From: Todd C. Miller Date: Tue, 23 Jan 2018 18:18:18 +0000 (-0700) Subject: Fall back to ppid time stamps if timestamp_type == kernel and no X-Git-Tag: SUDO_1_8_23^2~188 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3601253e6b72239f74330e3790d1175f3cc3c98;p=sudo Fall back to ppid time stamps if timestamp_type == kernel and no tty is present. This is consistent with timestamp_type == tty. --- diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 0a1f2cdfc..057a69958 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1866,9 +1866,11 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS kernel The time stamp is stored in the kernel as an attribute of the terminal device. If no - terminal is present, the time stamp is - considered to be invalid. This is currently - only supported on OpenBSD. + terminal is present, the behavior is the same + as _p_p_i_d. The maximum value of + _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t is limited to 3600 when using + _k_e_r_n_e_l time stamps. This is currently only + supported on OpenBSD. The default value is _t_t_y. @@ -2895,4 +2897,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.22 December 20, 2017 Sudo 1.8.22 +Sudo 1.8.22 January 23, 2018 Sudo 1.8.22 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index f5bf7bb90..009fd13c8 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2018 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "December 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "January 23, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -3717,7 +3717,13 @@ by default) kernel The time stamp is stored in the kernel as an attribute of the terminal device. -If no terminal is present, the time stamp is considered to be invalid. +If no terminal is present, the behavior is the same as +\fIppid\fR. +The maximum value of +\fItimestamp_timeout\fR +is limited to 3600 when using +\fIkernel\fR +time stamps. This is currently only supported on OpenBSD. .PP The default value is diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 06b481fcf..9f47beedf 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2018 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd December 20, 2017 +.Dd January 23, 2018 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -3478,7 +3478,13 @@ by default .It kernel The time stamp is stored in the kernel as an attribute of the terminal device. -If no terminal is present, the time stamp is considered to be invalid. +If no terminal is present, the behavior is the same as +.Em ppid . +The maximum value of +.Em timestamp_timeout +is limited to 3600 when using +.Em kernel +time stamps. This is currently only supported on OpenBSD. .El .Pp diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 465ff56cd..5136dcad0 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -100,6 +100,8 @@ ts_match_record(struct timestamp_entry *key, struct timestamp_entry *entry) break; default: /* unknown record type, ignore it */ + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "unknown time stamp record type %d", entry->type); debug_return_bool(false); } debug_return_bool(true); @@ -332,6 +334,10 @@ ts_init_key(struct timestamp_entry *entry, struct passwd *pw, int flags, } entry->sid = user_sid; switch (ticket_type) { + default: + /* Unknown time stamp ticket type, treat as tty (should not happen). */ + sudo_warnx("unknown time stamp ticket type %d", ticket_type); + /* FALLTHROUGH */ case tty: if (user_ttypath != NULL && stat(user_ttypath, &sb) == 0) { /* tty-based time stamp */ @@ -342,13 +348,14 @@ ts_init_key(struct timestamp_entry *entry, struct passwd *pw, int flags, break; } /* FALLTHROUGH */ + case kernel: case ppid: /* ppid-based time stamp */ entry->type = TS_PPID; entry->u.ppid = getppid(); get_starttime(entry->u.ppid, &entry->start_time); break; - default: + case global: /* global time stamp */ entry->type = TS_GLOBAL; break; @@ -361,11 +368,11 @@ static void ts_init_key_nonglobal(struct timestamp_entry *entry, struct passwd *pw, int flags) { /* - * Even if the timestamp type is global we still want to do per-tty - * or per-ppid locking so sudo works predictably in a pipeline. + * Even if the timestamp type is global or kernel we still want to do + * per-tty or per-ppid locking so sudo works predictably in a pipeline. */ ts_init_key(entry, pw, flags, - def_timestamp_type != global ? def_timestamp_type : tty); + def_timestamp_type == ppid ? ppid : tty); } /* @@ -386,14 +393,6 @@ timestamp_open(const char *user, pid_t sid) goto bad; } - if (def_timestamp_type == kernel) { - fd = open(_PATH_TTY, O_RDWR); - if (fd == -1) - goto bad; - close(fd); - fd = -1; - } - /* Sanity check timestamp dir and create if missing. */ if (!ts_secure_dir(def_timestampdir, true, false)) goto bad; @@ -739,19 +738,19 @@ timestamp_status(void *vcookie, struct passwd *pw) goto done; } - if (def_timestamp_type == kernel) { #ifdef TIOCCHKVERAUTH + if (def_timestamp_type == kernel) { int fd = open(_PATH_TTY, O_RDWR); - if (fd == -1) + if (fd != -1) { + if (ioctl(fd, TIOCCHKVERAUTH) == 0) + status = TS_CURRENT; + else + status = TS_OLD; + close(fd); goto done; - if (ioctl(fd, TIOCCHKVERAUTH) == 0) - status = TS_CURRENT; - else - status = TS_OLD; - close(fd); -#endif - goto done; + } } +#endif /* Read the record at the correct position. */ if ((nread = ts_read(cookie, &entry)) != sizeof(entry)) @@ -863,22 +862,22 @@ timestamp_update(void *vcookie, struct passwd *pw) goto done; } - if (def_timestamp_type == kernel) { #ifdef TIOCSETVERAUTH + if (def_timestamp_type == kernel) { int fd = open(_PATH_TTY, O_RDWR); if (fd != -1) { int secs = def_timestamp_timeout.tv_sec; if (secs > 0) { if (secs > 3600) - secs = 3600; /* OpenBSD limitation */ + secs = 3600; /* OpenBSD limitation */ if (ioctl(fd, TIOCSETVERAUTH, &secs) != 0) sudo_warn("TIOCSETVERAUTH"); } close(fd); + goto done; } -#endif - goto done; } +#endif /* Update timestamp in key and enable it. */ CLR(cookie->key.flags, TS_DISABLED); @@ -911,16 +910,15 @@ timestamp_remove(bool unlink_it) char *fname = NULL; debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH) - if (def_timestamp_type == kernel) { #ifdef TIOCCLRVERAUTH + if (def_timestamp_type == kernel) { fd = open(_PATH_TTY, O_RDWR); - if (fd == -1) - ret = -1; - else + if (fd != -1) { ioctl(fd, TIOCCLRVERAUTH); -#endif - goto done; + goto done; + } } +#endif if (asprintf(&fname, "%s/%s", def_timestampdir, user_name) == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));