cur = info->user_info; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur); #undef MATCHES debug_return_int(flags); bad: debug_return_int(MODE_ERROR); }
/* * Expand %h and %u escapes (if present) in the prompt and pass back * the dynamically allocated result. */ char * expand_prompt(const char *old_prompt, const char *auth_user) { size_t len, n; int subst; const char *p; char *np, *new_prompt, *endp; debug_decl(expand_prompt, SUDOERS_DEBUG_AUTH) /* How much space do we need to malloc for the prompt? */ subst = 0; for (p = old_prompt, len = strlen(old_prompt); *p; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; len += strlen(user_shost) - 2; subst = 1; break; case 'H': p++; len += strlen(user_host) - 2; subst = 1; break; case 'p': p++; len += strlen(auth_user) - 2; subst = 1; break; case 'u': p++; len += strlen(user_name) - 2; subst = 1; break; case 'U': p++; len += strlen(runas_pw->pw_name) - 2; subst = 1; break; case '%': p++; len--; subst = 1; break; default: break; } } } if ((new_prompt = malloc(++len)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_str(NULL); } if (subst) { endp = new_prompt + len; for (p = old_prompt, np = new_prompt; *p; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; n = strlcpy(np, user_shost, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'H': p++; n = strlcpy(np, user_host, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'p': p++; n = strlcpy(np, auth_user, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'u': p++; n = strlcpy(np, user_name, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case 'U': p++; n = strlcpy(np, runas_pw->pw_name, np - endp); if (n >= (size_t)(np - endp)) goto oflow; np += n; continue; case '%': /* convert %% -> % */ p++; break; default: /* no conversion */ break; } } *np++ = *p; if (np >= endp) goto oflow; } *np = '\0'; } else { /* Nothing to expand. */ memcpy(new_prompt, old_prompt, len); /* len includes NUL */ } debug_return_str(new_prompt); oflow: /* We pre-allocate enough space, so this should never happen. */ free(new_prompt); sudo_warnx(U_("internal error, %s overflow"), __func__); debug_return_str(NULL); }
int sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { char challenge[256]; size_t challenge_len; static char *orig_prompt = NULL, *new_prompt = NULL; static size_t op_len, np_size; static struct RFC1938 rfc1938; debug_decl(sudo_rfc1938_setup, SUDOERS_DEBUG_AUTH) /* Stash a pointer to the rfc1938 struct if we have not initialized */ if (!auth->data) auth->data = &rfc1938; /* Save the original prompt */ if (orig_prompt == NULL) { orig_prompt = *promptp; op_len = strlen(orig_prompt); /* Ignore trailing colon (we will add our own) */ if (orig_prompt[op_len - 1] == ':') op_len--; else if (op_len >= 2 && orig_prompt[op_len - 1] == ' ' && orig_prompt[op_len - 2] == ':') op_len -= 2; } #ifdef HAVE_SKEY /* Close old stream */ if (rfc1938.keyfile) (void) fclose(rfc1938.keyfile); #endif /* * Look up the user and get the rfc1938 challenge. * If the user is not in the OTP db, only post a fatal error if * we are running alone (since they may just use a normal passwd). */ if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (IS_ONEANDONLY(auth)) { sudo_warnx(U_("you do not exist in the %s database"), auth->name); debug_return_int(AUTH_FATAL); } else { debug_return_int(AUTH_FAILURE); } } /* Get space for new prompt with embedded challenge */ challenge_len = strlen(challenge); if (np_size < op_len + challenge_len + 7) { char *p = realloc(new_prompt, op_len + challenge_len + 7); if (p == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return_int(AUTH_FATAL); } np_size = op_len + challenge_len + 7; new_prompt = p; } if (def_long_otp_prompt) (void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt); else (void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", (int)op_len, orig_prompt, challenge); *promptp = new_prompt; debug_return_int(AUTH_SUCCESS); }
