Store passwd_timeout and timestamp_timeout as a struct timespec
instead of as a float. Remove timeout argument to auth_getpass() as it was never used.
This commit is contained in:
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1999-2005, 2007-2016 Todd C. Miller <Todd.Miller@sudo.ws>
|
* Copyright (c) 1999-2005, 2007-2018 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@@ -144,8 +144,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
|
|||||||
debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH)
|
debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
do {
|
do {
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60,
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
|
||||||
if (pass == NULL)
|
if (pass == NULL)
|
||||||
break;
|
break;
|
||||||
free(message);
|
free(message);
|
||||||
|
@@ -121,9 +121,9 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
|
|||||||
* S/Key.
|
* S/Key.
|
||||||
*/
|
*/
|
||||||
if ((s = auth_challenge(as)) == NULL) {
|
if ((s = auth_challenge(as)) == NULL) {
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
} else {
|
} else {
|
||||||
pass = auth_getpass(s, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
if (pass && *pass == '\0') {
|
if (pass && *pass == '\0') {
|
||||||
if ((prompt = strrchr(s, '\n')))
|
if ((prompt = strrchr(s, '\n')))
|
||||||
prompt++;
|
prompt++;
|
||||||
@@ -142,8 +142,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
|
|||||||
debug_return_int(AUTH_FATAL);
|
debug_return_int(AUTH_FATAL);
|
||||||
}
|
}
|
||||||
free(pass);
|
free(pass);
|
||||||
pass = auth_getpass(s, def_passwd_timeout * 60,
|
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_ON, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_ON, callback);
|
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -91,18 +91,16 @@ restart:
|
|||||||
/* Get the password/response from the user. */
|
/* Get the password/response from the user. */
|
||||||
if (strncmp(resp, "challenge ", 10) == 0) {
|
if (strncmp(resp, "challenge ", 10) == 0) {
|
||||||
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
|
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
|
||||||
pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
pass = auth_getpass(buf, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
if (pass && *pass == '\0') {
|
if (pass && *pass == '\0') {
|
||||||
free(pass);
|
free(pass);
|
||||||
pass = auth_getpass("Response [echo on]: ",
|
pass = auth_getpass("Response [echo on]: ",
|
||||||
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON, callback);
|
SUDO_CONV_PROMPT_ECHO_ON, callback);
|
||||||
}
|
}
|
||||||
} else if (strncmp(resp, "chalnecho ", 10) == 0) {
|
} else if (strncmp(resp, "chalnecho ", 10) == 0) {
|
||||||
pass = auth_getpass(&resp[10], def_passwd_timeout * 60,
|
pass = auth_getpass(&resp[10], SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
|
||||||
} else if (strncmp(resp, "password", 8) == 0) {
|
} else if (strncmp(resp, "password", 8) == 0) {
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60,
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
|
||||||
} else if (strncmp(resp, "display ", 8) == 0) {
|
} else if (strncmp(resp, "display ", 8) == 0) {
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]);
|
sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]);
|
||||||
strlcpy(buf, "response dummy", sizeof(buf));
|
strlcpy(buf, "response dummy", sizeof(buf));
|
||||||
|
@@ -533,7 +533,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
|
|||||||
prompt = use_pam_prompt(pm->msg) ? pm->msg : def_prompt;
|
prompt = use_pam_prompt(pm->msg) ? pm->msg : def_prompt;
|
||||||
|
|
||||||
/* Read the password unless interrupted. */
|
/* Read the password unless interrupted. */
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60, type, callback);
|
pass = auth_getpass(prompt, type, callback);
|
||||||
if (pass == NULL) {
|
if (pass == NULL) {
|
||||||
/* Error (or ^C) reading password, don't try again. */
|
/* Error (or ^C) reading password, don't try again. */
|
||||||
getpass_error = true;
|
getpass_error = true;
|
||||||
|
@@ -145,8 +145,8 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_
|
|||||||
int ret;
|
int ret;
|
||||||
debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH)
|
debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
pass = auth_getpass("Enter your PASSCODE: ",
|
pass = auth_getpass("Enter your PASSCODE: ", SUDO_CONV_PROMPT_ECHO_OFF,
|
||||||
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
callback);
|
||||||
|
|
||||||
/* Have ACE verify password */
|
/* Have ACE verify password */
|
||||||
switch (SD_Check(*sd, pass, pw->pw_name)) {
|
switch (SD_Check(*sd, pass, pw->pw_name)) {
|
||||||
@@ -185,7 +185,7 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_
|
|||||||
!!! ATTENTION !!!\n\
|
!!! ATTENTION !!!\n\
|
||||||
Wait for the token code to change, \n\
|
Wait for the token code to change, \n\
|
||||||
then enter the new token code.\n", \
|
then enter the new token code.\n", \
|
||||||
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
|
|
||||||
if (SD_Next(*sd, pass) == ACM_OK) {
|
if (SD_Next(*sd, pass) == ACM_OK) {
|
||||||
ret = AUTH_SUCCESS;
|
ret = AUTH_SUCCESS;
|
||||||
|
@@ -84,8 +84,7 @@ sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
|
|||||||
debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH)
|
debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
/* Get password, return AUTH_INTR if we got ^C */
|
/* Get password, return AUTH_INTR if we got ^C */
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60,
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
|
||||||
if (pass == NULL)
|
if (pass == NULL)
|
||||||
debug_return_int(AUTH_INTR);
|
debug_return_int(AUTH_INTR);
|
||||||
|
|
||||||
|
@@ -304,8 +304,7 @@ verify_user(struct passwd *pw, char *prompt, int validated,
|
|||||||
|
|
||||||
/* Get the password unless the auth function will do it for us */
|
/* Get the password unless the auth function will do it for us */
|
||||||
if (!standalone) {
|
if (!standalone) {
|
||||||
pass = auth_getpass(prompt, def_passwd_timeout * 60,
|
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
||||||
SUDO_CONV_PROMPT_ECHO_OFF, callback);
|
|
||||||
if (pass == NULL)
|
if (pass == NULL)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -422,8 +421,7 @@ sudo_auth_end_session(struct passwd *pw)
|
|||||||
* The user is responsible for freeing the returned value.
|
* The user is responsible for freeing the returned value.
|
||||||
*/
|
*/
|
||||||
char *
|
char *
|
||||||
auth_getpass(const char *prompt, int timeout, int type,
