Pass tty device number from front-end to policy module.
GitHub issue #329
This commit is contained in:
Todd C. Miller
@@ -153,6 +153,13 @@ struct sudo_conf_debug_file_list;
|
|||||||
"<- %s @ %s:%d := %ld", (_func), (_file), (_line), (_ret)); \
|
"<- %s @ %s:%d := %ld", (_func), (_file), (_line), (_ret)); \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
# define sudo_debug_exit_dev_t(_func, _file, _line, _sys, _ret) \
|
||||||
|
do { \
|
||||||
|
sudo_debug_printf2(NULL, NULL, 0, (_sys) | SUDO_DEBUG_TRACE, \
|
||||||
|
"<- %s @ %s:%d := %lu", (_func), (_file), (_line), \
|
||||||
|
(unsigned long)(_ret)); \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
# if SIZEOF_ID_T == 8
|
# if SIZEOF_ID_T == 8
|
||||||
# define sudo_debug_exit_id_t(_func, _file, _line, _sys, _ret) \
|
# define sudo_debug_exit_id_t(_func, _file, _line, _sys, _ret) \
|
||||||
do { \
|
do { \
|
||||||
@@ -267,6 +274,14 @@ struct sudo_conf_debug_file_list;
|
|||||||
return sudo_debug_ret; \
|
return sudo_debug_ret; \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
#define debug_return_dev_t(ret) \
|
||||||
|
do { \
|
||||||
|
dev_t sudo_debug_ret = (ret); \
|
||||||
|
sudo_debug_exit_dev_t(__func__, __FILE__, __LINE__, sudo_debug_subsys,\
|
||||||
|
sudo_debug_ret); \
|
||||||
|
return sudo_debug_ret; \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
#define debug_return_id_t(ret) \
|
#define debug_return_id_t(ret) \
|
||||||
do { \
|
do { \
|
||||||
id_t sudo_debug_ret = (ret); \
|
id_t sudo_debug_ret = (ret); \
|
||||||
|
|||||||
@@ -507,8 +507,9 @@ static char **
|
|||||||
get_user_info(struct user_details *ud)
|
get_user_info(struct user_details *ud)
|
||||||
{
|
{
|
||||||
char *cp, **info, path[PATH_MAX];
|
char *cp, **info, path[PATH_MAX];
|
||||||
size_t info_max = 32 + RLIM_NLIMITS;
|
size_t info_max = 33 + RLIM_NLIMITS;
|
||||||
size_t i = 0, n;
|
size_t i = 0, n;
|
||||||
|
dev_t ttydev;
|
||||||
mode_t mask;
|
mode_t mask;
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
int ttyfd;
|
int ttyfd;
|
||||||
@@ -617,7 +618,10 @@ get_user_info(struct user_details *ud)
|
|||||||
ud->cwd = info[i] + sizeof("cwd=") - 1;
|
ud->cwd = info[i] + sizeof("cwd=") - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (get_process_ttyname(path, sizeof(path)) != NULL) {
|
ttydev = get_process_ttyname(path, sizeof(path));
|
||||||
|
if (ttydev != (dev_t)-1) {
|
||||||
|
if (asprintf(&info[++i], "ttydev=%llu", (unsigned long long)ttydev) == -1)
|
||||||
|
goto oom;
|
||||||
info[++i] = sudo_new_key_val("tty", path);
|
info[++i] = sudo_new_key_val("tty", path);
|
||||||
if (info[i] == NULL)
|
if (info[i] == NULL)
|
||||||
goto oom;
|
goto oom;
|
||||||
|
|||||||
@@ -317,7 +317,7 @@ char *getenv_unhooked(const char *name);
|
|||||||
int get_net_ifs(char **addrinfo);
|
int get_net_ifs(char **addrinfo);
|
||||||
|
|
||||||
/* ttyname.c */
|
/* ttyname.c */
|
||||||
char *get_process_ttyname(char *name, size_t namelen);
|
dev_t get_process_ttyname(char *name, size_t namelen);
|
||||||
bool sudo_isatty(int fd, struct stat *sb);
|
bool sudo_isatty(int fd, struct stat *sb);
|
||||||
|
|
||||||
/* signal.c */
|
/* signal.c */
|
||||||
|
|||||||
105
src/ttyname.c
105
src/ttyname.c
@@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-License-Identifier: ISC
|
* SPDX-License-Identifier: ISC
|
||||||
*
|
*
|
||||||
* Copyright (c) 2012-2022 Todd C. Miller <Todd.Miller@sudo.ws>
|
* Copyright (c) 2012-2023 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@@ -97,13 +97,13 @@
|
|||||||
* Store the name of the tty to which the process is attached in name.