void set_project(struct passwd *pw) { struct project proj; char buf[PROJECT_BUFSZ]; int errval; debug_decl(set_project, SUDO_DEBUG_UTIL) /* * Collect the default project for the user and settaskid */ setprojent(); if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) { errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL); switch(errval) { case 0: break; case SETPROJ_ERR_TASK: switch (errno) { case EAGAIN: sudo_warnx(U_("resource control limit has been reached")); break; case ESRCH: sudo_warnx(U_("user \"%s\" is not a member of project \"%s\""), pw->pw_name, proj.pj_name); break; case EACCES: sudo_warnx(U_("the invoking task is final")); break; default: sudo_warnx(U_("could not join project \"%s\""), proj.pj_name); } case SETPROJ_ERR_POOL: switch (errno) { case EACCES: sudo_warnx(U_("no resource pool accepting default bindings " "exists for project \"%s\""), proj.pj_name); break; case ESRCH: sudo_warnx(U_("specified resource pool does not exist for " "project \"%s\""), proj.pj_name); break; default: sudo_warnx(U_("could not bind to default resource pool for " "project \"%s\""), proj.pj_name); } break; default: if (errval <= 0) { sudo_warnx(U_("setproject failed for project \"%s\""), proj.pj_name); } else { sudo_warnx(U_("warning, resource control assignment failed for " "project \"%s\""), proj.pj_name); } } } else { sudo_warn("getdefaultproj"); } endprojent(); debug_return; }
/* * Returns a new security context based on the old context and the * specified role and type. */ security_context_t get_exec_context(security_context_t old_context, const char *role, const char *type) { security_context_t new_context = NULL; context_t context = NULL; char *typebuf = NULL; debug_decl(get_exec_context, SUDO_DEBUG_SELINUX) /* We must have a role, the type is optional (we can use the default). */ if (!role) { sudo_warnx(U_("you must specify a role for type %s"), type); errno = EINVAL; goto bad; } if (!type) { if (get_default_type(role, &typebuf)) { sudo_warnx(U_("unable to get default type for role %s"), role); errno = EINVAL; goto bad; } type = typebuf; } /* * Expand old_context into a context_t so that we extract and modify * its components easily. */ context = context_new(old_context); /* * Replace the role and type in "context" with the role and * type we will be running the command as. */ if (context_role_set(context, role)) { sudo_warn(U_("failed to set new role %s"), role); goto bad; } if (context_type_set(context, type)) { sudo_warn(U_("failed to set new type %s"), type); goto bad; } /* * Convert "context" back into a string and verify it. */ if ((new_context = strdup(context_str(context))) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } if (security_check_context(new_context) < 0) { sudo_warnx(U_("%s is not a valid context"), new_context); errno = EINVAL; goto bad; } #ifdef DEBUG sudo_warnx("Your new context is %s", new_context); #endif context_free(context); debug_return_ptr(new_context); bad: free(typebuf); context_free(context); freecon(new_context); debug_return_ptr(NULL); }
/* * securid_verify - Authenticates user and handles ACE responses * * Arguments in: * pw - struct passwd for username * pass - UNUSED * auth - sudo authentication structure for SecurID handle * * Results out: * return code - Success on successful authentication, failure on * incorrect authentication, fatal on errors */ int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int ret; debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH) pass = auth_getpass("Enter your PASSCODE: ", SUDO_CONV_PROMPT_ECHO_OFF, callback); /* Have ACE verify password */ switch (SD_Check(*sd, pass, pw->pw_name)) { case ACM_OK: ret = AUTH_SUCESS; break; case ACE_UNDEFINED_PASSCODE: sudo_warnx(U_("invalid passcode length for SecurID")); ret = AUTH_FATAL; break; case ACE_UNDEFINED_USERNAME: sudo_warnx(U_("invalid username length for SecurID")); ret = AUTH_FATAL; break; case ACE_ERR_INVALID_HANDLE: sudo_warnx(U_("invalid Authentication Handle for SecurID")); ret = AUTH_FATAL; break; case ACM_ACCESS_DENIED: ret = AUTH_FAILURE; break; case ACM_NEXT_CODE_REQUIRED: /* Sometimes (when current token close to expire?) ACE challenges for the next token displayed (entered without the PIN) */ if (pass != NULL) { memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass)); free(pass); } pass = auth_getpass("\ !!! ATTENTION !!!\n\ Wait for the token code to change, \n\ then enter the new token code.\n", \ SUDO_CONV_PROMPT_ECHO_OFF, callback); if (SD_Next(*sd, pass) == ACM_OK) { ret = AUTH_SUCCESS; break; } ret = AUTH_FAILURE; break; case ACM_NEW_PIN_REQUIRED: /* * This user's SecurID has not been activated yet, * or the pin has been reset */ /* XXX - Is setting up a new PIN within sudo's scope? */ SD_Pin(*sd, ""); sudo_printf(SUDO_CONV_ERROR_MSG, "Your SecurID access has not yet been set up.\n"); sudo_printf(SUDO_CONV_ERROR_MSG, "Please set up a PIN before you try to authenticate.\n"); ret = AUTH_FATAL; break; default: sudo_warnx(U_("unknown SecurID error")); ret = AUTH_FATAL; break; } /* Free resources */ SD_Close(*sd); if (pass != NULL) { memset_s(pass, SUDO_PASS_MAX, 0, strlen(pass)); free(pass); } /* Return stored state to calling process */ debug_return_int(ret); }