From b9954fb9b97fec0c82239b1565f8bafa9791360a Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 20 Feb 2017 16:44:12 -0700 Subject: [PATCH] Add support for using the message digest functions in libgcrypt instead of sudo's own SHA2 implementation. --- INSTALL | 6 ++ MANIFEST | 1 + configure | 117 ++++++++++++++++++++++++++++ configure.ac | 14 ++++ mkdep.pl | 2 +- plugins/sudoers/Makefile.in | 11 +++ plugins/sudoers/filedigest_gcrypt.c | 113 +++++++++++++++++++++++++++ 7 files changed, 263 insertions(+), 1 deletion(-) create mode 100644 plugins/sudoers/filedigest_gcrypt.c diff --git a/INSTALL b/INSTALL index b2fbebf63..7c187e385 100644 --- a/INSTALL +++ b/INSTALL @@ -515,6 +515,12 @@ Authentication options: gss_krb5_ccache_name() provides a better API to do this it is not supported by all Kerberos V and SASL combinations. + --enable-gcrypt[=DIR] + Use GNU crypt's SHA-2 message digest functions instead of the + ones bundled with sudo (or in the system's C library). + If specified, DIR should contain include and lib directories + with gcrypt.h and libgcrypt respectively. + --enable-openssl[=DIR] Use OpenSSL's SHA-2 message digest functions instead of the ones bundled with sudo (or in the system's C library). diff --git a/MANIFEST b/MANIFEST index d2a026075..ec7363afb 100644 --- a/MANIFEST +++ b/MANIFEST @@ -264,6 +264,7 @@ plugins/sudoers/digestname.c plugins/sudoers/editor.c plugins/sudoers/env.c plugins/sudoers/filedigest.c +plugins/sudoers/filedigest_gcrypt.c plugins/sudoers/filedigest_openssl.c plugins/sudoers/find_path.c plugins/sudoers/gc.c diff --git a/configure b/configure index d20a4a173..7bb95850c 100755 --- a/configure +++ b/configure @@ -948,6 +948,7 @@ enable_env_reset enable_warnings enable_werror enable_openssl +enable_gcrypt enable_hardening enable_pie enable_asan @@ -1625,6 +1626,8 @@ Optional Features: --enable-werror Whether to enable the -Werror compiler option --enable-openssl Use OpenSSL's message digest functions instead of sudo's + --enable-gcrypt Use GNU crypt's message digest functions instead of + sudo's --disable-hardening Do not use compiler/linker exploit mitigation options --enable-pie Build sudo as a position independent executable. @@ -6385,6 +6388,120 @@ fi +if ${SUDOERS_LDFLAGS+:} false; then : + + case " $SUDOERS_LDFLAGS " in #( + *" -L${enableval}/lib "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS already contains -L\${enableval}/lib"; } >&5 + (: SUDOERS_LDFLAGS already contains -L${enableval}/lib) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SUDOERS_LDFLAGS " -L${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + SUDOERS_LDFLAGS=-L${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS=\"\$SUDOERS_LDFLAGS\""; } >&5 + (: SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if ${SUDOERS_LDFLAGS_R+:} false; then : + + case " $SUDOERS_LDFLAGS_R " in #( + *" -R${enableval}/lib "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 + (: SUDOERS_LDFLAGS_R already contains -R${enableval}/lib) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append SUDOERS_LDFLAGS_R " -R${enableval}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + SUDOERS_LDFLAGS_R=-R${enableval}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : SUDOERS_LDFLAGS_R=\"\$SUDOERS_LDFLAGS_R\""; } >&5 + (: SUDOERS_LDFLAGS_R="$SUDOERS_LDFLAGS_R") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + fi + ;; + esac + +fi + + +# Check whether --enable-gcrypt was given. +if test "${enable_gcrypt+set}" = set; then : + enableval=$enable_gcrypt; case $enableval in + no) ;; + *) LIBMD="-lgcrypt" + FILEDIGEST=filedigest_gcrypt.lo + if test "$enableval" != "yes"; then + +if ${CPPFLAGS+:} false; then : + + case " $CPPFLAGS " in #( + *" -I${enableval}/include "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enableval}/include"; } >&5 + (: CPPFLAGS already contains -I${enableval}/include) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I${enableval}/include" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + