Log the TSID even if it is not a simple session ID.

2011-03-11 12:11:05 -05:00
parent 9660f08e32
commit 383aef00b1
5 changed files with 18 additions and 10 deletions
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -128,7 +128,7 @@ mkdir_parents(char *path)
 }

 /*
- * Read the on-disk sequence number, set sudo_user.sessid to the next
+ * Read the on-disk sequence number, set sessid to the next
 * number, and update the on-disk copy.
 * Uses file locking to avoid sequence number collisions.
 */
--- a/plugins/sudoers/iolog_path.c
+++ b/plugins/sudoers/iolog_path.c
@@ -73,6 +73,10 @@ fill_seq(char *str, size_t strsize)
 {
    int len;

+    /* XXX - sessid should be static to fill_seq */
+    if (sudo_user.sessid[0] == '\0')
+	io_nextid(def_iolog_dir, sudo_user.sessid);
+
    /* Path is of the form /var/log/sudo-io/00/00/01. */
    len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sudo_user.sessid[0],
 	sudo_user.sessid[1], sudo_user.sessid[2], sudo_user.sessid[3],
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -635,9 +635,13 @@ static char *
 new_logline(const char *message, int serrno)
 {
    size_t len = 0;
-    char *evstr = NULL;
    char *errstr = NULL;
-    char *line;
+    char *evstr = NULL;
+    char *line, *tsid;
+
+    /* A TSID may be a sudoers-style session ID or a free-form string. */
+    tsid =
+	sudo_user.sessid[0] != '\0' ? sudo_user.sessid : sudo_user.iolog_file;

    /*
     * Compute line length
@@ -654,8 +658,8 @@ new_logline(const char *message, int serrno)
 	len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
    if (runas_gr != NULL)
 	len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name);
-    if (sudo_user.sessid[0] != '\0')
-	len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid);
+    if (tsid != NULL)
+	len += sizeof(LL_TSID_STR) + 2 + strlen(tsid);
    if (sudo_user.env_vars != NULL) {
 	size_t evlen = 0;
 	char * const *ep;
@@ -715,9 +719,9 @@ new_logline(const char *message, int serrno)
 	    strlcat(line, " ; ", len) >= len)
 	    goto toobig;
    }
-    if (sudo_user.sessid[0] != '\0') {
+    if (tsid != NULL) {
 	if (strlcat(line, LL_TSID_STR, len) >= len ||
-	    strlcat(line, sudo_user.sessid, len) >= len ||
+	    strlcat(line, tsid, len) >= len ||
 	    strlcat(line, " ; ", len) >= len)
 	    goto toobig;
    }
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -515,10 +515,9 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],

    if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) {
 	if (def_iolog_file && def_iolog_dir) {
-	    if (strstr(def_iolog_file, "%{seq}") != NULL) /* XXX - inline? */
-		io_nextid(def_iolog_dir, sudo_user.sessid);
 	    command_info[info_len++] = expand_iolog_path("iolog_path=",
-		def_iolog_dir, def_iolog_file, NULL);
+		def_iolog_dir, def_iolog_file, &sudo_user.iolog_file);
+	    sudo_user.iolog_file++;
 	}
 	if (def_log_input) {
 	    command_info[info_len++] = estrdup("iolog_stdin=true");
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -73,6 +73,7 @@ struct sudo_user {
    char *type;
 #endif
    char *cwd;
+    char *iolog_file;
    char  sessid[7];
 #ifdef HAVE_MBR_CHECK_MEMBERSHIP
    uuid_t uuid;