|
 |
1b092f |
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.6p3/plugins/sudoers/def_data.c
|
|
|
1b092f |
--- sudo-1.8.6p3/plugins/sudoers/def_data.c.nowaitopt 2012-09-26 14:05:10.088862635 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/plugins/sudoers/def_data.c 2012-09-26 13:36:07.750215749 +0200
|
|
|
1b092f |
@@ -351,6 +351,10 @@ struct sudo_defs_types sudo_defs_table[]
|
|
|
1b092f |
N_("Set of limit privileges"),
|
|
|
1b092f |
NULL,
|
|
|
1b092f |
}, {
|
|
|
1b092f |
+ "cmnd_no_wait", T_FLAG,
|
|
|
1b092f |
+ N_("Don't fork and wait for the command to finish, just exec it"),
|
|
|
1b092f |
+ NULL,
|
|
|
1b092f |
+ }, {
|
|
|
1b092f |
NULL, 0, NULL
|
|
|
1b092f |
}
|
|
|
1b092f |
};
|
|
|
1b092f |
diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.6p3/plugins/sudoers/def_data.h
|
|
|
1b092f |
--- sudo-1.8.6p3/plugins/sudoers/def_data.h.nowaitopt 2012-09-26 14:05:03.280859958 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/plugins/sudoers/def_data.h 2012-09-26 13:37:05.320329089 +0200
|
|
|
1b092f |
@@ -162,6 +162,8 @@
|
|
|
1b092f |
#define I_PRIVS 80
|
|
|
1b092f |
#define def_limitprivs (sudo_defs_table[81].sd_un.str)
|
|
|
1b092f |
#define I_LIMITPRIVS 81
|
|
|
1b092f |
+#define def_cmnd_no_wait (sudo_defs_table[82].sd_un.flag)
|
|
|
1b092f |
+#define I_CMND_NO_WAIT 82
|
|
|
1b092f |
|
|
|
1b092f |
enum def_tuple {
|
|
|
1b092f |
never,
|
|
|
1b092f |
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.6p3/plugins/sudoers/sudoers.c
|
|
|
1b092f |
--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.nowaitopt 2012-09-26 14:04:47.223854171 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2012-09-26 13:39:05.590552887 +0200
|
|
|
1b092f |
@@ -689,6 +689,8 @@ sudoers_policy_main(int argc, char * con
|
|
|
1b092f |
command_info[info_len++] = estrdup("set_utmp=true");
|
|
|
1b092f |
if (def_use_pty)
|
|
|
1b092f |
command_info[info_len++] = estrdup("use_pty=true");
|
|
|
1b092f |
+ if (def_cmnd_no_wait)
|
|
|
1b092f |
+ command_info[info_len++] = estrdup("cmnd_no_wait=true");
|
|
|
1b092f |
if (def_utmp_runas)
|
|
|
1b092f |
command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name);
|
|
|
1b092f |
#ifdef HAVE_LOGIN_CAP_H
|
|
|
1b092f |
diff -up sudo-1.8.6p3/src/exec.c.nowaitopt sudo-1.8.6p3/src/exec.c
|
|
|
1b092f |
--- sudo-1.8.6p3/src/exec.c.nowaitopt 2012-09-26 14:06:08.505887008 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/src/exec.c 2012-09-26 13:29:19.786240447 +0200
|
|
|
1b092f |
@@ -281,6 +281,45 @@ sudo_execute(struct command_details *det
|
|
|
1b092f |
}
|
|
|
1b092f |
|
|
|
1b092f |
/*
|
|
|
1b092f |
+ * If we don't want to wait for the command to exit, then just exec it.
|
|
|
1b092f |
+ * THIS WILL BREAK SEVERAL THINGS including SELinux, PAM sessions and I/O
|
|
|
1b092f |
+ * logging. Implemented because of rhbz#840980 (backwards compatibility).
|
|
|
1b092f |
+ * In 1.8.x branch this is even harder to get back, since the nowait code
|
|
|
1b092f |
+ * was completely removed.