|
auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback)
|
||||||
struct sudo_conv_callback *callback)
|
|
||||||
{
|
{
|
||||||
struct sudo_conv_message msg;
|
struct sudo_conv_message msg;
|
||||||
struct sudo_conv_reply repl;
|
struct sudo_conv_reply repl;
|
||||||
@@ -448,7 +446,7 @@ auth_getpass(const char *prompt, int timeout, int type,
|
|||||||
/* Call conversation function. */
|
/* Call conversation function. */
|
||||||
memset(&msg, 0, sizeof(msg));
|
memset(&msg, 0, sizeof(msg));
|
||||||
msg.msg_type = type;
|
msg.msg_type = type;
|
||||||
msg.timeout = def_passwd_timeout * 60;
|
msg.timeout = def_passwd_timeout.tv_sec;
|
||||||
msg.msg = prompt;
|
msg.msg = prompt;
|
||||||
memset(&repl, 0, sizeof(repl));
|
memset(&repl, 0, sizeof(repl));
|
||||||
sudo_conv(1, &msg, &repl, callback);
|
sudo_conv(1, &msg, &repl, callback);
|
||||||
|
@@ -48,8 +48,7 @@ typedef struct sudo_auth {
|
|||||||
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
|
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
|
||||||
|
|
||||||
/* Like tgetpass() but uses conversation function */
|
/* Like tgetpass() but uses conversation function */
|
||||||
char *auth_getpass(const char *prompt, int timeout, int type,
|
char *auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback);
|
||||||
struct sudo_conv_callback *callback);
|
|
||||||
|
|
||||||
/* Pointer to conversation function to use with auth_getpass(). */
|
/* Pointer to conversation function to use with auth_getpass(). */
|
||||||
extern sudo_conv_t sudo_conv;
|
extern sudo_conv_t sudo_conv;
|
||||||
|
@@ -174,11 +174,11 @@ struct sudo_defs_types sudo_defs_table[] = {
|
|||||||
N_("Length at which to wrap log file lines (0 for no wrap): %u"),
|
N_("Length at which to wrap log file lines (0 for no wrap): %u"),
|
||||||
NULL,
|
NULL,
|
||||||
}, {
|
}, {
|
||||||
"timestamp_timeout", T_FLOAT|T_BOOL,
|
"timestamp_timeout", T_TIMESPEC|T_BOOL,
|
||||||
N_("Authentication timestamp timeout: %.1f minutes"),
|
N_("Authentication timestamp timeout: %.1f minutes"),
|
||||||
NULL,
|
NULL,
|
||||||
}, {
|
}, {
|
||||||
"passwd_timeout", T_FLOAT|T_BOOL,
|
"passwd_timeout", T_TIMESPEC|T_BOOL,
|
||||||
N_("Password prompt timeout: %.1f minutes"),
|
N_("Password prompt timeout: %.1f minutes"),
|
||||||
NULL,
|
NULL,
|
||||||
}, {
|
}, {
|
||||||
|
@@ -67,9 +67,9 @@
|
|||||||
#define I_LOGLINELEN 33
|
#define I_LOGLINELEN 33
|
||||||
#define def_loglinelen (sudo_defs_table[I_LOGLINELEN].sd_un.uival)
|
#define def_loglinelen (sudo_defs_table[I_LOGLINELEN].sd_un.uival)
|
||||||
#define I_TIMESTAMP_TIMEOUT 34
|
#define I_TIMESTAMP_TIMEOUT 34
|
||||||
#define def_timestamp_timeout (sudo_defs_table[I_TIMESTAMP_TIMEOUT].sd_un.fval)
|
#define def_timestamp_timeout (sudo_defs_table[I_TIMESTAMP_TIMEOUT].sd_un.tspec)
|
||||||
#define I_PASSWD_TIMEOUT 35
|
#define I_PASSWD_TIMEOUT 35
|
||||||
#define def_passwd_timeout (sudo_defs_table[I_PASSWD_TIMEOUT].sd_un.fval)
|
#define def_passwd_timeout (sudo_defs_table[I_PASSWD_TIMEOUT].sd_un.tspec)
|
||||||
#define I_PASSWD_TRIES 36
|
#define I_PASSWD_TRIES 36
|
||||||
#define def_passwd_tries (sudo_defs_table[I_PASSWD_TRIES].sd_un.uival)
|
#define def_passwd_tries (sudo_defs_table[I_PASSWD_TRIES].sd_un.uival)
|
||||||
#define I_UMASK 37
|