|
* Store the name of the tty to which the process is attached in name.
|
||||||
* Returns name on success and NULL on failure, setting errno.
|
* Returns name on success and NULL on failure, setting errno.
|
||||||
*/
|
*/
|
||||||
char *
|
dev_t
|
||||||
get_process_ttyname(char *name, size_t namelen)
|
get_process_ttyname(char *name, size_t namelen)
|
||||||
{
|
{
|
||||||
struct sudo_kinfo_proc *ki_proc = NULL;
|
struct sudo_kinfo_proc *ki_proc = NULL;
|
||||||
size_t size = sizeof(*ki_proc);
|
size_t size = sizeof(*ki_proc);
|
||||||
int mib[6], rc, serrno = errno;
|
int mib[6], rc, serrno = errno;
|
||||||
char *ret = NULL;
|
dev_t ttydev = (dev_t)-1;
|
||||||
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -133,11 +133,12 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
if (rc != -1) {
|
if (rc != -1) {
|
||||||
if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) {
|
if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) {
|
||||||
errno = serrno;
|
errno = serrno;
|
||||||
ret = sudo_ttyname_dev((dev_t)ki_proc->sudo_kp_tdev, name, namelen);
|
ttydev = (dev_t)ki_proc->sudo_kp_tdev;
|
||||||
if (ret == NULL) {
|
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
|
||||||
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
sudo_warnx(
|
||||||
"unable to map device number %lu to name",
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
(unsigned long)ki_proc->sudo_kp_tdev);
|
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@@ -146,18 +147,19 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
}
|
}
|
||||||
free(ki_proc);
|
free(ki_proc);
|
||||||
|
|
||||||
debug_return_str(ret);
|
debug_return_dev_t(ttydev);
|
||||||
}
|
}
|
||||||
#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
|
#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
|
||||||
/*
|
/*
|
||||||
* Store the name of the tty to which the process is attached in name.
|
* Store the name of the tty to which the process is attached in name.
|
||||||
* Returns name on success and NULL on failure, setting errno.
|
* Returns name on success and NULL on failure, setting errno.
|
||||||
*/
|
*/
|
||||||
char *
|
dev_t
|
||||||
get_process_ttyname(char *name, size_t namelen)
|
get_process_ttyname(char *name, size_t namelen)
|
||||||
{
|
{
|
||||||
char path[PATH_MAX], *ret = NULL;
|
dev_t ttydev = (dev_t)-1;
|
||||||
struct psinfo psinfo;
|
struct psinfo psinfo;
|
||||||
|
char path[PATH_MAX];
|
||||||
ssize_t nread;
|
ssize_t nread;
|
||||||
int fd, serrno = errno;
|
int fd, serrno = errno;
|
||||||
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
||||||
@@ -168,14 +170,19 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
nread = read(fd, &psinfo, sizeof(psinfo));
|
nread = read(fd, &psinfo, sizeof(psinfo));
|
||||||
close(fd);
|
close(fd);
|
||||||
if (nread == (ssize_t)sizeof(psinfo)) {
|
if (nread == (ssize_t)sizeof(psinfo)) {
|
||||||
dev_t rdev = (dev_t)psinfo.pr_ttydev;
|
ttydev = (dev_t)psinfo.pr_ttydev;
|
||||||
#if defined(_AIX) && defined(DEVNO64)
|
#if defined(_AIX) && defined(DEVNO64)
|
||||||
if ((psinfo.pr_ttydev & DEVNO64) && sizeof(dev_t) == 4)
|
if ((psinfo.pr_ttydev & DEVNO64) && sizeof(dev_t) == 4)
|
||||||
rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev));
|
ttydev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev));
|
||||||
#endif
|
#endif
|
||||||
if (rdev != (dev_t)-1) {
|
if (ttydev != (dev_t)-1) {
|
||||||
errno = serrno;
|
errno = serrno;
|
||||||
ret = sudo_ttyname_dev(rdev, name, namelen);
|
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
|
||||||
|
sudo_warnx(
|
||||||
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
|
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
|
}
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -186,7 +193,13 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
/* Missing /proc/pid/psinfo file. */
|
/* Missing /proc/pid/psinfo file. */
