isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Properly handle the case where /var/run/sudo/ts doesn't exist.

Browse Source
This commit is contained in:
Todd C. Miller
2014-01-31 15:02:31 -07:00
parent b15b03560a
commit d7257a63e7
1 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
plugins/sudoers/timestamp.c
View File

@@ -212,15 +212,17 @@ ts_secure_dir(char *path, bool make_it)
bool rval = false; bool rval = false;
debug_decl(ts_secure_dir, SUDO_DEBUG_AUTH) debug_decl(ts_secure_dir, SUDO_DEBUG_AUTH)
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "checking %s", path);
switch (sudo_secure_dir(path, timestamp_uid, -1, &sb)) { switch (sudo_secure_dir(path, timestamp_uid, -1, &sb)) {
case SUDO_PATH_SECURE: case SUDO_PATH_SECURE:
rval = true; rval = true;
break; break;
case SUDO_PATH_MISSING: case SUDO_PATH_MISSING:
if (make_it) { if (make_it && ts_mkdirs(path, 0700)) {
ts_mkdirs(path, 0700);
rval = true; rval = true;
break;
} }
errno = ENOENT;
break; break;
case SUDO_PATH_BAD_TYPE: case SUDO_PATH_BAD_TYPE:
errno = ENOTDIR; errno = ENOTDIR;
@@ -230,9 +232,11 @@ ts_secure_dir(char *path, bool make_it)
warningx(U_("%s is owned by uid %u, should be %u"), warningx(U_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) timestamp_uid); (unsigned int) timestamp_uid);
errno = EACCES;
break; break;
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
warningx(U_("%s is group writable"), path); warningx(U_("%s is group writable"), path);
errno = EACCES;
break; break;
} }
debug_return_bool(rval); debug_return_bool(rval);
@@ -311,6 +315,9 @@ timestamp_status(struct passwd *pw)
int fd = -1; int fd = -1;
debug_decl(timestamp_status, SUDO_DEBUG_AUTH) debug_decl(timestamp_status, SUDO_DEBUG_AUTH)
/* Reset time stamp offset hint. */
timestamp_hint = (off_t)-1;
if (timestamp_uid != 0) if (timestamp_uid != 0)
set_perms(PERM_TIMESTAMP); set_perms(PERM_TIMESTAMP);
@@ -322,8 +329,11 @@ timestamp_status(struct passwd *pw)
/* Ignore time stamp files in an insecure directory. */ /* Ignore time stamp files in an insecure directory. */
if (!ts_secure_dir(def_timestampdir, false)) { if (!ts_secure_dir(def_timestampdir, false)) {
status = TS_ERROR; if (errno != ENOENT) {
goto done; status = TS_ERROR;
goto done;
}
status = TS_MISSING; /* not insecure, just missing */
} }
/* /*
@@ -354,6 +364,10 @@ timestamp_status(struct passwd *pw)
} }
clock_gettime(SUDO_CLOCK_MONOTONIC, &timestamp_key.ts); clock_gettime(SUDO_CLOCK_MONOTONIC, &timestamp_key.ts);
/* If the time stamp dir is missing there is nothing to do. */
if (status == TS_MISSING)
goto done;
/* Open time stamp file and lock it for exclusive access. */ /* Open time stamp file and lock it for exclusive access. */
fd = open(timestamp_file, O_RDONLY); fd = open(timestamp_file, O_RDONLY);
if (fd == -1) { if (fd == -1) {
@@ -364,7 +378,6 @@ timestamp_status(struct passwd *pw)
/* Read existing record, if any. */ /* Read existing record, if any. */
lock_file(fd, SUDO_LOCK); lock_file(fd, SUDO_LOCK);
if (!ts_find_record(fd, &timestamp_key, &entry)) { if (!ts_find_record(fd, &timestamp_key, &entry)) {
timestamp_hint = (off_t)-1;
status = TS_MISSING; status = TS_MISSING;
goto done; goto done;
} }