CoCalc -- sudo_intercept

GitHub Repository: sudo-project/sudo
Path: blob/main/src/sudo_intercept_common.c
¹⁵³² views
1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 2021-2022 Todd C. Miller <[email protected]>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18

19
#include <config.h>
20

21
#include <sys/types.h>
22
#include <sys/socket.h>
23
#include <netinet/in.h>
24
#include <netinet/tcp.h>
25

26
#if defined(HAVE_STDINT_H)
27
# include <stdint.h>
28
#elif defined(HAVE_INTTYPES_H)
29
# include <inttypes.h>
30
#endif
31
#include <errno.h>
32
#include <fcntl.h>
33
#include <signal.h>
34
#include <stdarg.h>
35
#include <stddef.h>
36
#include <stdio.h>
37
#include <stdlib.h>
38
#include <unistd.h>
39
#include <string.h>
40
#ifdef HAVE_STDBOOL_H
41
# include <stdbool.h>
42
#else
43
# include <compat/stdbool.h>
44
#endif /* HAVE_STDBOOL_H */
45
#ifdef HAVE_CRT_EXTERNS_H
46
# include <crt_externs.h>
47
#endif
48

49
#include <sudo_compat.h>
50
#include <sudo_conf.h>
51
#include <sudo_debug.h>
52
#include <sudo_exec.h>
53
#include <sudo_fatal.h>
54
#include <sudo_gettext.h>
55
#include <sudo_util.h>
56
#include <intercept.pb-c.h>
57

58
#ifdef HAVE__NSGETENVIRON
59
# define environ (*_NSGetEnviron())
60
#else
61
extern char **environ;
62
#endif
63

64
static union sudo_token_un intercept_token;
65
static in_port_t intercept_port;
66
static bool log_only;
67

68
/* Send entire request to sudo (blocking). */
69
static bool
70
send_req(int sock, const void *buf, size_t len)
71
{
72
    const uint8_t *cp = buf;
73
    ssize_t nwritten;
74
    debug_decl(send_req, SUDO_DEBUG_EXEC);
75

76
    do {
77
	nwritten = send(sock, cp, len, 0);
78
	if (nwritten < 0) {
79
	    if (errno == EINTR)
80
		continue;
81
	    debug_return_bool(false);
82
	}
83
	len -= (size_t)nwritten;
84
	cp += nwritten;
85
    } while (len > 0);
86

87
    debug_return_bool(true);
88
}
89

90
static bool
91
send_client_hello(int sock)
92
{
93
    InterceptRequest msg = INTERCEPT_REQUEST__INIT;
94
    InterceptHello hello = INTERCEPT_HELLO__INIT;
95
    uint8_t *buf = NULL;
96
    uint32_t msg_len;
97
    size_t len;
98
    bool ret = false;
99
    debug_decl(send_client_hello, SUDO_DEBUG_EXEC);
100

101
    /* Setup client hello. */
102
    hello.pid = getpid();
103
    msg.type_case = INTERCEPT_REQUEST__TYPE_HELLO;
104
    msg.u.hello = &hello;
105

106
    len = intercept_request__get_packed_size(&msg);
107
    if (len > MESSAGE_SIZE_MAX) {
108
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
109
	    "InterceptRequest too large: %zu", len);
110
	goto done;
111
    }
112
    /* Wire message size is used for length encoding, precedes message. */
113
    msg_len = len & 0xffffffff;
114
    len += sizeof(msg_len);
115

116
    if ((buf = sudo_mmap_alloc(len)) == NULL) {
117
	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
118
	goto done;
119
    }
120
    memcpy(buf, &msg_len, sizeof(msg_len));
121
    intercept_request__pack(&msg, buf + sizeof(msg_len));
122

123
    ret = send_req(sock, buf, len);
124

125
done:
126
    sudo_mmap_free(buf);
127
    debug_return_bool(ret);
128
}
129

130
/*
131
 * Receive InterceptResponse from sudo over fd.
132
 */
133
static InterceptResponse *
134
recv_intercept_response(int fd)
135
{
136
    InterceptResponse *res = NULL;
137
    ssize_t nread;
138
    uint32_t rem, res_len;
139
    uint8_t *cp, *buf = NULL;
140
    debug_decl(recv_intercept_response, SUDO_DEBUG_EXEC);
141