|
|
|
1b092f |
+ */
|
|
|
1b092f |
+ if (details->flags & CD_DONTWAIT) {
|
|
|
1b092f |
+ if (exec_setup(details, NULL, -1) == true) {
|
|
|
1b092f |
+ /* headed for execve() */
|
|
|
1b092f |
+ sudo_debug_execve(SUDO_DEBUG_INFO, details->command,
|
|
|
1b092f |
+ details->argv, details->envp);
|
|
|
1b092f |
+ if (details->closefrom >= 0) {
|
|
|
1b092f |
+ int maxfd = details->closefrom;
|
|
|
1b092f |
+ dup2(sv[1], maxfd);
|
|
|
1b092f |
+ (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC);
|
|
|
1b092f |
+ sv[1] = maxfd++;
|
|
|
1b092f |
+ if (sudo_debug_fd_set(maxfd) != -1)
|
|
|
1b092f |
+ maxfd++;
|
|
|
1b092f |
+ closefrom(maxfd);
|
|
|
1b092f |
+ }
|
|
|
1b092f |
+#ifdef HAVE_SELINUX
|
|
|
1b092f |
+ if (ISSET(details->flags, CD_RBAC_ENABLED)) {
|
|
|
1b092f |
+ selinux_execve(details->command, details->argv, details->envp,
|
|
|
1b092f |
+ ISSET(details->flags, CD_NOEXEC));
|
|
|
1b092f |
+ } else
|
|
|
1b092f |
+#endif
|
|
|
1b092f |
+ {
|
|
|
1b092f |
+ sudo_execve(details->command, details->argv, details->envp,
|
|
|
1b092f |
+ ISSET(details->flags, CD_NOEXEC));
|
|
|
1b092f |
+ }
|
|
|
1b092f |
+ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s",
|
|
|
1b092f |
+ details->command, strerror(errno));
|
|
|
1b092f |
+ }
|
|
|
1b092f |
+ cstat->type = CMD_ERRNO;
|
|
|
1b092f |
+ cstat->val = errno;
|
|
|
1b092f |
+ return 127;
|
|
|
1b092f |
+ }
|
|
|
1b092f |
+
|
|
|
1b092f |
+ /*
|
|
|
1b092f |
* We communicate with the child over a bi-directional pair of sockets.
|
|
|
1b092f |
* Parent sends signal info to child and child sends back wait status.
|
|
|
1b092f |
*/
|
|
|
1b092f |
diff -up sudo-1.8.6p3/src/sudo.c.nowaitopt sudo-1.8.6p3/src/sudo.c
|
|
|
1b092f |
--- sudo-1.8.6p3/src/sudo.c.nowaitopt 2012-09-26 14:06:25.504894811 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/src/sudo.c 2012-09-26 13:33:34.306889223 +0200
|
|
|
1b092f |
@@ -552,6 +552,11 @@ command_info_to_details(char * const inf
|
|
|
1b092f |
}
|
|
|
1b092f |
break;
|
|
|
1b092f |
}
|
|
|
1b092f |
+ if (strncmp("cmnd_no_wait=", info[i], sizeof("cmnd_no_wait=") - 1) == 0) {
|
|
|
1b092f |
+ if (atobool(info[i] + sizeof("cmnd_no_wait=") - 1) == true)
|
|
|
1b092f |
+ SET(details->flags, CD_DONTWAIT);
|
|
|
1b092f |
+ break;
|
|
|
1b092f |
+ }
|
|
|
1b092f |
break;
|
|
|
1b092f |
case 'l':
|
|
|
1b092f |
SET_STRING("login_class=", login_class)
|
|
|
1b092f |
diff -up sudo-1.8.6p3/src/sudo.h.nowaitopt sudo-1.8.6p3/src/sudo.h
|
|
|
1b092f |
--- sudo-1.8.6p3/src/sudo.h.nowaitopt 2012-09-26 14:06:20.856892631 +0200
|
|
|
1b092f |
+++ sudo-1.8.6p3/src/sudo.h 2012-09-26 13:19:11.697482212 +0200
|
|
|
1b092f |
@@ -131,6 +131,7 @@ struct user_details {
|
|
|
1b092f |
#define CD_USE_PTY 0x1000
|
|
|
1b092f |
#define CD_SET_UTMP 0x2000
|
|
|
1b092f |
#define CD_SUDOEDIT_COPY 0x4000
|
|
|
1b092f |
+#define CD_DONTWAIT 0x8000
|
|
|
1b092f |
|
|
|
1b092f |
struct command_details {
|
|
|
1b092f |
uid_t uid;
|