Store passwd_timeout and timestamp_timeout as a struct timespec

instead of as a float.  Remove timeout argument to auth_getpass()
as it was never used.
This commit is contained in:
Todd C. Miller
2018-01-22 12:18:48 -07:00
parent 44e4aac445
commit 4c0c225062
15 changed files with 83 additions and 72 deletions

View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999-2005, 2007-2016 Todd C. Miller <Todd.Miller@sudo.ws> * Copyright (c) 1999-2005, 2007-2018 Todd C. Miller <Todd.Miller@sudo.ws>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -144,8 +144,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_co
debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH) debug_decl(sudo_aix_verify, SUDOERS_DEBUG_AUTH)
do { do {
pass = auth_getpass(prompt, def_passwd_timeout * 60, pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass == NULL) if (pass == NULL)
break; break;
free(message); free(message);

View File

@@ -121,9 +121,9 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
* S/Key. * S/Key.
*/ */
if ((s = auth_challenge(as)) == NULL) { if ((s = auth_challenge(as)) == NULL) {
pass = auth_getpass(prompt, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
} else { } else {
pass = auth_getpass(s, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass && *pass == '\0') { if (pass && *pass == '\0') {
if ((prompt = strrchr(s, '\n'))) if ((prompt = strrchr(s, '\n')))
prompt++; prompt++;
@@ -142,8 +142,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
free(pass); free(pass);
pass = auth_getpass(s, def_passwd_timeout * 60, pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_ON, callback);
SUDO_CONV_PROMPT_ECHO_ON, callback);
free(s); free(s);
} }
} }

View File

@@ -91,18 +91,16 @@ restart:
/* Get the password/response from the user. */ /* Get the password/response from the user. */
if (strncmp(resp, "challenge ", 10) == 0) { if (strncmp(resp, "challenge ", 10) == 0) {
(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]); (void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
pass = auth_getpass(buf, def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); pass = auth_getpass(buf, SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass && *pass == '\0') { if (pass && *pass == '\0') {
free(pass); free(pass);
pass = auth_getpass("Response [echo on]: ", pass = auth_getpass("Response [echo on]: ",
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_ON, callback); SUDO_CONV_PROMPT_ECHO_ON, callback);
} }
} else if (strncmp(resp, "chalnecho ", 10) == 0) { } else if (strncmp(resp, "chalnecho ", 10) == 0) {
pass = auth_getpass(&resp[10], def_passwd_timeout * 60, pass = auth_getpass(&resp[10], SUDO_CONV_PROMPT_ECHO_OFF, callback);
SUDO_CONV_PROMPT_ECHO_OFF, callback);
} else if (strncmp(resp, "password", 8) == 0) { } else if (strncmp(resp, "password", 8) == 0) {
pass = auth_getpass(prompt, def_passwd_timeout * 60, pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
SUDO_CONV_PROMPT_ECHO_OFF, callback);
} else if (strncmp(resp, "display ", 8) == 0) { } else if (strncmp(resp, "display ", 8) == 0) {
sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]); sudo_printf(SUDO_CONV_INFO_MSG, "%s\n", &resp[8]);
strlcpy(buf, "response dummy", sizeof(buf)); strlcpy(buf, "response dummy", sizeof(buf));

View File

@@ -533,7 +533,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg,
prompt = use_pam_prompt(pm->msg) ? pm->msg : def_prompt; prompt = use_pam_prompt(pm->msg) ? pm->msg : def_prompt;
/* Read the password unless interrupted. */ /* Read the password unless interrupted. */
pass = auth_getpass(prompt, def_passwd_timeout * 60, type, callback); pass = auth_getpass(prompt, type, callback);
if (pass == NULL) { if (pass == NULL) {
/* Error (or ^C) reading password, don't try again. */ /* Error (or ^C) reading password, don't try again. */
getpass_error = true; getpass_error = true;

View File

@@ -145,8 +145,8 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_
int ret; int ret;
debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH) debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH)
pass = auth_getpass("Enter your PASSCODE: ", pass = auth_getpass("Enter your PASSCODE: ", SUDO_CONV_PROMPT_ECHO_OFF,
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); callback);
/* Have ACE verify password */ /* Have ACE verify password */
switch (SD_Check(*sd, pass, pw->pw_name)) { switch (SD_Check(*sd, pass, pw->pw_name)) {
@@ -185,7 +185,7 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_
!!! ATTENTION !!!\n\ !!! ATTENTION !!!\n\
Wait for the token code to change, \n\ Wait for the token code to change, \n\
then enter the new token code.\n", \ then enter the new token code.\n", \
def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF, callback); SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (SD_Next(*sd, pass) == ACM_OK) { if (SD_Next(*sd, pass) == ACM_OK) {
ret = AUTH_SUCCESS; ret = AUTH_SUCCESS;

