isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Log the cwd in the script log file.

Browse Source 
Add sudo_getln() to read arbitrarily long lines.
This commit is contained in:
Todd C. Miller
2009-09-16 11:49:40 +00:00
parent 28b3a18137
commit a418f78117
2 changed files with 63 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
script.c
View File

@@ -330,9 +330,10 @@ script_execv(path, argv)
gettimeofday(&prevtime, NULL); gettimeofday(&prevtime, NULL);
/* XXX - log more stuff to idfile (like normal log line?) */ /* XXX - log more stuff? environment too? */
fprintf(idfile, "%ld:%s:%s:%s:%s\n", prevtime.tv_sec, user_name, fprintf(idfile, "%ld:%s:%s:%s:%s\n", prevtime.tv_sec, user_name,
runas_pw->pw_name, runas_gr ? runas_gr->gr_name : "", user_tty); runas_pw->pw_name, runas_gr ? runas_gr->gr_name : "", user_tty);
fprintf(idfile, "%s\n", user_cwd);
fprintf(idfile, "%s%s%s\n", user_cmnd, user_args ? " " : "", fprintf(idfile, "%s%s%s\n", user_cmnd, user_args ? " " : "",
user_args ? user_args : ""); user_args ? user_args : "");
fclose(idfile); fclose(idfile);

