From 5f969cc12aead2570411381bae33c6151ba91fed Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 13 Apr 2012 15:18:40 -0400 Subject: [PATCH] Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. --- doc/sudo_plugin.cat | 31 ++++++++++++++++++++++++++++++- doc/sudo_plugin.man.in | 32 +++++++++++++++++++++++++++++++- doc/sudo_plugin.pod | 37 +++++++++++++++++++++++++++++++++++++ src/sudo.c | 19 ++++++++++++++++++- src/sudo.h | 5 +++++ 5 files changed, 121 insertions(+), 3 deletions(-) diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat index 3b8c9f4e2..8df6232d9 100644 --- a/doc/sudo_plugin.cat +++ b/doc/sudo_plugin.cat @@ -276,12 +276,41 @@ DDEESSCCRRIIPPTTIIOONN equal sign ('=') since the _n_a_m_e field will never include one itself but the _v_a_l_u_e might. + pid=int + The process ID of the running ssuuddoo process. Only available + starting with API version 1.2 + + ppid=int + The parent process ID of the running ssuuddoo process. Only + available starting with API version 1.2 + + sid=int + The session ID of the running ssuuddoo process or 0 if ssuuddoo is + not part of a POSIX job control session. Only available + starting with API version 1.2 + + pgid=int + The ID of the process group that the running ssuuddoo process + belongs to. Only available starting with API version 1.2 + + tcpgid=int + The ID of the forground process group associated with the + terminal device associcated with the ssuuddoo process or -1 if + there is no terminal present. Only available starting with + API version 1.2 + user=string The name of the user invoking ssuuddoo. + euid=uid_t + The effective user ID of the user invoking ssuuddoo. + uid=uid_t The real user ID of the user invoking ssuuddoo. + egid=gid_t + The effective group ID of the user invoking ssuuddoo. + gid=gid_t The real group ID of the user invoking ssuuddoo. @@ -1325,4 +1354,4 @@ DDIISSCCLLAAIIMMEERR -1.8.5 March 28, 2012 SUDO_PLUGIN(1m) +1.8.5 April 13, 2012 SUDO_PLUGIN(1m) diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in index a6f489c0d..746a6afce 100644 --- a/doc/sudo_plugin.man.in +++ b/doc/sudo_plugin.man.in @@ -139,7 +139,7 @@ .\" ======================================================================== .\" .IX Title "SUDO_PLUGIN @mansectsu@" -.TH SUDO_PLUGIN @mansectsu@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS" +.TH SUDO_PLUGIN @mansectsu@ "April 13, 2012" "1.8.5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -424,12 +424,42 @@ When parsing \fIuser_info\fR, the plugin should split on the \fBfirst\fR equal sign ('=') since the \fIname\fR field will never include one itself but the \fIvalue\fR might. .RS 4 +.IP "pid=int" 4 +.IX Item "pid=int" +The process \s-1ID\s0 of the running \fBsudo\fR process. +Only available starting with \s-1API\s0 version 1.2 +.IP "ppid=int" 4 +.IX Item "ppid=int" +The parent process \s-1ID\s0 of the running \fBsudo\fR process. +Only available starting with \s-1API\s0 version 1.2 +.IP "sid=int" 4 +.IX Item "sid=int" +The session \s-1ID\s0 of the running \fBsudo\fR process or 0 if \fBsudo\fR is +not part of a \s-1POSIX\s0 job control session. +Only available starting with \s-1API\s0 version 1.2 +.IP "pgid=int" 4 +.IX Item "pgid=int" +The \s-1ID\s0 of the process group that the running \fBsudo\fR process belongs +to. +Only available starting with \s-1API\s0 version 1.2 +.IP "tcpgid=int" 4 +.IX Item "tcpgid=int" +The \s-1ID\s0 of the forground process group associated with the terminal +device associcated with the \fBsudo\fR process or \-1 if there is no +terminal present. +Only available starting with \s-1API\s0 version 1.2 .IP "user=string" 4 .IX Item "user=string" The name of the user invoking \fBsudo\fR. +.IP "euid=uid_t" 4 +.IX Item "euid=uid_t" +The effective user \s-1ID\s0 of the user invoking \fBsudo\fR. .IP "uid=uid_t" 4 .IX Item "uid=uid_t" The real user \s-1ID\s0 of the user invoking \fBsudo\fR. +.IP "egid=gid_t" 4 +.IX Item "egid=gid_t" +The effective group \s-1ID\s0 of the user invoking \fBsudo\fR. .IP "gid=gid_t" 4 .IX Item "gid=gid_t" The real group \s-1ID\s0 of the user invoking \fBsudo\fR. diff --git a/doc/sudo_plugin.pod b/doc/sudo_plugin.pod index e4ac03d06..d0448adcf 100644 --- a/doc/sudo_plugin.pod +++ b/doc/sudo_plugin.pod @@ -327,14 +327,51 @@ itself but the I might. =over 4 +=item pid=int + +The process ID of the running B process. +Only available starting with API version 1.2 + +=item ppid=int + +The parent process ID of the running B process. +Only available starting with API version 1.2 + +=item sid=int + +The session ID of the running B process or 0 if B is +not part of a POSIX job control session. +Only available starting with API version 1.2 + +=item pgid=int + +The ID of the process group that the running B process belongs +to. +Only available starting with API version 1.2 + +=item tcpgid=int + +The ID of the forground process group associated with the terminal +device associcated with the B process or -1 if there is no +terminal present. +Only available starting with API version 1.2 + =item user=string The name of the user invoking B. +=item euid=uid_t + +The effective user ID of the user invoking B. + =item uid=uid_t The real user ID of the user invoking B. +=item egid=gid_t + +The effective group ID of the user invoking B. + =item gid=gid_t The real group ID of the user invoking B. diff --git a/src/sudo.c b/src/sudo.c index 489ca15c7..c0d0506d2 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -427,12 +427,23 @@ get_user_info(struct user_details *ud) { char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN]; struct passwd *pw; - int i = 0; + int fd, i = 0; debug_decl(get_user_info, SUDO_DEBUG_UTIL) /* XXX - bound check number of entries */ user_info = emalloc2(32, sizeof(char *)); + ud->pid = getpid(); + ud->ppid = getppid(); + ud->pgid = getpgid(0); + ud->tcpgid = (pid_t)-1; + fd = open(_PATH_TTY, O_RDWR|O_NOCTTY|O_NONBLOCK, 0); + if (fd != -1) { + ud->tcpgid = tcgetpgrp(fd); + close(fd); + } + ud->sid = getsid(0); + ud->uid = getuid(); ud->euid = geteuid(); ud->gid = getgid(); @@ -453,6 +464,12 @@ get_user_info(struct user_details *ud) } ud->shell = estrdup(ud->shell); + easprintf(&user_info[++i], "pid=%d", (int)ud->pid); + easprintf(&user_info[++i], "ppid=%d", (int)ud->ppid); + easprintf(&user_info[++i], "pgid=%d", (int)ud->pgid); + easprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid); + easprintf(&user_info[++i], "sid=%d", (int)ud->sid); + easprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid); easprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid); easprintf(&user_info[++i], "gid=%u", (unsigned int)ud->gid); diff --git a/src/sudo.h b/src/sudo.h index 91adbe5c5..f181364d0 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -92,6 +92,11 @@ #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */ struct user_details { + pid_t pid; + pid_t ppid; + pid_t pgid; + pid_t tcpgid; + pid_t sid; uid_t uid; uid_t euid; uid_t gid;