Add SLOG_AUDIT flag for log_warningx() to also audit the message.
This lets us combine audit_failure() and log_warningx() calls with the same message.
This commit is contained in:
Todd C. Miller
@@ -93,20 +93,17 @@ audit_failure_int(char *const argv[], const char *message)
|
||||
}
|
||||
|
||||
int
|
||||
audit_failure(char *const argv[], char const *const fmt, ...)
|
||||
vaudit_failure(char *const argv[], char const *const fmt, va_list ap)
|
||||
{
|
||||
int oldlocale, ret;
|
||||
char *message;
|
||||
va_list ap;
|
||||
debug_decl(audit_failure, SUDOERS_DEBUG_AUDIT);
|
||||
debug_decl(vaudit_failure, SUDOERS_DEBUG_AUDIT);
|
||||
|
||||
/* Audit messages should be in the sudoers locale. */
|
||||
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
||||
|
||||
va_start(ap, fmt);
|
||||
if ((ret = vasprintf(&message, _(fmt), ap)) == -1)
|
||||
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||
va_end(ap);
|
||||
|
||||
if (ret != -1) {
|
||||
/* Set audit_msg for audit plugins. */
|
||||
@@ -121,6 +118,20 @@ audit_failure(char *const argv[], char const *const fmt, ...)
|
||||
debug_return_int(ret);
|
||||
}
|
||||
|
||||
int
|
||||
audit_failure(char *const argv[], char const *const fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int ret;
|
||||
debug_decl(audit_failure, SUDOERS_DEBUG_AUDIT);
|
||||
|
||||
va_start(ap, fmt);
|
||||
ret = vaudit_failure(argv, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
debug_return_int(ret);
|
||||
}
|
||||
|
||||
static int
|
||||
sudoers_audit_open(unsigned int version, sudo_conv_t conversation,
|
||||
sudo_printf_t plugin_printf, char * const settings[],
|
||||
|
||||
@@ -502,6 +502,13 @@ vlog_warning(int flags, int errnum, const char *fmt, va_list ap)
|
||||
int len;
|
||||
debug_decl(vlog_warning, SUDOERS_DEBUG_LOGGING);
|
||||
|
||||
/* Do auditing first (audit_failure() handles the locale itself). */
|
||||
if (ISSET(flags, SLOG_AUDIT)) {
|
||||
va_copy(ap2, ap);
|
||||
vaudit_failure(NewArgv, fmt, ap2);
|
||||
va_end(ap2);
|
||||
}
|
||||
|
||||
/* Need extra copy of ap for sudo_vwarn()/sudo_vwarnx() below. */
|
||||
va_copy(ap2, ap);
|
||||
|
||||
|
||||
@@ -44,6 +44,7 @@
|
||||
#define SLOG_SEND_MAIL 0x08 /* log via mail */
|
||||
#define SLOG_NO_STDERR 0x10 /* do not log via stderr */
|
||||
#define SLOG_NO_LOG 0x20 /* do not log via file or syslog */
|
||||
#define SLOG_AUDIT 0x40 /* send message to audit as well */
|
||||
|
||||
/*
|
||||
* Maximum number of characters to log per entry. The syslogger
|
||||
@@ -74,6 +75,7 @@ bool sudoers_warn_setlocale(bool restore, int *cookie);
|
||||
bool sudoers_setlocale(int newlocale, int *prevlocale);
|
||||
int sudoers_getlocale(void);
|
||||
int audit_failure(char *const argv[], char const *const fmt, ...) __printflike(2, 3);
|
||||
int vaudit_failure(char *const argv[], char const *const fmt, va_list ap) __printflike(2, 0);
|
||||
bool log_allowed(int status);
|
||||
bool log_auth_failure(int status, unsigned int tries);
|
||||
bool log_denial(int status, bool inform_user);
|
||||
|
||||
@@ -292,10 +292,7 @@ check_user_runchroot(void)
|
||||
|
||||
if (def_runchroot == NULL || (strcmp(def_runchroot, "*") != 0 &&
|
||||
strcmp(def_runchroot, user_runchroot) != 0)) {
|
||||
audit_failure(NewArgv,
|
||||
N_("user not allowed to change root directory to %s"),
|
||||
user_runchroot);
|
||||
log_warningx(SLOG_NO_STDERR,
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
N_("user not allowed to change root directory to %s"),
|
||||
user_runchroot);
|
||||
sudo_warnx(U_("you are not permitted to use the -R option with %s"),
|
||||
@@ -322,9 +319,7 @@ check_user_runcwd(void)
|
||||
|
||||
if (strcmp(user_cwd, user_runcwd) != 0) {
|
||||
if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) {
