isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add maxseq sudoers option to limit the max number of I/O log files.

Browse Source
This commit is contained in:
Todd C. Miller
2013-02-18 15:06:23 -05:00
parent 618871a331
commit b9159ecb26
10 changed files with 191 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
doc/sudoers.cat
View File

@@ -1295,6 +1295,19 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
escape %h will expand to the host name of the machine. escape %h will expand to the host name of the machine.
Default is ``*** SECURITY information for %h ***''. Default is ``*** SECURITY information for %h ***''.
maxseq The maximum sequence number that will be substituted
for the ``%{seq}'' escape in the I/O log file (see the
_i_o_l_o_g___d_i_r description above for more information).
While the value substituted for ``%{seq}'' is in base
36, _m_a_x_s_e_q itself should be expressed in decimal.
Values larger than 2176782336 (which corresponds to the
base 36 sequence number ``ZZZZZZ'') will be silently
truncated to 2176782336. The default value is
2176782336.
This setting is only supported by ssuuddooeerrss plugin
version 1.8.7 or higher.
noexec_file As of ssuuddoo version 1.8.1 this option is no longer noexec_file As of ssuuddoo version 1.8.1 this option is no longer
supported. The path to the noexec file should now be supported. The path to the noexec file should now be
set in the sudo.conf(4) file. set in the sudo.conf(4) file.
@@ -2125,4 +2138,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details. complete details.
Sudo 1.8.7 February 5, 2013 Sudo 1.8.7 Sudo 1.8.7 February 18, 2013 Sudo 1.8.7

23
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "@mansectsu@" "February 5, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual" .TH "SUDOERS" "@mansectsu@" "February 18, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -2726,6 +2726,27 @@ will expand to the host name of the machine.
Default is Default is
``\fR@mailsub@\fR''. ``\fR@mailsub@\fR''.
.TP 18n .TP 18n
maxseq
The maximum sequence number that will be substituted for the
``\fR%{seq}\fR''
escape in the I/O log file (see the
\fIiolog_dir\fR
description above for more information).
While the value substituted for
``\fR%{seq}\fR''
is in base 36,
\fImaxseq\fR
itself should be expressed in decimal.
Values larger than 2176782336 (which corresponds to the
base 36 sequence number
``ZZZZZZ'')
will be silently truncated to 2176782336.
The default value is 2176782336.
.sp
This setting is only supported by
\fBsudoers\fR
plugin version 1.8.7 or higher.
.TP 18n
noexec_file noexec_file
As of As of
\fBsudo\fR \fBsudo\fR

22
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd February 5, 2013 .Dd February 18, 2013
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -2547,6 +2547,26 @@ The escape
will expand to the host name of the machine. will expand to the host name of the machine.
Default is Default is
.Dq Li @mailsub@ . .Dq Li @mailsub@ .
.It maxseq
The maximum sequence number that will be substituted for the
.Dq Li %{seq}
escape in the I/O log file (see the
.Em iolog_dir
description above for more information).
While the value substituted for
.Dq Li %{seq}
is in base 36,
.Em maxseq
itself should be expressed in decimal.
Values larger than 2176782336 (which corresponds to the
base 36 sequence number
.Dq ZZZZZZ )
will be silently truncated to 2176782336.
The default value is 2176782336.
.Pp
This setting is only supported by
.Nm sudoers
plugin version 1.8.7 or higher.
.It noexec_file .It noexec_file
As of As of
.Nm sudo .Nm sudo

4
plugins/sudoers/def_data.c
View File

@@ -354,6 +354,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"exec_background", T_FLAG, "exec_background", T_FLAG,
N_("Run commands on a pty in the background"), N_("Run commands on a pty in the background"),
NULL, NULL,
}, {
"maxseq", T_UINT,
N_("Maximum I/O log sequence number"),
NULL,
}, { }, {
NULL, 0, NULL NULL, 0, NULL
} }

