diff options
Diffstat (limited to 'plugins/sudoers/regress/fuzz')
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_policy.c | 877 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_policy.dict | 56 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_stubs.c | 87 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 419 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers.dict | 221 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok | 577 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c | 152 | ||||
| -rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict | 14 |
8 files changed, 2403 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c new file mode 100644 index 0000000..da53750 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -0,0 +1,877 @@ +/* + * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#if defined(HAVE_STDINT_H) +# include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +# include <inttypes.h> +#endif +#include <errno.h> +#include <fcntl.h> +#include <netdb.h> +#include <unistd.h> +#include <string.h> +#ifndef HAVE_GETADDRINFO +# include "compat/getaddrinfo.h" +#endif + +#include "sudoers.h" +#include "sudo_iolog.h" +#include "interfaces.h" +#include "check.h" + +extern char **environ; +extern sudo_dso_public struct policy_plugin sudoers_policy; + +const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR; +char *audit_msg; + +static int pass; + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/sudoers.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +/* + * Array that gets resized as needed. + */ +struct dynamic_array { + char **entries; + size_t len; + size_t size; +}; + +static void +free_strvec(char **vec) +{ + int i; + + for (i = 0; vec[i] != NULL; i++) + free(vec[i]); +} + +static void +free_dynamic_array(struct dynamic_array *arr) +{ + if (arr->entries != NULL) { + free_strvec(arr->entries); + free(arr->entries); + } + memset(arr, 0, sizeof(*arr)); +} + +static bool +push(struct dynamic_array *arr, const char *entry) +{ + char *copy = NULL; + + if (entry != NULL) { + if ((copy = strdup(entry)) == NULL) + return false; + } + + if (arr->len + (entry != NULL) >= arr->size) { + char **tmp = reallocarray(arr->entries, arr->size + 1024, sizeof(char *)); + if (tmp == NULL) { + free(copy); + return false; + } + arr->entries = tmp; + arr->size += 1024; + } + if (copy != NULL) + arr->entries[arr->len++] = copy; + arr->entries[arr->len] = NULL; + + return true; +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +static int +fuzz_hook_stub(struct sudo_hook *hook) +{ + return 0; +} + +/* + * The fuzzing environment may not have DNS available, this may result + * in long delays that cause a timeout when fuzzing. This getaddrinfo() + * can look up "localhost" and returns an error for anything else. + */ +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +/* Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. */ +# undef getaddrinfo +# undef freeaddrinfo + +int +# ifdef HAVE_GETADDRINFO +getaddrinfo( +# else +sudo_getaddrinfo( +# endif + const char *nodename, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct addrinfo *ai; + struct in_addr addr; + + /* Stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. */ + if (strcmp(nodename, "localhost") != 0 || servname != NULL) + return EAI_FAIL; + + /* Hard-code localhost. */ + ai = calloc(1, sizeof(*ai) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return EAI_MEMORY; + ai->ai_canonname = strdup("localhost"); + if (ai == NULL) { + free(ai); + return EAI_MEMORY; + } + ai->ai_family = AF_INET; + ai->ai_protocol = IPPROTO_TCP; + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr = (struct sockaddr *)(ai + 1); + inet_pton(AF_INET, "127.0.0.1", &addr); + ((struct sockaddr_in *)ai->ai_addr)->sin_family = AF_INET; + ((struct sockaddr_in *)ai->ai_addr)->sin_addr = addr; + *res = ai; + return 0; +} + +void +# ifdef HAVE_GETADDRINFO +freeaddrinfo(struct addrinfo *ai) +# else +sudo_freeaddrinfo(struct addrinfo *ai) +# endif +{ + struct addrinfo *next; + + while (ai != NULL) { + next = ai->ai_next; + free(ai->ai_canonname); + free(ai); + ai = next; + } +} +#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ + +enum fuzz_policy_pass { + PASS_NONE, + PASS_VERSION, + PASS_CHECK_LOG_LOCAL, + PASS_CHECK_LOG_REMOTE, + PASS_CHECK_NOT_FOUND, + PASS_CHECK_NOT_FOUND_DOT, + PASS_LIST, + PASS_LIST_OTHER, + PASS_LIST_CHECK, + PASS_VALIDATE, + PASS_INVALIDATE +}; + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct dynamic_array plugin_args = { NULL }; + struct dynamic_array settings = { NULL }; + struct dynamic_array user_info = { NULL }; + struct dynamic_array argv = { NULL }; + struct dynamic_array env_add = { NULL }; + char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL; + const char *errstr = NULL; + const int num_passes = 10; + char *line = NULL; + size_t linesize = 0; + ssize_t linelen; + int res = 1; + FILE *fp; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + initprogname("fuzz_policy"); + sudoers_debug_register(getprogname(), NULL); + if (getenv("SUDO_FUZZ_VERBOSE") == NULL) + sudo_warn_set_conversation(fuzz_conversation); + + /* user_info and settings must be non-NULL (even if empty). */ + push(&user_info, NULL); + push(&settings, NULL); + + /* Iterate over each line of data. */ + while ((linelen = getdelim(&line, &linesize, '\n', fp)) != -1) { + if (line[linelen - 