Log source in JSON logs

This makes it possible to tell which rule resulted in a match.

include/sudo_eventlog.h

@@ -105,6 +105,7 @@ struct eventlog {
     char *runuser;
     char *peeraddr;
     char *signal_name;
+    char *source;
     char *submithost;
     char *submituser;
     char *submitgroup;

lib/eventlog/eventlog.c

@@ -681,6 +681,13 @@ eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog)
 	    goto oom;
     }
 
+    if (evlog->source != NULL) {
+	json_value.type = JSON_STRING;
+	json_value.u.string = evlog->source;
+	if (!sudo_json_add_value(jsonc, "source", &json_value))
+	    goto oom;
+    }
+
     if (evlog->ttyname != NULL) {
 	json_value.type = JSON_STRING;
 	json_value.u.string = evlog->ttyname;

lib/eventlog/eventlog_free.c

@@ -54,6 +54,7 @@ eventlog_free(struct eventlog *evlog)
 	free(evlog->runuser);
 	free(evlog->peeraddr);
 	free(evlog->signal_name);
+	free(evlog->source);
 	free(evlog->submithost);
 	free(evlog->submituser);
 	free(evlog->submitgroup);

lib/eventlog/parse_json.c

@@ -316,6 +316,17 @@ json_store_signal(struct json_item *item, struct eventlog *evlog)
     debug_return_bool(true);
 }
 
+static bool
+json_store_source(struct json_item *item, struct eventlog *evlog)
+{
+    debug_decl(json_store_source, SUDO_DEBUG_UTIL);
+
+    free(evlog->source);
+    evlog->source = item->u.string;
+    item->u.string = NULL;
+    debug_return_bool(true);
+}
+
 static bool
 json_store_submitcwd(struct json_item *item, struct eventlog *evlog)
 {
@@ -450,6 +461,7 @@ static struct evlog_json_key {
     { "runuser", JSON_STRING, json_store_runuser },
     { "runchroot", JSON_STRING, json_store_runchroot },
     { "runcwd", JSON_STRING, json_store_runcwd },
+    { "source", JSON_STRING, json_store_source },
     { "signal", JSON_STRING, json_store_signal },
     { "submitcwd", JSON_STRING, json_store_submitcwd },
     { "submithost", JSON_STRING, json_store_submithost },

lib/eventlog/regress/eventlog_store/test1.json.in

@@ -43,6 +43,7 @@
     ],
     "runuid": 0,
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "submitcwd": "/etc/mail",
     "submithost": "xerxes.sudo.ws",
     "submituser": "millert",

lib/eventlog/regress/eventlog_store/test1.json.out.ok

@@ -2,6 +2,7 @@
     "submituser": "millert",
     "command": "/usr/bin/ci",
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "ttyname": "/dev/ttypb",
     "submithost": "xerxes.sudo.ws",
     "submitcwd": "/etc/mail",

lib/eventlog/regress/eventlog_store/test2.json.in

@@ -40,6 +40,7 @@
     ],
     "runuid": 0,
     "runuser": "root",
+    "source": "sudoRole %wheel",
     "submitcwd": "/usr/src/local/millert/sudo/trunk",
     "submithost": "xerxes.sudo.ws",
     "submituser": "millert",

lib/eventlog/regress/eventlog_store/test2.json.out.ok

@@ -2,6 +2,7 @@
     "submituser": "millert",
     "command": "/usr/bin/id",
     "runuser": "root",
+    "source": "sudoRole %wheel",
     "ttyname": "/dev/ttyp0",
     "submithost": "xerxes.sudo.ws",
     "submitcwd": "/usr/src/local/millert/sudo/trunk",

lib/eventlog/regress/eventlog_store/test3.json.in

@@ -38,6 +38,7 @@
     ],
     "runuid": 0,
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "submitcwd": "/home/millert/sudo/oss-fuzz",
     "submithost": "linux-build",
     "submituser": "millert",

lib/eventlog/regress/eventlog_store/test3.json.out.ok

@@ -2,6 +2,7 @@
     "submituser": "millert",
     "command": "/usr/bin/find",
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "ttyname": "/dev/pts/1",
     "submithost": "linux-build",
     "submitcwd": "/home/millert/sudo/oss-fuzz",

lib/eventlog/regress/eventlog_store/test4.json.in

@@ -39,6 +39,7 @@
     ],
     "runuid": 0,
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "submitcwd": "/etc/mail",
     "submithost": "xerxes.sudo.ws",
     "submituser": "millert",

lib/eventlog/regress/eventlog_store/test4.json.out.ok

@@ -2,6 +2,7 @@
     "submituser": "millert",
     "command": "/usr/bin/vi",
     "runuser": "root",
+    "source": "/etc/sudoers:89:24",
     "ttyname": "/dev/ttypb",
     "submithost": "xerxes.sudo.ws",
     "submitcwd": "/etc/mail",

logsrvd/iolog_writer.c

@@ -283,6 +283,16 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 	    }
 	    break;
 	case 's':
+	    if (strcmp(key, "source") == 0) {
+		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
+		    if ((evlog->source = strdup(info->u.strval)) == NULL) {
+			sudo_warnx(U_("%s: %s"), __func__,
+			    U_("unable to allocate memory"));
+			goto bad;
+		    }
+		}
+		continue;
+	    }
 	    if (strcmp(key, "submitcwd") == 0) {
 		if (type_matches(info, source, INFO_MESSAGE__VALUE_STRVAL)) {
 		    if ((evlog->cwd = strdup(info->u.strval)) == NULL) {

logsrvd/sendlog.c

@@ -610,6 +610,7 @@ fmt_info_messages(const struct eventlog *evlog, char *hostname,
 	fill_num("runuid", evlog->runuid);
     }
     fill_str("runuser", evlog->runuser);
+    fill_str("source", evlog->source);
     fill_str("submitcwd", evlog->cwd);
     fill_str("submithost", hostname);
     fill_str("submituser", evlog->submituser);