View File

@@ -84,8 +84,7 @@ sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH) debug_decl(sudo_sia_verify, SUDOERS_DEBUG_AUTH)
/* Get password, return AUTH_INTR if we got ^C */ /* Get password, return AUTH_INTR if we got ^C */
pass = auth_getpass(prompt, def_passwd_timeout * 60, pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass == NULL) if (pass == NULL)
debug_return_int(AUTH_INTR); debug_return_int(AUTH_INTR);

View File

@@ -304,8 +304,7 @@ verify_user(struct passwd *pw, char *prompt, int validated,
/* Get the password unless the auth function will do it for us */ /* Get the password unless the auth function will do it for us */
if (!standalone) { if (!standalone) {
pass = auth_getpass(prompt, def_passwd_timeout * 60, pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
SUDO_CONV_PROMPT_ECHO_OFF, callback);
if (pass == NULL) if (pass == NULL)
break; break;
} }
@@ -422,8 +421,7 @@ sudo_auth_end_session(struct passwd *pw)
* The user is responsible for freeing the returned value. * The user is responsible for freeing the returned value.
*/ */
char * char *
auth_getpass(const char *prompt, int timeout, int type, auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback)
struct sudo_conv_callback *callback)
{ {
struct sudo_conv_message msg; struct sudo_conv_message msg;
struct sudo_conv_reply repl; struct sudo_conv_reply repl;
@@ -448,7 +446,7 @@ auth_getpass(const char *prompt, int timeout, int type,
/* Call conversation function. */ /* Call conversation function. */
memset(&msg, 0, sizeof(msg)); memset(&msg, 0, sizeof(msg));
msg.msg_type = type; msg.msg_type = type;
msg.timeout = def_passwd_timeout * 60; msg.timeout = def_passwd_timeout.tv_sec;
msg.msg = prompt; msg.msg = prompt;
memset(&repl, 0, sizeof(repl)); memset(&repl, 0, sizeof(repl));
sudo_conv(1, &msg, &repl, callback); sudo_conv(1, &msg, &repl, callback);

View File

@@ -48,8 +48,7 @@ typedef struct sudo_auth {
#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
/* Like tgetpass() but uses conversation function */ /* Like tgetpass() but uses conversation function */
char *auth_getpass(const char *prompt, int timeout, int type, char *auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback);
struct sudo_conv_callback *callback);
/* Pointer to conversation function to use with auth_getpass(). */ /* Pointer to conversation function to use with auth_getpass(). */
extern sudo_conv_t sudo_conv; extern sudo_conv_t sudo_conv;

View File

@@ -174,11 +174,11 @@ struct sudo_defs_types sudo_defs_table[] = {
N_("Length at which to wrap log file lines (0 for no wrap): %u"), N_("Length at which to wrap log file lines (0 for no wrap): %u"),
NULL, NULL,
}, { }, {
"timestamp_timeout", T_FLOAT|T_BOOL, "timestamp_timeout", T_TIMESPEC|T_BOOL,
N_("Authentication timestamp timeout: %.1f minutes"), N_("Authentication timestamp timeout: %.1f minutes"),
NULL, NULL,
}, { }, {
"passwd_timeout", T_FLOAT|T_BOOL, "passwd_timeout", T_TIMESPEC|T_BOOL,
N_("Password prompt timeout: %.1f minutes"), N_("Password prompt timeout: %.1f minutes"),
NULL, NULL,
}, { }, {

View File

@@ -67,9 +67,9 @@
#define I_LOGLINELEN 33 #define I_LOGLINELEN 33
#define def_loglinelen (sudo_defs_table[I_LOGLINELEN].sd_un.uival) #define def_loglinelen (sudo_defs_table[I_LOGLINELEN].sd_un.uival)
#define I_TIMESTAMP_TIMEOUT 34 #define I_TIMESTAMP_TIMEOUT 34
#define def_timestamp_timeout (sudo_defs_table[I_TIMESTAMP_TIMEOUT].sd_un.fval) #define def_timestamp_timeout (sudo_defs_table[I_TIMESTAMP_TIMEOUT].sd_un.tspec)
#define I_PASSWD_TIMEOUT 35 #define I_PASSWD_TIMEOUT 35
#define def_passwd_timeout (sudo_defs_table[I_PASSWD_TIMEOUT].sd_un.fval) #define def_passwd_timeout (sudo_defs_table[I_PASSWD_TIMEOUT].sd_un.tspec)
#define I_PASSWD_TRIES 36 #define I_PASSWD_TRIES 36
#define def_passwd_tries (sudo_defs_table[I_PASSWD_TRIES].sd_un.uival) #define def_passwd_tries (sudo_defs_table[I_PASSWD_TRIES].sd_un.uival)
#define I_UMASK 37 #define I_UMASK 37

