diff --git a/include/sudo_eventlog.h b/include/sudo_eventlog.h index 94c16c3d9..aad48c033 100644 --- a/include/sudo_eventlog.h +++ b/include/sudo_eventlog.h @@ -105,6 +105,7 @@ struct eventlog { char *runuser; char *peeraddr; char *signal_name; + char *source; char *submithost; char *submituser; char *submitgroup; diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c index e8088c146..71a02c795 100644 --- a/lib/eventlog/eventlog.c +++ b/lib/eventlog/eventlog.c @@ -681,6 +681,13 @@ eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog) goto oom; } + if (evlog->source != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = evlog->source; + if (!sudo_json_add_value(jsonc, "source", &json_value)) + goto oom; + } + if (evlog->ttyname != NULL) { json_value.type = JSON_STRING; json_value.u.string = evlog->ttyname; diff --git a/lib/eventlog/eventlog_free.c b/lib/eventlog/eventlog_free.c index c4c5c1187..6b2cda18a 100644 --- a/lib/eventlog/eventlog_free.c +++ b/lib/eventlog/eventlog_free.c @@ -54,6 +54,7 @@ eventlog_free(struct eventlog *evlog) free(evlog->runuser); free(evlog->peeraddr); free(evlog->signal_name); + free(evlog->source); free(evlog->submithost); free(evlog->submituser); free(evlog->submitgroup); diff --git a/lib/eventlog/parse_json.c b/lib/eventlog/parse_json.c index 0e4bd9d56..dc41f0209 100644 --- a/lib/eventlog/parse_json.c +++ b/lib/eventlog/parse_json.c @@ -316,6 +316,17 @@ json_store_signal(struct json_item *item, struct eventlog *evlog) debug_return_bool(true); } +static bool +json_store_source(struct json_item *item, struct eventlog *evlog) +{ + debug_decl(json_store_source, SUDO_DEBUG_UTIL); + + free(evlog->source); + evlog->source = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + static bool json_store_submitcwd(struct json_item *item, struct eventlog *evlog) { @@ -450,6 +461,7 @@ static struct evlog_json_key { { "runuser", JSON_STRING, json_store_runuser }, { "runchroot", JSON_STRING, json_store_runchroot }, { "runcwd", JSON_STRING, json_store_runcwd }, + { "source", JSON_STRING, json_store_source }, { "signal", JSON_STRING, json_store_signal }, { "submitcwd", JSON_STRING, json_store_submitcwd }, { "submithost", JSON_STRING, json_store_submithost }, diff --git a/lib/eventlog/regress/eventlog_store/test1.json.in b/lib/eventlog/regress/eventlog_store/test1.json.in index 26d791550..0e73df9ed 100644 --- a/lib/eventlog/regress/eventlog_store/test1.json.in +++ b/lib/eventlog/regress/eventlog_store/test1.json.in @@ -43,6 +43,7 @@ ], "runuid": 0, "runuser": "root", + "source": "/etc/sudoers:89:24", "submitcwd": "/etc/mail", "submithost": "xerxes.sudo.ws", "submituser": "millert", diff --git a/lib/eventlog/regress/eventlog_store/test1.json.out.ok b/lib/eventlog/regress/eventlog_store/test1.json.out.ok index ddc14181e..2ddc8c55e 100644 --- a/lib/eventlog/regress/eventlog_store/test1.json.out.ok +++ b/lib/eventlog/regress/eventlog_store/test1.json.out.ok @@ -2,6 +2,7 @@ "submituser": "millert", "command": "/usr/bin/ci", "runuser": "root", + "source": "/etc/sudoers:89:24", "ttyname": "/dev/ttypb", "submithost": "xerxes.sudo.ws", "submitcwd": "/etc/mail", diff --git a/lib/eventlog/regress/eventlog_store/test2.json.in b/lib/eventlog/regress/eventlog_store/test2.json.in index d60f94d1b..6af3a31cb 100644 --- a/lib/eventlog/regress/eventlog_store/test2.json.in +++ b/lib/eventlog/regress/eventlog_store/test2.json.in @@ -40,6 +40,7 @@ ], "runuid": 0, "runuser": "root", + "source": "sudoRole %wheel", "submitcwd": "/usr/src/local/millert/sudo/trunk", "submithost": "xerxes.sudo.ws", "submituser": "millert", diff --git a/lib/eventlog/regress/eventlog_store/test2.json.out.ok b/lib/eventlog/regress/eventlog_store/test2.json.out.ok index 5dc6a49bb..e26290c16 100644 --- a/lib/eventlog/regress/eventlog_store/test2.json.out.ok +++ b/lib/eventlog/regress/eventlog_store/test2.json.out.ok @@ -2,6 +2,7 @@ "submituser": "millert", "command": "/usr/bin/id", "runuser": "root", + "source": "sudoRole %wheel", "ttyname": "/dev/ttyp0", "submithost": "xerxes.sudo.ws", "submitcwd": "/usr/src/local/millert/sudo/trunk", diff --git a/lib/eventlog/regress/eventlog_store/test3.json.in b/lib/eventlog/regress/eventlog_store/test3.json.in index 71173442d..184333fcf 100644 --- a/lib/eventlog/regress/eventlog_store/test3.json.in +++ b/lib/eventlog/regress/eventlog_store/test3.json.in @@ -38,6 +38,7 @@ ], "runuid": 0, "runuser": "root", + "source": "/etc/sudoers:89:24", "submitcwd": "/home/millert/sudo/oss-fuzz", "submithost": "linux-build", "submituser": "millert", diff --git a/lib/eventlog/regress/eventlog_store/test3.json.out.ok b/lib/eventlog/regress/eventlog_store/test3.json.out.ok index 9cc37378f..967a75c1c 100644 --- a/lib/eventlog/regress/eventlog_store/test3.json.out.ok +++ b/lib/eventlog/regress/eventlog_store/test3.json.out.ok @@ -2,6 +2,7 @@ "submituser": "millert", "command": "/usr/bin/find", "runuser": "root", + "source": "/etc/sudoers:89:24", "ttyname": "/dev/pts/1", "submithost": "linux-build", "submitcwd": "/home/millert/sudo/oss-fuzz", diff --git a/lib/eventlog/regress/eventlog_store/test4.json.in b/lib/eventlog/regress/eventlog_store/test4.json.in index 2ef6bfcb4..8836a44fa 100644 --- a/lib/eventlog/regress/eventlog_store/test4.json.in +++ b/lib/eventlog/regress/eventlog_store/test4.json.in @@ -39,6 +39,7 @@ ], "runuid": 0, "runuser": "root", + "source": "/etc/sudoers:89:24", "submitcwd": "/etc/mail", "submithost": "xerxes.sudo.ws", "submituser": "millert", diff --git a/lib/eventlog/regress/eventlog_store/test4.json.out.ok b/lib/eventlog/regress/eventlog_store/test4.json.out.ok index 0f1414e57..2f15940c7 100644 --- a/lib/eventlog/regress/eventlog_store/test4.json.out.ok +++ b/lib/eventlog/regress/eventlog_store/test4.json.out.ok @@ -2,6 +2,7 @@ "submituser": "millert", "command": "/usr/bin/vi", "runuser": "root", + "source": "/etc/sudoers:89:24", "ttyname": "/dev/ttypb", "submithost": "xerxes.sudo.ws", "submitcwd": "/etc/mail", diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c index 5808cb791..c1cebac4b 100644 --- a/logsrvd/iolog_writer.c +++ b/logsrvd/iolog_writer.c @@ -283,6 +283,16 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen, } break; case 's': + if (strcmp(key, "source") == 0) { + if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) { + if ((evlog->source = strdup(info->u.strval)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + goto bad; + } + } + continue; + } if (strcmp(key, "submitcwd") == 0) { if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) { if ((evlog->cwd = strdup(info->u.strval)) == NULL) { diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index a73fcbffc..df1b4d3d7 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -610,6 +610,7 @@ fmt_info_messages(const struct eventlog *evlog, char *hostname, fill_num("runuid", evlog->runuid); } fill_str("runuser", evlog->runuser); + fill_str("source", evlog->source); fill_str("submitcwd", evlog->cwd); fill_str("submithost", hostname); fill_str("submituser", evlog->submituser);