2
plugins/sudoers/def_data.h
View File

@@ -164,6 +164,8 @@
#define I_LIMITPRIVS 81 #define I_LIMITPRIVS 81
#define def_exec_background (sudo_defs_table[82].sd_un.flag) #define def_exec_background (sudo_defs_table[82].sd_un.flag)
#define I_EXEC_BACKGROUND 82 #define I_EXEC_BACKGROUND 82
#define def_maxseq (sudo_defs_table[83].sd_un.ival)
#define I_MAXSEQ 83
enum def_tuple { enum def_tuple {
never, never,

3
plugins/sudoers/def_data.in
View File

@@ -262,3 +262,6 @@ limitprivs
exec_background exec_background
T_FLAG T_FLAG
"Run commands on a pty in the background" "Run commands on a pty in the background"
maxseq
T_UINT
"Maximum I/O log sequence number"

238
plugins/sudoers/iolog.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -51,14 +51,6 @@
#include "sudoers.h" #include "sudoers.h"
union io_fd {
FILE *f;
#ifdef HAVE_ZLIB_H
gzFile g;
#endif
void *v;
};
struct script_buf { struct script_buf {
int len; /* buffer length (how much read in) */ int len; /* buffer length (how much read in) */
int off; /* write position (how much already consumed) */ int off; /* write position (how much already consumed) */
@@ -79,27 +71,47 @@ struct iolog_details {
struct group *runas_gr; struct group *runas_gr;
int lines; int lines;
int cols; int cols;
int iolog_stdin;
int iolog_stdout;
int iolog_stderr;
int iolog_ttyin;
int iolog_ttyout;
}; };
#define IOFD_STDIN 0 union io_fd {
#define IOFD_STDOUT 1 FILE *f;
#define IOFD_STDERR 2 #ifdef HAVE_ZLIB_H
#define IOFD_TTYIN 3 gzFile g;
#define IOFD_TTYOUT 4 #endif
#define IOFD_TIMING 5 void *v;
#define IOFD_MAX 6 };
extern __dso_public struct io_plugin sudoers_io;
struct io_log_file {
bool enabled;
const char *suffix;
int (**fn_ptr)(const char *buf, unsigned int len);
union io_fd fd;
} io_log_files[] = {
#define IOFD_LOG 0
{ true, "/log", NULL },
#define IOFD_TIMING 1
{ true, "/timing", NULL },
#define IOFD_STDIN 2
{ false, "/stdin", &sudoers_io.log_stdin },
#define IOFD_STDOUT 3
{ false, "/stdout", &sudoers_io.log_stdout },
#define IOFD_STDERR 4
{ false, "/stderr", &sudoers_io.log_stderr },
#define IOFD_TTYIN 5
{ false, "/ttyin", &sudoers_io.log_ttyin },
#define IOFD_TTYOUT 6
{ false, "/ttyout", &sudoers_io.log_ttyout },
#define IOFD_MAX 7
{ false, NULL, NULL }
};
#define SESSID_MAX 2176782336U #define SESSID_MAX 2176782336U
static int iolog_compress; static int iolog_compress;
static struct timeval last_time; static struct timeval last_time;
static union io_fd io_fds[IOFD_MAX]; static unsigned int sessid_max = SESSID_MAX;
extern __dso_public struct io_plugin sudoers_io;
/* /*
* Create path and any parent directories as needed. * Create path and any parent directories as needed.
@@ -150,6 +162,25 @@ io_mkdirs(char *path, mode_t mode, bool is_temp)
debug_return; debug_return;
} }
/*
* Set max session ID (aka sequence number)
*/
int
io_set_max_sessid(const char *maxval)
{
unsigned long ulval;
char *ep;
errno = 0;
ulval = strtoul(maxval, &ep, 0);
if (*maxval != '\0' && *ep == '\0' &&
(errno != ERANGE || ulval != ULONG_MAX)) {
sessid_max = MIN((unsigned int)ulval, SESSID_MAX);
return true;
}
return false;
}
/* /*
* Read the on-disk sequence number, set sessid to the next * Read the on-disk sequence number, set sessid to the next
* number, and update the on-disk copy. * number, and update the on-disk copy.
@@ -203,7 +234,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
nread = read(fd2, buf, sizeof(buf)); nread = read(fd2, buf, sizeof(buf));
if (nread > 0) { if (nread > 0) {
id = strtoul(buf, &ep, 36); id = strtoul(buf, &ep, 36);
if (buf == ep || id >= SESSID_MAX) if (buf == ep || id >= sessid_max)
id = 0; id = 0;
} }
close(fd2); close(fd2);
@@ -218,8 +249,8 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
if (nread == -1) if (nread == -1)
log_fatal(USE_ERRNO, N_("unable to read %s"), pathbuf); log_fatal(USE_ERRNO, N_("unable to read %s"), pathbuf);
id = strtoul(buf, &ep, 36); id = strtoul(buf, &ep, 36);
if (buf == ep || id >= SESSID_MAX) if (buf == ep || id >= sessid_max)
log_fatal(0, N_("invalid sequence number %s"), pathbuf); id = 0;
} }
} }
id++; id++;
@@ -278,34 +309,46 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
* Append suffix to pathbuf after len chars and open the resulting file. * Append suffix to pathbuf after len chars and open the resulting file.
* Note that the size of pathbuf is assumed to be PATH_MAX. * Note that the size of pathbuf is assumed to be PATH_MAX.
* Uses zlib if docompress is true. * Uses zlib if docompress is true.
* Returns the open file handle which has the close-on-exec flag set. * Stores the open file handle which has the close-on-exec flag set.
*/ */
static void * static void
open_io_fd(char *pathbuf, size_t len, const char *suffix, bool docompress) open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
{ {
void *vfd = NULL;
