From: Todd C. Miller Date: Thu, 23 Oct 2014 12:36:50 +0000 (-0600) Subject: When registering with the debug subsystem, the caller now passes X-Git-Tag: SUDO_1_8_12^2~143 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5270ebf1f2fceed35b8c437df3baf62e1cbd6d6d;p=sudo When registering with the debug subsystem, the caller now passes in an arrary of ints that gets filled in with the subsytem IDs to be used in debug_decl. --- diff --git a/include/sudo_debug.h b/include/sudo_debug.h index 3c979199a..44193cd3f 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -64,20 +64,20 @@ struct sudo_conf_debug_file_list; * This includes subsystems in the sudoers plugin. * Note: order must match sudo_debug_subsystems[] */ -#define SUDO_DEBUG_MAIN ( 1<<16) /* sudo main() */ -#define SUDO_DEBUG_UTIL ( 2<<16) /* utility functions */ -#define SUDO_DEBUG_NETIF ( 3<<16) /* network interface functions */ -#define SUDO_DEBUG_PLUGIN ( 4<<16) /* main plugin functions */ -#define SUDO_DEBUG_EVENT ( 5<<16) /* event handling */ -#define SUDO_DEBUG_ARGS ( 6<<16) /* command line argument processing */ -#define SUDO_DEBUG_EXEC ( 7<<16) /* command execution */ -#define SUDO_DEBUG_PTY ( 8<<16) /* pseudo-tty */ -#define SUDO_DEBUG_UTMP ( 9<<16) /* utmp file ops */ -#define SUDO_DEBUG_CONV (10<<16) /* user conversation */ -#define SUDO_DEBUG_PCOMM (11<<16) /* plugin communications */ -#define SUDO_DEBUG_EDIT (12<<16) /* sudoedit */ -#define SUDO_DEBUG_SELINUX (13<<16) /* selinux */ -#define SUDO_DEBUG_HOOKS (14<<16) /* hook functions */ +#define SUDO_DEBUG_ARGS ( 1<<16) /* command line argument processing */ +#define SUDO_DEBUG_CONV ( 2<<16) /* user conversation */ +#define SUDO_DEBUG_EDIT ( 3<<16) /* sudoedit */ +#define SUDO_DEBUG_EVENT ( 4<<16) /* event handling */ +#define SUDO_DEBUG_EXEC ( 5<<16) /* command execution */ +#define SUDO_DEBUG_HOOKS ( 6<<16) /* hook functions */ +#define SUDO_DEBUG_MAIN ( 7<<16) /* sudo main() */ +#define SUDO_DEBUG_NETIF ( 8<<16) /* network interface functions */ +#define SUDO_DEBUG_PCOMM ( 9<<16) /* plugin communications */ +#define SUDO_DEBUG_PLUGIN (10<<16) /* main plugin functions */ +#define SUDO_DEBUG_PTY (11<<16) /* pseudo-tty */ +#define SUDO_DEBUG_SELINUX (12<<16) /* selinux */ +#define SUDO_DEBUG_UTIL (13<<16) /* utility functions */ +#define SUDO_DEBUG_UTMP (14<<16) /* utmp file ops */ #define SUDO_DEBUG_ALL 0xffff0000 /* all subsystems */ /* Initializer for instance index to indicate that debugging is not setup. */ @@ -231,7 +231,7 @@ __dso_public int sudo_debug_get_fds(fd_set **fdsetp); __dso_public int sudo_debug_get_instance(const char *program); __dso_public void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); __dso_public void sudo_debug_printf_nvm(int pri, const char *fmt, ...) __printf0like(2, 3); -__dso_public int sudo_debug_register(const char *program, const char *const subsystems[], int num_subsystems, struct sudo_conf_debug_file_list *debug_files); +__dso_public int sudo_debug_register(const char *program, const char *const subsystems[], int ids[], struct sudo_conf_debug_file_list *debug_files); __dso_public int sudo_debug_set_default_instance(int inst); __dso_public void sudo_debug_update_fd(int ofd, int nfd); __dso_public void sudo_debug_vprintf2(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c index 8e08eb8f8..7f8df0d6e 100644 --- a/lib/util/sudo_conf.c +++ b/lib/util/sudo_conf.c @@ -352,7 +352,7 @@ set_debugging(const char *conf_file) * Register debug instance for the main program, making it * the default instance if one is not already set. */ - instance = sudo_debug_register(progname, NULL, 0, + instance = sudo_debug_register(progname, NULL, NULL, &debug_spec->debug_files); if (sudo_debug_get_default_instance() == SUDO_DEBUG_INSTANCE_INITIALIZER) sudo_debug_set_default_instance(instance); diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index ea5d45b1e..24325978f 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -86,24 +86,24 @@ static const char *const sudo_debug_priorities[] = { /* Note: this must match the order in sudo_debug.h */ static const char *const sudo_debug_default_subsystems[] = { + "args", + "conv", + "edit", + "event", + "exec", + "hooks", "main", - "util", "netif", + "pcomm", "plugin", - "event", - "args", - "exec", "pty", - "utmp", - "conv", - "pcomm", - "edit", "selinux", - "hooks", + "util", + "utmp", NULL }; -#define NUM_SUBSYSTEMS (sizeof(sudo_debug_default_subsystems) / sizeof(sudo_debug_default_subsystems[0]) - 1) +#define NUM_DEF_SUBSYSTEMS (sizeof(sudo_debug_default_subsystems) / sizeof(sudo_debug_default_subsystems[0]) - 1) /* * For multiple programs/plugins there is a per-program instance @@ -119,7 +119,8 @@ SLIST_HEAD(sudo_debug_output_list, sudo_debug_output); struct sudo_debug_instance { char *program; const char *const *subsystems; - int num_subsystems; + const int *subsystem_ids; + unsigned int max_subsystem; struct sudo_debug_output_list outputs; }; @@ -146,17 +147,17 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, { char *buf, *cp, *subsys, *pri; struct sudo_debug_output *output; - int i, j; + unsigned int i, j; /* Create new output for the instance. */ /* XXX - reuse fd for existing filename? */ output = sudo_emalloc(sizeof(*output)); - output->settings = sudo_emallocarray(instance->num_subsystems, sizeof(int)); + output->settings = sudo_emallocarray(instance->max_subsystem + 1, sizeof(int)); output->filename = sudo_estrdup(debug_file->debug_file); output->fd = -1; /* Init per-subsystems settings to -1 since 0 is a valid priority. */ - for (i = 0; i < instance->num_subsystems; i++) + for (i = 0; i <= instance->max_subsystem; i++) output->settings[i] = -1; /* Open debug file. */ @@ -196,11 +197,13 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, if (strcasecmp(pri, sudo_debug_priorities[i]) == 0) { for (j = 0; instance->subsystems[j] != NULL; j++) { if (strcasecmp(subsys, "all") == 0) { - output->settings[j] = i; + const int idx = SUDO_DEBUG_SUBSYS(instance->subsystem_ids[j]); + output->settings[idx] = i; continue; } if (strcasecmp(subsys, instance->subsystems[j]) == 0) { - output->settings[j] = i; + const int idx = SUDO_DEBUG_SUBSYS(instance->subsystem_ids[j]); + output->settings[idx] = i; break; } } @@ -222,20 +225,22 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, */ int sudo_debug_register(const char *program, const char *const subsystems[], - int num_subsystems, struct sudo_conf_debug_file_list *debug_files) + int ids[], struct sudo_conf_debug_file_list *debug_files) { struct sudo_debug_instance *instance = NULL; struct sudo_debug_output *output; struct sudo_debug_file *debug_file; int idx, free_idx = -1; - if (debug_files == NULL || num_subsystems < 0) + if (debug_files == NULL) return -1; /* Use default subsystem names if none are provided. */ - if (subsystems == NULL || num_subsystems == 0) { + if (subsystems == NULL) { subsystems = sudo_debug_default_subsystems; - num_subsystems = NUM_SUBSYSTEMS; + } else if (ids == NULL) { + /* If subsystems are specified we must have ids[] too. */ + return -1; } /* Search for existing instance. */ @@ -252,6 +257,20 @@ sudo_debug_register(const char *program, const char *const subsystems[], } if (instance == NULL) { + unsigned int i, j, max_id = NUM_DEF_SUBSYSTEMS - 1; + + /* Fill in