diff options
| author |   tedu <tedu@openbsd.org> | 2016-09-02 18:11:28 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2016-09-02 18:11:28 +0000 |
| commit | bb5dd46a8458ce3e04e7bbee8bfe3ad51905912d (patch) | |
| tree | 7ebb38007eaa57df0b855edfe3e19601dc0b3a78 | |
| parent | _PASSWORD_LEN is length that comes out of crypt(), not a meaningful (diff) | |
| download | wireguard-openbsd-bb5dd46a8458ce3e04e7bbee8bfe3ad51905912d.tar.xz wireguard-openbsd-bb5dd46a8458ce3e04e7bbee8bfe3ad51905912d.zip | |
add a concept of 'verified auth' to sessions. When set via ioctl,
the user and parent process are recorded. Later, this info may be tested
and used to bypass authorization requirements.
ie, doas won't ask for your password again.
Great idea from henning.
ok deraadt guenther henning
| -rw-r--r-- | sys/kern/kern_proc.c | 12 | ||||
| -rw-r--r-- | sys/kern/kern_prot.c | 3 | ||||
| -rw-r--r-- | sys/kern/tty_tty.c | 28 | ||||
| -rw-r--r-- | sys/sys/proc.h | 11 | ||||
| -rw-r--r-- | sys/sys/ttycom.h | 5 |
5 files changed, 53 insertions, 6 deletions
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c index 8dacc1b0d89..eb9b7ca37f5 100644 --- a/sys/kern/kern_proc.c +++ b/sys/kern/kern_proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_proc.c,v 1.68 2016/08/25 00:00:02 dlg Exp $ */ +/* $OpenBSD: kern_proc.c,v 1.69 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: kern_proc.c,v 1.14 1996/02/09 18:59:41 christos Exp $ */ /* @@ -310,6 +310,8 @@ void leavepgrp(struct process *pr) { + if (pr->ps_session->s_verauthppid == pr->ps_pid) + zapverauth(pr->ps_session); LIST_REMOVE(pr, ps_pglist); if (LIST_EMPTY(&pr->ps_pgrp->pg_members)) pgdelete(pr->ps_pgrp); @@ -331,6 +333,14 @@ pgdelete(struct pgrp *pgrp) pool_put(&pgrp_pool, pgrp); } +void +zapverauth(void *v) +{ + struct session *sess = v; + sess->s_verauthuid = 0; + sess->s_verauthppid = 0; +} + /* * Adjust pgrp jobc counters when specified process changes process group. * We count the number of processes in each process group that "qualify" diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 596be98f89e..ec9322bc426 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.65 2016/03/30 07:49:11 guenther Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.66 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -225,6 +225,7 @@ sys_setsid(struct proc *p, void *v, register_t *retval) pid_t pid = pr->ps_pid; newsess = pool_get(&session_pool, PR_WAITOK); + timeout_set(&newsess->s_verauthto, zapverauth, newsess); newpgrp = pool_get(&pgrp_pool, PR_WAITOK); if (pr->ps_pgid == pid || pgfind(pid)) { diff --git a/sys/kern/tty_tty.c b/sys/kern/tty_tty.c index b5ed8384361..722cb549ddd 100644 --- a/sys/kern/tty_tty.c +++ b/sys/kern/tty_tty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty_tty.c,v 1.18 2016/03/19 12:04:15 natano Exp $ */ +/* $OpenBSD: tty_tty.c,v 1.19 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: tty_tty.c,v 1.13 1996/03/30 22:24:46 christos Exp $ */ /*- @@ -97,6 +97,8 @@ int cttyioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) { struct vnode *ttyvp = cttyvp(p); + struct session *sess; + int error, secs; if (ttyvp == NULL) return (EIO); @@ -109,6 +111,30 @@ cttyioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) } else return (EINVAL); } + switch (cmd) { + case TIOCSETVERAUTH: + if ((error = suser(p, 0))) + return error; + secs = *(int *)addr; + if (secs < 1 || secs > 3600) + return EINVAL; + sess = p->p_p->ps_pgrp->pg_session; + sess->s_verauthuid = p->p_ucred->cr_ruid; + sess->s_verauthppid = p->p_p->ps_pptr->ps_pid; + timeout_add_sec(&sess->s_verauthto, secs); + return 0; + case TIOCCLRVERAUTH: + sess = p->p_p->ps_pgrp->pg_session; + timeout_del(&sess->s_verauthto); + zapverauth(sess); + return 0; + case TIOCCHKVERAUTH: + sess = p->p_p->ps_pgrp->pg_session; + if (sess->s_verauthuid == p->p_ucred->cr_ruid && + sess->s_verauthppid == p->p_p->ps_pptr->ps_pid) + return 0; + return EPERM; + } return (VOP_IOCTL(ttyvp, cmd, addr, flag, NOCRED, p)); } diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 7c3b7f056b9..a65cdeef7c0 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.224 2016/06/27 19:55:02 jca Exp $ */ +/* $OpenBSD: proc.h,v 1.225 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -64,8 +64,13 @@ struct session { struct vnode *s_ttyvp; /* Vnode of controlling terminal. */ struct tty *s_ttyp; /* Controlling terminal. */ char s_login[LOGIN_NAME_MAX]; /* Setlogin() name. */ + pid_t s_verauthppid; + uid_t s_verauthuid; + struct timeout s_verauthto; }; +void zapverauth(/* struct session */ void *); + /* * One structure allocated per process group. */ @@ -422,8 +427,10 @@ struct uidinfo *uid_find(uid_t); #define SESS_LEADER(pr) ((pr)->ps_session->s_leader == (pr)) #define SESSHOLD(s) ((s)->s_count++) #define SESSRELE(s) do { \ - if (--(s)->s_count == 0) \ + if (--(s)->s_count == 0) { \ + timeout_del(&(s)->s_verauthto); \ pool_put(&session_pool, (s)); \ + } \ } while (/* CONSTCOND */ 0) /* diff --git a/sys/sys/ttycom.h b/sys/sys/ttycom.h index 6f1b8c0fe2f..b0afe438d50 100644 --- a/sys/sys/ttycom.h +++ b/sys/sys/ttycom.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttycom.h,v 1.13 2013/12/16 18:46:39 millert Exp $ */ +/* $OpenBSD: ttycom.h,v 1.14 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: ttycom.h,v 1.4 1996/05/19 17:17:53 jonathan Exp $ */ /*- @@ -83,6 +83,9 @@ struct tstamps { #define TIOCSETAF _IOW('t', 22, struct termios) /* drn out, fls in, set */ #define TIOCGETD _IOR('t', 26, int) /* get line discipline */ #define TIOCSETD _IOW('t', 27, int) /* set line discipline */ +#define TIOCSETVERAUTH _IOW('t', 28, int) /* set verified auth */ +#define TIOCCLRVERAUTH _IO('t', 29) /* clear verified auth */ +#define TIOCCHKVERAUTH _IO('t', 30) /* check verified auth */ /* 127-124 compat */ #define TIOCSBRK _IO('t', 123) /* set break bit */ #define TIOCCBRK _IO('t', 122) /* clear break bit */ |