mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 15:25:58 +00:00
Code Issues Releases Wiki Activity

If tty_tickets are enabled but there is no tty, use a ticket file

Browse Source 
based on the parent pid.
This commit is contained in:
Todd C. Miller
2013-08-13 12:55:17 -06:00
parent d9fd6281e4
commit 39d630f2f2
1 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
plugins/sudoers/timestamp.c
View File

@@ -73,12 +73,14 @@ build_timestamp(struct passwd *pw)
debug_decl(build_timestamp, SUDO_DEBUG_AUTH) debug_decl(build_timestamp, SUDO_DEBUG_AUTH)
/* Stash the tty's device, session ID and ctime for ticket comparison. */ /* Stash the tty's device, session ID and ctime for ticket comparison. */
if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { if (def_tty_tickets) {
tty_info.dev = sb.st_dev; if (user_ttypath && stat(user_ttypath, &sb) == 0) {
tty_info.ino = sb.st_ino; tty_info.dev = sb.st_dev;
tty_info.rdev = sb.st_rdev; tty_info.ino = sb.st_ino;
tty_info.uid = sb.st_uid; tty_info.rdev = sb.st_rdev;
tty_info.gid = sb.st_gid; tty_info.uid = sb.st_uid;
tty_info.gid = sb.st_gid;
}
tty_info.sid = user_sid; tty_info.sid = user_sid;
} }
@@ -94,18 +96,28 @@ build_timestamp(struct passwd *pw)
* the directory as the timestamp. * the directory as the timestamp.
*/ */
if (def_tty_tickets) { if (def_tty_tickets) {
char pidbuf[sizeof("pid") + (((sizeof(pid_t) * 8) + 2) / 3)];
char *p; char *p;
if ((p = strrchr(user_tty, '/'))) if (user_ttypath == NULL) {
/* No tty, use parent pid. */
len = snprintf(pidbuf, sizeof(pidbuf), "pid%u",
(unsigned int)getppid());
if (len <= 0 || len >= sizeof(pidbuf))
goto bad;
p = pidbuf;
} else if ((p = strrchr(user_tty, '/'))) {
p++; p++;
else } else {
p = user_tty; p = user_tty;
if (def_targetpw) }
if (def_targetpw) {
len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s:%s", len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s:%s",
dirparent, user_name, p, runas_pw->pw_name); dirparent, user_name, p, runas_pw->pw_name);
else } else {
len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s", len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s",
dirparent, user_name, p); dirparent, user_name, p);
}
if (len <= 0 || len >= sizeof(timestampfile)) if (len <= 0 || len >= sizeof(timestampfile))
goto bad; goto bad;
} else if (def_targetpw) { } else if (def_targetpw) {
@@ -132,10 +144,6 @@ update_timestamp(struct passwd *pw)
{ {
debug_decl(update_timestamp, SUDO_DEBUG_AUTH) debug_decl(update_timestamp, SUDO_DEBUG_AUTH)
/* If using tty timestamps but we have no tty there is nothing to do. */
if (def_tty_tickets && !user_ttypath)
debug_return_bool(false);
if (timestamp_uid != 0) if (timestamp_uid != 0)
set_perms(PERM_TIMESTAMP); set_perms(PERM_TIMESTAMP);
if (*timestampfile) { if (*timestampfile) {
@@ -270,8 +278,6 @@ timestamp_status_internal(bool removing)
if (*timestampfile && status != TS_ERROR) { if (*timestampfile && status != TS_ERROR) {
if (status != TS_MISSING) if (status != TS_MISSING)
status = TS_NOFILE; /* dir there, file missing */ status = TS_NOFILE; /* dir there, file missing */
if (def_tty_tickets && !user_ttypath)
goto done; /* no tty, always prompt */
if (lstat(timestampfile, &sb) == 0) { if (lstat(timestampfile, &sb) == 0) {
if (!S_ISREG(sb.st_mode)) { if (!S_ISREG(sb.st_mode)) {
status = TS_ERROR; status = TS_ERROR;