isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Log the TSID even if it is not a simple session ID.

Browse Source
This commit is contained in:
Todd C. Miller
2011-03-11 12:11:05 -05:00
parent 9660f08e32
commit 383aef00b1
5 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/iolog.c
View File

@@ -128,7 +128,7 @@ mkdir_parents(char *path)
} }
/* /*
* Read the on-disk sequence number, set sudo_user.sessid to the next * Read the on-disk sequence number, set sessid to the next
* number, and update the on-disk copy. * number, and update the on-disk copy.
* Uses file locking to avoid sequence number collisions. * Uses file locking to avoid sequence number collisions.
*/ */

4
plugins/sudoers/iolog_path.c
View File

@@ -73,6 +73,10 @@ fill_seq(char *str, size_t strsize)
{ {
int len; int len;
/* XXX - sessid should be static to fill_seq */
if (sudo_user.sessid[0] == '\0')
io_nextid(def_iolog_dir, sudo_user.sessid);
/* Path is of the form /var/log/sudo-io/00/00/01. */ /* Path is of the form /var/log/sudo-io/00/00/01. */
len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sudo_user.sessid[0], len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sudo_user.sessid[0],
sudo_user.sessid[1], sudo_user.sessid[2], sudo_user.sessid[3], sudo_user.sessid[1], sudo_user.sessid[2], sudo_user.sessid[3],

16
plugins/sudoers/logging.c
View File

@@ -635,9 +635,13 @@ static char *
new_logline(const char *message, int serrno) new_logline(const char *message, int serrno)
{ {
size_t len = 0; size_t len = 0;
char *evstr = NULL;
char *errstr = NULL; char *errstr = NULL;
char *line; char *evstr = NULL;
char *line, *tsid;
/* A TSID may be a sudoers-style session ID or a free-form string. */
tsid =
sudo_user.sessid[0] != '\0' ? sudo_user.sessid : sudo_user.iolog_file;
/* /*
* Compute line length * Compute line length
@@ -654,8 +658,8 @@ new_logline(const char *message, int serrno)
len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name); len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
if (runas_gr != NULL) if (runas_gr != NULL)
len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name); len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name);
if (sudo_user.sessid[0] != '\0') if (tsid != NULL)
len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid); len += sizeof(LL_TSID_STR) + 2 + strlen(tsid);
if (sudo_user.env_vars != NULL) { if (sudo_user.env_vars != NULL) {
size_t evlen = 0; size_t evlen = 0;
char * const *ep; char * const *ep;
@@ -715,9 +719,9 @@ new_logline(const char *message, int serrno)
strlcat(line, " ; ", len) >= len) strlcat(line, " ; ", len) >= len)
goto toobig; goto toobig;
} }
if (sudo_user.sessid[0] != '\0') { if (tsid != NULL) {
if (strlcat(line, LL_TSID_STR, len) >= len || if (strlcat(line, LL_TSID_STR, len) >= len ||
strlcat(line, sudo_user.sessid, len) >= len || strlcat(line, tsid, len) >= len ||
strlcat(line, " ; ", len) >= len) strlcat(line, " ; ", len) >= len)
goto toobig; goto toobig;
} }

5
plugins/sudoers/sudoers.c
View File

@@ -515,10 +515,9 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) { if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) {
if (def_iolog_file && def_iolog_dir) { if (def_iolog_file && def_iolog_dir) {
if (strstr(def_iolog_file, "%{seq}") != NULL) /* XXX - inline? */
io_nextid(def_iolog_dir, sudo_user.sessid);
command_info[info_len++] = expand_iolog_path("iolog_path=", command_info[info_len++] = expand_iolog_path("iolog_path=",
def_iolog_dir, def_iolog_file, NULL); def_iolog_dir, def_iolog_file, &sudo_user.iolog_file);
sudo_user.iolog_file++;
} }
if (def_log_input) { if (def_log_input) {
command_info[info_len++] = estrdup("iolog_stdin=true"); command_info[info_len++] = estrdup("iolog_stdin=true");

1
plugins/sudoers/sudoers.h
View File

@@ -73,6 +73,7 @@ struct sudo_user {
char *type; char *type;
#endif #endif
char *cwd; char *cwd;
char *iolog_file;
char sessid[7]; char sessid[7];
#ifdef HAVE_MBR_CHECK_MEMBERSHIP #ifdef HAVE_MBR_CHECK_MEMBERSHIP
uuid_t uuid; uuid_t uuid;