plugins/sudoers/auth/sia.c
plugins/sudoers/auth/sudo_auth.c
plugins/sudoers/auth/sudo_auth.h
+plugins/sudoers/base64.c
plugins/sudoers/boottime.c
plugins/sudoers/bsm_audit.c
plugins/sudoers/bsm_audit.h
AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
-LIBPARSESUDOERS_OBJS = alias.lo audit.lo defaults.lo hexchar.lo gram.lo \
- match.lo match_addr.lo pwutil.lo pwutil_impl.lo \
+LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \
+ gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \
timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo
SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \
$(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \
$(srcdir)/linux_audit.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
+base64.lo: $(srcdir)/base64.c $(top_builddir)/config.h $(incdir)/missing.h \
+ $(incdir)/sudo_debug.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c
boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/sudo_debug.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c
$(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
$(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h \
- $(devdir)/gram.h $(incdir)/lbuf.h $(incdir)/secure_path.h
+ $(devdir)/gram.h $(incdir)/lbuf.h $(srcdir)/sha2.h \
+ $(incdir)/secure_path.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c
toke_util.lo: $(srcdir)/toke_util.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+
+#include "missing.h"
+#include "sudo_debug.h"
+
+/*
+ * Decode a NUL-terminated string in base64 format and store the
+ * result in dst.
+ */
+size_t
+base64_decode(const char *str, unsigned char *dst, size_t dsize)
+{
+ static const char b64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ const unsigned char *dst0 = dst;
+ const unsigned char *dend = dst + dsize;
+ unsigned char ch[4];
+ char *pos;
+ int i;
+ debug_decl(base64_decode, SUDO_DEBUG_MATCH)
+
+ /*
+ * Convert from base64 to binary. Each base64 char holds 6 bits of data
+ * so 4 base64 chars equals 3 chars of data.
+ * Padding (with the '=' char) may or may not be present.
+ */
+ while (*str != '\0') {
+ for (i = 0; i < 4; i++) {
+ switch (*str) {
+ case '=':
+ str++;
+ /* FALLTHROUGH */
+ case '\0':
+ ch[i] = '=';
+ break;
+ default:
+ if ((pos = strchr(b64, *str++)) == NULL)
+ debug_return_size_t((size_t)-1);
+ ch[i] = (unsigned char)(pos - b64);
+ break;
+ }
+ }
+ if (ch[0] == '=' || ch[1] == '=' || dst == dend)
+ break;
+ *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
+ if (ch[2] == '=' || dst == dend)
+ break;
+ *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
+ if (ch[3] == '=' || dst == dend)
+ break;
+ *dst++ = ((ch[2] & 0x03) << 6) | ch[3];
+ }
+ debug_return_size_t((size_t)(dst - dst0));
+}
}
};
-static size_t
-base64_decode(const char *src, unsigned char *dst)
-{
- static const char b64[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- const unsigned char *dst0 = dst;
- unsigned char ch[4];
- char *pos;
- int i;
- debug_decl(base64_decode, SUDO_DEBUG_MATCH)
-
- /*
- * Convert from base64 to binary. Each base64 char holds 6 bits of data
- * so 4 base64 chars equals 3 chars of data.
- * Padding (with the '=' char) may or may not be present.
- */
- while (*src != '\0') {
- for (i = 0; i < 4; i++) {
- switch (*src) {
- case '=':
- src++;
- /* FALLTHROUGH */
- case '\0':
- ch[i] = '=';
- break;
- default:
- if ((pos = strchr(b64, *src++)) == NULL)
- debug_return_size_t((size_t)-1);
- ch[i] = (unsigned char)(pos - b64);
- break;
- }
- }
- if (ch[0] == '=' || ch[1] == '=')
- break;
- *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
- if (ch[2] == '=')
- break;
- *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
- if (ch[3] == '=')
- break;
- *dst++ = ((ch[2] & 0x03) << 6) | ch[3];
- }
- debug_return_size_t((size_t)(dst - dst0));
-}
-
static bool
digest_matches(char *file, struct sudo_digest *sd)
{
sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
}
} else {
- if (base64_decode(sd->digest_str, sudoers_digest) != func->digest_len)
+ size_t len = base64_decode(sd->digest_str, sudoers_digest,
+ sizeof(sudoers_digest));
+ if (len != func->digest_len)
goto bad_format;
}
void init_parser(const char *, bool);
int alias_compare(const void *, const void *);
int hexchar(const char *s);
+size_t base64_decode(const char *str, unsigned char *dst, size_t dsize);
#endif /* _SUDOERS_PARSE_H */
projects / sudo / commitdiff