isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.

Browse Source
This commit is contained in:
Todd C. Miller
2012-04-13 15:18:40 -04:00
parent 89b90fa4cd
commit 5f969cc12a
5 changed files with 121 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
doc/sudo_plugin.cat
View File

@@ -276,12 +276,41 @@ DDEESSCCRRIIPPTTIIOONN
equal sign ('=') since the _n_a_m_e field will never include one equal sign ('=') since the _n_a_m_e field will never include one
itself but the _v_a_l_u_e might. itself but the _v_a_l_u_e might.
pid=int
The process ID of the running ssuuddoo process. Only available
starting with API version 1.2
ppid=int
The parent process ID of the running ssuuddoo process. Only
available starting with API version 1.2
sid=int
The session ID of the running ssuuddoo process or 0 if ssuuddoo is
not part of a POSIX job control session. Only available
starting with API version 1.2
pgid=int
The ID of the process group that the running ssuuddoo process
belongs to. Only available starting with API version 1.2
tcpgid=int
The ID of the forground process group associated with the
terminal device associcated with the ssuuddoo process or -1 if
there is no terminal present. Only available starting with
API version 1.2
user=string user=string
The name of the user invoking ssuuddoo. The name of the user invoking ssuuddoo.
euid=uid_t
The effective user ID of the user invoking ssuuddoo.
uid=uid_t uid=uid_t
The real user ID of the user invoking ssuuddoo. The real user ID of the user invoking ssuuddoo.
egid=gid_t
The effective group ID of the user invoking ssuuddoo.
gid=gid_t gid=gid_t
The real group ID of the user invoking ssuuddoo. The real group ID of the user invoking ssuuddoo.
@@ -1325,4 +1354,4 @@ DDIISSCCLLAAIIMMEERR
1.8.5 March 28, 2012 SUDO_PLUGIN(1m) 1.8.5 April 13, 2012 SUDO_PLUGIN(1m)

32
doc/sudo_plugin.man.in
View File

@@ -139,7 +139,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO_PLUGIN @mansectsu@" .IX Title "SUDO_PLUGIN @mansectsu@"
.TH SUDO_PLUGIN @mansectsu@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS" .TH SUDO_PLUGIN @mansectsu@ "April 13, 2012" "1.8.5" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -424,12 +424,42 @@ When parsing \fIuser_info\fR, the plugin should split on the \fBfirst\fR
equal sign ('=') since the \fIname\fR field will never include one equal sign ('=') since the \fIname\fR field will never include one
itself but the \fIvalue\fR might. itself but the \fIvalue\fR might.
.RS 4 .RS 4
.IP "pid=int" 4
.IX Item "pid=int"
The process \s-1ID\s0 of the running \fBsudo\fR process.
Only available starting with \s-1API\s0 version 1.2
.IP "ppid=int" 4
.IX Item "ppid=int"
The parent process \s-1ID\s0 of the running \fBsudo\fR process.
Only available starting with \s-1API\s0 version 1.2
.IP "sid=int" 4
.IX Item "sid=int"
The session \s-1ID\s0 of the running \fBsudo\fR process or 0 if \fBsudo\fR is
not part of a \s-1POSIX\s0 job control session.
Only available starting with \s-1API\s0 version 1.2
.IP "pgid=int" 4
.IX Item "pgid=int"
The \s-1ID\s0 of the process group that the running \fBsudo\fR process belongs
to.
Only available starting with \s-1API\s0 version 1.2
.IP "tcpgid=int" 4
.IX Item "tcpgid=int"
The \s-1ID\s0 of the forground process group associated with the terminal
device associcated with the \fBsudo\fR process or \-1 if there is no
terminal present.
Only available starting with \s-1API\s0 version 1.2
.IP "user=string" 4 .IP "user=string" 4
.IX Item "user=string" .IX Item "user=string"
The name of the user invoking \fBsudo\fR. The name of the user invoking \fBsudo\fR.
.IP "euid=uid_t" 4
.IX Item "euid=uid_t"
The effective user \s-1ID\s0 of the user invoking \fBsudo\fR.
.IP "uid=uid_t" 4 .IP "uid=uid_t" 4
.IX Item "uid=uid_t" .IX Item "uid=uid_t"
The real user \s-1ID\s0 of the user invoking \fBsudo\fR. The real user \s-1ID\s0 of the user invoking \fBsudo\fR.
.IP "egid=gid_t" 4
.IX Item "egid=gid_t"
The effective group \s-1ID\s0 of the user invoking \fBsudo\fR.
.IP "gid=gid_t" 4 .IP "gid=gid_t" 4
.IX Item "gid=gid_t" .IX Item "gid=gid_t"
The real group \s-1ID\s0 of the user invoking \fBsudo\fR. The real group \s-1ID\s0 of the user invoking \fBsudo\fR.