subsystem name -> id mapping. */ + for (i = 0; subsystems[i] != NULL; i++) { + /* Check default subsystems. */ + for (j = 0; j < NUM_DEF_SUBSYSTEMS; j++) { + if (strcmp(subsystems[i], sudo_debug_default_subsystems[j]) == 0) + break; + } + if (j == NUM_DEF_SUBSYSTEMS) + j = ++max_id; + ids[i] = ((j + 1) << 16); + } + if (free_idx != -1) idx = free_idx; if (idx == SUDO_DEBUG_INSTANCE_MAX) { @@ -266,11 +285,20 @@ sudo_debug_register(const char *program, const char *const subsystems[], instance = sudo_emalloc(sizeof(*instance)); instance->program = sudo_estrdup(program); instance->subsystems = subsystems; - instance->num_subsystems = num_subsystems; + instance->subsystem_ids = ids; + instance->max_subsystem = max_id; SLIST_INIT(&instance->outputs); sudo_debug_instances[idx] = instance; if (idx == sudo_debug_num_instances) sudo_debug_num_instances++; + } else { + /* Check for matching instance but different ids[]. */ + if (ids != NULL && instance->subsystem_ids != ids) { + unsigned int i; + + for (i = 0; subsystems[i] != NULL; i++) + ids[i] = instance->subsystem_ids[i]; + } } TAILQ_FOREACH(debug_file, debug_files, entries) { @@ -552,7 +580,8 @@ void sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level, const char *fmt, va_list ap) { - int buflen, idx, pri, subsys, saved_errno = errno; + int buflen, idx, pri, saved_errno = errno; + unsigned int subsys; char static_buf[1024], *buf = static_buf; struct sudo_debug_instance *instance; struct sudo_debug_output *output; @@ -587,7 +616,7 @@ sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level, SLIST_FOREACH(output, &instance->outputs, entries) { /* Make sure we want debug info at this level. */ - if (subsys < instance->num_subsystems && output->settings[subsys] >= pri) { + if (subsys <= instance->max_subsystem && output->settings[subsys] >= pri) { va_copy(ap2, ap); buflen = fmt ? vsnprintf(static_buf, sizeof(static_buf), fmt, ap) : 0; if (buflen >= (int)sizeof(static_buf)) { @@ -640,7 +669,8 @@ sudo_debug_printf2(const char *func, const char *file, int lineno, int level, void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]) { - int buflen, idx, pri, subsys, saved_errno = errno; + int buflen, idx, pri, saved_errno = errno; + unsigned int subsys; struct sudo_debug_instance *instance; struct sudo_debug_output *output; char * const *av; @@ -673,7 +703,7 @@ sudo_debug_execve2(int level, const char *path, char *const argv[], char *const sudo_warnx_nodebug("%s: unregistered instance index %d", __func__, idx); goto out; } - if (subsys >= instance->num_subsystems) + if (subsys > instance->max_subsystem) goto out; /* XXX - use static buffer if possible */ diff --git a/plugins/sudoers/sudoers_debug.c b/plugins/sudoers/sudoers_debug.c index 753a65ffb..eecc1ae13 100644 --- a/plugins/sudoers/sudoers_debug.c +++ b/plugins/sudoers/sudoers_debug.c @@ -46,29 +46,32 @@ int sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; -static const char *const sudoers_debug_subsystems[] = { - "main", - "util", - "netif", - "plugin", - "event", - "audit", - "ldap", - "match", - "parser", +static const char *const sudoers_subsystem_names[] = { "alias", - "defaults", + "audit", "auth", + "defaults", "env", + "event", + "ldap", "logging", + "main", + "match", + "netif", "nss", - "rbtree", + "parser", "perms", + "plugin", + "rbtree", "sssd", + "util", NULL }; -#define NUM_SUBSYSTEMS (sizeof(sudoers_debug_subsystems) / sizeof(sudoers_debug_subsystems[0]) - 1) +#define NUM_SUBSYSTEMS (sizeof(sudoers_subsystem_names) / sizeof(sudoers_subsystem_names[0]) - 1) + +/* Subsystem IDs assigned at registration time. */ +int sudoers_subsystem_ids[NUM_SUBSYSTEMS]; /* * Parse