isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pass a single I/O log file name in command_details instead of

Browse Source 
separate dir + file parameters.
This commit is contained in:
Todd C. Miller
2010-12-30 17:09:01 -05:00
parent 2fb085dfac
commit 25036d7a75
7 changed files with 175 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
doc/sudo_plugin.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b3 December 28, 2010 1
1.8.0b3 December 30, 2010 1
@@ -127,7 +127,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 2
1.8.0b3 December 30, 2010 2
@@ -193,7 +193,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 3
1.8.0b3 December 30, 2010 3
@@ -259,7 +259,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 4
1.8.0b3 December 30, 2010 4
@@ -325,7 +325,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 5
1.8.0b3 December 30, 2010 5
@@ -391,7 +391,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 6
1.8.0b3 December 30, 2010 6
@@ -457,7 +457,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 7
1.8.0b3 December 30, 2010 7
@@ -523,7 +523,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 8
1.8.0b3 December 30, 2010 8
@@ -548,18 +548,11 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
compress the log data. This is a hint to the I/O logging
plugin which may choose to ignore it.
iolog_dir=string
Fully qualified path to the directory in which I/O logs are
to be stored. This is a hint to the I/O logging plugin
which may choose to ignore it. If no I/O logging plugin is
loaded, this setting has no effect.
iolog_file=string
File name to use when I/O logging is enabled, relative to
_i_o_l_o_g___d_i_r (may also contain directory components). This is
a hint to the I/O logging plugin which may choose to ignore
it. If no I/O logging plugin is loaded, this setting has
no effect.
iolog_path=string
Fully qualified path to the file or directory in which I/O
log is to be stored. This is a hint to the I/O logging
plugin which may choose to ignore it. If no I/O logging
plugin is loaded, this setting has no effect.
iolog_stdin=bool
Set to true if the I/O logging plugins, if any, should log
@@ -586,10 +579,17 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
is a hint to the I/O logging plugin which may choose to
ignore it.
iolog_ttyout=bool
Set to true if the I/O logging plugins, if any, should log
all terminal output. This only includes output to the
screen, not output to a pipe or file. This is a hint to
the I/O logging plugin which may choose to ignore it.
1.8.0b3 December 28, 2010 9
1.8.0b3 December 30, 2010 9
@@ -598,12 +598,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
iolog_ttyout=bool
Set to true if the I/O logging plugins, if any, should log
all terminal output. This only includes output to the
screen, not output to a pipe or file. This is a hint to
the I/O logging plugin which may choose to ignore it.
use_pty=bool
Allocate a pseudo-tty to run the command in, regardless of
whether or not I/O logging is in use. By default, ssuuddoo
@@ -652,10 +646,16 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
wishes to check against the policy in the same form as what
would be passed to the _e_x_e_c_v_e_(_) system call. If the command is
permitted by the policy, the fully-qualified path to the
command should be displayed along with any command line
arguments.
validate
int (*validate)(void);
1.8.0b3 December 28, 2010 10
1.8.0b3 December 30, 2010 10
@@ -664,12 +664,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
command should be displayed along with any command line
arguments.
validate
int (*validate)(void);
The validate function is called when ssuuddoo is run with the -v flag.
For policy plugins such as _s_u_d_o_e_r_s that cache authentication
credentials, this function will validate and cache the credentials.
@@ -714,22 +708,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
_V_e_r_s_i_o_n _m_a_c_r_o_s
1.8.0b3 December 28, 2010 11
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
#define SUDO_API_VERSION_GET_MAJOR(v) ((v) >> 16)
#define SUDO_API_VERSION_GET_MINOR(v) ((v) & 0xffff)
#define SUDO_API_VERSION_SET_MAJOR(vp, n) do { \
@@ -740,6 +718,18 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
} while(0)
#define SUDO_API_VERSION_MAJOR 1
1.8.0b3 December 30, 2010 11
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
#define SUDO_API_VERSION_MINOR 0
#define SUDO_API_VERSION ((SUDO_API_VERSION_MAJOR << 16) | \
SUDO_API_VERSION_MINOR)
@@ -785,9 +775,19 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
type
The type field should always be set to SUDO_IO_PLUGIN
version
The version field should be set to SUDO_API_VERSION.
This allows ssuuddoo to determine the API version the plugin was built
against.
open
1.8.0b3 December 28, 2010 12
1.8.0b3 December 30, 2010 12
@@ -796,13 +796,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
version
The version field should be set to SUDO_API_VERSION.
This allows ssuuddoo to determine the API version the plugin was built
against.
open
int (*open)(unsigned int version, sudo_conv_t conversation
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
@@ -851,9 +844,16 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
equal sign ('=') since the _n_a_m_e field will never include one
itself but the _v_a_l_u_e might.
See the "Policy Plugin API" section for a list of all possible
settings.
user_info
A vector of information about the user running the command in
the form of "name=value" strings. The vector is terminated by
1.8.0b3 December 28, 2010 13
1.8.0b3 December 30, 2010 13
@@ -862,12 +862,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
See the "Policy Plugin API" section for a list of all possible
settings.
user_info
A vector of information about the user running the command in
the form of "name=value" strings. The vector is terminated by
a NULL pointer.
When parsing _u_s_e_r___i_n_f_o, the plugin should split on the ffiirrsstt
@@ -916,10 +910,16 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
int (*show_version)(int verbose);
The show_version function is called by ssuuddoo when the user specifies
the -V option. The plugin may display its version information to
the user via the conversation or plugin_printf function using
SUDO_CONV_INFO_MSG. If the user requests detailed version
information, the verbose flag will be set.
1.8.0b3 December 28, 2010 14
1.8.0b3 December 30, 2010 14
@@ -928,11 +928,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
the -V option. The plugin may display its version information to
the user via the conversation or plugin_printf function using
SUDO_CONV_INFO_MSG. If the user requests detailed version
information, the verbose flag will be set.
log_ttyin
int (*log_ttyin)(const char *buf, unsigned int len);
@@ -982,10 +977,15 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
len The length of _b_u_f in bytes.
log_stdout
int (*log_stdout)(const char *buf, unsigned int len);
The _l_o_g___s_t_d_o_u_t function is only used if the standard output does
not correspond to a tty device. It is called whenever data can be
1.8.0b3 December 28, 2010 15
1.8.0b3 December 30, 2010 15
@@ -994,11 +994,6 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
log_stdout
int (*log_stdout)(const char *buf, unsigned int len);
The _l_o_g___s_t_d_o_u_t function is only used if the standard output does
not correspond to a tty device. It is called whenever data can be
read from the command but before it is written to the standard
output. This allows the plugin to reject data if it chooses to
(for instance if the output contains banned content). Returns 1 if
@@ -1051,7 +1046,12 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 16
1.8.0b3 December 30, 2010 16
@@ -1117,7 +1117,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 17
1.8.0b3 December 30, 2010 17
@@ -1183,7 +1183,7 @@ SUDO_PLUGIN(1m) MAINTENANCE COMMANDS SUDO_PLUGIN(1m)
1.8.0b3 December 28, 2010 18
1.8.0b3 December 30, 2010 18
@@ -1249,6 +1249,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b3 December 28, 2010 19
1.8.0b3 December 30, 2010 19

