diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:38 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:37:38 +0000 |
commit | ae581a19fbe896a797450b9d9573fb66f2735227 (patch) | |
tree | 56c40be8518a29c9351364d13a9676aa83932dc0 /plugins/sample | |
parent | Initial commit. (diff) | |
download | sudo-upstream.tar.xz sudo-upstream.zip |
Adding upstream version 1.9.13p3.upstream/1.9.13p3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | plugins/sample/Makefile.in | 220 | ||||
-rw-r--r-- | plugins/sample/README | 22 | ||||
-rw-r--r-- | plugins/sample/sample_plugin.c | 516 | ||||
-rw-r--r-- | plugins/sample/sample_plugin.exp | 2 | ||||
-rw-r--r-- | plugins/sample_approval/Makefile.in | 231 | ||||
-rw-r--r-- | plugins/sample_approval/sample_approval.c | 169 | ||||
-rw-r--r-- | plugins/sample_approval/sample_approval.exp | 1 |
7 files changed, 1161 insertions, 0 deletions
diff --git a/plugins/sample/Makefile.in b/plugins/sample/Makefile.in new file mode 100644 index 0000000..e0a814c --- /dev/null +++ b/plugins/sample/Makefile.in @@ -0,0 +1,220 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2011-2022 Todd C. Miller <Todd.Miller@sudo.ws> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +top_srcdir = @top_srcdir@ +abs_top_srcdir = @abs_top_srcdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +devdir = @devdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ +AWK = @AWK@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(scriptdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LIBS = $(top_builddir)/lib/util/libsudo_util.la + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ +LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +HARDENING_CFLAGS = @HARDENING_CFLAGS@ +HARDENING_LDFLAGS = @HARDENING_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --enable=warning,performance,portability --suppress=constStatement --suppress=compareBoolExpressionWithInt --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +plugindir = @plugindir@ + +# File mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ +shlib_mode = @SHLIB_MODE@ +shlib_exp = $(srcdir)/sample_plugin.exp +shlib_map = sample_plugin.map +shlib_opt = sample_plugin.opt + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +OBJS = sample_plugin.lo + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +all: sample_plugin.la + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(abs_top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/sample/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +sample_plugin.la: $(OBJS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(HARDENING_LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so + +pre-install: + +install: install-plugin + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: install-dirs sample_plugin.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sample_plugin.la $(DESTDIR)$(plugindir); \ + fi + +install-fuzzer: + +uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sample_plugin.la + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(plugindir)/sample_plugin.so$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +fuzz: + +check-fuzzer: + +check: check-fuzzer + +check-verbose: check + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean + +# Autogenerated dependencies, do not modify +sample_plugin.lo: $(srcdir)/sample_plugin.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sample_plugin.c +sample_plugin.i: $(srcdir)/sample_plugin.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sample_plugin.plog: sample_plugin.