142
    /* Read message size (uint32_t in host byte order). */
143
    for (;;) {
144
	nread = recv(fd, &res_len, sizeof(res_len), 0);
145
	if (nread == ssizeof(res_len))
146
	    break;
147
	switch (nread) {
148
	case 0:
149
	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
150
		"unexpected EOF reading response size");
151
	    break;
152
	case -1:
153
	    if (errno == EINTR)
154
		continue;
155
	    sudo_debug_printf(
156
		SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
157
		"error reading response size");
158
	    break;
159
	default:
160
	    sudo_debug_printf(
161
		SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
162
		"error reading response size: short read");
163
	    break;
164
	}
165
	goto done;
166
    }
167
    if (res_len > MESSAGE_SIZE_MAX) {
168
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
169
	    "InterceptResponse too large: %u", res_len);
170
        goto done;
171
    }
172

173
    /* Read response from sudo (blocking). */
174
    if ((buf = sudo_mmap_alloc(res_len)) == NULL) {
175
	goto done;
176
    }
177
    cp = buf;
178
    rem = res_len;
179
    do {
180
	nread = recv(fd, cp, rem, 0);
181
	switch (nread) {
182
	case 0:
183
	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
184
		"unexpected EOF reading response");
185
	    goto done;
186
	case -1:
187
	    if (errno == EINTR)
188
		continue;
189
	    sudo_debug_printf(
190
		SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
191
		"error reading response");
192
	    goto done;
193
	default:
194
	    rem -= (uint32_t)nread;
195
	    cp += nread;
196
	    break;
197
	}
198
    } while (rem > 0);
199
    res = intercept_response__unpack(NULL, res_len, buf);
200
    if (res == NULL) {
201
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
202
	    "unable to unpack %s size %u", "InterceptResponse", res_len);
203
        goto done;
204
    }
205

206
done:
207
    sudo_mmap_free(buf);
208
    debug_return_ptr(res);
209
}
210

211
/*
212
 * Look up SUDO_INTERCEPT_FD in the environment.
213
 * This function is run when the shared library is loaded.
214
 */
215
__attribute__((constructor)) static void
216
sudo_interposer_init(void)
217
{
218
    InterceptResponse *res = NULL;
219
    static bool initialized;
220
    int flags, fd = -1;
221
    char **p;
222
    debug_decl(sudo_interposer_init, SUDO_DEBUG_EXEC);
223

224
    if (initialized)
225
	debug_return;
226
    initialized = true;
227

228
    /* Read debug and path section of sudo.conf and init debugging. */
229
    if (sudo_conf_read(NULL, SUDO_CONF_DEBUG|SUDO_CONF_PATHS) != -1) {
230
	sudo_debug_register("sudo_intercept.so", NULL, NULL,
231
	    sudo_conf_debug_files("sudo_intercept.so"), INTERCEPT_FD_MIN);
232
    }
233
    sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys);
234

235
    /*
236
     * Missing SUDO_INTERCEPT_FD will result in execve() failure.
237
     * Note that we cannot use getenv(3) here on Linux at least.
238
     */
239
    for (p = environ; *p != NULL; p++) {
240
	if (strncmp(*p, "SUDO_INTERCEPT_FD=", sizeof("SUDO_INTERCEPT_FD=") -1) == 0) {
241
	    const char *fdstr = *p + sizeof("SUDO_INTERCEPT_FD=") - 1;
242
	    const char *errstr;
243

244
	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "%s", *p);
245

246
	    fd = (int)sudo_strtonum(fdstr, 0, INT_MAX, &errstr);
247
	    if (errstr != NULL) {
248
		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
249
		    "invalid SUDO_INTERCEPT_FD: %s: %s", fdstr, errstr);
250
		goto done;
251
	    }
252
	}
253
    }
254
    if (fd == -1) {
255
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
256
	    "SUDO_INTERCEPT_FD not found in environment");
257
	goto done;
258
    }
259

260
    /*
261
     * We don't want to use non-blocking I/O.
262
     */
263
    flags = fcntl(fd, F_GETFL, 0);
264
    if (flags != -1)
265
        (void)fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
266

267
    /*
268
     * Send InterceptHello message to over the fd.
269
     */
270
    if (!send_client_hello(fd))
271
	goto done;
272

