From 186d836ebc5cd6089bf16269b623297276c32a32 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 8 Dec 2009 21:49:53 +0000 Subject: [PATCH] Add support for floating point timeout values (e.g. 2.5 minutes). --- WHATSNEW | 10 ++++++++++ def_data.c | 8 ++++---- def_data.h | 4 ++-- def_data.in | 8 ++++---- defaults.c | 43 ++++++++++++++++++++++++++++++++++++++++++- defaults.h | 5 ++++- mkdefaults | 3 ++- 7 files changed, 68 insertions(+), 13 deletions(-) diff --git a/WHATSNEW b/WHATSNEW index 657fd29a5..f43049ebf 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -1,3 +1,13 @@ +What's new in Sudo 1.7.3? + + * Support for logging a transcript of the command being run. + For more information, see the documentation for the "transcript" + Defaults option in the sudoers manual and the sudoreplay manual. + + * The passwd_timeout and timestamp_timeout options may now be + specified as floating point numbers for more granular timeout + values. + What's new in Sudo 1.7.2? * A new #includedir directive is available in sudoers. This can be diff --git a/def_data.c b/def_data.c index aa7838b98..c12a1fe7d 100644 --- a/def_data.c +++ b/def_data.c @@ -155,12 +155,12 @@ struct sudo_defs_types sudo_defs_table[] = { "Length at which to wrap log file lines (0 for no wrap): %d", NULL, }, { - "timestamp_timeout", T_INT|T_BOOL, - "Authentication timestamp timeout: %d minutes", + "timestamp_timeout", T_FLOAT|T_BOOL, + "Authentication timestamp timeout: %.1f minutes", NULL, }, { - "passwd_timeout", T_UINT|T_BOOL, - "Password prompt timeout: %d minutes", + "passwd_timeout", T_FLOAT|T_BOOL, + "Password prompt timeout: %.1f minutes", NULL, }, { "passwd_tries", T_UINT, diff --git a/def_data.h b/def_data.h index dc87fa672..3d56348c7 100644 --- a/def_data.h +++ b/def_data.h @@ -64,9 +64,9 @@ #define I_PRESERVE_GROUPS 31 #define def_loglinelen (sudo_defs_table[32].sd_un.ival) #define I_LOGLINELEN 32 -#define def_timestamp_timeout (sudo_defs_table[33].sd_un.ival) +#define def_timestamp_timeout (sudo_defs_table[33].sd_un.fval) #define I_TIMESTAMP_TIMEOUT 33 -#define def_passwd_timeout (sudo_defs_table[34].sd_un.ival) +#define def_passwd_timeout (sudo_defs_table[34].sd_un.fval) #define I_PASSWD_TIMEOUT 34 #define def_passwd_tries (sudo_defs_table[35].sd_un.ival) #define I_PASSWD_TRIES 35 diff --git a/def_data.in b/def_data.in index 61aba384f..30caa213d 100644 --- a/def_data.in +++ b/def_data.in @@ -111,11 +111,11 @@ loglinelen T_UINT|T_BOOL "Length at which to wrap log file lines (0 for no wrap): %d" timestamp_timeout - T_INT|T_BOOL - "Authentication timestamp timeout: %d minutes" + T_FLOAT|T_BOOL + "Authentication timestamp timeout: %.1f minutes" passwd_timeout - T_UINT|T_BOOL - "Password prompt timeout: %d minutes" + T_FLOAT|T_BOOL + "Password prompt timeout: %.1f minutes" passwd_tries T_UINT "Number of tries to enter a password: %d" diff --git a/defaults.c b/defaults.c index 9f0c12f4d..852a0cc42 100644 --- a/defaults.c +++ b/defaults.c @@ -104,6 +104,7 @@ static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); static int store_tuple __P((char *, struct sudo_defs_types *, int)); static int store_uint __P((char *, struct sudo_defs_types *, int)); +static int store_float __P((char *, struct sudo_defs_types *, int)); static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops)); static const char *logfac2str __P((int)); static const char *logpri2str __P((int)); @@ -153,6 +154,10 @@ dump_defaults() (void) printf(cur->desc, cur->sd_un.ival); putchar('\n'); break; + case T_FLOAT: + (void) printf(cur->desc, cur->sd_un.fval); + putchar('\n'); + break; case T_MODE: (void) printf(cur->desc, cur->sd_un.mode); putchar('\n'); @@ -294,6 +299,19 @@ set_default(var, val, op) return(FALSE); } break; + case T_FLOAT: + if (!val) { + /* Check for bogus boolean usage or lack of a value. */ + if (!ISSET(cur->type, T_BOOL) || op != FALSE) { + warningx("no value specified for `%s'", var); + return(FALSE); + } + } + if (!store_float(val, cur, op)) { + warningx("value `%s' is invalid for option `%s'", val, var); + return(FALSE); + } + break; case T_MODE: if (!val) { /* Check for bogus boolean usage or lack of a value. */ @@ -549,7 +567,7 @@ store_int(val, def, op) if (*endp != '\0') return(FALSE); /* XXX - should check against INT_MAX */ - def->sd_un.ival = (unsigned int)l; + def->sd_un.ival = (int)l; } if (def->callback) return(def->callback(val)); @@ -579,6 +597,29 @@ store_uint(val, def, op) return(TRUE); } +static int +store_float(val, def, op) + char *val; + struct sudo_defs_types *def; + int op; +{ + char *endp; + double d; + + if (op == FALSE) { + def->sd_un.fval = 0.0; + } else { + d = strtod(val, &endp); + if (*endp != '\0') + return(FALSE); + /* XXX - should check against HUGE_VAL */ + def->sd_un.fval = d; + } + if (def->callback) + return(def->callback(val)); + return(TRUE); +} + static int store_tuple(val, def, op) char *val; diff --git a/defaults.h b/defaults.h index 6f009cbec..1c5fda781 100644 --- a/defaults.h +++ b/defaults.h @@ -54,6 +54,7 @@ struct sudo_defs_types { union { int flag; int ival; + double fval; enum def_tupple tuple; char *str; mode_t mode; @@ -63,7 +64,7 @@ struct sudo_defs_types { /* * Four types of defaults: strings, integers, and flags. - * Also, T_INT or T_STR may be ANDed with T_BOOL to indicate that + * Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that * a value is not required. Flags are boolean by nature... */ #undef T_INT @@ -84,6 +85,8 @@ struct sudo_defs_types { #define T_LOGPRI 0x008 #undef T_TUPLE #define T_TUPLE 0x009 +#undef T_FLOAT +#define T_FLOAT 0x010 #undef T_MASK #define T_MASK 0x0FF #undef T_BOOL diff --git a/mkdefaults b/mkdefaults index 2a0ba8d7c..90f3b0cb8 100755 --- a/mkdefaults +++ b/mkdefaults @@ -133,7 +133,8 @@ sub print_record { elsif (/^T_LOGFAC/) { $v = "ival"; } elsif (/^T_LOGPRI/) { $v = "ival"; } elsif (/^T_TUPLE/) { $v = "tuple"; } - else { die "$0: unknown defaults type: $type\n"; } + elsif (/^T_FLOAT/) { $v = "fval"; } + else { die "$0: unknown defaults type: $_\n"; } } printf HEADER "#define %-23s (sudo_defs_table[$recnum].sd_un.${v})\n", "def_$rec->[0]"; -- 2.40.0