pam_close_session().
--HG--
branch : 1.7
* Fixed a problem in the restoration of the AIX authdb registry setting.
+ * Sudo will now fork(2) and wait until the command has completed before
+ calling pam_close_session().
+
What's new in Sudo 1.7.3?
* Support for logging I/O for the command being run.
/* child */
close(sv[0]);
fcntl(sv[1], F_SETFD, FD_CLOEXEC);
- if (exec_setup(PERM_DOWAIT, rbac_enabled, user_ttypath, -1) == TRUE) {
+ if (exec_setup(rbac_enabled, user_ttypath, -1) == TRUE) {
/* headed for execve() */
closefrom(def_closefrom);
#ifdef HAVE_SELINUX
* If we don't need to wait for the command to finish, just exec it.
*/
if (!dowait) {
- exec_setup(0, FALSE, NULL, -1);
+ exec_setup(FALSE, NULL, -1);
closefrom(def_closefrom);
my_execve(path, argv, envp);
cstat->type = CMD_ERRNO;
/* child */
close(sv[0]);
fcntl(sv[1], F_SETFD, FD_CLOEXEC);
- if (exec_setup(PERM_DOWAIT, rbac_enabled, slavename, io_fds[SFD_SLAVE]) == TRUE) {
+ if (exec_setup(rbac_enabled, slavename, io_fds[SFD_SLAVE]) == TRUE) {
/* Close the other end of the stdin/stdout/stderr pipes and exec. */
if (io_pipe[STDIN_FILENO][1])
close(io_pipe[STDIN_FILENO][1]);
/*
* Prototypes
*/
-static void runas_setup __P((int));
+static void runas_setup __P((void));
static void runas_setgroups __P((void));
static void restore_groups __P((void));
int perm;
{
const char *errstr;
- int noexit, dowait;
+ int noexit;
noexit = ISSET(perm, PERM_NOEXIT);
- dowait = ISSET(perm, PERM_DOWAIT);
CLR(perm, PERM_MASK);
if (perm == current_perm)
case PERM_FULL_RUNAS:
/* headed for exec(), assume euid == ROOT_UID */
- runas_setup(dowait);
+ runas_setup();
if (setresuid(def_stay_setuid ?
user_uid : runas_pw->pw_uid,
runas_pw->pw_uid, runas_pw->pw_uid)) {
int perm;
{
const char *errstr;
- int noexit, dowait;
+ int noexit;
noexit = ISSET(perm, PERM_NOEXIT);
- dowait = ISSET(perm, PERM_DOWAIT);
CLR(perm, PERM_MASK);
if (perm == current_perm)
case PERM_FULL_RUNAS:
/* headed for exec(), assume euid == ROOT_UID */
- runas_setup(dowait);
+ runas_setup();
if (setreuid(def_stay_setuid ? user_uid :
runas_pw->pw_uid, runas_pw->pw_uid)) {
errstr = "unable to change to runas uid";
int perm;
{
const char *errstr;
- int noexit, dowait;
+ int noexit;
noexit = ISSET(perm, PERM_NOEXIT);
- dowait = ISSET(perm, PERM_DOWAIT);
CLR(perm, PERM_MASK);
if (perm == current_perm)
case PERM_FULL_RUNAS:
/* headed for exec() */
- runas_setup(dowait);
+ runas_setup();
if (setuid(runas_pw->pw_uid)) {
errstr = "unable to change to runas uid";
goto bad;
int perm;
{
const char *errstr;
- int noexit, dowait;
+ int noexit;
noexit = ISSET(perm, PERM_NOEXIT);
- dowait = ISSET(perm, PERM_DOWAIT);
CLR(perm, PERM_MASK);
if (perm == current_perm)
break;
case PERM_FULL_RUNAS:
- runas_setup(dowait);
+ runas_setup();
if (setuid(runas_pw->pw_uid)) {
errstr = "unable to change to runas uid";
goto bad;
#endif /* HAVE_INITGROUPS */
static void
-runas_setup(dowait)
- int dowait;
+runas_setup()
{
gid_t gid;
#ifdef HAVE_LOGIN_CAP_H
#endif
#ifdef HAVE_PAM
pam_begin_session(runas_pw);
- if (!dowait)
- pam_end_session();
#endif /* HAVE_PAM */
#ifdef HAVE_LOGIN_CAP_H
# include "nonunix.h"
#endif
+#ifdef HAVE_PAM
+# define CMND_WAIT TRUE
+#else
+# define CMND_WAIT FALSE
+#endif
+
/*
* Prototypes
*/
(void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
- if (ISSET(sudo_mode, MODE_EDIT))
+ if (ISSET(sudo_mode, MODE_EDIT)) {
exit(sudo_edit(NewArgc, NewArgv, envp));
- else
- exit(run_command(safe_cmnd, NewArgv, env_get(), runas_pw->pw_uid, FALSE));
+ } else {
+ exit(run_command(safe_cmnd, NewArgv, env_get(), runas_pw->pw_uid,
+ CMND_WAIT));
+ }
} else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
audit_failure(NewArgv, "No user or host");
log_denial(validated, 1);
* Returns TRUE on success and FALSE on failure.
*/
int
-exec_setup(flags, rbac_enabled, ttyname, ttyfd)
- int flags;
+exec_setup(rbac_enabled, ttyname, ttyfd)
int rbac_enabled;
const char *ttyname;
int ttyfd;
#endif /* RLIMIT_CORE && !SUDO_DEVEL */
if (ISSET(sudo_mode, MODE_RUN))
- set_perms(PERM_FULL_RUNAS|flags);
+ set_perms(PERM_FULL_RUNAS);
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
/* Change to target user's homedir. */
#define PERM_FULL_RUNAS 0x05
#define PERM_TIMESTAMP 0x06
#define PERM_NOEXIT 0x10 /* flag */
-#define PERM_DOWAIT 0x20 /* flag */
#define PERM_MASK 0xf0
/*
/* sudo.c */
FILE *open_sudoers __P((const char *, int, int *));
-int exec_setup __P((int, int, const char *, int));
+int exec_setup __P((int, const char *, int));
void cleanup __P((int));
void set_fqdn __P((void));