1 From acbbefdbcf2951a2ce31fe4fc789cf8397a406cc Mon Sep 17 00:00:00 2001
2 From: "Sar Ashki, Babak" <Babak.SarAshki@windriver.com>
3 Date: Wed, 11 Dec 2019 19:43:19 -0800
6 plugins/sudoers/def_data.c | 4 ++++
7 plugins/sudoers/def_data.h | 2 ++
8 plugins/sudoers/def_data.in | 3 +++
9 plugins/sudoers/sudoers.c | 14 ++++++++++++++
10 4 files changed, 23 insertions(+)
12 diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
13 index 5fa45bb..9d7a842 100644
14 --- a/plugins/sudoers/def_data.c
15 +++ b/plugins/sudoers/def_data.c
16 @@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[] = {
17 N_("Don't pre-resolve all group names"),
20 + "cmnd_no_wait", T_FLAG,
21 + N_("Don't fork and wait for the command to finish, just exec it"),
27 diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
28 index 940fa8f..68ceed0 100644
29 --- a/plugins/sudoers/def_data.h
30 +++ b/plugins/sudoers/def_data.h
32 #define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
33 #define I_LEGACY_GROUP_PROCESSING 114
34 #define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
35 +#define I_CMND_NO_WAIT 115
36 +#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
40 diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
41 index 571bc96..4250917 100644
42 --- a/plugins/sudoers/def_data.in
43 +++ b/plugins/sudoers/def_data.in
44 @@ -360,3 +360,6 @@ case_insensitive_group
45 legacy_group_processing
47 "Don't pre-resolve all group names"
50 + "Don't fork and wait for the command to finish, just exec it"
51 diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
52 index d8f4dd0..00669b4 100644
53 --- a/plugins/sudoers/sudoers.c
54 +++ b/plugins/sudoers/sudoers.c
55 @@ -221,6 +221,20 @@ sudoers_policy_init(void *info, char * const envp[])
56 def_match_group_by_gid = false;
57 def_legacy_group_processing = false;
61 + * Emulate cmnd_no_wait option by disabling PAM session, PTY allocation
62 + * and I/O logging. This will cause sudo to execute the given command
63 + * directly instead of forking a separate process for it.
65 + if (def_cmnd_no_wait) {
66 + def_pam_setcred = false;
67 + def_pam_session = false;
68 + def_use_pty = false;
69 + def_log_input = false;
70 + def_log_output = false;