isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for "accept" audit events sent by the sudo front-end.

Browse Source 
With this change, the sudo front-end will send an "accept" audit
event to the audit plugins after all the I/O logging plugins have
been initialized.  This can be used by an audit plugin that does
not care about the result of the individual policy and approval
plugins and only wants to receive a single "accept" event if all
policy and approval plugins have succeeded.  The plugin_type argument
for events sent by the front-end is SUDO_FRONT_END (0).
This commit is contained in:
Todd C. Miller
2020-06-02 09:07:44 -06:00
parent a380709215
commit f0dc48548c
8 changed files with 252 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/audit_json/audit_json.c
View File

@@ -514,7 +514,7 @@ audit_write_record(const char *audit_str, const char *plugin_name,
goto oom;
switch (plugin_type) {
case 0:
case SUDO_FRONT_END:
json_value.u.string = "front-end";
break;
case SUDO_POLICY_PLUGIN:
@@ -604,6 +604,10 @@ audit_json_accept(const char *plugin_name, unsigned int plugin_type,
int ret;
debug_decl(audit_json_accept, SUDO_DEBUG_PLUGIN);
/* Ignore the extra accept event from the sudo front-end. */
if (plugin_type == SUDO_FRONT_END)
debug_return_int(true);
state.accepted = true;
ret = audit_write_record("accept", plugin_name, plugin_type, NULL,