isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use a tty lock even for kernel time stamps so we can avoid simultaneous

Browse Source 
password prompts.
This commit is contained in:
Todd C. Miller
2017-12-22 11:10:22 -07:00
parent c4534798dd
commit 7f99af859a
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/timestamp.c
View File

@@ -393,7 +393,8 @@ timestamp_open(const char *user, pid_t sid)
fd = open(_PATH_TTY, O_RDWR); fd = open(_PATH_TTY, O_RDWR);
if (fd == -1) if (fd == -1)
goto bad; goto bad;
goto done; close(fd);
fd = -1;
} }
/* Sanity check timestamp dir and create if missing. */ /* Sanity check timestamp dir and create if missing. */
@@ -443,7 +444,6 @@ timestamp_open(const char *user, pid_t sid)
break; break;
} }
done:
/* Allocate and fill in cookie to store state. */ /* Allocate and fill in cookie to store state. */
cookie = malloc(sizeof(*cookie)); cookie = malloc(sizeof(*cookie));
if (cookie == NULL) { if (cookie == NULL) {
@@ -599,11 +599,6 @@ timestamp_lock(void *vcookie, struct passwd *pw)
debug_return_bool(false); debug_return_bool(false);
} }
if (def_timestamp_type == kernel) {
cookie->pos = 0;
debug_return_bool(true);
}
/* /*
* Take a lock on the "write" record (the first record in the file). * Take a lock on the "write" record (the first record in the file).
* This will let us seek for the record or extend as needed * This will let us seek for the record or extend as needed
@@ -651,7 +646,8 @@ timestamp_lock(void *vcookie, struct passwd *pw)
lock_pos = lseek(cookie->fd, 0, SEEK_CUR) - (off_t)entry.size; lock_pos = lseek(cookie->fd, 0, SEEK_CUR) - (off_t)entry.size;
} else { } else {
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"appending new tty time stamp record"); "appending new %s time stamp record",
def_timestamp_type == ppid ? "ppid" : "tty");
lock_pos = lseek(cookie->fd, 0, SEEK_CUR); lock_pos = lseek(cookie->fd, 0, SEEK_CUR);
if (ts_write(cookie->fd, cookie->fname, &cookie->key, -1) == -1) if (ts_write(cookie->fd, cookie->fname, &cookie->key, -1) == -1)
debug_return_bool(false); debug_return_bool(false);