Log the TSID even if it is not a simple session ID.

diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 976c49241f72c4c129bdf257bcd3ab452bc6450a..903aedf49755a58448af263bdd45f1b16c905e47 100644 (file)
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -128,7 +128,7 @@ mkdir_parents(char *path)
 }
 
 /*
- * Read the on-disk sequence number, set sudo_user.sessid to the next
+ * Read the on-disk sequence number, set sessid to the next
  * number, and update the on-disk copy.
  * Uses file locking to avoid sequence number collisions.
  */

diff --git a/plugins/sudoers/iolog_path.c b/plugins/sudoers/iolog_path.c
index d9226157194d9375545e8b63da7a62421e3a9bb5..e98db947c7c2b2581b9a28b62eb93f2bca3e5e13 100644 (file)
--- a/plugins/sudoers/iolog_path.c
+++ b/plugins/sudoers/iolog_path.c
@@ -73,6 +73,10 @@ fill_seq(char *str, size_t strsize)
 {
     int len;
 
+    /* XXX - sessid should be static to fill_seq */
+    if (sudo_user.sessid[0] == '\0')
+       io_nextid(def_iolog_dir, sudo_user.sessid);
+
     /* Path is of the form /var/log/sudo-io/00/00/01. */
     len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sudo_user.sessid[0],
        sudo_user.sessid[1], sudo_user.sessid[2], sudo_user.sessid[3],

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 70145c58e08be4204063e77f6972ffbe2d93e923..e14a6944a096eaac39c0094d7a640f461877d63d 100644 (file)
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -635,9 +635,13 @@ static char *
 new_logline(const char *message, int serrno)
 {
     size_t len = 0;
-    char *evstr = NULL;
     char *errstr = NULL;
-    char *line;
+    char *evstr = NULL;
+    char *line, *tsid;
+
+    /* A TSID may be a sudoers-style session ID or a free-form string. */
+    tsid =
+       sudo_user.sessid[0] != '\0' ? sudo_user.sessid : sudo_user.iolog_file;
 
     /*
      * Compute line length
@@ -654,8 +658,8 @@ new_logline(const char *message, int serrno)
        len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
     if (runas_gr != NULL)
        len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name);
-    if (sudo_user.sessid[0] != '\0')
-       len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid);
+    if (tsid != NULL)
+       len += sizeof(LL_TSID_STR) + 2 + strlen(tsid);
     if (sudo_user.env_vars != NULL) {
        size_t evlen = 0;
        char * const *ep;
@@ -715,9 +719,9 @@ new_logline(const char *message, int serrno)
            strlcat(line, " ; ", len) >= len)
            goto toobig;
     }
-    if (sudo_user.sessid[0] != '\0') {
+    if (tsid != NULL) {
        if (strlcat(line, LL_TSID_STR, len) >= len ||
-           strlcat(line, sudo_user.sessid, len) >= len ||
+           strlcat(line, tsid, len) >= len ||
            strlcat(line, " ; ", len) >= len)
            goto toobig;
     }

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index f775385857d6bf7ae9373adc1070513715ec16f6..7eac3cd792e8d2adcf537471a38ab30b97372e00 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -515,10 +515,9 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
 
     if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) {
        if (def_iolog_file && def_iolog_dir) {
-           if (strstr(def_iolog_file, "%{seq}") != NULL) /* XXX - inline? */
-               io_nextid(def_iolog_dir, sudo_user.sessid);
            command_info[info_len++] = expand_iolog_path("iolog_path=",
-               def_iolog_dir, def_iolog_file, NULL);
+               def_iolog_dir, def_iolog_file, &sudo_user.iolog_file);
+           sudo_user.iolog_file++;
        }
        if (def_log_input) {
            command_info[info_len++] = estrdup("iolog_stdin=true");

diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index 5003c69bc4a5ad365882943349cce646502711f1..62f742b892d4b0da6479cebe0c1ff12e7fc4e2b6 100644 (file)
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -73,6 +73,7 @@ struct sudo_user {
     char *type;
 #endif
     char *cwd;
+    char *iolog_file;
     char  sessid[7];
 #ifdef HAVE_MBR_CHECK_MEMBERSHIP
     uuid_t uuid;