Switch to a 128-bit token instead of a 64-bit secret.

Protobuf doesn't have a 128-bit type so use two u64s. We now support partial reads of the token.
2021-09-01 10:17:26 -06:00
parent 4bff82cab4
commit 9a690a8984
6 changed files with 84 additions and 46 deletions
--- a/src/sudo_exec.h
+++ b/src/sudo_exec.h
@@ -82,6 +82,14 @@
 #define INTERCEPT_FD_MIN    64		/* minimum fd so shell won't close it */
 #define MESSAGE_SIZE_MAX    2097152	/* 2Mib max intercept message size */

+union sudo_token_un {
+    unsigned char u8[16];
+    unsigned int u32[4];
+    unsigned long long u64[2];
+};
+
+#define sudo_token_isset(_t) ((_t).u64[0] || (_t).u64[1])
+
 /*
 * Symbols shared between exec.c, exec_nopty.c, exec_pty.c and exec_monitor.c
 */