20
doc/sudo_plugin.man.in
View File

@@ -139,7 +139,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO_PLUGIN @mansectsu@"
.TH SUDO_PLUGIN @mansectsu@ "December 28, 2010" "1.8.0b3" "MAINTENANCE COMMANDS"
.TH SUDO_PLUGIN @mansectsu@ "December 30, 2010" "1.8.0b3" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -608,18 +608,12 @@ of \fInumber\fR or higher.
Set to true if the I/O logging plugins, if any, should compress the
log data. This is a hint to the I/O logging plugin which may choose
to ignore it.
.IP "iolog_dir=string" 4
.IX Item "iolog_dir=string"
Fully qualified path to the directory in which I/O logs are to be
stored. This is a hint to the I/O logging plugin which may choose
to ignore it. If no I/O logging plugin is loaded, this setting has
no effect.
.IP "iolog_file=string" 4
.IX Item "iolog_file=string"
File name to use when I/O logging is enabled, relative to \fIiolog_dir\fR
(may also contain directory components).
This is a hint to the I/O logging plugin which may choose to ignore
it. If no I/O logging plugin is loaded, this setting has no effect.
.IP "iolog_path=string" 4
.IX Item "iolog_path=string"
Fully qualified path to the file or directory in which I/O log is
to be stored. This is a hint to the I/O logging plugin which may
choose to ignore it. If no I/O logging plugin is loaded, this
setting has no effect.
.IP "iolog_stdin=bool" 4
.IX Item "iolog_stdin=bool"
Set to true if the I/O logging plugins, if any, should log the