#define I_UMASK 37
|
||||||
|
@@ -114,10 +114,10 @@ loglinelen
|
|||||||
T_UINT|T_BOOL
|
T_UINT|T_BOOL
|
||||||
"Length at which to wrap log file lines (0 for no wrap): %u"
|
"Length at which to wrap log file lines (0 for no wrap): %u"
|
||||||
timestamp_timeout
|
timestamp_timeout
|
||||||
T_FLOAT|T_BOOL
|
T_TIMESPEC|T_BOOL
|
||||||
"Authentication timestamp timeout: %.1f minutes"
|
"Authentication timestamp timeout: %.1f minutes"
|
||||||
passwd_timeout
|
passwd_timeout
|
||||||
T_FLOAT|T_BOOL
|
T_TIMESPEC|T_BOOL
|
||||||
"Password prompt timeout: %.1f minutes"
|
"Password prompt timeout: %.1f minutes"
|
||||||
passwd_tries
|
passwd_tries
|
||||||
T_UINT
|
T_UINT
|
||||||
|
@@ -105,7 +105,7 @@ static bool store_syslogpri(const char *str, union sudo_defs_val *sd_un);
|
|||||||
static bool store_timeout(const char *str, union sudo_defs_val *sd_un);
|
static bool store_timeout(const char *str, union sudo_defs_val *sd_un);
|
||||||
static bool store_tuple(const char *str, union sudo_defs_val *sd_un, struct def_values *tuple_vals);
|
static bool store_tuple(const char *str, union sudo_defs_val *sd_un, struct def_values *tuple_vals);
|
||||||
static bool store_uint(const char *str, union sudo_defs_val *sd_un);
|
static bool store_uint(const char *str, union sudo_defs_val *sd_un);
|
||||||
static bool store_float(const char *str, union sudo_defs_val *sd_un);
|
static bool store_timespec(const char *str, union sudo_defs_val *sd_un);
|
||||||
static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op);
|
static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op);
|
||||||
static const char *logfac2str(int);
|
static const char *logfac2str(int);
|
||||||
static const char *logpri2str(int);
|
static const char *logpri2str(int);
|
||||||
@@ -163,10 +163,14 @@ dump_defaults(void)
|
|||||||
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival);
|
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival);
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
||||||
break;
|
break;
|
||||||
case T_FLOAT:
|
case T_TIMESPEC: {
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval);
|
/* display time spec in minutes as a double */
|
||||||
|
double d = cur->sd_un.tspec.tv_sec / 60.0;
|
||||||
|
d += cur->sd_un.tspec.tv_nsec / 1000000000.0;
|
||||||
|
sudo_printf(SUDO_CONV_INFO_MSG, desc, d);
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
case T_MODE:
|
case T_MODE:
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode);
|
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode);
|
||||||
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
sudo_printf(SUDO_CONV_INFO_MSG, "\n");
|
||||||
@@ -305,9 +309,6 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
|
|||||||
case T_UINT:
|
case T_UINT:
|
||||||
rc = store_uint(val, sd_un);
|
rc = store_uint(val, sd_un);
|
||||||
break;
|
break;
|
||||||
case T_FLOAT:
|
|
||||||
rc = store_float(val, sd_un);
|
|
||||||
break;
|
|
||||||
case T_MODE:
|
case T_MODE:
|
||||||
rc = store_mode(val, sd_un);
|
rc = store_mode(val, sd_un);
|
||||||
break;
|
break;
|
||||||
@@ -337,6 +338,9 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
|
|||||||
case T_TUPLE:
|
case T_TUPLE:
|
||||||
rc = store_tuple(val, sd_un, def->values);
|
rc = store_tuple(val, sd_un, def->values);
|
||||||
break;
