isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use debug logging instead of ignore_result() where possible.

Browse Source
This commit is contained in:
Todd C. Miller
2017-05-12 10:02:18 -06:00
parent d979898e71
commit a842913aa7
5 changed files with 72 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
plugins/sudoers/iolog.c
View File

@@ -103,10 +103,20 @@ io_mkdirs(char *path)
}
if (ok) {
if (S_ISDIR(sb.st_mode)) {
if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid)
ignore_result(chown(path, iolog_uid, iolog_gid));
if ((sb.st_mode & ALLPERMS) != iolog_dirmode)
ignore_result(chmod(path, iolog_dirmode));
if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) {
if (chown(path, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, path);
}
}
if ((sb.st_mode & ALLPERMS) != iolog_dirmode) {
if (chmod(path, iolog_dirmode) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chmod 0%o %s", __func__,
(int)iolog_dirmode, path);
}
}
} else {
sudo_warnx(U_("%s exists but is not a directory (0%o)"),
path, (unsigned int) sb.st_mode);
@@ -135,7 +145,11 @@ io_mkdirs(char *path)
if (!ok)
sudo_warn(U_("unable to mkdir %s"), path);
} else {
ignore_result(chown(path, iolog_uid, iolog_gid));
if (chown(path, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, path);
}
}
}
if (uid_changed) {
@@ -405,7 +419,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
goto done;
}
sudo_lock_file(fd, SUDO_LOCK);
ignore_result(fchown(fd, iolog_uid, iolog_gid));
if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
/*
* If there is no seq file in iolog_dir and a fallback dir was
@@ -421,7 +439,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
if (len > 0 && (size_t)len < sizeof(fallback)) {
int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode);
if (fd2 != -1) {
ignore_result(fchown(fd2, iolog_uid, iolog_gid));
if (fchown(fd2, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, fallback);
}
nread = read(fd2, buf, sizeof(buf) - 1);
if (nread > 0) {
if (buf[nread - 1] == '\n')
@@ -541,7 +563,11 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
if (iol->enabled) {
int fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode);
if (fd != -1) {
ignore_result(fchown(fd, iolog_uid, iolog_gid));
if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
(void)fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB_H
if (docompress)
@@ -777,7 +803,11 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf);
debug_return_bool(false);
}
ignore_result(fchown(fd, iolog_uid, iolog_gid));
if (fchown(fd, iolog_uid, iolog_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to fchown %d:%d %s", __func__,
(int)iolog_uid, (int)iolog_gid, pathbuf);
}
fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
details->user ? details->user : "unknown", details->runas_pw->pw_name,

9
plugins/sudoers/mkdir_parents.c
View File

@@ -51,8 +51,13 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
"mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode,
(int)uid, (int)gid);
if (mkdir(path, mode) == 0) {
if (uid != (uid_t)-1 && gid != (gid_t)-1)
ignore_result(chown(path, uid, gid));
if (uid != (uid_t)-1 && gid != (gid_t)-1) {
if (chown(path, uid, gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)uid, (int)gid, path);
}
}
} else {
if (errno != EEXIST) {
if (!quiet)

9
plugins/sudoers/set_perms.c
View File

@@ -1181,8 +1181,13 @@ restore_perms(void)
*/
if (OID(euid) == ROOT_UID) {
/* setuid() may not set the saved ID unless the euid is ROOT_UID */
if (ID(euid) != ROOT_UID)
ignore_result(setreuid(-1, ROOT_UID));
if (ID(euid) != ROOT_UID) {
if (setreuid(-1, ROOT_UID) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"setreuid() [%d, %d] -> [-1, %d)", (int)state->ruid,
(int)state->euid, ROOT_UID);
}
}
if (setuid(ROOT_UID)) {
sudo_warn("setuid() [%d, %d] -> %d)", (int)state->ruid,
(int)state->euid, ROOT_UID);

6
plugins/sudoers/timestamp.c
View File

@@ -170,7 +170,11 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
sudo_warn(U_("unable to mkdir %s"), path);
ret = false;
} else {
ignore_result(chown(path, owner, group));
if (chown(path, owner, group) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)owner, (int)group, path);
}
}
}
umask(omask);

18
plugins/sudoers/visudo.c
View File

@@ -697,10 +697,20 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
*/
(void) unlink(sp->tpath);
if (!oldperms && fstat(sp->fd, &sb) != -1) {
if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid)
ignore_result(chown(sp->path, sudoers_uid, sudoers_gid));
if ((sb.st_mode & ACCESSPERMS) != sudoers_mode)
ignore_result(chmod(sp->path, sudoers_mode));
if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) {
if (chown(sp->path, sudoers_uid, sudoers_gid) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chown %d:%d %s", __func__,
(int)sudoers_uid, (int)sudoers_gid, sp->path);
}
}
if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) {
if (chmod(sp->path, sudoers_mode) != 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to chmod 0%o %s", __func__,
(int)sudoers_mode, sp->path);
}
}
}
ret = true;
goto done;