int fd; int fd;
debug_decl(open_io_fd, SUDO_DEBUG_UTIL) debug_decl(open_io_fd, SUDO_DEBUG_UTIL)
pathbuf[len] = '\0'; pathbuf[len] = '\0';
strlcat(pathbuf, suffix, PATH_MAX); strlcat(pathbuf, iol->suffix, PATH_MAX);
fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); if (iol->enabled) {
if (fd != -1) { fd = open(pathbuf, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
fcntl(fd, F_SETFD, FD_CLOEXEC); if (fd != -1) {
fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (docompress) if (docompress)
vfd = gzdopen(fd, "w"); iol->fd.g = gzdopen(fd, "w");
else else
#endif #endif
vfd = fdopen(fd, "w"); iol->fd.f = fdopen(fd, "w");
}
if (fd == -1 || iol->fd.v == NULL) {
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
if (fd != -1)
close(fd);
}
} else {
/* Remove old log file if we recycled sequence numbers. */
unlink(pathbuf);
if (iol->fn_ptr != NULL)
*(iol->fn_ptr) = NULL;
} }
debug_return_ptr(vfd); debug_return;
} }
/* /*
* Pull out I/O log related data from user_info and command_info arrays. * Pull out I/O log related data from user_info and command_info arrays.
* Returns true if I/O logging is enabled, else false.
*/ */
static void static bool
iolog_deserialize_info(struct iolog_details *details, char * const user_info[], iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
char * const command_info[]) char * const command_info[])
{ {
@@ -370,27 +413,27 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
} }
if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) { if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true) if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true)
details->iolog_stdin = true; io_log_files[IOFD_STDIN].enabled = true;
continue; continue;
} }
if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) { if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true) if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true)
details->iolog_stdout = true; io_log_files[IOFD_STDOUT].enabled = true;
continue; continue;
} }
if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) { if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true) if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true)
details->iolog_stderr = true; io_log_files[IOFD_STDERR].enabled = true;
continue; continue;
} }
if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) { if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true) if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true)
details->iolog_ttyin = true; io_log_files[IOFD_TTYIN].enabled = true;
continue; continue;
} }
if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) { if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true) if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true)
details->iolog_ttyout = true; io_log_files[IOFD_TTYOUT].enabled = true;
continue; continue;
} }
if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) { if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) {
@@ -399,6 +442,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
continue; continue;
} }
break; break;
case 'm':
if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0)
io_set_max_sessid(*cur + sizeof("maxseq=") - 1);
break;
case 'r': case 'r':
if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) { if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) {
runas_gid_str = *cur + sizeof("runas_gid=") - 1; runas_gid_str = *cur + sizeof("runas_gid=") - 1;
@@ -459,7 +506,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
details->runas_gr = sudo_fakegrnam(id); details->runas_gr = sudo_fakegrnam(id);
} }
} }
debug_return; debug_return_bool(
io_log_files[IOFD_STDIN].enabled || io_log_files[IOFD_STDOUT].enabled ||
io_log_files[IOFD_STDERR].enabled || io_log_files[IOFD_TTYIN].enabled ||
io_log_files[IOFD_TTYOUT].enabled);
} }
static int static int
@@ -473,9 +523,8 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
char *tofree = NULL; char *tofree = NULL;
char * const *cur; char * const *cur;
const char *debug_flags = NULL; const char *debug_flags = NULL;
FILE *io_logfile;
size_t len; size_t len;
int rval = -1; int i, rval = -1;
debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN) debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN)
sudo_conv = conversation; sudo_conv = conversation;
@@ -507,13 +556,9 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
sudo_debug_init(NULL, debug_flags); sudo_debug_init(NULL, debug_flags);
/* /*
* Pull iolog settings out of command_info, if any. * Pull iolog settings out of command_info.
*/ */
iolog_deserialize_info(&details, user_info, command_info); if (!iolog_deserialize_info(&details, user_info, command_info)) {
/* Did policy module disable I/O logging? */
if (!details.iolog_stdin && !details.iolog_ttyin &&
!details.iolog_stdout && !details.iolog_stderr &&