17
doc/sudo_plugin.pod
View File

@@ -541,19 +541,12 @@ Set to true if the I/O logging plugins, if any, should compress the
log data. This is a hint to the I/O logging plugin which may choose
to ignore it.
=item iolog_dir=string
=item iolog_path=string
Fully qualified path to the directory in which I/O logs are to be
stored. This is a hint to the I/O logging plugin which may choose
to ignore it. If no I/O logging plugin is loaded, this setting has
no effect.
=item iolog_file=string
File name to use when I/O logging is enabled, relative to I<iolog_dir>
(may also contain directory components).
This is a hint to the I/O logging plugin which may choose to ignore
it. If no I/O logging plugin is loaded, this setting has no effect.
Fully qualified path to the file or directory in which I/O log is
to be stored. This is a hint to the I/O logging plugin which may
choose to ignore it. If no I/O logging plugin is loaded, this
setting has no effect.
=item iolog_stdin=bool

61
plugins/sudoers/iolog.c
View File

@@ -79,8 +79,7 @@ struct iolog_details {
const char *tty;
const char *user;
const char *command;
const char *iolog_file;
char *iolog_dir;
const char *iolog_path;
struct passwd *runas_pw;
struct group *runas_gr;
int iolog_stdin;
@@ -202,16 +201,15 @@ io_nextid(char *iolog_dir, char sessid[7])
}
/*
* Join iolog_dir and iolog_file, storing the result as pathbuf and
* expanding any escapes sequences that are found.
* Creates the resulting directory and any intermediate directories.
* Copy iolog_path to pathbuf and create the directory and any intermediate
* directories. If iolog_path ends in 'XXXXXX', use mkdtemp().
*/
static int
build_iopath(const char *iolog_dir, const char *iolog_file, char *pathbuf,
size_t pathsize)
mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
{
int dirlen, filelen, len;
int len;
#if 0 /* XXX - move this into sudoers when it concats dir + file */
/* Trim extraneous slashes. */
dirlen = strlen(iolog_dir);
while (dirlen > 1 && iolog_dir[dirlen - 1] == '/')
@@ -232,6 +230,13 @@ build_iopath(const char *iolog_dir, const char *iolog_file, char *pathbuf,
log_error(USE_ERRNO, "%.*s/%.*s", dirlen, iolog_dir,
filelen, iolog_file);
}
#endif
len = strlcpy(pathbuf, iolog_path, pathsize);
if (len >= pathsize) {
errno = ENAMETOOLONG;
log_error(USE_ERRNO, "%s", iolog_path);
}
/*
* Create path and intermediate subdirs as needed.
@@ -325,12 +330,8 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
}
break;
case 'i':
if (strncmp(*cur, "iolog_file=", sizeof("iolog_file=") - 1) == 0) {
details->iolog_file = *cur + sizeof("iolog_file=") - 1;
continue;
}
if (strncmp(*cur, "iolog_dir=", sizeof("iolog_dir=") - 1) == 0) {
details->iolog_dir = *cur + sizeof("iolog_dir=") - 1;
if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) {
details->iolog_path = *cur + sizeof("iolog_path=") - 1;
continue;
}
if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) {
@@ -433,7 +434,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
int argc, char * const argv[], char * const user_env[])
{
struct iolog_details details;
char pathbuf[PATH_MAX], sessid[9];
char pathbuf[PATH_MAX], sessid[7];
char *tofree = NULL;
char * const *cur;
FILE *io_logfile;
@@ -470,25 +471,23 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
goto done;
}
/* If no I/O log file defined we need to figure it out ourselves. */
if (details.iolog_dir == NULL)
details.iolog_dir = tofree = estrdup(_PATH_SUDO_IO_LOGDIR);
if (details.iolog_file == NULL) {
/* If no I/O log path defined we need to figure it out ourselves. */
if (details.iolog_path == NULL) {
/* Get next session ID and convert it into a path. */
io_nextid(details.iolog_dir, sessid);
sessid[8] = '\0';
sessid[7] = sessid[5];
sessid[6] = sessid[4];
sessid[5] = '/';
sessid[4] = sessid[3];
sessid[3] = sessid[2];
sessid[2] = '/';
details.iolog_file = sessid;
tofree = emalloc(sizeof(_PATH_SUDO_IO_LOGDIR) + sizeof(sessid) + 2);
memcpy(tofree, _PATH_SUDO_IO_LOGDIR, sizeof(_PATH_SUDO_IO_LOGDIR));
io_nextid(tofree, sessid);
snprintf(tofree + sizeof(_PATH_SUDO_IO_LOGDIR), sizeof(sessid) + 2,
"%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3],
sessid[4], sessid[5]);
details.iolog_path = tofree;
}
/* Build a path from I/O file and dir, creating intermediate subdirs. */
len = build_iopath(details.iolog_dir, details.iolog_file,
pathbuf, sizeof(pathbuf));
/*
* Make local copy of I/O log path and create it, along with any
* intermediate subdirs. Calls mkdtemp() if iolog_path ends in XXXXXX.
*/
len = mkdir_iopath(details.iolog_path, pathbuf, sizeof(pathbuf));
if (len < 0 || len >= sizeof(pathbuf))
goto done;

