Log source in JSON logs
This makes it possible to tell which rule resulted in a match.
This commit is contained in:
Todd C. Miller
@@ -105,6 +105,7 @@ struct eventlog {
|
|||||||
char *runuser;
|
char *runuser;
|
||||||
char *peeraddr;
|
char *peeraddr;
|
||||||
char *signal_name;
|
char *signal_name;
|
||||||
|
char *source;
|
||||||
char *submithost;
|
char *submithost;
|
||||||
char *submituser;
|
char *submituser;
|
||||||
char *submitgroup;
|
char *submitgroup;
|
||||||
|
|||||||
@@ -681,6 +681,13 @@ eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog)
|
|||||||
goto oom;
|
goto oom;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (evlog->source != NULL) {
|
||||||
|
json_value.type = JSON_STRING;
|
||||||
|
json_value.u.string = evlog->source;
|
||||||
|
if (!sudo_json_add_value(jsonc, "source", &json_value))
|
||||||
|
goto oom;
|
||||||
|
}
|
||||||
|
|
||||||
if (evlog->ttyname != NULL) {
|
if (evlog->ttyname != NULL) {
|
||||||
json_value.type = JSON_STRING;
|
json_value.type = JSON_STRING;
|
||||||
json_value.u.string = evlog->ttyname;
|
json_value.u.string = evlog->ttyname;
|
||||||
|
|||||||
@@ -54,6 +54,7 @@ eventlog_free(struct eventlog *evlog)
|
|||||||
free(evlog->runuser);
|
free(evlog->runuser);
|
||||||
free(evlog->peeraddr);
|
free(evlog->peeraddr);
|
||||||
free(evlog->signal_name);
|
free(evlog->signal_name);
|
||||||
|
free(evlog->source);
|
||||||
free(evlog->submithost);
|
free(evlog->submithost);
|
||||||
free(evlog->submituser);
|
free(evlog->submituser);
|
||||||
free(evlog->submitgroup);
|
free(evlog->submitgroup);
|
||||||
|
|||||||
@@ -316,6 +316,17 @@ json_store_signal(struct json_item *item, struct eventlog *evlog)
|
|||||||
debug_return_bool(true);
|
debug_return_bool(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool
|
||||||
|
json_store_source(struct json_item *item, struct eventlog *evlog)
|
||||||
|
{
|
||||||
|
debug_decl(json_store_source, SUDO_DEBUG_UTIL);
|
||||||
|
|
||||||
|
free(evlog->source);
|
||||||
|
evlog->source = item->u.string;
|
||||||
|
item->u.string = NULL;
|
||||||
|
debug_return_bool(true);
|
||||||
|
}
|
||||||
|
|
||||||
static bool
|
static bool
|
||||||
json_store_submitcwd(struct json_item *item, struct eventlog *evlog)
|
json_store_submitcwd(struct json_item *item, struct eventlog *evlog)
|
||||||
{
|
{
|
||||||
@@ -450,6 +461,7 @@ static struct evlog_json_key {
|
|||||||
{ "runuser", JSON_STRING, json_store_runuser },
|
{ "runuser", JSON_STRING, json_store_runuser },
|
||||||
{ "runchroot", JSON_STRING, json_store_runchroot },
|
{ "runchroot", JSON_STRING, json_store_runchroot },
|
||||||
{ "runcwd", JSON_STRING, json_store_runcwd },
|
{ "runcwd", JSON_STRING, json_store_runcwd },
|
||||||
|
{ "source", JSON_STRING, json_store_source },
|
||||||
{ "signal", JSON_STRING, json_store_signal },
|
{ "signal", JSON_STRING, json_store_signal },
|
||||||
{ "submitcwd", JSON_STRING, json_store_submitcwd },
|
{ "submitcwd", JSON_STRING, json_store_submitcwd },
|
||||||
{ "submithost", JSON_STRING, json_store_submithost },
|
{ "submithost", JSON_STRING, json_store_submithost },
|
||||||
|
|||||||
@@ -43,6 +43,7 @@
|
|||||||
],
|
],
|
||||||
"runuid": 0,
|
"runuid": 0,
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"submitcwd": "/etc/mail",
|
"submitcwd": "/etc/mail",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
"command": "/usr/bin/ci",
|
"command": "/usr/bin/ci",
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"ttyname": "/dev/ttypb",
|
