Add umask to user_info passed in from the front end to the plugin.

2016-11-17 16:00:06 -07:00
parent 0cde3f5de4
commit f70f595b5b
5 changed files with 48 additions and 8 deletions
--- a/doc/sudo_plugin.cat
+++ b/doc/sudo_plugin.cat
@@ -336,6 +336,10 @@ DDEESSCCRRIIPPTTIIOONN
                 uid=uid_t
                       The real user ID of the user invoking ssuuddoo.

+                 umask=octal
+                       The invoking user's file creation mask.  Only available
+                       starting with API version 1.10.
+
                 user=string
                       The name of the user invoking ssuuddoo.

@@ -1546,8 +1550,9 @@ PPLLUUGGIINN AAPPII CCHHAANNGGEELLOOGG
           The _e_x_e_c_f_d entry was added to the command_info list.

     Version 1.10 (sudo 1.8.19)
-           The _i_o_l_o_g___g_r_o_u_p, _i_o_l_o_g___m_o_d_e, and _i_o_l_o_g___u_s_e_r entries were added to
-           the command_info list.
+           The _u_m_a_s_k entry was added to the user_info list.  The _i_o_l_o_g___g_r_o_u_p,
+           _i_o_l_o_g___m_o_d_e, and _i_o_l_o_g___u_s_e_r entries were added to the command_info
+           list.

 SSEEEE AALLSSOO
     sudo.conf(4), sudoers(4), sudo(1m)
@@ -1578,4 +1583,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or https://www.sudo.ws/license.html for
     complete details.

-Sudo 1.8.19                    November 8, 2016                    Sudo 1.8.19
+Sudo 1.8.19                    November 17, 2016                   Sudo 1.8.19
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO_PLUGIN" "5" "November 8, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "November 17, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -546,6 +546,10 @@ uid=uid_t
 The real user ID of the user invoking
 \fBsudo\fR.
 .TP 6n
+umask=octal
+The invoking user's file creation mask.
+Only available starting with API version 1.10.
+.TP 6n
 user=string
 The name of the user invoking
 \fBsudo\fR.
@@ -2765,6 +2769,11 @@ list.
 .TP 6n
 Version 1.10 (sudo 1.8.19)
 The
+\fIumask\fR
+entry was added to the
+\fRuser_info\fR
+list.
+The
 \fIiolog_group\fR,
 \fIiolog_mode\fR,
 and
--- a/doc/sudo_plugin.mdoc.in
+++ b/doc/sudo_plugin.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 8, 2016
+.Dd November 17, 2016
 .Dt SUDO_PLUGIN @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -484,6 +484,9 @@ the value will be empty, as in
 .It uid=uid_t
 The real user ID of the user invoking
 .Nm sudo .
+.It umask=octal
+The invoking user's file creation mask.
+Only available starting with API version 1.10.
 .It user=string
 The name of the user invoking
 .Nm sudo .
@@ -2421,6 +2424,11 @@ entry was added to the
 list.
 .It Version 1.10 (sudo 1.8.19)
 The
+.Em umask
+entry was added to the
+.Li user_info
+list.
+The
 .Em iolog_group ,
 .Em iolog_mode ,
 and
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -264,6 +264,7 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 #endif
    }

+    user_umask = (mode_t)-1;
    for (cur = info->user_info; *cur != NULL; cur++) {
 	if (MATCHES(*cur, "user=")) {
 	    if ((user_name = strdup(*cur + sizeof("user=") - 1)) == NULL)
@@ -346,6 +347,15 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	    }
 	    continue;
 	}
+	if (MATCHES(*cur, "umask=")) {
+	    p = *cur + sizeof("umask=") - 1;
+	    sudo_user.umask = sudo_strtomode(p, &errstr);
+	    if (errstr != NULL) {
+		sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
+		goto bad;
+	    }
+	    continue;
+	}
    }
    if ((user_runhost = strdup(remhost ? remhost : user_host)) == NULL)
 	goto oom;
@@ -373,9 +383,11 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
 	    goto bad;
    }

-    /* Stash initial umask for later use. */
-    user_umask = umask(SUDO_UMASK);
+    /* umask is only set in user_info[] for API 1.10 and above. */
+    if (user_umask == (mode_t)-1) {
+	user_umask = umask(0);
 	umask(user_umask);
+    }

    /* Some systems support fexecve() which we use for digest matches. */
    cmnd_fd = -1;
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -487,6 +487,7 @@ get_user_info(struct user_details *ud)
 {
    char *cp, **user_info, path[PATH_MAX];
    unsigned int i = 0;
+    mode_t mask;
    struct passwd *pw;
    int fd;
    debug_decl(get_user_info, SUDO_DEBUG_UTIL)
@@ -552,6 +553,11 @@ get_user_info(struct user_details *ud)
    if ((cp = get_user_groups(ud)) != NULL)
 	user_info[++i] = cp;

+    mask = umask(0);
+    umask(mask);
+    if (asprintf(&user_info[++i], "umask=0%o", (unsigned int)mask) == -1)
+	goto oom;
+
    if (getcwd(path, sizeof(path)) != NULL) {
 	user_info[++i] = sudo_new_key_val("cwd", path);
 	if (user_info[i] == NULL)