Add "kernel" as a possible value of timestamp_type.

Currently only supported on OpenBSD.

diff --git a/NEWS b/NEWS
index 58917a23ce5b3ec6098f6cfea03301967c56f5f3..731f5b0d13f3c3dc6954583a9e77de136697a064 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -72,6 +72,11 @@ What's new in Sudo 1.8.22
    the likelihood of a time stamp record being re-used when a user
    logs out and back in again.  Bug #818.
 
+ * The "timestamp_type" option now takes a "kernel" value on OpenBSD
+   systems.  This causes the tty-based time stamp to be stored in
+   the kernel instead of on the file system.  If no tty is present,
+   the time stamp is considered to be invalid.
+
 What's new in Sudo 1.8.21p2
 
  * Fixed a bug introduced in version 1.8.21 which prevented sudo

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index a7b0041c5d7bb6bdd0cf68f3d0b7f317483640fd..19bfd99edf0a9059a4af1f18fd28d6afa26d3ebd 100644 (file)
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1864,6 +1864,12 @@ S\bSU\bUD\bDO\bOE\bER\bRS\bS O\bOP\bPT\bTI\bIO\bON\bNS\bS
                                will not require a password for
                                _\bt_\bi_\bm_\be_\bs_\bt_\ba_\bm_\bp_\b__\bt_\bi_\bm_\be_\bo_\bu_\bt minutes (5 by default).
 
+                       kernel  The time stamp is stored in the kernel as an
+                               attribute of the terminal device.  If no
+                               terminal is present, the time stamp is
+                               considered to be invalid.  This is currently
+                               only supported on OpenBSD.
+
                        The default value is _\bt_\bt_\by.
 
                        This setting is only supported by version 1.8.21 or

diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 30d571955feb86d661f203c3747f2cbfc144dc96..69b4dbe7e07ad2fba66bf4e20c787683df7f3562 100644 (file)
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -3708,6 +3708,12 @@ minutes
 (\fR@timeout@\fR
 by default)
 \&.
+.TP 8n
+kernel
+The time stamp is stored in the kernel as an attribute of the terminal
+device.
+If no terminal is present, the time stamp is considered to be invalid.
+This is currently only supported on OpenBSD.
 .PP
 The default value is
 \fI@timestamp_type@\fR.

diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 0aeea7f05665d7cc3df6255dbae924501493b2fe..ee0e3b376d29cefc9ad4a5f5c0285e91951c4c9a 100644 (file)
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -3470,6 +3470,11 @@ minutes
 .Li @timeout@
 by default
 .Pc .
+.It kernel
+The time stamp is stored in the kernel as an attribute of the terminal
+device.
+If no terminal is present, the time stamp is considered to be invalid.
+This is currently only supported on OpenBSD.
 .El
 .Pp
 The default value is

diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index aa944921f93bcf05f555964b67e2e65c8b961809..cc334b46018b20a5db9000c0b38461d5dc1e5146 100644 (file)
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -32,6 +32,7 @@ static struct def_values def_data_timestamp_type[] = {
     { "global", global },
     { "ppid", ppid },
     { "tty", tty },
+    { "kernel", kernel },
     { NULL, 0 },
 };
 

diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index 63ee074bd4845dbea508dfb9f0ba715f7eb79bc4..7239690d289524a0506ebe262e6f1e4816b0f1f8 100644 (file)
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -232,5 +232,6 @@ enum def_tuple {
        digest_only,
        global,
        ppid,
-       tty
+       tty,
+       kernel
 };

diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 103fcf06e321b2571a5eaa49553bde90e9f8b3b4..944454533898e8fa7e38537b2f17f013597ef8b1 100644 (file)
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -347,7 +347,7 @@ syslog_pid
 timestamp_type
        T_TUPLE
        "Type of authentication timestamp record: %s"
-       global ppid tty
+       global ppid tty kernel
 authfail_message
        T_STR
        "Authentication failure message: %s"

diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
index 07b045cc63a8e1ef6c3724f62a70112b9bdda3eb..d2cd3a7053e0de2bc74a6fa760b710c2d26c677f 100644 (file)
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -19,6 +19,7 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/stat.h>
+#include <sys/ioctl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #if defined(HAVE_STDINT_H)
@@ -388,6 +389,13 @@ timestamp_open(const char *user, pid_t sid)
        goto bad;
     }
 
+    if (def_timestamp_type == kernel) {
+       fd = open(_PATH_TTY, O_RDWR);
+       if (fd == -1)
+           goto bad;
+       goto done;
+    }
+
     /* Sanity check timestamp dir and create if missing. */
     if (!ts_secure_dir(def_timestampdir, true, false))
        goto bad;
@@ -435,6 +443,7 @@ timestamp_open(const char *user, pid_t sid)
        break;
     }
 
+done:
     /* Allocate and fill in cookie to store state. */
     cookie = malloc(sizeof(*cookie));
     if (cookie == NULL) {
@@ -590,6 +599,11 @@ timestamp_lock(void *vcookie, struct passwd *pw)
        debug_return_bool(false);
     }
 
+    if (def_timestamp_type == kernel) {
+       cookie->pos = 0;
+       debug_return_bool(true);
+    }
+
     /*
      * Take a lock on the "write" record (the first record in the file).
      * This will let us seek for the record or extend as needed
@@ -732,6 +746,20 @@ timestamp_status(void *vcookie, struct passwd *pw)
        goto done;
     }
 
+    if (def_timestamp_type == kernel) {
+#ifdef TIOCCHKVERAUTH
+       int fd = open(_PATH_TTY, O_RDWR);
+       if (fd == -1)
+           goto done;
+       if (ioctl(fd, TIOCCHKVERAUTH) == 0)
+           status = TS_CURRENT;
+       else
+           status = TS_OLD;
+       close(fd);
+#endif
+       goto done;
+    }
+
     /* Read the record at the correct position. */
     if ((nread = ts_read(cookie, &entry)) != sizeof(entry))
        goto done;
@@ -833,6 +861,18 @@ timestamp_update(void *vcookie, struct passwd *pw)
        goto done;
     }
 
+    if (def_timestamp_type == kernel) {
+#ifdef TIOCSETVERAUTH
+       int fd = open(_PATH_TTY, O_RDWR);
+       if (fd != -1) {
+           int secs = 60 * def_timestamp_timeout;
+           ioctl(fd, TIOCSETVERAUTH, &secs);
+           close(fd);
+       }
+#endif
+       goto done;
+    }
+
     /* Update timestamp in key and enable it. */
     CLR(cookie->key.flags, TS_DISABLED);
     if (sudo_gettime_mono(&cookie->key.ts) == -1) {
@@ -864,6 +904,17 @@ timestamp_remove(bool unlink_it)
     char *fname = NULL;
     debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH)
 
+    if (def_timestamp_type == kernel) {
+#ifdef TIOCCLRVERAUTH
+       fd = open(_PATH_TTY, O_RDWR);
+       if (fd == -1)
+           ret = -1;
+       else
+           ioctl(fd, TIOCCLRVERAUTH);
+#endif
+       goto done;
+    }
+
     if (asprintf(&fname, "%s/%s", def_timestampdir, user_name) == -1) {
        sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
        ret = -1;