74
sudoreplay.c
View File

@@ -98,6 +98,7 @@ const char *session_dir = _PATH_SUDO_SESSDIR;
* Info present in the transcript log file * Info present in the transcript log file
*/ */
struct log_info { struct log_info {
char *cwd;
char *user; char *user;
char *runas_user; char *runas_user;
char *runas_group; char *runas_group;
@@ -109,7 +110,6 @@ struct log_info {
/* /*
* Handle expressions like: * Handle expressions like:
* ( user millert or user root ) and tty console and command /bin/sh * ( user millert or user root ) and tty console and command /bin/sh
* XXX - also time-based
*/ */
struct search_node { struct search_node {
struct search_node *next; struct search_node *next;
@@ -121,6 +121,7 @@ struct search_node {
#define ST_RUNASGROUP 6 #define ST_RUNASGROUP 6
#define ST_FROMDATE 7 #define ST_FROMDATE 7
#define ST_TODATE 8 #define ST_TODATE 8
#define ST_CWD 9
char type; char type;
char negated; char negated;
char or; char or;
@@ -130,6 +131,7 @@ struct search_node {
regex_t cmdre; regex_t cmdre;
#endif #endif
time_t tstamp; time_t tstamp;
char *cwd;
char *tty; char *tty;
char *user; char *user;
char *pattern; char *pattern;
@@ -145,6 +147,7 @@ static struct search_node *node_stack[32];
static int stack_top; static int stack_top;
extern void *emalloc __P((size_t)); extern void *emalloc __P((size_t));
extern void *erealloc __P((void *, size_t));
extern time_t get_date __P((char *)); extern time_t get_date __P((char *));
static int list_sessions __P((int, char **, const char *, const char *, const char *)); static int list_sessions __P((int, char **, const char *, const char *, const char *));
@@ -189,7 +192,6 @@ main(argc, argv)
Argc = argc; Argc = argc;
Argv = argv; Argv = argv;
/* XXX - timestamp option? (begin,end) */
while ((ch = getopt(argc, argv, "d:lm:s:V")) != -1) { while ((ch = getopt(argc, argv, "d:lm:s:V")) != -1) {
switch(ch) { switch(ch) {
case 'd': case 'd':
@@ -349,7 +351,6 @@ delay(secs)
/* /*
* Build expression list from search args * Build expression list from search args
* XXX - add additional search terms
*/ */
static int static int
parse_expr(headp, argv) parse_expr(headp, argv)
@@ -378,9 +379,14 @@ parse_expr(headp, argv)
not = 1; not = 1;
continue; continue;
case 'c': /* command */ case 'c': /* command */
if (strncmp(*av, "command", strlen(*av)) != 0) if (*av[1] == '\0')
errorx(1, "ambiguous expression \"%s\"", *av);
if (strncmp(*av, "cwd", strlen(*av)) == 0)
type = ST_CWD;
else if (strncmp(*av, "command", strlen(*av)) == 0)
type = ST_PATTERN;
else
goto bad; goto bad;
type = ST_PATTERN;
break; break;
case 'f': /* from date */ case 'f': /* from date */
if (strncmp(*av, "from", strlen(*av)) != 0) if (strncmp(*av, "from", strlen(*av)) != 0)
@@ -496,6 +502,9 @@ match_expr(head, log)
case ST_EXPR: case ST_EXPR:
matched = match_expr(sn->u.expr, log); matched = match_expr(sn->u.expr, log);
break; break;
case ST_CWD:
matched = strcmp(sn->u.cwd, log->cwd) == 0;
break;
case ST_TTY: case ST_TTY:
matched = strcmp(sn->u.tty, log->tty) == 0; matched = strcmp(sn->u.tty, log->tty) == 0;
break; break;
@@ -534,6 +543,31 @@ match_expr(head, log)
return(matched); return(matched);
} }
static ssize_t
sudo_getln(char **bufp, FILE *fp)
{
char *buf;
size_t bufsize = BUFSIZ;
ssize_t len, off = 0;
buf = emalloc(BUFSIZ);
for (;;) {
if (fgets(buf + off, bufsize - off, fp) == NULL) {
efree(buf);
buf = NULL;
len = -1;
break;
}
len = strlen(buf);
if (!len || buf[len - 1] == '\n' || feof(fp))
break;
bufsize *= 2;
buf = erealloc(buf, bufsize);
}
*bufp = buf;
return(len);
}
static int static int
list_session_dir(pathbuf, re, user, tty) list_session_dir(pathbuf, re, user, tty)
char *pathbuf; char *pathbuf;
@@ -544,8 +578,9 @@ list_session_dir(pathbuf, re, user, tty)
FILE *fp; FILE *fp;
DIR *d; DIR *d;
struct dirent *dp; struct dirent *dp;
char buf[BUFSIZ], cmdbuf[BUFSIZ], idstr[7], *cp; char *buf, *cmd, *cwd, idstr[7], *cp;
struct log_info li; struct log_info li;
ssize_t len;
int plen; int plen;
plen = strlen(pathbuf); plen = strlen(pathbuf);
@@ -570,14 +605,21 @@ list_session_dir(pathbuf, re, user, tty)
continue; continue;
} }
/* /*
* ID file has two lines, a log info line followed by a command line. * ID file has three lines:
* 1) a log info line
* 2) cwd
* 3) command with args
*/ */
/* XXX - BUFSIZ might not be enough, implement getline? */ sudo_getln(&buf, fp);
if (!fgets(buf, sizeof(buf), fp) || !fgets(cmdbuf, sizeof(cmdbuf), fp)) { sudo_getln(&cwd, fp);
fclose(fp); sudo_getln(&cmd, fp);
fclose(fp);
if (buf == NULL || cwd == NULL || cmd == NULL) {
efree(buf);
efree(cwd);
efree(cmd);
continue; continue;
} }
fclose(fp);
/* crack the log line: timestamp:user:runas_user:runas_group:tty */ /* crack the log line: timestamp:user:runas_user:runas_group:tty */
buf[strcspn(buf, "\n")] = '\0'; buf[strcspn(buf, "\n")] = '\0';
@@ -604,8 +646,11 @@ list_session_dir(pathbuf, re, user, tty)
*cp++ = '\0'; *cp++ = '\0';
li.tty = cp; li.tty = cp;
cmdbuf[strcspn(cmdbuf, "\n")] = '\0'; cwd[strcspn(cwd, "\n")] = '\0';
li.cmd = cmdbuf; li.cwd = cwd;
cmd[strcspn(cmd, "\n")] = '\0';
li.cmd = cmd;
/* Match on search expression if there is one. */ /* Match on search expression if there is one. */
if (search_expr && !match_expr(search_expr, &li)) if (search_expr && !match_expr(search_expr, &li))
@@ -620,6 +665,9 @@ list_session_dir(pathbuf, re, user, tty)
idstr[5] = pathbuf[plen + 2]; idstr[5] = pathbuf[plen + 2];
idstr[6] = '\0'; idstr[6] = '\0';
/* XXX - better format (timestamp?) */ /* XXX - better format (timestamp?) */
/*
Sep 14 17:10:28 core sudo: millert : TTY=ttyp9 ; PWD=/home/anoncvs/www/htdocs/torrentflux/downloads/millert ; USER=root ; COMMAND=/bin/rm mad.men.s03e04.720p.hdtv.x264-ctu.mkv
*/
printf("%s: %s %ld (%s:%s) %s\n", idstr, li.user, (long)li.tstamp, printf("%s: %s %ld (%s:%s) %s\n", idstr, li.user, (long)li.tstamp,
li.runas_user, li.runas_group, li.cmd); li.runas_user, li.runas_group, li.cmd);
} }