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sample_plugin.c --i-file $< --output-file $@ diff --git a/plugins/sample/README b/plugins/sample/README new file mode 100644 index 0000000..dbd92cd --- /dev/null +++ b/plugins/sample/README @@ -0,0 +1,22 @@ +This is a sample sudo policy plugin. See the sudo_plugin manual for +information on writing your own plugin. + +The sample policy plugin is not installed by default. It can be installed +by running "make install" as the superuser from the plugins/sample +directory. + +To actually use the sample plugin, you'll need to modify the +/etc/sudo.conf file. Caution: you should not make changes to +/etc/sudo.conf without also having a root shell open repair things +in case of an error. To enable the plugin, first comment out any +existing policy Plugin line in /etc/sudo.conf, for example: + + Plugin sudoers_policy sudoers.so + +Then add a line for the sample plugin: + + Plugin sample_policy sample_plugin.so + +You may need to create /etc/sudo.conf if it does not already exist. + +Note that you may only have a single policy plugin defined. diff --git a/plugins/sample/sample_plugin.c b/plugins/sample/sample_plugin.c new file mode 100644 index 0000000..a494c11 --- /dev/null +++ b/plugins/sample/sample_plugin.c @@ -0,0 +1,516 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2010-2016, 2022 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include <config.h> + +#include <sys/stat.h> +#include <sys/wait.h> + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include <string.h> +#ifdef HAVE_STRINGS_H +# include <strings.h> +#endif /* HAVE_STRINGS_H */ +#include <unistd.h> +#include <ctype.h> +#include <fcntl.h> +#include <limits.h> +#include <grp.h> +#include <pwd.h> + +#include "pathnames.h" +#include "sudo_compat.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +/* + * Sample plugin module that allows any user who knows the password + * ("test") to run any command as root. Since there is no credential + * caching the validate and invalidate functions are NULL. + */ + +static struct plugin_state { + char **envp; + char * const *settings; + char * const *user_info; +} plugin_state; +static sudo_conv_t sudo_conv; +static sudo_printf_t sudo_log; +static FILE *input, *output; +static uid_t runas_uid = ROOT_UID; +static gid_t runas_gid = -1; +static int use_sudoedit = false; + +/* + * Plugin policy open function. + */ +static int +policy_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_plugin_printf, char * const settings[], + char * const user_info[], char * const user_env[], char * const args[], + const char **errstr) +{ + char * const *ui; + struct passwd *pw; + const char *runas_user = NULL; + struct group *gr; + const char *runas_group = NULL; + + if (!sudo_conv) + sudo_conv = conversation; + if (!sudo_log) + sudo_log = sudo_plugin_printf; + + if (SUDO_API_VERSION_GET_MAJOR(version) != SUDO_API_VERSION_MAJOR) { + sudo_log(SUDO_CONV_ERROR_MSG, + "the sample plugin requires API version %d.x\n", + SUDO_API_VERSION_MAJOR); + return -1; + } + + /* Only allow commands to be run as root. */ + for (ui = settings; *ui != NULL; ui++) { + if (strncmp(*ui, "runas_user=", sizeof("runas_user=") - 1) == 0) { + runas_user = *ui + sizeof("runas_user=") - 1; + } + if (strncmp(*ui, "runas_group=", sizeof("runas_group=") - 1) == 0) { + runas_group = *ui + sizeof("runas_group=") - 1; + } + if (strncmp(*ui, "progname=", sizeof("progname=") - 1) == 0) { + initprogname(*ui + sizeof("progname=") - 1); + } + /* Check to see if sudo was called as sudoedit or with -e flag. */ + if (strncmp(*ui, "sudoedit=", sizeof("sudoedit=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("sudoedit=") - 1, "true") == 0) + use_sudoedit = true; + } + /* This plugin doesn't support running sudo with no arguments. */ + if (strncmp(*ui, "implied_shell=", sizeof("implied_shell=") - 1) == 0) { + if (strcasecmp(*ui + sizeof("implied_shell=") - 1, "true") == 0) + return -2; /* usage error */ + } + } + if (runas_user != NULL) { + if ((pw = getpwnam(runas_user)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown user %s\n", runas_user); + return 0; + } + runas_uid = pw->pw_uid; + } + if (runas_group != NULL) { + if ((gr = getgrnam(runas_group)) == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unknown