isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for multiple Debug lines per program. Callers may

Browse Source 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
This commit is contained in:
Todd C. Miller
2014-10-22 13:23:05 -06:00
parent a7e724b75d
commit 866cfc4fc3
100 changed files with 1509 additions and 949 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/sudo.c
View File

@@ -95,6 +95,7 @@ struct plugin_container policy_plugin;
struct plugin_container_list io_plugins = TAILQ_HEAD_INITIALIZER(io_plugins);
struct user_details user_details;
const char *list_user; /* extern for parse_args.c */
int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER;
static struct command_details command_details;
static int sudo_mode;
@@ -151,7 +152,7 @@ main(int argc, char *argv[], char *envp[])
struct sudo_settings *settings;
struct plugin_container *plugin, *next;
sigset_t mask;
debug_decl(main, SUDO_DEBUG_MAIN)
debug_decl(main, SUDO_DEBUG_MAIN, sudo_debug_instance)
os_init(argc, argv, envp);
@@ -186,6 +187,9 @@ main(int argc, char *argv[], char *envp[])
/* Read sudo.conf. */
sudo_conf_read(NULL);
/* Set debug instance to use with sudo front end (if configured). */
sudo_debug_instance = sudo_debug_get_instance(getprogname());
/* Fill in user_info with user name, uid, cwd, etc. */
memset(&user_details, 0, sizeof(user_details));
user_info = get_user_info(&user_details);
@@ -320,7 +324,7 @@ static void
fix_fds(void)
{
int miss[3], devnull = -1;
debug_decl(fix_fds, SUDO_DEBUG_UTIL)
debug_decl(fix_fds, SUDO_DEBUG_UTIL, sudo_debug_instance)
/*
* stdin, stdout and stderr must be open; set them to /dev/null
@@ -352,7 +356,7 @@ static int
fill_group_list(struct user_details *ud, int system_maxgroups)
{
int tries, rval = -1;
debug_decl(fill_group_list, SUDO_DEBUG_UTIL)
debug_decl(fill_group_list, SUDO_DEBUG_UTIL, sudo_debug_instance)
/*
* If user specified a max number of groups, use it, otherwise keep
@@ -388,7 +392,7 @@ get_user_groups(struct user_details *ud)
char *cp, *gid_list = NULL;
size_t glsize;
int i, len, maxgroups, group_source;
debug_decl(get_user_groups, SUDO_DEBUG_UTIL)
debug_decl(get_user_groups, SUDO_DEBUG_UTIL, sudo_debug_instance)
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
maxgroups = (int)sysconf(_SC_NGROUPS_MAX);
@@ -445,7 +449,7 @@ get_user_info(struct user_details *ud)
char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1];
struct passwd *pw;
int fd, i = 0;
debug_decl(get_user_info, SUDO_DEBUG_UTIL)
debug_decl(get_user_info, SUDO_DEBUG_UTIL, sudo_debug_instance)
/* XXX - bound check number of entries */
user_info = sudo_emallocarray(32, sizeof(char *));
@@ -538,7 +542,7 @@ command_info_to_details(char * const info[], struct command_details *details)
id_t id;
char *cp;
const char *errstr;
debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM)
debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM, sudo_debug_instance)
memset(details, 0, sizeof(*details));
details->closefrom = -1;
@@ -742,7 +746,7 @@ sudo_check_suid(const char *sudo)
char pathbuf[PATH_MAX];
struct stat sb;
bool qualified;
debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM)
debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (geteuid() != 0) {
/* Search for sudo binary in PATH if not fully qualified. */
@@ -801,7 +805,7 @@ disable_coredumps(void)
{
#if defined(RLIMIT_CORE)
struct rlimit rl;
debug_decl(disable_coredumps, SUDO_DEBUG_UTIL)
debug_decl(disable_coredumps, SUDO_DEBUG_UTIL, sudo_debug_instance)
/*
* Turn off core dumps?
