isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use debug logging instead of ignore_result() where possible.

Browse Source
This commit is contained in:
Todd C. Miller
2017-05-12 10:02:18 -06:00
parent d979898e71
commit a842913aa7
5 changed files with 72 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
plugins/sudoers/iolog.c
View File

@@ -103,10 +103,20 @@ io_mkdirs(char *path)
} }
if (ok) { if (ok) {
if (S_ISDIR(sb.st_mode)) { if (S_ISDIR(sb.st_mode)) {
if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) {
ignore_result(chown(path, iolog_uid, iolog_gid)); if (chown(path, iolog_uid, iolog_gid) != 0) {
if ((sb.st_mode & ALLPERMS) != iolog_dirmode) sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
ignore_result(chmod(path, iolog_dirmode)); "%s: unable to chown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, path);
}
}
if ((sb.st_mode & ALLPERMS) != iolog_dirmode) {
if (chmod(path, iolog_dirmode) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chmod 0%o %s", __func__,
(int)iolog_dirmode, path);
}
}
} else { } else {
sudo_warnx(U_("%s exists but is not a directory (0%o)"), sudo_warnx(U_("%s exists but is not a directory (0%o)"),
path, (unsigned int) sb.st_mode); path, (unsigned int) sb.st_mode);
@@ -135,7 +145,11 @@ io_mkdirs(char *path)
if (!ok) if (!ok)
sudo_warn(U_("unable to mkdir %s"), path); sudo_warn(U_("unable to mkdir %s"), path);
} else { } else {
ignore_result(chown(path, iolog_uid, iolog_gid)); if (chown(path, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, path);
}
} }
} }
if (uid_changed) { if (uid_changed) {
@@ -405,7 +419,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
goto done; goto done;
} }
sudo_lock_file(fd, SUDO_LOCK); sudo_lock_file(fd, SUDO_LOCK);
ignore_result(fchown(fd, iolog_uid, iolog_gid)); if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
/* /*
* If there is no seq file in iolog_dir and a fallback dir was * If there is no seq file in iolog_dir and a fallback dir was
@@ -421,7 +439,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
if (len > 0 && (size_t)len < sizeof(fallback)) { if (len > 0 && (size_t)len < sizeof(fallback)) {
int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode); int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode);
if (fd2 != -1) { if (fd2 != -1) {
ignore_result(fchown(fd2, iolog_uid, iolog_gid)); if (fchown(fd2, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, fallback);
}
nread = read(fd2, buf, sizeof(buf) - 1); nread = read(fd2, buf, sizeof(buf) - 1);
if (nread > 0) { if (nread > 0) {
if (buf[nread - 1] == '\n') if (buf[nread - 1] == '\n')
@@ -541,7 +563,11 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
if (iol->enabled) { if (iol->enabled) {
int fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode); int fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode);
if (fd != -1) { if (fd != -1) {
ignore_result(fchown(fd, iolog_uid, iolog_gid)); if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
(void)fcntl(fd, F_SETFD, FD_CLOEXEC); (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (docompress) if (docompress)
@@ -777,7 +803,11 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf); log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf);
debug_return_bool(false); debug_return_bool(false);
} }
ignore_result(fchown(fd, iolog_uid, iolog_gid)); if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec, fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
details->user ? details->user : "unknown", details->runas_pw->pw_name, details->user ? details->user : "unknown", details->runas_pw->pw_name,

9
plugins/sudoers/mkdir_parents.c
View File

@@ -51,8 +51,13 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
"mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode, "mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode,
(int)uid, (int)gid); (int)uid, (int)gid);
if (mkdir(path, mode) == 0) { if (mkdir(path, mode) == 0) {
if (uid != (uid_t)-1 && gid != (gid_t)-1) if (uid != (uid_t)-1 && gid != (gid_t)-1) {
ignore_result(chown(path, uid, gid)); if (chown(path, uid, gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)uid, (int)gid, path);
}
}
} else { } else {
if (errno != EEXIST) { if (errno != EEXIST) {
if (!quiet) if (!quiet)

9
plugins/sudoers/set_perms.c
View File

@@ -1181,8 +1181,13 @@ restore_perms(void)
*/ */
if (OID(euid) == ROOT_UID) { if (OID(euid) == ROOT_UID) {
/* setuid() may not set the saved ID unless the euid is ROOT_UID */ /* setuid() may not set the saved ID unless the euid is ROOT_UID */
if (ID(euid) != ROOT_UID) if (ID(euid) != ROOT_UID) {
ignore_result(setreuid(-1, ROOT_UID)); if (setreuid(-1, ROOT_UID) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"setreuid() [%d, %d] -> [-1, %d)", (int)state->ruid,
(int)state->euid, ROOT_UID);
}
}
if (setuid(ROOT_UID)) { if (setuid(ROOT_UID)) {
sudo_warn("setuid() [%d, %d] -> %d)", (int)state->ruid, sudo_warn("setuid() [%d, %d] -> %d)", (int)state->ruid,
(int)state->euid, ROOT_UID); (int)state->euid, ROOT_UID);

6
plugins/sudoers/timestamp.c
View File

@@ -170,7 +170,11 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
sudo_warn(U_("unable to mkdir %s"), path); sudo_warn(U_("unable to mkdir %s"), path);
ret = false; ret = false;
} else { } else {
ignore_result(chown(path, owner, group)); if (chown(path, owner, group) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)owner, (int)group, path);
}
} }
} }
umask(omask); umask(omask);

18
plugins/sudoers/visudo.c
View File

@@ -697,10 +697,20 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
*/ */
(void) unlink(sp->tpath); (void) unlink(sp->tpath);
if (!oldperms && fstat(sp->fd, &sb) != -1) { if (!oldperms && fstat(sp->fd, &sb) != -1) {
if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) {
ignore_result(chown(sp->path, sudoers_uid, sudoers_gid)); if (chown(sp->path, sudoers_uid, sudoers_gid) != 0) {
if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
ignore_result(chmod(sp->path, sudoers_mode)); "%s: unable to chown %d:%d %s", __func__,
(int)sudoers_uid, (int)sudoers_gid, sp->path);
}
}
if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) {
if (chmod(sp->path, sudoers_mode) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chmod 0%o %s", __func__,
(int)sudoers_mode, sp->path);
}
}
} }
ret = true; ret = true;
goto done; goto done;