|
||||||
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
|
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
|
||||||
if (sudo_isatty(i, &sb)) {
|
if (sudo_isatty(i, &sb)) {
|
||||||
ret = sudo_ttyname_dev(sb.st_rdev, name, namelen);
|
ttydev = sb.st_rdev;
|
||||||
|
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
|
||||||
|
sudo_warnx(
|
||||||
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
|
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
|
}
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -194,23 +207,23 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
|
|
||||||
done:
|
done:
|
||||||
if (ret == NULL)
|
if (ttydev == (dev_t)-1)
|
||||||
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
||||||
"unable to resolve tty via %s", path);
|
"unable to resolve tty via %s", path);
|
||||||
|
|
||||||
debug_return_str(ret);
|
debug_return_dev_t(ttydev);
|
||||||
}
|
}
|
||||||
#elif defined(__linux__)
|
#elif defined(__linux__)
|
||||||
/*
|
/*
|
||||||
* Store the name of the tty to which the process is attached in name.
|
* Store the name of the tty to which the process is attached in name.
|
||||||
* Returns name on success and NULL on failure, setting errno.
|
* Returns name on success and NULL on failure, setting errno.
|
||||||
*/
|
*/
|
||||||
char *
|
dev_t
|
||||||
get_process_ttyname(char *name, size_t namelen)
|
get_process_ttyname(char *name, size_t namelen)
|
||||||
{
|
{
|
||||||
const char path[] = "/proc/self/stat";
|
const char path[] = "/proc/self/stat";
|
||||||
|
dev_t ttydev = (dev_t)-1;
|
||||||
char *cp, buf[1024];
|
char *cp, buf[1024];
|
||||||
char *ret = NULL;
|
|
||||||
int serrno = errno;
|
int serrno = errno;
|
||||||
pid_t ppid = 0;
|
pid_t ppid = 0;
|
||||||
ssize_t nread;
|
ssize_t nread;
|
||||||
@@ -264,9 +277,14 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
* signed int but the actual device number is an
|
* signed int but the actual device number is an
|
||||||
* unsigned int and dev_t is unsigned long long.
|
* unsigned int and dev_t is unsigned long long.
|
||||||
*/
|
*/
|
||||||
dev_t tdev = (unsigned int)tty_nr;
|
ttydev = (unsigned int)tty_nr;
|
||||||
errno = serrno;
|
errno = serrno;
|
||||||
ret = sudo_ttyname_dev(tdev, name, namelen);
|
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
|
||||||
|
sudo_warnx(
|
||||||
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
|
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
|
}
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -288,7 +306,13 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
/* No parent pid found, /proc/self/stat is missing or corrupt. */
|
/* No parent pid found, /proc/self/stat is missing or corrupt. */
|
||||||
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
|
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
|
||||||
if (sudo_isatty(i, &sb)) {
|
if (sudo_isatty(i, &sb)) {
|
||||||
ret = sudo_ttyname_dev(sb.st_rdev, name, namelen);
|
ttydev = sb.st_rdev;
|
||||||
|
if (sudo_ttyname_dev(sb.st_rdev, name, namelen) == NULL) {
|
||||||
|
sudo_warnx(
|
||||||
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
|
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
|
}
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -298,23 +322,23 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
done:
|
done:
|
||||||
if (fd != -1)
|
if (fd != -1)
|
||||||
close(fd);
|
close(fd);
|
||||||
if (ret == NULL)
|
if (ttydev == (dev_t)-1)
|
||||||
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
||||||
"unable to resolve tty via %s", path);
|
"unable to resolve tty via %s", path);
|
||||||
|
|
||||||
debug_return_str(ret);
|
debug_return_dev_t(ttydev);
|
||||||
}
|
}
|
||||||
#elif defined(HAVE_PSTAT_GETPROC)
|
#elif defined(HAVE_PSTAT_GETPROC)
|
||||||
/*
|
/*
|
||||||
* Store the name of the tty to which the process is attached in name.
