diff --git a/MANIFEST b/MANIFEST index 30514a1f5..6699d87f8 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1095,6 +1095,8 @@ plugins/sudoers/regress/testsudoers/test25.out.ok plugins/sudoers/regress/testsudoers/test25.sh plugins/sudoers/regress/testsudoers/test26.out.ok plugins/sudoers/regress/testsudoers/test26.sh +plugins/sudoers/regress/testsudoers/test27.out.ok +plugins/sudoers/regress/testsudoers/test27.sh plugins/sudoers/regress/testsudoers/test3.out.ok plugins/sudoers/regress/testsudoers/test3.sh plugins/sudoers/regress/testsudoers/test4.out.ok diff --git a/plugins/sudoers/regress/testsudoers/group b/plugins/sudoers/regress/testsudoers/group index 246055493..f272010ec 100644 --- a/plugins/sudoers/regress/testsudoers/group +++ b/plugins/sudoers/regress/testsudoers/group @@ -12,5 +12,6 @@ games:*:13: staff:*:20:root guest:*:31:root admin:*:1000: +fakeshell:*:1001: nogroup:*:32766: nobody:*:32767: diff --git a/plugins/sudoers/regress/testsudoers/passwd b/plugins/sudoers/regress/testsudoers/passwd index f1e472119..c3d0a9c76 100644 --- a/plugins/sudoers/regress/testsudoers/passwd +++ b/plugins/sudoers/regress/testsudoers/passwd @@ -3,4 +3,5 @@ daemon:*:1:1:The devil himself:/root:/sbin/nologin operator:*:2:5:System &:/operator:/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin admin:*:1000:1000:Admin user:/home/admin:/bin/sh +fakeshell:*:1001:1001:Shell test user:/home/fakeshell:/shell/does/not/exist nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin diff --git a/plugins/sudoers/regress/testsudoers/test27.out.ok b/plugins/sudoers/regress/testsudoers/test27.out.ok new file mode 100644 index 000000000..23e70a858 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test27.out.ok @@ -0,0 +1,12 @@ +Parses OK + +Entries for user admin: + +ALL = (ALL) /bin/ls + host allowed + runas allowed + cmnd allowed + +Invalid shell for user fakeshell: /shell/does/not/exist + +Command denied diff --git a/plugins/sudoers/regress/testsudoers/test27.sh b/plugins/sudoers/regress/testsudoers/test27.sh new file mode 100644 index 000000000..8733bb8c0 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test27.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Verify that runas_check_shell works as expected. +# + +: ${TESTSUDOERS=testsudoers} + +exec 2>&1 + +# This should fail due to fakeshell's shell +$TESTSUDOERS -u fakeshell -p ${TESTDIR}/passwd -P ${TESTDIR}/group \ + admin /bin/ls <<'EOF' +Defaults runas_check_shell +admin ALL = (ALL) /bin/ls +EOF + +# Expected failure +if [ $? -eq 0 ]; then + exit 1 +else + exit 0 +fi diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 4ce1839c9..1bb7d8862 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -353,8 +353,14 @@ main(int argc, char *argv[]) validated = sudoers_lookup(&snl, sudo_user.pw, now, &callbacks, &status, false); - /* Validate user-specified chroot or cwd (if any). */ + /* Validate user-specified chroot or cwd (if any) and runas user shell. */ if (ISSET(validated, VALIDATE_SUCCESS)) { + if (!check_user_shell(runas_pw)) { + printf(U_("\nInvalid shell for user %s: %s\n"), + runas_pw->pw_name, runas_pw->pw_shell); + CLR(validated, VALIDATE_SUCCESS); + SET(validated, VALIDATE_FAILURE); + } if (check_user_runchroot() != true) { printf("\nUser %s is not allowed to change root directory to %s\n", user_name, user_runchroot);