|
||||
audit_failure(NewArgv,
|
||||
N_("user not allowed to change directory to %s"), user_runcwd);
|
||||
log_warningx(SLOG_NO_STDERR,
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
N_("user not allowed to change directory to %s"), user_runcwd);
|
||||
sudo_warnx(U_("you are not permitted to use the -D option with %s"),
|
||||
user_cmnd);
|
||||
@@ -416,9 +411,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
/* Check for -C overriding def_closefrom. */
|
||||
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
|
||||
if (!def_closefrom_override) {
|
||||
audit_failure(NewArgv,
|
||||
N_("user not allowed to override closefrom limit"));
|
||||
log_warningx(SLOG_NO_STDERR,
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
N_("user not allowed to override closefrom limit"));
|
||||
sudo_warnx("%s", U_("you are not permitted to use the -C option"));
|
||||
goto bad;
|
||||
@@ -448,14 +441,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
|
||||
/* Defer uid/gid checks until after defaults have been updated. */
|
||||
if (unknown_runas_uid && !def_runas_allow_unknown_id) {
|
||||
audit_failure(NewArgv, N_("unknown user: %s"), runas_pw->pw_name);
|
||||
log_warningx(0, N_("unknown user: %s"), runas_pw->pw_name);
|
||||
log_warningx(SLOG_AUDIT, N_("unknown user: %s"), runas_pw->pw_name);
|
||||
goto done;
|
||||
}
|
||||
if (runas_gr != NULL) {
|
||||
if (unknown_runas_gid && !def_runas_allow_unknown_id) {
|
||||
audit_failure(NewArgv, N_("unknown group: %s"), runas_gr->gr_name);
|
||||
log_warningx(0, N_("unknown group: %s"), runas_gr->gr_name);
|
||||
log_warningx(SLOG_AUDIT, N_("unknown group: %s"),
|
||||
runas_gr->gr_name);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
@@ -496,17 +488,15 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
|
||||
/* Bail if a tty is required and we don't have one. */
|
||||
if (def_requiretty && !tty_present()) {
|
||||
audit_failure(NewArgv, N_("no tty"));
|
||||
log_warningx(SLOG_NO_STDERR, N_("no tty"));
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT, N_("no tty"));
|
||||
sudo_warnx("%s", U_("sorry, you must have a tty to run sudo"));
|
||||
goto bad;
|
||||
}
|
||||
|
||||
/* Check runas user's shell. */
|
||||
if (!check_user_shell(runas_pw)) {
|
||||
audit_failure(NewArgv, N_("invalid shell for user %s: %s"),
|
||||
runas_pw->pw_name, runas_pw->pw_shell);
|
||||
log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"),
|
||||
log_warningx(SLOG_RAW_MSG|SLOG_AUDIT,
|
||||
N_("invalid shell for user %s: %s"),
|
||||
runas_pw->pw_name, runas_pw->pw_shell);
|
||||
goto bad;
|
||||
}
|
||||
@@ -607,8 +597,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
|
||||
/* If user specified a timeout make sure sudoers allows it. */
|
||||
if (!def_user_command_timeouts && user_timeout > 0) {
|
||||
audit_failure(NewArgv, N_("user not allowed to set a command timeout"));
|
||||
log_warningx(SLOG_NO_STDERR,
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
N_("user not allowed to set a command timeout"));
|
||||
sudo_warnx("%s",
|
||||
U_("sorry, you are not allowed set a command timeout"));
|
||||
@@ -618,9 +607,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
/* If user specified env vars make sure sudoers allows it. */
|
||||
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
|
||||
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
|
||||
audit_failure(NewArgv,
|
||||
N_("user not allowed to preserve the environment"));
|
||||
log_warningx(SLOG_NO_STDERR,
|
||||
log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
||||
N_("user not allowed to preserve the environment"));
|
||||
sudo_warnx("%s",
|
||||
U_("sorry, you are not allowed to preserve the environment"));
|
||||
|
||||
Reference in New Issue
Block a user