isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Pass tty device number from front-end to policy module.

Browse Source 
GitHub issue #329
This commit is contained in:
Todd C. Miller
2023-11-25 16:26:44 -07:00
parent b9275b7eab
commit 3dfbf9316c
4 changed files with 89 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
include/sudo_debug.h
View File

@@ -153,6 +153,13 @@ struct sudo_conf_debug_file_list;
"<- %s @ %s:%d := %ld", (_func), (_file), (_line), (_ret)); \
} while (0)
# define sudo_debug_exit_dev_t(_func, _file, _line, _sys, _ret) \
do { \
sudo_debug_printf2(NULL, NULL, 0, (_sys) | SUDO_DEBUG_TRACE, \
"<- %s @ %s:%d := %lu", (_func), (_file), (_line), \
(unsigned long)(_ret)); \
} while (0)
# if SIZEOF_ID_T == 8
# define sudo_debug_exit_id_t(_func, _file, _line, _sys, _ret) \
do { \
@@ -267,6 +274,14 @@ struct sudo_conf_debug_file_list;
return sudo_debug_ret; \
} while (0)
#define debug_return_dev_t(ret) \
do { \
dev_t sudo_debug_ret = (ret); \
sudo_debug_exit_dev_t(__func__, __FILE__, __LINE__, sudo_debug_subsys,\
sudo_debug_ret); \
return sudo_debug_ret; \
} while (0)
#define debug_return_id_t(ret) \
do { \
id_t sudo_debug_ret = (ret); \

8
src/sudo.c
View File

@@ -507,8 +507,9 @@ static char **
get_user_info(struct user_details *ud)
{
char *cp, **info, path[PATH_MAX];
size_t info_max = 32 + RLIM_NLIMITS;
size_t info_max = 33 + RLIM_NLIMITS;
size_t i = 0, n;
dev_t ttydev;
mode_t mask;
struct passwd *pw;
int ttyfd;
@@ -617,7 +618,10 @@ get_user_info(struct user_details *ud)
ud->cwd = info[i] + sizeof("cwd=") - 1;
}
if (get_process_ttyname(path, sizeof(path)) != NULL) {
ttydev = get_process_ttyname(path, sizeof(path));
if (ttydev != (dev_t)-1) {
if (asprintf(&info[++i], "ttydev=%llu", (unsigned long long)ttydev) == -1)
goto oom;
info[++i] = sudo_new_key_val("tty", path);
if (info[i] == NULL)
goto oom;

2
src/sudo.h
View File

@@ -317,7 +317,7 @@ char *getenv_unhooked(const char *name);
int get_net_ifs(char **addrinfo);
/* ttyname.c */
char *get_process_ttyname(char *name, size_t namelen);
dev_t get_process_ttyname(char *name, size_t namelen);
bool sudo_isatty(int fd, struct stat *sb);
/* signal.c */