1] == '\n') + line[linelen - 1] = '\0'; + + /* Skip comments and blank lines. */ + if (line[0] == '#' || line[0] == '\0') + continue; + + /* plugin args */ + if (strncmp(line, "error_recovery=", sizeof("error_recovery=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_file=", sizeof("sudoers_file=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_mode=", sizeof("sudoers_mode=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_gid=", sizeof("sudoers_gid=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "sudoers_uid=", sizeof("sudoers_uid=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "ldap_conf=", sizeof("ldap_conf=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + if (strncmp(line, "ldap_secret=", sizeof("ldap_secret=") - 1) == 0) { + push(&plugin_args, line); + continue; + } + + /* user info */ + if (strncmp(line, "user=", sizeof("user=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "uid=", sizeof("uid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "gid=", sizeof("gid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "groups=", sizeof("groups=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "cwd=", sizeof("cwd=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "tty=", sizeof("tty=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "host=", sizeof("host=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "lines=", sizeof("lines=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "cols=", sizeof("cols=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "sid=", sizeof("sid=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "umask=", sizeof("umask=") - 1) == 0) { + push(&user_info, line); + continue; + } + if (strncmp(line, "rlimit_", sizeof("rlimit_") - 1) == 0) { + push(&user_info, line); + continue; + } + + /* First argv entry is the command, the rest are args. */ + if (strncmp(line, "argv=", sizeof("argv=") - 1) == 0) { + push(&argv, line); + continue; + } + + /* Additional environment variables to add. */ + if (strncmp(line, "env=", sizeof("env=") - 1) == 0) { + const char *cp = line + sizeof("env=") - 1; + if (strchr(cp, '=') != NULL) + push(&env_add, cp); + continue; + } + + /* Treat anything else as a setting. */ + push(&settings, line); + } + fclose(fp); + free(line); + line = NULL; + + /* Exercise code paths that use KRB5CCNAME and SUDO_PROMPT. */ + putenv((char *)"KRB5CCNAME=/tmp/krb5cc_123456"); + putenv((char *)"SUDO_PROMPT=[sudo] password for %p: "); + + sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub); + + for (pass = 1; res == 1 && pass <= num_passes; pass++) { + /* Call policy open function */ + res = sudoers_policy.open(SUDO_API_VERSION, fuzz_conversation, + fuzz_printf, settings.entries, user_info.entries, environ, + plugin_args.entries, &errstr); + if (res == 1) { + if (argv.len == 0) { + /* Must have a command to check. */ + push(&argv, "/usr/bin/id"); + } + + switch (pass) { + case PASS_NONE: + break; + case PASS_VERSION: + /* sudo -V */ + sudoers_policy.show_version(true); + break; + case PASS_CHECK_LOG_LOCAL: { + /* sudo command w/ local I/O logging (MODE_RUN) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + } + case PASS_CHECK_LOG_REMOTE: + /* sudo command w/ remote I/O logging (MODE_RUN) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_CHECK_NOT_FOUND: + /* sudo command (not found) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_CHECK_NOT_FOUND_DOT: + /* sudo command (found but in cwd) */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* call check_policy() again to check for leaks. */ + sudoers_policy.check_policy(argv.len, argv.entries, + env_add.entries, &command_info, &argv_out, &user_env_out, + &errstr); + /* sudo_auth_begin_session() is stubbed out below. */ + sudoers_policy.init_session(NULL, NULL, NULL); + break; + case PASS_LIST: + /* sudo -l (MODE_LIST) */ + sudoers_policy.list(0, NULL, false, NULL, &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(0, NULL, false, NULL, &errstr); + break; + case PASS_LIST_OTHER: + /* sudo -l -U root (MODE_LIST) */ + sudoers_policy.list(0, NULL, false, "root", &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(0, NULL, false, "root", &errstr); + break; + case PASS_LIST_CHECK: + /* sudo -l command (MODE_CHECK) */ + sudoers_policy.list(argv.len, argv.entries, false, NULL, + &errstr); + /* call list() again to check for leaks. */ + sudoers_policy.list(argv.len, argv.entries, false, NULL, + &errstr); + break; + case PASS_VALIDATE: + /* sudo -v (MODE_VALIDATE) */ + sudoers_policy.validate(&errstr); + /* call validate() again to check for leaks. */ + sudoers_policy.validate(&errstr); + break; + case PASS_INVALIDATE: + /* sudo -k */ + sudoers_policy.invalidate(false); + /* call invalidate() again to check for leaks. */ + sudoers_policy.invalidate(false); + break; + } + } + + /* Free resources. */ + if (sudoers_policy.close != NULL) + sudoers_policy.close(0, 0); + else + sudoers_cleanup(); + + /* Call a second time to free old env pointer. */ + env_init(NULL); + } + + sudoers_policy.deregister_hooks(SUDO_API_VERSION, fuzz_hook_stub); + sudoers_gc_run(); + + free_dynamic_array(&plugin_args); + free_dynamic_array(&settings); + free_dynamic_array(&user_info); + free_dynamic_array(&argv); + free_dynamic_array(&env_add); + + sudoers_debug_deregister(); + + fflush(stdout); + + return 0; +} + +/* STUB */ +bool +user_is_exempt(void) +{ + return false; +} + +/* STUB */ +bool +set_interfaces(const char *ai) +{ + return true; +} + +/* STUB */ +void +dump_interfaces(const char *ai) +{ + return; +} + +/* STUB */ +void +dump_auth_methods(void) +{ + return; +} + +/* STUB */ +int +sudo_auth_begin_session(struct passwd *pw, char **user_env[]) +{ + return 1; +} + +/* STUB */ +int +sudo_auth_end_session(struct passwd *pw) +{ + return 1; +} + +/* STUB */ +bool +sudo_auth_needs_end_session(void) +{ + return false; +} + +/* STUB */ +int +timestamp_remove(bool unlink_it) +{ + return true; +} + +/* STUB */ +int +create_admin_success_flag(void) +{ + return true; +} + +/* STUB */ +static int +sudo_file_open(struct sudo_nss *nss) +{ + return 0; +} + +/* STUB */ +static int +sudo_file_close(struct sudo_nss *nss) +{ + return 0; +} + +/* STUB */ +static struct sudoers_parse_tree * +sudo_file_parse(struct sudo_nss *nss) +{ + static struct sudoers_parse_tree parse_tree; + + return &parse_tree; +} + +/* STUB */ +static int +sudo_file_query(struct sudo_nss *nss, struct passwd *pw) +{ + return 0; +} + +/* STUB */ +static int +sudo_file_getdefs(struct sudo_nss *nss) +{ + /* Set some Defaults */ + set_default("log_input", NULL, true, "sudoers", 1, 1, false); + set_default("log_output", NULL, true, "sudoers", 1, 1, false); + set_default("env_file", "/dev/null", true, "sudoers", 1, 1, false); + set_default("restricted_env_file", "/dev/null", true, "sudoers", 1, 1, false); + set_default("exempt_group", "sudo", true, "sudoers", 1, 1, false); + set_default("runchroot", "/", true, "sudoers", 1, 1, false); + set_default("runcwd", "~", true, "sudoers", 1, 1, false); + set_default("fqdn", NULL, true, "sudoers", 1, 1, false); + set_default("runas_default", "root", true, "sudoers", 1, 1, false); + set_default("tty_tickets", NULL, true, "sudoers", 1, 1, false); + set_default("umask", "022", true, "sudoers", 1, 1, false); + set_default("logfile", "/var/log/sudo", true, "sudoers", 1, 1, false); + set_default("syslog", "auth", true, "sudoers", 1, 1, false); + set_default("syslog_goodpri", "notice", true, "sudoers", 1, 1, false); + set_default("syslog_badpri", "alert", true, "sudoers", 1, 1, false); + set_default("syslog_maxlen", "2048", true, "sudoers", 1, 1, false); + set_default("loglinelen", "0", true, "sudoers", 1, 1, false); + set_default("log_year", NULL, true, "sudoers", 1, 1, false); + set_default("log_host", NULL, true, "sudoers", 1, 1, false); + set_default("mailerpath", NULL, false, "sudoers", 1, 1, false); + set_default("mailerflags", "-t", true, "sudoers", 1, 1, false); + set_default("mailto", "root@localhost", true, "sudoers", 1, 1, false); + set_default("mailfrom", "sudo@sudo.ws", true, "sudoers", 1, 1, false); + set_default("mailsub", "Someone has been naughty on %h", true, "sudoers", 1, 1, false); + set_default("timestampowner", "#0", true, "sudoers", 1, 1, false); + set_default("compress_io", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_flush", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_flush", NULL, true, "sudoers", 1, 1, false); + set_default("maxseq", "2176782336", true, "sudoers", 1, 1, false); + set_default("sudoedit_checkdir", NULL, false, "sudoers", 1, 1, false); + set_default("sudoedit_follow", NULL, true, "sudoers", 1, 1, false); + set_default("ignore_iolog_errors", NULL, true, "sudoers", 1, 1, false); + set_default("ignore_iolog_errors", NULL, true, "sudoers", 1, 1, false); + set_default("noexec", NULL, true, "sudoers", 1, 1, false); + set_default("exec_background", NULL, true, "sudoers", 1, 1, false); + set_default("use_pty", NULL, true, "sudoers", 1, 1, false); + set_default("utmp_runas", NULL, true, "sudoers", 1, 1, false); + set_default("iolog_mode", "0640", true, "sudoers", 1, 1, false); + set_default("iolog_user", NULL, false, "sudoers", 1, 1, false); + set_default("iolog_group", NULL, false, "sudoers", 1, 1, false); + if (pass != PASS_CHECK_LOG_LOCAL) { + set_default("log_servers", "localhost", true, "sudoers", 1, 1, false); + set_default("log_server_timeout", "30", true, "sudoers", 1, 1, false); + set_default("log_server_cabundle", "/etc/ssl/cacert.pem", true, "sudoers", 1, 1, false); + set_default("log_server_peer_cert", "/etc/ssl/localhost.crt", true, "sudoers", 1, 1, false); + set_default("log_server_peer_key", "/etc/ssl/private/localhost.key", true, "sudoers", 1, 1, false); + } + + return 0; +} + +static struct sudo_nss sudo_nss_file = { + { NULL, NULL }, + "sudoers", + sudo_file_open, + sudo_file_close, + sudo_file_parse, + sudo_file_query, + sudo_file_getdefs +}; + +struct sudo_nss_list * +sudo_read_nss(void) +{ + static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); + + if (TAILQ_EMPTY(&snl)) + TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries); + + return &snl; +} + +/* STUB */ +int +check_user(int validated, int mode) +{ + return true; +} + +/* STUB */ +bool +check_user_shell(const struct passwd *pw) +{ + return true; +} + +/* STUB */ +void +group_plugin_unload(void) +{ + return; +} + +/* STUB */ +bool +log_warning(int flags, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +log_warningx(int flags, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +gai_log_warning(int flags, int errnum, const char *fmt, ...) +{ + return true; +} + +/* STUB */ +bool +log_denial(int status, bool inform_user) +{ + return true; +} + +/* STUB */ +bool +log_failure(int status, int flags) +{ + return true; +} + +/* STUB */ +bool +log_exit_status(int