273
    res = recv_intercept_response(fd);
274
    if (res != NULL) {
275
	if (res->type_case == INTERCEPT_RESPONSE__TYPE_HELLO_RESP) {
276
	    intercept_token.u64[0] = res->u.hello_resp->token_lo;
277
	    intercept_token.u64[1] = res->u.hello_resp->token_hi;
278
	    intercept_port = (in_port_t)res->u.hello_resp->portno;
279
	    log_only = res->u.hello_resp->log_only;
280
	} else {
281
	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
282
		"unexpected type_case value %d in %s from %s",
283
		res->type_case, "InterceptResponse", "sudo");
284
	}
285
	intercept_response__free_unpacked(res, NULL);
286
    }
287

288
done:
289
    if (fd != -1)
290
	close(fd);
291

292
    debug_return;
293
}
294

295
static bool
296
send_policy_check_req(int sock, const char *cmnd, char * const argv[],
297
    char * const envp[])
298
{
299
    InterceptRequest msg = INTERCEPT_REQUEST__INIT;
300
    PolicyCheckRequest req = POLICY_CHECK_REQUEST__INIT;
301
    char cwdbuf[PATH_MAX];
302
    char *empty[1] = { NULL };
303
    uint8_t *buf = NULL;
304
    bool ret = false;
305
    uint32_t msg_len;
306
    size_t len;
307
    debug_decl(fmt_policy_check_req, SUDO_DEBUG_EXEC);
308

309
    /* Send token first (out of band) to initiate connection. */
310
    if (!send_req(sock, &intercept_token, sizeof(intercept_token))) {
311
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
312
	    "unable to send token back to sudo");
313
	goto done;
314
    }
315

316
    /* Setup policy check request. */
317
    req.intercept_fd = sock;
318
    req.command = (char *)cmnd;
319
    req.argv = argv ? (char **)argv : empty;
320
    for (req.n_argv = 0; req.argv[req.n_argv] != NULL; req.n_argv++)
321
	continue;
322
    req.envp = envp ? (char **)envp : empty;
323
    for (req.n_envp = 0; req.envp[req.n_envp] != NULL; req.n_envp++)
324
	continue;
325
    if (getcwd(cwdbuf, sizeof(cwdbuf)) != NULL) {
326
	req.cwd = cwdbuf;
327
    }
328
    msg.type_case = INTERCEPT_REQUEST__TYPE_POLICY_CHECK_REQ;
329
    msg.u.policy_check_req = &req;
330

331
    len = intercept_request__get_packed_size(&msg);
332
    if (len > MESSAGE_SIZE_MAX) {
333
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
334
	    "InterceptRequest too large: %zu", len);
335
	goto done;
336
    }
337
    /* Wire message size is used for length encoding, precedes message. */
338
    msg_len = len & 0xffffffff;
339
    len += sizeof(msg_len);
340

341
    if ((buf = sudo_mmap_alloc(len)) == NULL) {
342
	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
343
	goto done;
344
    }
345
    memcpy(buf, &msg_len, sizeof(msg_len));
346
    intercept_request__pack(&msg, buf + sizeof(msg_len));
347

348
    ret = send_req(sock, buf, len);
349

350
done:
351
    sudo_mmap_free(buf);
352
    debug_return_bool(ret);
353
}
354

355
/* 
356
 * Connect back to sudo process at localhost:intercept_port
357
 */
358
static int
359
intercept_connect(void)
360
{
361
    int sock = -1;
362
    int on = 1;
363
    struct sockaddr_in sin4;
364
    debug_decl(intercept_connect, SUDO_DEBUG_EXEC);
365

366
    if (intercept_port == 0) {
367
	sudo_warnx("%s", U_("intercept port not set"));
368
	goto done;
369
    }
370

371
    memset(&sin4, 0, sizeof(sin4));
372
    sin4.sin_family = AF_INET;
373
    sin4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
374
    sin4.sin_port = htons(intercept_port);
375

376
    sock = socket(AF_INET, SOCK_STREAM, 0);
377
    if (sock == -1) {
378
	sudo_warn("socket");
379
	goto done;
380
    }
381

382
    /* Send data immediately, we need low latency IPC. */
383
    (void)setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
384

385
    if (connect(sock, (struct sockaddr *)&sin4, sizeof(sin4)) == -1) {
386
	sudo_warn("connect");
387
	close(sock);
388
	sock = -1;
389
	goto done;
390
    }
391

392
done:
393
    debug_return_int(sock);
394
}
395

396
/* Called from sudo_intercept.c */
397
bool command_allowed(const char *cmnd, char * const argv[], char * const envp[], char **ncmndp, char ***nargvp, char ***nenvpp);
398