|
break;
|
||||||
|
case T_TIMESPEC:
|
||||||
|
rc = store_timespec(val, sd_un);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
if (!quiet) {
|
if (!quiet) {
|
||||||
if (lineno > 0) {
|
if (lineno > 0) {
|
||||||
@@ -585,8 +589,8 @@ init_defaults(void)
|
|||||||
def_umask = ACCESSPERMS;
|
def_umask = ACCESSPERMS;
|
||||||
#endif
|
#endif
|
||||||
def_loglinelen = MAXLOGFILELEN;
|
def_loglinelen = MAXLOGFILELEN;
|
||||||
def_timestamp_timeout = TIMEOUT;
|
def_timestamp_timeout.tv_sec = TIMEOUT * 60;
|
||||||
def_passwd_timeout = PASSWORD_TIMEOUT;
|
def_passwd_timeout.tv_sec = PASSWORD_TIMEOUT * 60;
|
||||||
def_passwd_tries = TRIES_FOR_PASSWORD;
|
def_passwd_tries = TRIES_FOR_PASSWORD;
|
||||||
#ifdef HAVE_ZLIB_H
|
#ifdef HAVE_ZLIB_H
|
||||||
def_compress_io = true;
|
def_compress_io = true;
|
||||||
@@ -848,20 +852,25 @@ store_uint(const char *str, union sudo_defs_val *sd_un)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
store_float(const char *str, union sudo_defs_val *sd_un)
|
store_timespec(const char *str, union sudo_defs_val *sd_un)
|
||||||
{
|
{
|
||||||
char *endp;
|
char *endp;
|
||||||
double d;
|
double d;
|
||||||
debug_decl(store_float, SUDOERS_DEBUG_DEFAULTS)
|
debug_decl(store_timespec, SUDOERS_DEBUG_DEFAULTS)
|
||||||
|
|
||||||
if (str == NULL) {
|
if (str == NULL) {
|
||||||
sd_un->fval = 0.0;
|
sd_un->tspec.tv_sec = 0;
|
||||||
|
sd_un->tspec.tv_nsec = 0;
|
||||||
} else {
|
} else {
|
||||||
d = strtod(str, &endp);
|
d = strtod(str, &endp);
|
||||||
if (*endp != '\0')
|
if (*endp != '\0')
|
||||||
debug_return_bool(false);
|
debug_return_bool(false);
|
||||||
/* XXX - should check against HUGE_VAL */
|
/* XXX - should check against HUGE_VAL */
|
||||||
sd_un->fval = d;
|
|
||||||
|
/* Convert from minutes to seconds and nanoseconds. */
|
||||||
|
d *= 60.0;
|
||||||
|
sd_un->tspec.tv_sec = (time_t)d;
|
||||||
|
sd_un->tspec.tv_nsec = (long)(d - sd_un->tspec.tv_sec) * 1000000000L;
|
||||||
}
|
}
|
||||||
debug_return_bool(true);
|
debug_return_bool(true);
|
||||||
}
|
}
|
||||||
|
@@ -22,6 +22,7 @@
|
|||||||
#ifndef SUDOERS_DEFAULTS_H
|
#ifndef SUDOERS_DEFAULTS_H
|
||||||
#define SUDOERS_DEFAULTS_H
|
#define SUDOERS_DEFAULTS_H
|
||||||
|
|
||||||
|
#include <time.h>
|
||||||
#include <def_data.h>
|
#include <def_data.h>
|
||||||
|
|
||||||
struct list_member {
|
struct list_member {
|
||||||
@@ -47,10 +48,10 @@ union sudo_defs_val {
|
|||||||
int flag;
|
int flag;
|
||||||
int ival;
|
int ival;
|
||||||
unsigned int uival;
|
unsigned int uival;
|
||||||
double fval;
|
|
||||||
enum def_tuple tuple;
|
enum def_tuple tuple;
|
||||||
char *str;
|
char *str;
|
||||||
mode_t mode;
|
mode_t mode;
|
||||||
|
struct timespec tspec;
|
||||||
struct list_members list;
|
struct list_members list;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -76,7 +77,7 @@ struct early_default {
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Four types of defaults: strings, integers, and flags.
|
* Four types of defaults: strings, integers, and flags.
|
||||||
* Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that
|
* Also, T_INT, T_TIMESPEC or T_STR may be ANDed with T_BOOL to indicate that
|
||||||
* a value is not required. Flags are boolean by nature...
|
* a value is not required. Flags are boolean by nature...
