diff options
author | Russ Allbery <eagle@eyrie.org> | 2015-09-04 21:43:17 -0700 |
---|---|---|
committer | Russ Allbery <eagle@eyrie.org> | 2015-09-04 21:43:17 -0700 |
commit | 1899f8815bd606790b8e88a6a43651cac911166e (patch) | |
tree | 0419908fb67f01ab5080ef402b73d5374a97f780 /server | |
parent | 9d302ab3e104c69b01c522466ec8d5174f62ab8d (diff) |
Set REMCTL_EXPIRES when running commands
The remctld server now sets the REMOTE_EXPIRES environment variable to
the time (in seconds since UNIX epoch) when the authenticated session
used to run a command will expire. This will generally be the
expiration time of the Kerberos ticket used to authenticate to the
server.
Diffstat (limited to 'server')
-rw-r--r-- | server/generic.c | 7 | ||||
-rw-r--r-- | server/internal.h | 1 | ||||
-rw-r--r-- | server/process.c | 6 |
3 files changed, 12 insertions, 2 deletions
diff --git a/server/generic.c b/server/generic.c index 74134b5..cc0f0e3 100644 --- a/server/generic.c +++ b/server/generic.c @@ -19,6 +19,8 @@ #include <portable/system.h> #include <portable/uio.h> +#include <time.h> + #include <server/internal.h> #include <util/messages.h> #include <util/protocol.h> @@ -45,7 +47,7 @@ server_new_client(int fd, gss_cred_id_t creds) gss_OID doid; OM_uint32 major = 0; OM_uint32 minor = 0; - OM_uint32 acc_minor; + OM_uint32 acc_minor, time_rec; int flags, status; static const OM_uint32 req_gss_flags = (GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG); @@ -116,7 +118,7 @@ server_new_client(int fd, gss_cred_id_t creds) (unsigned long) recv_tok.length); major = gss_accept_sec_context(&acc_minor, &client->context, creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &name, &doid, - &send_tok, &client->flags, NULL, NULL); + &send_tok, &client->flags, &time_rec, NULL); free(recv_tok.value); /* Send back a token if we need to. */ @@ -160,6 +162,7 @@ server_new_client(int fd, gss_cred_id_t creds) } gss_release_name(&minor, &name); client->user = xstrndup(name_buf.value, name_buf.length); + client->expires = time(NULL) + time_rec; gss_release_buffer(&minor, &name_buf); return client; diff --git a/server/internal.h b/server/internal.h index 622fc8d..49741bc 100644 --- a/server/internal.h +++ b/server/internal.h @@ -52,6 +52,7 @@ struct client { gss_ctx_id_t context; /* GSS-API context. */ char *user; /* Name of the client as a string. */ OM_uint32 flags; /* Connection flags. */ + time_t expires; /* Expiration time of GSS-API session. */ bool keepalive; /* Whether keep-alive was set. */ bool fatal; /* Whether a fatal error has occurred. */ }; diff --git a/server/process.c b/server/process.c index 4a96b17..c1b68f5 100644 --- a/server/process.c +++ b/server/process.c @@ -27,6 +27,7 @@ #include <util/macros.h> #include <util/messages.h> #include <util/protocol.h> +#include <util/xmalloc.h> /* * We would like to use event_base_loopbreak and event_base_got_break, but the @@ -226,6 +227,7 @@ start(evutil_socket_t junk UNUSED, short what UNUSED, void *data) socket_type stderr_fds[2] = { INVALID_SOCKET, INVALID_SOCKET }; socket_type fd; struct sigaction sa; + char *expires; /* * Socket pairs are used for communication with the child process that @@ -335,6 +337,10 @@ start(evutil_socket_t junk UNUSED, short what UNUSED, void *data) sysdie("cannot set REMOTE_HOST in environment"); if (setenv("REMCTL_COMMAND", process->command, 1) < 0) sysdie("cannot set REMCTL_COMMAND in environment"); + xasprintf(&expires, "%lu", (unsigned long) client->expires); + if (setenv("REMOTE_EXPIRES", expires, 1) < 0) + sysdie("cannot set REMOTE_EXPIRES in environment"); + free(expires); /* Drop privileges if requested. */ if (process->rule->user != NULL && process->rule->uid > 0) { |