Add "kernel" as a possible value of timestamp_type.

Currently only supported on OpenBSD.
2017-12-20 16:19:54 -07:00
parent 5f3797c754
commit feb48b8ebf
8 changed files with 77 additions and 2 deletions
--- a/5
+++ b/5
@@ -72,6 +72,11 @@ What's new in Sudo 1.8.22
   the likelihood of a time stamp record being re-used when a user
   logs out and back in again.  Bug #818.

+ * The "timestamp_type" option now takes a "kernel" value on OpenBSD
+   systems.  This causes the tty-based time stamp to be stored in
+   the kernel instead of on the file system.  If no tty is present,
+   the time stamp is considered to be invalid.
+
 What's new in Sudo 1.8.21p2

 * Fixed a bug introduced in version 1.8.21 which prevented sudo
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1864,6 +1864,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                               will not require a password for
                               _t_i_m_e_s_t_a_m_p___t_i_m_e_o_u_t minutes (5 by default).

+                       kernel  The time stamp is stored in the kernel as an
+                               attribute of the terminal device.  If no
+                               terminal is present, the time stamp is
+                               considered to be invalid.  This is currently
+                               only supported on OpenBSD.
+
                       The default value is _t_t_y.

                       This setting is only supported by version 1.8.21 or
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -3708,6 +3708,12 @@ minutes
 (\fR@timeout@\fR
 by default)
 \&.
+.TP 8n
+kernel
+The time stamp is stored in the kernel as an attribute of the terminal
+device.
+If no terminal is present, the time stamp is considered to be invalid.
+This is currently only supported on OpenBSD.
 .PP
 The default value is
 \fI@timestamp_type@\fR.
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -3470,6 +3470,11 @@ minutes
 .Li @timeout@
 by default
 .Pc .
+.It kernel
+The time stamp is stored in the kernel as an attribute of the terminal
+device.
+If no terminal is present, the time stamp is considered to be invalid.
+This is currently only supported on OpenBSD.
 .El
 .Pp
 The default value is
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -32,6 +32,7 @@ static struct def_values def_data_timestamp_type[] = {
    { "global", global },
    { "ppid", ppid },
    { "tty", tty },
+    { "kernel", kernel },
    { NULL, 0 },
 };

--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -232,5 +232,6 @@ enum def_tuple {
 	digest_only,
 	global,
 	ppid,
-	tty
+	tty,
+	kernel
 };
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -347,7 +347,7 @@ syslog_pid
 timestamp_type
 	T_TUPLE
 	"Type of authentication timestamp record: %s"
-	global ppid tty
+	global ppid tty kernel
 authfail_message
 	T_STR
 	"Authentication failure message: %s"
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -19,6 +19,7 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/stat.h>
+#include <sys/ioctl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #if defined(HAVE_STDINT_H)
@@ -388,6 +389,13 @@ timestamp_open(const char *user, pid_t sid)
 	goto bad;
    }

+    if (def_timestamp_type == kernel) {
+	fd = open(_PATH_TTY, O_RDWR);
+	if (fd == -1)
+	    goto bad;
+	goto done;
+    }
+
    /* Sanity check timestamp dir and create if missing. */
    if (!ts_secure_dir(def_timestampdir, true, false))
 	goto bad;
@@ -435,6 +443,7 @@ timestamp_open(const char *user, pid_t sid)
 	break;
    }

+done:
    /* Allocate and fill in cookie to store state. */
    cookie = malloc(sizeof(*cookie));
    if (cookie == NULL) {
@@ -590,6 +599,11 @@ timestamp_lock(void *vcookie, struct passwd *pw)
 	debug_return_bool(false);
    }

+    if (def_timestamp_type == kernel) {
+	cookie->pos = 0;
+	debug_return_bool(true);
+    }
+
    /*
     * Take a lock on the "write" record (the first record in the file).
     * This will let us seek for the record or extend as needed
@@ -732,6 +746,20 @@ timestamp_status(void *vcookie, struct passwd *pw)
 	goto done;
    }

+    if (def_timestamp_type == kernel) {
+#ifdef TIOCCHKVERAUTH
+	int fd = open(_PATH_TTY, O_RDWR);
+	if (fd == -1)
+	    goto done;
+	if (ioctl(fd, TIOCCHKVERAUTH) == 0)
+	    status = TS_CURRENT;
+	else
+	    status = TS_OLD;
+	close(fd);
+#endif
+	goto done;
+    }
+
    /* Read the record at the correct position. */
    if ((nread = ts_read(cookie, &entry)) != sizeof(entry))
 	goto done;
@@ -833,6 +861,18 @@ timestamp_update(void *vcookie, struct passwd *pw)
 	goto done;
    }

+    if (def_timestamp_type == kernel) {
+#ifdef TIOCSETVERAUTH
+	int fd = open(_PATH_TTY, O_RDWR);
+	if (fd != -1) {
+	    int secs = 60 * def_timestamp_timeout;
+	    ioctl(fd, TIOCSETVERAUTH, &secs);
+	    close(fd);
+	}
+#endif
+	goto done;
+    }
+
    /* Update timestamp in key and enable it. */
    CLR(cookie->key.flags, TS_DISABLED);
    if (sudo_gettime_mono(&cookie->key.ts) == -1) {
@@ -864,6 +904,17 @@ timestamp_remove(bool unlink_it)
    char *fname = NULL;
    debug_decl(timestamp_remove, SUDOERS_DEBUG_AUTH)

+    if (def_timestamp_type == kernel) {
+#ifdef TIOCCLRVERAUTH
+	fd = open(_PATH_TTY, O_RDWR);
+	if (fd == -1)
+	    ret = -1;
+	else
+	    ioctl(fd, TIOCCLRVERAUTH);
+#endif
+	goto done;
+    }
+
    if (asprintf(&fname, "%s/%s", def_timestampdir, user_name) == -1) {
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	ret = -1;