From: Todd C. Miller Date: Fri, 11 Mar 2011 17:11:05 +0000 (-0500) Subject: Log the TSID even if it is not a simple session ID. X-Git-Tag: SUDO_1_8_1~104^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=383aef00b1474946ec4e505cda368776274d855c;p=sudo Log the TSID even if it is not a simple session ID. --- diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 976c49241..903aedf49 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -128,7 +128,7 @@ mkdir_parents(char *path) } /* - * Read the on-disk sequence number, set sudo_user.sessid to the next + * Read the on-disk sequence number, set sessid to the next * number, and update the on-disk copy. * Uses file locking to avoid sequence number collisions. */ diff --git a/plugins/sudoers/iolog_path.c b/plugins/sudoers/iolog_path.c index d92261571..e98db947c 100644 --- a/plugins/sudoers/iolog_path.c +++ b/plugins/sudoers/iolog_path.c @@ -73,6 +73,10 @@ fill_seq(char *str, size_t strsize) { int len; + /* XXX - sessid should be static to fill_seq */ + if (sudo_user.sessid[0] == '\0') + io_nextid(def_iolog_dir, sudo_user.sessid); + /* Path is of the form /var/log/sudo-io/00/00/01. */ len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sudo_user.sessid[0], sudo_user.sessid[1], sudo_user.sessid[2], sudo_user.sessid[3], diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 70145c58e..e14a6944a 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -635,9 +635,13 @@ static char * new_logline(const char *message, int serrno) { size_t len = 0; - char *evstr = NULL; char *errstr = NULL; - char *line; + char *evstr = NULL; + char *line, *tsid; + + /* A TSID may be a sudoers-style session ID or a free-form string. */ + tsid = + sudo_user.sessid[0] != '\0' ? sudo_user.sessid : sudo_user.iolog_file; /* * Compute line length @@ -654,8 +658,8 @@ new_logline(const char *message, int serrno) len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name); if (runas_gr != NULL) len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name); - if (sudo_user.sessid[0] != '\0') - len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid); + if (tsid != NULL) + len += sizeof(LL_TSID_STR) + 2 + strlen(tsid); if (sudo_user.env_vars != NULL) { size_t evlen = 0; char * const *ep; @@ -715,9 +719,9 @@ new_logline(const char *message, int serrno) strlcat(line, " ; ", len) >= len) goto toobig; } - if (sudo_user.sessid[0] != '\0') { + if (tsid != NULL) { if (strlcat(line, LL_TSID_STR, len) >= len || - strlcat(line, sudo_user.sessid, len) >= len || + strlcat(line, tsid, len) >= len || strlcat(line, " ; ", len) >= len) goto toobig; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index f77538585..7eac3cd79 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -515,10 +515,9 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) { if (def_iolog_file && def_iolog_dir) { - if (strstr(def_iolog_file, "%{seq}") != NULL) /* XXX - inline? */ - io_nextid(def_iolog_dir, sudo_user.sessid); command_info[info_len++] = expand_iolog_path("iolog_path=", - def_iolog_dir, def_iolog_file, NULL); + def_iolog_dir, def_iolog_file, &sudo_user.iolog_file); + sudo_user.iolog_file++; } if (def_log_input) { command_info[info_len++] = estrdup("iolog_stdin=true"); diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 5003c69bc..62f742b89 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -73,6 +73,7 @@ struct sudo_user { char *type; #endif char *cwd; + char *iolog_file; char sessid[7]; #ifdef HAVE_MBR_CHECK_MEMBERSHIP uuid_t uuid;