|
||||||
*/
|
*/
|
||||||
#undef T_INT
|
#undef T_INT
|
||||||
@@ -97,8 +98,8 @@ struct early_default {
|
|||||||
#define T_LOGPRI 0x008
|
#define T_LOGPRI 0x008
|
||||||
#undef T_TUPLE
|
#undef T_TUPLE
|
||||||
#define T_TUPLE 0x009
|
#define T_TUPLE 0x009
|
||||||
#undef T_FLOAT
|
#undef T_TIMESPEC
|
||||||
#define T_FLOAT 0x010
|
#define T_TIMESPEC 0x010
|
||||||
#undef T_TIMEOUT
|
#undef T_TIMEOUT
|
||||||
#define T_TIMEOUT 0x020
|
#define T_TIMEOUT 0x020
|
||||||
#undef T_MASK
|
#undef T_MASK
|
||||||
|
@@ -146,7 +146,7 @@ sub print_record {
|
|||||||
elsif (/^T_LOGFAC/) { $v = "ival"; }
|
elsif (/^T_LOGFAC/) { $v = "ival"; }
|
||||||
elsif (/^T_LOGPRI/) { $v = "ival"; }
|
elsif (/^T_LOGPRI/) { $v = "ival"; }
|
||||||
elsif (/^T_TUPLE/) { $v = "tuple"; }
|
elsif (/^T_TUPLE/) { $v = "tuple"; }
|
||||||
elsif (/^T_FLOAT/) { $v = "fval"; }
|
elsif (/^T_TIMESPEC/) { $v = "tspec"; }
|
||||||
elsif (/^T_TIMEOUT/) { $v = "ival"; }
|
elsif (/^T_TIMEOUT/) { $v = "ival"; }
|
||||||
else { die "$0: unknown defaults type: $_\n"; }
|
else { die "$0: unknown defaults type: $_\n"; }
|
||||||
}
|
}
|
||||||
|
@@ -381,7 +381,7 @@ timestamp_open(const char *user, pid_t sid)
|
|||||||
debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH)
|
debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
/* Zero timeout means don't use the time stamp file. */
|
/* Zero timeout means don't use the time stamp file. */
|
||||||
if (def_timestamp_timeout == 0.0) {
|
if (!sudo_timespecisset(&def_timestamp_timeout)) {
|
||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -720,13 +720,13 @@ timestamp_status(void *vcookie, struct passwd *pw)
|
|||||||
{
|
{
|
||||||
struct ts_cookie *cookie = vcookie;
|
struct ts_cookie *cookie = vcookie;
|
||||||
struct timestamp_entry entry;
|
struct timestamp_entry entry;
|
||||||
struct timespec diff, now, timeout;
|
struct timespec diff, now;
|
||||||
int status = TS_ERROR; /* assume the worst */
|
int status = TS_ERROR; /* assume the worst */
|
||||||
ssize_t nread;
|
ssize_t nread;
|
||||||
debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH)
|
debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
/* Zero timeout means don't use time stamp files. */
|
/* Zero timeout means don't use time stamp files. */
|
||||||
if (def_timestamp_timeout == 0.0) {
|
if (!sudo_timespecisset(&def_timestamp_timeout)) {
|
||||||
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
||||||
"timestamps disabled");
|
"timestamps disabled");
|
||||||
status = TS_OLD;
|
status = TS_OLD;
|
||||||
@@ -781,7 +781,8 @@ timestamp_status(void *vcookie, struct passwd *pw)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Negative timeouts only expire manually (sudo -k). */
|
/* Negative timeouts only expire manually (sudo -k). */
|
||||||
if (def_timestamp_timeout < 0) {
|
sudo_timespecclear(&diff);
|
||||||
|
if (sudo_timespeccmp(&def_timestamp_timeout, &diff, <)) {
|
||||||
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
||||||
"time stamp record does not expire");
|
"time stamp record does not expire");
|
||||||
status = TS_CURRENT;
|
status = TS_CURRENT;
|
||||||