@@ -826,7 +830,7 @@ unlimit_nproc(void)
{
#ifdef __linux__
struct rlimit rl;
debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL)
debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL, sudo_debug_instance)
(void) getrlimit(RLIMIT_NPROC, &nproclimit);
rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
@@ -846,7 +850,7 @@ static void
restore_nproc(void)
{
#ifdef __linux__
debug_decl(restore_nproc, SUDO_DEBUG_UTIL)
debug_decl(restore_nproc, SUDO_DEBUG_UTIL, sudo_debug_instance)
(void) setrlimit(RLIMIT_NPROC, &nproclimit);
@@ -862,7 +866,7 @@ bool
exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
{
bool rval = false;
debug_decl(exec_setup, SUDO_DEBUG_EXEC)
debug_decl(exec_setup, SUDO_DEBUG_EXEC, sudo_debug_instance)
#ifdef HAVE_SELINUX
if (ISSET(details->flags, CD_RBAC_ENABLED)) {
@@ -1032,7 +1036,7 @@ run_command(struct command_details *details)
struct plugin_container *plugin;
struct command_status cstat;
int exitcode = 1;
debug_decl(run_command, SUDO_DEBUG_EXEC)
debug_decl(run_command, SUDO_DEBUG_EXEC, sudo_debug_instance)
cstat.type = CMD_INVALID;
cstat.val = 0;
@@ -1090,7 +1094,7 @@ format_plugin_settings(struct plugin_container *plugin,
struct sudo_debug_file *debug_file;
struct sudo_settings *setting;
char **plugin_settings;
debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM)
debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM, sudo_debug_instance)
/* XXX - should use exact plugin_settings_size */
/* Determine sudo_settings array size (including plugin_path and NULL) */
@@ -1131,7 +1135,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings,
{
char **plugin_settings;
int rval;
debug_decl(policy_open, SUDO_DEBUG_PCOMM)
debug_decl(policy_open, SUDO_DEBUG_PCOMM, sudo_debug_instance)
/* Convert struct sudo_settings to plugin_settings[] */
plugin_settings = format_plugin_settings(plugin, settings);
@@ -1160,7 +1164,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings,
static void
policy_close(struct plugin_container *plugin, int exit_status, int error_code)
{
debug_decl(policy_close, SUDO_DEBUG_PCOMM)
debug_decl(policy_close, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->close != NULL) {
plugin->u.policy->close(exit_status, error_code);
} else if (error_code) {
@@ -1173,7 +1177,7 @@ policy_close(struct plugin_container *plugin, int exit_status, int error_code)
static int
policy_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(policy_show_version, SUDO_DEBUG_PCOMM)
debug_decl(policy_show_version, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->show_version == NULL)
debug_return_bool(true);
debug_return_bool(plugin->u.policy->show_version(verbose));
@@ -1184,7 +1188,7 @@ policy_check(struct plugin_container *plugin, int argc, char * const argv[],
char *env_add[], char **command_info[], char **argv_out[],
char **user_env_out[])
{
debug_decl(policy_check, SUDO_DEBUG_PCOMM)
debug_decl(policy_check, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->check_policy == NULL) {
sudo_fatalx(U_("policy plugin %s is missing the `check_policy' method"),
plugin->name);
@@ -1197,7 +1201,7 @@ static int
policy_list(struct plugin_container *plugin, int argc, char * const argv[],
int verbose, const char *list_user)
{
debug_decl(policy_list, SUDO_DEBUG_PCOMM)
debug_decl(policy_list, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->list == NULL) {
sudo_warnx(U_("policy plugin %s does not support listing privileges"),
plugin->name);
@@ -1209,7 +1213,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[],
static int
policy_validate(struct plugin_container *plugin)
{
debug_decl(policy_validate, SUDO_DEBUG_PCOMM)
debug_decl(policy_validate, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->validate == NULL) {
sudo_warnx(U_("policy plugin %s does not support the -v option"),
plugin->name);
@@ -1221,7 +1225,7 @@ policy_validate(struct plugin_container *plugin)
static void
policy_invalidate(struct plugin_container *plugin, int remove)
{
debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM)
debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.policy->invalidate == NULL) {
sudo_fatalx(U_("policy plugin %s does not support the -k/-K options"),
plugin->name);
@@ -1234,7 +1238,7 @@ int
policy_init_session(struct command_details *details)
{
int rval = true;
debug_decl(policy_init_session, SUDO_DEBUG_PCOMM)
debug_decl(policy_init_session, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (policy_plugin.u.policy->init_session) {
/*
@@ -1260,7 +1264,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings,
{
char **plugin_settings;
int rval;
debug_decl(iolog_open, SUDO_DEBUG_PCOMM)
debug_decl(iolog_open, SUDO_DEBUG_PCOMM, sudo_debug_instance)
/* Convert struct sudo_settings to plugin_settings[] */
plugin_settings = format_plugin_settings(plugin, settings);
@@ -1292,7 +1296,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings,
static void
iolog_close(struct plugin_container *plugin, int exit_status, int error_code)
{
debug_decl(iolog_close, SUDO_DEBUG_PCOMM)
debug_decl(iolog_close, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.io->close != NULL)
plugin->u.io->close(exit_status, error_code);
debug_return;
@@ -1301,7 +1305,7 @@ iolog_close(struct plugin_container *plugin, int exit_status, int error_code)
static int
iolog_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM)
debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM, sudo_debug_instance)
if (plugin->u.io->show_version == NULL)
debug_return_bool(true);
debug_return_bool(plugin->u.io->show_version(verbose));
@@ -1314,7 +1318,7 @@ iolog_show_version(struct plugin_container *plugin, int verbose)
static void
iolog_unlink(struct plugin_container *plugin)
{
debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM)
debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM, sudo_debug_instance)
/* Deregister hooks, if any. */
if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 2)) {