isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add compress_transcript option.

Browse Source
This commit is contained in:
Todd C. Miller
2009-12-14 01:49:50 +00:00
parent 6810071e87
commit 180785567c
6 changed files with 65 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
def_data.c
View File

@@ -318,6 +318,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"transcript", T_FLAG, "transcript", T_FLAG,
"Log a transcript of the command being run", "Log a transcript of the command being run",
NULL, NULL,
}, {
"compress_transcript", T_FLAG,
"Compress session transcripts with zlib",
NULL,
}, { }, {
NULL, 0, NULL NULL, 0, NULL
} }

2
def_data.h
View File

@@ -146,6 +146,8 @@
#define I_UMASK_OVERRIDE 72 #define I_UMASK_OVERRIDE 72
#define def_transcript (sudo_defs_table[73].sd_un.flag) #define def_transcript (sudo_defs_table[73].sd_un.flag)
#define I_TRANSCRIPT 73 #define I_TRANSCRIPT 73
#define def_compress_transcript (sudo_defs_table[74].sd_un.flag)
#define I_COMPRESS_TRANSCRIPT 74
enum def_tupple { enum def_tupple {
never, never,

3
def_data.in
View File

@@ -235,3 +235,6 @@ umask_override
transcript transcript
T_FLAG T_FLAG
"Log a transcript of the command being run" "Log a transcript of the command being run"
compress_transcript
T_FLAG
"Compress session transcripts with zlib"

3
defaults.c
View File

@@ -473,6 +473,9 @@ init_defaults()
def_timestamp_timeout = TIMEOUT; def_timestamp_timeout = TIMEOUT;
def_passwd_timeout = PASSWORD_TIMEOUT; def_passwd_timeout = PASSWORD_TIMEOUT;
def_passwd_tries = TRIES_FOR_PASSWORD; def_passwd_tries = TRIES_FOR_PASSWORD;
#ifdef HAVE_ZLIB
def_compress_transcript = TRUE;
#endif
/* Now do the strings */ /* Now do the strings */
def_mailto = estrdup(MAILTO); def_mailto = estrdup(MAILTO);