View File

@@ -114,10 +114,10 @@ loglinelen
T_UINT|T_BOOL T_UINT|T_BOOL
"Length at which to wrap log file lines (0 for no wrap): %u" "Length at which to wrap log file lines (0 for no wrap): %u"
timestamp_timeout timestamp_timeout
T_FLOAT|T_BOOL T_TIMESPEC|T_BOOL
"Authentication timestamp timeout: %.1f minutes" "Authentication timestamp timeout: %.1f minutes"
passwd_timeout passwd_timeout
T_FLOAT|T_BOOL T_TIMESPEC|T_BOOL
"Password prompt timeout: %.1f minutes" "Password prompt timeout: %.1f minutes"
passwd_tries passwd_tries
T_UINT T_UINT

View File

@@ -105,7 +105,7 @@ static bool store_syslogpri(const char *str, union sudo_defs_val *sd_un);
static bool store_timeout(const char *str, union sudo_defs_val *sd_un); static bool store_timeout(const char *str, union sudo_defs_val *sd_un);
static bool store_tuple(const char *str, union sudo_defs_val *sd_un, struct def_values *tuple_vals); static bool store_tuple(const char *str, union sudo_defs_val *sd_un, struct def_values *tuple_vals);
static bool store_uint(const char *str, union sudo_defs_val *sd_un); static bool store_uint(const char *str, union sudo_defs_val *sd_un);
static bool store_float(const char *str, union sudo_defs_val *sd_un); static bool store_timespec(const char *str, union sudo_defs_val *sd_un);
static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op); static bool list_op(const char *str, size_t, union sudo_defs_val *sd_un, enum list_ops op);
static const char *logfac2str(int); static const char *logfac2str(int);
static const char *logpri2str(int); static const char *logpri2str(int);
@@ -163,10 +163,14 @@ dump_defaults(void)
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival); sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.uival);
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
break; break;
case T_FLOAT: case T_TIMESPEC: {
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.fval); /* display time spec in minutes as a double */
double d = cur->sd_un.tspec.tv_sec / 60.0;
d += cur->sd_un.tspec.tv_nsec / 1000000000.0;
sudo_printf(SUDO_CONV_INFO_MSG, desc, d);
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
break; break;
}
case T_MODE: case T_MODE:
sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode); sudo_printf(SUDO_CONV_INFO_MSG, desc, cur->sd_un.mode);
sudo_printf(SUDO_CONV_INFO_MSG, "\n"); sudo_printf(SUDO_CONV_INFO_MSG, "\n");
@@ -305,9 +309,6 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
case T_UINT: case T_UINT:
rc = store_uint(val, sd_un); rc = store_uint(val, sd_un);
break; break;
case T_FLOAT:
rc = store_float(val, sd_un);
break;
case T_MODE: case T_MODE:
rc = store_mode(val, sd_un); rc = store_mode(val, sd_un);
break; break;
@@ -337,6 +338,9 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
case T_TUPLE: case T_TUPLE:
rc = store_tuple(val, sd_un, def->values); rc = store_tuple(val, sd_un, def->values);
break; break;
case T_TIMESPEC:
rc = store_timespec(val, sd_un);
break;
default: default:
if (!quiet) { if (!quiet) {
if (lineno > 0) { if (lineno > 0) {
@@ -585,8 +589,8 @@ init_defaults(void)
def_umask = ACCESSPERMS; def_umask = ACCESSPERMS;
#endif #endif
def_loglinelen = MAXLOGFILELEN; def_loglinelen = MAXLOGFILELEN;
def_timestamp_timeout = TIMEOUT; def_timestamp_timeout.tv_sec = TIMEOUT * 60;
def_passwd_timeout = PASSWORD_TIMEOUT; def_passwd_timeout.tv_sec = PASSWORD_TIMEOUT * 60;
def_passwd_tries = TRIES_FOR_PASSWORD; def_passwd_tries = TRIES_FOR_PASSWORD;
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
def_compress_io = true; def_compress_io = true;
@@ -848,20 +852,25 @@ store_uint(const char *str, union sudo_defs_val *sd_un)
} }
static bool static bool
store_float(const char *str, union sudo_defs_val *sd_un) store_timespec(const char *str, union sudo_defs_val *sd_un)
{ {
char *endp; char *endp;
double d; double d;
debug_decl(store_float, SUDOERS_DEBUG_DEFAULTS) debug_decl(store_timespec, SUDOERS_DEBUG_DEFAULTS)
if (str == NULL) { if (str == NULL) {
sd_un->fval = 0.0; sd_un->tspec.tv_sec = 0;
sd_un->tspec.tv_nsec = 0;
} else { } else {
d = strtod(str, &endp); d = strtod(str, &endp);
if (*endp != '\0') if (*endp != '\0')
debug_return_bool(false); debug_return_bool(false);
/* XXX - should check against HUGE_VAL */ /* XXX - should check against HUGE_VAL */
sd_un->fval = d;
/* Convert from minutes to seconds and nanoseconds. */
d *= 60.0;
sd_un->tspec.tv_sec = (time_t)d;
sd_un->tspec.tv_nsec = (long)(d - sd_un->tspec.tv_sec) * 1000000000L;
} }
debug_return_bool(true); debug_return_bool(true);
} }

