isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Store the session ID in the tty ticket file too. A tty may only

Browse Source 
be in one session at a time so if the session ID doesn't match we
ignore the ticket.
This commit is contained in:
Todd C. Miller
2013-02-08 10:43:14 -05:00
parent af0bb55283
commit 2e08777f25
4 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/policy.c
View File

@@ -270,6 +270,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
continue; continue;
} }
if (MATCHES(*cur, "sid=")) {
sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
continue;
}
} }
if (user_cwd == NULL) if (user_cwd == NULL)
user_cwd = "unknown"; user_cwd = "unknown";

3
plugins/sudoers/sudoers.h
View File

@@ -95,6 +95,7 @@ struct sudo_user {
int flags; int flags;
uid_t uid; uid_t uid;
uid_t gid; uid_t gid;
pid_t sid;
}; };
/* /*
@@ -171,8 +172,8 @@ struct sudo_user {
#define user_name (sudo_user.name) #define user_name (sudo_user.name)
#define user_uid (sudo_user.uid) #define user_uid (sudo_user.uid)
#define user_gid (sudo_user.gid) #define user_gid (sudo_user.gid)
#define user_sid (sudo_user.sid)
#define user_passwd (sudo_user.pw->pw_passwd) #define user_passwd (sudo_user.pw->pw_passwd)
#define user_uuid (sudo_user.uuid)
#define user_dir (sudo_user.pw->pw_dir) #define user_dir (sudo_user.pw->pw_dir)
#define user_gids (sudo_user.gids) #define user_gids (sudo_user.gids)
#define user_ngids (sudo_user.ngids) #define user_ngids (sudo_user.ngids)

3
plugins/sudoers/timestamp.c
View File

@@ -80,13 +80,14 @@ build_timestamp(void)
int len; int len;
debug_decl(build_timestamp, SUDO_DEBUG_AUTH) debug_decl(build_timestamp, SUDO_DEBUG_AUTH)
/* Stash the tty's ctime for tty ticket comparison. */ /* Stash the tty's device, session ID and ctime for ticket comparison. */
if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
tty_info.dev = sb.st_dev; tty_info.dev = sb.st_dev;
tty_info.ino = sb.st_ino; tty_info.ino = sb.st_ino;
tty_info.rdev = sb.st_rdev; tty_info.rdev = sb.st_rdev;
if (tty_is_devpts(user_ttypath)) if (tty_is_devpts(user_ttypath))
ctim_get(&sb, &tty_info.ctime); ctim_get(&sb, &tty_info.ctime);
tty_info.sid = user_sid;
} }
dirparent = def_timestampdir; dirparent = def_timestampdir;

1
plugins/sudoers/timestamp.h
View File

@@ -37,6 +37,7 @@ struct sudo_tty_info {
dev_t rdev; /* tty device ID */ dev_t rdev; /* tty device ID */
ino_t ino; /* tty inode number */ ino_t ino; /* tty inode number */
struct timeval ctime; /* tty inode change time */ struct timeval ctime; /* tty inode change time */
pid_t sid; /* ID of session with controlling tty */
}; };
bool update_timestamp(void); bool update_timestamp(void);