group %s\n", runas_group); + return 0; + } + runas_gid = gr->gr_gid; + } + + /* Plugin state. */ + plugin_state.envp = (char **)user_env; + plugin_state.settings = settings; + plugin_state.user_info = user_info; + + return 1; +} + +static char * +find_in_path(char *command, char **envp) +{ + struct stat sb; + char *path = NULL; + char *path0, **ep, *cp; + char pathbuf[PATH_MAX], *qualified = NULL; + + if (strchr(command, '/') != NULL) + return command; + + for (ep = plugin_state.envp; *ep != NULL; ep++) { + if (strncmp(*ep, "PATH=", 5) == 0) { + path = *ep + 5; + break; + } + } + path = path0 = strdup(path ? path : _PATH_DEFPATH); + do { + if ((cp = strchr(path, ':'))) + *cp = '\0'; + snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".", + command); + if (stat(pathbuf, &sb) == 0) { + if (S_ISREG(sb.st_mode) && (sb.st_mode & 0000111)) { + qualified = pathbuf; + break; + } + } + path = cp + 1; + } while (cp != NULL); + free(path0); + return qualified ? strdup(qualified) : NULL; +} + +static int +check_passwd(void) +{ + struct sudo_conv_message msg; + struct sudo_conv_reply repl; + + /* Prompt user for password via conversation function. */ + memset(&msg, 0, sizeof(msg)); + msg.msg_type = SUDO_CONV_PROMPT_ECHO_OFF; + msg.msg = "Password: "; + memset(&repl, 0, sizeof(repl)); + sudo_conv(1, &msg, &repl, NULL); + if (repl.reply == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "missing password\n"); + return false; + } + if (strcmp(repl.reply, "test") != 0) { + sudo_log(SUDO_CONV_ERROR_MSG, "incorrect password\n"); + return false; + } + return true; +} + +static char ** +build_command_info(const char *command) +{ + char **command_info; + int i = 0; + + /* Setup command info. */ + command_info = calloc(32, sizeof(char *)); + if (command_info == NULL) + goto oom; + if ((command_info[i] = sudo_new_key_val("command", command)) == NULL) + goto oom; + i++; + if (asprintf(&command_info[i], "runas_euid=%ld", (long)runas_uid) == -1) + goto oom; + i++; + if (asprintf(&command_info[i++], "runas_uid=%ld", (long)runas_uid) == -1) + goto oom; + i++; + if (runas_gid != (gid_t)-1) { + if (asprintf(&command_info[i++], "runas_gid=%ld", (long)runas_gid) == -1) + goto oom; + i++; + if (asprintf(&command_info[i++], "runas_egid=%ld", (long)runas_gid) == -1) + goto oom; + i++; + } +#ifdef USE_TIMEOUT + if ((command_info[i] = strdup("timeout=30")) == NULL) + goto oom; + i++; +#endif + if (use_sudoedit) { + if ((command_info[i] = strdup("sudoedit=true")) == NULL) + goto oom; + } + return command_info; +oom: + while (i > 0) { + free(command_info[i--]); + } + free(command_info); + return NULL; +} + +static char * +find_editor(int nfiles, char * const files[], char **argv_out[]) +{ + char *cp, *last, **ep, **nargv, *editor_path; + char *editor = NULL; + int ac, i, nargc, wasblank; + + /* Lookup EDITOR in user's environment. */ + for (ep = plugin_state.envp; *ep != NULL; ep++) { + if (strncmp(*ep, "EDITOR=", 7) == 0) { + editor = *ep + 7; + break; + } + } + editor = strdup(editor ? editor : _PATH_VI); + if (editor == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + return NULL; + } + + /* + * Split editor into an argument vector; editor is reused (do not free). + * The EDITOR environment variables may contain command + * line args so look for those and alloc space for them too. + */ + nargc = 1; + for (wasblank = 0, cp = editor; *cp != '\0'; cp++) { + if (isblank((unsigned char) *cp)) + wasblank = 1; + else if (wasblank) { + wasblank = 0; + nargc++; + } + } + /* If we can't find the editor in the user's PATH, give up. */ + cp = strtok_r(editor, " \t", &last); + if (cp == NULL || + (editor_path = find_in_path(editor, plugin_state.envp)) == NULL) { + free(editor); + return NULL; + } + if (editor_path != editor) + free(editor); + nargv = malloc((nargc + 1 + nfiles + 1) * sizeof(char *)); + if (nargv == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unable to allocate memory\n"); + free(editor_path); + return NULL; + } + for (ac = 0; cp != NULL && ac < nargc; ac++) { + nargv[ac] = cp; + cp = strtok_r(NULL, " \t", &last); + } + nargv[ac++] = (char *)"--"; + for (i = 0; i < nfiles; ) + nargv[ac++] = files[i++]; + nargv[ac] = NULL; + + *argv_out = nargv; + return editor_path; +} + +/* + * Plugin policy check function. + * Simple example that prompts for a password, hard-coded to "test". + */ +static int +policy_check(int argc, char * const argv[], + char *env_add[], char **command_info_out[], + char **argv_out[], char **user_env_out[], const char **errstr) +{ + char *command; + + if (!argc || argv[0] == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "no command specified\n"); + return false; + } + + if (!check_passwd()) + return false; + + command = find_in_path(argv[0], plugin_state.envp); + if (command == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "%s: command not found\n", argv[0]); + return false; + } + + /* If "sudo vi" is run, auto-convert to sudoedit. */ + if (strcmp(command, _PATH_VI) == 0) + use_sudoedit = true; + + if (use_sudoedit) { + /* Rebuild argv using editor */ + free(command); + command = find_editor(argc - 1, argv + 1, argv_out); + if (command == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "unable to find valid editor\n"); + return -1; + } + use_sudoedit = true; + } else { + /* No changes needd to argv */ + *argv_out = (char **)argv; + } + + /* No changes to envp */ + *user_env_out = plugin_state.envp; + + /* Setup command info. */ + *command_info_out = build_command_info(command); + free(command); + if (*command_info_out == NULL) { + sudo_log(SUDO_CONV_ERROR_MSG, "out of memory\n"); + return -1; + } + + return true; +} + +static int +policy_list(int argc, char * const argv[], int verbose, const char *list_user, + const char **errstr) +{ + /* + * List user's capabilities. + */ + sudo_log(SUDO_CONV_INFO_MSG, "Validated users may run any command\n"); + return true; +} + +static int +policy_version(int verbose) +{ + sudo_log(SUDO_CONV_INFO_MSG, "Sample policy plugin version %s\n", + PACKAGE_VERSION); + return true; +} + +static void +policy_close(int exit_status, int error) +{ + /* + * The policy might log the command exit status here. + * In this example, we just print a message. + */ + if (error) { + sudo_log(SUDO_CONV_ERROR_MSG, "Command error: %s\n", strerror(error)); + } else { + if (WIFEXITED(exit_status)) { + sudo_log(SUDO_CONV_INFO_MSG, "Command exited with status %d\n", + WEXITSTATUS(exit_status)); + } else if (WIFSIGNALED(exit_status)) { + sudo_log(SUDO_CONV_INFO_MSG, "Command killed by signal %d\n", + WTERMSIG(exit_status)); + } + } +} + +static int +io_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t sudo_plugin_printf, char * const settings[], + char * const user_info[], char * const command_info[], + int argc, char * const argv[], char * const user_env[], char * const args[], + const char **errstr) +{ + int fd; + char path[PATH_MAX]; + + if (!sudo_conv) + sudo_conv = conversation; + if (!sudo_log) + sudo_log = sudo_plugin_printf; + + /* Open input and output files. */ + snprintf(path, sizeof(path), "/var/tmp/sample-%u.output", + (unsigned int)getpid()); + fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); + if (fd == -1) + return false; + output = fdopen(fd, "w"); + + snprintf(path, sizeof(path), "/var/tmp/sample-%u.input", + (unsigned int)getpid()); + fd = open(path, O_WRONLY|O_CREAT|O_EXCL, 0644); + if (fd == -1) + return false; + input = fdopen(fd, "w"); + + return true; +} + +static void +io_close(int exit_status, int error) +{ + fclose(input); + fclose(output); +} + +static int +io_version(int verbose) +{ + sudo_log(SUDO_CONV_INFO_MSG, "Sample I/O plugin version %s\n", + PACKAGE_VERSION); + return true; +} + +static int +io_log_input(const char *buf, unsigned