87
script.c
View File

@@ -89,6 +89,13 @@ __unused static const char rcsid[] = "$Sudo$";
#define TERM_CBREAK 1 #define TERM_CBREAK 1
#define TERM_RAW 2 #define TERM_RAW 2
union script_fd {
FILE *f;
#ifdef HAVE_ZLIB
gzFile g;
#endif
};
struct script_buf { struct script_buf {
int len; /* buffer length (how much read in) */ int len; /* buffer length (how much read in) */
int off; /* write position (how much already consumed) */ int off; /* write position (how much already consumed) */
@@ -111,9 +118,10 @@ static int foreground;
static char slavename[PATH_MAX]; static char slavename[PATH_MAX];
static int suspend_parent __P((int signo, struct script_buf *output, static int suspend_parent __P((int signo, struct script_buf *output,
struct timeval *then, struct timeval *now, void *ofile, void *tfile)); struct timeval *then, struct timeval *now, union script_fd ofile,
union script_fd tfile));
static void flush_output __P((struct script_buf *output, struct timeval *then, static void flush_output __P((struct script_buf *output, struct timeval *then,
struct timeval *now, void *ofile, void *tfile)); struct timeval *now, union script_fd ofile, union script_fd tfile));
static void handler __P((int s)); static void handler __P((int s));
static void script_child __P((char *path, char *argv[], int, int)); static void script_child __P((char *path, char *argv[], int, int));
static void script_run __P((char *path, char *argv[], int)); static void script_run __P((char *path, char *argv[], int));
@@ -319,13 +327,8 @@ log_output(buf, n, then, now, ofile, tfile)
int n; int n;
struct timeval *then; struct timeval *then;
struct timeval *now; struct timeval *now;
#ifdef HAVE_ZLIB union script_fd ofile;
gzFile ofile; union script_fd tfile;
gzFile tfile;
#else
FILE *ofile;
FILE *tfile;
#endif
{ {
struct timeval tv; struct timeval tv;
sigset_t omask; sigset_t omask;
@@ -333,18 +336,20 @@ log_output(buf, n, then, now, ofile, tfile)
sigprocmask(SIG_BLOCK, &ttyblock, &omask); sigprocmask(SIG_BLOCK, &ttyblock, &omask);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
gzwrite(ofile, buf, n); if (def_compress_transcript)
#else gzwrite(ofile.g, buf, n);
fwrite(buf, 1, n, ofile); else
#endif #endif
fwrite(buf, 1, n, ofile.f);
timersub(now, then, &tv); timersub(now, then, &tv);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
gzprintf(tfile, "%f %d\n", if (def_compress_transcript)
tv.tv_sec + ((double)tv.tv_usec / 1000000), n); gzprintf(tfile.g, "%f %d\n",
#else tv.tv_sec + ((double)tv.tv_usec / 1000000), n);
fprintf(tfile, "%f %d\n", else
tv.tv_sec + ((double)tv.tv_usec / 1000000), n);
#endif #endif
fprintf(tfile.f, "%f %d\n",
tv.tv_sec + ((double)tv.tv_usec / 1000000), n);
then->tv_sec = now->tv_sec; then->tv_sec = now->tv_sec;
then->tv_usec = now->tv_usec; then->tv_usec = now->tv_usec;
@@ -373,8 +378,8 @@ suspend_parent(signo, output, then, now, ofile, tfile)
struct script_buf *output; struct script_buf *output;
struct timeval *then; struct timeval *then;
struct timeval *now; struct timeval *now;
void *ofile; union script_fd ofile;
void *tfile; union script_fd tfile;
{ {
sigaction_t sa, osa; sigaction_t sa, osa;
int n, oldmode = ttymode, rval = 0; int n, oldmode = ttymode, rval = 0;
@@ -478,11 +483,7 @@ script_execv(path, argv)
int relaysig, sv[2]; int relaysig, sv[2];
fd_set *fdsr, *fdsw; fd_set *fdsr, *fdsw;
FILE *idfile; FILE *idfile;
#ifdef HAVE_ZLIB union script_fd ofile, tfile;
gzFile ofile, tfile;
#else
FILE *ofile, *tfile;
#endif
int rbac_enabled = 0; int rbac_enabled = 0;
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
@@ -580,16 +581,19 @@ script_execv(path, argv)
if ((idfile = fdopen(script_fds[SFD_LOG], "w")) == NULL) if ((idfile = fdopen(script_fds[SFD_LOG], "w")) == NULL)
log_error(USE_ERRNO, "fdopen"); log_error(USE_ERRNO, "fdopen");
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
if ((ofile = gzdopen(script_fds[SFD_OUTPUT], "w")) == NULL) if (def_compress_transcript) {
log_error(USE_ERRNO, "gzdopen"); if ((ofile.g = gzdopen(script_fds[SFD_OUTPUT], "w")) == NULL)
if ((tfile = gzdopen(script_fds[SFD_TIMING], "w")) == NULL) log_error(USE_ERRNO, "gzdopen");
log_error(USE_ERRNO, "gzdopen"); if ((tfile.g = gzdopen(script_fds[SFD_TIMING], "w")) == NULL)
#else log_error(USE_ERRNO, "gzdopen");
if ((ofile = fdopen(script_fds[SFD_OUTPUT], "w")) == NULL) } else
log_error(USE_ERRNO, "fdopen");
if ((tfile = fdopen(script_fds[SFD_TIMING], "w")) == NULL)
log_error(USE_ERRNO, "fdopen");
#endif #endif
{
if ((ofile.f = fdopen(script_fds[SFD_OUTPUT], "w")) == NULL)
log_error(USE_ERRNO, "fdopen");
if ((tfile.f = fdopen(script_fds[SFD_TIMING], "w")) == NULL)
log_error(USE_ERRNO, "fdopen");
}
gettimeofday(&then, NULL); gettimeofday(&then, NULL);
@@ -768,12 +772,15 @@ script_execv(path, argv)
flush_output(&output, &then, &now, ofile, tfile); flush_output(&output, &then, &now, ofile, tfile);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
gzclose(ofile); if (def_compress_transcript) {
gzclose(tfile); gzclose(ofile.g);
#else gzclose(tfile.g);
fclose(ofile); } else
fclose(tfile);
#endif #endif
{
fclose(ofile.f);
fclose(tfile.f);
}
#ifdef HAVE_STRSIGNAL #ifdef HAVE_STRSIGNAL
if (WIFSIGNALED(child_status)) { if (WIFSIGNALED(child_status)) {
@@ -991,8 +998,8 @@ flush_output(output, then, now, ofile, tfile)
struct script_buf *output; struct script_buf *output;
struct timeval *then; struct timeval *then;
struct timeval *now; struct timeval *now;
void *ofile; union script_fd ofile;
void *tfile; union script_fd tfile;
{ {
int n; int n;

6
sudoers.pod
View File

@@ -591,6 +591,12 @@ If set, the user may use B<sudo>'s B<-C> option which
overrides the default starting point at which B<sudo> begins overrides the default starting point at which B<sudo> begins
closing open file descriptors. This flag is I<off> by default. closing open file descriptors. This flag is I<off> by default.
=item compress_transcript
If set, and the I<transcript> flag is also set, B<sudo> will compress
the transcript logs using B<zlib>. This flag is I<on> by default
when B<sudo> is compiled with B<zlib> support.
=item env_editor =item env_editor
If set, B<visudo> will use the value of the EDITOR or VISUAL If set, B<visudo> will use the value of the EDITOR or VISUAL