!details.iolog_ttyout) {
rval = false; rval = false;
goto done; goto done;
} }
@@ -541,71 +586,24 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
/* /*
* We create 7 files: a log file, a timing file and 5 for input/output. * We create 7 files: a log file, a timing file and 5 for input/output.
*/ */
io_logfile = open_io_fd(pathbuf, len, "/log", false); for (i = 0; i < IOFD_MAX; i++) {
if (io_logfile == NULL) open_io_fd(pathbuf, len, &io_log_files[i], i ? iolog_compress : false);
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing",
iolog_compress);
if (io_fds[IOFD_TIMING].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
if (details.iolog_ttyin) {
io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin",
iolog_compress);
if (io_fds[IOFD_TTYIN].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
} else {
sudoers_io.log_ttyin = NULL;
}
if (details.iolog_stdin) {
io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin",
iolog_compress);
if (io_fds[IOFD_STDIN].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
} else {
sudoers_io.log_stdin = NULL;
}
if (details.iolog_ttyout) {
io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout",
iolog_compress);
if (io_fds[IOFD_TTYOUT].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
} else {
sudoers_io.log_ttyout = NULL;
}
if (details.iolog_stdout) {
io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout",
iolog_compress);
if (io_fds[IOFD_STDOUT].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
} else {
sudoers_io.log_stdout = NULL;
}
if (details.iolog_stderr) {
io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr",
iolog_compress);
if (io_fds[IOFD_STDERR].v == NULL)
log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
} else {
sudoers_io.log_stderr = NULL;
} }
gettimeofday(&last_time, NULL); fprintf(io_log_files[IOFD_LOG].fd.f, "%ld:%s:%s:%s:%s:%d:%d\n%s\n%s",
(long)last_time.tv_sec,
fprintf(io_logfile, "%ld:%s:%s:%s:%s:%d:%d\n", (long)last_time.tv_sec,
details.user ? details.user : "unknown", details.runas_pw->pw_name, details.user ? details.user : "unknown", details.runas_pw->pw_name,
details.runas_gr ? details.runas_gr->gr_name : "", details.runas_gr ? details.runas_gr->gr_name : "",
details.tty ? details.tty : "unknown", details.lines, details.cols); details.tty ? details.tty : "unknown", details.lines, details.cols,
fputs(details.cwd ? details.cwd : "unknown", io_logfile); details.cwd ? details.cwd : "unknown",
fputc('\n', io_logfile); details.command ? details.command : "unknown");
fputs(details.command ? details.command : "unknown", io_logfile);
for (cur = &argv[1]; *cur != NULL; cur++) { for (cur = &argv[1]; *cur != NULL; cur++) {
fputc(' ', io_logfile); fputc(' ', io_log_files[IOFD_LOG].fd.f);
fputs(*cur, io_logfile); fputs(*cur, io_log_files[IOFD_LOG].fd.f);
} }
fputc('\n', io_logfile); fputc('\n', io_log_files[IOFD_LOG].fd.f);
fclose(io_logfile); fclose(io_log_files[IOFD_LOG].fd.f);
io_log_files[IOFD_LOG].fd.f = NULL;
rval = true; rval = true;
@@ -635,14 +633,14 @@ sudoers_io_close(int exit_status, int error)
} }
for (i = 0; i < IOFD_MAX; i++) { for (i = 0; i < IOFD_MAX; i++) {
if (io_fds[i].v == NULL) if (io_log_files[i].fd.v == NULL)
continue; continue;
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (iolog_compress) if (iolog_compress)
gzclose(io_fds[i].g); gzclose(io_log_files[i].fd.g);
else else
#endif #endif
fclose(io_fds[i].f); fclose(io_log_files[i].fd.f);
} }
debug_return; debug_return;
} }
@@ -683,20 +681,20 @@ sudoers_io_log(const char *buf, unsigned int len, int idx)
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (iolog_compress) if (iolog_compress)
ignore_result(gzwrite(io_fds[idx].g, (const voidp)buf, len)); ignore_result(gzwrite(io_log_files[idx].fd.g, (const voidp)buf, len));
else else
#endif #endif
ignore_result(fwrite(buf, 1, len, io_fds[idx].f)); ignore_result(fwrite(buf, 1, len, io_log_files[idx].fd.f));
delay.tv_sec = now.tv_sec; delay.tv_sec = now.tv_sec;
delay.tv_usec = now.tv_usec; delay.tv_usec = now.tv_usec;
timevalsub(&delay, &last_time); timevalsub(&delay, &last_time);
#ifdef HAVE_ZLIB_H #ifdef HAVE_ZLIB_H
if (iolog_compress) if (iolog_compress)
gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx, gzprintf(io_log_files[IOFD_TIMING].fd.g, "%d %f %d\n", idx,
delay.tv_sec + ((double)delay.tv_usec / 1000000), len); delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
else else
#endif #endif
fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx, fprintf(io_log_files[IOFD_TIMING].fd.f, "%d %f %d\n", idx,
delay.tv_sec + ((double)delay.tv_usec / 1000000), len); delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
last_time.tv_sec = now.tv_sec; last_time.tv_sec = now.tv_sec;
last_time.tv_usec = now.tv_usec; last_time.tv_usec = now.tv_usec;