View File

@@ -22,6 +22,7 @@
#ifndef SUDOERS_DEFAULTS_H #ifndef SUDOERS_DEFAULTS_H
#define SUDOERS_DEFAULTS_H #define SUDOERS_DEFAULTS_H
#include <time.h>
#include <def_data.h> #include <def_data.h>
struct list_member { struct list_member {
@@ -47,10 +48,10 @@ union sudo_defs_val {
int flag; int flag;
int ival; int ival;
unsigned int uival; unsigned int uival;
double fval;
enum def_tuple tuple; enum def_tuple tuple;
char *str; char *str;
mode_t mode; mode_t mode;
struct timespec tspec;
struct list_members list; struct list_members list;
}; };
@@ -76,7 +77,7 @@ struct early_default {
/* /*
* Four types of defaults: strings, integers, and flags. * Four types of defaults: strings, integers, and flags.
* Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that * Also, T_INT, T_TIMESPEC or T_STR may be ANDed with T_BOOL to indicate that
* a value is not required. Flags are boolean by nature... * a value is not required. Flags are boolean by nature...
*/ */
#undef T_INT #undef T_INT
@@ -97,8 +98,8 @@ struct early_default {
#define T_LOGPRI 0x008 #define T_LOGPRI 0x008
#undef T_TUPLE #undef T_TUPLE
#define T_TUPLE 0x009 #define T_TUPLE 0x009
#undef T_FLOAT #undef T_TIMESPEC
#define T_FLOAT 0x010 #define T_TIMESPEC 0x010
#undef T_TIMEOUT #undef T_TIMEOUT
#define T_TIMEOUT 0x020 #define T_TIMEOUT 0x020
#undef T_MASK #undef T_MASK

View File

@@ -146,7 +146,7 @@ sub print_record {
elsif (/^T_LOGFAC/) { $v = "ival"; } elsif (/^T_LOGFAC/) { $v = "ival"; }
elsif (/^T_LOGPRI/) { $v = "ival"; } elsif (/^T_LOGPRI/) { $v = "ival"; }
elsif (/^T_TUPLE/) { $v = "tuple"; } elsif (/^T_TUPLE/) { $v = "tuple"; }
elsif (/^T_FLOAT/) { $v = "fval"; } elsif (/^T_TIMESPEC/) { $v = "tspec"; }
elsif (/^T_TIMEOUT/) { $v = "ival"; } elsif (/^T_TIMEOUT/) { $v = "ival"; }
else { die "$0: unknown defaults type: $_\n"; } else { die "$0: unknown defaults type: $_\n"; }
} }