|
* Store the name of the tty to which the process is attached in name.
|
||||||
* Returns name on success and NULL on failure, setting errno.
|
* Returns name on success and NULL on failure, setting errno.
|
||||||
*/
|
*/
|
||||||
char *
|
dev_t
|
||||||
get_process_ttyname(char *name, size_t namelen)
|
get_process_ttyname(char *name, size_t namelen)
|
||||||
{
|
{
|
||||||
struct pst_status pst;
|
dev_t ttydev = (dev_t)-1;
|
||||||
char *ret = NULL;
|
|
||||||
int rc, serrno = errno;
|
int rc, serrno = errno;
|
||||||
|
struct pst_status pst;
|
||||||
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -326,26 +350,31 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
if (rc != -1 || errno == EOVERFLOW) {
|
if (rc != -1 || errno == EOVERFLOW) {
|
||||||
if (pst.pst_term.psd_major != -1 && pst.pst_term.psd_minor != -1) {
|
if (pst.pst_term.psd_major != -1 && pst.pst_term.psd_minor != -1) {
|
||||||
errno = serrno;
|
errno = serrno;
|
||||||
ret = sudo_ttyname_dev(makedev(pst.pst_term.psd_major,
|
ttydev = makedev(pst.pst_term.psd_major, pst.pst_term.psd_minor);
|
||||||
pst.pst_term.psd_minor), name, namelen);
|
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
|
||||||
|
sudo_warnx(
|
||||||
|
U_("unable to find terminal name for device %u, %u"),
|
||||||
|
(unsigned int)pst.pst_term.psd_major,
|
||||||
|
(unsigned int)pst.pst_term.psd_minor);
|
||||||
|
ttydev = (dev_t)-1;
|
||||||
|
}
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
||||||
|
"unable to resolve tty via pstat");
|
||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
|
|
||||||
done:
|
done:
|
||||||
if (ret == NULL)
|
|
||||||
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
|
||||||
"unable to resolve tty via pstat");
|
|
||||||
|
|
||||||
debug_return_str(ret);
|
debug_return_dev_t(ttydev);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
/*
|
/*
|
||||||
* Store the name of the tty to which the process is attached in name.
|
* Store the name of the tty to which the process is attached in name.
|
||||||
* Returns name on success and NULL on failure, setting errno.
|
* Returns name on success and NULL on failure, setting errno.
|
||||||
*/
|
*/
|
||||||
char *
|
dev_t
|
||||||
get_process_ttyname(char *name, size_t namelen)
|
get_process_ttyname(char *name, size_t namelen)
|
||||||
{
|
{
|
||||||
struct stat sb;
|
struct stat sb;
|
||||||
@@ -365,15 +394,15 @@ get_process_ttyname(char *name, size_t namelen)
|
|||||||
sudo_debug_printf(
|
sudo_debug_printf(
|
||||||
SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
||||||
"unable to store tty from ttyname");
|
"unable to store tty from ttyname");
|
||||||
debug_return_str(NULL);
|
debug_return_dev_t(-1);
|
||||||
}
|
}
|
||||||
debug_return_str(name);
|
debug_return_dev_t(sb.st_rdev);
|
||||||
}
|
}
|
||||||
|
|
||||||
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
|
||||||
"unable to resolve tty via ttyname");
|
"unable to resolve tty via ttyname");
|
||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
debug_return_str(NULL);
|
debug_return_dev_t((dev_t)-1);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user