kernel The time stamp is stored in the kernel as an
attribute of the terminal device. If no
- terminal is present, the time stamp is
- considered to be invalid. This is currently
- only supported on OpenBSD.
+ terminal is present, the behavior is the same
+ as _\bp_\bp_\bi_\bd. The maximum value of
+ _\bt_\bi_\bm_\be_\bs_\bt_\ba_\bm_\bp_\b__\bt_\bi_\bm_\be_\bo_\bu_\bt is limited to 3600 when using
+ _\bk_\be_\br_\bn_\be_\bl time stamps. This is currently only
+ supported on OpenBSD.
The default value is _\bt_\bt_\by.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.22 December 20, 2017 Sudo 1.8.22
+Sudo 1.8.22 January 23, 2018 Sudo 1.8.22
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2018
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "December 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "January 23, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
kernel
The time stamp is stored in the kernel as an attribute of the terminal
device.
-If no terminal is present, the time stamp is considered to be invalid.
+If no terminal is present, the behavior is the same as
+\fIppid\fR.
+The maximum value of
+\fItimestamp_timeout\fR
+is limited to 3600 when using
+\fIkernel\fR
+time stamps.
This is currently only supported on OpenBSD.
.PP
The default value is
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2018
.\" Todd C. Miller <Todd.Miller@sudo.ws>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd December 20, 2017
+.Dd January 23, 2018
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.It kernel
The time stamp is stored in the kernel as an attribute of the terminal
device.
-If no terminal is present, the time stamp is considered to be invalid.
+If no terminal is present, the behavior is the same as
+.Em ppid .
+The maximum value of
+.Em timestamp_timeout
+is limited to 3600 when using
+.Em kernel
+time stamps.
This is currently only supported on OpenBSD.
.El
.Pp
break;
default:
/* unknown record type, ignore it */
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "unknown time stamp record type %d", entry->type);
debug_return_bool(false);
}
debug_return_bool(true);
}
entry->sid = user_sid;
switch (ticket_type) {
+ default:
+ /* Unknown time stamp ticket type, treat as tty (should not happen). */
+ sudo_warnx("unknown time stamp ticket type %d", ticket_type);
+ /* FALLTHROUGH */
case tty:
if (user_ttypath != NULL && stat(user_ttypath, &sb) == 0) {
/* tty-based time stamp */
break;
}
/* FALLTHROUGH */
+ case kernel:
case ppid:
/* ppid-based time stamp */
entry->type = TS_PPID;
entry->u.ppid = getppid();
get_starttime(entry->u.ppid, &entry->start_time);
break;
- default:
+ case global:
/* global time stamp */
entry->type = TS_GLOBAL;
break;
ts_init_key_nonglobal(struct timestamp_entry *entry, struct passwd *pw, int flags)
{
/*
- * Even if the timestamp type is global we still want to do per-tty
- * or per-ppid locking so sudo works predictably in a pipeline.
+ * Even if the timestamp type is global or kernel we still want to do
+ * per-tty or per-ppid locking so sudo works predictably in a pipeline.
*/
ts_init_key(entry, pw, flags,
- def_timestamp_type != global ? def_timestamp_type : tty);
+ def_timestamp_type == ppid ? ppid : tty);
}
/*
goto bad;
}
- if (def_timestamp_type == kernel) {
- fd = open(_PATH_TTY, O_RDWR);
- if (fd == -1)
- goto bad;
- close(fd);
- fd = -1;
- }
-
/* Sanity check timestamp dir and create if missing. */
if (!ts_secure_dir(def_timestampdir, true, false))
goto bad;
goto done;
}
- if (def_timestamp_type == kernel) {
#ifdef TIOCCHKVERAUTH
+ if (def_timestamp_type == kernel) {
int fd = open(_PATH_TTY, O_RDWR);
- if (fd == -1)
+ if (fd != -1) {
+ if (ioctl(fd, TIOCCHKVERAUTH) == 0)
+ status = TS_CURRENT;
+ else
+ status = TS_OLD;
+ close(fd);
goto done;
- if (ioctl(fd, TIOCCHKVERAUTH) == 0)
- status = TS_CURRENT;
- else
- status = TS_OLD;
- close(fd);
-#endif
- goto done;
+ }
}
+#endif
/* Read the record at the correct position. */
if ((nread = ts_read(cookie, &entry)) != sizeof(entry))
goto done;
}
- if (def_timestamp_type == kernel) {
#ifdef TIOCSETVERAUTH
+ if (def_timestamp_type == kernel) {
int fd = open(_PATH_TTY, O_RDWR);
if (fd != -1) {
int secs = def_timestamp_timeout.tv_sec;
if (secs > 0) {
if (secs > 3600)
- secs = 3600; /* OpenBSD limitation */
+ secs = 3600; /* OpenBSD limitation */
if (ioctl(fd, TIOCSETVERAUTH, &secs) != 0)
sudo_warn("TIOCSETVERAUTH");
}
close(fd);
+ goto done;
}
-#endif
- goto done;
}
+#endif
/* Update timestamp in key and enable it. */
CLR(cookie->key.flags, TS_DISABLED);
char *fname = NULL;
debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH)
- if (def_timestamp_type == kernel) {
#ifdef TIOCCLRVERAUTH
+ if (def_timestamp_type == kernel) {
fd = open(_PATH_TTY, O_RDWR);
- if (fd == -1)
- ret = -1;
- else
+ if (fd != -1) {
ioctl(fd, TIOCCLRVERAUTH);
-#endif
- goto done;
+ goto done;
+ }
}
+#endif
if (asprintf(&fname, "%s/%s", def_timestampdir, user_name) == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
projects / sudo / commitdiff