int len, const char **errstr) +{ + ignore_result(fwrite(buf, len, 1, input)); + return true; +} + +static int +io_log_output(const char *buf, unsigned int len, const char **errstr) +{ + const char *cp, *ep; + bool ret = true; + + ignore_result(fwrite(buf, len, 1, output)); + /* + * If we find the string "honk!" in the buffer, reject it. + * In practice we'd want to be able to detect the word + * broken across two buffers. + */ + for (cp = buf, ep = buf + len; cp < ep; cp++) { + if (cp + 5 < ep && memcmp(cp, "honk!", 5) == 0) { + ret = false; + break; + } + } + return ret; +} + +sudo_dso_public struct policy_plugin sample_policy = { + SUDO_POLICY_PLUGIN, + SUDO_API_VERSION, + policy_open, + policy_close, + policy_version, + policy_check, + policy_list, + NULL, /* validate */ + NULL, /* invalidate */ + NULL, /* init_session */ + NULL, /* register_hooks */ + NULL, /* deregister_hooks */ + NULL /* event_alloc() filled in by sudo */ +}; + +/* + * Note: This plugin does not differentiate between tty and pipe I/O. + * It all gets logged to the same file. + */ +sudo_dso_public struct io_plugin sample_io = { + SUDO_IO_PLUGIN, + SUDO_API_VERSION, + io_open, + io_close, + io_version, + io_log_input, /* tty input */ + io_log_output, /* tty output */ + io_log_input, /* command stdin if not tty */ + io_log_output, /* command stdout if not tty */ + io_log_output, /* command stderr if not tty */ + NULL, /* register_hooks */ + NULL, /* deregister_hooks */ + NULL, /* change_winsize */ + NULL, /* log_suspend */ + NULL /* event_alloc() filled in by sudo */ +}; diff --git a/plugins/sample/sample_plugin.exp b/plugins/sample/sample_plugin.exp new file mode 100644 index 0000000..9f85094 --- /dev/null +++ b/plugins/sample/sample_plugin.exp @@ -0,0 +1,2 @@ +sample_policy +sample_io diff --git a/plugins/sample_approval/Makefile.in b/plugins/sample_approval/Makefile.in new file mode 100644 index 0000000..fb3b435 --- /dev/null +++ b/plugins/sample_approval/Makefile.in @@ -0,0 +1,231 @@ +# +# SPDX-License-Identifier: ISC +# +# Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# @configure_input@ +# + +#### Start of system configuration section. #### + +srcdir = @srcdir@ +devdir = @devdir@ +top_builddir = @top_builddir@ +abs_top_builddir = @abs_top_builddir@ +top_srcdir = @top_srcdir@ +scriptdir = $(top_srcdir)/scripts +incdir = $(top_srcdir)/include +cross_compiling = @CROSS_COMPILING@ + +# Compiler & tools to use +CC = @CC@ +LIBTOOL = @LIBTOOL@ +SED = @SED@ +AWK = @AWK@ + +# Our install program supports extra flags... +INSTALL = $(SHELL) $(scriptdir)/install-sh -c +INSTALL_OWNER = -o $(install_uid) -g $(install_gid) +INSTALL_BACKUP = @INSTALL_BACKUP@ + +# Libraries +LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la +LIBS = $(LT_LIBS) + +# C preprocessor flags +CPPFLAGS = -I$(incdir) -I$(top_builddir) @CPPFLAGS@ + +# Usually -O and/or -g +CFLAGS = @CFLAGS@ + +# Flags to pass to the link stage +LDFLAGS = @LDFLAGS@ +LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDEXPORTS@ + +# Flags to pass to libtool +LTFLAGS = --tag=disable-static + +# Address sanitizer flags +ASAN_CFLAGS = @ASAN_CFLAGS@ +ASAN_LDFLAGS = @ASAN_LDFLAGS@ + +# PIE flags +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ + +# Stack smashing protection flags +HARDENING_CFLAGS = @HARDENING_CFLAGS@ +HARDENING_LDFLAGS = @HARDENING_LDFLAGS@ + +# cppcheck options, usually set in the top-level Makefile +CPPCHECK_OPTS = -q --enable=warning,performance,portability --suppress=constStatement --suppress=compareBoolExpressionWithInt --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64 + +# splint options, usually set in the top-level Makefile +SPLINT_OPTS = -D__restrict= -checks + +# PVS-studio options +PVS_CFG = $(top_srcdir)/PVS-Studio.cfg +PVS_IGNORE = 'V707,V011,V002,V536' +PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE) + +# Where to install