CPPFLAGS=-I${enableval}/include + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + + if ${SUDOERS_LDFLAGS+:} false; then : case " $SUDOERS_LDFLAGS " in #( diff --git a/configure.ac b/configure.ac index 2b3904244..75c079a27 100644 --- a/configure.ac +++ b/configure.ac @@ -1465,6 +1465,20 @@ AC_ARG_ENABLE(openssl, esac ]) +AC_ARG_ENABLE(gcrypt, +[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's message digest functions instead of sudo's])], +[ case $enableval in + no) ;; + *) LIBMD="-lgcrypt" + FILEDIGEST=filedigest_gcrypt.lo + if test "$enableval" != "yes"; then + AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${enableval}/lib]) + fi + ;; + esac +]) + AC_ARG_ENABLE(hardening, [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], [], [enable_hardening=yes]) diff --git a/mkdep.pl b/mkdep.pl index 26f0ba602..3f94c069b 100755 --- a/mkdep.pl +++ b/mkdep.pl @@ -70,7 +70,7 @@ sub mkdep { $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; - $makefile =~ s:\@FILEDIGEST\@:filedigest.lo filedigest_openssl.lo:; + $makefile =~ s:\@FILEDIGEST\@:filedigest.lo filedigest_openssl.lo filedigest_gcrypt.lo:; $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo strtonum.lo utimens.lo vsyslog.lo:; # Parse OBJS lines diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 6413c09e3..d719041a8 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -692,6 +692,17 @@ filedigest.lo: $(srcdir)/filedigest.c $(devdir)/def_data.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/filedigest.c +filedigest_gcrypt.lo: $(srcdir)/filedigest_gcrypt.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/filedigest_gcrypt.c filedigest_openssl.lo: $(srcdir)/filedigest_openssl.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ diff --git a/plugins/sudoers/filedigest_gcrypt.c b/plugins/sudoers/filedigest_gcrypt.c new file mode 100644 index 000000000..078cfade6 --- /dev/null +++ b/plugins/sudoers/filedigest_gcrypt.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2017 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include + +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include + +#include + +#include "sudoers.h" +#include "parse.h" + +unsigned char * +sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_lenp) +{ + unsigned char *file_digest = NULL; + unsigned char buf[32 * 1024]; + int fd2, gcry_digest_type; + size_t digest_len, nread; + gcry_error_t error; + gcry_md_hd_t ctx; + FILE *fp = NULL; + debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL) + + switch (digest_type) { + case SUDO_DIGEST_SHA224: + gcry_digest_type = GCRY_MD_SHA224; + break; + case SUDO_DIGEST_SHA256: + gcry_digest_type = GCRY_MD_SHA256; + break; + case SUDO_DIGEST_SHA384: + gcry_digest_type = GCRY_MD_SHA384; + break; + case SUDO_DIGEST_SHA512: + gcry_digest_type = GCRY_MD_SHA512; + break; + default: + sudo_warnx(U_("unsupported digest type %d for %s"), digest_type, file); + debug_return_ptr(NULL); + } + + error = gcry_md_open(&ctx, gcry_digest_type, 0); + if (error != 0) { + sudo_warnx(U_("%s: %s"), digest_type_to_name(digest_type), + gcry_strerror(error)); + goto bad; + } + digest_len = gcry_md_get_algo_dlen(gcry_digest_type); + + if ((fd2 = dup(fd)) == -1) { + sudo_debug_printf(SUDO_DEBUG_INFO, "unable to dup %s: %s", + file, strerror(errno)); + goto bad; + } + if ((fp = fdopen(fd2, "r")) == NULL) { + sudo_debug_printf(SUDO_DEBUG_INFO, "unable to fdopen %s: %s", + file, strerror(errno)); + close(fd2); + goto bad; + } + if ((file_digest = malloc(digest_len)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto bad; + } + + while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { + gcry_md_write(ctx, buf, nread); + } + if (ferror(fp)) { + sudo_warnx(U_("%s: read error"), file); + goto bad; + } + gcry_md_final(ctx); + fclose(fp); + + memcpy(file_digest, gcry_md_read(ctx, 0), digest_len); + *digest_lenp = digest_len; + debug_return_ptr(file_digest); +bad: + free(file_digest); + gcry_md_close(ctx); + if (fp != NULL) + fclose(fp); + debug_return_ptr(NULL); +} -- 2.40.0