@@ -795,12 +796,9 @@ timestamp_status(void *vcookie, struct passwd *pw)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
sudo_timespecsub(&now, &entry.ts, &diff);
|
sudo_timespecsub(&now, &entry.ts, &diff);
|
||||||
timeout.tv_sec = 60 * def_timestamp_timeout;
|
if (sudo_timespeccmp(&diff, &def_timestamp_timeout, <)) {
|
||||||
timeout.tv_nsec = ((60.0 * def_timestamp_timeout) - (double)timeout.tv_sec)
|
|
||||||
* 1000000000.0;
|
|
||||||
if (sudo_timespeccmp(&diff, &timeout, <)) {
|
|
||||||
status = TS_CURRENT;
|
status = TS_CURRENT;
|
||||||
#ifdef CLOCK_MONOTONIC
|
#if defined(CLOCK_MONOTONIC) || defined(__MACH__)
|
||||||
/* A monotonic clock should never run backwards. */
|
/* A monotonic clock should never run backwards. */
|
||||||
if (diff.tv_sec < 0) {
|
if (diff.tv_sec < 0) {
|
||||||
log_warningx(SLOG_SEND_MAIL,
|
log_warningx(SLOG_SEND_MAIL,
|
||||||
@@ -810,10 +808,21 @@ timestamp_status(void *vcookie, struct passwd *pw)
|
|||||||
(void)ts_write(cookie->fd, cookie->fname, &entry, cookie->pos);
|
(void)ts_write(cookie->fd, cookie->fname, &entry, cookie->pos);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
/* Check for bogus (future) time in the stampfile. */
|
/*
|
||||||
|
* Check for bogus (future) time in the stampfile.
|
||||||
|
* If diff / 2 > timeout, someone has been fooling with the clock.
|
||||||
|
*/
|
||||||
sudo_timespecsub(&entry.ts, &now, &diff);
|
sudo_timespecsub(&entry.ts, &now, &diff);
|
||||||
timeout.tv_sec *= 2;
|
diff.tv_nsec /= 2;
|
||||||
if (sudo_timespeccmp(&diff, &timeout, >)) {
|
if (diff.tv_sec & 1)
|
||||||
|
diff.tv_nsec += 500000000;
|
||||||
|
diff.tv_sec /= 2;
|
||||||
|
while (diff.tv_nsec >= 1000000000) {
|
||||||
|
diff.tv_sec++;
|
||||||
|
diff.tv_nsec -= 1000000000;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sudo_timespeccmp(&diff, &def_timestamp_timeout, >)) {
|
||||||
time_t tv_sec = (time_t)entry.ts.tv_sec;
|
time_t tv_sec = (time_t)entry.ts.tv_sec;
|
||||||
log_warningx(SLOG_SEND_MAIL,
|
log_warningx(SLOG_SEND_MAIL,
|
||||||
N_("time stamp too far in the future: %20.20s"),
|
N_("time stamp too far in the future: %20.20s"),
|
||||||
@@ -843,7 +852,7 @@ timestamp_update(void *vcookie, struct passwd *pw)
|
|||||||
debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH)
|
debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH)
|
||||||
|
|
||||||
/* Zero timeout means don't use time stamp files. */
|
/* Zero timeout means don't use time stamp files. */
|
||||||
if (def_timestamp_timeout == 0.0) {
|
if (!sudo_timespecisset(&def_timestamp_timeout)) {
|
||||||
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
|
||||||
"timestamps disabled");
|
"timestamps disabled");
|
||||||
goto done;
|
goto done;
|
||||||
@@ -858,7 +867,7 @@ timestamp_update(void *vcookie, struct passwd *pw)
|
|||||||
#ifdef TIOCSETVERAUTH
|
#ifdef TIOCSETVERAUTH
|
||||||
int fd = open(_PATH_TTY, O_RDWR);
|
int fd = open(_PATH_TTY, O_RDWR);
|
||||||
if (fd != -1) {
|
if (fd != -1) {
|
||||||
int secs = 60 * def_timestamp_timeout;
|
int secs = def_timestamp_timeout.tv_sec;
|
||||||
ioctl(fd, TIOCSETVERAUTH, &secs);
|
ioctl(fd, TIOCSETVERAUTH, &secs);
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user