things... +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +sbindir = @sbindir@ +sysconfdir = @sysconfdir@ +libexecdir = @libexecdir@ +datarootdir = @datarootdir@ +localstatedir = @localstatedir@ +plugindir = @plugindir@ + +# File mode and map file to use for shared libraries/objects +shlib_enable = @SHLIB_ENABLE@ +shlib_mode = @SHLIB_MODE@ +shlib_exp = $(srcdir)/sample_approval.exp +shlib_map = sample_approval.map +shlib_opt = sample_approval.opt + +# User and group ids the installed files should be "owned" by +install_uid = 0 +install_gid = 0 + +#### End of system configuration section. #### + +SHELL = @SHELL@ + +OBJS = sample_approval.lo + +IOBJS = $(OBJS:.lo=.i) + +POBJS = $(IOBJS:.i=.plog) + +LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/ + +VERSION = @PACKAGE_VERSION@ + +all: sample_approval.la + +depend: + $(scriptdir)/mkdep.pl --srcdir=$(top_srcdir) \ + --builddir=$(abs_top_builddir) plugins/sample_approval/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample_approval/Makefile + +Makefile: $(srcdir)/Makefile.in + cd $(top_builddir) && ./config.status --file plugins/sample_approval/Makefile + +.SUFFIXES: .c .h .i .lo .plog + +.c.lo: + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $< + +.c.i: + $(CC) -E -o $@ $(CPPFLAGS) $< + +.i.plog: + ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@ + +$(shlib_map): $(shlib_exp) + @$(AWK) 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@ + +$(shlib_opt): $(shlib_exp) + @$(SED) 's/^/+e /' $(shlib_exp) > $@ + +sample_approval.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(ASAN_LDFLAGS) $(HARDENING_LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir) -shrext .so + +pre-install: + +install: install-plugin + +install-dirs: + $(SHELL) $(scriptdir)/mkinstalldirs $(DESTDIR)$(plugindir) + +install-binaries: + +install-includes: + +install-doc: + +install-plugin: install-dirs sample_approval.la + if [ X"$(shlib_enable)" = X"yes" ]; then \ + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m $(shlib_mode) sample_approval.la $(DESTDIR)$(plugindir); \ + fi + +install-fuzzer: + +uninstall: + -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sample_approval.la + -test -z "$(INSTALL_BACKUP)" || \ + rm -f $(DESTDIR)$(plugindir)/sample_approval.so$(INSTALL_BACKUP) + +splint: + splint $(SPLINT_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +cppcheck: + cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) $(srcdir)/*.c + +pvs-log-files: $(POBJS) + +pvs-studio: $(POBJS) + plog-converter $(PVS_LOG_OPTS) $(POBJS) + +fuzz: + +check-fuzzer: + +check: check-fuzzer + +check-verbose: check + +clean: + -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la *.a + -rm -f *.i *.plog stamp-* core *.core core.* + +mostlyclean: clean + +distclean: clean + -rm -rf Makefile .libs $(shlib_map) $(shlib_opt) + +clobber: distclean + +realclean: distclean + rm -f TAGS tags + +cleandir: realclean + +.PHONY: clean mostlyclean distclean cleandir clobber realclean + +# Autogenerated dependencies, do not modify +getgrent.lo: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/getgrent.c +getgrent.i: $(srcdir)/getgrent.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +getgrent.plog: getgrent.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getgrent.c --i-file $< --output-file $@ +sample_approval.lo: $(srcdir)/sample_approval.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sample_approval.c +sample_approval.i: $(srcdir)/sample_approval.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_plugin.h \ + $(top_builddir)/config.h + $(CC) -E -o $@ $(CPPFLAGS) $< +sample_approval.plog: sample_approval.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sample_approval.c --i-file $< --output-file $@ diff --git a/plugins/sample_approval/sample_approval.c b/plugins/sample_approval/sample_approval.c new file mode 100644 index 0000000..505f32c --- /dev/null +++ b/plugins/sample_approval/sample_approval.c @@ -0,0 +1,169 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include <string.h> +#include <unistd.h> +#include <time.h> + +#include "sudo_compat.h" +#include "sudo_conf.h" +#include "sudo_debug.