37
doc/sudo_plugin.pod
View File

@@ -327,14 +327,51 @@ itself but the I<value> might.
=over 4 =over 4
=item pid=int
The process ID of the running B<sudo> process.
Only available starting with API version 1.2
=item ppid=int
The parent process ID of the running B<sudo> process.
Only available starting with API version 1.2
=item sid=int
The session ID of the running B<sudo> process or 0 if B<sudo> is
not part of a POSIX job control session.
Only available starting with API version 1.2
=item pgid=int
The ID of the process group that the running B<sudo> process belongs
to.
Only available starting with API version 1.2
=item tcpgid=int
The ID of the forground process group associated with the terminal
device associcated with the B<sudo> process or -1 if there is no
terminal present.
Only available starting with API version 1.2
=item user=string =item user=string
The name of the user invoking B<sudo>. The name of the user invoking B<sudo>.
=item euid=uid_t
The effective user ID of the user invoking B<sudo>.
=item uid=uid_t =item uid=uid_t
The real user ID of the user invoking B<sudo>. The real user ID of the user invoking B<sudo>.
=item egid=gid_t
The effective group ID of the user invoking B<sudo>.
=item gid=gid_t =item gid=gid_t
The real group ID of the user invoking B<sudo>. The real group ID of the user invoking B<sudo>.

19
src/sudo.c
View File

@@ -427,12 +427,23 @@ get_user_info(struct user_details *ud)
{ {
char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN]; char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN];
struct passwd *pw; struct passwd *pw;
int i = 0; int fd, i = 0;
debug_decl(get_user_info, SUDO_DEBUG_UTIL) debug_decl(get_user_info, SUDO_DEBUG_UTIL)
/* XXX - bound check number of entries */ /* XXX - bound check number of entries */
user_info = emalloc2(32, sizeof(char *)); user_info = emalloc2(32, sizeof(char *));
ud->pid = getpid();
ud->ppid = getppid();
ud->pgid = getpgid(0);
ud->tcpgid = (pid_t)-1;
fd = open(_PATH_TTY, O_RDWR|O_NOCTTY|O_NONBLOCK, 0);
if (fd != -1) {
ud->tcpgid = tcgetpgrp(fd);
close(fd);
}
ud->sid = getsid(0);
ud->uid = getuid(); ud->uid = getuid();
ud->euid = geteuid(); ud->euid = geteuid();
ud->gid = getgid(); ud->gid = getgid();
@@ -453,6 +464,12 @@ get_user_info(struct user_details *ud)
} }
ud->shell = estrdup(ud->shell); ud->shell = estrdup(ud->shell);
easprintf(&user_info[++i], "pid=%d", (int)ud->pid);
easprintf(&user_info[++i], "ppid=%d", (int)ud->ppid);
easprintf(&user_info[++i], "pgid=%d", (int)ud->pgid);
easprintf(&user_info[++i], "tcpgid=%d", (int)ud->tcpgid);
easprintf(&user_info[++i], "sid=%d", (int)ud->sid);
easprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid); easprintf(&user_info[++i], "uid=%u", (unsigned int)ud->uid);
easprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid); easprintf(&user_info[++i], "euid=%u", (unsigned int)ud->euid);
easprintf(&user_info[++i], "gid=%u", (unsigned int)ud->gid); easprintf(&user_info[++i], "gid=%u", (unsigned int)ud->gid);

5
src/sudo.h
View File

@@ -92,6 +92,11 @@
#define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */ #define TGP_NOECHO_TRY 0x10 /* turn off echo if possible */
struct user_details { struct user_details {
pid_t pid;
pid_t ppid;
pid_t pgid;
pid_t tcpgid;
pid_t sid;
uid_t uid; uid_t uid;
uid_t euid; uid_t euid;
uid_t gid; uid_t gid;