399
bool
400
command_allowed(const char *cmnd, char * const argv[],
401
    char * const envp[], char **ncmndp, char ***nargvp, char ***nenvpp)
402
{
403
    char *ncmnd = NULL, **nargv = NULL, **nenvp = NULL;
404
    InterceptResponse *res = NULL;
405
    bool ret = false;
406
    size_t idx, len = 0;
407
    int sock;
408
    debug_decl(command_allowed, SUDO_DEBUG_EXEC);
409

410
    if (sudo_debug_needed(SUDO_DEBUG_INFO)) {
411
	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
412
	    "req_command: %s", cmnd);
413
	if (argv != NULL) {
414
	    for (idx = 0; argv[idx] != NULL; idx++) {
415
		sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
416
		    "req_argv[%zu]: %s", idx, argv[idx]);
417
	    }
418
	}
419
    }
420

421
    sock = intercept_connect();
422
    if (sock == -1)
423
	goto done;
424

425
    if (!send_policy_check_req(sock, cmnd, argv, envp))
426
	goto done;
427

428
    if (log_only) {
429
	/* Just logging, no policy check. */
430
	nenvp = sudo_preload_dso_mmap(envp, sudo_conf_intercept_path(), sock);
431
	if (nenvp == NULL)
432
	    goto oom;
433
	*ncmndp = (char *)cmnd;		/* safe */
434
	*nargvp = (char **)argv;	/* safe */
435
	*nenvpp = nenvp;
436
	ret = true;
437
	goto done;
438
    }
439

440
    res = recv_intercept_response(sock);
441
    if (res == NULL)
442
	goto done;
443

444
    switch (res->type_case) {
445
    case INTERCEPT_RESPONSE__TYPE_ACCEPT_MSG:
446
	if (sudo_debug_needed(SUDO_DEBUG_INFO)) {
447
	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
448
		"run_command: %s", res->u.accept_msg->run_command);
449
	    for (idx = 0; idx < res->u.accept_msg->n_run_argv; idx++) {
450
		sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
451
		    "run_argv[%zu]: %s", idx, res->u.accept_msg->run_argv[idx]);
452
	    }
453
	}
454
	ncmnd = sudo_mmap_strdup(res->u.accept_msg->run_command);
455
	if (ncmnd == NULL)
456
	    goto oom;
457
	nargv = sudo_mmap_allocarray(res->u.accept_msg->n_run_argv + 1,
458
	    sizeof(char *));
459
	if (nargv == NULL)
460
	    goto oom;
461
	for (len = 0; len < res->u.accept_msg->n_run_argv; len++) {
462
	    nargv[len] = sudo_mmap_strdup(res->u.accept_msg->run_argv[len]);
463
	    if (nargv[len] == NULL)
464
		goto oom;
465
	}
466
	nargv[len] = NULL;
467
	nenvp = sudo_preload_dso_mmap(envp, sudo_conf_intercept_path(), sock);
468
	if (nenvp == NULL)
469
	    goto oom;
470
	*ncmndp = ncmnd;
471
	*nargvp = nargv;
472
	*nenvpp = nenvp;
473
	ret = true;
474
	goto done;
475
    case INTERCEPT_RESPONSE__TYPE_REJECT_MSG:
476
	/* Policy module displayed reject message but we are in raw mode. */
477
	fputc('\r', stderr);
478
	goto done;
479
    case INTERCEPT_RESPONSE__TYPE_ERROR_MSG:
480
	/* Policy module may display error message but we are in raw mode. */
481
	fputc('\r', stderr);
482
	sudo_warnx("%s", res->u.error_msg->error_message);
483
	goto done;
484
    default:
485
	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
486
	    "unexpected type_case value %d in %s from %s",
487
	    res->type_case, "InterceptResponse", "sudo");
488
	goto done;
489
    }
490

491
oom:
492
    sudo_mmap_free(ncmnd);
493
    while (len > 0)
494
	sudo_mmap_free(nargv[--len]);
495
    sudo_mmap_free(nargv);
496

497
done:
498
    /* Keep socket open for ctor when we execute the command. */
499
    if (!ret && sock != -1)
500
	close(sock);
501
    intercept_response__free_unpacked(res, NULL);
502

503
    debug_return_bool(ret);
504
}
505

506
Product

Resources

Company