exit_status) +{ + return true; +} + +/* STUB */ +bool +mail_parse_errors(void) +{ + return true; +} + +/* STUB */ +bool +log_parse_error(const char *file, int line, int column, const char *fmt, + va_list args) +{ + return true; +} + +/* STUB */ +int +audit_failure(char *const argv[], char const *const fmt, ...) +{ + return 0; +} + +/* STUB */ +int +sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, int *cmnd_status, + int pwflag) +{ + return VALIDATE_SUCCESS; +} + +/* STUB */ +int +display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) +{ + return true; +} + +/* STUB */ +int +display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +{ + return true; +} + +/* STUB */ +int +find_path(const char *infile, char **outfile, struct stat *sbp, + const char *path, const char *runchroot, int ignore_dot, + char * const *allowlist) +{ + switch (pass) { + case PASS_CHECK_NOT_FOUND: + return NOT_FOUND; + case PASS_CHECK_NOT_FOUND_DOT: + return NOT_FOUND_DOT; + default: + if (infile[0] == '/') { + *outfile = strdup(infile); + } else { + if (asprintf(outfile, "/usr/bin/%s", infile) == -1) + *outfile = NULL; + } + if (*outfile == NULL) + return NOT_FOUND_ERROR; + return FOUND; + } +} + +/* STUB */ +bool +expand_iolog_path(const char *inpath, char *path, size_t pathlen, + const struct iolog_path_escape *escapes, void *closure) +{ + return strlcpy(path, inpath, pathlen) < pathlen; +} + +/* STUB */ +bool +iolog_nextid(const char *iolog_dir, char sessid[7]) +{ + strlcpy(sessid, "000001", 7); + return true; +} + +/* STUB */ +bool +cb_maxseq(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_user(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_group(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return true; +} + +/* STUB */ +bool +cb_iolog_mode(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return true; +} + +/* STUB */ +bool +cb_group_plugin(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return true; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.dict b/plugins/sudoers/regress/fuzz/fuzz_policy.dict new file mode 100644 index 0000000..d00aeae --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.dict @@ -0,0 +1,56 @@ +# Policy plugin keywords (all are keyword = value) + +# sudoers plugin options from sudo.conf +"error_recovery" +"sudoers_file" +"sudoers_uid" +"sudoers_gid" +"sudoers_mode" +"ldap_conf" +"ldap_secret" + +# command line settings from front-end +"closefrom" +"cmnd_chroot" +"cmnd_cwd" +"runas_user" +"runas_group" +"prompt" +"set_home" +"preserve_environment" +"run_shell" +"login_shell" +"implied_shell" +"preserve_groups" +"ignore_ticket" +"update_ticket" +"noninteractive" +"sudoedit" +"login_class" +"intercept_setid" +"intercept_ptrace" +"selinux_role" +"selinux_type" +"apparmor_profile" +"bsdauth_type" +"network_addrs" +"max_groups" +"remote_host" +"timeout" +"askpass" +"plugin_dir" +"progname" + +# user information from front-end +"user" +"uid" +"gid" +"groups" +"cwd" +"tty" +"host" +"lines" +"cols" +"sid" +"tcpgid" +"umask" diff --git a/plugins/sudoers/regress/fuzz/fuzz_stubs.c b/plugins/sudoers/regress/fuzz/fuzz_stubs.c new file mode 100644 index 0000000..27b26c0 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_stubs.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> + +#include <sys/socket.h> + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <fcntl.h> +#include <pwd.h> +#include <unistd.h> +#if defined(HAVE_STDINT_H) +# include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +# include <inttypes.h> +#endif +#include <netinet/in.h> +#include <arpa/inet.h> +#ifdef NEED_RESOLV_H +# include <arpa/nameser.h> +# include <resolv.h> +#endif /* NEED_RESOLV_H */ +#include <netdb.h> + +#include "sudoers.h" +#include "interfaces.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +struct interface_list * +get_interfaces(void) +{ + static struct interface_list empty = SLIST_HEAD_INITIALIZER(interfaces); + return ∅ +} + +void +init_eventlog_config(void) +{ + return; +} + +int +group_plugin_query(const char *user, const char *group, const struct passwd *pw) +{ + return false; +} + +bool +set_perms(int perm) +{ + return true; +} + +bool +restore_perms(void) +{ + return true; +} + +bool +rewind_perms(void) +{ + return true; +} + +bool +sudo_nss_can_continue(struct sudo_nss *nss, int match) +{ + return true; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c new file mode 100644 index 0000000..15dc72a --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -0,0 +1,419 @@ +/* + * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> + +#include <sys/socket.h> + +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <fcntl.h> +#include <pwd.h> +#include <unistd.h> +#if defined(HAVE_STDINT_H) +# include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +# include <inttypes.h> +#endif +#include <netinet/in.h> +#include <arpa/inet.h> +#ifdef NEED_RESOLV_H +# include <arpa/nameser.h> +# include <resolv.h> +#endif /* NEED_RESOLV_H */ +#include <netdb.h> + +#include "sudoers.h" +#include "interfaces.h" + +static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback); +static int fuzz_printf(int msg_type, const char *fmt, ...); +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +/* For set_cmnd_path() */ +static const char *orig_cmnd; + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; +sudo_conv_t sudo_conv = fuzz_conversation; +sudo_printf_t sudo_printf = fuzz_printf; +int sudo_mode; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + /* + * If we allow the fuzzer to choose include paths it will + * include random files in the file system. + * This leads to bug reports that cannot be reproduced. + */ + return NULL; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +bool +init_envtables(void) +{ + return true; +} + +int +set_cmnd_path(const char *runchroot) +{ + /* Reallocate user_cmnd to catch bugs in command_matches(). */ + char *new_cmnd = strdup(orig_cmnd); + if (new_cmnd == NULL) + return NOT_FOUND_ERROR; + free(user_cmnd); + user_cmnd = new_cmnd; + return FOUND; +} + +/* STUB */ +bool +mail_parse_errors(void) +{ + return true; +} + +/* STUB */ +bool +log_warningx(int flags, const char *fmt, ...) +{ + return true; +} + +static int +sudo_fuzz_query(struct sudo_nss *nss, struct passwd *pw) +{ + return 0; +} + +static int +cb_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) +{ + return 0; +} + +bool +cb_log_input(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return 0; +} + +bool +cb_log_output(const char *file, int line, int column, + const union sudo_defs_val *sd_un, int op) +{ + return 0; +} + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/sudoers.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static struct user_data { + const char *user; + const char *runuser; + const char *rungroup; +} user_data[] = { + { "root", NULL, NULL }, + { "millert", "operator", NULL }, + { "millert", NULL, "wheel" }, + { "operator", NULL, NULL }, + { NULL } +}; + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct user_data *ud; + struct sudo_nss sudo_nss_fuzz; + struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); + struct sudoers_parse_tree parse_tree; + struct interface_list *interfaces; + struct passwd *pw; + struct group *gr; + const char *gids[10]; + FILE *fp; + + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + initprogname("fuzz_sudoers"); + sudoers_debug_register(getprogname(), NULL); + if (getenv("SUDO_FUZZ_VERBOSE") == NULL) + sudo_warn_set_conversation(fuzz_conversation); + + /* Sudoers locale setup. */ + sudoers_initlocale(setlocale(LC_ALL, ""), "C"); + sudo_warn_set_locale_func(sudoers_warn_setlocale); + bindtextdomain("sudoers", LOCALEDIR); + textdomain("sudoers"); + + /* Use the sudoers locale for everything. */ + sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL); + + /* Prime the group cache */ + gr = sudo_mkgrent("wheel", 0, "millert", "root", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("operator", 5, "operator", "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("staff", 20, "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + gr = sudo_mkgrent("sudo", 100, "root", "millert", (char *)NULL); + if (gr == NULL) + goto done; + sudo_gr_delref(gr); + + /* Prime the passwd cache */ + pw = sudo_mkpwent("root", 0, 0, "/", "/bin/sh"); + if (pw == NULL) + goto done; + gids[0] = "0"; + gids[1] = "20"; + gids[2] = "5"; + gids[3] = NULL; + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + pw = sudo_mkpwent("operator", 2, 5, "/operator", "/sbin/nologin"); + if (pw == NULL) + goto done; + gids[0] = "5"; + gids[1] = NULL; + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + pw = sudo_mkpwent("millert", 8036, 20, "/home/millert", "/bin/tcsh"); + if (pw == NULL) + goto done; + gids[0] = "0"; + gids[1] = "20"; + gids[2] = "5"; + gids[3] = "100"; + gids[4] = NULL; + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) + goto done; + sudo_pw_delref(pw); + + /* The minimum needed to perform matching (user_cmnd must be dynamic). */ + user_host = user_shost = user_runhost = user_srunhost = (char *)"localhost"; + orig_cmnd = (char *)"/usr/bin/id"; + user_cmnd = strdup(orig_cmnd); + if (user_cmnd == NULL) + goto done; + user_args = (char *)"-u"; + user_base = sudo_basename(user_cmnd); + + /* Add a fake network interfaces. */ + interfaces = get_interfaces(); + if (SLIST_EMPTY(interfaces)) { + static struct interface interface; + + interface.family = AF_INET; + inet_pton(AF_INET, "128.138.243.151", &interface.addr.ip4); + inet_pton(AF_INET, "255.255.255.0", &interface.netmask.ip4); + SLIST_INSERT_HEAD(interfaces, &interface, entries); + } + + /* Only one sudoers source, the sudoers file itself. */ + init_parse_tree(&parse_tree, NULL, NULL); + memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz)); + sudo_nss_fuzz.parse_tree = &parse_tree; + sudo_nss_fuzz.query = sudo_fuzz_query; + TAILQ_INSERT_TAIL(&snl, &sudo_nss_fuzz, entries); + + /* Initialize defaults and parse sudoers. */ + init_defaults(); + init_parser("sudoers", false, true); + sudoersrestart(fp); + sudoersparse(); + reparent_parse_tree(&parse_tree); + + if (!parse_error) { + /* Match user/host/command against parsed policy. */ + for (ud = user_data; ud->user != NULL; ud++) { + int cmnd_status; + + /* Invoking user. */ + user_name = (char *)ud->user; + if (sudo_user.pw != NULL) + sudo_pw_delref(sudo_user.pw); + sudo_user.pw = sudo_getpwnam(user_name); + if (sudo_user.pw == NULL) { + sudo_warnx_nodebug("unknown user %s", user_name); + continue; + } + + /* Run user. */ + if (runas_pw != NULL) + sudo_pw_delref(runas_pw); + if (ud->runuser != NULL) { + sudo_user.runas_user = (char *)ud->runuser; + SET(sudo_user.flags, RUNAS_USER_SPECIFIED); + runas_pw = sudo_getpwnam(sudo_user.runas_user); + } else { + sudo_user.runas_user = NULL; + CLR(sudo_user.flags, RUNAS_USER_SPECIFIED); + runas_pw = sudo_getpwnam("root"); + } + if (runas_pw == NULL) { + sudo_warnx_nodebug("unknown run user %s", sudo_user.runas_user); + continue; + } + + /* Run group. */ + if (runas_gr != NULL) + sudo_gr_delref(runas_gr); + if (ud->rungroup != NULL) { + sudo_user.runas_group = (char *)ud->rungroup; + SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + runas_gr = sudo_getgrnam(sudo_user.runas_group); + if (runas_gr == NULL) { + sudo_warnx_nodebug("unknown run group %s", + sudo_user.runas_group); + continue; + } + } else { + sudo_user.runas_group = NULL; + CLR(sudo_user.flags, RUNAS_GROUP_SPECIFIED); + runas_gr = NULL; + } + + update_defaults(&parse_tree, NULL, SETDEF_ALL, false); + + sudoers_lookup(&snl, sudo_user.pw, &cmnd_status, false); + + /* Match again as a pseudo-command (list, validate, etc). */ + sudoers_lookup(&snl, sudo_user.pw, &cmnd_status, true); + + /* Display privileges. */ + display_privs(&snl, sudo_user.pw, false); + display_privs(&snl, sudo_user.pw, true); + } + + /* Expand tildes in runcwd and runchroot. */ + if (runas_pw != NULL) { + if (def_runcwd != NULL && strcmp(def_runcwd, "*") != 0) { + expand_tilde(&def_runcwd, runas_pw->pw_name); + } + if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) { + expand_tilde(&def_runchroot, runas_pw->pw_name); + } + } + + /* Check Defaults and aliases. */ + check_defaults(&parse_tree, false); + check_aliases(&parse_tree, true, false, cb_unused); + } + +done: + /* Cleanup. */ + fclose(fp); + free_parse_tree(&parse_tree); + init_parser(NULL, true, true); + if (sudo_user.pw != NULL) + sudo_pw_delref(sudo_user.pw); + if (runas_pw != NULL) + sudo_pw_delref(runas_pw); + if (runas_gr != NULL) + sudo_gr_delref(runas_gr); + sudo_freepwcache(); + sudo_freegrcache(); + free(user_cmnd); + free(safe_cmnd); + free(list_cmnd); + memset(&sudo_user, 0, sizeof(sudo_user)); + sudoers_setlocale(SUDOERS_LOCALE_USER, NULL); + sudoers_debug_deregister(); + fflush(stdout); + + return 0; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict b/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict new file mode 100644 index 0000000..101e002 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.dict @@ -0,0 +1,221 @@ +# Sudoers policy keywords (all are keyword = value) + +# Users and groups +"root" +"wheel" +"staff" +"sudo" + +# Aliases +"Cmnd_Alias" +"Cmd_Alias" +"Host_Alias" +"Runas_Alias" +"User_Alias" + +# Special keywords +"ALL" +"(ALL:ALL)" +"sudoedit" + +# Date_Spec +"20170214083000Z" +"2017021408Z" +"20160315220000-0500" +"20151201235900" + +# Timeout_Spec +"7d8h30m10s" +"14d" +"8h30m" +"600s" +"3600" + +# Command digests +"sha224:" +"sha256:" +"sha384:" +"sha512:" + +# Command tags +"NOPASSWD" +"PASSWD" +"NOEXEC" +"EXEC" +"SETENV" +"NOSETENV" +"LOG_INPUT" +"NOLOG_INPUT" +"LOG_OUTPUT" +"NOLOG_OUTPUT" +"FOLLOWLNK" +"NOFOLLOWLNK" +"MAIL" +"NOMAIL" + +# Command options +"CHROOT" +"CWD" +"CMND_TIMEOUT" +"NOTBEFORE" +"NOTAFTER" +"ROLE" +"TYPE" +"APPARMOR_PROFILE" +"PRIVS" +"LIMITPRIVS" + +# Defaults settings +"Defaults" +"syslog" +"syslog_goodpri" +"syslog_badpri" +"long_otp_prompt" +"ignore_dot" +"mail_always" +"mail_badpass" +"mail_no_user" +"mail_no_host" +"mail_no_perms" +"mail_all_cmnds" +"tty_tickets" +"lecture" +"lecture_file" +"authenticate" +"root_sudo" +"log_host" +"log_year" +"shell_noargs" +"set_home" +"always_set_home" +"path_info" +"fqdn" +"insults" +"requiretty" +"env_editor" +"rootpw" +"runaspw" +"targetpw" +"use_loginclass" +"set_logname" +"stay_setuid" +"preserve_groups" +"loglinelen" +"timestamp_timeout" +"passwd_timeout" +"passwd_tries" +"umask" +"logfile" +"mailerpath" +"mailerflags" +"mailto" +"mailfrom" +"mailsub" +"badpass_message" +"lecture_status_dir" +"timestampdir" +"timestampowner" +"exempt_group" +"passprompt" +"passprompt_override" +"runas_default" +"secure_path" +"editor" +"listpw" +"verifypw" +"noexec" +"ignore_local_sudoers" +"closefrom" +"closefrom_override" +"setenv" +"env_reset" +"env_check" +"env_delete" +"env_keep" +"role" +"type" +"apparmor_profile" +"env_file" +"restricted_env_file" +"sudoers_locale" +"visiblepw" +"pwfeedback" +"fast_glob" +"umask_override" +"log_input" +"log_output" +"compress_io" +"use_pty" +"group_plugin" +"iolog_dir" +"iolog_file" +"set_utmp" +"utmp_runas" +"privs" +"limitprivs" +"exec_background" +"pam_service" +"pam_login_service" +"pam_setcred" +"pam_session" +"pam_acct_mgmt" +"maxseq" +"use_netgroups" +"sudoedit_checkdir" +"sudoedit_follow" +"always_query_group_plugin" +"netgroup_tuple" +"ignore_audit_errors" +"ignore_iolog_errors" +"ignore_logfile_errors" +"match_group_by_gid" +"syslog_maxlen" +"iolog_user" +"iolog_group" +"iolog_mode" +"fdexec" +"ignore_unknown_defaults" +"command_timeout" +"user_command_timeouts" +"iolog_flush" +"syslog_pid" +"timestamp_type" +"authfail_message" +"case_insensitive_user" +"case_insensitive_group" +"log_allowed" +"log_denied" +"log_servers" +"log_server_timeout" +"log_server_keepalive" +"log_server_cabundle" +"log_server_peer_cert" +"log_server_peer_key" +"log_server_verify" +"runas_allow_unknown_id" +"runas_check_shell" +"pam_ruser" +"pam_rhost" +"runcwd" +"runchroot" +"log_format" +"selinux" +"admin_flag" +"intercept" +"log_subcmds" +"log_exit_status" +"intercept_authenticate" +"intercept_allow_setid" +"rlimit_as" +"rlimit_core" +"rlimit_cpu" +"rlimit_data" +"rlimit_fsize" +"rlimit_locks" +"rlimit_memlock" +"rlimit_nofile" +"rlimit_nproc" +"rlimit_rss" +"rlimit_stack" +"log_passwords" +"passprompt_regex" diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok b/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok new file mode 100644 index 0000000..11f2ca8 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok @@ -0,0 +1,577 @@ +Running: examples/sudoers +Matching Defaults entries for root on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for root: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User root may run the following commands on localhost: + (ALL) ALL + (ALL) ALL + +Matching Defaults entries for root on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for root: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User root may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + (ALL) ALL + (root) NOPASSWD: ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Options: !authenticate + Commands: + ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + (ALL) ALL + (root) NOPASSWD: ALL + +Matching Defaults entries for millert on localhost: + syslog=auth, runcwd=~, !lecture, runchroot=*, !authenticate + +Runas and Command-specific defaults for millert: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: ALL + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Options: !authenticate + Commands: + ALL + +Matching Defaults entries for operator on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for operator: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User operator may run the following commands on localhost: + (root) /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, /usr/sbin/rrestore, /usr/bin/mt, sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups, /usr/bin/kill, /usr/bin/top, /usr/sbin/shutdown, /usr/sbin/halt, /usr/sbin/reboot, /usr/sbin/lpc, /usr/bin/lprm, sudoedit /etc/printcap, /usr/oper/bin/ + +Matching Defaults entries for operator on localhost: + syslog=auth, runcwd=~ + +Runas and Command-specific defaults for operator: + Defaults>root !set_logname Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + + +User operator may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + /usr/sbin/dump + /usr/sbin/rdump + /usr/sbin/restore + /usr/sbin/rrestore + /usr/bin/mt + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups + /usr/bin/kill + /usr/bin/top + /usr/sbin/shutdown + /usr/sbin/halt + /usr/sbin/reboot + /usr/sbin/lpc + /usr/bin/lprm + sudoedit /etc/printcap + /usr/oper/bin/ + +Executed examples/sudoers +Running: regress/sudoers/test1.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test1.in +Running: regress/sudoers/test2.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test2.in +Running: regress/sudoers/test3.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test3.in +Running: regress/sudoers/test4.in +sudoers:7:1: invalid line continuation +User_Alias BAR = bar +^~~~~~~~~~ +Executed regress/sudoers/test4.in +Running: regress/sudoers/test5.in +sudoers:2:19: empty string +User_Alias FOO = "" + ^ +sudoers:3:2: empty string +"" ALL = ALL + ^ +Executed regress/sudoers/test5.in +Running: regress/sudoers/test6.in +Runas and Command-specific defaults for root: + Defaults>#123 set_home + Defaults>#123 set_home + + +User root may run the following commands on localhost: + (root) ALL + (#0 : #0) ALL + (root) ALL + (#0 : #0) ALL + (root) ALL + (root) ALL + +Runas and Command-specific defaults for root: + Defaults>#123 set_home + Defaults>#123 set_home + + +User root may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: #0 + RunAsGroups: #0 + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: #0 + RunAsGroups: #0 + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + (root) ALL + (root) ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + (root) ALL + (root) ALL + +Runas and Command-specific defaults for millert: + Defaults>#123 set_home + Defaults>#123 set_home + + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +Sudoers entry: + RunAsUsers: root + Commands: + ALL + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test6.in +Running: regress/sudoers/test7.in +sudoers:2:21: empty group +User_Alias FOO1 = "%" + ^ +sudoers:3:22: empty group +User_Alias FOO2 = "%:" + ^ +sudoers:4:21: empty netgroup +User_Alias FOO3 = "+" + ^ +sudoers:5:19: empty group +User_Alias FOO4 = % + ^ +sudoers:6:19: empty group +User_Alias FOO5 = %: + ^~ +sudoers:7:19: empty netgroup +User_Alias FOO6 = + + ^ +Executed regress/sudoers/test7.in +Running: regress/sudoers/test8.in +sudoers:8:20: unexpected line break in string +User_Alias UA4 = "x + ^ +Executed regress/sudoers/test8.in +Running: regress/sudoers/test9.in +Executed regress/sudoers/test9.in +Running: regress/sudoers/test10.in +Executed regress/sudoers/test10.in +Running: regress/sudoers/test11.in +sudoers:1:6: syntax error +bogus + ^ +Executed regress/sudoers/test11.in +Running: regress/sudoers/test12.in +sudoers:1:17: syntax error +user ALL = (ALL) + ^ +Executed regress/sudoers/test12.in +Running: regress/sudoers/test13.in +sudoers:1:17: syntax error +user ALL = (ALL) + ^ +Executed regress/sudoers/test13.in +Running: regress/sudoers/test14.