"ttyname": "/dev/ttypb",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submitcwd": "/etc/mail",
|
"submitcwd": "/etc/mail",
|
||||||
|
|||||||
@@ -40,6 +40,7 @@
|
|||||||
],
|
],
|
||||||
"runuid": 0,
|
"runuid": 0,
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "sudoRole %wheel",
|
||||||
"submitcwd": "/usr/src/local/millert/sudo/trunk",
|
"submitcwd": "/usr/src/local/millert/sudo/trunk",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
"command": "/usr/bin/id",
|
"command": "/usr/bin/id",
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "sudoRole %wheel",
|
||||||
"ttyname": "/dev/ttyp0",
|
"ttyname": "/dev/ttyp0",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submitcwd": "/usr/src/local/millert/sudo/trunk",
|
"submitcwd": "/usr/src/local/millert/sudo/trunk",
|
||||||
|
|||||||
@@ -38,6 +38,7 @@
|
|||||||
],
|
],
|
||||||
"runuid": 0,
|
"runuid": 0,
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"submitcwd": "/home/millert/sudo/oss-fuzz",
|
"submitcwd": "/home/millert/sudo/oss-fuzz",
|
||||||
"submithost": "linux-build",
|
"submithost": "linux-build",
|
||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
"command": "/usr/bin/find",
|
"command": "/usr/bin/find",
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"ttyname": "/dev/pts/1",
|
"ttyname": "/dev/pts/1",
|
||||||
"submithost": "linux-build",
|
"submithost": "linux-build",
|
||||||
"submitcwd": "/home/millert/sudo/oss-fuzz",
|
"submitcwd": "/home/millert/sudo/oss-fuzz",
|
||||||
|
|||||||
@@ -39,6 +39,7 @@
|
|||||||
],
|
],
|
||||||
"runuid": 0,
|
"runuid": 0,
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"submitcwd": "/etc/mail",
|
"submitcwd": "/etc/mail",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
"submituser": "millert",
|
"submituser": "millert",
|
||||||
"command": "/usr/bin/vi",
|
"command": "/usr/bin/vi",
|
||||||
"runuser": "root",
|
"runuser": "root",
|
||||||
|
"source": "/etc/sudoers:89:24",
|
||||||
"ttyname": "/dev/ttypb",
|
"ttyname": "/dev/ttypb",
|
||||||
"submithost": "xerxes.sudo.ws",
|
"submithost": "xerxes.sudo.ws",
|
||||||
"submitcwd": "/etc/mail",
|
"submitcwd": "/etc/mail",
|
||||||
|
|||||||
@@ -283,6 +283,16 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 's':
|
case 's':
|
||||||
|
if (strcmp(key, "source") == 0) {
|
||||||
|
if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
|
||||||
|
if ((evlog->source = strdup(info->u.strval)) == NULL) {
|
||||||
|
sudo_warnx(U_("%s: %s"), __func__,
|
||||||
|
U_("unable to allocate memory"));
|
||||||
|
goto bad;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (strcmp(key, "submitcwd") == 0) {
|
if (strcmp(key, "submitcwd") == 0) {
|
||||||
if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
|
if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
|
||||||
if ((evlog->cwd = strdup(info->u.strval)) == NULL) {
|
if ((evlog->cwd = strdup(info->u.strval)) == NULL) {
|
||||||
|
|||||||
@@ -610,6 +610,7 @@ fmt_info_messages(const struct eventlog *evlog, char *hostname,
|
|||||||
fill_num("runuid", evlog->runuid);
|
fill_num("runuid", evlog->runuid);
|
||||||
}
|
}
|
||||||
fill_str("runuser", evlog->runuser);
|
fill_str("runuser", evlog->runuser);
|
||||||
|
fill_str("source", evlog->source);
|
||||||
fill_str("submitcwd", evlog->cwd);
|
fill_str("submitcwd", evlog->cwd);
|
||||||
fill_str("submithost", hostname);
|
fill_str("submithost", hostname);
|
||||||
fill_str("submituser", evlog->submituser);
|
fill_str("submituser", evlog->submituser);
|
||||||
|
|||||||
Reference in New Issue
Block a user