Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Bring back the check for time stamp files that predate the boot
time. Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Adjust new locking to work when tty_tickets is disabled. We need
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Implement suspend/resume callbacks for the conversation function.
If suspended, close the timestamp file (dropping all locks). On
resume, lock the record before reading the password.
For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does. To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated. The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Lock individual records in the timestamp file instead of the entire
file. This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Add a struct sudo_conv_callback that contains on_suspend and on_resume
function pointer args plus a closure pointer and at it to the
conversation function.
Todd C. Miller [Tue, 1 Sep 2015 16:24:59 +0000 (10:24 -0600)]
When decoding base64, avoid using '=' in the decoded temporary array
as a sentinel as it can legitimately be present. Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
Todd C. Miller [Tue, 18 Aug 2015 14:57:53 +0000 (08:57 -0600)]
The condition for adding a missing newline at the end of sudoers
was never reached. Keep track of the last character and write a
newline character if when copying to the temp file. Found by Radovan
Sroka.
Todd C. Miller [Tue, 11 Aug 2015 02:17:02 +0000 (20:17 -0600)]
In sudo_pam_begin_session() and sudo_pam_end_session() return
AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
Todd C. Miller [Mon, 10 Aug 2015 21:13:37 +0000 (15:13 -0600)]
Linux sets si_pid in struct siginfo to 0 when the process that sent
the signal is in a different container since the PID namespaces in
different conatiners are separate. Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process. Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers. From Maarten de Vries
Todd C. Miller [Fri, 7 Aug 2015 23:01:15 +0000 (17:01 -0600)]
Explicitly tell people not to grant sudoedit to directories the
user can write to. While sudoedit will no longer open symbolic
links, hard links are still an issue.
Todd C. Miller [Thu, 6 Aug 2015 19:20:01 +0000 (13:20 -0600)]
Do not follow symbolic links in sudoedit by default. This behavior
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
Todd C. Miller [Fri, 10 Jul 2015 16:31:21 +0000 (10:31 -0600)]
Avoid calling dlerror() multiple times since it clear the error
status after printing the error.
Problem caused by sudo_warn/sudo_fatal being macros...
Todd C. Miller [Wed, 8 Jul 2015 22:15:53 +0000 (16:15 -0600)]
Update Debian/Ubuntu packages to be more like the vendor ones. One
notable exception is that sudo.ws packages use /var/run, not /var/lib
for timestamp files.
Todd C. Miller [Wed, 8 Jul 2015 16:12:15 +0000 (10:12 -0600)]
In io_callback() service writes before reads. That way, if both
SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF)
we don't close the fd before the write() is performed.
If the write() returns EPIPE, ENXIO, EIO or EBADF, clear SUDO_EV_READ
before we close the fd to avoid calling read() on a closed fd.
Todd C. Miller [Fri, 26 Jun 2015 21:58:04 +0000 (15:58 -0600)]
Add an error flag to the lbuf struct to simplify error checking.
Callers of the lbuf functions now check the error flag to tell if
a memory allocation error ocurred.