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert may run the following commands on localhost: + (root) sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + (root) sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User millert may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +User operator may run the following commands on localhost: + (root) sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL + +User operator may run the following commands on localhost: + +Sudoers entry: + RunAsUsers: root + Commands: + sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL + +Executed regress/sudoers/test14.in +Running: regress/sudoers/test15.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test15.in +Running: regress/sudoers/test16.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test16.in +Running: regress/sudoers/test17.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test17.in +Running: regress/sudoers/test18.in +sudoers:4:21: invalid timeout value +user0 ALL = TIMEOUT=7dd4h10m30s /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls + ^~~~~~~~~~~ +sudoers:5:21: invalid timeout value +user1 ALL = TIMEOUT=7d4h10mm30s /usr/bin/id + ^~~~~~~~~~~ +sudoers:6:21: invalid timeout value +user2 ALL = TIMEOUT=4hg10m30s /usr/bin/id + ^~~~~~~~~ +sudoers:7:21: invalid timeout value +user3 ALL = TIMEOUT=10m30ss /usr/bin/id + ^~~~~~~ +sudoers:8:21: invalid timeout value +user4 ALL = TIMEOUT=14g /usr/bin/id + ^~~ +Executed regress/sudoers/test18.in +Running: regress/sudoers/test19.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test19.in +Running: regress/sudoers/test20.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test20.in +Running: regress/sudoers/test21.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test21.in +Running: regress/sudoers/test22.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test22.in +Running: regress/sudoers/test23.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test23.in +Running: regress/sudoers/test24.in +User root is not allowed to run sudo on localhost. + +User root is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User millert is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +User operator is not allowed to run sudo on localhost. + +Executed regress/sudoers/test24.in +Running: regress/sudoers/test25.in +sudoers:4:28: syntax error +foo ALL = CWD=~ron /bin/ls \ + ^~ +Executed regress/sudoers/test25.in diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c new file mode 100644 index 0000000..f3a28a4 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c @@ -0,0 +1,152 @@ +/* + * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <fcntl.h> +#include <unistd.h> +#if defined(HAVE_STDINT_H) +# include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +# include <inttypes.h> +#endif + +#include "sudoers.h" + +static int fuzz_printf(int msg_type, const char *fmt, ...); +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; +sudo_printf_t sudo_printf = fuzz_printf; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + /* + * If we allow the fuzzer to choose include paths it will + * include random files in the file system. + * This leads to bug reports that cannot be reproduced. + */ + return NULL; +} + +static int +fuzz_printf(int msg_type, const char *fmt, ...) +{ + return 0; +} + +bool +init_envtables(void) +{ + return true; +} + +int +set_cmnd_path(const char *runchroot) +{ + /* Cannot return FOUND without also setting user_cmnd to a new value. */ + return NOT_FOUND; +} + +static FILE * +open_data(const uint8_t *data, size_t size) +{ +#ifdef HAVE_FMEMOPEN + /* Operate in-memory. */ + return fmemopen((void *)data, size, "r"); +#else + char tempfile[] = "/tmp/ldif.XXXXXX"; + size_t nwritten; + int fd; + + /* Use (unlinked) temporary file. */ + fd = mkstemp(tempfile); + if (fd == -1) + return NULL; + unlink(tempfile); + nwritten = write(fd, data, size); + if (nwritten != size) { + close(fd); + return NULL; + } + lseek(fd, 0, SEEK_SET); + return fdopen(fd, "r"); +#endif +} + +static int +fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], + struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) +{ + int n; + + for (n = 0; n < num_msgs; n++) { + const struct sudo_conv_message *msg = &msgs[n]; + + switch (msg->msg_type & 0xff) { + case SUDO_CONV_PROMPT_ECHO_ON: + case SUDO_CONV_PROMPT_MASK: + case SUDO_CONV_PROMPT_ECHO_OFF: + /* input not supported */ + return -1; + case SUDO_CONV_ERROR_MSG: + case SUDO_CONV_INFO_MSG: + /* no output for fuzzers */ + break; + default: + return -1; + } + } + return 0; +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct sudoers_parse_tree parse_tree; + FILE *fp; + + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + fp = open_data(data, size); + if (fp == NULL) + return 0; + + initprogname("fuzz_sudoers_ldif"); + sudoers_debug_register(getprogname(), NULL); + if (getenv("SUDO_FUZZ_VERBOSE") == NULL) + sudo_warn_set_conversation(fuzz_conversation); + + /* Initialize defaults and parse LDIF-format sudoers. */ + init_defaults(); + init_parse_tree(&parse_tree, NULL, NULL); + sudoers_parse_ldif(&parse_tree, fp, "ou=SUDOers,dc=sudo,dc=ws", true); + + /* Cleanup. */ + free_parse_tree(&parse_tree); + fclose(fp); + sudoers_debug_deregister(); + fflush(stdout); + + return 0; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict new file mode 100644 index 0000000..7c4d2d0 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict @@ -0,0 +1,14 @@ +# Sudoers LDIF attributes + +"description" +"objectClass" +"organizationalRole" +"sudoCommand" +"sudoHost" +"sudoOption" +"sudoOption" +"sudoOrder" +"sudoRunAs" +"sudoRunAsGroup" +"sudoRunAsUser" +"sudoUser" |