85
plugins/sudoers/iolog_path.c
View File

@@ -145,14 +145,14 @@ fill_command(char *str, size_t strsize)
}
char *
expand_iolog_path(const char *prefix, const char *opath)
expand_iolog_path(const char *prefix, const char *dir, const char *file)
{
size_t plen = 0, psize = 1024;
char *path, *dst;
const char *src, *ep;
int strfit = FALSE;
int pass, strfit = FALSE;
/* Copy opath -> path, expanding any escape sequences. */
/* Concatenate dir + file -> path, expanding any escape sequences. */
dst = path = emalloc(psize);
*path = '\0';
@@ -160,42 +160,57 @@ expand_iolog_path(const char *prefix, const char *opath)
plen = strlcpy(path, prefix, psize);
dst += plen;
}
for (src = opath; *src != '\0'; src++) {
if (src[0] == '%') {
if (src[1] == '{') {
ep = strchr(src + 2, '}');
if (ep != NULL) {
struct path_escape *esc;
size_t len = (size_t)(ep - src - 2);
for (esc = escapes; esc->name != NULL; esc++) {
if (strncmp(src + 2, esc->name, len) == 0 &&
esc->name[len] == '\0')
break;
for (pass = 0; pass < 3; pass++) {
switch (pass) {
case 0:
src = dir;
break;
case 1:
src = "/";
break;
case 2:
src = file;
break;
}
for (; *src != '\0'; src++) {
if (src[0] == '%') {
if (src[1] == '{') {
ep = strchr(src + 2, '}');
if (ep != NULL) {
struct path_escape *esc;
size_t len = (size_t)(ep - src - 2);
for (esc = escapes; esc->name != NULL; esc++) {
if (strncmp(src + 2, esc->name, len) == 0 &&
esc->name[len] == '\0')
break;
}
for (;;) {
len = esc->copy_fn(dst, psize - (dst - path));
if (len < psize - (dst - path))
break;
path = erealloc3(path, 2, psize);
psize *= 2;
dst = path + plen;
}
dst += len;
plen += len;
src = ep;
continue;
}
for (;;) {
len = esc->copy_fn(dst, psize - (dst - path));
if (len < psize - (dst - path))
break;
path = erealloc3(path, 2, psize);
psize *= 2;
dst = path + plen;
}
dst += len;
src = ep;
continue;
} else {
/* May need strftime() */
strfit = 1;
}
} else {
/* May need strftime() */
strfit = 1;
}
/* Need at least 2 chars, including the NUL terminator. */
if (plen + 2 >= psize) {
path = erealloc3(path, 2, psize);
psize *= 2;
dst = path + plen;
}
*dst++ = *src;
plen++;
}
/* Need at least 2 chars, including the NUL terminator. */
if (plen + 2 >= psize) {
path = erealloc3(path, 2, psize);
psize *= 2;
dst = path + plen;
}
*dst++ = *src;
}
*dst = '\0';

5
plugins/sudoers/sudoers.c
View File

@@ -513,11 +513,8 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
if (def_iolog_file && def_iolog_dir) {
if (strstr(def_iolog_file, "%{seq}") != NULL) /* XXX - inline? */
io_nextid(def_iolog_dir, sudo_user.sessid);
command_info[info_len++] = expand_iolog_path("iolog_path=", def_iolog_dir, def_iolog_file);
}
if (def_iolog_file)
command_info[info_len++] = expand_iolog_path("iolog_file=", def_iolog_file);
if (def_iolog_dir)
command_info[info_len++] = expand_iolog_path("iolog_dir=", def_iolog_dir);
if (def_log_input) {
command_info[info_len++] = estrdup("iolog_stdin=true");
command_info[info_len++] = estrdup("iolog_ttyin=true");

2
plugins/sudoers/sudoers.h
View File

@@ -286,7 +286,7 @@ int get_boottime(struct timeval *);
void io_nextid(char *iolog_dir, char sessid[7]);
/* iolog_path.c */
char *expand_iolog_path(const char *prefix, const char *opath);
char *expand_iolog_path(const char *prefix, const char *dir, const char *file);
/* env.c */
char **env_get(void);