the "filename flags,..." debug_flags entry and insert a new @@ -116,7 +119,7 @@ sudoers_debug_register(struct sudo_conf_debug_file_list *debug_files, if (!TAILQ_EMPTY(debug_files)) { if (plugin_path != NULL) { sudoers_debug_instance = sudo_debug_register(plugin_path, - sudoers_debug_subsystems, NUM_SUBSYSTEMS, debug_files); + sudoers_subsystem_names, sudoers_subsystem_ids, debug_files); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); diff --git a/plugins/sudoers/sudoers_debug.h b/plugins/sudoers/sudoers_debug.h index 7f6d6202b..c7e4fd779 100644 --- a/plugins/sudoers/sudoers_debug.h +++ b/plugins/sudoers/sudoers_debug.h @@ -21,27 +21,26 @@ /* * Sudoers debug subsystems. - * The first five entries must match the sudo front end. - * Note: order must match sudoers_debug_subsystems[] + * Note that sudoers_subsystem_ids[] is filled in at debug registration time. */ -#define SUDOERS_DEBUG_MAIN ( 1<<16) /* main() */ -#define SUDOERS_DEBUG_UTIL ( 2<<16) /* utility functions */ -#define SUDOERS_DEBUG_NETIF ( 3<<16) /* network interface functions */ -#define SUDOERS_DEBUG_PLUGIN ( 4<<16) /* main plugin functions */ -#define SUDOERS_DEBUG_EVENT ( 5<<16) /* event handling */ -#define SUDOERS_DEBUG_AUDIT ( 6<<16) /* audit */ -#define SUDOERS_DEBUG_LDAP ( 7<<16) /* sudoers LDAP */ -#define SUDOERS_DEBUG_MATCH ( 8<<16) /* sudoers matching */ -#define SUDOERS_DEBUG_PARSER ( 9<<16) /* sudoers parser */ -#define SUDOERS_DEBUG_ALIAS (10<<16) /* sudoers alias functions */ -#define SUDOERS_DEBUG_DEFAULTS (11<<16) /* sudoers defaults settings */ -#define SUDOERS_DEBUG_AUTH (12<<16) /* authentication functions */ -#define SUDOERS_DEBUG_ENV (13<<16) /* environment handling */ -#define SUDOERS_DEBUG_LOGGING (14<<16) /* logging functions */ -#define SUDOERS_DEBUG_NSS (15<<16) /* network service switch */ -#define SUDOERS_DEBUG_RBTREE (16<<16) /* red-black tree functions */ -#define SUDOERS_DEBUG_PERMS (17<<16) /* uid/gid swapping functions */ -#define SUDOERS_DEBUG_SSSD (18<<16) /* sudoers SSSD */ -#define SUDOERS_DEBUG_ALL 0xffff0000 /* all subsystems */ +extern int sudoers_subsystem_ids[]; +#define SUDOERS_DEBUG_ALIAS (sudoers_subsystem_ids[ 0]) /* sudoers alias functions */ +#define SUDOERS_DEBUG_AUDIT (sudoers_subsystem_ids[ 1]) /* audit */ +#define SUDOERS_DEBUG_AUTH (sudoers_subsystem_ids[ 2]) /* authentication functions */ +#define SUDOERS_DEBUG_DEFAULTS (sudoers_subsystem_ids[ 3]) /* sudoers defaults settings */ +#define SUDOERS_DEBUG_ENV (sudoers_subsystem_ids[ 4]) /* environment handling */ +#define SUDOERS_DEBUG_EVENT (sudoers_subsystem_ids[ 5]) /* event handling */ +#define SUDOERS_DEBUG_LDAP (sudoers_subsystem_ids[ 6]) /* sudoers LDAP */ +#define SUDOERS_DEBUG_LOGGING (sudoers_subsystem_ids[ 7]) /* logging functions */ +#define SUDOERS_DEBUG_MAIN (sudoers_subsystem_ids[ 8]) /* main() */ +#define SUDOERS_DEBUG_MATCH (sudoers_subsystem_ids[ 9]) /* sudoers matching */ +#define SUDOERS_DEBUG_NETIF (sudoers_subsystem_ids[10]) /* network interface functions */ +#define SUDOERS_DEBUG_NSS (sudoers_subsystem_ids[11]) /* network service switch */ +#define SUDOERS_DEBUG_PARSER (sudoers_subsystem_ids[12]) /* sudoers parser */ +#define SUDOERS_DEBUG_PERMS (sudoers_subsystem_ids[13]) /* uid/gid swapping functions */ +#define SUDOERS_DEBUG_PLUGIN (sudoers_subsystem_ids[14]) /* main plugin functions */ +#define SUDOERS_DEBUG_RBTREE (sudoers_subsystem_ids[15]) /* red-black tree functions */ +#define SUDOERS_DEBUG_SSSD (sudoers_subsystem_ids[16]) /* sudoers SSSD */ +#define SUDOERS_DEBUG_UTIL (sudoers_subsystem_ids[17]) /* utility functions */ #endif /* _SUDOERS_DEBUG_H */