From feb48b8ebfa11b28097edb9a5d2c59c31660b41f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 20 Dec 2017 16:19:54 -0700 Subject: [PATCH] Add "kernel" as a possible value of timestamp_type. Currently only supported on OpenBSD. --- NEWS | 5 ++++ doc/sudoers.cat | 6 +++++ doc/sudoers.man.in | 6 +++++ doc/sudoers.mdoc.in | 5 ++++ plugins/sudoers/def_data.c | 1 + plugins/sudoers/def_data.h | 3 ++- plugins/sudoers/def_data.in | 2 +- plugins/sudoers/timestamp.c | 51 +++++++++++++++++++++++++++++++++++++ 8 files changed, 77 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 58917a23c..731f5b0d1 100644 --- a/NEWS +++ b/NEWS @@ -72,6 +72,11 @@ What's new in Sudo 1.8.22 the likelihood of a time stamp record being re-used when a user logs out and back in again. Bug #818. + * The "timestamp_type" option now takes a "kernel" value on OpenBSD + systems. This causes the tty-based time stamp to be stored in + the kernel instead of on the file system. If no tty is present, + the time stamp is considered to be invalid. + What's new in Sudo 1.8.21p2 * Fixed a bug introduced in version 1.8.21 which prevented sudo diff --git a/doc/sudoers.cat b/doc/sudoers.cat index a7b0041c5..19bfd99ed 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1864,6 +1864,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS will not require a password for _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t minutes (5 by default). + kernel The time stamp is stored in the kernel as an + attribute of the terminal device. If no + terminal is present, the time stamp is + considered to be invalid. This is currently + only supported on OpenBSD. + The default value is _t_t_y. This setting is only supported by version 1.8.21 or diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 30d571955..69b4dbe7e 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -3708,6 +3708,12 @@ minutes (\fR@timeout@\fR by default) \&. +.TP 8n +kernel +The time stamp is stored in the kernel as an attribute of the terminal +device. +If no terminal is present, the time stamp is considered to be invalid. +This is currently only supported on OpenBSD. .PP The default value is \fI@timestamp_type@\fR. diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 0aeea7f05..ee0e3b376 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -3470,6 +3470,11 @@ minutes .Li @timeout@ by default .Pc . +.It kernel +The time stamp is stored in the kernel as an attribute of the terminal +device. +If no terminal is present, the time stamp is considered to be invalid. +This is currently only supported on OpenBSD. .El .Pp The default value is diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index aa944921f..cc334b460 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -32,6 +32,7 @@ static struct def_values def_data_timestamp_type[] = { { "global", global }, { "ppid", ppid }, { "tty", tty }, + { "kernel", kernel }, { NULL, 0 }, }; diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h index 63ee074bd..7239690d2 100644 --- a/plugins/sudoers/def_data.h +++ b/plugins/sudoers/def_data.h @@ -232,5 +232,6 @@ enum def_tuple { digest_only, global, ppid, - tty + tty, + kernel }; diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index 103fcf06e..944454533 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -347,7 +347,7 @@ syslog_pid timestamp_type T_TUPLE "Type of authentication timestamp record: %s" - global ppid tty + global ppid tty kernel authfail_message T_STR "Authentication failure message: %s" diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 07b045cc6..d2cd3a705 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #if defined(HAVE_STDINT_H) @@ -388,6 +389,13 @@ timestamp_open(const char *user, pid_t sid) goto bad; } + if (def_timestamp_type == kernel) { + fd = open(_PATH_TTY, O_RDWR); + if (fd == -1) + goto bad; + goto done; + } + /* Sanity check timestamp dir and create if missing. */ if (!ts_secure_dir(def_timestampdir, true, false)) goto bad; @@ -435,6 +443,7 @@ timestamp_open(const char *user, pid_t sid) break; } +done: /* Allocate and fill in cookie to store state. */ cookie = malloc(sizeof(*cookie)); if (cookie == NULL) { @@ -590,6 +599,11 @@ timestamp_lock(void *vcookie, struct passwd *pw) debug_return_bool(false); } + if (def_timestamp_type == kernel) { + cookie->pos = 0; + debug_return_bool(true); + } + /* * Take a lock on the "write" record (the first record in the file). * This will let us seek for the record or extend as needed @@ -732,6 +746,20 @@ timestamp_status(void *vcookie, struct passwd *pw) goto done; } + if (def_timestamp_type == kernel) { +#ifdef TIOCCHKVERAUTH + int fd = open(_PATH_TTY, O_RDWR); + if (fd == -1) + goto done; + if (ioctl(fd, TIOCCHKVERAUTH) == 0) + status = TS_CURRENT; + else + status = TS_OLD; + close(fd); +#endif + goto done; + } + /* Read the record at the correct position. */ if ((nread = ts_read(cookie, &entry)) != sizeof(entry)) goto done; @@ -833,6 +861,18 @@ timestamp_update(void *vcookie, struct passwd *pw) goto done; } + if (def_timestamp_type == kernel) { +#ifdef TIOCSETVERAUTH + int fd = open(_PATH_TTY, O_RDWR); + if (fd != -1) { + int secs = 60 * def_timestamp_timeout; + ioctl(fd, TIOCSETVERAUTH, &secs); + close(fd); + } +#endif + goto done; + } + /* Update timestamp in key and enable it. */ CLR(cookie->key.flags, TS_DISABLED); if (sudo_gettime_mono(&cookie->key.ts) == -1) { @@ -864,6 +904,17 @@ timestamp_remove(bool unlink_it) char *fname = NULL; debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH) + if (def_timestamp_type == kernel) { +#ifdef TIOCCLRVERAUTH + fd = open(_PATH_TTY, O_RDWR); + if (fd == -1) + ret = -1; + else + ioctl(fd, TIOCCLRVERAUTH); +#endif + goto done; + } + if (asprintf(&fname, "%s/%s", def_timestampdir, user_name) == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); ret = -1; -- 2.40.0