3
plugins/sudoers/policy.c
View File

@@ -361,6 +361,9 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
if (def_compress_io) { if (def_compress_io) {
command_info[info_len++] = estrdup("iolog_compress=true"); command_info[info_len++] = estrdup("iolog_compress=true");
} }
if (def_maxseq) {
easprintf(&command_info[info_len++], "maxseq=%u", def_maxseq);
}
} }
if (ISSET(sudo_mode, MODE_EDIT)) if (ISSET(sudo_mode, MODE_EDIT))
command_info[info_len++] = estrdup("sudoedit=true"); command_info[info_len++] = estrdup("sudoedit=true");

3
plugins/sudoers/sudoers.c
View File

@@ -582,6 +582,9 @@ init_vars(char * const envp[])
/* Set locale callback. */ /* Set locale callback. */
sudo_defs_table[I_SUDOERS_LOCALE].callback = cb_sudoers_locale; sudo_defs_table[I_SUDOERS_LOCALE].callback = cb_sudoers_locale;
/* Set maxseq callback. */
sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid;
/* It is now safe to use log_fatal() and set_perms() */ /* It is now safe to use log_fatal() and set_perms() */
debug_return; debug_return;
} }

1
plugins/sudoers/sudoers.h
View File

@@ -322,6 +322,7 @@ int atobool(const char *str);
int get_boottime(struct timeval *); int get_boottime(struct timeval *);
/* iolog.c */ /* iolog.c */
int io_set_max_sessid(const char *sessid);
void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]); void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]);
/* iolog_path.c */ /* iolog_path.c */