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_plugin.h" +#include "sudo_util.h" + +static int approval_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; +sudo_printf_t sudo_printf; + +static int +sample_approval_open(unsigned int version, sudo_conv_t conversation, + sudo_printf_t plugin_printf, char * const settings[], + char * const user_info[], int submit_optind, char * const submit_argv[], + char * const submit_envp[], char * const plugin_options[], + const char **errstr) +{ + struct sudo_conf_debug_file_list debug_files = + TAILQ_HEAD_INITIALIZER(debug_files); + struct sudo_debug_file *debug_file; + const char *cp, *plugin_path = NULL; + char * const *cur; + int ret = -1; + debug_decl_vars(sample_approval_open, SUDO_DEBUG_PLUGIN); + + sudo_printf = plugin_printf; + + /* Initialize the debug subsystem. */ + for (cur = settings; (cp = *cur) != NULL; cur++) { + if (strncmp(cp, "debug_flags=", sizeof("debug_flags=") - 1) == 0) { + cp += sizeof("debug_flags=") - 1; + if (sudo_debug_parse_flags(&debug_files, cp) == -1) + goto oom; + continue; + } + if (strncmp(cp, "plugin_path=", sizeof("plugin_path=") - 1) == 0) { + plugin_path = cp + sizeof("plugin_path=") - 1; + continue; + } + } + if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { + approval_debug_instance = + sudo_debug_register(plugin_path, NULL, NULL, &debug_files, -1); + if (approval_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { + *errstr = U_("unable to initialize debugging"); + goto done; + } + sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); + } + + ret = 1; + goto done; + +oom: + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + *errstr = U_("unable to allocate memory"); + +done: + while ((debug_file = TAILQ_FIRST(&debug_files)) != NULL) { + TAILQ_REMOVE(&debug_files, debug_file, entries); + free(debug_file->debug_file); + free(debug_file->debug_flags); + free(debug_file); + } + + debug_return_int(ret); +} + +static void +sample_approval_close(void) +{ + debug_decl(sample_approval_close, SUDO_DEBUG_PLUGIN); + + /* Nothing here, we could store a NULL pointer instead. */ + + debug_return; +} + +static int +sample_approval_check(char * const command_info[], char * const run_argv[], + char * const run_envp[], const char **errstr) +{ + struct tm tm; + time_t now; + int ret = 0; + debug_decl(sample_approval_check, SUDO_DEBUG_PLUGIN); + + /* + * Only approve requests that are within business hours, + * which are 9am - 5pm local time. Does not check holidays. + */ + if (time(&now) == -1 || localtime_r(&now, &tm) == NULL) + goto done; + if (tm.tm_wday < 1 || tm.tm_wday > 5) { + /* bad weekday */ + goto done; + } + if (tm.tm_hour < 9 || tm.tm_hour > 17 || + (tm.tm_hour == 17 && tm.tm_min > 0)) { + /* bad hour */ + goto done; + } + ret = 1; + +done: + if (ret == 0) { + *errstr = U_("You are not allowed to use sudo outside business hours"); + sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", *errstr); + } + + debug_return_int(ret); +} + +static int +sample_approval_show_version(int verbose) +{ + debug_decl(approval_show_version, SUDO_DEBUG_PLUGIN); + + sudo_printf(SUDO_CONV_INFO_MSG, "sample approval plugin version %s\n", + PACKAGE_VERSION); + + debug_return_int(true); +} + +sudo_dso_public struct approval_plugin sample_approval = { + SUDO_APPROVAL_PLUGIN, + SUDO_API_VERSION, + sample_approval_open, + sample_approval_close, + sample_approval_check, + sample_approval_show_version +}; diff --git a/plugins/sample_approval/sample_approval.exp b/plugins/sample_approval/sample_approval.exp new file mode 100644 index 0000000..ea9cd65 --- /dev/null +++ b/plugins/sample_approval/sample_approval.exp @@ -0,0 +1 @@ +sample_approval |