105
src/ttyname.c
View File

@@ -1,7 +1,7 @@
/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2012-2022 Todd C. Miller <Todd.Miller@sudo.ws>
* Copyright (c) 2012-2023 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -97,13 +97,13 @@
* Store the name of the tty to which the process is attached in name.
* Returns name on success and NULL on failure, setting errno.
*/
char *
dev_t
get_process_ttyname(char *name, size_t namelen)
{
struct sudo_kinfo_proc *ki_proc = NULL;
size_t size = sizeof(*ki_proc);
int mib[6], rc, serrno = errno;
char *ret = NULL;
dev_t ttydev = (dev_t)-1;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
/*
@@ -133,11 +133,12 @@ get_process_ttyname(char *name, size_t namelen)
if (rc != -1) {
if ((dev_t)ki_proc->sudo_kp_tdev != (dev_t)-1) {
errno = serrno;
ret = sudo_ttyname_dev((dev_t)ki_proc->sudo_kp_tdev, name, namelen);
if (ret == NULL) {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to map device number %lu to name",
(unsigned long)ki_proc->sudo_kp_tdev);
ttydev = (dev_t)ki_proc->sudo_kp_tdev;
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
ttydev = (dev_t)-1;
}
}
} else {
@@ -146,18 +147,19 @@ get_process_ttyname(char *name, size_t namelen)
}
free(ki_proc);
debug_return_str(ret);
debug_return_dev_t(ttydev);
}
#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
/*
* Store the name of the tty to which the process is attached in name.
* Returns name on success and NULL on failure, setting errno.
*/
char *
dev_t
get_process_ttyname(char *name, size_t namelen)
{
char path[PATH_MAX], *ret = NULL;
dev_t ttydev = (dev_t)-1;
struct psinfo psinfo;
char path[PATH_MAX];
ssize_t nread;
int fd, serrno = errno;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
@@ -168,14 +170,19 @@ get_process_ttyname(char *name, size_t namelen)
nread = read(fd, &psinfo, sizeof(psinfo));
close(fd);
if (nread == (ssize_t)sizeof(psinfo)) {
dev_t rdev = (dev_t)psinfo.pr_ttydev;
ttydev = (dev_t)psinfo.pr_ttydev;
#if defined(_AIX) && defined(DEVNO64)
if ((psinfo.pr_ttydev & DEVNO64) && sizeof(dev_t) == 4)
rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev));
ttydev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev));
#endif
if (rdev != (dev_t)-1) {
if (ttydev != (dev_t)-1) {
errno = serrno;
ret = sudo_ttyname_dev(rdev, name, namelen);
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
ttydev = (dev_t)-1;
}
goto done;
}
}
@@ -186,7 +193,13 @@ get_process_ttyname(char *name, size_t namelen)
/* Missing /proc/pid/psinfo file. */
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
if (sudo_isatty(i, &sb)) {
ret = sudo_ttyname_dev(sb.st_rdev, name, namelen);
ttydev = sb.st_rdev;
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
ttydev = (dev_t)-1;
}
goto done;
}
}
@@ -194,23 +207,23 @@ get_process_ttyname(char *name, size_t namelen)
errno = ENOENT;
done:
if (ret == NULL)
if (ttydev == (dev_t)-1)
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to resolve tty via %s", path);
debug_return_str(ret);
debug_return_dev_t(ttydev);
}
#elif defined(__linux__)
/*
* Store the name of the tty to which the process is attached in name.
* Returns name on success and NULL on failure, setting errno.
*/
char *
dev_t
get_process_ttyname(char *name, size_t namelen)
{
const char path[] = "/proc/self/stat";
dev_t ttydev = (dev_t)-1;
char *cp, buf[1024];
char *ret = NULL;
int serrno = errno;
pid_t ppid = 0;
ssize_t nread;
@@ -264,9 +277,14 @@ get_process_ttyname(char *name, size_t namelen)
* signed int but the actual device number is an
* unsigned int and dev_t is unsigned long long.
*/
dev_t tdev = (unsigned int)tty_nr;
ttydev = (unsigned int)tty_nr;
errno = serrno;
ret = sudo_ttyname_dev(tdev, name, namelen);
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
ttydev = (dev_t)-1;
}
goto done;
}
break;
@@ -288,7 +306,13 @@ get_process_ttyname(char *name, size_t namelen)
/* No parent pid found, /proc/self/stat is missing or corrupt. */
for (i = STDIN_FILENO; i <= STDERR_FILENO; i++) {
if (sudo_isatty(i, &sb)) {
ret = sudo_ttyname_dev(sb.st_rdev, name, namelen);
ttydev = sb.st_rdev;
if (sudo_ttyname_dev(sb.st_rdev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)major(ttydev), (unsigned int)minor(ttydev));
ttydev = (dev_t)-1;
}
goto done;
}
}
@@ -298,23 +322,23 @@ get_process_ttyname(char *name, size_t namelen)
done:
if (fd != -1)
close(fd);
if (ret == NULL)
if (ttydev == (dev_t)-1)
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to resolve tty via %s", path);
debug_return_str(ret);
debug_return_dev_t(ttydev);
}
#elif defined(HAVE_PSTAT_GETPROC)
/*
* Store the name of the tty to which the process is attached in name.
* Returns name on success and NULL on failure, setting errno.
*/
char *
dev_t
get_process_ttyname(char *name, size_t namelen)
{
struct pst_status pst;
char *ret = NULL;
dev_t ttydev = (dev_t)-1;
int rc, serrno = errno;
struct pst_status pst;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
/*
@@ -326,26 +350,31 @@ get_process_ttyname(char *name, size_t namelen)
if (rc != -1 || errno == EOVERFLOW) {
if (pst.pst_term.psd_major != -1 && pst.pst_term.psd_minor != -1) {
errno = serrno;
ret = sudo_ttyname_dev(makedev(pst.pst_term.psd_major,
pst.pst_term.psd_minor), name, namelen);
ttydev = makedev(pst.pst_term.psd_major, pst.pst_term.psd_minor);
if (sudo_ttyname_dev(ttydev, name, namelen) == NULL) {
sudo_warnx(
U_("unable to find terminal name for device %u, %u"),
(unsigned int)pst.pst_term.psd_major,
(unsigned int)pst.pst_term.psd_minor);
ttydev = (dev_t)-1;
}
goto done;
}
}
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to resolve tty via pstat");
errno = ENOENT;
done:
if (ret == NULL)
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to resolve tty via pstat");
debug_return_str(ret);
debug_return_dev_t(ttydev);
}
#else
/*
* Store the name of the tty to which the process is attached in name.
* Returns name on success and NULL on failure, setting errno.
*/
char *
dev_t
get_process_ttyname(char *name, size_t namelen)
{
struct stat sb;
@@ -365,15 +394,15 @@ get_process_ttyname(char *name, size_t namelen)
sudo_debug_printf(
SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to store tty from ttyname");
debug_return_str(NULL);
debug_return_dev_t(-1);
}
debug_return_str(name);
debug_return_dev_t(sb.st_rdev);
}
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to resolve tty via ttyname");
errno = ENOENT;
debug_return_str(NULL);
debug_return_dev_t((dev_t)-1);
}
#endif