View File

@@ -381,7 +381,7 @@ timestamp_open(const char *user, pid_t sid)
debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH) debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH)
/* Zero timeout means don't use the time stamp file. */ /* Zero timeout means don't use the time stamp file. */
if (def_timestamp_timeout == 0.0) { if (!sudo_timespecisset(&def_timestamp_timeout)) {
errno = ENOENT; errno = ENOENT;
goto bad; goto bad;
} }
@@ -720,13 +720,13 @@ timestamp_status(void *vcookie, struct passwd *pw)
{ {
struct ts_cookie *cookie = vcookie; struct ts_cookie *cookie = vcookie;
struct timestamp_entry entry; struct timestamp_entry entry;
struct timespec diff, now, timeout; struct timespec diff, now;
int status = TS_ERROR; /* assume the worst */ int status = TS_ERROR; /* assume the worst */
ssize_t nread; ssize_t nread;
debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH) debug_decl(timestamp_status, SUDOERS_DEBUG_AUTH)
/* Zero timeout means don't use time stamp files. */ /* Zero timeout means don't use time stamp files. */
if (def_timestamp_timeout == 0.0) { if (!sudo_timespecisset(&def_timestamp_timeout)) {
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"timestamps disabled"); "timestamps disabled");
status = TS_OLD; status = TS_OLD;
@@ -781,7 +781,8 @@ timestamp_status(void *vcookie, struct passwd *pw)
} }
/* Negative timeouts only expire manually (sudo -k). */ /* Negative timeouts only expire manually (sudo -k). */
if (def_timestamp_timeout < 0) { sudo_timespecclear(&diff);
if (sudo_timespeccmp(&def_timestamp_timeout, &diff, <)) {
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"time stamp record does not expire"); "time stamp record does not expire");
status = TS_CURRENT; status = TS_CURRENT;
@@ -795,12 +796,9 @@ timestamp_status(void *vcookie, struct passwd *pw)
goto done; goto done;
} }
sudo_timespecsub(&now, &entry.ts, &diff); sudo_timespecsub(&now, &entry.ts, &diff);
timeout.tv_sec = 60 * def_timestamp_timeout; if (sudo_timespeccmp(&diff, &def_timestamp_timeout, <)) {
timeout.tv_nsec = ((60.0 * def_timestamp_timeout) - (double)timeout.tv_sec)
* 1000000000.0;
if (sudo_timespeccmp(&diff, &timeout, <)) {
status = TS_CURRENT; status = TS_CURRENT;
#ifdef CLOCK_MONOTONIC #if defined(CLOCK_MONOTONIC) || defined(__MACH__)
/* A monotonic clock should never run backwards. */ /* A monotonic clock should never run backwards. */
if (diff.tv_sec < 0) { if (diff.tv_sec < 0) {
log_warningx(SLOG_SEND_MAIL, log_warningx(SLOG_SEND_MAIL,
@@ -810,10 +808,21 @@ timestamp_status(void *vcookie, struct passwd *pw)
(void)ts_write(cookie->fd, cookie->fname, &entry, cookie->pos); (void)ts_write(cookie->fd, cookie->fname, &entry, cookie->pos);
} }
#else #else
/* Check for bogus (future) time in the stampfile. */ /*
* Check for bogus (future) time in the stampfile.
* If diff / 2 > timeout, someone has been fooling with the clock.
*/
sudo_timespecsub(&entry.ts, &now, &diff); sudo_timespecsub(&entry.ts, &now, &diff);
timeout.tv_sec *= 2; diff.tv_nsec /= 2;
if (sudo_timespeccmp(&diff, &timeout, >)) { if (diff.tv_sec & 1)
diff.tv_nsec += 500000000;
diff.tv_sec /= 2;
while (diff.tv_nsec >= 1000000000) {
diff.tv_sec++;
diff.tv_nsec -= 1000000000;
}
if (sudo_timespeccmp(&diff, &def_timestamp_timeout, >)) {
time_t tv_sec = (time_t)entry.ts.tv_sec; time_t tv_sec = (time_t)entry.ts.tv_sec;
log_warningx(SLOG_SEND_MAIL, log_warningx(SLOG_SEND_MAIL,
N_("time stamp too far in the future: %20.20s"), N_("time stamp too far in the future: %20.20s"),
@@ -843,7 +852,7 @@ timestamp_update(void *vcookie, struct passwd *pw)
debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH) debug_decl(timestamp_update, SUDOERS_DEBUG_AUTH)
/* Zero timeout means don't use time stamp files. */ /* Zero timeout means don't use time stamp files. */
if (def_timestamp_timeout == 0.0) { if (!sudo_timespecisset(&def_timestamp_timeout)) {
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"timestamps disabled"); "timestamps disabled");
goto done; goto done;
@@ -858,7 +867,7 @@ timestamp_update(void *vcookie, struct passwd *pw)
#ifdef TIOCSETVERAUTH #ifdef TIOCSETVERAUTH
int fd = open(_PATH_TTY, O_RDWR); int fd = open(_PATH_TTY, O_RDWR);
if (fd != -1) { if (fd != -1) {
int secs = 60 * def_timestamp_timeout; int secs = def_timestamp_timeout.tv_sec;
ioctl(fd, TIOCSETVERAUTH, &secs); ioctl(fd, TIOCSETVERAUTH, &secs);
close(fd); close(fd);
} }